Basic configuration on devices
Basic configuration on devices:
- set hostname;
- set secret password;
- set banner motd;
- encrypt passwords;
-
- line console 0
- set synchronous logging
- set idle time
- set password
- use login
-
- line vty 0 15
- set password
- use login
- set history size
Below you have the commands. The hostname is at the end, because if you want to copy-paste them, you will have to modify the hostname:
enable
conf t
enable secret cisco
banner motd #AUTHORIZED ACCESS ONLY !#
service password-encryption
line console 0
logging synchronous
exec-time 0 0
password cisco
login
history size 256
line vty 0 15
password cisco
login
history size 256
exit
hostname
Domain Change from cyenetlabs.[com|net] to labs.cye.net
Starting with 2023 the new domain that is going to be used will be labs.cye.net instead of cyenetlabs.[com|net].
During the transition cyenetlabs.com and cyenetlabs.net will redirect to labs.cye.net.
Configure PPPoE on ASA5506X
conf t
vpdn group PPPoE request dialout pppoe
vpdn group PPPoE localname ISP.USERNAME
vpdn group PPPoE ppp authentication pap
vpdn username ISP.USERNAME password Password_of_ISP.USERNAME
int gi1/1nameif outside
security-level 0
pppoe client vpdn group PPPoE
ip address pppoe setroute
ipv6 nd suppress-ra
shut
no shut
exit
How to enable or disable the MORE prompt
I’ve had setup on one of the routers (R2) to show running-config without any –more– prompts. At any given time I couldn’t see the previous lines. So this configuration is not a good one.
This is how to enable the –more– prompt:
terminal length 30
(or any number between 1 and 512, 24 is the default)
and verify:
R2#show terminal Line 0, Location: "", Type: "" Length: 30 lines, Width: 80 columns Baud rate (TX/RX) is 9600/9600, no parity, 2 stopbits, 8 databits Status: PSI Enabled, Ready, Active, Automore On Capabilities: none Modem state: Ready
This is how to disable the –more– prompt:
terminal length 0
and verify:
R2#show terminal Line 0, Location: "", Type: "" Length: 0 lines, Width: 80 columns Baud rate (TX/RX) is 9600/9600, no parity, 2 stopbits, 8 databits Status: PSI Enabled, Ready, Active, Automore On Capabilities: none Modem state: Ready
CISCO CCNP TSHOOT Topology
Based on the topology modified by Khaled from GNS3 Talk I have recreated the tshoot 2014 topology in order for me to understand it. There are a few changes (interface names), but overall this not changes the topology.
I am taking the CISCO TSHOOT (642-832) exam soon enough and I wanted to be prepared for it. I’ve followed Khaled’s explanations and I am ready to pass the exam.
This topology can be found on cisco’s TSHOOT Exam’s page: https://learningnetwork.cisco.com/docs/DOC-6738 or here: CISCO TSHOOT 2014 Topology
Keep in mind that the topology will change, my guess is every 3 years. On 2011 it was a different topology, check Jeremy’s tshoot videos.
On CLN (Cisco Learning Network) there is this page that has some important stuff on now to prepare for the exam: https://learningnetwork.cisco.com/thread/64701
To have a feeling about this exam you may want to click this link: http://www.cisco.com/web/learning/le3/le2/le37/le10/tshoot_demo.html
Cisco Routers 2620-XM v 2621-XM
These models are used in the CCIE training. So the difference between them is one 1 FastEthernet port more on 2621XM and of course the price is a litthe higher.
So buy a 2620XM and if you want an extra FE just buy another module but check the prices first.
I found on cisco page the next datasheet: http://www.cisco.com/c/en/us/products/collateral/routers/2600-series-multiservice-platforms/Cisco 2600 series Routers Product Data Sheet
Cisco Wireless Explorer
Play a multilevel game in arranging APs all over the place. Give aliens some probes…
Play Cisco’s Wireless Explorer: https://learningnetwork.cisco.com/docs/DOC-7560
see Demo Cisco SWAN: wireless_learning_summary.pdf
Beat my score and leave me a comment:
How to set history size on routers or switches
I wanted to see more than 10 lines in time so I needed a way to have that. History can be set up on console line and/or vty lines. Here is how you will do this on a switch:
SW1>ena SW1#conf t Enter configuration commands, one per line. End with CNTL/Z. SW1(config)#line con 0 SW1(config-line)#his SW1(config-line)#history ? size Set history buffer sizeSW1(config-line)#history si SW1(config-line)#history size ? <0-256> Size of history buffer SW1(config-line)#history size 256 SW1(config-line)#line vty 0 15 SW1(config-line)#hi SW1(config-line)#history size SW1(config-line)#history size 256 SW1(config-line)#exit SW1(config)#exit SW1#wr m 05:13:04: %SYS-5-CONFIG_I: Configured from console by console SW1#wr mem Building configuration... [OK] SW1#
It is the same configuration as for the switch:
R2#conf t Enter configuration commands, one per line. End with CNTL/Z. R2(config)#line con 0 R2(config-line)#his R2(config-line)#history size 256 R2(config-line)#exit R2(config)#line vty 0 15 R2(config-line)#hi R2(config-line)#history si R2(config-line)#history size 256 R2(config-line)#exit R2(config)#exit R2# Jun 12 17:34:34.055: %SYS-5-CONFIG_I: Configured from console by console R2#
It is ok when you read the commands, but if you want to copy and paste them it is difficult. So here are the commands as a script:
ena
conf t
line con 0
history size 256
exit
line vty 0 15
history size 256
exit
exit
wr mem
(you need to copy all, so that write memory to be executed)
Total secure addresses on interface reached its max limit of
I’m trying to simulate a violation and put f0/2 to shutdown state. Everything is set up correctly but I do not know what is happening:
SW4(config-if)#do sh run int f0/2 Building configuration... Current configuration : 254 bytes ! interface FastEthernet0/2 switchport access vlan 20 switchport mode access switchport port-security switchport port-security mac-address sticky switchport port-security mac-address sticky 00e0.4c8b.116f no ip address spanning-tree portfast end
When I connect a different device instead of “err-disabled state” i get:
%Error: Cannot add secure address 5442.49f8.7b80 %Error: Total secure addresses on interface reached its max limit of 1
It seems that the switch (3550) that I’m working on can’t update the MAC address, it says configured MAC addresses: 0.
SW4(config-if)#do sh port int f0/2 Port Security : Enabled Port status : SecureUp Violation mode : Shutdown Maximum MAC Addresses : 1 Total MAC Addresses : 1 Configured MAC Addresses : 0 Sticky MAC Addresses : 1 Aging time : 0 mins Aging type : Absolute SecureStatic address aging : Disabled Security Violation count : 0
I wanted to see past commands that I have typed but I’ve had only 10 of them, because the history size is set to 10 by default. Here is how to set the history size !
And I have no errdisable for recovery mode:
SW4#sh errdisable recov ErrDisable Reason Timer Status ----------------- -------------- udld Disabled bpduguard Disabled channel-misconfig Disabled pagp-flap Disabled dtp-flap Disabled link-flap Disabled l2ptguard Disabled psecure-violation Disabled gbic-invalid Disabled Timer interval: 300 seconds Interfaces that will be enabled at the next timeout:
Command rejected: Not eligible for secure port
If you have this error message “Command rejected: Not eligible for secure port.” it means that you first must set the port to the access mode.
SW4(config)#int f0/4 SW4(config-if)#switchport port-security Command rejected: Not eligible for secure port. SW4(config-if)#switchport mode access SW4(config-if)#switchport port-security
and that’s it.