Backtrack:  
Blog
 
showing posts tagged with 'cisco'
 
Backup switch configuration to TFTP (CLI reference)
edited by on August 24th 2018, at 15:14
In case of disaster, it is usually a very good idea to periodically back up the configuration of your network switches. This article lists syntax for backing up configuration to a TFTP server for different vendors.

In the syntax examples below, the IP for the TFTP is 1.2.3.4, and we're writing to the file switch.cfg.

Note that this article is definitely not complete. If you have additions to this article, please post them in the comments.

The syntax for Dell and Cisco switches is mostly the same. For N-series and PowerConnect, a summary is displayed which needs to be confirmed, which is not the case for Cisco and Dell S-series.

For Cisco Small Business (SF- and SG-series), the CLI ne  ...
 
Enable Telnet/SSH on Cisco 300/500 switches
edited by on August 21st 2018, at 14:44

Cisco's SF/SG 300/500 series managed switches have CLI access via Telnet and SSH but this is turned off by default, leaving only the web interface to manage the switch. You can enable Telnet and/or SSH via the web interface, enabling management via CLI.

  1. Log on to the web interface, then navigate to Security → TCP/UDP Services.
  2. Check the Enable boxes for Telnet Service and/or SSH Service. You can check both if you wish to enable both protocols. Click Apply, which will immediately start the selected services:
  3. Don't forget to save the configuration change to flash. Otherwise, the change will be lost after a reboot:
 
Configure Cisco phones on Asterisk
edited by on August 4th 2017, at 16:17

An excellent resources website on how to configure Cisco phones to work on Asterisk. This includes the provisioning of phones, configuring them in Asterisk and enabling advanced functionality for Cisco on Asterisk.

http://usecallmanager.nz/document-overview.html

 
Enable voice VLAN on Cisco switches for non-Cisco phones
edited by on February 20th 2017, at 14:53
When provisioning non-Cisco phones on a Cisco-switched network, you may notice that the configured voice VLAN is not correctly provisioned to the phone. The phone ends up in the data VLAN, rather than the voice VLAN even though the switch port has been correctly configured.

There are two protocols which can be used to provision the correct VLAN to your phones: Cisco Discovery Protocol (CDP) and Link-Layer Discovery Protocol (LLDP). CDP is a proprietary protocol and is only supported on Cisco-switches and Cisco-phones. Non-Cisco devices usually use LLDP, which is an open standard supported by most other vendors. Although Cisco switches also support LLDP, it is by default not enabled, resulti  ...
 
Decrypt Cisco IPSEC VPN group password from PCF file
edited by on June 7th 2016, at 15:47

If you lost your group password from the Cisco IPSEC VPN but still have the PCF file, you can use this website to decrypt the encrypted password, located in the file. This is useful if you need to manually configure your VPN client (e.g. on a Mac, you cannot import a PCF file with the native VPN client).

https://www.unix-ag.uni-kl.de/~massar/bin/cisco-decode

To get the encrypted password, open the PCF file with a text editor (such as Notepad), then look for the line starting with enc_GroupPwd=. Copy everything after the = (if you have wordwrap on, make sure you got the entire line), and paste it in the text box on the website, then click the Decode button.

 
Customize the idle screen logo of a Cisco 79X0 phone
edited by on March 4th 2016, at 11:54
You can make your own logo to be placed on the idle screen. Follow these specifications to create it.

Format: save the logo as BMP in 256-colors (8-bit) and without colorspace info.

About colorspace info: by default, Gimp includes this info, resulting in a malformed logo on the phone. During export to BMP, deselect this option (under compatibility options). MS Paint never saves colorspace info so no specific settings are required.

Do not save in 16-color (4-bit), especially with MS Paint: you will lose the darker shade of gray (404040) because it is not part of the default 4-bit palette.

Dimensions: 90x56

If the dimensions are larger, the phone will automatically downsize, although it i  ...
 
Bandwidth limiting on a Cisco ASA
edited by on February 10th 2016, at 13:26
You can very quickly do bandwidth limiting for a certain network or range of IP addresses.

Create an ACL for the traffic to do bandwidth limiting on. It is required to have a separate ACL as the QoS policy has to be applied to a specific ACL.

So, suppose the internal address range that needs to be limited is the network 192.168.1.0/24, then this would become:

access-list guest-wireless-bandwidth extended permit ip 192.168.1.0 255.255.255.0 anyaccess-list guest-wireless extended permit ip any 192.168.1.0 255.255.255.0

Next, set up the QoS policy:

class-map qosmatch access-list guest-wireless-bandwidth policy-map qosclass qos

Provide bandwidth limitations (in this case, it's set to 10Mbp  ...
 
Factory reset of Cisco 7911 and 7941/7961 phones (use with caution!)
edited by on January 29th 2016, at 16:13
You can factory reset a Cisco 7911(G) and 7941/7961(G) at boot time by following the procedure below. Performing a full factory reset will completely wipe the phone. This includes its firmware, leaving the phone in an unusable state if no TFTP server with the necessary files is available, along with a DHCP server that pushes the TFTP server (using DHCP option 150). If you have a Cisco Call Manager, this part should already be set up and the phone will simply download everything from the CCM.

