Posts Tagged ‘cisco’

Cisco Display MAC Address for the Connected Device

 
isr#show mac-address-table interface FastEthernet1
Destination Address  Address Type  VLAN  Destination Port
-------------------  ------------  ----  --------------------
1111.1111.1111		Dynamic	      1	    FastEthernet1
Posted: August 13th, 2011
Categories: cisco, networking
Tags: ,
Comments: No Comments.

Cisco ASA Description & Part Numbers

From: http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/prod_brochure0900aecd80402e36.html

Cisco ASA 5505 Solution Description Firewall/VPN Performance Part Number
Cisco ASA 5505 10-user bundle

Includes 10-user license, 8-port Fast Ethernet switch, stateful firewall, 10 IPsec VPN peers, 2 SSL VPN peers, 3DES/AES license, and 1 expansion slot

 150 Mbps/100 Mbps ASA5505-BUN-K9
Cisco ASA 5505 50-user bundle

Includes 50-user license, 8-port Fast Ethernet switch, stateful firewall, 10 IPsec VPN peers, 2 SSL VPN peers, 3DES/AES license, and 1 expansion slot

 150 Mbps/100 Mbps ASA5505-50-BUN-K9
Cisco ASA 5505 unlimited user bundle

Includes unlimited user license, 8-port Fast Ethernet switch, stateful firewall, 10 IPsec VPN peers, 2 SSL VPN peers, 3DES/AES license, and 1 expansion slot

 150 Mbps/100 Mbps ASA5505-UL-BUN-K9
Cisco ASA 5505 Security Plus bundle

Includes Cisco ASA 5505, unlimited users, 8-port Fast Ethernet switch, stateful firewall, 25 IPsec VPN peers, 2 SSL VPN peers, stateless Active/Standby high availability, dual ISP support, DMZ support, 3DES/AES license, and 1 expansion slot

 150 Mbps/100 Mbps ASA5505-SEC-BUN-K9
Cisco ASA 5510 Solution Description
Cisco ASA 5510 Content Security bundle

Cisco ASA 5510 Appliance with CSC-SSM provides firewall, VPN, and content security services to stop viruses, spyware, and provide file blocking. Includes 1 yr subscription for the content security features. Additional content security services (anti-spam, anti-phishing, and URL blocking and filtering) available with the ASA-CSC10-PLUS license.

 300 Mbps/170 Mbps ASA5510-CSC10-K9
Cisco ASA 5510 bundle

Includes 3 Fast Ethernet interfaces, stateful firewall, 250 IPsec VPN peers, 2 SSL VPN peers, 3DES/AES license, and 1 expansion slot

 300 Mbps/170 Mbps ASA5510-BUN-K9
Cisco ASA 5510 Security Plus bundle

Includes 5 Fast Ethernet interfaces, stateful firewall, 250 IPsec VPN peers, 2 SSL VPN peers, Active/Standby high availability, 3DES/AES license, and 1 expansion slot

 300 Mbps/170 Mbps ASA5510-SEC-BUN-K9
Additional Recommended Options
Cisco ASA 5505 Security Plus license (provides stateless Active/Standby high availability, dual ISP support, DMZ support, VLAN trunking support, and increased session and IPSec VPN peer capacities) ASA5505-SEC-PL
Cisco ASA 5500 CSC10-Plus license (1-year subscription license, which adds anti-spam, anti-phishing, and URL blocking and filtering to the CSC-SSM content security solution in the Cisco ASA 5510) ASA-CSC10-PLUS
Cisco ASA 5510 Security Plus license (provides Active/Active and Active/Standby high availability, increased session and VLAN capacities, and additional Ethernet interfaces) ASA5510-SEC-PL
Cisco ASA 5500 Series 10-user SSL VPN license ASA5500-SSL-10
Cisco ASA 5500 Series 25-user SSL VPN license ASA5500-SSL-25
Cisco ASA 5500 Series 50-user SSL VPN license ASA5500-SSL-50

 

Posted: April 13th, 2011
Categories: cisco
Tags: ,
Comments: No Comments.

Locating the Switchport for an IP on Cisco

isr-device#show arp 192.168.0.3
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  192.168.0.3              7   0006.812b.7c4a  ARPA   Vlan1
 
isr-device#show mac-address-table address 0006.812b.7c4a
Destination Address  Address Type  VLAN  Destination Port
-------------------  ------------  ----  --------------------
0006.812b.7c4a          Dynamic       1     FastEthernet7
Posted: April 6th, 2011
Categories: cisco, networking
Tags: ,
Comments: No Comments.

Cisco CME Broadvoice Configuration

ip domain name sub.domain.com
ip name-server 8.8.8.8
 
voice class codec 1
codec preference 1 g711ulaw
codec preference 2 g711alaw
codec preference 3 g729r8
!
ip route 0.0.0.0 0.0.0.0 GW
!
dial-peer voice 1 voip
destination-pattern 1..........
voice-class codec 1
session protocol sipv2
session target dns:sip.broadvoice.com
dtmf-relay rtp-nte
ip qos dscp cs5 media
no vad
!
dial-peer voice 86 voip
destination-pattern *86
voice-class codec 1
session protocol sipv2
session target dns:sip.broadvoice.com
dtmf-relay rtp-nte
ip qos dscp cs5 media
no vad
!
sip-ua
authentication username UN password PW
no remote-party-id
mwi-server dns:sip.broadvoice.com expires 3600 port 5060 transport udp unsolicited
registrar dns:sip.broadvoice.com expires 3600
!
telephony-service
voicemail *86
!
ephone-dn 1 dual-line
number 1234567890
mwi sip
!
! softphone
ephone 1
mac-address 00:XX:XX:XX:XX
button 1:1
!
ephone 2
mac-address XXXX.YYYY.ZZZZ
button 1:1
!
voice register global
mode cme
source-address IP.ADDR port 5060
max-dn 12
max-pool 12
authenticate register
timezone 7
dialplan-pattern 1 PHONE.NUMBER extension-length 4
 
voice register dn 1
number PHONE.NUMBER
allow watch
name CounterPath Bria
 
voice register pool 1
id mac XXXXXXXXX
number 1 dn 1
presence call-list
username 1000 password 1000
codec g711ulaw
Posted: March 28th, 2011
Categories: cisco, phones
Tags: , ,
Comments: No Comments.

