Network technologies and trends


December 26, 2009  9:16 AM

How to repair a corrupted IOS in Cisco 1250 access point Series 2?

Yasir Irfan Yasir Irfan Profile: Yasir Irfan

In my previous post  I was talking about how to fix the corrupted IOS in Cisco 1250 Series Wireless Access Point. Now in this series let’s see how to fix the solution to fix the corrupted IOS in Cisco 1250 Series Wireless Access Point.

 

In the previous post we know that whenever an IOS is missing in the Cisco Wireless Access Point you will get the following error

 

The system is unable to boot automatically because there are no bootable files.

 

Followed by the promt

ap:

There are two ways to fix this problem, in this post I will show you how to fix the problem   by transferring the IOS file to the Cisco Access Point using a TFTP server.

 

 

Whenever you boot you IOS corrupted Cisco Access Point and when you get following error at the command prompt

 

ap:

 

Connect the corrupted access point to any Cisco Catalyst Switch and also connect your PC with a solar winds TFTP server installed to the same switch with the same subnet. In the following example we are configuring the IP address for the PC with Solar winds TFTP server and corrupted access point as follows

 

 

Follow the below mentioned steps

 

Step 1:

Assign the ip address, netmask and default gateway to the IOS corrupted access point by using set command as shown below.

 

ap:set IP_ADDR 10.0.0.10

 

ap:set NETMASK 255.255.248.0

 

ap:set DEFAULT_ROUTER 10.0.0.10

 

Step 2:

Initialized the TFTP server in the Cisco Access point by entering “tftp_init” command

 

ap: tftp_init

 

 Step 3:

Download the IOS image file for Cisco 1250 Series Access Point from Cisco Web Site (CCO id is required) and remove the file extension (.tar) as shown and copy the file to solar winds TFTP server directory.

 

Step 4:

Make sure that the solar winds TFTF server is started and the downloaded the IOS image file is placed in the TFTP server directory.

 

Step 5:

Extract the IOS file downloaded into the Cisco Access Point by using “tar -xtract” command to inflate the image file from your TFTP Server.

 

ap:  tar –xtract  tftp://10.0.0.8/c1250-k9w7-tar.124-10b.JDA3 flash:

 

 

 

Step 6:

Once the whole IOS file is extracted the set the boot path in your IOS corrupted Cisco Access Point as shown below

ap:  set BOOT flash: c1250-k9w7-mx.124-10b.JDA3/ c1250-k9w7-mx.124-10b.JDA3

 

Step 7:

Then you boot your Cisco Wireless Access Point by using a “boot’ command.

 

ap:  boot

 

 

Once the Cisco Wireless Access Point is booted you will see no errors and its working fine. I have also uploaded the video as well which might help you to recover the IOS in a Cisco 1250 Access Point. Same procedure can be applied on other Cisco Access Points as well with proper IOS files. 

 [kml_flashembed movie="http://www.youtube.com/v/NfSZeq4idHM" width="425" height="350" wmode="transparent" /]

December 22, 2009  5:15 AM

How to repair a corrupted IOS in Cisco 1250 access point Series 1?

Yasir Irfan Yasir Irfan Profile: Yasir Irfan

These days we are upgrading the IOS for all Cisco 1250 Series Wireless Access Points. So far we don’t have any wireless management software or control cards. We are force to upgrade an IOS of each and every individual access point.

 

One of our aspiring, vibrant colleagues deleted the flash contents of the Cisco 1250 Series Access Point accidentally. He tried to repair but he had no clue what to do. He tried to find out a way but it was fruitless. After the IOS was deleted in the Cisco 1250 Series Access Point it was not booting and he was getting the following error.

 

The system is unable to boot automatically because there are no bootable files.

 

 

In upcoming post I will post a solution to how to upload an IOS in the corrupted Cisco 1250 Access Point.

[kml_flashembed movie="http://www.youtube.com/v/EMG8UosnSU0" width="425" height="350" wmode="transparent" /]


December 14, 2009  5:40 AM

Cisco Networkers to be held in Bahrain

Yasir Irfan Yasir Irfan Profile: Yasir Irfan

Cisco Systems has announced that for the first time the prestigious Cisco Networkers will be held in Middle East, yes the event will be held at the Bahrain International Circuit (BIC), home to the Gulf Air Bahrain Grand Prix, from 28 – 31 March, 2010 with the support of the Government of Bahrain and His Highness Sheikh Salman bin Hamad Al-Khalifa, Crown Prince of the Kingdom of Bahrain.