Use with caution!
The factory reset will also wipe the firmware. You will no longer be able to use the phone until a new firmware is installed on the phone. This can only be done through a TFTP server w  ...
 
Prevent Cisco AnyConnect from removing Connections tab from Internet Options
edited by on September 2nd 2015, at 10:02
Older versions of the Cisco AnyConnect VPN client seems to remove the Connections tab from Internet Options, whenever a VPN connection is made. The tab is restored upon a graceful disconnect of the connection. But sometimes, if the user abruptly closes the connection (e.g. the computer shuts down incorrectly), in which case, the Connections tab is not restored and stays hidden forever. Users are then no longer to go to Internet Options to adjust e.g. proxy settings.

AnyConnect creates a registry key to hide the Connections tab on a connect, and removes it on a disconnect:

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel] "ConnectionsTab"=dword:00000  ...
 
Configure 802.1q VLAN trunk between Cisco and HP Procurve
edited by on June 4th 2015, at 15:30
This article briefly explains how to integrate a HP Procurve and Cisco in one network, and make sure the VLANs are correctly routed across the two switches. I avoid using the term "trunk" as the definition of a "trunk" differs greatly between Cisco and HP: a trunk on a HP Procurve refers in fact to a feature like Cisco's EtherChannel, something entirely different.

Note that for VLAN trunking to work between the two, you need to use the 802.1q protocol. Other protocols, such as Cisco's VTP and ISL do not work on HP Procurve, as they are both Cisco-proprietary.

Multi-port trunking is also outside the scope of this article, but the basics remain the same.

For both switche  ...
 
Cisco AnyConnect fails to connect on Windows 7 (error: Unable to establish VPN)
edited by on May 22nd 2015, at 09:21

Cisco AnyConnect VPN client may fail on Windows 7 for no apparent reason with the following error:

Error
Unable to establish VPN

A possible reason may be that Internet Connection Sharing has been enabled on one or more network interfaces (e.g. used for making a hotspot out of your laptop). Try disabling ICS, then try connecting again.

 
Set up clock, NTP and time zone on Cisco iOS devices
edited by on June 18th 2014, at 13:49
From a logging point of view, it's interesting to have your clock set up correctly on your Cisco switches. Your switch should have these capabilities, but network admins usually "forget" to set these up.

To configure these, you need to have privileged access to your switch using SSH/telnet/console. The following works on any device running iOS (i.e. switches and routers).

Time zones are expressed as a name, followed by an offset. The offset indicates the number of hours from UTC, expressed as -hour or +hour. To know the offset for your time zone, you could look at the World Time Zone map.

In my case, for Central European Time, I would set it to this:

SW(config)# clock t  ...
 
Cisco VPN client v5.0 on Windows 7 and 8
edited by on April 4th 2013, at 16:15
The Cisco VPN client v5.0 does not work out-of-the-box on Windows 7 and 8. Starting the VPN will result in an error:

Error
Reason 442: Failed to enable Virtual Adapter

This is because of a malfunctioning installer, creating an invalid connection to the Cisco VPN Adapter. To resolve, follow the steps below.

Open regedit and navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CVirtA.

Look for the DisplayName value and change it to remove all leading characters up to and including %;:For x86, the value change from something like @oem8.inf,%CVirtA_Desc%;Cisco Systems VPN Adapter to Cisco Systems VPN Adapter

For x64, the value would change from something like @oem8.inf,%CVirtA_D  ...
 
Factory reset Cisco Catalyst 9200 (without password)
by on January 1st 1970, at 01:00
To factory reset a Cisco Catalyst 9200 series switch (e.g. when you can no longer log in or have forgotten the password), you can factory reset the switch through physical access and a serial console connection.

First, connect the serial console cable and verify whether you have access to the serial console. Also, verify whether you have physical access to the switch and can unplug the power.

Unplug the power cable to power down the switch. While holding down the button at the left top corner (next to the "S" LED), plug in back in. Keep the button pressed for at least 10 seconds, until the "S" LED is solid green. The console output will also state the boot from "pa  ...
 
Configure SSH access on a Cisco Catalyst 9200 (and disable Telnet in the process)
by on January 1st 1970, at 01:00
To configure SSH access, and disable Telnet, follow these steps.

Enable the new AAA model and configure a user account and optional enable password:aaa new-modelusername cisco secret 0 ciscoenable secret 0 cisco



Generate SSH keys and set up time-out and other parameters:ip domain name some-domain.comcrypto key generate rsaip ssh version 2ip ssh time-out 60ip ssh authentication-retries 2

When generating SSH keys, you first need to specify a domain name. You will also be prompted to enter the modulus bit rate. Although 1024 is suggested, it is recommended to set it to 2048 as lower is deprecated.

Optionally, to disable Telent access, explicitly set the transport:line vty 0 4transport inp  ...
 
 
showing posts tagged with 'cisco'
 
 
« November 2024»
SunMonTueWedThuFriSat
     12
3456789
10111213141516
17181920212223
24252627282930
 
Links
 
Quote
« I needed a password with eight characters so I picked Snow White and the Seven Dwarves. »