November 2011
1 post
7 tags
October 2011
14 posts
1 tag
Subnetting
How many subnets? 2x = number of subnets. x is the number of masked bits, or the 1s. For example, in 11000000, the number of 1s gives us 22 subnets. In this example, there are 4 subnets.
How many hosts per subnet? 2y – 2 = number of hosts per subnet. y is the number of unmasked bits, or the 0s. For example, in 11000000, the number of 0s gives us 26 – 2 hosts. In this example, there are 62 hosts...
4 tags
Cisco Static Route Example
Below is a simple static routing example. The basic syntax for a static route is:
ip route [destination_network] [mask] [next-hop_address or exitinterface] [administrative_distance] [permanent]
ip route The command used to create the static route.
destination_network The network you’re placing in the routing table. mask The subnet mask being used on the network.
next-hop_address The address of...
8 tags
InterVLAN Routing and SVI
InterVLAN Routing
Recall that a Layer 2 network is defined as a broadcast domain. A Layer 2 network can also exist as a VLAN inside one or more switches. VLANs essentially are isolated from each other so that packets in one VLAN cannot cross into another VLAN.
To transport packets between VLANs, you must use a Layer 3 device. Traditionally, this has been a router’s function. The router must have...
2 tags
Destination Host Unreachable // Request Timeout
Destination Host Unreachable: typically happens when the host is actually down, or a router does not have the router to the network.
Request Timeout: this happens typically on the way back to the original sender because of an unknown error.
2 tags
Diffie-Hellman
The Diffie–Hellman key exchange method allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel.
9 tags
Cisco ASA 5505 (8.2) - IPsec Remote Access VPN
ISAKMP Policy: 1
ip local pool: VPN_POOL
transform-set: TRANSFORM
tunnel-group: TESTGROUP
pre-shared key: testingkey
group-policy: group_policy
split-tunnel: ACL-SPLIT-TUNNEL
...
3 tags
Cisco IPsec VPN Parts and Pieces
The ASA uses the ISAKMP and IPsec tunneling standards to build and manage tunnels. ISAKMP and IPsec accomplish the following:
Negotiate tunnel parameters
Establish tunnels
Authenticate users and data
Manage security keys
Encrypt and decrypt data
Manage data transfer across the tunnel
Manage data transfer inbound and outbound as a tunnel endpoint or router
...
2 tags
Mac OS X: Find Default Gateway in Terminal
netstat -nr | grep default
4 tags
IP Renew for Windows and Mac OS X
Windows: ipconfig /renew
——————————————— Mac OS X: sudo ifconfig en1 down sudo ifconfig en1 up Depending on what interface you want to renew. For WiFi: en1 For Ethernet: en0
4 tags
Cisco ASA - Allow Pinging of Outside Interface
Inbound ICMP through the PIX/ASA is denied by default. Outbound ICMP is permitted, but the incoming reply is denied by default.
By default, you cannot ping the ASA’s outside interface - or in other words the public IP you assigned to it. To allow pinging of the outside interface:
ASA(config)#access-list ACL-OUTSIDE extended permit icmp any any ASA(config)#access-group ACL-OUTSIDE in...
4 tags
Cisco ASA - Default Route
To add a default route to your Cisco ASA, add the following:
ASA(config)#: route outside 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx
X is the gateway your ISP provides you, or the next hop to another device such as a perimeter router.
3 tags
CSMA/CD and CSMA/CA
CSMA/CD: Carrier Sense Multiple Access with Collision Detection. Used in wired Ethernet bus topologies, including a hub. A technology defined by the Ethernet IEEE 802.3 committee. Each device senses the cable for a digital signal before transmitting. Also, CSMA/CD allows all devices on the network to share the same cable, but one at a time. If two devices transmit at the same time, a frame...
4 tags
Windows Server 2008 R2 - Change External NTP...
Time synchronization is an important aspect for all computers on the network. By default, the clients computers get their time from a Domain Controller and the Domain Controller gets his time from the domain’s PDC Operation Master. Therefore the PDC must synchronize his time from an external source, such as time.apple.com. Before you begin, don’t forget to open the default UDP 123 port (in and...
September 2011
9 posts
5 tags
Configuration Register on Cisco Routers
The two important configuration register modes to remember are:
0x2102 for normal use.
0x2142 for password recovery. This ignores the configuration (NVRAM).
Cisco page.
1 tag
Local Loop
In telephony, a local loop is the physical wire connection that reaches from the telephone company’s central office (CO) to the customer premises, whether that be a home or a business. Traditionally, the local loop was used only to carry analog signals for voice, but with today’s modems we can use DSL and ISDN over the same lines.
Local Loop Unbundling (LLU) is a telephony term that...
5 tags
Configuring Cisco Repeater Access Points
Cisco access points that have two radios, such as my 1131AG Aironet, can act as a repeater access point. One of the radios is configured as a repeater role-station, while the other remains the root role-station.
Remember: Daisy chaining access points like this will hurt throughput. Because each repeater must receive and then re-transmit each packet on the same channel, throughput is cut in half...
4 tags
Load Balancing T1 Circuits with Cisco CEF
1. Create your static routes on both interfaces, on both routers. 2. Use the ip load-sharing per packet interface command.
Link here.
3 tags
e.g.
e.g. means ‘for example’. It stands for ‘example gratia’ in Latin.
5 tags
Needed Redundancy
N+1 redundancy refers to a needed component (N) that has at least 1 backup component (+1) in the event of a failure. N+1 is referred to as active/passive or standby.
Example of N+1: a generator starting and carrying the load when normal utility power is lost. The generator is not on all the time, which would be active/active, instead it is on standby while utility power is working normally.
...
4 tags
IDE
The term IDE (integrated drive electronics) refers to any hard drive with a built-in controller. All hard drives are technically IDE drives, although we only use the term IDE when discussing ATA drives.
5 tags
Login Banner in OS X Lion
This is pretty cool. You can create a login banner within OS X Lion. This would be very helpful in a classroom network of Macs, or computers that are for public use.
http://support.apple.com/kb/HT4788
5 tags
Cisco Wireless - Show SSIDs
AP#show dot11 bssid
Interface BSSID Guest SSID
Dot11Radio1 0023.04d3.6490 Yes LAB
Dot11Radio0 0023.04cc.6e00 Yes LAB
August 2011
6 posts
3 tags
DSL Notes
DSL (digital subscriber line) typically runs over the same pair of wires that you use for the landline telephone. It is distance sensitive when it comes to speeds and availability. Closer to the telephone companies Central Office (CO) the better things will be.
A splitter is used at the wall jack to literally split the frequencies - one for voice and the other for data (DSL service) - to enable...
3 tags
Add Domain User to Local Administrative Group
Enter the following at a Windows command prompt.
net localgroup Administrative /add domain\username
5 tags
Data Encapsulation
Data - Everything Above
Segments - Transport Layer
Packets - Network Layer
Frames - Data Link Layer
Bits - Physical Layer
When the stream of information is being passed down the layers a header is attached with specific information for that layer, such as the IP destination and source header for the Network Layer.
When the information is being reassembled on the receiving end, each header is...
1 tag
SNMP Notes
SNMP Notes
Agents are also known as servers and devices that will be monitored.
Traps are event notifications that are sent to management stations.
You need both a server side program (agent) and a client (manager or collector as I like to call it) to use it.
Perhaps counterintuitively, the server side of SNMP represents the thing being managed, and the client side is the manager.
Clients...
3 tags
Mac OS X - PDF Power
One of my favorite features within Mac OS X is the ability to turn anything into a PDF. It’s so often overlooked, but when I’m on a Windows machine I get pissed because it’s not there.
Hit print, or Command+P from Safari or whatever application and then hit PDF at the bottom of the Print menu.
8 tags
How To: Use Your MacBook In Clamshell Mode
See Apple article here.
July 2011
8 posts
4 tags
Windows 7 - Automatic Login
Want your computer to automatically login and land you at the desktop instead of forcing you to punch in your password?
1. Bring up the Run command box. 2. Enter ‘control passwords2’ 3. Uncheck the ‘Users must enter a user name and password to use this computer’. 4. Enter your password at the prompt if you have one.
7 tags
Apple Mail With Gmail Account Setup
This setup works with both Apple Mail 4 and 5. The purpose is for your Gmail account to behave exactly as it should within Apple Mail as it does from within a web browser. By default, Apple Mail likes to create all sorts of Gmail labels such as ‘Sent Messages’ and ‘Deleted Messages’.
1. Enter your name, email address and password
2. Select All Mail under [Gmail]...
7 tags
Cisco ASA: Split-Tunneling
Split tunneling controls what traffic is or isn’t protected by the tunnel. By default the Easy VPN server forces the client to tunnel all user traffic to the server; you can ease this restriction and define split tunneling policies for your users, which your server downloads to the remote and which the remote enforces.
Split tunneling defines what traffic from the user must go across the tunnel...
3 tags
5 tags
Fast & Gigabit Ethernet Notes
Fast Ethernet or 100Base-TX, only uses pins 1,2,3 & 6.
Gigabit Ethernet or 1000Base-T, uses all 8 pins.
Cat5e can handle Gigabit Ethernet, but unlike cat6 it is not “certified” to run it. It still works great though.
Here is a great article on the topic.
5 tags
Mac OS X Snow Leopard - 64 Bit
This is a strange one. By default, Snow Leopard boots into 32-bit mode. To change this, hold down the numbers 6 and 4 while your Mac boots up. This will tell the kernel to run in 64-bit mode. The downside is the next time you restart your Mac the kernel will revert to the default 32-bit kernel.
To keep this from happening run the following command in Terminal:
sudo systemsetup...
4 tags
Mac & Windows - Flush DNS
Mac OS X: dscacheutil -flushcache
Windows: ipconfig /flushdns
6 tags
Mac OS X - Make a Backup of Your DVD or CD
I use OSX’s built in Disk Utility app for creating a backup image of my software discs. This way I can store them on a hard drive instead of worrying about losing the original disc.
1. Insert disc. 2. Open Disk Utility under the Utilities folder. 3. Select the disc drive that the DVD resides in. 4. Select New Image from the toolbar. 5. Under ‘Image Format’ choose ‘DVD/CD...
June 2011
12 posts
6 tags
Cisco ASA - Traffic Policing / Rate Limiting
First, we create our Class Map to identify which traffic we want to match. ciscoasa(config)# class-map class_map_name
ciscoasa(config-cmap)# description class_map_description
ciscoasa(config-cmap)# match whatever
——————————————————— Next, we create a Policy Map where we enforce...
1 tag
Simple Power Formulas
P = watts I = amps E = volts Watts = Volts x Amps Volts = Watts ÷ Amps Amps = Watts ÷ Volts Cover the unit you want to solve for. If the remaining two are next to each other you multiply. If they are above/below each other then divide.
2 tags
USB 2.0 Speed
I can never remember this one.
USB 2.0 speed: 480 Mbps or 60 MBps
7 tags
Cisco ASA - Allow Pinging from Inside Hosts to...
By default the Cisco ASA devices do not allow anything through them, and that includes ICMP echo requests and replies (pings). You must statically allow them through your appliance. The time-exceeded statement is to allow traceroute to function.
...
6 tags
Cisco ASA: Exempt VPN Traffic from Translation
In many situations, you might be using your ASA for address translation. If so, then you need to exempt your site-to-site VPN traffic from those translation rules - this is called Identity NAT. In the ACL, use permit statements to exempt the site-to-site traffic—include both the source and destination addresses/networks. ASA(config)#access-list nonat permit ip...
4 tags
Cisco Wireless: Bridge Groups
In general, bridge groups create segmented switching domains. Traffic is confined to hosts within each bridge group, but not between the bridge groups. The switch forwards traffic only among the hosts that make up the bridge group, which restricts broadcast and multicast traffic (flooding) to only those hosts. Bridge groups relieve network congestion and provide additional network security when...
The Forgetful Administrator That Doesn’t Log Out...
It happens. You remote into a server, do your work, and close the window. Without properly logging out first. How can I log that user out because they are eating up my two usable remote desktop sessions!?
Open up Remote Desktop Services Manager. Select the user under Users that you’d like to end, right click and select Disconnect.
Technet page.
5 tags
Wireless: Open and Shared-Key Authentication
Both authentication methods were developed for the old WEP security standard. Only Open can be used with the newer and more secure WPA2 standard.
Shared-Key leverages a challenge packet sent from the AP to the client. The client must supply a correct WEP key, encrypt it and send it back. That packet can easily be captured and deciphered by a sniffer.
Bottom line is that Shared-Key is no longer...
1 tag
Request for Comments
The technical activities of the Internet community are summarized in documents known as Request for Comments or RFCs. Protocol standards, proposed changes, and informational bulletins all usually end up as RFCs. RFCs start their lives as Internet Drafts, and after lots of email wrangling and IETF meetings they either die or are promoted to the RFC series. Anyone who has comments on a draft or...
6 tags
Cisco ASA - EXEC Authorization Upon Login?
Q. Does ASA support EXEC Authorization, which logs the user directly
into enable mode after authentication?
A. No, EXEC Authorization feature is not supported in ASA. Cisco Page.
5 tags
iPhone - Change Email Tone
This is while using an iPhone 4 with iOS 4.3.3 firmware.
I prefer to use Cyberduck to SSH into my iPhone to change and explore files.
Your new email tone must be a .caf file. If you have a .aif file you can simply rename it using the .caf extension and it will work.
The email tone is located at /System/Library/Audio/UISounds/.
You will have to rename whatever new email tone you have to...