The following command will enable ssh on your cisco router. Continue reading “Configure SSH on your Cisco router”
How to Edit Cisco Access-List
This KB will show you how to edit Cisco Access lists, Since IOS 12.2 we no longer need to use notepad to edit access list.
This KB is only valid to Cisco IOS 12.2 or higher.
Cisco has a new command that make editing and deleting easy, The new command is ip access-list.
Solution: Edit ACL.
Step 1:
Type the show ip-access-list to see all ACL
EXAMPLE
RTR#sh ip access-lists
Standard IP access list 23
10 permit 192.168.1.2
30 permit 10.50.0.0, wildcard bits 0.0.7.255
Step 2:
Edit ACL command
RTR(config)#ip access-list standard 23
RTR(config-std-nacl)#no 10
RTR(config-std-nacl)#deny 30
How to Upgrade Cisco ASDM
In order to upgrade CISCO ASDM software we need to follow the following steps:
1.Download the software from Cisco Website (you need a cisco username)
2.Load the software to the device (ASA)
3.Cofigure the ASA (device to use the new version image file)
Step 1:
Downkload link:
http://www.cisco.com/en/US/products/ps6121/index.html
Step 2:
To load the new version we use the ASDM manger with the following 3 options:
1.
Tools -> Upgrade software from Local computer
2.
Tools -> File Management
3.
Tools -> Upgrade Software from Cisco.com
We can also upload the software using a TFTP server and the copy tftp flash command:
firewall#copy tftp flash
Step 3:
Once image uploaded to the Firewall we need to configure the ASA to point to the new ASDM software and use it (there is no need to reboot router after configuration)
To configure ASA to use new ASDM version:
In ASDM go to:
Device Management – > System Image\configuration -> Boot Image/configuration
Int the ASDM file path click browse and select the new ASDM image.
You can also change the ASDM boot image from the CLI command line using the following command:
firewall(config)#asdm image flash:asdm-613.bin
Step 4:
Save config, close ASDM and go to router page https://ip_address and start the ASDM.
How To Create Users and Login in Cisco Router Or Switch
How To:
This Guide will show you how to create a new user account on your Cisco Router\switch.
By doing this you can grant access to other administrators and monitor changes made on the device.
Solution:
In order to make this work we need to follow two steps:
1. Create a new account
2. Configure the device (router or switch to authenticate users from the local users db).
1.Create Users
Create a new user with the right privilege level.
Router# service password-encryption
Router(config)# username admin priv 15 pass password
2.Authenticate
Router(config)# line vty 0 5
Router(config)# login local
Router(config)# line con 0
Router(config)# login local
Router(config)# line aux 0
Router(config)# login local
Save configuration and try to log on.
How To Setup Banner display On A Cisco Router \ Switch
How To:
On Cisco Routers and Switches we have the option to set up a banner display when people log in to the device.
Solution:
To setup welcome banner on a cisco device we need to use the banner command:
Banner Command:
switch(config)#banner ?
LINE c banner-text c, where ‘c’ is a delimiting character
config-save Set message for saving configuration
exec Set EXEC process creation banner
incoming Set incoming terminal line banner
login Set login banner
motd Set Message of the Day banner
prompt-timeout Set Message for login authentication timeout
slip-ppp Set Message for SLIP/PPP
Example on how to set up a login banner:
switch#config t
Enter configuration commands, one per line. End with CNTL/Z.
VSW2(config)#banner login Z ########### MY SWITCH ########## Z
How To Set Session Timeout On A Cisco Router
Setting the session timeout parameter in a cisco router or switch is an easy task that will make your day to day work easy.
How to set the session timeout:
log on to the router and type:
router#configure t
router(config)#line vty 0 4
router(config-line)#session-timeout 10 —- 10 is the amount of minutes we want to configure before timeout.
router(config-line)#exec-timeout 0 — this is when we log in exec mode ( 0 is never)
router(config-line)#end – exit the config line mode
router#copy run start
router#copy run start
Limit the Number Of allowed IPSEC VPN sessions on Cisco ASA 5540
To set a limit on the number of allowed IPSEC VPN session on an Cisco ASA 5540 we need to define how many sessions \ users are allowed to be connected to the ASA in each given time.
By default the number of allowed VPN session is unlimited.
To set a limit we need use the Cisco ASDM.
Once logged to the ASDM go to:
Configuration > remote access VPN > Network (client) access > advanced > IPsec > System options
Once there change the maximum IPsec sessions, to the applicable number.
How To Check Which interfaces are Enabled Or Disabled On A Cisco Switch
To check which ports are active or disable on a Cisco switch we need to use the status command and follow the steps below.