[kml_flashembed movie="http://www.youtube.com/v/fwZFun06KEc" width="425" height="350" wmode="transparent" /]

Please mark your calendar now for this memorable event in Bahrain.

The theme for Cisco Networkers Bahrain, 2010 is ‘Knowledge is Power’.

The event will comprise five separate sections: the Networkers Technical Conference, focused on Cisco technology and architectures; a CIO and IT Executive Symposium, an IT Insight Conference; dedicated press and analyst event and Innovation Awards to recognize outstanding achievements in business and technology.

This conference provides a unique platform for attendees to build on their knowledge and skills, making this a great investment for any company or individual attending long after the conference ends.

This event is target at technical or business stakeholders don’t miss this unique opportunity to meet with the companies that count in today’s fast changing world.

Register today to receive the Early Bird discount.

Hopefully I may attend the event if I am going to India as Bahrain is just an hour dirve from my place.


December 13, 2009  5:51 AM

Cisco brings “Journey to the Virtualized Data Center: From Vision to Reality” on 15 & 16th of December

Yasir Irfan Yasir Irfan Profile: Yasir Irfan

 

This December 15 and 16th Cisco Systems is Conducting a live Virtual TradeshowJourney to the Virtualized Data Center: From Vision to Reality” in sponsorship with it world class rusted partner like  APC, BMC Software, EMC2, Emerson, Intel, Microsoft, NetApp, Oracle and Panduit.  

Pic Courtesy: Cisco Systems.

Do register to attend this virtual event to learn the future of data center; you might get the chance to look the future of Data Center from the perspectives of networking, storage, applications, and physical infrastructure technology partners. You may also get a chance to look at how Cisco along with partners helping IT to deliver more value to their business.

 

 Whether you’re just starting out on the journey – looking for cost effective ways to get more out of your current data center – or whether you’re already well down the virtualization track and thinking about how to deploy a Private Cloud or IT as a Service, there is valuable information for all.

 

Attend one or both days and earn a chance to win an Apple iPod nano 16GB!! See

Register now and join other IT and data center decision makers in this unique virtualized trade show environment.

 

Event Type: Live Virtual Trade Show

Date: December 15, 2009: 07:30 – 14:30 PST

December 16, 2009: 07:30 – 13:30 PST


December 12, 2009  7:12 AM

How to configure a minimum password length in a Cisco Router?

Yasir Irfan Yasir Irfan Profile: Yasir Irfan

 

As we all know by default there are no limitations on the size of password length in a Cisco router. Sometimes this may leads to a security risk. You can also configure a password with a single character in a Cisco Router.

 

  

Cisco Systems introduced a command to force the minimum length of password starting with an IOS version 12.3 (1). By default the length should be 6 characters, but you can change the default length.

 

To configure the minimum password length in your Cisco Router, use the following commands.


ITKERouter01#configure terminal
ITKERouter01 (config)#security passwords min-length 8

 

After entering the above command if you try to configure the enable secret to itke as shown the below, following error message will be displayed in your Cisco Router

 


 ITKERouter01 (config)#enable secret itke

 % Password too short – must be at least 8 characters. Password configuration failed
 ITKERouter01 (config)#

Even if you try to configure the local username and password you find the same error.


ITKERouter01 (config)#username yasir secret cisco

 % Password too short – must be at least 8 characters. Password configuration failed
 ITKERouter01 (config)#

 

I would recommed you to enable this feautre in your Cisco Router for better security.


December 9, 2009  9:19 AM

How to detect a rouge DHCP server in your network?

Yasir Irfan Yasir Irfan Profile: Yasir Irfan

 

Today morning I was late to arrive at my office due to some problems, when I came I saw my colleagues were trying hard to figure out the rouge DHCP server detected in our helpdesk VLAN. All our users in the help desk and call center were getting an IP address from the Rouge DHCP server and they were not able to access our Network. I tried to figure out the physical location of the rouge DHCP server but I failed to find.

Immediately I thought let me figure out the Mac address of the rouge DHCP server so that I can block its network access.

