Daren Matthews

The latest Cisco TAC Newsletter had an interesting tip on recovering hidden pre-shared keys (which I’ve needed to do many times). So simple, it’s brilliant :) here’s the reprint: Read more…

How to avoid two people making changes to the configuration at the same time

The only command you need to use is the configuration mode exclusive {auto | manual} from global configuration mode.

• The auto keyword automatically locks the configuration session whenever the configure terminal command is used and this is the default option.
• The inverse manual keyword allows you to choose to lock the configuration session manually or simply leave it unlocked.

Here is how to do it: Read more…

When capturing log sessions during an outage or debug session it’s crucial to keep a history of what was done when and in what order. This helps in post mortem analysis after the event or session is over. There are a couple of standard things to do to help this such as:

• NTP time sync all devices in the network to get them on a single time source
• Enable syslog for all devices in the network
• Allocate some local log space on each local device based on a percentage of free memory available on the device
• Always have trend graphs from some polling mechanism for CPU levels, memory usage, traffic rates, etc.

In addition to these here are a few other tips that really help TAC analyse log and debug sessions that are collected: Read more…

Remote SPAN Configuration

Remote SPAN allows source ports and destination ports to be located on different switches. It uses a SPAN VLAN to transmit a copy of span data from source across the network to destination. You have to define and allow the SPAN VLAN in all network devices in the path.
Here’s how to do it: Read more…

The group over at NIL have written an nice article on the configure replace command.. It allows you to replace the running configuration with a copy of the startup configuration (or some other config you have on a TFTP server).

Previously, this was only possible by rebooting the router or using a ton of “no” commands to back all your configuration out. The router can even list what commands will be negated as it replaces the running configuration!

The command to pull it off is this:

Router#configure replace nvram:startup-config list

The “list” command on the end will list the syntax the router is adding or removing as it goes…very nice! The entire write-up on this can be found here.

Decrypting Type 7 Password on Cisco Router

You know those type 7 (non-MD5) so-called “encryption”  strings that appear when service password-encryption is used?  A lot of people copy the string and go to websites (google cisco password cracker) and use a java applet or something to decrypt them.

However, you can actually do this on any cisco router.  This is how you do it. Read more…