1. Log on to the router.
2. Type “show interfaces status” command
Example:
SWITCH1#sh interfaces status
Port Name Status Vlan Duplex Speed Type
Gi0/1 connected 24 a-full a-1000 10/100/1000BaseTX
Gi0/2 connected 24 a-full a-1000 10/100/1000BaseTX
Gi0/3 disabled 24 auto auto 10/100/1000BaseTX
Gi0/4 disabled 24 auto auto 10/100/1000BaseTX
Gi0/5 disabled 24 auto auto 10/100/1000BaseTX
Gi0/6 connected 24 a-full a-100 10/100/1000BaseTX
Gi0/7 connected 23 a-full a-1000 10/100/1000BaseTX
Gi0/8 connected 23 a-full a-100 10/100/1000BaseTX
Gi0/9 connected 22 a-full a-1000 10/100/1000BaseTX
Gi0/10 notconnect 1 auto auto 10/100/1000BaseTX
Gi0/11 connected 27 a-full a-1000 10/100/1000BaseTX
Gi0/12 connected 26 a-full a-1000 10/100/1000BaseTX
Gi0/13 disabled 26 auto auto 10/100/1000BaseTX
Gi0/14 connected 26 a-full a-100 10/100/1000BaseTX
Gi0/15 connected 22 a-full a-1000 10/100/1000BaseTX
Gi0/16 notconnect 27 auto auto 10/100/1000BaseTX
Gi0/17 connected 22 a-full a-1000 10/100/1000BaseTX
Gi0/18 notconnect 25 auto auto 10/100/1000BaseTX
Gi0/19 connected 25 a-full a-1000 10/100/1000BaseTX
Gi0/20 connected 25 a-full a-1000 10/100/1000BaseTX
Gi0/21 disabled 1 auto auto Not Present
Gi0/22 disabled 1 auto auto Not Present
Gi0/23 connected trunk a-full a-1000 1000BaseLX SFP
Gi0/24 connected trunk a-full a-1000 1000BaseLX SFP
Po1 connected trunk a-full a-1000
In order for us to enable or disable a port on a Cisco switch do the following:
To Enable a Port Type:
SWITCH1# int Gi0/2
SWITCH1# no shutdown
To disable a port Type:
SWITCH1#int Gi0/2
SWITCH1#shutdown\0
How To Configure A Cisco Router Or Switch to Send Logs To A SysLog Server
If you would like to configure you Cisco Router or switch to send all it’s logs to a SysLog server all you have to do is to type a few command that will tell the router\switch to send the logs to the server.
To do that:
Log to the router \ switch and type (in this example I used a switch):
SWITCH# Config t
SWITCH(config)#logging 172.40.51.44 — SysLog IP address
SWITCH(config)#logging trap notifications — What do you want to send
SWITCH(config)#logging source-interface ? — Interface that will send the logs
Async Async interface
Auto-Template Auto-Template interface
BVI Bridge-Group Virtual Interface
CTunnel CTunnel interface
Dialer Dialer interface
Filter Filter interface
Filtergroup Filter Group interface
GigabitEthernet GigabitEthernet IEEE 802.3z
GroupVI Group Virtual interface
Lex Lex interface
Loopback Loopback interface
Null Null interface
Port-channel Ethernet Channel of interfaces
Portgroup Portgroup interface
Pos-channel POS Channel of interfaces
Tunnel Tunnel interface
Vif PGM Multicast Host interface
Virtual-Template Virtual Template interface
Virtual-TokenRing Virtual TokenRing
Vlan Catalyst Vlans
fcpa Fiber Channel
SWITCH(config)#logging source-interface vlan2�
SWITCH(config)#exit
All done, don’t forget to save the config.
ROUTER(config)#copy run start.
How To Enable Telnet Access On Cisco ASA 5540
Sometimes there are times that you will need to grant access to other administrators to access the CISCO ASA using telnet.
In Cisco ASA Devices enabling Telnet will not allow all network\hosts to access the ASA using Telnet which will work with Routers and Switches.
In ASA we need to add hosts or networks to the Allowed telnet access list.
First, to view who can access the ASA using telnet type:
ASA# sh run telnet
telnet 10.60.4.20 255.255.255.255 inside
telnet 10.60.4.30 255.255.255.255 inside
In this case we have two host that can access the ASA using telnet.
To add an host to the Telnet access list type:
ASA (config)# telnet 10.60.4.30 255.255.255.255 inside
Hostname or A.B.C.D The IP address of the host and/or network authorized to
You can also use the ASDM GUI interface by going to:
Configuration > Device Managment > Management Access > Command Line (CLI) >Telnet