Basic configuration on devices

Basic configuration on devices:

  • set hostname;
  • set secret password;
  • set banner motd;
  • encrypt passwords;
    • line console 0

    • set synchronous logging
    • set idle time
    • set password
    • use login
    • line vty 0 15

    • set password
    • use login
    • set history size

Below you have the commands. The hostname is at the end, because if you want to copy-paste them, you will have to modify the hostname:

enable
conf t
enable secret cisco
banner motd #AUTHORIZED ACCESS ONLY !#
service password-encryption
line console 0
logging synchronous
exec-time 0 0
password cisco
login
history size 256
line vty 0 15
password cisco
login
history size 256
exit
hostname

Domain Change from cyenetlabs.[com|net] to labs.cye.net

Starting with 2023 the new domain that is going to be used will be labs.cye.net instead of cyenetlabs.[com|net].

During the transition cyenetlabs.com and cyenetlabs.net will redirect to labs.cye.net.

Configure PPPoE on ASA5506X

conf t

vpdn group PPPoE request dialout pppoe
vpdn group PPPoE localname ISP.USERNAME
vpdn group PPPoE ppp authentication pap
vpdn username ISP.USERNAME password Password_of_ISP.USERNAME

int gi1/1nameif outside
security-level 0
pppoe client vpdn group PPPoE
ip address pppoe setroute
ipv6 nd suppress-ra
shut
no shut
exit

How to enable or disable the MORE prompt

I’ve had setup on one of the routers (R2) to show running-config without any –more– prompts. At any given time I couldn’t see the previous lines. So this configuration is not a good one.

This is how to enable the –more– prompt:

 terminal length 30

(or any number between 1 and 512, 24 is the default)

and verify:

R2#show terminal
Line 0, Location: "", Type: ""
Length: 30 lines, Width: 80 columns
Baud rate (TX/RX) is 9600/9600, no parity, 2 stopbits, 8 databits
Status: PSI Enabled, Ready, Active, Automore On
Capabilities: none
Modem state: Ready

This is how to disable the –more– prompt:

 terminal length 0

and verify:

R2#show terminal
Line 0, Location: "", Type: ""
Length: 0 lines, Width: 80 columns
Baud rate (TX/RX) is 9600/9600, no parity, 2 stopbits, 8 databits
Status: PSI Enabled, Ready, Active, Automore On
Capabilities: none
Modem state: Ready

CISCO CCNP TSHOOT Topology

TSHOOT 2014 Topology

TSHOOT 2014 Topology

Based on the topology modified by Khaled from GNS3 Talk I have recreated the tshoot 2014 topology in order for me to understand it. There are a few changes (interface names), but overall this not changes the topology.

I am taking the CISCO TSHOOT (642-832) exam soon enough and I wanted to be prepared for it. I’ve followed Khaled’s explanations and I am ready to pass the exam.

This topology can be found on cisco’s TSHOOT Exam’s page: https://learningnetwork.cisco.com/docs/DOC-6738 or here: CISCO TSHOOT 2014 Topology

Keep in mind that the topology will change, my guess is every 3 years. On 2011 it was a different topology, check Jeremy’s tshoot videos.
On CLN (Cisco Learning Network) there is this page that has some important stuff on now to prepare for the exam: https://learningnetwork.cisco.com/thread/64701

To have a feeling about this exam you may want to click this link: http://www.cisco.com/web/learning/le3/le2/le37/le10/tshoot_demo.html

Cisco Routers 2620-XM v 2621-XM

These models are used in the CCIE training. So the difference between them is one 1 FastEthernet port more on 2621XM and of course the price is a litthe higher.

So buy a 2620XM and if you want an extra FE just buy another module but check the prices first.

