h1

3Com 4500 switch SPAN (port mirroring)

February 12, 2013

In the example below I am creating monitoring on port 50 for port 49. My port 49 is my uplink port for that 3Com 4500 48+2 port switch:

interface GigabitEthernet1/0/49
port link-type trunk
port trunk permit vlan all
port trunk pvid vlan 10
mirroring-group 1 mirroring-port both
#
return
[SD-LIB-3C4500-50P]dis cur int g1/0/50
#
interface GigabitEthernet1/0/50
port link-type trunk
port trunk permit vlan all
port trunk pvid vlan 10
mirroring-group 1 monitor-port
#
return
[SD-LIB-3C4500-50P]display mirror 1
mirroring-group 1:
type: local
status: active
mirroring port:
GigabitEthernet1/0/49  both
monitor port: GigabitEthernet1/0/50

h1

Motorola Netopia 3347-02-1002 3347-02-1006 3347-02-1022

May 14, 2011

All there three AT&T modem could be upgraded to 7.8.1r2.

I just did an upgrade to two of my 3347-02-1002 and they are working without any problems. Of course 3347-02-1022 has more features even over the same firmware because it’s newer.

The upgrade is 100% safe.

The URL the firmware could be downloaded from is:

http://fastaccess.drivers.bellsouth.net/archive.html#cayman

or if the page is not present, please let me know and I could provide the software.

h1

Cisco 2621 Static NAT Pool match-host example

February 28, 2011

After looking for an example for a few hours, I found two and non of them was exactly what I was looking for. Below is my configuration and it does work.

interface FastEthernet0/0
ip address 172.16.0.5 255.255.240.0
ip nat inside
ip flow ingress
duplex auto
speed auto
no cdp enable
!
interface FastEthernet0/1
ip address 172.17.0.253 255.255.240.0
ip nat outside
ip flow ingress
duplex auto
speed auto
no cdp enable
!
ip nat pool staticpool 172.17.0.1 172.17.15.254 netmask 255.255.240.0 type match-host
ip nat inside source list 1 pool staticpool
ip nat inside source static 172.16.3.21 172.17.3.21
!
no ip http server
ip flow-export source FastEthernet0/0
ip flow-export version 5
ip flow-export destination 172.16.0.99 9996
ip classless
ip route 0.0.0.0 0.0.0.0 172.17.0.254
!
!
access-list 1 permit 172.16.0.0 0.0.15.255
!
snmp-server community public RO
!
ntp clock-period 17180673
ntp server 172.16.0.27
!
end

h1

a recent photo

February 27, 2011

h1

Разпокъсани срядни мисли

February 23, 2011

Ееее, все бива куци дни, ама тези последните дни хем не особено куци, хем доста, а това ги прави повече от яко куци.

Вчера се закучиха нещата в работата, та даже се наложи да отида до офиса. Обикновено във вторник не правя такива грешки, но вчера лично шефа ми каза, че ще ме чака в 14:30 и нямаше как да се измъкна. Висях до 19:30. Нечувано. За капак не свършихме нищо от предвиденото, само си изсмуквахме от пръстите некви глупости.

Днес поредно ме вързаха от провайдъра. От петък ми дрънчат варели. Отложиха теслата за след 1-2 дни. А да видим, ама аз вече не хващам дикиш.

Кой не ми се дуе тези дни, кой не ми прави разни разписания и да ми определя графици… вече не знам и не мога да сметна. Късмет, като никога майка ми не ме тормози. Тя обикновено не остава по-назад, но да не казвам голяма дума: тези дни е бетон. Евала, майка, вървиш.

Днес пак салата. Става. Падам си по салати. Вчера пак салата. Пак ставаше. Изобщо куцо и салатено, а е само сряда вечер.

Дали да не си вземем рибки все пак? Куче няма да е. Аз още 15 години куче да разхождам – не би. Котка също. Мерси. Това мирише, трябва да се ваксинира, обезташава, повръща от време на време и не може да отидеш никъде повече от 2 дни, не, не, не и не. Рибки. Най-много да пукнат. Сменяш ги с нови, а новите можеш да ги кръстиш със старите имена. Ебати, дреме ми.

Май някои хора се оказаха прави обаче по отношение на чувства. Кво ти май, прави се оказаха к сожелению. Ей, винаги имам какво да науча и то след време. Много цинично, но поучително. Кога ли ще порастна за да мога да схващам навреме? Нивгаш. Вродена тъпотия.

Начи разпокъсани ми били мислите. Е как не, нали казвам, че е куцо. Каката там ми тропа и ми говори, разконцентрим се. Причини да си търси човек.

А да, днес яко препих кафе сутринта и още ме държи. Има няма 12 часа по-късно още кудкудякам. Принципно почти не потребявам тази напитка и днес яко се надрусах. Требе се внимава, а аз специално – повече.