Cisco IP Phone Troubleshooting

Soft reset…
* 6 settings

Debug…
telnet to device
debug sip-messages
tty mon 0

Status…
show status
W351 unprovisioned proxy_emergency
W350 unprovisioned proxy_backup

Posted: March 28th, 2011
Categories: cisco
Tags: ,
Comments: No Comments.

Cisco ASA SSL Web VPN Configuration

ip local pool WebVPN_LocalPool SOME.IP.ADDR.SUBNET-SOME.IP.ADDR.SUBNET mask 255.255.255.0
access-list WebVPN_SplitTunnelList standard permit SOME.IP.ADDR.SUBNET 255.255.255.0
 
webvpn
 svc image disk0:/sslclient-win-1.1.4.179-anyconnect.pkg 1
 svc image disk0:/anyconnect-macosx-i386-2.3.2016-k9.pkg 2
 enable outside
 port-forward portforward 1022 SOME.IP.ADDR.STATIC ssh internal_ssh
 tunnel-group-list enable
 svc enable
 
sysopt connection permit-vpn
 
group-policy WebVPN_GroupPolicy internal
 
group-policy WebVPN_GroupPolicy attributes
 vpn-tunnel-protocol svc
 !Windows uses its own adapter
 !Mac will update resolv.conf
 !dns-server value DNS1 DNS2
 !default-domain value sub.domain.com
 address-pools value WebVPN_LocalPool
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value WebVPN_SplitTunnelList
 webvpn
  port-forward name portforward
  port-forward auto-start portforward
  svc keep-installer installed
  svc rekey time 30
  svc rekey method ssl
  svc ask none default svc
  !port-forward value portforward
  !port-forward-name value Secure Router Access
 
username webvpn attributes
 vpn-group-policy WebVPN_GroupPolicy
 
tunnel-group WebVPN_TunnelGroup type remote-access
tunnel-group WebVPN_TunnelGroup general-attributes
 default-group-policy WebVPN_GroupPolicy
 tunnel-group WebVPN_TunnelGroup webvpn-attributes
 group-alias WebVPN_TunnelGroup enable
 
username webvpn password xxx nt-encrypted privilege 1
username webvpn attributes
 vpn-group-policy WebVPN_GroupPolicy
 service-type remote-access
Posted: March 28th, 2011
Categories: asa, cisco, vpn
Tags: , , , ,
Comments: No Comments.

Cisco ASA Security using Threat Detection

threat-detection basic-threat
threat-detection statistics
threat-detection statistics port
threat-detection scanning-threat shun except ip-address SOME.MGMT.IP.ADDR 255.255.255.0
threat-detection rate scanning-threat rate-interval 1200 average-rate 10 burst-rate 20
Posted: March 28th, 2011
Categories: cisco
Tags: ,
Comments: No Comments.

Cisco ASA/PIX Facility Number and Syslog Name

The default facility used by the Cisco ASA is 20 (LOCAL4).

16	LOCAL0
17	LOCAL1
18	LOCAL2
19	LOCAL3
20	LOCAL4
21	LOCAL5
22	LOCAL6
23	LOCAL7
Posted: March 28th, 2011
Categories: asa, cisco
Tags: , , ,
Comments: No Comments.

Cisco IOS Trunk Configuration for VMware ESXi

interface FastEthernet0/1
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,11,12,13
switchport mode trunk
switchport nonegotiate
spanning-tree portfast trunk

From the ESXi side…

esxcfg-vswitch -l
esxcfg-vswitch --add-pg="Virtual Machine Network VLAN12" vSwitch1
esxcfg-vswitch --pg="Virtual Machine Network VLAN12" --vlan="12" vSwitch1
Posted: March 28th, 2011
Categories: cisco, networking
Tags: , , , ,
Comments: No Comments.

Configuring IGMP v2 snooping on Cisco Switch

To enable the IGMPv2, run…

ip igmp snooping vlan 1 immediate leave
 
switch# show ip igmp snooping
 
Global IGMP Snooping configuration:
-----------------------------------
IGMP snooping              : Enabled
IGMPv3 snooping (minimal)  : Enabled
Report suppression         : Enabled
TCN solicit query          : Disabled
TCN flood query count      : 2
Last Member Query Interval : 1000
 
Vlan 1:
--------
IGMP snooping                       : Enabled
IGMPv2 immediate leave              : Enabled
Explicit host tracking              : Enabled
Multicast router learning mode      : pim-dvmrp
Last Member Query Interval          : 1000
Source only learning age timer      : 10
CGMP interoperability mode          : IGMP_ONLY
Vlan 2:
--------
IGMP snooping                       : Enabled
IGMPv2 immediate leave              : Disabled
Explicit host tracking              : Enabled
Multicast router learning mode      : pim-dvmrp
Last Member Query Interval          : 1000
Source only learning age timer      : 10
CGMP interoperability mode          : IGMP_ONLY
Posted: March 28th, 2011
Categories: multicast
Tags: , , ,
Comments: No Comments.