FN – Page 5 – My 'wiki'

Devil’s VLAN 666? (NETWORKING/CISCO)

12/11/2018 FN Comments 0 Comment

PROBLEM: What the hell stands VLAN 666 for? SOLUTION: Native VLAN feature! [?] What is VLAN? https://study-ccna.com/what-is-a-vlan/ In most of the times, you can observe Vlan1 on your switch to be down / administratively down. And this is fine and correct, simply because of security reasons. Vlan1 is default Vlan so it cannot be deleted, but we can disable it and create another Vlan and force it to behave as the native one. By default, all ports are under Vlan 1, which…

Simple HTTPS redirect using .htaccess (WEB)

09/11/2018 FN Comments 0 Comment

PROBLEM: I have SSL certificate installed, but web is still on http instead of https. SOLUTION: Put simple code to your .htaccess file. [?] How secure is HTTPS today? https://www.eff.org/deeplinks/2011/10/how-secure-https-today //Put this code into your .htaccess file

RewriteEngine On 
RewriteCond %{SERVER_PORT} 80 
RewriteRule ^(.*)$ https://www.filipniko.cz/$1 [R,L]

RewriteEngine On

RewriteCond %{SERVER_PORT} 80

RewriteRule ^(.*)$ https://www.filipniko.cz/$1 [R,L]

Credit: https://serverguy.com/servers/redirect-http-to-https/

Just created VLAN but I cannot see it! (CISCO)

09/11/2018 FN Comments 0 Comment

PROBLEM: I created a VLAN on my router, but I cannot see it using ‘show vlan-switch’ or Vlan Status is UP but Protocol is DOWN. SOLUTION: Create L2 SVI. [?] What is SVI? https://en.wikipedia.org/wiki/Switch_virtual_interface //Create L2 SVI over the existing L3 VLAN

Router(config-v)# vlan 10
Router(config-vlan)# exit

1 2	Router(config-v)# vlan 10 Router(config-vlan)# exit

OUTPUT

Router# show vlan-switch


VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa1/0, Fa1/2, Fa1/3, Fa1/4                                                
10   VLAN0010                         active    Fa1/1

Router# show vlan-switch

VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------

1 default active Fa1/0, Fa1/2, Fa1/3, Fa1/4

10 VLAN0010 active Fa1/1

Copy & Paste

conf t
vlan 10
end

conf t

vlan 10

end

Cisco is interrupting my typing (CISCO)

08/11/2018 FN Comments 0 Comment

PROBLEM: I am angry with Cisco IOS messages in the middle of my comands! SOLUTION: Sync input and output. [?] How to connect to Cisco router? https://en.wikipedia.org/wiki/PuTTY //Turn on sync

Router(config)# line vty 0 15
Router(config-line)# logging synchronous
Router(config)# line con 0
Router(config-line)# logging synchronous
Router(config)# line aux 0
Router(config-line)# logging synchronous

Router(config)# line vty 0 15

Router(config-line)# logging synchronous

Router(config)# line con 0

Router(config-line)# logging synchronous

Router(config)# line aux 0

Router(config-line)# logging synchronous

BEFORE

Router# sho
%LINK-5-CHANGED: Interface GigabitEthernet0/0/1, changed state to up w  ip interface

1 2	Router# sho %LINK-5-CHANGED: Interface GigabitEthernet0/0/1, changed state to up w ip interface

AFTER

Router# sho
%LINK-5-CHANGED: Interface GigabitEthernet0/0/1, changed state to up
Router# show ip interface brief

Router# sho

%LINK-5-CHANGED: Interface GigabitEthernet0/0/1, changed state to up

Router# show ip interface brief

Copy & Paste

conf t
line vty 0 15
logging synchronous
exit
line con 0
logging synchronous
exit
line aux 0
logging synchronous
end

conf t

line vty 0 15

logging synchronous

exit

line con 0

logging synchronous

exit

line aux 0

logging synchronous

end

Credit:

Stop translating typo in privileged mode (CISCO)

08/11/2018 FN Comments 0 Comment

PROBLEM: Cisco tries to telnet if you mistype. SOLUTION: Disable domain-lookup. [?] What is DNS? https://www.cloudflare.com/learning/dns/what-is-dns/ //Disable domain-lookup in config terminal mode

Router(config)# no ip domain-lookup

1	Router(config)# no ip domain-lookup

BEFORE

Router# test
Translating "test"...domain server (255.255.255.255)
% Unknown command or computer name, or unable to find computer address

Router# test

Translating "test"...domain server (255.255.255.255)

% Unknown command or computer name, or unable to find computer address

AFTER

Router# test
Translating "test"
% Unknown command or computer name, or unable to find computer address

Router# test

Translating "test"

% Unknown command or computer name, or unable to find computer address

Copy & Paste

conf t
no ip domain-lookup
end

conf t

no ip domain-lookup

end

Monitor device connection to the internet (CISCO)

08/11/2018 FN Comments 0 Comment

PROBLEM: Monitor device access to the internet and create action when connection is not available (e.g. restart device). SOLUTION: Creating IP SLA (monitor) and trigger e.g. ‘reload’ action using event manager (EEM). [?] What is IP SLA? https://learningnetwork.cisco.com/blogs/vip-perspectives/2017/06/13/ip-sla-fundamentals //Create simple IP SLA with google DNS server as the target from interface FastEtheret 0/1

