Had to sit on the Cisco 300-320 exam today to extend my Cisco certifications for another 3 years.
Officially still CCNP and CCDP
Showing posts with label cisco. Show all posts
Showing posts with label cisco. Show all posts
Friday, January 29, 2016
Friday, October 26, 2012
Cisco ASA on GNS3
I was planning to design our existing ASA firewalls that are currently running independently to be active/active firewall running on multiple contexts.
I need a test lab for this. I use GNS3 for this.
I also need the ASA image and kernel files to be loaded in GNS3. Those files can be found from here
Once you got those files, you need to configure Qemu with the following options:
I need a test lab for this. I use GNS3 for this.
I also need the ASA image and kernel files to be loaded in GNS3. Those files can be found from here
Once you got those files, you need to configure Qemu with the following options:
Qemu Options: -vnc none -vga none -m 1024 -icount auto -hdachs 980,16,32Kernel cmd line: -append ide_generic.probe_mask=0x01 ide_core.chs=0.0:980,16,32 auto nousb console=ttyS0,9600 bigphysarea=65536Also make sure you select the correct Initrd and Kernel files you downloaded earlier
You can now be able to start any ASA instance you have and when you do that, load the following keys:activation-key 0x4a3ec071 0x0d86fbf6 0x7cb1bc48 0x8b48b8b0 0xf317c0b5activation-key 0xb23bcf4a 0x1c713b4f 0x7d53bcbc 0xc4f8d09c 0x0e24c6b6
Wednesday, September 26, 2012
Cisco 4500 Series Switch Software Upgrade
Just got a pair of Cisco 4500 series switches with dual sup 7E. Needed to be upgraded to the latest IOS version.
Here are the steps to upgrade it:
copy source_device:source_filename slavebootflash:target_filename
Here are the steps to upgrade it:
- Copy the .bin file from the TFTP server to both Sups (Active and Standby)
copy source_device:source_filename bootflash:target_filename
- Change the boot system command
- Change the config register
no boot system flash bootflash:c6msfc2-jsv-mz.121-8a.E5
wr mem
boot system flash bootflash:c6msfc2-jsv-mz.121-8a.E6
wr mem
- Reload the Standby Sup
config-register 0x2102
wr mem
redundancy reload peer
- Failover the Sup
redundancy force-switchover
Saturday, April 21, 2012
Trixbox + CUCM + Exchange UM + SP3102 + SRP527W Part 1
I have setup the voice network @home as per below picture
As you can see, there are a lot of SIP trunks between them. I will try to put the configuration for each of them
Exchange UM - CUCM
For Exchange UM and CUCM connection configuration, just follow the document published by Microsoft: http://www.microsoft.com/download/en/details.aspx?id=13591
The following is the CUCM Media Resource Group
The following is the CUCM Media Resource Group List
The following is the CUCM Configuration for the SIP Trunk to Exchange UM (e.g. mx01.domain.local), use the Media Resource Group List created above
CUCM - Trixbox
Create a new SIP Trunk Security Profile
Create a SIP trunk from CUCM to Trixbox, use the SIP Trunk Security Profile created above
Create a new Route Group
Create a new Route List
Create a new Route Pattern
I have extension 1499 and 1500 for Exchange UM Pilot and Auto Attendant respectively
I created a Route Pattern for default route to Trixbox when dial starts with 9. I also do exactly the same Route Pattern to the default route when dial starts with 0. The purpose for this is to use VOIP when dial with 9 and to use PSTN when dial with 0 first (configuration later on Trixbox)
Trixbox - CUCM
As you can see, there are a lot of SIP trunks between them. I will try to put the configuration for each of them
Exchange UM - CUCM
For Exchange UM and CUCM connection configuration, just follow the document published by Microsoft: http://www.microsoft.com/download/en/details.aspx?id=13591
The following is the CUCM Media Resource Group
The following is the CUCM Media Resource Group List
The following is the CUCM Configuration for the SIP Trunk to Exchange UM (e.g. mx01.domain.local), use the Media Resource Group List created above
CUCM - Trixbox
Create a new SIP Trunk Security Profile
Create a SIP trunk from CUCM to Trixbox, use the SIP Trunk Security Profile created above
Create a new Route Group
Create a new Route List
Create a new Route Pattern
I have extension 1499 and 1500 for Exchange UM Pilot and Auto Attendant respectively
I created a Route Pattern for default route to Trixbox when dial starts with 9. I also do exactly the same Route Pattern to the default route when dial starts with 0. The purpose for this is to use VOIP when dial with 9 and to use PSTN when dial with 0 first (configuration later on Trixbox)
Trixbox - CUCM
To be continue...
