Netjitsu Dojo

Whilst designing a new web farm network I needed to know how many SSL sessions our CSS was currently terminating in order to purchase the right SSL license for the Cisco ACE we were upgrading to. To determine the number of active SSL connections a CSS is using at that point in time use the command. show ssl flows The equivalent command on a Cisco ACE is... Show resource usage

First time I configured one of these it took me a while to figure out how to change the hostname. Its easy once you know the answer but it is not found in configuration mode. From enable mode you simply type the command prompt and then a name e.g.  CSS11500# prompt my-css-01 Simple huh!

The ME6524 ships with 256MB of Switch Processor Memory and 512MB of Route processor memory.  These can both be upgraded to 1Gig.  The part numbers for the ME6524 upgrades are... MEM-XCEF720-256M - Default memory on the Cisco ME 6524 switch processor MEM-XCEF720-512M - 512-MB memory upgrade option for the switch processor MEM-XCEF720-1GB - 1-GB memory upgrade option for the switch processor MEM-MSFC2-512MB - Default memory on the Cisco ME 6524 router processor MEM-MSFC3-1GB - 1-GB memory upgrade option for the router processor MEM-C6K-CPTFL512M - Default external 512-MB compact flash memory I will now detail how to perform and upgrade to the Switch Processor memory.  This is needed in order to support the higher IOS feature sets.  The route processor upgrade allows for larger routing tables. First of all you will need to remove all rack mount kits and undo all the screws until the top can slide backwards. Now the motherboard is exposed you will notice two raised daughter bo

If you ever need to test a Cisco IPS is inspecting and blocking traffic after you have installed it here is a quick test you can perform. Ideally you will have a web server behind the IPS you can test against else otherwise just setup on up quickly (google HFS for an awesome little tool). Initially you should try reaching the URL of the webserver normally.  If you have set everything up correctly then you should have no issues. Now in order to test the IPS blocking an attack simply append the following to the end of the URL "/../../windows/system32/cmd.exe". The URL should now look like http://www.testurl.com/windows/system32/cmd.exe You should now find that your request fails.  A quick look in the IPS event log will show that this fired the WWW WindowsNT cmd.exe rule.  It believes someone is attempting a buffer overflow error to obtain the command prompt and blocks it. This is a nice simple test to ensure that the IPS is inspecting and blocking traffic.

I was unsure if it was possible to create a 3750 stack using a mixture of standard and enhanced licenses.  I was pretty sure they would join the stack but was unsure what features would work afterwards.  Would the entire stack gain routing functionality or would it be limited to just the EMI images?  Would the entire stack be forced to run as an SMI image?  These were the questions I needed answers to.  After much digging I came across a Cisco TAC article which answered all my questions. * The IOS software version on all stack members, including the stack master, should be the same. This helps ensure full compatibility in the stack protocol version among the stack members. For example, all stack members should have either the EMI or SMI * If your switch stack must have switches running SMI and EMI software,the switch running the EMI software should be the stack master. EMI features become unavailable to all stack members if the stack master is running the SMI software. * At least

7200 vs. UBR7200 Device: 7200 VXR Version / U7246VXR-4M16CG1AC PSU: PWR-UBR7200-AC Device: 7204 and 7206 PSU: PWR-7200-AC

I have just discovered the joys of SCP.  When doing IOS upgrades across the internet this is the only way to go.  Who wants to mess around getting FTP working?  TFTP is next to useless across any unstable medium and even HTTP can be hassle to setup (unles you are using the awesome HFS portable app!). SCP simply allows you to transfer files to any device you can SSH to. It requires SSH and AAA to be setup on the device.  The first step as always is to generate an RSA key. Router(config)#hostname R1 R1(config)#crypto key generate rsa general-keys modulus 512 The name for the keys will be: R1.mydomain % The key modulus size is 512 bits % Generating 512 bit RSA keys, keys will be non-exportable...[OK] You must then turn on aaa and setup authentication and authorization (very important) to look for local usernames and passwords. R1(config)#aaa new-model R1(config)#aaa authentication login default local R1(config)#aaa authorization exec default local You will need to cre