Friday, December 11, 2009

Stop those translating time


If you do not have DNS enable. You can stop those annoying translating time when you accidentally hit enter when typing anything

configure terminal

no ip domain-lookup

Thursday, November 19, 2009

Prefix and Subnet

Number of Usable IP addresses
Prefix Subnet mask binary form Total IPs Usable IPs
/32 255.255.255.255 11111111.11111111.11111111.11111111 XX XX
/31 255.255.255.254 11111111.11111111.11111111.11111110 2 XX
/30 255.255.255.252 11111111.11111111.11111111.11111100 4 2
/29 255.255.255.248 11111111.11111111.11111111.11111000 8 6
/28 255.255.255.240 11111111.11111111.11111111.11110000 16 14
/27 255.255.255.224 11111111.11111111.11111111.11100000 32 30
/26 255.255.255.192 11111111.11111111.11111111.11000000 64 62
/25 255.255.255.128 11111111.11111111.11111111.10000000 128 126
/24 255.255.255.0 11111111.11111111.11111111.00000000 256 254
/23 255.255.254.0 11111111.11111111.11111110.00000000 512 510
/22 255.255.252.0 11111111.11111111.11111100.00000000 1024 1022
/21 255.255.248.0 11111111.11111111.11111000.00000000 2048 2046
/20 255.255.240.0 11111111.11111111.11110000.00000000 4096 4094
/19 255.255.224.0 11111111.11111111.11100000.00000000 8192 8190
/18 and so on ... ...

***Subnet mask will begin with series of '1' and end with series of  '0', there will not be combination of '1' between '0' and '0' between '1'.
***Total IPs formula 2 to the power of n where n is equal to the number of '1'
***Usable IPs = Total IPs - 2 (2 IPs is due to network and broadcast address)

Friday, November 13, 2009

Switch Password Reset


Press mode button when powered-up

Screen saying password-recovery mechanism started

flash_init

load_helper

dir flash:

rename flash:config.txt flash:config.bak

boot

no to initial configuration dialog

enable

rename flash:config.bak config.txt

copy flash:config.txt system:running-config

copy running-config startup-config

Wednesday, October 14, 2009

Reset password

Press break or Control-C when powered-up

in ROMMON

confreg 0x2142

reset

no to System Configuration Dialog

enable

configure memory

copy startup-config running-config

exit

configure terminal

configure-register 0x2102

write memory

Wednesday, September 16, 2009

Restore back to default

configure terminal

configure-register 0x2142

reload
=>no need to save system config

no to System Configuration Dialog

configure terminal

configure-register 0x2102

write memory

reload

Thursday, August 13, 2009

Download the IOS to the rommon


rommon 1 > set 
PS1=rommon ! >  
BSI=0 
RET_2_RUTC=0 
RET_2_RTS= 
?=1  

rommon 2 > IP_ADDRESS=192.168.0.2 
rommon 3 > IP_SUBNET_MASK=255.255.255.0 
rommon 4 > TFTP_SERVER=192.168.0.3 
rommon 5 > TFTP_FILE=c1841-xxxxxx-xx.xxx-xx.xx.bin 
rommon 6 > DEFAULT_GATEWAY=192.168.0.1  

rommon 7 > tftpdnld            
IP_ADDRESS: 192.168.0.2       
IP_SUBNET_MASK: 255.255.255.0      
DEFAULT_GATEWAY: 192.168.0.1          
TFTP_SERVER: 192.168.0.3            
TFTP_FILE: c1841-xxxxxxx-xx.xxx-xx.xx.bin  

Invoke this command for disaster recovery only. 
WARNING: all existing data in all partitions on flash will be lost! 
Do you wish to continue? y/n:  [n]:  y  

Receiving c1841-xxxxxxx-xx.xxx-xx.xx.bin from 192.168.0.3 
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

File reception completed. 
Copying file c1841-xxxxxxx-xx.xxx-xx.xx.bin to flash. 
Erasing flash at 0x60fc0000 
program flash location 0x60e70000 
rommon 8 > 

Friday, July 24, 2009

simple OSPF config

configure terminal
Router ospf (process id) e.g. 1
Network (interface ip starting address) (wildcard) area 0
wildcard hint:
0.0.0.0 host address
0.0.0.3 subnet mask : /30 255.255.255.252
0.0.0.7 subnet mask: /29 255.255.255.248
0.0.0.15 subnet mask: /28 255.255.255.240
0.0.0.31 subnet mask: /27 255.255.255.224
0.0.0.63 subnet mask: /26 255.255.255.192
0.0.0.127 subnet mask: /25 255.255.255.128
0.0.0.255 subnet mask: /24 255.255.255.0

Thursday, July 23, 2009

Copy the IOS from router to the PC


copy c1841-12-4.xxxx.bin tftp://192.168.0.2
IP address of PC 192.168.0.2
IP address of ethernet interface of router 192.168.0.1

Thursday, June 11, 2009

encrypt all password in show run

Service password-encryption

Password encryption is applied to all passwords, including 
1)username passwords
2)authentication key passwords
3)privileged command password
4)console
5)virtual terminal line access passwords
6)Border Gateway Protocol neighbor passwords. 


