Showing posts with label General Technical. Show all posts
Showing posts with label General Technical. Show all posts

Wednesday 10 July 2013

Editing Commands Through Keystrokes

Capability
Keystroke
Purpose
Move around the command line to make changes or corrections.
Ctrl-B or the left arrow key
Move the cursor back one character.
Ctrl-F or the right arrow key
Move the cursor forward one character.
Ctrl-A
Move the cursor to the beginning of the command line.
Ctrl-E
Move the cursor to the end of the command line.
Esc B
Move the cursor back one word.
Esc F
Move the cursor forward one word.
Ctrl-T
Transpose the character to the left of the cursor with the character located at the cursor.
Recall commands from the buffer and paste them in the command line. The access point provides a buffer with the last ten items that you deleted.
Ctrl-Y
Recall the most recent entry in the buffer.
Esc Y
Recall the next buffer entry.
The buffer contains only the last 10 items that you have deleted or cut. If you press Esc Y more than ten times, you cycle to the first buffer entry.
Delete entries if you make a mistake or change your mind.
Delete or Backspace
Erase the character to the left of the cursor.
Ctrl-D
Delete the character at the cursor.
Ctrl-K
Delete all characters from the cursor to the end of the command line.
Ctrl-U or Ctrl-X
Delete all characters from the cursor to the beginning of the command line.
Ctrl-W
Delete the word to the left of the cursor.
Esc D
Delete from the cursor to the end of the word.
Capitalize or lowercase words or capitalize a set of letters.
Esc C
Capitalize at the cursor.
Esc L
Change the word at the cursor to lowercase.
Esc U
Capitalize letters from the cursor to the end of the word.
Designate a particular keystroke as an executable command, perhaps as a shortcut.
Ctrl-V or Esc Q

Scroll down a line or screen on displays that are longer than the terminal screen can display.
Return
Scroll down one line.
Space
Scroll down one screen.
Redisplay the current command line if the access point suddenly sends a message to your screen.
Ctrl-L or Ctrl-R
Redisplay the current command line.