Router(config)# ip sla 1
Router(config-ip-sla)# icmp-echo 8.8.8.8 source-interface FastEthernet 0/1
Router(config-ip-sla)# timeout 5000
Router(config-ip-sla)# frequency 50
<strong>#Config IP sla to start now and live forever</strong>
Router(config)# ip sla schedule 1 start-time now life forever
<strong>#Track IP sla reachability</strong>
track 10 rtr 1 reachability
<strong>#On some other versions you have to use "track 1 ip sla 1 reachability"</strong>

Router(config)# ip sla 1

Router(config-ip-sla)# icmp-echo 8.8.8.8 source-interface FastEthernet 0/1

Router(config-ip-sla)# timeout 5000

Router(config-ip-sla)# frequency 50

#Config IP sla to start now and live forever

Router(config)# ip sla schedule 1 start-time now life forever

#Track IP sla reachability

track 10 rtr 1 reachability

#On some other versions you have to use "track 1 ip sla 1 reachability"

OUTPUT

*Sep 15 13:37:00 %TRACK-6-STATE: 10 ip sla 1 srate Up -> Down

1	*Sep 15 13:37:00 %TRACK-6-STATE: 10 ip sla 1 srate Up -> Down

Copy & Paste

conf t
ip sla 1
icmp-echo 8.8.8.8 source-interface FastEthernet 0/1
timeout 5000
frequency 50
exit
ip sla schedule 1 start-time now life forever
track 10 rtr 1 reachability
exit

conf t

ip sla 1

icmp-echo 8.8.8.8 source-interface FastEthernet 0/1

timeout 5000

frequency 50

exit

ip sla schedule 1 start-time now life forever

track 10 rtr 1 reachability

exit

Credit: https://www.experts-exchange.com/questions/21986774/IP-addresses-may-not-be-configured-on-L2-links-on-Cisco-1801.html

% IP addresses may not be configured on L2 links (CISCO)

08/11/2018 FN Comments 0 Comment

PROBLEM: Unable to configure IP on the specific interface. SOLUTION: Creating VLAN with IP and assign VLAN to the physical interface. [?] What is VLAN? https://www.lifewire.com/virtual-local-area-network-817357 //create VLAN and assign IP to it

Router(config)# interface Vlan 10
Router(config-if)# ip address 172.16.0.1 255.255.255.0

1 2	Router(config)# interface Vlan 10 Router(config-if)# ip address 172.16.0.1 255.255.255.0

//assign VLAN to interface

Router(config)# interface FastEthernet0/1
Router(config-if)# switchport mode access
Router(config-if)# switchport access Vlan 10

Router(config)# interface FastEthernet0/1

Router(config-if)# switchport mode access

Router(config-if)# switchport access Vlan 10

OUTPUT

Router(config)#sh ip int br
Vlan10 10.0.0.1 YES manual up down

1 2	Router(config)#sh ip int br Vlan10 10.0.0.1 YES manual up down

Copy & Paste

conf t
interface Vlan 10
ip address 172.16.0.1 255.255.255.0
exit
interface FastEthernet0/1
switchport mode access
switchport access Vlan 10
end

conf t

interface Vlan 10

ip address 172.16.0.1 255.255.255.0

exit

interface FastEthernet0/1

switchport mode access

switchport access Vlan 10

end

Credit: https://www.experts-exchange.com/questions/21986774/IP-addresses-may-not-be-configured-on-L2-links-on-Cisco-1801.html

Block incoming ping (CISCO)

08/11/2018 FN Comments 0 Comment

PROBLEM: I would like to block all incoming ping requests. SOLUTION: Block incoming ICMP traffic using access-list. [?] Why you should not block ICMP traffic! https://neilalexander.eu/articles/2017/4/16/understanding-icmp http://shouldiblockicmp.com/ //create deny rule to drop all ICMP requests //enable other traffic (bcs of implicit deny by ACL)

Router(config)# access-list 101 deny icmp any any
Router(config)# access-list 101 permit ip any any

1 2	Router(config)# access-list 101 deny icmp any any Router(config)# access-list 101 permit ip any any

//assign the rule to the interface

Router(config)# int FastEthernet 0/1 
Router(config-if)# ip access-group 101 in

1 2	Router(config)# int FastEthernet 0/1 Router(config-if)# ip access-group 101 in

OUTPUT

Router# ping 172.16.0.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.0.2, timeout is 2 seconds:
UUUUU
Success rate is 0 percent (0/5)

Router# ping 172.16.0.2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.16.0.2, timeout is 2 seconds:

UUUUU

Success rate is 0 percent (0/5)

Copy & Paste

conf t
access-list 101 deny icmp any any
access-list 101 permit ip any any
int FastEthernet 0/1 
ip access-group 101 in 
end

conf t

access-list 101 deny icmp any any

access-list 101 permit ip any any

int FastEthernet 0/1

ip access-group 101 in

end

Source: https://community.cisco.com/t5/routing/block-icmp/td-p/2419132