Oct 012008

If you are attached to a corporate or an enterprise network and connect to internet from behind a BlueCoat proxy which proxies FTP connections then FileZilla FTP client needs needs to be configured accordingly to get it work properly. There is an FTP proxy configuration and a Generic Proxy configuration that can be set in FileZilla client.

Continue reading »

If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!

Jul 032008

Today, I had to troubleshoot a very peculiar problem on my Cisco Catalyst 3750 switches in two different sites. To cut a long story short, both the sites originally had IPSec VPNs over ADSL internet andtherefore static routes added to pass through their VPN firewalls. However, with a recent WAN migration with leased lines, all traffic moved to the WAN routers.

However, the Static Routes became stale (obsolete) and we were unable to delete the static routes. The routes are not in the running config (no "ip route command in config") and a reboot wouldn't help.

Continue reading »

Jul 012008

VLAN Interfaces are required in network scenarios where you have different VLANs and need Inter-VLAN switching on Layer3 (Routing capable) switches. Every VLAN that needs to be routed should have a VLAN interface.

Let's say we have VLAN 10 which hosts the subnet subnet, VLAN hosts subnet and VLAN 30 hosts subnet. For Inter-VLAN routing to work, we need to have a VLAN interface setup for each of these VLANs and configured with an IP address from the same subnet which will be the default Gateway for that subnet. Lets say,, are the IP addresses for VLAN Interfaces of VLAn 10,20,30 respectively.

Continue reading »

Jun 192008

Cisco Routers and Switches with L3 routing functions are seen to have problems with High CPU usage when SNMP is enabled. This can range anything from 15% to 40%. According to Cisco, these are low priority processes and other priority processes requiring CPU cycles are given priority over these processes and this level of CPU utilisation can be is normal. However, it is always better to be safe than sorry and get the CPU utilisation caused by SNMP to bare minimum so as to ensure the Routers function smoothly.

The reason behind the High CPU usage can be caused by the Network Management Server (SNMP Server) like HP Openview querying for the Routing Tables and ARP tables to learn about other networks  or querying for certain MIBs which can be resource intensive.

Continue reading »

Jun 172008

Back from the holidays only to find my Windows Profile gone missing at work. One of the annoying things was to add all my remote hosts back onto WyseTerm. While the bad news is that there is no single file (which one would expect) that maintains this list, the good news comes in the form of Windows Registry. Yes, the WyseTerm host information is stored in Windows Registry and can be exported from the registry on to a new profile or other users profile.

The WyseTerm Host information, also known as the Common Address Book can be exported from the Windows Registry and then imported onto the new users profile as follows:

Continue reading »

May 202008

The enhanced password security in Cisco IOS introduced in 12.0(18)S allows an admin to configure MD5 encryption for passwords. Prior to this feature the encryption level on Type 7 passwords used a week encryption and can be cracked easily and the clear text password (type 0) as anyone would know is completely insecure. Anyone who can gain access to the privilege mode can view/decrypt these passwords.

Continue reading »

May 152008

DHCP snooping is a DHCP security feature that provides security by filtering untrusted DHCP messages and by building and maintaining a DHCP snooping binding table. An untrusted DHCP message is a message that is received from outside the network or firewall causing denial of service attacks.

The DHCP snooping binding table contains the MAC address, IP address, lease time, binding type, VLAN number, and interface information that corresponds to the local untrusted interfaces of a switch. An untrusted interface is an interface that is configured to receive messages from outside the network or firewall. A trusted interface is an interface that is configured to receive only messages from within the network.

DHCP snooping can be enabled on the switch per vlan as it can intercept the DHCP messages at the layer2.

Continue reading »