Cisco Routers

Nov 22 2009   12:13PM GMT

Do you know Apple iPhone Supports Cisco VPN Client?

Posted by: Yasir Irfan
Cisco VPN Client, iPhone VPN, Cisco ASA, VPN tunnel, Iphone supports Cisco VPN Cleitn, iPhone software, Cisco ASA Firewall, Cisco PIX firewall, IOS, Cisco Routers, VPN 3000, wi-fi, iPhone VPN Client, Cisco Tips, Certificate, CRYPTOCard, RSA SecurID, password, L2TP, PPTP, IPsec, Apple iPhone, Apple

Do you know iPhone supports the Cisco VPN Client?, yes both the iPhone Software versions 2.x and 3.x supports L2TP, PPTP and IPsec type of remote access VPN connectivity.  The IPSec option is actually Cisco VPN client software for communicating securely with Cisco ASA and  PIX firewall.

According to Cisco only ASA and PIX firewall supports the iPhone Remote Access VPN, where as the Cisco IOS routers and bit older VPN 3000 concentrators will not support the iPhone VPN features.

By using this feature mobile workers can connect remotely to their Enterprise network via secure VPN tunnel using their iPhone. Both the Wi-Fi and Mobile Data Networks can support the iPhone VPN client to set up a tunnel between an iPhone and their Enterprise network. Following authentication methods are supported for establishing the remote VPN tunnel

ü  Password

ü  RSA SecurID

ü  CRYPTOCard

ü  Certificate

 

For more info on how to configure your Cisco ASA firewall do check this link from Cisco Systems.

http://www.cisco.com/en/US/docs/security/vpn_client/cisco_vpn_client/iPhone/2.0/connectivity/guide/iphone.html

Nov 18 2009   1:06PM GMT

How to archive your Cisco Router or Switch Configuration?

Posted by: Yasir Irfan
Cisco Router tips, Cisco Switches tips, Cisco Tips, Network Tips, Cisco IOS tips, archive command, archive config, configure replace flash, IOS version 12.3 (4) T, IOS Version, Cisco Systems, Cisco Routers, Cisco Switches, Cisco IOS configuration, Cisco Configuration, Router Configuration, Network Technologies and Trends, running config, FTP, HTTP, HTTPS, RCP, SCP, TFTP, protocols, How to archive your Cisco Router or Switch Configuration?

Do you all know there is a great way to archive the tasks you carry out in your Cisco Router or a Cisco Switch? Especially whenever you perform a “write memory or copy run start” in your Cisco Router or a Cisco Switch.

Most people do not realize starting an IOS version 12.3 (4) T and higher an “archive” and “archive config” commands were introduced by Cisco Systems.

The main advantage of advantage of an “archive” command is to have incremental backups of your Cisco Router or Switches configurations and for some reasons if you have blowup with the configuration then using the this feature you can retrieve the old configuration file into your Cisco router or switch.

The “archive config” command allows you to save Cisco IOS configurations in the configuration archive using a standard location and filename prefix that is automatically appended with an incremental version number (and optional timestamp) as each consecutive file is saved.
Once the maximum number of file saved in the archive, the oldest file will be automatically replaced by the next file.

The “show archive” command displays information for all configuration files saved in the Cisco IOS configuration archive.
In this example, we will save the archive configuration files on the flash memory; however, you can also store the configuration files remotely using such protocols as FTP, HTTP, HTTPS,RCP, SCP, and TFTP.
By using following set of commands we can enable archive feature in a Cisco Router or a Cisco Switch provided the IOS version is either 12.3 (4) T or higher . In this example, the location and filename prefix is specified as disk0: itkebackup

ITKE-AS0 (config)#archive

ITKE-AS01(config-archive)#path flash:itkebackup

To save the current running configuration in the configuration archive use the “archive config” command as shown below

ITKE-AS01# archive config

The “show archive” command displays information of the files saved in the configuration archive as shown in the following example:

ITKE-AS01#show archive

         There are currently 3 archive configurations saved.