I went one of the affected systems and from the command prompt; I used the “arp –a followed by the rouge DHCP server as show below

C:\>arp -a 192.168.142.2

Interface: 192.168.142.96 — 0xb

  Internet Address      Physical Address      Type

  192.168.142.2           00-16-35-c1-7f-cc     dynamic

Once I got the Mac address, immediately I logged into a Cisco 3560 Switch connected in that area. From the privilege mode I used “show mac-address table” command to figure out the interface in which the rouge DHCP is connected.

RRBM-ITD-3560-AS01#sho mac address-table

          Mac Address Table

——————————————-

 

Vlan    Mac Address       Type        Ports

—-    ———–       ——–    —–

 All    0100.0ccc.cccc    STATIC      CPU

 All    0100.0ccc.cccd    STATIC      CPU

All    ffff.ffff.ffff    STATIC      CPU

 129    0000.0c07.ac3a    DYNAMIC     Gi0/52

 129    0002.e356.9cfa    DYNAMIC     Gi0/52

 129    0002.e356.a78f    DYNAMIC     Gi0/39

 129    000e.7fd8.6cff    DYNAMIC     Gi0/7

 129    000f.fe0a.1ff7    DYNAMIC     Gi0/22

 129    0016.35c1.7fcc  DYNAMIC     Gi0/36

 129    000f.fe6f.5d5c    DYNAMIC     Gi0/52

 129    000f.fe6f.5e46    DYNAMIC     Gi0/52

 129    000f.fe93.d890    DYNAMIC     Gi0/8

 129    000f.fe93.fcb0    DYNAMIC     Gi0/7

 129    000f.fe93.fcb8    DYNAMIC     Gi0/52

 129    000f.fe96.0920    DYNAMIC     Gi0/38

 129    000f.fe96.5478    DYNAMIC     Gi0/52

RRBM-ITD-3560-AS01#

 

Once I detected the interface to which the rouge DHCP sever connected, I disabled the interface in the Cisco 3560 Switch.

 

RRBM-ITD-3560-AS01# configure t

Enter configuration commands, one per line.  End with CNTL/Z.

RRBM-ITD-3560-AS01(config)#interface gigabitEthernet 0/36

RRBM-ITD-3560-AS01(config-if)#shutdown

RRBM-ITD-3560-AS01(config-if)#description ROUGE DHCP

RRBM-ITD-3560-AS01(config-if)#exit

RRBM-ITD-3560-AS01#

To prevent this from happening I configured the DHCP snooping in the Cisco 3560 Switch.

After careful inspection we figured out the rouge DHCP sever was running in a Virtual Machine, one of our aspiring professional was testing Active directory and DHCP services in a Virtual Windows 2003 Server.

Whenever you come across this kind of situation doesn’t panic just try to troubleshoot the problem in a systematic way. Just by following few simple steps you can eliminate this problem.

 

The keys steps

Step 1 – Figure out the MAC address using the “arp –a” followed by ip address of the rouge DHCP server from the affected PC.

Step 2- Log into your Switch and figure out the interface to which the rouge DHCP server is connected “Show mac-address table” (Cisco IOS Switches).

Step 3- Disable the interface connected to the rouge DHCP server in your Switch “shutdown” (Cisco IOS Switches).

Step 4 – Take precaution by configuring DHCP snooping in your Network.

 


December 9, 2009  5:50 AM

Benefits of Configuring local username and password in Cisco Routers and Cisco Switches,Series 2

Yasir Irfan Yasir Irfan Profile: Yasir Irfan

In my previous post we came across the benefits of having the local username and password in  Cisco devices. Now lets see how to configure the local username and password in a Cisco Router or a Cisco Switch.

Step 1 – Configure the local username and password in a Cisco IOS Device

ITKEAS01#configure t              

ITKEAS01(config)#username itkeadmin password secret $p@ssw0rd$

 

Step 2 – Enable local authentication on a Console port

ITKEAS01(config)#line console 0

ITKEAS01(config)#login local

 

Step 3 – Enable local authentication for telnet session

ITKEAS01(config)#line vty  0 4

ITKEAS01(config)#login local

 

Once you configure these local authentication you will see the following prompt when evr you try to telnet the Cisco IOS Device.

Since privile level configuration differs from this configuration I will try to post those details in upcoming posts.