Айде!

h1

Cisco 2600/2800 NAT, Static Translation, ACL, and Net Flow all together

July 3, 2010

The configuration below is for my own use but if you find it helpful, please feel free to use it. If you could leave a comment, I’ll know I helped someone.

In that case my FastEthernet 0/1 is my outside interface, FastEthernet 0/0 is the inside interface. I’m permitting printing from any Internet IP address to internal IP address 172.16.3.21.

Building configuration…

Current configuration : 3638 bytes
!
! Last configuration change at 11:33:21 PDT Sat Jul 3 2010 by admin
! NVRAM config last updated at 11:33:22 PDT Sat Jul 3 2010 by admin
!
version 12.3
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname SD-DH3-DSL-Router
!
boot-start-marker
boot system flash c2600-io3-mz.123-26.bin
boot-end-marker
!
enable password *&%@$^%!@*^%$!@$
!
clock timezone PST -8
clock summer-time PDT recurring
no aaa new-model
ip subnet-zero
ip flow-cache timeout active 1
ip cef
!
!
!
ip inspect audit-trail
ip inspect max-incomplete high 1100
ip inspect one-minute high 1100
ip inspect udp idle-time 60
ip inspect dns-timeout 10
ip inspect name inter tcp
ip inspect name inter udp
ip inspect name inter ftp
ip inspect name inter http
ip inspect name inter smtp
ip inspect name inter tftp
ip inspect name inter cuseeme
ip inspect name inter h323
ip inspect name inter rcmd
ip inspect name inter realaudio
ip inspect name inter sqlnet
ip inspect name inter streamworks
ip inspect name inter vdolive
ip audit po max-events 100
!
username admin privilege 15 password &*%#$_)#*^$()@#%^*%$#
!
!
!
!
interface FastEthernet0/0
description SD PR LAN admin
ip address 172.16.0.5 255.255.240.0
ip nat inside
ip flow ingress
ip route-cache flow
duplex auto
speed auto
no cdp enable
!
interface Serial0/0
no ip address
shutdown
no cdp enable
!
interface FastEthernet0/1
description SD PR DHB aDSL admin modem
ip address 192.168.16.253 255.255.255.0
ip access-group 121 in
ip nat outside
ip flow ingress
ip inspect inter out
ip route-cache flow
duplex auto
speed auto
no cdp enable
!
ip nat inside source list 1 interface FastEthernet0/1 overload
ip nat inside source static 172.16.3.21 192.168.16.21
no ip http server
ip flow-export source FastEthernet0/0
ip flow-export version 5
ip flow-export destination 172.20.0.12 9996
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.16.254
ip route 10.14.6.0 255.255.255.0 172.16.0.3
ip route 10.100.50.0 255.255.255.0 172.16.0.2
ip route 64.206.226.33 255.255.255.255 172.16.0.3
ip route 64.206.232.160 255.255.255.224 172.16.0.9
ip route 172.16.16.0 255.255.254.0 172.16.0.3
ip route 172.18.0.0 255.255.240.0 172.16.0.3
ip route 172.18.16.0 255.255.254.0 172.16.0.3
ip route 172.19.0.0 255.255.240.0 172.16.0.3
ip route 172.19.16.0 255.255.254.0 172.16.0.3
ip route 172.20.0.0 255.255.240.0 172.16.0.3
ip route 172.20.16.0 255.255.254.0 172.16.0.3
ip route 172.22.0.0 255.255.240.0 172.16.0.3
ip route 172.22.16.0 255.255.254.0 172.16.0.3
ip route 172.23.0.0 255.255.240.0 172.16.0.3
ip route 172.23.16.0 255.255.254.0 172.16.0.3
ip route 172.24.0.0 255.255.240.0 172.16.0.3
ip route 172.24.16.0 255.255.254.0 172.16.0.3
ip route 192.168.10.0 255.255.255.0 172.16.0.3
ip route 192.168.24.0 255.255.255.0 172.16.0.3
!
!
access-list 1 permit 172.16.0.0 0.0.15.255
access-list 121 remark inbound internet acl
access-list 121 permit icmp any any administratively-prohibited
access-list 121 permit icmp any any echo
access-list 121 permit icmp any any echo-reply
access-list 121 permit icmp any any packet-too-big
access-list 121 permit icmp any any time-exceeded
access-list 121 permit icmp any any unreachable
access-list 121 remark lib_prn
access-list 121 permit tcp any host 192.168.16.21 eq 9100
access-list 121 deny ip any any log
no cdp run
snmp-server community public RO
!
line con 0
privilege level 15
password &*%^*%@#$&#$
login local
line aux 0
privilege level 15
password &*(%#$*%#@$
login local
line vty 0 4
privilege level 15
password (&%^#$&%#$#$
login local
!
ntp clock-period 17180670
ntp server 172.16.0.27
!
end

h1

Bridging Cisco Router Interfaces

July 2, 2010

This article is a guide to configure bridging on Cisco Routers. This is something I never knew was possible until after making a few phone calls to Cisco. Using bridging saved our company money by not requiring us to purchase a new switch. Bridging can also be very useful in smaller environments to help save on wasting IPs. The implementation I will be using for the example is this: A single T1 comes into a router. This router needs to hand off directly to a set of Redundant Firewalls without a switch between them. We need to make sure both firewalls can plug into the router and use the same IP address for their next hop. The commands used here are all entered from a Cisco 2811 running IOS version 12.3(8)T5. Bridging is available in many other IOS versions and from what I have personally seen the commands have not changed. So with all of that out of the way let’s get into the router.