I found on cisco page the next datasheet: http://www.cisco.com/c/en/us/products/collateral/routers/2600-series-multiservice-platforms/Cisco 2600 series Routers Product Data Sheet

Cisco Wireless Explorer

Play a multilevel game in arranging APs all over the place. Give aliens some probes…

Cisco Wireless Explorer

Cisco Wireless Explorer


Play Cisco’s Wireless Explorer: https://learningnetwork.cisco.com/docs/DOC-7560

see Demo Cisco SWAN: wireless_learning_summary.pdf

Beat my score and leave me a comment:

Beat My Score

Beat My Score

Packet Tracer 6.0.1 – New Features

How to set history size on routers or switches

I wanted to see more than 10 lines in time so I needed a way to have that. History can be set up on console line and/or vty lines. Here is how you will do this on a switch:

SW1>ena
SW1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
SW1(config)#line con 0
SW1(config-line)#his
SW1(config-line)#history ?
  size  Set history buffer size
  

SW1(config-line)#history si
SW1(config-line)#history size ?
  <0-256>  Size of history buffer

SW1(config-line)#history size 256
SW1(config-line)#line vty 0 15
SW1(config-line)#hi
SW1(config-line)#history size
SW1(config-line)#history size 256
SW1(config-line)#exit
SW1(config)#exit
SW1#wr m
05:13:04: %SYS-5-CONFIG_I: Configured from console by console
SW1#wr mem
Building configuration...
[OK]
SW1#

It is the same configuration as for the switch:


R2#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R2(config)#line con 0
R2(config-line)#his
R2(config-line)#history size 256
R2(config-line)#exit
R2(config)#line vty 0 15
R2(config-line)#hi
R2(config-line)#history si
R2(config-line)#history size 256
R2(config-line)#exit
R2(config)#exit
R2#
Jun 12 17:34:34.055: %SYS-5-CONFIG_I: Configured from console by console
R2#

It is ok when you read the commands, but if you want to copy and paste them it is difficult. So here are the commands as a script:

ena
conf t
line con 0
history size 256
exit
line vty 0 15
history size 256
exit
exit
wr mem
 

(you need to copy all, so that write memory to be executed)

Total secure addresses on interface reached its max limit of

I’m trying to simulate a violation and put f0/2 to shutdown state. Everything is set up correctly but I do not know what is happening:

SW4(config-if)#do sh run int f0/2
Building configuration...

Current configuration : 254 bytes
!
interface FastEthernet0/2
 switchport access vlan 20
 switchport mode access
 switchport port-security
 switchport port-security mac-address sticky
 switchport port-security mac-address sticky 00e0.4c8b.116f
 no ip address
 spanning-tree portfast
end

When I connect a different device instead of “err-disabled state” i get:

%Error: Cannot add secure address 5442.49f8.7b80
%Error: Total secure addresses on interface reached its max limit of 1

It seems that the switch (3550) that I’m working on can’t update the MAC address, it says configured MAC addresses: 0.

SW4(config-if)#do sh port int f0/2
Port Security : Enabled
Port status : SecureUp
Violation mode : Shutdown
Maximum MAC Addresses : 1
Total MAC Addresses : 1
Configured MAC Addresses : 0
Sticky MAC Addresses : 1
Aging time : 0 mins
Aging type : Absolute
SecureStatic address aging : Disabled
Security Violation count : 0

I wanted to see past commands that I have typed but I’ve had only 10 of them, because the history size is set to 10 by default. Here is how to set the history size !
And I have no errdisable for recovery mode:

SW4#sh errdisable recov
ErrDisable Reason    Timer Status
-----------------    --------------
udld                 Disabled
bpduguard            Disabled
channel-misconfig    Disabled
pagp-flap            Disabled
dtp-flap             Disabled
link-flap            Disabled
l2ptguard            Disabled
psecure-violation    Disabled
gbic-invalid         Disabled

Timer interval: 300 seconds

Interfaces that will be enabled at the next timeout:

Command rejected: Not eligible for secure port

If you have this error message “Command rejected: Not eligible for secure port.” it means that you first must set the port to the access mode.

SW4(config)#int f0/4
SW4(config-if)#switchport port-security
Command rejected: Not eligible for secure port.
SW4(config-if)#switchport mode access
SW4(config-if)#switchport port-security

and that’s it.