Browsing articles tagged with "ios - 6/8 - Admins Goodies"
Aug 13, 2011
tom

Cisco IOS ACL types

The built in command help list displays access list types based on which range. router1(config)#access-list ? <1-99> IP standard access list <100-199> IP extended access list <1100-1199> Extended 48-bit MAC address access list <1300-1999> IP standard access list (expanded range) <200-299> Protocol type-code access list <2000-2699> IP extended access list (expanded range) <700-799> 48-bit MAC address access list dynamic-extended Extend the dynamic ACL absolute timer rate-limit Simple rate-limit specific access listrouter1(config)# What are each of […]

Continue Reading »
Aug 13, 2011
tom

Cisco IOS: access-list logging rate-limited or missed packets

How do we fix these errors? 2629753: Dec 29 09:03:56.521 EST: %SEC-6-IPACCESSLOGRL: access-list logging rate-limited or missed 2 packets This is a Cisco 871 router with BVI and access lists. The message means that an ACL (with, presumably, logging enabled) is generating syslog messages faster than the router is willing to send them off. You’ll have to increase the rate-limit, use the logging rate-limit command to do this (you’ll probably want to use the ip […]

Continue Reading »
Aug 13, 2011
tom

Cisco IOS ACL: Don’t permit incoming connections just because they are from port 80

I am going much based on my memory and I may not be correct on all of this. On a Cisco 851 (IOS) that uses a BVI or a bridge-route (the servers on the inside are configured with static and public IP addresses). I would apply two access lists (both end with deny ip any any log) on FastEthernet4 (the WAN port). There would be one for FA4 in and another for FA4 out. FA4 […]

Continue Reading »
Aug 13, 2011
tom

BVI vs Bridge routers

What is the difference between BVI and Bridge on Cisco IOS routers? A BVI is a “bridge virtual interface” and should be the Layer 3 bit (the interface that has an IP address). The physical interface(s) attached to the bridge-group should be purely layer 2 interfaces. Check more discussion of this question. Bookmark on Delicious Digg this post Recommend on Facebook share via Reddit Share with Stumblers Tweet about it Print for later Bookmark in […]

Continue Reading »
Aug 13, 2011
tom

Cisco IOS BVI ACL: Only allow established UDP

Related: Cisco IOS ACL: Don’t permit incoming connections just because they are from port 80 I know we can use the established keyword for TCP.. but what can we do for UDP (short of replacing a Bridge or BVI with a NAT)? Answer I found out what “UDP has no connection” means. DNS uses UDP for example.. named (DNS server) is lisenting on port 53 nslookup (DNS client) starts listening on some random port and […]

Continue Reading »
Aug 13, 2011
tom

IOS not saving evaluate rule in access-list

I have a basic firewall set up on an pretty od IOS in form of IPv6 access list exterior-in6 evaluate exterior-reflect sequence 1 permit ipv6 any host [my external address] sequence 10 permit tcp any host [my internal address] eq 22 sequence 11 permit icmp any any sequence 800 permit udp any any range 6881 6889 sequence 900 permit tcp any any range 6881 6889 sequence 901 deny ipv6 any any sequence 1000 IPv6 access […]

Continue Reading »
Aug 13, 2011
tom

How to start Cisco 2911 with presaved configuration?

I briefly configured branch router Cisco 2911 and saved config. Unfortunately – after rerun Cisco needs “copy startup-config running-config” to read configuration (I really need this – for example to get up interface GigabitEthernet0/0). How I can save my configuration as the permanently one and auto started? As told by bluszcz in the comment to your question, please take a look to Configuration register value in the output of show version It should be set […]

Continue Reading »
Aug 13, 2011
tom

Cisco 1760 T1 Setup

My 1760 has a WIC1-T1 card in Slot 0 and the slot 0 “OK” light is lit. When the router boots it shows that it sees the T1 card. I would like to configure my T1. I received the following details from my ISP: * Removed IP’s IP Version: IPv4 Router Interface: edge1.mia1 — t1-2/1/0:2:13 — Switch Port: Vlan: WAN Network: 4.59.?.?/30 Level3 Side: 4.59.?.? Customer Side: 4.59.?.?Cust. LAN IPs: 4.59.?.?/27 The problem is that […]

Continue Reading »
Aug 12, 2011
tom

Why would Windows Server not respond to DHCP DISCOVER?

My network was working just fine and I broke it. There is a Cisco 1711 router which was configured to hand out DHCP leases to the client PCs. I have a domain controller (Server 2008) on the same network that I wanted to take over the DHCP role. I added the DHCP role to the server, configured the scope, and activated it. Then I turned off DHCP on the Cisco 1711 by running no service […]

Continue Reading »
Aug 12, 2011
tom

Is there a way to submit a batch of commands to a Cisco router and have them execute from the router?

I need to change the configuration of a remote (6 hours’ drive) client’s Cisco 871 (IOS 12.4.15T) from my location because of some new internet service at his location. To be more precise, I need to change the default route, ip address of the outside interface (Fa4) and disable the PPPoE setup there. Unfortunately, doing any of this will (obviously) break the connection to the router. I do not have an out-of-band management modem set […]

Continue Reading »