ItsyourIP.com

Tag: ios

  • Unable to delete Stale/Obsolete statc routes in Cisco IOS

    Today, I had to troubleshoot a very peculiar problem on my Cisco Catalyst 3750 switches in two different sites. To cut a long story short, both the sites originally had IPSec VPNs over ADSL internet andtherefore static routes added to pass through their VPN firewalls. However, with a recent WAN migration with leased lines, all traffic moved to the WAN routers.

    However, the Static Routes became stale (obsolete) and we were unable to delete the static routes. The routes are not in the running config (no “ip route command in config”) and a reboot wouldn’t help.

    (more…)

  • How to create VLAN Interfaces for InterVLAN Routing in Cisco IOS

    VLAN Interfaces are required in network scenarios where you have different VLANs and need Inter-VLAN switching on Layer3 (Routing capable) switches. Every VLAN that needs to be routed should have a VLAN interface.

    Let’s say we have VLAN 10 which hosts the subnet 192.168.10.0 subnet, VLAN hosts 192.168.20.0 subnet and VLAN 30 hosts 192.168.30.0 subnet. For Inter-VLAN routing to work, we need to have a VLAN interface setup for each of these VLANs and configured with an IP address from the same subnet which will be the default Gateway for that subnet. Lets say, 192.168.10.254,192.168.20.254.192.168.30.254 are the IP addresses for VLAN Interfaces of VLAn 10,20,30 respectively.

    (more…)

  • High CPU usage when SNMP is enabled in Cisco Routers

    Cisco Routers and Switches with L3 routing functions are seen to have problems with High CPU usage when SNMP is enabled. This can range anything from 15% to 40%. According to Cisco, these are low priority processes and other priority processes requiring CPU cycles are given priority over these processes and this level of CPU utilisation can be is normal. However, it is always better to be safe than sorry and get the CPU utilisation caused by SNMP to bare minimum so as to ensure the Routers function smoothly.

    The reason behind the High CPU usage can be caused by the Network Management Server (SNMP Server) like HP Openview querying for the Routing Tables and ARP tables to learn about other networks  or querying for certain MIBs which can be resource intensive.

    (more…)

  • Configure MD5 encrypted passwords for users on Cisco IOS

    The enhanced password security in Cisco IOS introduced in 12.0(18)S allows an admin to configure MD5 encryption for passwords. Prior to this feature the encryption level on Type 7 passwords used a week encryption and can be cracked easily and the clear text password (type 0) as anyone would know is completely insecure. Anyone who can gain access to the privilege mode can view/decrypt these passwords.

    (more…)

  • Enable/Configure DHCP Snooping in Cisco Catalyst Switches (IOS)

    DHCP snooping is a DHCP security feature that provides security by filtering untrusted DHCP messages and by building and maintaining a DHCP snooping binding table. An untrusted DHCP message is a message that is received from outside the network or firewall causing denial of service attacks.

    The DHCP snooping binding table contains the MAC address, IP address, lease time, binding type, VLAN number, and interface information that corresponds to the local untrusted interfaces of a switch. An untrusted interface is an interface that is configured to receive messages from outside the network or firewall. A trusted interface is an interface that is configured to receive only messages from within the network.

    DHCP snooping can be enabled on the switch per vlan as it can intercept the DHCP messages at the layer2.

    (more…)

  • Allow user view Running/Startup-Config (red-only) in Cisco IOS

    If you want to allow a low-priviledged user on a Cisco router or a Switch to view the Startup Config then this can be done in Routers and Switches running Cisco IOS.

    This infact is a simple 2 step procedure as follows:

    (more…)

  • How to capture text, backup configuration (Cisco,Juniper or anything)with Putty

    I dont think we need an introduction to the most widely used Remote console utility, PUTTY. Putty support SSH, Telnet, RLogin & RAW connections.

    If you telnet or SSH to your Cisco IOS routers or switches or Juniper Firewalls and ofcourse anything that support CLI and SSH or Telnet then one of the things you would prefer to do is to take a backup of the config (Running or Startup) or even capture session text including logs tech information etc. We discussed here about using Hypereterminal to capture text and hence backup and restore config on Cisco IOS Routers and Switches.

    (more…)