Fix Apple Bonjour with Cisco autonomous APs

I purchased some used Cisco C1140 autonomous access points for my home network (autonomous meaning not lightweight or requiring a WLC). While everything seemed to be fine at first, later we noticed that printouts to our Canon laser printer were no longer working from our Macs. After some research I realized that the Macs were . . . → Read More: Fix Apple Bonjour with Cisco autonomous APs

ASA Firewall Rules of Thumb

Some important Cisco ASA firewall details I and others have learned and shared over the years:

Don’t use “security-level” as your method of security. In the long term at best “security-level” will cause you to block traffic you didn’t expect, at worst, it will allow traffic you didn’t want. Why? Well… If you add an . . . → Read More: ASA Firewall Rules of Thumb

Zone Firewall TCP reassembly size

If you get something like this in your Cisco’s IOS firewall log:

Mar 12 15:05:33 192.168.1.1 3129: 003121: *Mar 12 15:03:03.195 EST: %FW-4-TCP_OoO_SEG: Dropping TCP Segment: seq:525214740 1415 bytes is out-of-order; expected seq:525170856. Reason: TCP reassembly queue overflow – session 192.168.1.5:53022 to 208.79.250.63:80 on zone-pair ccp-zp-in-out class ccp-protocol-http

sometimes accompanied by hangs in . . . → Read More: Zone Firewall TCP reassembly size

How to kill a session on a Cisco PIX/FWSM

Completely different from Cisco IOS, so hard to remember:

Log into the PIX/FWSM and go to “enable” mode. Do a “who”:

Choose the IP of the session you want to kill and grab the number. In this case I want to kill the “192.168.100.5” session, so I want “2”. Then kill it:

The . . . → Read More: How to kill a session on a Cisco PIX/FWSM

Fixing that stupid Cisco IOS telnet thing…

One of the things that most drives me crazy about Ciscos is the default setting that makes when you’re at a Cisco IOS “exec” prompt that if you type something that isn’t a command, it interprets it as an attempt to “telnet” to a host. This is a real pain in the backside as all . . . → Read More: Fixing that stupid Cisco IOS telnet thing…

Unlocking a Cisco IP phone

One of those things I can never remember! It’s:

**#

Lets you change the network configs among other things.

Also can factory reset with:

Settings> Phone settings> Press **2

Works on older 7921 at least.

Defaulting a Cisco interface…

One pain with Cisco IOS is trying to get a configured interface back to defaults. Half the time you don’t even remember what those were.

If it’s a sub-interface you can “no” it, but you will still have configuration left behind:

cisco(config)#no interface ATM1/0.1 Not all config may be removed and may reappear after reactivating . . . → Read More: Defaulting a Cisco interface…

How to remove a VLAN from a port in CatOS…

I can never seem to remember how to “remove” a VLAN on a switch (eg: Cisco 6500) running the older CatOS. The new IOS based switches are much easier.

Anyway, it’s actually quite simple, just force the port to VLAN 1 (assuming that is your default/native VLAN). For example if port 6/5 was set to . . . → Read More: How to remove a VLAN from a port in CatOS…