Thursday, April 14, 2011
Upgrade IOS on 877W ISR Wireless Module
It is a bit tricky to update the AP module inside the Cisco ISR 877 Series.
1st, assign an IP address to the VLAN of the router
interface vlan 1
ip address x.x.x.x y.y.y.y
no shut
2nd, assign the wlan-ap 0 interface with IP unnumbered
interface wlan-ap 0
ip unnumbered vlan 1
3nd, access the wlan-ap 0 module console
service-module wlan-ap 0 session
4th, assign an IP address to BVI0/BVI1 interface
interface BVI0
ip address z.z.z.z y.y.y.y
no shut
5th, get the IOS image from the tftp
archive download-sw tftp://x.x.x.x/ios.version.tar
6th, write mem and reload
wr mem
reload
Thursday, April 29, 2010
Cisco IP Phone TFTP Server
If you need to create your own TFTP server for the Cisco IP Phones so that they can get any image we want them to have - instead of getting the image from the CUCM, we can create the TFTP server, dump the image from Cisco.com website (.zip) and create XMLDefault.cnf.xml file.
The content of the XMLDefault.cnf.xml file is:
<Default>
<callManagerGroup>
<members>
<member priority="0">
<callManager>
<ports>
<ethernetPhonePort>2000</ethernetPhonePort>
<mgcpPorts>
<listen>2427</listen>
<keepAlive>2428</keepAlive>
</mgcpPorts>
</ports>
<processNodeName></processNodeName>
</callManager>
</member>
</members>
</callManagerGroup>
<loadInformation30007 model="CP-7912">CP7912080000SIP060111A</loadInformation30007>
<loadInformation8 model="CP-7940">P003-08-8-00</loadInformation8>
<loadInformation115 model="CP-7941">TERM41.7-0-2-0S</loadInformation115>
<loadInformation434 model="Cisco 7942"></loadInformation434>
<loadInformation309 model="Cisco 7941G-GE">TERM41.7-0-2-0S</loadInformation309>
<loadInformation435 model="Cisco 7945"></loadInformation435>
<loadInformation7 model="CP-7960">P003-08-8-00</loadInformation7>
<loadInformation30018 model="CP-7961">SIP41.8-5-2S</loadInformation30018>
<loadInformation308 model="Cisco 7961G-GE">SIP41.8-5-2S</loadInformation308>
<loadInformation404 model="Cisco 7962"></loadInformation404>
<loadInformation436 model="Cisco 7965"></loadInformation436>
<loadInformation6 model="CP-7970">SIP70.8-4-2S</loadInformation6>
<loadInformation30006 model="CP-7970">SIP70.8-4-2S</loadInformation30006>
<loadInformation119 model="Cisco 7971">TERM70.7-0-2-0S</loadInformation119>
<loadInformation118 model="Cisco 7971G-GE">TERM70.7-0-2-0S</loadInformation118>
<loadInformation437 model="Cisco 7975"></loadInformation437>
<loadInformation302 model="Cisco 7985">cmterm_7985.4-1-4-0</loadInformation302>
<authenticationURL></authenticationURL>
<directoryURL></directoryURL>
<idleURL></idleURL>
<informationURL></informationURL>
<messagesURL></messagesURL>
<servicesURL></servicesURL>
</Default>
Edit the loadInformation tag with the image version you want that particular phone to load with.
