Jul
15
2014
Send Cisco commands via SNMP
Send-command-via-SNMP-2

In the article “How to save configurations using SNMP“, I have explained how to get the Cisco configuration using SNMP. Now, I explain how to send commands via SNMP using the “ciscoConfigCopyMIB” MIB;  with this MIB, you can replace running/startup configuration, send commands, save the “show” output or reload the device. OK, let’s start :) First of all, check if your PC/Server has the SNMP suite; if not, install the net-snmp software (http://net-snmp.sourceforge.net/).

May
23
2014
How to upgrade a Cisco stack
How-to-upgrade-a-Cisco-stack

One of the task of a good Network engineer is update the Cisco IOS to avoid bugs and to have new features; but what is the correct procedure to upgrade a Cisco stack, for instance two 2960 switches in stack? There are two main methods to upgrade the IOS: TAR image BIN image TAR image The .tar file is an archive file from which both the IOS image and the CMS files are extracted during the upgrade process. If you want to manage switches or clusters of switches through a web interface (HTML), this is the only file you need to download.

May
1
2014
Speed up your console
Speed-up-your-console-connection-3640

Generally to upgrade/downgrade an IOS, you use the classical ftp/tftp transfer from a laptop to a router/switch; unfortunately, there are some cases where this way is not possible, so the only solution is to use the console. Suppose you have to upload an image of about 20Mb. On a 9600bps intereface, the time required to upload this image is about 35minutes (20000000/9600)! Oh my God! Fortunately Cisco permit to change the console speed using the command “speed”. By default the console interface works at 9600bps: Ciscozine#sh line console 0 Tty Line Typ Tx/Rx A Modem Roty AccO AccI Uses Noise Overruns Int […]

Apr
7
2014
March 2014: nine Cisco vulnerabilities
Cisco-vulnerabilities

The Cisco Product Security Incident Response Team (PSIRT) has published nine important vulnerability advisories: Cisco IOS Software SSL VPN Denial of Service Vulnerability Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability Cisco IOS Software Internet Key Exchange Version 2 Denial of Service Vulnerability Cisco IOS Software Crafted IPv6 Packet Denial of Service Vulnerability Cisco 7600 Series Route Switch Processor 720 with 10 Gigabit Ethernet Uplinks Denial of Service Vulnerability Cisco IOS Software Network Address Translation Vulnerabilities Cisco AsyncOS Software Code Execution Vulnerability Cisco Small Business Router Password Disclosure Vulnerability Multiple Vulnerabilities in Cisco Wireless LAN Controllers

Mar
5
2014
February 2014: five Cisco vulnerabilities
Cisco-vulnerabilities

Cisco Prime Infrastructure Command Execution Vulnerability Unauthorized Access Vulnerability in Cisco Unified SIP Phone 3905 Multiple Vulnerabilities in Cisco IPS Software  Cisco Firewall Services Module Cut-Through Proxy Denial of Service Vulnerability Cisco UCS Director Default Credentials Vulnerability

Feb
7
2014
January 2014: five Cisco vulnerabilities
Cisco-vulnerabilities

The Cisco Product Security Incident Response Team (PSIRT) has published five important vulnerability advisories: Cisco TelePresence ISDN Gateway D-Channel Denial of Service Vulnerability Cisco TelePresence System Software Command Execution Vulnerability Cisco TelePresence Video Communication Server SIP Denial of Service Vulnerability Multiple Vulnerabilities in Cisco Secure Access Control System Undocumented Test Interface in Cisco Small Business Devices

Jan
6
2014
Dual Internet connections in active/standby mode without BGP
Dual-Internet-connection-in-active-standby-mode-without-BGP-1

Suppose that your company has two independent Internet connections: the first used as main link and the second used ONLY in case of main connection fault. What can we do to avoid a ‘manual’ switch of routing and NAT tables? In general, in this case, the best solution is to use the BGP protocol with bofh providers, but this solution can be very expensive, so are there other ways to implement this process? In my opinion, one of the best solutions is to use IPSLA, PBR and the EEM features togheter, but what are these features? See you below each […]

Dec
19
2013
Show interface in depth
Show-interface-in-depth

In my opinion, a good network engineer must know the “show interface” in depth; indeed, this command is useful to obtain various interface information like drop, duplex mismatch, error, tx/rx load, … Usually, the IOS switch/router have similar “show interface” output; the differences are dictated by devices, interface and IOS. Below a show interface of a TenGigabitEthernet interface. The show is issued on a Cisco WS-C6509-E in VSS Mode with IOS version 15.

Dec
6
2013
November 2013: three Cisco vulnerabilities
Cisco-vulnerabilities

The Cisco Product Security Incident Response Team (PSIRT) has published three important vulnerability advisories: Cisco TelePresence VX Clinical Assistant Administrative Password Reset Vulnerability Cisco WAAS Mobile Remote Code Execution Vulnerability Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability

Dec
5
2013
Cisco ASA < 8.4.4.6 | 8.2.5.32 Ethernet Information Leak
cisco-exploit

This is the Cisco ASA ethernet information leak exploit that leverages the vulnerability noted in CVE-2003-0001. Versions prior to 8.4.4.6 and 8.2.5.32 are affected. Multiple platform ethernet Network Interface Card (NIC) device drivers incorrectly handle frame padding, allowing an attacker to view slices of previously transmitted packets or portions of kernel memory. This vulnerability is the result of incorrect implementations of RFC requirements and poor programming practices, the combination of which results in several variations of this information leakage vulnerability. The simplest attack using this vulnerability would be to send ICMP echo messages to a machine with a vulnerable ethernet […]

Pages:1234567...24»

Email Updates

Enter your email address to receive notifications of new posts.

Ciscozine on Facebook


Partners