Source: www.cisco.com

Wednesday 5 June 2013

Common TCP UDP Ports

 
Application Port Protocol Notes
HTTP 80, 8080 TCP Hyptertext Transfer Protocol. Used by web browsers such as Internet Explorer, Firefox and Opera.
HTTPS 443 TCP, UDP Used for secure web browsing.
IMAP 143 TCP Email applications including Outlook, Outlook Express, Eudora and Thunderbird.
FTP 20 to 21 TCP File Transfer Protocol.
SSH 22 TCP Secure Shell protocol. Provides a secure session when logging into a remote machine.
Telnet 23 TCP Used for remote server administration.
DNS 53 TCP, UDP Domain Name System protocol for converting domain names to IP addresses.
NNTP 119 TCP Network News Transfer Protocol, used for internet discussion groups.
NETBIOS 137 to 139 TCP, UDP NETBIOS is used for file transfers between Windows machines.
SNMP 161 to 162 UDP Simple Network Management Protocol. Used by network administrators for remote statistics and information gathering.
LDAP 389 TCP, UDP Lightwight Directory Services Protocol, used for accessing centralized databases of users and computers.
Microsoft SQL Server 1433 to 1434 TCP, UDP Database application.
MySQL 3306 TCP, UDP Database application.
Oracle SQL 1521, 1522, 1525, 1529 TCP Database application.
Microsoft Terminal Server / Citrix ICA 1494, 1604 UDP Remote desktop application.
ICQ 4000 UDP Instant messenger.
Yahoo Messenger 5010 TCP Instant messenger.
AOL Instant Messenger 5190 TCP, UDP Instant messenger.
PCAnywhere 5632 TCP, UDP Remote desktop application.
VNC 5800, 5900 TCP Virtual Network Computer, allows remote desktop functionality.
Kerberos 88 TCP, UDP Used for user authentication, mainly on Windows systems.
POP3 110 TCP Post Office Protocool. For receiving email.
SMTP 25 TCP Simple Mail Transfer Protocol, used for sending email.
RIP 520 UDP Routing Information Protocol, part of the core internet infrastructure.
Microsoft PPTP 1723 TCP Point-to-Point Tunneling Protocol, a VPN implementation.
Windows Media Streaming 1755, 7007 TCP, UDP
Age of Empires 2300 to 2400, 6073, 47624 TCP, UDP Multiplayer game.
Call of Duty 20500, 20510, 28960 TCP, UDP Multiplayer game.
Counter-Strike 1200, 27000 to 27015, 27020 to 27039 TCP, UDP Multiplayer game.
Doom 3 27650, 27666 TCP, UDP Multiplayer game.
Everquest 1024, 6000, 7000 TCP, UDP Multiplayer game.
Far Cry 49001 to 49002, 49124 TCP, UDP Multiplayer game.
FIFA 3658, 10400 to 10499 TCP, UDP Multiplayer game.
Microsoft Flight Simulator 2300 to 2400, 6073, 23456, 47624 TCP, UDP Multiplayer game.
Gamespy Arcade 3783, 6515, 6500, 6667, 13139, 27900, 28900, 29900, 29901 TCP, UDP Game browser.
Gnutella 6346 TCP, UDP P2P file sharing application.
GTA2 2300 to 2400, 47624 TCP, UDP Multiplayer game.
Half Life 2 1200, 27000 to 27015, 27020 to 27039 TCP, UDP Multiplayer game.
iTunes 3689 TCP, UDP Music sharing application.
MSN Messenger 1863, 5190, 6891 to 6901 TCP, UDP Instant messenger.
NBA Live 3658, 9570, 18699 to 28600 UDP Multiplayer game.
Need For Speed 80, 1030, 3658, 3659, 9442, 13505, 18210, 18215, 30900 to 30999 TCP, UDP Multiplayer game.
Net2Phone 6801 UDP VoIP application.
NetFone 10200 TCP VoIP application.
Neverwinter Nights 5120 to 5300, 6500, 6667, 27900, 28900 UDP Multiplayer game.
NHL 3658, 10300, 13505 TCP, UDP Multiplayer game.
No One Lives Forever 2300 to 2400, 7000 to 10000, 27888 TCP, UDP Multiplayer game.
PhoneFree 1034 to 1035, 2644, 8000, 9900 to 9901 TCP, UDP VoIP application.
Quake 27650, 27910, 27950, 27952, 27960, 27965 TCP, UDP Multiplayer game.
Quicktime 6970 to 7000 TCP, UDP Video streaming application.
Rainbow Six 80, 2346 to 2348, 6667, 7777 to 7787, 8777 to 8787, 40000 to 42999, 44000, 45000 TCP, UDP Multiplayer game.
RealVNC 5900 TCP, UDP Remote desktop application.
Remote Desktop 3389 TCP, UDP Generic remote desktop protocol.
Shiva VPN 2233 TCP, UDP Tunneling application.
Soldier of Fortune 28910 to 28915, 20100 to 20112 TCP, UDP Multiplayer game.
Speak Freely 2074 to 2076 UDP VoIP application.
Starcraft 6112 TCP, UDP Multiplayer game.
TeamSpeak 8767, 14534, 51234 TCP, UDP Online voice chat.
Tiger Woods PGA Tour 80, 443, 9570, 13505, 20803, 20809, 32768 to 65535 TCP, UDP Multiplayer game.
Tight VNC 5800, 5500, 5900 TCP Remote desktop application.
Tribes 28000, 28001 TCP, UDP Multiplayer game.
Ultima Online 5001 to 5010, 7775 to 7777, 7875, 8800 to 8900, 9999 TCP Multiplayer game.
Unreal Tournament 7777 to 7788, 8080, 8777, 9777, 27900, 42292 TCP, UDP Multiplayer game.
Vonage 5061, 10000 to 20000 UDP VoIP application.
VPhone 11675 TCP, UDP VoIP application.
Warcraft 6112 to 6119 TCP, UDP Multiplayer game.
WebcamXP 8080, 8090 TCP Video sharing application.
Winamp Streaming 8000 to 8001 TCP Audio streaming application.
Wingate VPN 809 TCP, UDP Tunneling application.
World of Warcraft 3724, 6112, 6881 to 6999 TCP Multiplayer game.
Worms Armageddon 80, 6667, 17010 to 17012 TCP Multiplayer game.
XBox 80, 1900, 3390, 3074, 3776, 3932, 5555, 7777 TCP, UDP Game appliance.
Azureus 6881 to 6889 TCP, UDP P2P file sharing application.
DC++ 411, 1025 to 32000 TCP, UDP P2P file sharing application.
Limewire 6346 to 6347 TCP, UDP P2P file sharing application.