         The next archive file will be named flash: itkebackup -3

         Archive # Name

         0

         1 flash: itkebackup -1

         2 flash: itkebackup -2 <- Most Recent

         3

         4

         5

         6

         7

         8

         9

         10

         11

         12

         13

         14

 

ITKE-AS01#

By using the “configure replace flash” command you can restore the configuration

ITKE-AS01#configure replace flash: itkebackup -2

         This will apply all necessary additions and deletions

         to replace the current running configuration with the

         contents of the specified configuration file, which is

         assumed to be a complete configuration, not a partial

         configuration. Enter Y if you are sure you want to proceed. ? [no]: y

         Total number of passes: 0

         Rollback Done

The “archive” command is quite handy to keep the he is great for keeping multiple copies of the running config in an archive.

Nov 14 2009   7:13AM GMT

How to configure Secure Copy (SCP) in Cisco Devices?

Posted by: Yasir Irfan
How to configure Secure Copy, How to configure SCP, Secure Copy, SCP, SSH, SSH Protocol, Port 22, encrypted tunnel, IOS transfer, Configuration backup, Cisco IOS 12.0(21)S, Cisco IOS 12.2(25)S, PIX/ASA firewalls 7.1, FWSM 3.1, Cisco Catalyst Switches, Cisco Routers, Cisco PIX/ASA TFPT, FTP, HTTPS, What is Secure Copy (SCP), secure, authenticated, Cisco Systems, Cisco Tips, Cisco Router tips, Cisco Switches tips, Network Tips, Network Technologies and Trends

In my previous post I was talking about the Secure Copy (SCP) what is it?  , now let’s see how to configure Secure Copy (SCP) in a Cisco Router or a Switch.

In order to configure Secure Copy (SCP) in a Cisco Router make sure the SSH is enabled and its working.

Step 1) Lets enable the SSH and AAA features in the Cisco Device

 

ITKE-AS1(config)#ip domain-name itke.com

ITKE-AS1(config)#crypto key generate rsa general-keys modulus 512

The name for the keys will be: ITKE-AS1.itke.com

 

% The key modulus size is 512 bits

% Generating 512 bit RSA keys, keys will be non-exportable…[OK]

 

ITKE-AS1(config)#

ITKE-AS1(config)#aaa new-model

ITKE-AS1(config)#aaa authentication login default local

ITKE-AS1(config)#aaa authentication exec default local

 

Step 2) In order to use the SCP feature to manage configuration we must have at least once user account with enough privilege to access it

ITKE-AS1(config)#

ITKE-AS1(config)#username itke privilege 15 password secret itkeleads

 

Step 3) Now you are ready to enable the SCP server on:

ITKE-AS1(config)#ip scp server enable

 

 

Just by following these 3 simple steps we can enable Secure Copy (SCP) in a Cisco router or a Switch. For any further clarifications you can always have a close look at Cisco’s document on Secure Copy (SCP). 

Nov 9 2009   6:47AM GMT

What is Secure Copy (SCP)?

Posted by: Yasir Irfan
Secure Copy, SCP, SSH, SSH Protocol, Port 22, encrypted tunnel, IOS transfer, Configuration backup, Cisco IOS 12.0(21)S, Cisco IOS 12.2(25)S, PIX/ASA firewalls 7.1, FWSM 3.1, Cisco Catalyst Switches, Cisco Routers, Cisco PIX/ASA TFPT, FTP, HTTPS, What is Secure Copy (SCP), secure, authenticated, Cisco Systems, Cisco Tips, Cisco Router tips, Cisco Switches tips, Network Tips, Network Technologies and Trends

 

We are all aware of the traditional way of transferring IOS files from and to Cisco Catalyst Switches, Cisco Routers and Cisco PIX/ASA firewall devices using TFPT, FTP and lately https. However there is also one more way to copy the IOS files, which is known as Secure Copy (SCP). The Secure Copy (SCP) is a secure and authenticated method of copying a configuration file or transferring an Image files to Cisco Catalyst Switches, Cisco Routers and Cisco PIX/ASA firewall devices.

