How To Enable Telnet Access On Cisco ASA 5540

Sometimes there are times that you will need to grant access to other administrators to access the CISCO ASA using telnet.

In Cisco ASA Devices enabling Telnet will not allow all network\hosts to access the ASA using Telnet which will work with Routers and Switches.

In ASA we need to add hosts or networks to the Allowed telnet access list.

First, to view who can access the ASA using telnet type:

ASA# sh run telnet

telnet inside
telnet inside

In this case we have two host that can access the ASA using telnet.

To add an host to the Telnet access list type:

ASA (config)# telnet inside

Hostname or A.B.C.D  The IP address of the host and/or network authorized to

You can also use the ASDM GUI interface by going to:

Configuration > Device Managment > Management Access > Command Line (CLI) >Telnet


How To Restart A Cisco Router

To restart a Cisco Router or Switch we need to use the following command:

Router# reload

To restart the router in a certain number of minutes type:

Router# reload in 5

To see router up-time type:

router# sh version

Read more:

Success! You're on the list.

Exclude a specific User, Group Or machine from A Group Policy

Sometimes when applying a group policy to the domain there is a need to exclude users, groups or computers from the policy or in other words not applying the group policy to them.

To do so, follow the steps:

Open the group policy using the group policy management utility.

Click on group policy you want to exclude users form.
Go to Delegation tab and add the User, Group or machine
Then Choose “Read” from the drop down as the default.  Click OK.
Select the User, Group Or machine from the list
Then click the advanced tab
Select “Deny” next to the “Apply Group Policy”

To check the policy run “gpupdate /force” and “gpresult”.

How To Configure NetFlow On A Cisco Router

Recently I was wondering what was the best way to analyze and monitor the traffic that passes the routers between sites \ offices.


After researching the issue I found out the Cisco NetFlow protocol allows you to analyze the traffic that pass the router,  however In order to get this done we need to

Configure our routers to do a few things:


1.       Install Software that analyze NetFlow

2.       Enable NetFlow on the router

3.       Configure the router to send the logs to a netflow analyzer server (needs to be configure before)


Once you got the server or PC up and running with a netflow software (there are a lot of free application, I used Manage Engine NetFlow Analyzer 6 which allows you to monitor 2 router for free) , We need to tell the router to send the NetFlow logs to the server, To do that here is the commands we need to type:



Router(config)# ip flow-export destination {hostname|ip_address} 9996    

Router(config)#  ip flow-export source {interface} {interface_number}    

Router(config)#ip flow-export version 5                        

Router(config)#  ip flow-export version 5

Router(config)#  ip flow-cache timeout inactive 15

Router(config)#  snmp-server ifindex persist



To monitor and Check that we configured the Router to send the logs type:


Router# show ip flow export

Router#   show ip cache flow

Router#  show ip cache verbose flow



Configuration Sample:


router#configure terminal
router(config)#interface FastEthernet 0/1
router(config-if)#ip route-cache flow
router(config)#ip flow-export destination 9996
router(config)#ip flow-export source FastEthernet 0/1
router(config)#ip flow-export version 5
router(config)#ip flow-cache timeout active 1
router(config)#ip flow-cache timeout inactive 15
router(config)#snmp-server ifindex persist

router# copy run start
router#show ip flow export
router#show ip cache flow




To Cancel NetFlow:


no ip flow-export destination {hostname|ip_address} {port_number}

no ip route-cache flow



How To Apply QoS For VOIP With Cisco Routers Between Two Sites

After a few days of searching the Internet for a simple template and example of VOIP QoS implamntation  without any results I have decided to write KB on how to implement VOIP Q0S on a Cisco router between  two offices \ sites.

This example is ready to use however you need to find which protocol your VoIp telephone system is using (in this example i used MITEL 3000)

once you find it all you have to do is fill it in and paste the code to to both routers.

If you happy with the policy map names leave it as it is, and don’t forget to apply the policy to the right interface.

