Showing posts with label cisco. Show all posts
Showing posts with label cisco. Show all posts
How To – Create Cisco Switch with IOU [IOS On Unix] Loaded on CentOS
The tutorial describes steps
required for creating Cisco switch based on IOUl2. The Qemu image with
installed CentOS Linux is loaded with IOU image. The IOU (IOS on UNIX) instances are attached
to the network using iou2net.pl script written by Jeremy L. Gaddis. The script
forwards frames between a IOU instance and a Qemu network adapters. The script
is started using tap mode when Qemu interfaces are bridged with virtual tap
interfaces.
Cisco Switch Password Recovery - In Few Easy Steps
Note: This article is based on a
Cisco Catalyst 2900, 3500XL, 2940, 2950, 2955, and 3550 switches, for other you
can search and find them easily using any search engine
To recover a password on a Cisco switch, you will have to be connected to the console port of the Cisco switch using 9600 baud, 8 bits, no parity, 1 stop bit, and xon/xoff flow control. I recommend using Hyperterminal that comes with Windows XP.
Once you are connected and see something on the terminal window when you press enter, unplug the power cable. Next, hold down the mode button on the front, as seen in the photo below, and connect the power cable.
On a 2900, 3500XL or 3550 (like the one shown) release the mode button after the 1x port LED goes out. On a 2940 or 2950 switch release the mode button after the stat light goes out. On a 2955, press the break key (ctrl-break on Windows) when you see the message that the switch will autoboot.
To recover a password on a Cisco switch, you will have to be connected to the console port of the Cisco switch using 9600 baud, 8 bits, no parity, 1 stop bit, and xon/xoff flow control. I recommend using Hyperterminal that comes with Windows XP.
Once you are connected and see something on the terminal window when you press enter, unplug the power cable. Next, hold down the mode button on the front, as seen in the photo below, and connect the power cable.
On a 2900, 3500XL or 3550 (like the one shown) release the mode button after the 1x port LED goes out. On a 2940 or 2950 switch release the mode button after the stat light goes out. On a 2955, press the break key (ctrl-break on Windows) when you see the message that the switch will autoboot.
Cisco L3 & L2 IOU on Fedora Linux [Hacked]
Note: This is for educational purpose only.
These steps are based on tutorial "Defeating Cisco IOU’s License Protection" and are adapted for Fedora Linux. After the video from you-tube was deleted the creator of video made the "patch" which you can check here.
Please, consider using IOU – it is meant for internal use only thus it is probably illegal to use in case you are not Cisco employee or partner. For further information about licensing, please visit this site. http://evilrouters.net/2011/01/18/cisco-iou-faq/
These steps are based on tutorial "Defeating Cisco IOU’s License Protection" and are adapted for Fedora Linux. After the video from you-tube was deleted the creator of video made the "patch" which you can check here.
Please, consider using IOU – it is meant for internal use only thus it is probably illegal to use in case you are not Cisco employee or partner. For further information about licensing, please visit this site. http://evilrouters.net/2011/01/18/cisco-iou-faq/
Remote VPN To Netscreen Device - [XAuth with Cisco ACS RADIUS]
NetScreen has implemented XAuth to allow another layer of authentication for VPN between a Remote Client and a Netscreen VPN Device. This negotiation takes please after the first phase of the IPSEC. You may verify authentication to the Netscreen Device’s local authentication database, radius, Secure ID, and LDAP server. You may as before use groups to combine the dial-up users or use individual dial-up users.You cannot use the group function if you are using Secure-ID or a LDAP server.
Use Funk RADIUS server to support such NetScreen-specific attributes as admin privileges, user groups, and remote L2TP and XAuth IP address, and DNS and WINS server address assignments, you must load the Funk dictionary file (netscreen.dct) that defines these attributes onto the RADIUS server. If using Cisco ACS Radius, load the Cisco dictionary file (NSRadDef2.ini). A dictionary file defines vendor-specific attributes (VSAs) that you can load onto a RADIUS server. Afterdefining values for these VSAs, NetScreen can then query them when a user logs in to the NetScreendevice. NetScreen VSAs include admin privileges, user groups, and remote L2TP and XAuth IP address, and DNS and WINS server address assignments.
Use Funk RADIUS server to support such NetScreen-specific attributes as admin privileges, user groups, and remote L2TP and XAuth IP address, and DNS and WINS server address assignments, you must load the Funk dictionary file (netscreen.dct) that defines these attributes onto the RADIUS server. If using Cisco ACS Radius, load the Cisco dictionary file (NSRadDef2.ini). A dictionary file defines vendor-specific attributes (VSAs) that you can load onto a RADIUS server. Afterdefining values for these VSAs, NetScreen can then query them when a user logs in to the NetScreendevice. NetScreen VSAs include admin privileges, user groups, and remote L2TP and XAuth IP address, and DNS and WINS server address assignments.