Wednesday 29 May 2013

Understanding "IP classless" command in Cisco Routers


IP Classless

Where the ip classless configuration command falls within the routing and forwarding processes is often confusing. In reality, IP classless only affects the operation of the forwarding processes in IOS; it doesn't affect the way the routing table is built. If IP classless isn't configured (using the no ip classless command), the router won't forward packets to supernets. As an example, let's again place three routes in the routing table and route packets through the router.
Note: If the supernet or default route is learned via IS-IS or OSPF, the no ip classless configuration command is ignored. In this case, packet switching behavior works as though ip classless were configured.
router# show ip route
....
     172.30.0.0/16 is variably  subnetted, 2 subnets, 2 masks
D        172.30.32.0/20 [90/4879540] via  10.1.1.2
D       172.30.32.0/24  [90/25789217] via 10.1.1.1
S*   0.0.0.0/0 [1/0] via 10.1.1.3  
Remembering that the 172.30.32.0/24 network includes the addresses 172.30.32.0 through 172.30.32.255, and the 172.30.32.0/20 network includes the addresses 172.30.32.0 through 172.30.47.255, we can then try switching three packets through this routing table and see what the results are.
  • A packet destined to 172.30.32.1 is forwarded to 10.1.1.1, since this is the longest prefix match.
  • A packet destined to 172.30.33.1 is forwarded to 10.1.1.2, since this is the longest prefix match.
  • A packet destined to 192.168.10.1 is forwarded to 10.1.1.3; since this network doesn't exist in the routing table, this packet is forwarded to the default route.
  • A packet destined to 172.30.254.1 is dropped.
The surprising answer out of these four is the last packet, which is dropped. It's dropped because its destination, 172.30.254.1, is within a known major network, 172.30.0.0/16, but the router doesn't know about this particular subnet within that major network.
This is the essence of classful routing: If one part of a major network is known, but the subnet toward which the packet is destined within that major network is unknown, the packet is dropped.
The most confusing aspect of this rule is that the router only uses the default route if the destination major network doesn't exist in the routing table at all.
This can cause problems in a network where a remote site, with one connection back to the rest of the network, is running no routing protocols, as illustrated.
21a.gif
The remote site router is configured like this:
interface Serial 0
     ip address 10.1.2.2 255.255.255.0
   !
   interface Ethernet 0
     ip address 10.1.1.1 255.255.255.0
   !
   ip route 0.0.0.0 0.0.0.0 10.1.2.1
   !
   no ip classless
With this configuration, the hosts at the remote site can reach destinations on the Internet (through the 10.x.x.x cloud), but not destinations within the 10.x.x.x cloud, which is the corporate network. Because the remote router knows about some part of the 10.0.0.0/8 network, the two directly connected subnets, and no other subnet of 10.x.x.x, it assumes these other subnets don't exist and drops any packets destined for them. Traffic destined to the Internet, however, doesn't ever have a destination in the 10.x.x.x range of addresses, and is therefore correctly routed through the default route.
Configuring ip classless on the remote router resolves this problem by allowing the router to ignore the classful boundaries of the networks in its routing table and simply route to the longest prefix match it can find.
info source:
http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080094823.shtml

Wednesday 15 May 2013

Understanding Unicast Reverse Path Forwarding (uRPF)

Introduction

Network administrators can use Unicast Reverse Path Forwarding (Unicast RPF) to help limit the malicious traffic on an enterprise network. This security feature works by enabling a router to verify the reachability of the source address in packets being forwarded. This capability can limit the appearance of spoofed addresses on a network. If the source IP address is not valid, the packet is discarded. Unicast RPF works in one of three different modes: strict mode, loose mode, or VRF mode. Note that not all network devices support all three modes of operation. Unicast RPF in VRF mode will not be covered in this document.
When administrators use Unicast RPF in strict mode, the packet must be received on the interface that the router would use to forward the return packet. Unicast RPF configured in strict mode may drop legitimate traffic that is received on an interface that was not the router's choice for sending return traffic. Dropping this legitimate traffic could occur when asymmetric routing paths are present in the network.
When administrators use Unicast RPF in loose mode, the source address must appear in the routing table. Administrators can change this behavior using the allow-default option, which allows the use of the default route in the source verification process. Additionally, a packet that contains a source address for which the return route points to the Null 0 interface will be dropped. An access list may also be specified that permits or denies certain source addresses in Unicast RPF loose mode.
Care must be taken to ensure that the appropriate Unicast RPF mode (loose or strict) is configured during the deployment of this feature because it can drop legitimate traffic. Although asymmetric traffic flows may be of concern when deploying this feature, Unicast RPF loose mode is a scalable option for networks that contain asymmetric routing paths.

