CCIE EIGRP Filtering (GNS3 lab) In this GNS3 lab we're looking as the various options on how we can filter updates between EIGRP speakers and then how that affects the traffic flow (as EIGRP is
CCIE 6to4 Tunnelling (GNS3 Lab) This is a quick lab to look over how 6to4 tunnelling can be implemented using GNS3 1.3 and 3725 (running c3725-adventerprisek9-mz124-15.image). The topology will be as below but
CCIE DMVPN setup with PSK (GNS3 Lab) Dynamic Multipoint VPNs (DMVPN) offer a low admin overhead and scalable VPN solution. It is also efficient at routing traffic as it can dynamically reconfigure itself from a hub and
Cisco jun2acl (Juniper to Cisco ACL Script) Recently we've needed to migrate an inherited environment away from Juniper Junos and onto Cisco IOS. As part of this a lot (!) of old an quite nasty firewall filter config
CCIE EIGRP (Named vs Legacy) Just a quick look over the basic differences with the newer style of EIGRP config. It really is quite a bit nicer (more logcal?) layout in the config with things
BGP BGP RTBH setup using exaBGP In this post I'll describe a basic setup using Cisco IOS, IOS XR and exaBGP that will function as a BGP remotely triggered blackhole (RTBH) allowing you to null route
Cisco Generate DSCP marked pings Today it was useful to confirm a switch was passing DSCP marked packets as expected and handling 'ef' marked packets. To do this on a cisco switch we can use
Cisco SNMP ACL (after community check?!) Not my usual kind of post of "how to do ...blah" but something I'd come across yesterday that was a little interesting/annoying/silly. Best practice dictates you
Cisco Connectivity problems to a NAT'd host via a VPN on Cisco IOS Problem where a client on one side of a VPN tunnel cannot communicate with another host on the other side that has a static nat entry. The host 10.0.
Cisco Show "free" (not used for a while) ports on Cisco switch with one command Reasonably common task I come accross is to find free ports on switches (ports that havent been used for sometime). Sometimes its very easy where you can use an NMS
Android OpenVPN server on Fedora 16 connecting Cyanogenmod (7.1) Android phone [bridged] I have already posted about openVPN on Ubuntu but the config for Fedora is a little different so here's a updated post. I did the following setup using Cyanogenmod 7.
CCNP Security Cisco IOS Certificate Server set-up and client enrolment (GNS3 Lab) A quick step by step overview of how to configure the certificate server on a Cisco IOS device. The certificate server functionality was added in version 12.3(4). It
Cisco Cisco (type 7) password decryption and encryption with Perl I've often seen password decryption tools for the Cisco (type 7) passwords and wondered how they worked. To learn more about that and Perl I thought I'd give it a
ASA Cisco pipe options and some regex examples Just a quick post about using the pipe (|) command on Cisco devices to help format the output of any command. Add the pipe to any show command then ? can show
Cisco Display the specific port used in an etherchannel for given src/dst info Etherchannel on Cisco switches uses a hashing algorithm to determine which interface within the bundle to send the data over i.e. The port choice is deterministic and will always
640-553 CCNA Security Role Based CLI access to Cisco IOS using Views Just having a play around with role based access and "views". Not a feature I've used much in production. Below we will configure a view that only allows
Android Setting up OpenVPN for Android phone (NAT & ZBFW on Cisco 1801) I've been looking to get a decent "native" VPN setup on my android phone for a while. There doesn't seem to be native support for IPSEC VPNs terminating
Cisco IOS ping with rotating data pattern/payload Came across an interesting problem where depending on the ping payload the loss would vary quite a bit when being sent over a WAN link. Pings using windows machines were
640-553 CCNA Security Simple Zone Based IOS Firewall (GNS3 Lab) Just a post about the basic config and options of Cisco IOS zone based firewall using the Topology below Grab the initial configs and GNS3 .net file [HERE]. From the
640-553 CCNA Security Steps to configure an IPSEC site to site VPN on a Cisco IOS device (GNS3 Lab) Just some short notes on basic IOS vpns using the topology below as an example. All the configuration examples are for the router Lefty. Grab the GNS3 .net file and
ASIC ASIC to port mapping Just a couple of commands to show the ASIC/port mapping on most cisco switches. show interfaces capabilities module Is used on smaller switches e.g. 3750 m00nie-C3750#show platform
aaa Password-less ssh login using pki to Cisco IOS A cool feature in IOS I recently came across was the ability to configure SSH login using PKI. As far as I can see this feture was added in version
642-691 BGP+MPLS BGP Route Reflectors (GNS3 lab) One problem of having a large number of routers running IBGP with each other in a full mesh is the volume of IBGP connections needed. The formula to see the number of connections needed for a full IBGP mesh is n(n-1)/2 so
642-691 BGP+MPLS Changing MED value in BGP (GNS3 lab) BGP Multiexit Discriminator (MED or MULTI_EXIT_DISC) is an optional nontransative attribute (Type code Value 4). It is usually used to exchange info about a preferred to external BGP
annoying Stop your Cisco device interrupting your typing One annoying "feature" of Cisco devices is that they often output info when your typing into the console making you loose your place and unable to see what