Žilinská univerzita > Fakulta riadenia a informatiky > Katedra informačných sietí

Practical - Cisco, QoS, Routing, RIP, OSPF, Monitoring, WAN, Security, Switching, MPLS, ASA, Multicast

Configuring Netflow on a Cisco ASA

ASA supports netflow exports against some of Netflow collectors, for example ntopng. 

Here I'm describing steps required to configure netflow statistical export using ASA CLI.

ASA - how to show ike pre-shared key - PSK recovery

Once we had a pre-shared key configured, we are not able to see them directly applying show running command, as the key is encrypted. The output displayed it as *******.

Example:

kis-asa-5515X# sh running-config | include shared
 ikev1 pre-shared-key *****
 ikev1 pre-shared-key *****

 

Solution 1

Use more command,

more system:running-config

 

VPN - Connecting Android clients to ASA using clientless L2TP over IPSec

Install user language into Cisco IP Phone

Very important thing is, that your IP phone has to have letter "G" in its name. For example "Cisco Unified IP Phone 7970G" or "7960G". Letter "G" means, that phone is "global", and also support other laguages than english.

Do not confuse it with "GE". This means "giabit ethernet". If phone support both, there is "G-GE" on the phone.

 

Uncompressing Cisco .cop.sgn file

Cisco releases some files (firmware, language files, ...) as .cop.sgn files. And sometimes, you need to uncompress it and reach files in this archive. "sgn" means, it is signed. Actually, there is only authentication header, which can be removed by editor. For Linux, we can use Bless hex editor. Open file in editor, and find pattern '1F 8B 08'.

Your file should start with this pattern.

How to clear an ASA startup configuration

If we have access to config mode we may type

config t
configure factory-default

 

Configuring simple MPLS network

Objective

Create a simple MPLS network and observe partial parts of MPLS functionality. MPLS network consist of four routers, two edge routers - LSE1 and LSE2 whose fastEthernet interfaces are not parts of the MPLS network and two Label Switch Routers - LSR1 and LSR2 interconnected through serial lines.

Topology

Four routers are connected in a chain line topology:

Parsing OSPF packets using tcpdump

Sometimes we need to capture and parse OSPF packets for next analysis and we have a comand line only, in my case on linux server with dynamips. We should use tcpdump tool for this purpose, of course, several ways are available.

Capturing OSPF packets on the fly

tcpdump -i eth0 ip[9] == 89

where OSPF ip protocol number is 89, and the protocol field is the 9th octet on the ip header.

Another way is:

tcpdump -i eth0 proto ospf

Writing captured packets to a file

Router IP Traffic Export - the router packet capture capabilities

http://www.cisco.com/en/US/docs/ios/12_4t/12_4t11/ht_rawip.html

Cisco switches provides SPAN and RSPAN feature which is suitable for monitoring and capturing packets flowing through switch ports or VLANs. But this feature is not provided on Cisco routers, therefore if you look for it there is not result.

Configuring reflexive ACL (IP session filtering)

In this article I will configure reflexive ACL. This technique is described during CCNA4 Exploration, and I'm using it during the lab exercises.

About Reflexive ACL (IP session filtering)

Description from the cisco web, regarding IOS 15.1.

Syndicate content