HuuHoa
05-03-2005, 07:52 AM
From: Question 71
Subject: How do I setup the variables to do tftpdnld in rommon?
You can use tftp, if available ... if not no luck ... xmodem using console or another flash. and I think you can upgrade boot rom to support the command tftpdlnd but not sure about it:
IP_ADDRESS=10.1.1.16
IP_SUBNET_MASK=255.255.255.0
DEFAULT_GATEWAY=10.1.1.2
TFTP_SERVER=10.1.1.2
TFTP_FILE=ios.bin
FE_SPEED_MODE=0
TFTP_VERBOSE=1
tftpdnld -d
************************************************** ************************
From: Question 72
Subject: What is the order of operation in terms how a packet is processed?
From the book "Inside Cisco IOS Architechture":
1) compression/decompression
2) Encryption
3) Inbound ACL
4) Unicast revese path checking
5) Input rate limiting
6) Broadcast handling (ip helpers)
7) Decrement TTL
8) Inspect sybstem (FW features)
9) Outside to Inside NAT
10) Handle router alert flags in the IP header
11) Search for outbound interface in the routing table
12) Policy routing
13) Handel web cache redirects
14) Inside to Outside NAT
15) Encryption
16) Output ACL
17) Final Inspect check
18) TCP Intercept processing.
************************************************** ************************
From: Question 73
Subject: What are the differnt T1 jack type codes?
RJ48-BLAH where BLAH ==
"C" Identifies a surface or flushmounted jack.
"W" Identifies a wallmounted jack.
"S" Identifies a single-line jack.
"M" Identifies a multi-line jack.
"X" Identifies a complex multi-line or series-type jack.
"X" variety can automatically loop up the line if you pull out the cable
so it's usually call a "smartjack"
************************************************** ************************
From: Question 74
Subject: How do I show just one interface's configuration?
My all time favourite "trick" is "show run int xx"" where x is the interface in question
************************************************** ************************
From: Question 75
Subject: How can I script a network reachability test?
Today a trouble ticket was elevated to our design team. It seems a bunch of users are locking up while using Outlook with OpenMail servers. Not sure if it was network, Outlook, OpenMail server, or combination of the above. Since the users were somewhat senior level folks, it was not realistic to have to jot down detailed notes about when it happened etc.
Since the PCs were all Wintel based, I wrote this in a hurry to include in their "START" menu. Not being able to use Unix tools pretty much tied my hands, and I didn't put in a lot of error checking, but hey, I only had about 30 minutes to whip this up.
Although it's a bit simple hope you find it somewhat useful.
------ BEGIN BATCH FILE ----
TITLE TESTING THE NETWORK
@echo off
cls
echo.
echo.
echo.
echo.
echo.
echo ************************************************** ********
echo ************************************************** ********
echo ************************************************** ********
echo * *
echo * *
echo * Running network test........ *
echo * This windows will close automatically when *
echo * the testing has been completed. *
echo * *
echo * Please call XYZ at XYZ if you have any questions *
echo * *
echo * *
echo ************************************************** ********
echo ************************************************** ********
echo ************************************************** ********
:
: Create a temp folder for our use and start with some flower
: box delimeters
:
if not exist c:\mailte$t md c:\mailte$t
echo ***************************************>> c:\mailte$t\%username%.txt
echo ***************************************>> c:\mailte$t\%username%.txt
:
: Pipe in some blank lines and date time stamp.
echo. >> c:\mailte$t\%username%.txt
echo.|date | find /i "current" >> c:\mailte$t\%username%.txt
echo.|time | find /i "current" >> c:\mailte$t\%username%.txt
echo. >> c:\mailte$t\%username%.txt
:
: Start a trace route w/o Rev-DNS lookups to our servers.
: The server name is given as a command line argument.
echo TRACE ROUTING TO %1 >>c:\mailte$t\%username%.txt
tracert -d %1.blah.foobar.com >>c:\mailte$t\%username%.txt
echo. >> c:\mailte$t\%username%.txt
:
: ping with max sized ICMP packets
echo PINGING to %1 >>c:\mailte$t\%username%.txt
:
:!!!unwrap the next two lines!!!
ping -L 1472 %1.blah.foobar.com | find /i "Reply from"
>>c:\mailte$t\%username%.txt
:
echo. >> c:\mailte$t\%username%.txt
echo. >> c:\mailte$t\%username%.txt
:
: Now ftp it to the 2.104 server using the script file
: C:\ftpcmd.txt
:
ftp -s:c:\ftpcmd.txt x.x.2.104
exit
Contents of ftpcmd.txt file:
cisco
cisco1
put c:\mailte$t\*.txt
bye
exit
Basically, it's
username
password
ftp command
ftp command
etc. etc.
