Posts Tagged Cisco

Route filtering in Cisco!!!

Route filtering is a mechanism whereby you can filter routes based on various types of criteria. This topic is a big part of advanced routing technologies. You definitely have to master this skill in order to be a routing super-hero 🙂

Here is a list of all the route filtering methods that can be applied on a Cisco router:

  • Access List
  • Distribute List
  • Filter List
  • Prefix List
  • Route Map


No Comments

Cisco SDM – How do I Download + Configure it?

Cisco SDM (Security Device Manager) is a GUI (Graphical User Interface) based Software for Configuring/Managing Cisco Routers. Its a great tool for Small Businesses and for IT Professionals alike since it allows non-Cisco folks to configure Cisco Routers even if they don’t have an intimate know-how of the CLI (Command Line Interface).

The reason Cisco is getting into GUI style of configuration is because its competitors like Juniper, Checkpoint etc. have gained a decent market share over the past few years by being leaders in GUI based Networking products. Although, in the background, its all CLI that does the magic but the market/customers demand ease of use & that is what GUI based Softwares provide.

Here is the link for downloading SDM:

Once downloaded & installed. Here is what you need to do – bare minimum – on your router for the SDM to be able to communicate with the Router. Its a 4 Step Configuration Process –>

  1. Assign IP to the Router’s Ethernet Interface & PC in the same Subnet, of course :-). Also verify Layer 3 connectivity by pinging.
  2. Create a User Account on your Router (via CLI):user
  3. Enable HTTP &/or HTTPS on your Router:enable http
  4. Enable local authentication for HTTP/HTTPS on your Router:enable authentication


Cisco Learning Network

Cisco Learning Network (CLN) is a great place for gaining/sharing in depth knowledge of Cisco Technologies. Number of well known experts around the globe are available to provide assistance to folks from Novice to Expert level. Its basically a Cisco Virtual Learning Community or Human Network 🙂

If you are interested in becoming a CLN member click on the following link: CLN

No Comments

Cisco Security Advisories and Notices

The following link provides a report on vulnerabilities found in Cisco products/softwares & mitigation techniques:


No Comments

EtherChannel MAC Flap Issue on a Cisco Switch – Solution!

Have you ever come across a following error message?

*Mar  1 00:17:16.211: %SW_MATM-4-MACFLAP_NOTIF: Host 0015.2b57.8317 in vlan 1 is flapping between port Fa0/21 and port Fa0/23

The chances are you have, specially while configuring an EtherChannel. Here are some troubleshooting steps:

1) Make sure that the EtherChannel Port is UP via “show ip int brief” command or “show etherchannel summary

2) sh mac address-table command will show you whether or not those ports belong to Po or Port-Channel interface

3) Here is how to resolve this issue:

  • Make sure that the “Channel-Protocol” is the same on both ends. PAgP or LACP or on. If one end is PAgP & the other is set to on EtherChannel won’t form. Same goes with LACP.
  • Both sides of the EtherChannel have to have the same EtherChannel Negotiation Protocol i.e. PAgP or LACP. If you don’t want to use Negotiation Protocol then both ends have to be set to “on”.
  • The above-mentioned will resolve the issue.


No Comments

How Do I Decrypt Cisco Type 7 Passwords?

There are a lot of choices available online. But my personal favorites are:

The 1st option is an online only service. The 2nd option, however, allows you to download a utility called “Get Pass” from Boson’s site that you can carry around on your laptop in order to decrypt Cisco type 7 passwords.


Gateway of Last Resort on a Cisco Router/Switch

Check out the following link on Cisco’s site:

Configuring a Gateway of Last Resort Using IP Commands

No Comments

Routing Protocol Resources on Cisco’s Site

The following links will take you to Cisco’s Site providing detailed explanation of each Routing Protocol & also tons of guides that can take you from novice to expert level:

No Comments

Time-Based ACL for ISDN Connectivity

There are 4 things to consider:

1. Define the Time-Range (under global config mode):
time-range isdn-hours
absolute start 00:00 01 January 2009
periodic weekdays 7:00 to 19:00

2. An Access List needs to be created for defining the interesting traffic & tying the Time-Range (under global config mode):
access-list 100 remark ACL for ISDN interesting traffic definition
access-list 100 deny ospf any any
access-list 100 permit ip any any time-range isdn-hours

3. Create a Dialer List with a Reference to access-list 100, as follows (under global config mode):
dialer-list 1 protocol ip list 100

4. Apply the Dialer List to the ISDN Interface (under global config mode):
interface BRI0
dialer-group 1

No Comments

How to Upgrade IOS Image on a Cisco Router/Switch?

There are a couple of pieces to this puzzle. Here is a list of things you need to successfully perform this operation:

1) Router or a Switch you would like to upgrade
2) Console Cable
3) Straight Through Ethernet Cable (CAT5)
4) PC
5) TFTP Server (

Here is a step-by-step of what needs to be done to perform the upgrade:

1. First of all, you would need to connect your Console Cable’s RJ-45 end into the Router’s or Switch’s Console Port.
2. The other end of the Console Cable that has a DB9 Connector needs to be plugged into the Serial Port of the PC.
3. Now open up your favorite program to launch console. Or you can use Hyper-terminal (comes free with Windows). Here are a few snapshots of Hyper-Terminal settings to get you started:


4. Once you are done. You should be at a user prompt followed by a “>” sign. Now type in “enable” to get to “#” prompt also known as exec prompt.
5. Now the other important piece of the puzzle you need to focus on is running a TFTP Server on your PC. Once you have the software downloaded as mentioned above, you can then go ahead & launch it.
6. Once the TFTP Server is running on a PC. Make sure you point the path on the Server to the appropriate IOS image. Here are a few snapshots of the SolarWinds TFTP Server config:


7. Now the last piece of the puzzle is the Ethernet Connection between the Router/Switch & PC. Connect any of the available ethernet/fast-ethernet ports on your Router/Switch to your PC’s Ethernet Port via a CAT5 cable. Make sure its a stright-thru cable since you are connecting two dislike devices.
8. Now assign a manual IP address on each end of the Ethernet Connection. For Example: on the PC, assign /24 & on the Router/Switch assign /24. Once done, try pinging either from your PC’s command prompt or your Router/Switch’s CLI mode via the Hyper-Terminal or any Terminal program of your choice.
9. Here is the final step: type in the following command under exec prompt:
Router#copy tftp: flash:
hit enter
Address or name of remote host []?
here you have to type in the IP address of your TFTP Server, which in this case happens to be the same as your PC’s IP address.
10. Then ok all the way & the image push should start immediately.
11. Once the image is done pushing & you get a message indicating that the IOS image push was successful. Make sure you see the image on the flash. You can check this by typing in “show flash” under exec prompt.
12. And last but not least, don’t forget to REBOOT. Reboot is what forces the router to initialize the new IOS image. You can reboot the Router/Switch via “reload” command under exec prompt.

No Comments