The commands with explanations:


class-map match-all Voice
 match ip dscp 46                           —- Remember to put the right protocol number. (46 is for MITEL)

class-map match-all signalling     — this name can be change
match ip dscp 26                           —- Remember to put the right protocol number. (26 is for MITEL)

policy-map voip                            — this name can be change
class Voice                                    — this name need to match class-map match-all
bandwidth percent 30                   —  percent for voice
class signalling                            — this name need to match class-map match-all�
bandwidth percent 5                    ——  percent for signalling
class class-default

interface gi0/1                             —- Apply Policy Map to Interface
service-policy output Voip

To monitor the traffic and see that everything is working type:
show policy-map interface gi0/0
The commands without  explanations and ready to be copied:

class-map match-all Voice
 match ip dscp 46

class-map match-all signalling
match ip dscp 26

policy-map voip
class Voice
bandwidth percent 30
class signalling
bandwidth percent 8
class class-default
interface gi0/1
service-policy output Voip

Configure \ Enable SNMP On A Cisco Router Or Switch

In order for to Monitor a Cisco Router or Switch using SMNP with a 3rd party software like MTRG we need to enable SNMP on the device and set a SNMP String.

To do it follow the steps below:

Log in to the router and enter configuration mode:

Router#configure terminal

Enable SMNP:

Router(config)#snmp-server community public RO
Router(config)#snmp-server community private RW

Then save the changes:

Router#write memory

View SNMP command :

Router# sh snmp
Chassis: FHK1215F41P
2411 SNMP packets input
    0 Bad SNMP version errors
    0 Unknown community name
    0 Illegal operation for community name supplied
    0 Encoding errors
    2819 Number of requested variables
    0 Number of altered variables
    178 Get-request PDUs
    2233 Get-next PDUs
    0 Set-request PDUs
    0 Input queue packet drops (Maximum queue size 1000)
2411 SNMP packets output
    0 Too big errors (Maximum packet size 1500)
    18 No such name errors
    0 Bad values errors
    0 General errors
    2411 Response PDUs
    0 Trap PDUs

To Remove \ Disable SNMP

Router(config)#no snmp-server community public RO
Router(config)#no snmp-server community private RW



How To Configure An IP address On A Cisco Switch

When using Cisco switches there is a need to remotely manage the switches in order to apply , monitor and change the switch configuration, to do so we need to assign the switch an IP address.

To set an IP address on the Switch:

Log onto the router using the console cable and type:

 Switch(config)#int vlan 1
Switch(config-if)#ip address
Switch(config-if)#no shut

To set a new password on the Switch Type:

Switch#config t�
Switch(config)#enable secret Myint771

Don’t forget to save the the changes using:

Switch#copy run start

How To Set A Password And Enable Telnet Access To A Cisco Router

To change the Defualt password (in Cisco routers the defualt usename and password is cisco) on a Cisco router and Enable Telnet access to the router we need to type the following commands:

router#config t
Router(config)#enable secret mypassword

Set VTY password (Telnet)

Router(config)#line vty 0 15
Router(config-line)#password mypassword

How To Enable Cisco SDM On Cisco 2800 Router

Since Cisco released Cisco IOS version 14 we can now apply and manage the router configuration using a GUI.

By defualt the Cisco SDM GUI is disable, In order to unable the GUI we need to apply a few commands to the router.

To enable the SDM GUI:

Log into the router and type:

Router# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)# ip http server
Router(config)# ip http secure-server
Router(config)# ip http authentication local end
Router(config)# ip http timeout-policy idle 600 life 86400 requests 10000

The last command will change the defualt user name and password which is cisco for username and cisco for password.


Router(config)# username username privilege 15 secret 0 password


Router(config)# username admin privilege 15 secret 0 newpassword

The last step is to access the router using the web browser:


With Cisco 2800 series pre configured routers we also need to remove the defualt ACL which block access to the router.