June 17, 2010

Cisco IOS Security: Quiet Period Login

Cisco’s IOS Quiet Period refers to the period in which telnet/ssh/http access are disabled for an X amount of time after an Y amount of failed attempt. While it is quite unusual to have router virtual access allowed from the WAN link, it may not hurt to go further by enabling this cisco feature to prevent a potential DOS dictionary attack from the WAN link or possibly as well from the LAN link. ... Read more

October 14, 2009

Cisco IOS Tips - cache running-configuration

This is probably one of the most ignored and forgotten feature of IOS since 12.2(25)S and 12.2(27)SBC. I am positing it here as I never stopped coming across routers and switches with this feature not active. Please note you need to enough memory,to use this feature; that is to say, the available space in memory to hold a copy of the interfaces configuration. As you may guess, a router or switch with a monstrous configuration, can take a while to display the running configuration when issuing ... Read more

September 20, 2009

Filter networks with BGP

There are 3 easy ways to filter/restrict certain networks to be announced through BGP to a remote/adjacent AS (Autonomous System). Those 3 simple ways include: prefix-list | Extended Access-list + Route-map | Extended Access-list + Distribute-list To Note: before we go on, I need to specify that creating an extended access list to be in use with BGP (route-map, distribute-list) is almost as similar as creating a prefix-list… Having said that, we are therefore no longer matching source and destination address but merely address prefix and netmask with the access list. ... Read more

September 16, 2009

Cisco IOS Configuration boot register - ROMMON

Every cisco routers has a configuration register which is saved in NVRAM and is a 16 bit value. This post will not tackle all the 16 bits of the configuration register, but only the 13th bit which is used to either load IOS or ROMMON. Another post will be made to detail all the 16 bit configuration register. Before continuing, it is important to understand the basic “boot process” of a router. ... Read more

September 15, 2009

Cisco IOS shortcuts

Configuring Cisco IOS shortcuts command are quite easy and neat… just use the exec command “alias”. command structure: alias Example in exec mode: sh ip int br (show ip interface brief) so following, we would get “alias exec s sh ip int br” Example in configure mode: router ospf and we would get “alias configure ro router ospf” More mixed examples [ alias / original command / command to enter ] ... Read more

August 26, 2009

Cisco IOS hidden tools

Hello there, Just a quick overview over a couple of cisco hidden command useful in certain circumstances 1. ttcp ttcp is only available on routers/layer 3 switches (of course ;-) ) For those familiar with iperf, ttcp is a kinda”ish” iperf Start ttcp on one router in point 2 point scenario and ttcp on the other endpoint. One router will be in receiving mode, while the other will be in sending mode… running the command is quite straight forward, thus I will not demonstrate it here. ... Read more