Cisco IP SLA: Tracking A Static Route [WAN Redundancy]
In today's network environment, redundancy is one of the most important aspects, whether its on the LAN side or on the WAN side. In this topic I will be covering WAN redundancy with multiple WAN links terminating on a single router.
The best and simplest way to achieve WAN redundancy on Cisco devices is to use Reliable Static backup routes with IP SLA tracking.
IP SLAs is a feature included in the Cisco IOS Software that can allow administrators the ability to Analyze IP Service Levels for IP applications and services. IP SLA's uses active traffic-monitoring technology to monitor continuous traffic on the network. This is a reliable method in measuring over head network performance. Cisco Routers provide IP SLA Responders that give accuracy of measured data across a network.
The best and simplest way to achieve WAN redundancy on Cisco devices is to use Reliable Static backup routes with IP SLA tracking.
IP SLAs is a feature included in the Cisco IOS Software that can allow administrators the ability to Analyze IP Service Levels for IP applications and services. IP SLA's uses active traffic-monitoring technology to monitor continuous traffic on the network. This is a reliable method in measuring over head network performance. Cisco Routers provide IP SLA Responders that give accuracy of measured data across a network.
Cisco IP SLA - All You Wanted to Know
IP SLA
Cisco IOS IP SLAs can send SNMP traps that are triggered by events such as the following:
• Connection loss
• Timeout
• Round-trip time threshold
• Average jitter threshold
• One-way packet loss
• One-way jitter
• One-way mean opinion score (MOS)
• One-way latency
Alternately, an Cisco IOS IP SLAs threshold violation can trigger another Cisco IOS IP SLAs operation for further analysis.
The Cisco IOS IP SLAs MPLS VPN Awareness feature provides the capability to monitor IP service levels within Multiprotocol Label Switching (MPLS) Virtual Private Networks (VPNs). IP SLAs operations can be configured for a specific VPN by specifying a VPN routing and forwarding (VRF) name.
Cisco IOS IP SLAs can send SNMP traps that are triggered by events such as the following:
• Connection loss
• Timeout
• Round-trip time threshold
• Average jitter threshold
• One-way packet loss
• One-way jitter
• One-way mean opinion score (MOS)
• One-way latency
Alternately, an Cisco IOS IP SLAs threshold violation can trigger another Cisco IOS IP SLAs operation for further analysis.
The Cisco IOS IP SLAs MPLS VPN Awareness feature provides the capability to monitor IP service levels within Multiprotocol Label Switching (MPLS) Virtual Private Networks (VPNs). IP SLAs operations can be configured for a specific VPN by specifying a VPN routing and forwarding (VRF) name.
Configuring Cisco Secure ACS for Windows PEAP-MS-CHAPv2 - [Part 2]
Configure the Wireless Network Connection
Complete these steps:
- Log off and then log on by using the WirelessUser account in the wirelessdemo.local domain.
- Choose Start > Control Panel, double-click Network Connections, and then right-click Wireless Network Connection.
- Click Properties, go to the Wireless Networks tab, and ensure that the Use Windows to configure my wireless network settingsis checked.
- Click Add.
- Under the Association tab, type Employee in the Network name (SSID) field.
- Select WPA for the Network Authentication and ensure that Data Encryption is set to TKIP.
Configuring Cisco Secure ACS for Windows PEAP-MS-CHAPv2 - [Part 1]
Introduction
I was working on improving and managing (logging) the security of my wireless network and for this purpose I was searching for steelbelted RADIUS which used to be a freeware, but recently I found that Juniper bought it and its no more freeware now. Therefore I started looking for an alternative and I found one that is Cisco ACS. My plan was to place RADIUS behind the wireless routers placed in my office and authenticate the users trying to connect to Wifi through RADIUS server preventing the unauthorized users access and also generate their logs. Below article helped me in the process I have also specified the changes done by me to make things work. The procedure mentioned below is for the workgroup environment not for the Domain environment.
Do let me know if you face any problem I'll be posting more on this soon keep following @ahsantasneem
[Contd..]
Pemu – Pix Emulator with GNS3
The guys at GNS3.net have done it again! They just released version .04 of their incredible network emulation software. There are lots of new features including Pemu integration, c1700 and WICs Support and Project feature (you can keep router configs, nvram …).
Here is a full list of the new features:
- A dynamic mode (no design/emulation modes)
- A new .net save/load.
- c1700 and WICS support.
- PIX emulation.
- Dynamips’s ATM bridge.
- Capture feature for links from the GUI.
