Categories
Cisco

Cisco PIX 515E upgrade to 7.0 Code

Today I used the monitor mode version of the installation procedure to upgrade a Cisco PIX 515E that was 2 months from being out of a SMARTNet contract. Just in time. This is done by rebooting the firewall with the reload command or flipping the switch (whichever you prefer), and pressing ESC during the boot cycle when the prompt tells you to, then getting started with the string of commands that are required.

First lets set the interface.

interface inside

Then lets set the IP address

address 10.0.0.1

Next lets tell it where the TFTP Server is.

server 10.0.0.10

Now lets tell it the file name.

file pix707.bin

Finally, lets tell the firewall to upload the file.

tftp

The firewall will start to download, then install the code and it’ll reboot. When it comes up, the boot image is not saved to flash so we need to issue the following command.

copy tftp://10.0.0.10/pix707.bin flash:

Accept the following prompts and it’ll finally upload the image to flash. Issue a “write memory” and you are done. Now it’s time to upload the new ASDM image. You can do that with TFTP as well using the following commands.

copy tftp://10.0.0.10/asdm-506.bin flash:

Accept the prompts and it’ll upload the file to flash. Now we need to tell the configuration where that file is located with the following.

asdm location flash:/asdm-506.bin

Reboot and you should be able to access the firewall from the GUI interface using the 7.07 code and ASDM to match.

Categories
Cisco

Packet Capture with Cisco PIX / ASA

One of the guys I work with learned a cool trick and decided to pass it on to me. From a Cisco ASA / PIX firewall you can create a pcap file from the command line for use in Wireshark or just to debug from the console.

First we need to create an access list.

access-list testpcap permit tcp any any

Next we start the capture.

capture testpcapname access-list testpcap interface outside

Now that the capture is started you can view your capture with

show capture testpcapname

or you can download the current pcap file from the SDM with

http://ipoffirewall/testpcapname/pcap

To stop the capture issue

no capture testpcapname

and don’t forget to delete your access list unless you want to use it later. This example was very basic but you could get pretty granular with the access list rules to only pickup the data that you absolutely need to troubleshoot an issue or just for fun.

Categories
Cisco Extreme Networks

Cisco vs. Extreme Networks Switching Commands

Don’t get your hopes up, I’m not taking sides here. I just wanted to show how the companies differ in basic switch configuration. Now for you who don’t know who Extreme is, they are the purple ones, better known as Extreme Networks. They offer some pretty nice products that compete very well with the likes of Cisco or HP. Feel free to check out their product line at http://www.extremenetworks.com/.

Configuring VLANs:

Extreme – Create 2 VLANs and basic configuration

create vlan data
configure vlan data tag 2
configure vlan data ipaddress 10.0.2.1/24
create vlan voice
configure vlan voice tag 3
configure vlan voice ipaddress 10.0.3.1/24
enable ipforwarding

Cisco – Create 2 VLAN interfaces and basic configuration

vlan dat
vlan 2 name data
vlan 3 name voice
exit
configure terminal
interface vlan 2
ip address 10.0.2.1 255.255.255.0
no shutdown
interface vlan 3
ip address 10.0.3.1 255.255.255.0

Port Configuration

Extreme

-switch to pc on (vlan 2)
configure vlan data add port 4 untagged
-switch to phone (vlan 3) and PC (vlan 2)
configure vlan voice add port 4 tagged
configure vlan data add port 4 untagged
-switch to phone (vlan 3)
configure vlan voice add port 4 tagged
-switch to switch
configure vlan default add port 1 tagged
configure vlan data add port 1 tagged
configure vlan voice add port 1 tagged

Cisco (skipping configure terminal)

-switch to pc on (vlan 2)

interface g0/4
sw mode access
sw acc vlan 2
-switch to phone (vlan 3) and PC (vlan 2)
interface g0/4
switchport mode trunk
switchport trunk encapsulation dot1q
switchport access vlan 2
-switch to phone (vlan 3)
interface g0/4
switchport mode trunk
switchport trunk encapsulation dot1q
-switch to switch
interface g0/4
switchport mode trunk
switchport trunk encapsulation dot1q

Show Commands

Extreme – show port 4 information detail
Cisco – show interface g0/4
Extreme – show iproute
Cisco – show ip route
Extreme – show edp port all
Cisco – show cdp neigh
Extreme – show vlan
Cisco – show vlan
Extreme – show fdb
Cisco – show mac-address-table
Extreme – show config
Cisco – show run

Saving your work

Extreme – save
Cisco – write memory
Extreme – upload configuration vr vr-default 10.0.0.100
Cisco – copy start tftp

Starting over

Extreme – unconfigure switch all
Cisco – write erase

Categories
Cisco

Helpful Cisco Commands

Well, this is my first tech post so I’ll make it an easy one. I’ll put a few of the commands that I regularly utilize on Cisco routers and Switches to make my life easier.

| (Pipe) command output modifier –

Alrighty, this truly is a basic command. You issue a normal command at the privilege exec level and add the | (pipe) afterwards followed by an i (include) e (exclude) or b (begin). Begin is not available in all IOS versions.

Command Example:

show run | i ip route

would show something like this:

ip route 10.0.0.0 255.255.255.0 11.24.1.1 name default
ip route 10.1.255.0 255.255.255.0 11.24.1.2 name backup_net

If you were to replace the i with a b the output would begin at “ip route” and continue on with the rest of the config. This would be useful for those really long configs where you might be working on the dial-peers and don’t care to scroll through 500 lines of the config to get there. The e option would exclude anything that you have following it. This might come into handy when you want to skip ip address or access-lists. Hope this helps, I was lucky enough to learn these tricks early on and didn’t have to struggle for too aweful long. Good luck.