Simon Žekar - unix, communications, stupidities » cisco

automatic login to Cisco routers / firewalls

sIMON — Sat, 27 Feb 2010 23:37:34 +0000

Since many of you are still connecting to your Cisco boxes with the plain ssh/telnet command (typing password every time) and since Cisco boxes don’t have SSH public key authentication, the tool to use comes from Rancid (Really Awesome New Cisco confIg Differ) package.

It’s called “clogin” as Cisco login script.

It requires all the credentials in ~/.cloginrc file (protocol / password / enable).

Syntax of .cloginrc file can be found here.

and usage is simple, just clogin hostname

And besides loging it’s very usefull for multiple box configuration. Let’s say you just need to write configs of your 5 routers.

clogin -c "write;exit" router1 router2 router3 router4 router5

and Voila !

Cisco ASA failover fail if IPv6 enabled

sIMON — Fri, 02 Oct 2009 09:14:05 +0000

I can’t believe it…

Failover on Cisco ASA silently stops working after you enable ipv6 configuration.

We’re used of stupid Cisco bugs, but this wins it all !

IPv6 over IPv4 tunnel with Mikrotik & Cisco router

sIMON — Sun, 27 Sep 2009 20:44:15 +0000

Time when native IPv6 network will come right to your home is still far away. So tunneling IPv6 network over IPv4 to some IPv6 enabled site is a way to go.

Configuration is easier than expected and it worked right away. In my case Cisco 7600 series is at the data center where native IPv6 is established and Mikrotik RB450 ( a choice for home router – really powerful and really cheap).

One /64 subnet is assigned for the tunnel (point-to-point) and /48 is then routed to it. Yes. In IPv6 /64 subnet of 18446744073709551616 IPs is used for point-to-point tunnel (2 IPs).

On Cisco 7600 – interface (99.. is a 7600 public IP as 22.. is my home public IP):
interface Tunnel0 description --- test ipv6 in ipv4 tunnel --- no ip address ipv6 address 2AAA:BABA:101:1::1/64 tunnel source 99.99.99.99 tunnel destination 22.22.22.22 tunnel mode ipv6ip

and route:
ipv6 route 2AAA:BABA:BEEF::/48 2AAA:BABA:101:1::2

and on Mikrotik:
/interface 6to4 add disabled=no local-address=22.22.22.22 mtu=1280 name=ipv6tunnel remote-address=99.99.99.99 /ipv6 address add address=2AAA:BABA:101:1::2/64 interface=ipv6tunnel /ipv6 route add disabled=no dst-address=::/0 gateway=ipv6tunnel

And that’s it. You can configure local interface on Mikrotik, like this:
/ipv6 add address=2AAA:BABA:BEEF:DEAD:1/64 advertise=yes interface=ether2

Local machines, if properly configured should receive advertised IPv6 prefix and configure itself for IPv6.

That’s for now, more about IPv6 soon ! HaveAnice !!

skriptna pomoč pri konfiguraciji Cisco opreme

sIMON — Sun, 24 Jun 2007 00:05:19 +0000

Žal starejše verzije Ciscotovega IOS sistema ne poznajo “interface range” ukaza, ki omogoča da več portov konfigurirate naenkrat, zato si je potrebno pomagati drugače.

da bi vsak port konfigurirali ročno, je prezamudno, še posebaj, če imate switch z 48-imi porti.

Pomagate si lahko z enovrstičnico (bash), kot je recimo tale:

i=1; while [ $i -lt 49 ]; do echo "int fast0/$i"; echo "span portfast"; echo "switchport mode access" ; echo "switchport access vlan 934" ; let i+=1; done;

koda zgoraj bo za vsak port izpisala konfiguracijo, izpis lahko copy-paste-ate v cisco switch in marsikatera minuta vam bo prihranjena. Seveda si kodo preuredite za željeno število portov in seveda za željene ukaze.

Kakorkoli, gre samo za prikaz zanke – štetja v ukazni lupini, kar lahko s pridom uporabljate za veliko stvari.

Ponedeljek je dela prost dan !