- IDLE PC calculation from the GUI.
- GUI improvements (save the window state when closing GNS3 …)
- Annotation feature.
- Project feature (you can keep router configs, nvram …)
- NULL NIO support.
- PDF export.
- New languages.
I'll be posting more on this, keep following @ahsantasneem. Do let me know if you face any problem.
How To - Connect GNS3 to the internet in MacOSX
We have issued tutorials for connecting Windows or Linux to a physical network using gns3, but apparently, there is a little difference for MacOSX. I recently received an email from one of our readers, Ivan Pletenev. Ivandescribes how to connect GNS3 to internet through wifi-interface in MacOSX. You will find his writeup below. Thanks Ivan!
To set up this connection we need to do 2 things:
- Connect MacOSX and GNS3 through loopback-interface
- Set up NAT in MacOSX
How To - Run GNS3 on Mac OS X
Here are instructions to run GNS3 from the sources (not the standalone compiled DMG version) on your favorite operating system. You will have to install or compile dependencies like Qt, Sip and PyQt. This will allow you to use the latest development version of GNS3 that you can download from http://code.gns3.net.
Method 1
- Install the Apple Devs Tools (on your Mac OS X DVD or download it on ADC account). Run and install XcodeTools.mpkg.
- Download Python 2.6 for MacOS X and install it.
- Download Qt librairies for Mac and install them.
- Download SIP, open a terminal and go in the folder where you downloaded the tar file and compile using the following commands (example for SIP 4.9.3):
How To: Use MRTG with GNS3
What is MRTG?
- MRTG is opensource program which gets traffic statistics from devices using SNMP and builds graphs like this:
Installing MRTG
- Download MRTG from http://oss.oetiker.ch/mrtg/ and follow installing instructions to install MRTG
How To: Emulate Cisco ASA in GNS3
In this article, I will show you how to emulate Cisco ASA using Qemu. Once again, please note that ASA is not provided and will not be. So please don’t ask. Also be aware that ASA does not 100% work in Qemu but that’s enough to play with it.
Installation
First compile and patch Qemu as you would do for running JunOS. This will give us pcap, lcap and UDP tunnels (i.e. GNS3/Dynamips connections) capabilities.
Then obtain ASA itself. If you are smart and patient you will find it. I used asa802-k8.bin for my installations. As far as I know, nobody has been able to run ASA > version 8.2 (ASA keeps rebooting).
The next step is to get an initrd and a Linux kernel (inside the initrd) from your ASA image to use them with Qemu and also fix the initrd for our needs. The initrd is zipped and archived in the ASA image, we have to extract it.
There are 2 ways, manually or using a tool I created.
First compile and patch Qemu as you would do for running JunOS. This will give us pcap, lcap and UDP tunnels (i.e. GNS3/Dynamips connections) capabilities.
Then obtain ASA itself. If you are smart and patient you will find it. I used asa802-k8.bin for my installations. As far as I know, nobody has been able to run ASA > version 8.2 (ASA keeps rebooting).
The next step is to get an initrd and a Linux kernel (inside the initrd) from your ASA image to use them with Qemu and also fix the initrd for our needs. The initrd is zipped and archived in the ASA image, we have to extract it.
There are 2 ways, manually or using a tool I created.
Step By Step - Installation, Configuration & Usage Guide of GNS3
Installation of GNS3
Because all necessary things are packaged, this is recommended for Windows in "win32-all-in-one.exe".
GNS3 Installation Hypervisor Load Balancing - 2
GNS3 Installation Hypervisor Load Balancing - 1
THIS PROCEDURE MADE UP WITHIN MULTIPLE PARTS:
1. Directory structure 2. GNS3 configurations
3. Configure Hypervisor
4. Edit Dynamips on the client
5. Edit Dynamips on the Server
6. Start Dynamips on SVR and Client
7. Start GNS3 and create simple topology
3. Configure Hypervisor
4. Edit Dynamips on the client
5. Edit Dynamips on the Server
6. Start Dynamips on SVR and Client
7. Start GNS3 and create simple topology
Cisco Making A Run For Skype
Cisco has made an offer to acquire Skype before they complete their IPO process, says one of our more reliable sources. We have not been able to confirm this rumor one way or another via other sources, which isn’t surprising. A company in lock down during the IPO process is usually even more tight lipped than normal.
But if true this would be one very big acquisition. Skype insiders are hoping for an out of the gate valuation of $5 billion or so, we’ve heard. Presumably Cisco would have to bidding in that range to make it interesting.
Google was also rumored to be sniffing around Skype, but antitrust concerns may have persuaded them not to make an actual offer.
More as this develops @ahsantasneem
Subscribe to:
Comments (Atom)
