Do you remember the article ‘How to schedule a reload‘? This feature (reload in ‘x’) is useful when you must apply a critical configuration on a remote device, for instance new route or new acl. In fact, if you happen to lose connection to device after a change, you must wait the device reload to reconnect to it. This can be a solution but there is a better solution: the replace/roolback feature. Introduced in 12.3(7)T IOS, the Configuration Replace and Configuration Rollback features provide the capability to replace the current running configuration with any saved Cisco IOS configuration file. This […]
Cisco IP SLAs is a part of Cisco IOS that allows Cisco customers to analyze IP service levels for IP applications and services by using active traffic monitoring for measuring network performance. With Cisco IOS IP SLAs, service provider customers can measure and provide service level agreements, and enterprise customers can verify service levels, verify outsourced service level agreements, and understand network performance. Cisco IOS IP SLAs can perform network assessments, verify quality of service (QoS), ease the deployment of new services, and assist with network troubleshooting. IP SLAs collects a unique subset of these performance metrics: Delay (both round-trip […]
The Cisco Product Security Incident Response Team (PSIRT) has published ten important vulnerability advisories: Multiple Vulnerabilities in Cisco NX-OS-Based Products Cisco Device Manager Command Execution Vulnerability Multiple Vulnerabilities in Cisco Unified Computing System Cisco Network Admission Control Manager SQL Injection Vulnerability Cisco TelePresence Infrastructure Denial of Service Vulnerability Multiple Vulnerabilities in Cisco IOS XE Software for 1000 Series Aggregation Services Routers Multiple Vulnerabilities in Cisco Firewall Services Module Software Multiple Vulnerabilities in Cisco ASA Software Cisco Prime Network Control Systems Database Default Credentials Vulnerability Multiple Vulnerabilities in Cisco Unified MeetingPlace Solution
Everyone knows that the routing table lists the routes to particular network destinations, but is it possible define the next-hop based on source ip, packet size or other criteria? Obviously yes! Policy-based routing (PBR) provides a tool for forwarding and routing data packets based on policies defined by network administrators. In effect, it is a way to have the policy override routing protocol decisions. Policy-based routing includes a mechanism for selectively applying policies based on access list, packet size or other criteria. The actions taken can include routing packets on user-defined routes, setting the precedence, type of service bits, etc.
The Cisco Product Security Incident Response Team (PSIRT) has published seven important vulnerability advisories: Cisco IOS Software Zone-Based Policy Firewall Session Initiation Protocol Inspection Denial of Service Vulnerability Cisco IOS Software Resource Reservation Protocol Denial of Service Vulnerability Cisco IOS Software IP Service Level Agreement Vulnerability Cisco IOS Software Smart Install Denial of Service Vulnerability Cisco IOS Software Protocol Translation Vulnerability Cisco IOS Software Network Address Translation Vulnerability Cisco IOS Software Internet Key Exchange Vulnerability Cisco IOS Software Zone-Based Policy Firewall Session Initiation Protocol Inspection Denial of Service Vulnerability Cisco IOS Software contains a memory leak vulnerability that could be […]
Part of the Cisco Video Surveillance Manager product suite, the Cisco Video Surveillance Operations Manager enables the efficient and effective configuration and management of video throughout an enterprise. It provides a secure web portal to configure, manage, display, and control video in an IP network, and provides the ability to easily manage a large number of security assets and users, including media server instances, cameras, encoders, and event sources, as well as digital monitors.
The Cisco Product Security Incident Response Team (PSIRT) has published four important vulnerability advisories: Cisco Unified Communications Manager Multiple Denial of Service Vulnerabilities Cisco Prime Central for Hosted Collaboration Solution Assurance Excessive CPU Utilization Vulnerability Cisco Unified Presence Server Denial of Service Vulnerability Cisco ATA 187 Analog Telephone Adaptor Remote Access Vulnerability Cisco Unified Communications Manager Multiple Denial of Service Vulnerabilities Cisco Unified Communications Manager contains two vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. Exploitation of these vulnerabilities could cause an interruption of voice services.
Not everyone knows that from IOS version 12.3(14)T, Cisco has introduced a new feature called NAT Virtual Interface; NVI removes the requirements to configure an interface as either NAT inside or NAT outside. An interface can be configured to use NAT or not use NAT. How to use NVI? It’s easy! You must use the command ‘ip nat source …’ without specifying the inside/outside tag and enable the nat to the interfaces using the command ‘ip nat enable’. For instance, if you use legacy statement:
The Cisco Unity Express software contains two important vulnerabilities: CVE ID: CVE-2013-1114: Cisco Unity Express software prior to version 8.0 contains vulnerabilities that could allow an unauthenticated, remote attacker to conduct cross site scripting attacks. The vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by sending crafted requests. However, all affected versions of the software have reached End of Software Maintenance or Last Day of Support. CVE ID: CVE-2013-1120: Cisco Unity Express software prior to version 8.0 contains vulnerabilities that could allow an unauthenticated, remote attacker to conduct cross site request forgery attacks. The vulnerabilities are due […]
As explained in a previous article, NAT is the process of modifying IP address information in IP packet headers, while route maps are mainly used to redistribute and manipulate routes (OSPF, BGP, EIGRP, and so on). The question is obvious… What is the relationship between these two features? Static NAT configuration with the route-map option can be used to implement destination-based NAT scenarios where the same inside local address needs to be translated to more than one inside global address, depending on where the traffic is destined.
Enter your email address to receive notifications of new posts.