First connect to the router via the console. We will be changing IP addresses and disabling interfaces which will cause your telnet sessions to disconnect.

After you connected you will need to be in “enable” mode so that you can make changes to the router.

Next we enter config mode, configure terminal

Now you should be sitting at a prompt similar to the one below:

Router01(config)#

There are three commands that we will enter to ensure that bridging is enabled.

Router01(config)#bridge irb
Router01(config)#bridge 1 protocol ieee
Router01(config)#bridge 1 route ip

Those commands are global commands, the next commands we will enter are to create the new bridged interface. But in order to do that we have to take the IP address off of the old interface. In this example FastEthernet0/0 has the IP assigned and we will be adding FastEthernet0/1 to the group.

Router01(config)#interface fa0/0
Router01(config)#no ip address

Router01(config)#interface BVI1
Router01(config)#ip address X.X.X.X Y.Y.Y.Y (IP Address and Subnet Mask)

Now we go back to the interfaces and add them to the bridge group

Router01(config)#int fa0/0
Router01(config)#bridge-group 1
Router01(config)#int fa0/1
Router01(config)#bridge-group 1
Router01(config)#exit

Now if you were to plug in a device that is configured on the same network as entered on the BVI1 Interface you would be able to ping the address. Through bridging we have effectively turned the to FastEthernet interfaces on our 2811 into a small switch. This will allow you to run an active/active firewall system behind a single router with minimal hassle. There are number of other uses for bridging as well I hope this article will help people realize the potential and use this new skill.

h1

Creating a new Admin on Mac Os X

June 29, 2010

Here’s how to reset your OS X password without an OS X CD.
the Working solution for me was to create a new admin
you can create new admin like this by deleting a specific file.

You need to enter terminal and create a new admin account:

1. Reboot
2. Hold apple key + s key down after you hear the chime. (command + s on newer Macs)
3. When you get text prompt enter in these terminal commands to create a brand new admin account (hitting return after each line):

mount -uw /
rm /var/db/.AppleSetupDone
shutdown -h now

4. After rebooting you should have a brand new admin account. When you login as the new admin you can simply delete the old one and your good to go again!

Apple stores wont reset it for you. Computer shops may charge you $50 to $200 trying to reinstall the Mac and failing at end.

h1

3Com 4500 switch firmware update

June 28, 2010

This is mostly for my own notes, but someone else may find it useful.

I used TFTP method to transfer file to the switch. I used Linux Fedora TFTP daemon to accomplish that.

File name Prefix / Suffix

s3n / .app = 4500 application software.
s30 / .btm = 4500 boot ROM software
s3p / .web = 4500 web file (HTTP management interface)
3comOScfg.def / .def = 4500 config file

<4500>delete /u s3004_01.btm
<4500>delete /u s3p04_03.web
<4500>detete /u s3n03_03_02s56p05.app

<4500>clock timezone PDT minus 7
<4500>clock summer-time PDT repeating 02 2010 March second Sunday 02 2010 November first Sunday 01
<4500>sys
<4500>ntp-service unicast-server 172.16.0.27

<4500>tftp 172.16.0.27 get 3com/s3n03_03_02s56p06.app
<4500>tftp 172.16.0.27 get 3com/s3o04_02.btm
<4500>tftp 172.16.0.27 get 3com/s3p04_03.web

<4500>boot boot-loader flash:/s3n03_03_02s56p06.app
<4500>boot bootrom flash:/s3o04_02.btm

and after rebooting the switch:

<4500>boot web-package s3v02_04.web main

h1

ASA 5510 MTA transfer from 8.0.4 to 8.2.2

June 16, 2010

SD-ASA-5510# conf t
SD-ASA-5510(config)# no service-policy voice_policy interface outside
SD-ASA-5510(config)# phone-proxy ASA-phone-proxy
SD-ASA-5510(config-phone-proxy)# no media-termination address 192.76.183.81
SD-ASA-5510(config-phone-proxy)# exit
SD-ASA-5510(config)# media-termination MTA
SD-ASA-5510(config-media-termination)# address 192.76.183.81 interface outside
SD-ASA-5510(config-media-termination)# address 172.16.0.81 interface inside
SD-ASA-5510(config-media-termination)# phone-proxy ASA-phone-proxy
SD-ASA-5510(config-phone-proxy)# media-termination MTA
SD-ASA-5510(config-phone-proxy)# service-policy voice_policy interface outside
SD-ASA-5510(config)#