Keeping unauthorized individuals from viewing your password in your configuration file.

Interface configuration

Cisco


Interface (fa0/0 or s0/0/0 etc… …>)
Description (describe link) =>useful for troubleshooting as it can tell you where is it connected to
Ip address (ip address) (subnet mask)
No shut
hint: subnet mask
/32 255.255.255.255 no useful IP address
/31 255.255.255.254 no useful IP address
/30 255.255.255.252 useful for WAN link, 4 IPs (1 network, 1 broadcast, 2 user IPs)
/29 255.255.255.248 8 IPs (1 network, 1 broadcast, 6 user IPs)
/28 255.255.255.240 16 IPs (1 network, 1 broadcast, 14 user IPs)
/27 255.255.255.224 32 IPs (1 network, 1 broadcast, 30 user IPs)
/26 255.255.255.192 64 IPs (1 network, 1 broadcast, 62 user IPs)
/25 255.255.255.128 128 IPs (1 network, 1 broadcast, 126 user IPs)
/24 255.255.255.0
/23 255.255.254.0
/22 255.255.252.0
/21 255.255.248.0
/20 255.255.240.0


Juniper
Interface (fxp0,lo0,em0,fe-x/0/y,se-x/0/y)
x = PIM slot
y = Port Number



inet => IPv4


root@router#set interfaces em0 unit 0 family inet address (ip address)/(prefix)
root@router#commit


IPv6
Cisco - ipv6 address 2001:db8::1/64
Juniper - set interfaces em0 unit 0 family inet6 address 2001:200:30:2::1/64

Enable Privileged Password Login

Enable secret 5 (Level 2 password)

Cisco's Type 7 scheme is a weak protection scheme.


Type 5 uses a strong, one-way encryption hash (MD5), which will ensure greater security. 


Whenever possible, the Type 5 password protection scheme should be used.

Create username login

Cisco
username (name) password privilege (level) (password)

level 15 (Cisco administrator / super-user access)
level 7 (moderate user access)


Junipers
set system login user (name) classs (class)  authentication plain-text-password



               Login class
  operator             permissions [ clear network reset trace view ]
  read-only            permissions [ view ]
  super-user           permissions [ all ]
  unauthorized         permissions [ none ]

Friday, May 22, 2009

Telnet login using IP address

Cisco


Line vty 0 4
Logging synchronous
Password (level 1 password) =>encrypt password
Login local =>enable password login
Session-limit 1 =>limit to 1 login session
Motd-banner =>display warning message


Juniper


set system services telnet  => enable telnet service on the router
set system login user user1 class super-user authentication plain-text-password


=>You will prompted to set your password


Replace user1 with the username you will like to create
Replace super-user with the level of access right you will like to give to the user

Console Login using rollback cable

Line console 0
Logging synchronous => Information items sent to the console will not interrupt the command you are typing.
Password  7 (level 1 password) =>encrypt password
Login local =>enable password login
Session-limit 1 =>limit to 1 login session
exec-timeout 0 0 => Sets the time limit when the console automatically logs off. Set to 0 0 (minutes seconds) means the console never logs off. Default is 10 minutes.

Thursday, May 14, 2009

Hostname


Cisco


Router(config)#Hostname B10_L23_R30
B10_L23_R30(config)#


Juniper



[edit]
root# set system host-name B10_L23_R30


[edit]
root# commit
commit complete


[edit]
root@B10_L23_R30# [edit]

Wednesday, May 13, 2009

Banner - Warning Message

Cisco


Banner login % (warning message) %
Banner motd % (warning message) %

e.g. 
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
*                                                                                                                   *
*                                                                                 *
*    Please navigate away from this website or ip address now if                     *
*    you are not an authorised personnel belonging to ABC Pte Ltd *
*    You will be prosecuted as the host IP that you are using has                    *
*   already been captured by our system if you attempt to navigate                    *
*                                          any further                                           *
*                                                                                 *
*                                                                                 *
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



Juniper

Special Characters—You can format the message using the following special characters:
  • \n—New line
  • \t—Horizontal tab
  • \'—Single quotation mark
  • \"—Double quotation mark
  • \\—Backslash

root@B10_L23_R30# set system login message "\n\n\n\tPlease Do not enter!!!\n\tYou will be prosecuted under the law\n\tPlease contact abc@company.com to gain access.\n\n\n"



e.g.




                Please Do not enter!!!
                You will be prosecuted under the law
                Please contact abc@company.com to gain access.