The content of the XMLDefault.cnf.xml file is:
<Default>
<callManagerGroup>
<members>
<member priority="0">
<callManager>
<ports>
<ethernetPhonePort>2000</ethernetPhonePort>
<mgcpPorts>
<listen>2427</listen>
<keepAlive>2428</keepAlive>
</mgcpPorts>
</ports>
<processNodeName></processNodeName>
</callManager>
</member>
</members>
</callManagerGroup>
<loadInformation30007 model="CP-7912">CP7912080000SIP060111A</loadInformation30007>
<loadInformation8 model="CP-7940">P003-08-8-00</loadInformation8>
<loadInformation115 model="CP-7941">TERM41.7-0-2-0S</loadInformation115>
<loadInformation434 model="Cisco 7942"></loadInformation434>
<loadInformation309 model="Cisco 7941G-GE">TERM41.7-0-2-0S</loadInformation309>
<loadInformation435 model="Cisco 7945"></loadInformation435>
<loadInformation7 model="CP-7960">P003-08-8-00</loadInformation7>
<loadInformation30018 model="CP-7961">SIP41.8-5-2S</loadInformation30018>
<loadInformation308 model="Cisco 7961G-GE">SIP41.8-5-2S</loadInformation308>
<loadInformation404 model="Cisco 7962"></loadInformation404>
<loadInformation436 model="Cisco 7965"></loadInformation436>
<loadInformation6 model="CP-7970">SIP70.8-4-2S</loadInformation6>
<loadInformation30006 model="CP-7970">SIP70.8-4-2S</loadInformation30006>
<loadInformation119 model="Cisco 7971">TERM70.7-0-2-0S</loadInformation119>
<loadInformation118 model="Cisco 7971G-GE">TERM70.7-0-2-0S</loadInformation118>
<loadInformation437 model="Cisco 7975"></loadInformation437>
<loadInformation302 model="Cisco 7985">cmterm_7985.4-1-4-0</loadInformation302>
<authenticationURL></authenticationURL>
<directoryURL></directoryURL>
<idleURL></idleURL>
<informationURL></informationURL>
<messagesURL></messagesURL>
<servicesURL></servicesURL>
</Default>
Edit the loadInformation tag with the image version you want that particular phone to load with.
Monday, March 22, 2010
Running PEAP with Cisco Aeronet 1231G and Cisco Wireless IP Phone 7925G
To run WiFi with WPA and PEAP using Cisco Aeronet and Windows IAS/NPS, you need the following:
- Cisco Aeronet Access Point
- Windows Server (2003/2008) running IAS/NPS as the Radius server
- Server authentication certificate (commercial or self-signed)
Setting the Access Point
Login to the access point using HTTP/HTTPS, navigate to Security - Server Manager
Create a new radius server, point it to the Windows IAS/NPS (installed later). Speficy the shared secret and port for authentication and accounting
Set the default server priorities to
Navigate to Security - SSID Manager
Create a new SSID, attach it to the VLAN and tick the Radio checkbox
For Client Authentication Settings, tick Open Authentication with EAP and Network EAP. Change the Server Priorities to Customize or use defaults
For Client Authentication Key Management, select Mandatory for Key Management and tick WPA
SSID Settings. (optional) select Multiple SSID if you are running this SSID as multiple SSID
Navigate to Security - Encryption Manager
Select Encryption Modes to Chipher with AES CCMP + TKIP
Select Encryption Keys to Key 2 and let the value blank
Setting IAS/NPS
Once the NPS installed, run the wizard to setup the Wireless network.
We need to add a radius client which is the IP address of the Cisco Access Point
Navigate to Advancced tab, select the vendor name to Cisco
Navigate to Policies and select Connection Request Policies. Select the Secure Wireless Policy
Most of the following settings are the default value
Navigate to Use Windows authentication for all users. The following settings are having the default value
Navigate to Secure Wireless Connections. The following settings are having the default value
We specify which AD Security Group has access to this policy
Up to this stage, you need to import a server authentication certificate. This can be a commercial certificate or self-signed certificate. If you use self-signed certificate, you need to make sure the clients machine that is going to connect to this WiFi must trust the Root CA who generate this certificate
Select Microsoft Protected EAP (PEAP) and select Edit
If you have the certificate installed correctly, you should see the option which certificate you want to use
On the Settings tab