************************************************** ************************
From: Question 76
Subject: Where can I find a list of undocumented IOS commands?
http://www.boerland.com/dotu/
************************************************** ************************
From: Question 77
Subject: Where can I find information on securing or hardening Cisco routers?
Cisco Router Hardening Step-by-Step
http://rr.sans.org/firewall/router2.php
Improving Security on Cisco Routers:
http://www.cisco.com/warp/public/707/21.html
Cisco PSIRT Advisories
http://www.cisco.com/warp/public/707/advisory.html
Cisco's Security Technical Tips
http://www.cisco.com/warp/public/707/index.shtml
Strategies to Protect Against Distributed Denial of Service (DDoS) Attacks
http://www.cisco.com/warp/public/707/newsflash.html
Characterizing and Tracing Packet Floods Using Cisco Routers
http://www.cisco.com/warp/public/707/22.html
Denial of Service (DoS) Attack Resources
http://www.denialinfo.com/
************************************************** ************************
From: Question 78
Subject: How can I connect two Cisco routers back to back through the AUX ports?
Connecting Routers Back-to-Back Through the AUX Ports
http://www.cisco.com/warp/public/793/access_dial/auxback.html
Configuring AUX-to-AUX Port Async Backup with Dialer Watch
http://www.cisco.com/warp/public/471/aux-aux-watch.html
Using the AUX Port on Cisco Routers for IP/IPX Router Communications
http://www.networkingunlimited.com/white006.html
************************************************** ************************
From: Question 79
Subject: How do I use Secure Shell (SSH) on Cisco devices?
Configuring Secure Shell (SSH) on Cisco IOS® Routers
http://www.cisco.com/warp/public/707/ssh.shtml
How to Configure SSH on Catalyst Switches Running CatOS
http://www.cisco.com/warp/public/707/ssh_cat_switches.html
************************************************** ************************
From: Question 80
Subject: Can I use a /31 address space for my serial point-to-point interfaces?
It depends. If you have 12.2.x release of IOS, you can use /31 address.
For example:
interface Serial5/1
ip address 192.168.1.1 255.255.255.254
See the following for more information:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t2/ft31addr.htm
Subject: How do I setup the variables to do tftpdnld in rommon?
You can use tftp, if available ... if not no luck ... xmodem using console or another flash. and I think you can upgrade boot rom to support the command tftpdlnd but not sure about it:
IP_ADDRESS=10.1.1.16
IP_SUBNET_MASK=255.255.255.0
DEFAULT_GATEWAY=10.1.1.2
TFTP_SERVER=10.1.1.2
TFTP_FILE=ios.bin
FE_SPEED_MODE=0
TFTP_VERBOSE=1
tftpdnld -d
************************************************** ************************
From: Question 72
Subject: What is the order of operation in terms how a packet is processed?
From the book "Inside Cisco IOS Architechture":
1) compression/decompression
2) Encryption
3) Inbound ACL
4) Unicast revese path checking
5) Input rate limiting
6) Broadcast handling (ip helpers)
7) Decrement TTL
8) Inspect sybstem (FW features)
9) Outside to Inside NAT
10) Handle router alert flags in the IP header
11) Search for outbound interface in the routing table
12) Policy routing
13) Handel web cache redirects
14) Inside to Outside NAT
15) Encryption
16) Output ACL
17) Final Inspect check
18) TCP Intercept processing.
************************************************** ************************
From: Question 73
Subject: What are the differnt T1 jack type codes?
RJ48-BLAH where BLAH ==
"C" Identifies a surface or flushmounted jack.
"W" Identifies a wallmounted jack.
"S" Identifies a single-line jack.
"M" Identifies a multi-line jack.
"X" Identifies a complex multi-line or series-type jack.
"X" variety can automatically loop up the line if you pull out the cable
so it's usually call a "smartjack"
************************************************** ************************
From: Question 74
Subject: How do I show just one interface's configuration?
My all time favourite "trick" is "show run int xx"" where x is the interface in question
************************************************** ************************
From: Question 75
Subject: How can I script a network reachability test?
Today a trouble ticket was elevated to our design team. It seems a bunch of users are locking up while using Outlook with OpenMail servers. Not sure if it was network, Outlook, OpenMail server, or combination of the above. Since the users were somewhat senior level folks, it was not realistic to have to jot down detailed notes about when it happened etc.