 

Cisco Systems introduced the Secure Copy (SCP) feature in the following IOS releases

 

Release	Modification
12.2(2)T	This feature was introduced.
12.0(21)S	This feature was integrated into Cisco IOS 12.0(21)S.
12.2(25)S	This feature was integrated into Cisco IOS 12.2(25)S.

PIX/ASA firewalls 7.1 and above, FWSM 3.1 and above.

  

The Secure Copy (SCP) works on SSH protocol on port 22 which is like an encrypted tunnel. This tool is very useful especially to transfer files for upgrades or to perform safe backups.

 

In my next post you will find the commands to configure SCP in a Cisco Router and Switch.

Oct 11 2009   6:05AM GMT

“Show processes cpu sorted” good command to troubleshoot a Cisco Router CPU utilization

Posted by: Yasir Irfan
Cisco Routers, Cisco Switches, CPU Utilization, show processes cpu sorted, show processes cpu history, troubleshooting, Router Troubleshooting, switch troubleshooting, IOS 12.2 T, CPU utilization graph, Yasir, Network Technologies and Trends

During base lining or troubleshooting activity you may need to determine out the CPU Utilization of your Cisco router or Switch. While exploring to find out the top 10 ten CPU utilization process in a Cisco router, I discovered the sorted option of the “show processes cpu” command.

The sorted option is really a beneficial option in the “show processes cpu” command which can help you to find out the load of your Cisco router or a Switch over the last 5 seconds, 1 minute and 5 minutes. Starting in IOS 12.2 T, the “show processes cpu history” command gives a nice CPU utilization graph.

At times it is helpful to sort the processes by their percentage of CPU utilization. To do this you can use the show processes cpu sorted command as follows:

Some of the sample output is as follows

…. rest deleted……

 

Sep 8 2009   9:45AM GMT

Remote Telnet useful tips!

Posted by: Yasir Irfan
Switches, Cisco, Cisco Tips, Cisco 3560, Cisco Learning, Network Troubleshooting, IOS commands, Cisco Routers, reload, Cisco Switch, Cisco Troubleshooting, Router Troubleshooting, Telnet, SSH

 

We all work remotely with Cisco routers and Switches, we often do login to do some configuration changes in the Cisco routers and Switches. What if we configured wrongly in the live Cisco routers and Switches which are located in the remote sites, we don’t enjoy the liberty of resetting the devices unless we have control over the power distribution.

 

In this scenario the “reload” command proves to be very handy and useful. Just before making any changes to the configuration we can use the “reload” command as demonstrated below

 

ITKE-Cisco#reload in ?

Delay before reload (mmm or hhh:mm)

 

ITKE-Cisco#reload in 10

 

System configuration has been modified. Save? [yes/no]: no

Building configuration…

[OK]

Reload scheduled in 10 minutes by yasir on vty0 (10.0.0.5)

Proceed with reload? [confirm]

ITKE-Cisco#

ITKE-Cisco#

 

 

***

*** — SHUTDOWN in 0:05:00 —

***

 

The above demonstrated command will reload the device in 10 minutes. After applying the “reload” command we can proceed with the configuration changes. If things go wrong and we lost connectivity

to the device, then try back after 10 minutes as the device will get reloaded with the original startup-configuration which can helps us to restore the connectivity to the device.

 

Once we are sure about the new configuration and its working properly without any hassles there is always a way  “reload cancel” command is there to cancel the reload.

 

ITKE-Cisco#reload cancel

 

I find this command to be very handy and useful especially when we have to telnet or SSH to remote Cisco router or a Switch.