Daren Matthews

Here is a handy way to use EEM to failover to a second ISP – use with a route-map:

Cisco EEM configuration: Read more…

This is the syntax to use to test SMTP relays. Commands are in bold:

telnet x.x.x.x 25
HELO mydomain.com
250 mobile.yourdomain.com Hello mydomain.com ([129.0.52.74]), pleased to meet you Read more…

This script is a simple, interactive way to backup and date-stamp your juniper Netscreen ISG/SSG (ScreenOS) firewall configurations. The script copies the configurations from the firewall using scp. Configurations older than one day ( -mtime +1) are archived off to a bz2 compressed file.  Archives older than 60 days ( -mtime +60 ) are removed from the disk.

The usage is: nsb.sh [ip address / hostname of Netscreen].  (VIEW SCRIPT)

Read more…

The steps to create the (Windows) .msi are as follows:

STEP 1:  Download the ISO file from cisco.com software download navigator page (http://software.cisco.com/download/navigator.html ) Read more…

This aide-memoir describes and compares NAT configuration (Identity NAT, NAT Exemption/Identity NAT and also compares the syntax between ASA version 8.4.2 and below.  There are some considerable differences to the syntax and some of the better-known commands have been deprecated. Read more…

It should be noted that many algorithms require the Cisco IOS to have access to the cleartext password.

The Vigenere algorithm is used to obfuscate the passwords (not really encrypt them as there is no encryption key) in order to prevent “shoulder surfing” from exposing passwords to someone who briefly looks at a running configuration.

If, however, someone gets hold of the configuration they can easily retrieve the passwords using the reverse translation of the Vigenere algorithm.

• This can be done using various “type-7” password crackers or indeed within the IOS itself
• Cisco IOS uses this level-7 encryption when the “service password-encryption” command is used. Here is a Perl Script which deobfuscates the Cisco Viginere password Read more…

Long Fat Pipes
High-capacity packet satellite channels are LFN’s  (Delay 4 x 35‘800 km = 470ms RTT) and modern terrestrial long-haul fibre-optic paths will also fall into the LFN class. There are three fundamental performance problems with the current TCP  over LFNs:

• Window Size Limit (2^16 or max 65k bytes) – Remedy: TCP option “Window scale”
• Recovery from Segment Losses – Remedy: TCP option “selective acknowledgement”
• Round-Trip Measurement – Remedy: TCP option “Time stamp” Read more…

An aide-memoir:

ScreenOS-> undebug all
ScreenOS-> clear db Read more…

INTERFACE EVENTS:
Two EEM applets measure rxload on an interface at 30-second intervals.  When a threshold is reached an ACL is applied to only permit important traffic thereby reducing the load.

1) When the Rx load is above 50% the access-list is applied.
2) When the Rx load goes below 25, the access-list is removed. Read more…

CLI EVENT DETECTOR:
The EEM applet prevents the “debugging” command being executed on the CLI. Any attempt will store the system clock and user’s on the flash. Read more…