You may not want to configure RANCID using yout your default privilege level 15 user when it performs backup of your Cisco ASA. Leveraging commmand authorization will enable granular control of which commands it runs. !– Allowed commands privilege cmd level 4 mode exec command more privilege cmd level 4 mode exec command dir privilege […]
A quick guide on how to backup your Prime Infrastructure Server to a remote SFTP repository. As of default, defaultRepo, the backup is placed locally on the appliance disk. For obvious reasons, this is not feasible in a production environment. The web interface, found under “Administration > Background Tasks > Other Background Tasks > Prime […]
An issue I came across was a virtual appliance stuck in a boot loop after the VMware environment lost its power. The console output was giving off the following text prior to rebooting: Warning: pci_mmcfg_init marking 256MB space uncacheable sda: assuming drive cache: write through sda: assuming drive cache: write through Reading all physical volumes. […]
Ever asked yourself the question: How do I find out what switch and switchport my Cisco access point is connected to? Have you dreaded the awful task of checking configuration, ARP- and MAC-tables as well as CDP-information of several switches? Does the switches support CDP? Then there is really no problem! =)
From time to time, IT personell find it feasible to purchase autonomous access points for later converting them to lightweight access points which connects to a central Wireless LAN Controller (WLC). Fortunately for us, the conversion from autonomous to lightweight is simple and straight forward. In this example I’ve converted a SAP1602i access point.
When you add a new NAT-rule via the CLI of a Cisco ASA, the newly added rule will be appended to the NAT rule list. Tradionally you will have a NAT-hide rule at the very end, in order to provide your clients with IP connectivity to the Internet. Fortunately there is a way to choose […]
Cisco ASA includes a very nice feature since the 7.2(1)-release; packet-tracer. In short, you can inject and trace a packet as it progresses through the security features of the Cisco ASA appliance and quickly determine wether or not the packet will pass. I often use it to verify traffic passing through firewall rules, NAT-rules and […]
Did you ever have a run-in with applications terribly sensitive in terms of losing their database-connection and you need to increase the time-out the TCP-connections to this server? This configuration basically matches all traffic to one specific IP-adress and uses a service-policy to give it a longer timeout value.
Found yourself deleting hugh access-lists by deleting every single Access Control Entry? There is a simpler method, which will delete the entire ACL: clear configure access-list <ACL-name> Not to be confusewd with the clear access-list<ACL-anme> counters-command. ^_^
Packet capturing can be summarized in the following steps: 1. First off you create an ACL for filtering out which traffic to capture. 2. Then you start the capture on selected interfaces. 3. Display and/or save the capture. 4. Stop the capture and clear the buffer.