Recently, I have upgraded my Cisco 2650XM from 12.3 to 12.4 version; I use it to connect my PC to Internet, but something goes wrong. After the upgrading, I have tried to downlad an ISO image but the speed was very low (about 300KB/s and not 700KB/s). Mhhh this is strange! I have begun the troubleshooting but no error, no warning message. So I have reset my current configuration, but nothing… no real improvement.

Cisco Network Foundation Protection (NFP) is an umbrella strategy encompassing Cisco IOS Security features that provides the tools, technologies, and services that enable organizations to secure their network foundations. NFP helps to establish a methodical approach to protecting router planes, forming the foundation for continuous service delivery. The router is typically segmented into three planes of operation, each with a clearly identified objective: the data plane allows the ability to forward data packets the control plane allows the ability to route data correctly the management plane allows the ability to manage network elements. The vast majority of packets handled by [...]

The Open Shortest Path First (OSPF) protocol, defined in RFC 2328, is an Interior Gateway Protocol used to distribute routing information within a single Autonomous System. The OSPF protocol is based on link-state technology, which is a departure from the Bellman-Ford vector based algorithms used in traditional Internet routing protocols such as RIP. OSPF has introduced new concepts such as authentication of routing updates, Variable Length Subnet Masks (VLSM), route summarization, and so forth. An OSPF network can be divided into sub-domains called areas. An area is a logical collection of OSPF networks, routers, and links that have the same [...]

It is not common see a Cisco crash: Software forced crash, Bus Error, Software watchdog timeout, and so on… But if you would do it, there is a pretty trick : it’s the “test crash” command, an hidden IOS command. This can help you if you are lucky enough to have the real crash exactly like one of those you can test with “test crash” command.

In this article I would explain some tips for securing Cisco administrative access. When creating passwords, keep these rules in mind: Make passwords lengthy Passwords should combine letters, numbers, and symbols. Passwords should not use dictionary words Change passwords as often as possible Strong passwords are the primary defense against unauthorized access to your router. The best way to manage passwords is to maintain them on an AAA server, but not all people can have/manage a AAA server. Cisco provides a number of enhanced features that allow you to increase the security of your passwords. For the basic configuration read [...]

The spanning-tree protocol is used to cut loops that redundant links create in bridge networks. These packets are not attested by the system, so an attacker could spoof the BPDU and compromise the network stability! See below to understand BPDU attack: In this example the Ciscozine1 switch is elected Root Bridge due to the lower MAC-address (suppose that all the switches have the same priority).

In a typical MAC flooding attack, a switch is flooded with packets, each containing different source MAC addresses. The intention is to consume the limited memory set aside in the switch to store the MAC address-to-physical port translation table. The result of this attack causes the switch to enter a state called failopen mode, in which all incoming packets are broadcast out on all ports (as with a hub), instead of just down the correct port as per normal operation. A malicious user could then use a packet sniffer running in promiscuous mode to capture sensitive data from other computers, [...]

Discovered during Cisco CCNP course, Tcl (originally from “Tool Command Language“) is a scripting language created by John Ousterhout and introduced from IOS version 12.3(2)T. But what is Cisco Tcl? The Cisco IOS Tcl shell was designed to allow customers to run Tcl commands directly from the Cisco IOS CLI prompt. Cisco IOS software does contain some subsystems such as Embedded Syslog Manager (ESM) and Interactive Voice Response (IVR) that use Tcl interpreters as part of their implementation. These subsystems have their own proprietary commands and keyword options that are not available in the Tcl shell.

EtherChannel bundles individual Ethernet links into a single logical link that provides bandwidth up to 1600 Mbps (Fast EtherChannel, full duplex) or 16 Gbps (Gigabit EtherChannel) between two Cisco Catalyst switches. All interfaces in each EtherChannel must be the same speed and duplex, and both ends of the channel must be configured as either a Layer 2 or Layer 3 interface. If a link within the EtherChannel bundle fails, traffic previously carried over the failed link is carried over the remaining links within the EtherChannel. There are two protocols used for the link aggregation: Cisco’s proprietary Port Aggregation Protocol (PAgP). [...]

As you see in the article “Implementing High Availability with HSRP“, it is quite simple configure Hot Standby Router Protocol. Some cases require a custom configuration, using priority, track, preempt etc…and these are: The standby preempt interface configuration command allows the router to become the active router when its priority is higher than all other HSRP-configured routers in this Hot Standby group. The configurations of both routers include this command so that each router can be the standby router for the other router. If you do not use the standby preempt command in the configuration for a router, that router [...]