Zone Firewall TCP reassembly size

By Matt Fahrner, on March 12th, 2011%

If you get something like this in your Cisco’s IOS firewall log:

Mar 12 15:05:33 192.168.1.1 3129: 003121: *Mar 12 15:03:03.195 EST: %FW-4-TCP_OoO_SEG: Dropping TCP Segment: seq:525214740 1415 bytes is out-of-order; expected seq:525170856. Reason: TCP reassembly queue overflow – session 192.168.1.5:53022 to 208.79.250.63:80 on zone-pair ccp-zp-in-out class ccp-protocol-http

sometimes accompanied by hangs in . . . → Read More: Zone Firewall TCP reassembly size

Leave a comment   Cisco, Security

How to kill a session on a Cisco PIX/FWSM

By Matt Fahrner, on March 9th, 2010%

Completely different from Cisco IOS, so hard to remember:

Log into the PIX/FWSM and go to “enable” mode. Do a “who”:

fwsm# who 0: 192.168.100.80 2: 192.168.100.5

Choose the IP of the session you want to kill and grab the number. In this case I want to kill the “192.168.100.5″ session, so I want “2″. . . . → Read More: How to kill a session on a Cisco PIX/FWSM

Leave a comment   Cisco, Security

Fixing that stupid Cisco IOS telnet thing…

By Matt Fahrner, on January 8th, 2009%

One of the things that most drives me crazy about Ciscos is the default setting that makes when you’re at a Cisco IOS “exec” prompt that if you type something that isn’t a command, it interprets it as an attempt to “telnet” to a host. This is a real pain in the backside as all . . . → Read More: Fixing that stupid Cisco IOS telnet thing…

Leave a comment   Cisco

Unlocking a Cisco IP phone

By Matt Fahrner, on January 8th, 2009%

One of those things I can never remember! It’s:

**#

Lets you change the network configs among other things.

Leave a comment   Cisco

Defaulting a Cisco interface…

By Matt Fahrner, on December 4th, 2008%

One pain with Cisco IOS is trying to get a configured interface back to defaults. Half the time you don’t even remember what those were.

If it’s a sub-interface you can “no” it, but you will still have configuration left behind:

cisco(config)#no interface ATM1/0.1 Not all config may be removed and may reappear after reactivating . . . → Read More: Defaulting a Cisco interface…

Leave a comment   Cisco, Networking

How to remove a VLAN from a port in CatOS…

By Matt Fahrner, on December 4th, 2008%

I can never seem to remember how to “remove” a VLAN on a switch (eg: Cisco 6500) running the older CatOS. The new IOS based switches are much easier.

Anyway, it’s actually quite simple, just force the port to VLAN 1 (assuming that is your default/native VLAN). For example if port 6/5 was set to . . . → Read More: How to remove a VLAN from a port in CatOS…

One comment   Cisco, Networking