Since the PCs were all Wintel based, I wrote this in a hurry to include in their "START" menu. Not being able to use Unix tools pretty much tied my hands, and I didn't put in a lot of error checking, but hey, I only had about 30 minutes to whip this up.
Although it's a bit simple hope you find it somewhat useful.
------ BEGIN BATCH FILE ----
TITLE TESTING THE NETWORK
@echo off
cls
echo.
echo.
echo.
echo.
echo.
echo ************************************************** ********
echo ************************************************** ********
echo ************************************************** ********
echo * *
echo * *
echo * Running network test........ *
echo * This windows will close automatically when *
echo * the testing has been completed. *
echo * *
echo * Please call XYZ at XYZ if you have any questions *
echo * *
echo * *
echo ************************************************** ********
echo ************************************************** ********
echo ************************************************** ********
:
: Create a temp folder for our use and start with some flower
: box delimeters
:
if not exist c:\mailte$t md c:\mailte$t
echo ***************************************>> c:\mailte$t\%username%.txt
echo ***************************************>> c:\mailte$t\%username%.txt
:
: Pipe in some blank lines and date time stamp.
echo. >> c:\mailte$t\%username%.txt
echo.|date | find /i "current" >> c:\mailte$t\%username%.txt
echo.|time | find /i "current" >> c:\mailte$t\%username%.txt
echo. >> c:\mailte$t\%username%.txt
:
: Start a trace route w/o Rev-DNS lookups to our servers.
: The server name is given as a command line argument.
echo TRACE ROUTING TO %1 >>c:\mailte$t\%username%.txt
tracert -d %1.blah.foobar.com >>c:\mailte$t\%username%.txt
echo. >> c:\mailte$t\%username%.txt
:
: ping with max sized ICMP packets
echo PINGING to %1 >>c:\mailte$t\%username%.txt
:
:!!!unwrap the next two lines!!!
ping -L 1472 %1.blah.foobar.com | find /i "Reply from"
>>c:\mailte$t\%username%.txt
:
echo. >> c:\mailte$t\%username%.txt
echo. >> c:\mailte$t\%username%.txt
:
: Now ftp it to the 2.104 server using the script file
: C:\ftpcmd.txt
:
ftp -s:c:\ftpcmd.txt x.x.2.104
exit
Contents of ftpcmd.txt file:
cisco
cisco1
put c:\mailte$t\*.txt
bye
exit
Basically, it's
username
password
ftp command
ftp command
etc. etc.
************************************************** ************************
From: Question 76
Subject: Where can I find a list of undocumented IOS commands?
http://www.boerland.com/dotu/
************************************************** ************************
From: Question 77
Subject: Where can I find information on securing or hardening Cisco routers?
Cisco Router Hardening Step-by-Step
http://rr.sans.org/firewall/router2.php
Improving Security on Cisco Routers:
http://www.cisco.com/warp/public/707/21.html
Cisco PSIRT Advisories
http://www.cisco.com/warp/public/707/advisory.html
Cisco's Security Technical Tips
http://www.cisco.com/warp/public/707/index.shtml
Strategies to Protect Against Distributed Denial of Service (DDoS) Attacks
http://www.cisco.com/warp/public/707/newsflash.html
Characterizing and Tracing Packet Floods Using Cisco Routers
http://www.cisco.com/warp/public/707/22.html
Denial of Service (DoS) Attack Resources
http://www.denialinfo.com/
************************************************** ************************
From: Question 78
Subject: How can I connect two Cisco routers back to back through the AUX ports?
Connecting Routers Back-to-Back Through the AUX Ports
http://www.cisco.com/warp/public/793/access_dial/auxback.html
Configuring AUX-to-AUX Port Async Backup with Dialer Watch
http://www.cisco.com/warp/public/471/aux-aux-watch.html
Using the AUX Port on Cisco Routers for IP/IPX Router Communications
http://www.networkingunlimited.com/white006.html
************************************************** ************************
From: Question 79
Subject: How do I use Secure Shell (SSH) on Cisco devices?
Configuring Secure Shell (SSH) on Cisco IOS® Routers
http://www.cisco.com/warp/public/707/ssh.shtml
How to Configure SSH on Catalyst Switches Running CatOS
http://www.cisco.com/warp/public/707/ssh_cat_switches.html
************************************************** ************************
From: Question 80
Subject: Can I use a /31 address space for my serial point-to-point interfaces?
It depends. If you have 12.2.x release of IOS, you can use /31 address.
For example:
interface Serial5/1
ip address 192.168.1.1 255.255.255.254
See the following for more information:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t2/ft31addr.htm