Unicast RPF in an Enterprise Network

In many enterprise environments, it is necessary to use a combination of strict mode and loose mode Unicast RPF. The choice of the Unicast RPF mode that will be used will depend on the design of the network segment connected to the interface on which Unicast RPF is deployed.
Administrators should use Unicast RPF in strict mode on network interfaces for which all packets received on an interface are guaranteed to originate from the subnet assigned to the interface. A subnet composed of end stations or network resources fulfills this requirement. Such a design would be in place for an access layer network or a branch office where there is only one path into and out of the branch network. No other traffic originating from the subnet is allowed and no other routes are available past the subnet.
Unicast RPF loose mode can be used on an uplink network interface that has a default route associated with it.

Unicast RPF Examples

Cisco IOS Devices

An important consideration for deployment is that Cisco Express Forwarding switching must be enabled for Unicast RPF to function. This command has been enabled by default as of IOS version 12.2. If it is not enabled, administrators can enable it with the following global configuration command: ip cef
Unicast RPF is enabled on a per-interface basis. The ip verify unicast source reachable-via rx command enables Unicast RPF in strict mode. To enable loose mode, administrators can use the any option to enforce the requirement that the source IP address for a packet must appear in the routing table. The allow-default option may be used with either the rx or any option to include IP addresses not specifically contained in the routing table. The allow-self-ping option should not be used because it could create a denial of service condition. An access list such as the one that follows may also be configured to specifically permit or deny a list of addresses through Unicast RPF:
interface FastEthernet 0/0
ip verify unicast source reachable-via {rx | any} [allow-default]
[allow-self-ping] [list]
Addresses that should never appear on a network can be dropped by entering a route to a null interface. The following command will cause all traffic received from the 10.0.0.0/8 network to be dropped even if Unicast RPF is enabled in loose mode with the allow-default option: ip route 10.0.0.0 255.0.0.0 Null0

PIX/ASA/FWSM

Unicast RPF can be configured on the PIX Security Appliance, the ASA Security Appliance, the Catalyst 6500 switch, or the Cisco 7600 router Firewall Services Module on a per-interface basis with the following global command: ip verify reverse-path interface interface_name

Troubleshooting Unicast RPF

Cisco IOS Devices

The show cef interface interface_name command can be used to show that Cisco Express Forwarding and Unicast RPF have been enabled on an interface. The following response is an example of output for this command.
router#show cef interface FastEthernet 0/0
FastEthernet0/0 is up (if_number 3)
Corresponding hwidb fast_if_number 3
Corresponding hwidb firstsw->if_number 3
Internet address is 10.81.7.118/28
ICMP redirects are always sent
Per packet load-sharing is disabled
IP unicast RPF check is enabled
Inbound access list is not set
Outbound access list is not set
Hardware idb is FastEthernet0/0
Fast switching type 1, interface type 18
IP CEF switching enabled
IP CEF Fast switching turbo vector
Input fast flags 0x0, Input fast flags2 0x0, Output fast flags 0x0, Output fast flags2 0x0
ifindex 1(1)
Slot 0 Slot unit 0 Unit 0 VC -1
Transmit limit accumulator 0x0 (0x0)
IP MTU 1500
router#

PIX/ASA/FWSM

The show ip verify statistics command can provide information about Unicast RPF statistics on a PIX/ASA/FWSM firewall. The following example shows 21 drops by Unicast RPF on the outside interface and 2738 packets dropped by Unicast RPF on the inside interface. Dropped packets should be investigated to determine their source and administrators should consider whether the packets indicate attempts to circumvent network security.
R4-ASA5520a# show ip verify statistics
interface outside: 21 unicast rpf drops
interface inside: 2738 unicast rpf drops
interface vpn: 0 unicast rpf drops
R4-ASA5520a#

Monday 6 May 2013

Configuring IOS CA Server

Configuring Cisco Router as CA Server



R1(config)#ip domain-name networkexpert.co
R1(config)#crypto key generate rsa general-keys label netx exportable
R1(config)#crypto key export rsa netx pem url nvram: 3des netx123
!generate and export RSA keys

R1#show crypto key mypubkey rsa

R1(config)#ip http server
R1(config)#crypto pki server netxCA
R1(cs-server)#database url nvram:
!If this command is not specified, all database entries are written to Flash.
R1(cs-server)#database level <minimum | names | complete>
!Minimum: Enough information is stored only to continue issuing new certificates without
conflict; the default value.
!Names: In addition to the information given in the minimal level, the serial number and
subject name of each certificate.
!Complete: In addition to the information given in the minimal and names levels, each issued
certificate is written to the database.
R1(cs-server)#issuer-name CN=iosca.networkexpert.co L=Blr C=In
R1(cs-server)#lifetime ca-certificate 365
!default 3year
R1(cs-server)#lifetime certificate 200  
!default 1 year
R1(cs-server)#cdp-url http://172.18.108.26/netxcdp.netx.crl
R1(cs-server)#lifetime crl 24  
!default 1week
R1(cs-server)#grant auto
R1(cs-server)#no shutdown





