FN

PROBLEM: Enabled telnet as a security vulnerability. SOLUTION: Disable telnet and enable SSH [?] Telnet vs. SSH https://www.ssh.com/ssh/telnet Telnet is a way how to remotely control something. This sounds great, but you should know telnet has been developed in the 1960’s and it is unencrypted. So everyone with e.g. Wireshark can read your username & password combo. The more secure way how to access your devices over the net is using SSH, which is significantly more secure. //Just use this code…

Read More Read More

PROBLEM: I would like would like to use the second router/switch as a backup one. SOLUTION: Use very simple HSRP! [?] What is EIGRP? https://www.cisco.com/c/en/us/support/docs/ip/enhanced-interior-gateway-routing-protocol-eigrp/16406-eigrp-toc.html Let’s have a look at the topology diagram, at first: We can see two networks (A, B) and two Routers (1, 2). We would like to keep one router as a primary (e.g. Router 1) and the second one as a backup. So e.g. if Router 1 goes down, we can still access the other network through Router…

Read More Read More

PROBLEM: I created a VLAN on my router, but I cannot see it using ‘show vlan-switch’ or Vlan Status is UP but Protocol is DOWN. SOLUTION: Create L2 SVI. [?] What is SVI? https://en.wikipedia.org/wiki/Switch_virtual_interface //Create L2 SVI over the existing L3 VLAN

OUTPUT

Copy & Paste

PROBLEM:  I am angry with Cisco IOS messages in the middle of my comands! SOLUTION:  Sync input and output. [?] How to connect to Cisco router? https://en.wikipedia.org/wiki/PuTTY //Turn on sync

BEFORE

AFTER

Copy & Paste

Credit:

PROBLEM: Cisco tries to telnet if you mistype. SOLUTION: Disable domain-lookup. [?] What is DNS? https://www.cloudflare.com/learning/dns/what-is-dns/ //Disable domain-lookup in config terminal mode

BEFORE

AFTER

Copy & Paste

PROBLEM: Monitor device access to the internet and create action when connection is not available (e.g. restart device). SOLUTION: Creating IP SLA (monitor) and trigger e.g. ‘reload’ action using event manager (EEM). [?] What is IP SLA? https://learningnetwork.cisco.com/blogs/vip-perspectives/2017/06/13/ip-sla-fundamentals //Create simple IP SLA with google DNS server as the target from interface FastEtheret 0/1

OUTPUT

Copy & Paste

Credit: https://www.experts-exchange.com/questions/21986774/IP-addresses-may-not-be-configured-on-L2-links-on-Cisco-1801.html

PROBLEM: Unable to configure IP on the specific interface. SOLUTION: Creating VLAN with IP and assign VLAN to the physical interface. [?] What is VLAN? https://www.lifewire.com/virtual-local-area-network-817357 //create VLAN and assign IP to it

//assign VLAN to interface

OUTPUT

Copy & Paste

Credit: https://www.experts-exchange.com/questions/21986774/IP-addresses-may-not-be-configured-on-L2-links-on-Cisco-1801.html

PROBLEM: I would like to block all incoming ping requests. SOLUTION: Block incoming ICMP traffic using access-list. [?] Why you should not block ICMP traffic! https://neilalexander.eu/articles/2017/4/16/understanding-icmp http://shouldiblockicmp.com/ //create deny rule to drop all ICMP requests //enable other traffic (bcs of implicit deny by ACL)

//assign the rule to the interface

OUTPUT

Copy & Paste

Source: https://community.cisco.com/t5/routing/block-icmp/td-p/2419132