Archive

Archive for July 3rd, 2009

Setup MRTG to monitor QoS Policies

July 3rd, 2009 No comments

NOTE: investigate “snmp mib persistant” command on IOS.

here is a “how to” for monitoring QoS with MRTG: Read more…

Categories: MRTG Tags: ,

Nagios Object Diagram

July 3rd, 2009 No comments

An aide-memoir – View the Nagios Object Diagram: Read more…

Categories: Nagios Tags:

Configure TACACS+ for Admin Logins

July 3rd, 2009 No comments

How to configure IOS device for authentication to TACACS server for administrative logins: Read more…

Categories: CISCO, Security Tags:

Freeware TACACS+ Server for Win32

July 3rd, 2009 No comments

Cisco’s original TACACS+ server compiled to run under Windows! This is the original 4.0.4 version of tac_plus.

NOTE: None of the TACACS code available here comes with any warranty or support:

http://www.xpresslearn.com/tools/software-tools/cisco-tacacs-server-for-windows

Configuration file assistance:

http://www.stben.net/tacacs/users_guide.html

Categories: CISCO, Security Tags:

Recovering Hidden PIX Pre-Shared Keys / Passwords

July 3rd, 2009 No comments

The latest Cisco TAC Newsletter had an interesting tip on recovering hidden pre-shared keys (which I’ve needed to do many times). So simple, it’s brilliant :) here’s the reprint: Read more…

Categories: CISCO, Security Tags: ,

Hacking APC Masterswitch Admin Password

July 3rd, 2009 No comments

Ever bought one of those APC Masterswitch PDU’s from eBay, then tried to login to the admin interface with the usual default “apc” / “apc” but found that the password had been changed?

Manuals:

APC9211

Userguide AP9606 WebSNMP Management SmartSlot Card

Installation AP9606 WebSNMP Management SmartSlot Card

The usual password recovery procedures (well documented) are quite tedious, requiring emails and serial numbers. What a pain!

  • If you use one in your home lab this vulnerability will help you if you happen to buy one from eBay with the password set.
  • If you use them on a production network – this could become an attack vector,  so replace them or upgrade!

Here’s how to hack the password: Read more…

Categories: Uncategorized Tags:

IOS Configuration Lock

July 3rd, 2009 No comments

How to avoid two people making changes to the configuration at the same time

The only command you need to use is the configuration mode exclusive {auto | manual} from global configuration mode.

  • The auto keyword automatically locks the configuration session whenever the configure terminal command is used and this is the default option.
  • The inverse manual keyword allows you to choose to lock the configuration session manually or simply leave it unlocked.

Here is how to do it: Read more…

Categories: CISCO Tags:

Annotating Troubleshooting Sessions

July 3rd, 2009 No comments

When capturing log sessions during an outage or debug session it’s crucial to keep a history of what was done when and in what order. This helps in post mortem analysis after the event or session is over. There are a couple of standard things to do to help this such as:

  • NTP time sync all devices in the network to get them on a single time source
  • Enable syslog for all devices in the network
  • Allocate some local log space on each local device based on a percentage of free memory available on the device
  • Always have trend graphs from some polling mechanism for CPU levels, memory usage, traffic rates, etc.

In addition to these here are a few other tips that really help TAC analyse log and debug sessions that are collected: Read more…

Categories: CISCO Tags:

Configuring Remote SPAN

July 3rd, 2009 No comments

Remote SPAN Configuration

Remote SPAN allows source ports and destination ports to be located on different switches. It uses a SPAN VLAN to transmit a copy of span data from source across the network to destination. You have to define and allow the SPAN VLAN in all network devices in the path.
Here’s how to do it: Read more…

Categories: CISCO Tags: ,