R1# show crypto pki server


Monday 30 May 2011

Automatic Backup of Cisco Router Configuration using KRON


About KRON:
The Command Scheduler (KRON) Policy for System Startup features enables support for Command Scheduler upon system startup.
Command Scheduler allows customers to schedule fully-qualified EXEC mode CLI commands to run once, at specified intervals, at specified calendar dates and times, or upon system startup. Originally designed to work with CNS commands, Command Scheduler has a broader application. Using the CNS image agent feature, remote routers residing outside a firewall or using Network Address Translation (NAT) addresses can use Command Scheduler to launch CLI at intervals to update the image running in the router.
Command Scheduler has two basic processes. A policy list is configured containing lines of fully-qualified EXEC CLI commands to be run at the same time or interval. One or more policy lists are then scheduled to run after a specified interval of time, at a specified calendar date and time, or upon system startup. Each scheduled occurrence can be set to run once only or on a recurring basis. 

Commands
RX2(config)# kron policy-list netx
RX2(config-kron-policy)# cli sh running-config | redirect tftp://172.16.1.150/backup-cfg
RX2(config-kron-policy)#  exit
RX2(config)#  kron occurrence netx-kron at 10:00 recurring
RX2(config-kron-occurrence)#  policy-list netx
RX2(config-kron-occurrence)#  exit

Verification:
RX2#sh kron schedule
Kron Occurrence Schedule
netx-kron inactive, will run again in 0 days 21:03:06 at 10:00 on

The above configuration can be used to schedule automatic backup of Cisco Router Configuration. As per the configuration given, Router is scheduled to take backup at 10:00AM everyday to TFTP Server specified.

Automatic Backup of Cisco Router Configuration using Archive


RX2(config)#archive
RX2(config-archive)#  path tftp://172.16.1.150/backup-cfg
RX2(config-archive)#  time-period 1440
RX2(config-archive)#  write-memory
RX2(config-archive)#  exit

The above configuration can be used to schedule automatic backup of Cisco Router Configuration. As per the configuration given, Router is scheduled to take backup every 24hrs as well as when ever user saves the changes using write-memory command to TFTP Server specified in path command.

Configuration Change Notification and Logging


About Configuration Log

The Configuration Change Notification and Logging feature tracks changes made to the Cisco IOS software running configuration by maintaining a configuration log. This configuration log tracks changes initiated only through the command-line interface (CLI) or HTTP. Only complete commands that result in the invocation of action routines are logged. The following types of entries are not logged:
•Commands that result in a syntax error message
•Partial commands that invoke the router help system
For each configuration command that is executed, the following information is logged:
•The command that was executed
•The configuration mode in which the command was executed
•The name of the user that executed the command
•The time at which the command was executed
•A configuration change sequence number
•Parser return codes for the command
You can display information from the configuration log through the use of the show archive log config command, with the exception of the parser return codes, which are for use by internal Cisco IOS applications only.

About Configuration Change Notifications and Config Change Logging

You can configure the Configuration Change and Notification Logging feature to send notification of configuration changes to the Cisco IOS software system logging (syslog) process. Syslog notifications allow monitoring of the configuration log information without performing polling and information gathering tasks.
The Configuration Change Notification and Logging feature allows the tracking of configuration changes entered by users on a per-session and per-user basis. This tool allows administrators to track any configuration change made to the Cisco IOS software running configuration, and identify the user that made that change. 

Commands
RX2(config)#archive
RX2(config-archive)#  log config
RX2(config-archive-log-cfg)#  hidekeys
RX2(config-archive-log-cfg)#  logging  enable
RX2(config-archive-log-cfg)#  notify syslog
RX2(config-archive-log-cfg)#  exit

Keyword “hidekeys” suppresses output of password while logging. 

Verification:
RX2#sh archive log config all
 idx   sess           user@line      Logged command
    1     1        console@console  |  logging enable
    2     1        console@console  |  notify syslog
    3     1        console@console  |  exit
    4     1        console@console  |   exit
    5     2        console@console  |router rip
    6     2        console@console  | exit
    7     2        console@console  |no router rip
     8    2        console@console  |enable password *****

Cisco SD-WAN: Onboarding Controllers step by step (on-prem)

 This configuration example only covers the process of installing the SD-WAN controller software images on a VMWare ESXI instance, establish...