-
Fix Apple Bonjour with Cisco autonomous APs
I purchased some used Cisco C1140 autonomous access points for my home network (autonomous meaning not lightweight or requiring a WLC). While everything seemed to be fine at first, later we noticed that printouts to our Canon laser printer were no longer working from our Macs. After some research I realized that the Macs were…
-
ASA Firewall Rules of Thumb
Some important Cisco ASA firewall details I and others have learned and shared over the years: Don’t use “security-level” as your method of security. In the long term at best “security-level” will cause you to block traffic you didn’t expect, at worst, it will allow traffic you didn’t want. Why? Well… If you add an ACL…
-
Zone Firewall TCP reassembly size
If you get something like this in your Cisco’s IOS firewall log: Mar 12 15:05:33 192.168.1.1 3129: 003121: *Mar 12 15:03:03.195 EST: %FW-4-TCP_OoO_SEG: Dropping TCP Segment: seq:525214740 1415 bytes is out-of-order; expected seq:525170856. Reason: TCP reassembly queue overflow – session 192.168.1.5:53022 to 208.79.250.63:80 on zone-pair ccp-zp-in-out class ccp-protocol-http sometimes accompanied by hangs in downloads, then…
-
How to kill a session on a Cisco PIX/FWSM
Completely different from Cisco IOS, so hard to remember: Log into the PIX/FWSM and go to “enable” mode. Do a “who”: fwsm# who 0: 192.168.100.80 2: 192.168.100.5 Choose the IP of the session you want to kill and grab the number. In this case I want to kill the “192.168.100.5” session, so I want “2”.…
-
Fixing that stupid Cisco IOS telnet thing…
One of the things that most drives me crazy about Ciscos is the default setting that makes when you’re at a Cisco IOS “exec” prompt that if you type something that isn’t a command, it interprets it as an attempt to “telnet” to a host. This is a real pain in the backside as all…
-
Unlocking a Cisco IP phone
One of those things I can never remember! It’s: **# Lets you change the network configs among other things. Also can factory reset with: Settings> Phone settings> Press **2 Works on older 7921 at least.
-
Defaulting a Cisco interface…
One pain with Cisco IOS is trying to get a configured interface back to defaults. Half the time you don’t even remember what those were. If it’s a sub-interface you can “no” it, but you will still have configuration left behind: cisco(config)#no interface ATM1/0.1 Not all config may be removed and may reappear after reactivating…
-
How to remove a VLAN from a port in CatOS…
I can never seem to remember how to “remove” a VLAN on a switch (eg: Cisco 6500) running the older CatOS. The new IOS based switches are much easier. Anyway, it’s actually quite simple, just force the port to VLAN 1 (assuming that is your default/native VLAN). For example if port 6/5 was set to…