 


December 5, 2009  5:55 AM

Benefits of Configuring local username and password in Cisco Routers and Cisco Switches,Series 1

Yasir Irfan Yasir Irfan Profile: Yasir Irfan

 

Whenever you try to access any Cisco Router or a Cisco Switch for management propose by using a console, telnet or SSH, by default you will be asked to enter the password. And if you want to enter in the privilege mode you are simply asked to enter the enable password. This is the normal method of accessing the Cisco Router or a Cisco Switch. But you are exposing your Cisco routers and Switches for an easy unauthorized access. Anybody can access your Cisco devices using a console cable or a by telnet if he knows the enable password.

 

You can make your Cisco Routers and Switches more secure by using a local username and password for each individuals who will be access your Cisco devices. By employing this methodology you can make your Cisco Routers and Switches more resistant to unauthorized access.

More over by configuring local usernames on the Cisco Routers and Cisco Switches you have the flexibility to add granularity regarding the levels of management privileges for different users. For example you can configure a local username with full privileges (privilege level 15), who can configure anything on a Cisco Router or a Switch where as if you configure a local user with unprivileged access (privilege level 1) he can just see few things on a Cisco Router or Switch. I will show how to configure the local usernames and password with different privilege levels in Cisco Devices in my upcoming post.


November 23, 2009  5:24 AM

Do you know there are 20782 CCIE Professionals Worldwide?

Yasir Irfan Yasir Irfan Profile: Yasir Irfan

We all know CCIE is a dream for all the certification aspirers, especially those who are Cisco Certified Professionals. I was just wondering how many CCIE certified Experts exists? As per Cisco Systems latest update on 26th of October 2009 there are 20782 CCIE Professionals Experts worldwide. Interestingly 86% (17891) of CCIE professionals are certified in Routing and Switching and the second choice is being the CCIE Security with mere 2337 Security professional. That’s a reason why I always hear there is a lack of CCIE Security Professionals. So CCIE Security can be good options for CCIE aspirers.

One Interesting fact is the total number of CCIE Voice Professionals they are growing wow. Quite a sharp growth in a short span of time.

Pic Courtesy: Cisco Systems

Total of Worldwide CCIEs:

20782   (last updated 10/26/2009)

Total of Routing and Switching CCIEs:

17891

Total of Security CCIEs:

2337

Total of Service Provider CCIEs:

1625

Total of Storage Networking CCIEs:

148

Total of Voice CCIEs:

1082

Total of Wireless CCIEs:

15

 

Multiple Certifications:

 

 

Many CCIEs have gone on to pass the certification exams in additional tracks, becoming a “multiple CCIE.” Below are selected statistics on CCIEs who are certified in more than one track.

 

Total with multiple certifications worldwide:

2264

Total of Routing and Switching and Security CCIEs:

751

Total of Routing and Switching and Service Provider CCIEs:

656

Total of Routing and Switching and Storage Networking CCIEs:

34

Total of Routing and Switching and Voice CCIEs:

289

Total with 3 or more certifications

384


November 22, 2009  12:13 PM

Do you know Apple iPhone Supports Cisco VPN Client?

Yasir Irfan Yasir Irfan Profile: Yasir Irfan

Do you know iPhone supports the Cisco VPN Client?, yes both the iPhone Software versions 2.x and 3.x supports L2TP, PPTP and IPsec type of remote access VPN connectivity.  The IPSec option is actually Cisco VPN client software for communicating securely with Cisco ASA and  PIX firewall.

According to Cisco only ASA and PIX firewall supports the iPhone Remote Access VPN, where as the Cisco IOS routers and bit older VPN 3000 concentrators will not support the iPhone VPN features.

By using this feature mobile workers can connect remotely to their Enterprise network via secure VPN tunnel using their iPhone. Both the Wi-Fi and Mobile Data Networks can support the iPhone VPN client to set up a tunnel between an iPhone and their Enterprise network. Following authentication methods are supported for establishing the remote VPN tunnel

ü  Password

ü  RSA SecurID

ü  CRYPTOCard

ü  Certificate

 

For more info on how to configure your Cisco ASA firewall do check this link from Cisco Systems.

http://www.cisco.com/en/US/docs/security/vpn_client/cisco_vpn_client/iPhone/2.0/connectivity/guide/iphone.html


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: