Hi,
Please follow the link to get the practice simulations, no installation needed it’s all online।
अस्प">http://www.chinaitlab.com/www/school/ccnp-lab.अस्प
Monday, March 15, 2010
Tuesday, March 9, 2010
Saturday, March 6, 2010
New CCNP books,
NEW CCNP BOOKS ARE AVAILABLE FROM CISCO PRESS.
FOLLOW THIS LINK TO GET IT FREE:
http://www.4shared.com/dir/32607328/ec438916/NEW_CCNP.html
HAPPY SHARING
NEW CCNP BOOKS ARE AVAILABLE FROM CISCO PRESS.
FOLLOW THIS LINK TO GET IT FREE:
http://www.4shared.com/dir/32607328/ec438916/NEW_CCNP.html
HAPPY SHARING
Saturday, February 20, 2010
Password Breaking of Cisco Routers
The password-recovery process relies on the fact that the configuration register can be used to make the router ignore the NVRAM configuration when the router is reloaded. The router will be up, but with a default configuration; this allows a console user to log in, enter privileged mode, and change any encrypted passwords or view any unencrypted passwords.
ROMMON will allow you to change the configuration register without knowing any passwords or even booting the IOS. To enter ROMMON mode, press the Break key during the first 60 seconds after power-on of the router. Then you must set bit 6 in the configuration register to binary 1, which is done by setting the entire config register with a four-digit hexadecimal value. For example, hex 2142 is identical to hex 2102, except that bit 6 is binary 1.
The process is slightly different for different models of routers, although the concepts are identical.
Password Recovery
| Step | Function | How to Do This for 1600, 2600, 3600, 4500, 7200, 7500 |
| 1 | Turn the router off and then back on again. | Use the power switch. |
| 2 | Press the Break key within the first 60 seconds. | Find the Break key on your console device’s keyboard. |
| 3 | Change the configuration register so that bit 6 is 1. | Use the ROMMON command confreg, and answer the prompts. |
| 4 | Cause the router to load IOS. | Use the ROMMON reset command or, if unavailable, power off and on. |
| 5 | Avoid using setup mode, which will be prompted for at the console. | Just say no. |
| 6 | Enter privileged mode at console. | Press Enter and use the enable command (no password required). |
| 7 | Assuming that you still want to use the configuration in NVRAM, copy it to the running config. | copy startup-config running-config |
| 8 | View startup config to see unencrypted passwords. | Use the exec command show startup-config. |
| 9 | Use the appropriate config commands to reset encrypted commands | For example, use enable secret xyz123 command to set the enable secret password. |
| 10 | Change the config register back to its original value. | Use the config command config-reg 0x2102. |
| 11 | Reload the router after saving the configuration. | Use the copy running-config startup-config and reload commands. |
Password Recovery
| Step | Function | How to Do This for 2000, 2500, 3000, 4000, 7000 |
| 1 | Turn the router off and then back on again. | Same as other routers. |
| 2 | Press the Break key within the first 60 seconds. | Same as other routers. |
| 3 | Change the configuration register so that bit 6 is 1. | Use the ROMMON command o/r 0x2142. |
| 4 | Cause the router to load IOS. | Use the ROMMON command initialize. |
| 5 | Avoid using setup mode, which will be prompted for at the console. | Same as other routers |
| 6 | Enter privileged mode at console. | Same as other routers. |
| 7 | Assuming that you still want to use the configuration in NVRAM, copy it to the running config. | copy startup-config running-config |
| 8 | View startup config to see unencrypted passwords. | Same as other routers. |
| 9 | Use the appropriate config commands to reset encrypted commands | Same as other routers. |
| 10 | Change the config register back to its original value. | Same as other routers. |
| 11 | Reload the router after saving the configuration. | Same as other routers. |
*Note: A simple trick for this table is, Use following command for the following rommon prompt
If rommon promt is appear like this (>) use following commands
Step 1. > o/r 0x2142
Step 2. > initialize
If rommon promt is appear like this (rommon1>) use following commands
Step 1. rommon1> confreg 0x2142
Step 2. rommon2> reset
Thursday, February 18, 2010
Switch_Password_recovery
Step by step process of password recovery procedure on cisco 2950 switch
sw1>enable
Password:
Password:
Password:
% Bad secrets
sw1>
[Reset power to reboot the switch, start pressing SET/MODE button while reloading, this will interrupt the startup]
C2950 Boot Loader (C2950-HBOOT-M) Version 12.1(11r)EA1, RELEASE SOFTWARE (fc1) Compiled Mon 22- Jul-02 17:18 by antonino WS-C2950-24 starting...
Base ethernet MAC Address: 00:0d:bc:83:c1:40
Xmodem file system is available.
The system has been interrupted prior to initializing the flash filesystem. The following commands will initialize the flash filesystem, and finish loading the operating system software:
flash_init
load_helper
boot
[Manually initialize flash flie system]
switch: flash_init
[list the files on flash:]
switch: dir flash:
Directory of flash:/
2 -rwx 3685701 Mar 01 1993 00:07:11 +00:00 c2950-i6k2l2q4 mz.121-22.EA4a.bin
4 -rwx 1307 Mar 01 1993 00:08:08 +00:00 config.text
5 -rwx 24 Mar 01 1993 00:08:08 +00:00 private-config.text
7741440 bytes total (4052480 bytes free)
[rename the file config.text, so that while booting switch couldn't load it's configurations]
switch:rename flash:config.text flash:gyan.text
[verify the change]
switch: dir flash:
Directory of flash:/
2 -rwx 3685701 Mar 01 1993 00:07:11 +00:00 c2950-i6k2l2q4-mz.121-22.EA4a.bin
4 -rwx 1307 Mar 01 1993 00:08:08 +00:00 gyan.text
5 -rwx 24 Mar 01 1993 00:08:08 +00:00 private-config.text
7741440 bytes total (4052480 bytes free)
[reload the switch, by given command]
switch: boot
[After completing boot switch will prompt you for setup mode]
--- System Configuration Dialog ---
Would you like to enter the initial configuration dialog? [yes/no]: no
[Ignore setup mode]
Press RETURN to get started!
[You will get user EXEC mode, Entre into priviledge EXEC mode and veryfy that startup-config is not present]
Switch>enable
Switch#show startup-config
startup-config is not present
[list the files in flash:]
Switch#sh flash:
Directory of flash:/
2 -rwx 3685701 Mar 01 1993 00:07:11 +00:00 c2950-i6k2l2q4-mz.121-22.EA4a.bin
4 -rwx 1307 Mar 01 1993 00:08:08 +00:00 gyan.text
5 -rwx 24 Mar 01 1993 00:08:08 +00:00 private-config.text
7741440 bytes total (4052480 bytes free)
[rename gyan.text to config.text]
Switch#rename flash:gyan.text flash:config.text
[copy configurations into running-config manually]
Switch#copy config.text running-config
[verify running-config, and check any plain text password]
sw1#show running-config
[Verify that starup-config has the same configuration at this time]
sw1#show startup-config
[Entre into global configuration mode for changing all encrypted passwords]
sw1#configure terminal
sw1(config)#enable secret cisco
sw1(config)#end
sw1#
[save your changes]
sw1#copy running-config startup-config
sw1#
[exit and log-in again to check your applied passwords]
sw1#exit
sw1 con0 is now available
Press RETURN to get started.
sw1>en
Password:
sw1#
[Congrats you have successfully changes your switch passwords]
For more reading please follow the link:
http://www.cisco.com/en/US/products/sw/iosswrel/ps1831/products_tech_note09186a00801746e6.shtml
sw1>enable
Password:
Password:
Password:
% Bad secrets
sw1>
[Reset power to reboot the switch, start pressing SET/MODE button while reloading, this will interrupt the startup]
C2950 Boot Loader (C2950-HBOOT-M) Version 12.1(11r)EA1, RELEASE SOFTWARE (fc1) Compiled Mon 22- Jul-02 17:18 by antonino WS-C2950-24 starting...
Base ethernet MAC Address: 00:0d:bc:83:c1:40
Xmodem file system is available.
The system has been interrupted prior to initializing the flash filesystem. The following commands will initialize the flash filesystem, and finish loading the operating system software:
flash_init
load_helper
boot
[Manually initialize flash flie system]
switch: flash_init
[list the files on flash:]
switch: dir flash:
Directory of flash:/
2 -rwx 3685701 Mar 01 1993 00:07:11 +00:00 c2950-i6k2l2q4 mz.121-22.EA4a.bin
4 -rwx 1307 Mar 01 1993 00:08:08 +00:00 config.text
5 -rwx 24 Mar 01 1993 00:08:08 +00:00 private-config.text
7741440 bytes total (4052480 bytes free)
[rename the file config.text, so that while booting switch couldn't load it's configurations]
switch:rename flash:config.text flash:gyan.text
[verify the change]
switch: dir flash:
Directory of flash:/
2 -rwx 3685701 Mar 01 1993 00:07:11 +00:00 c2950-i6k2l2q4-mz.121-22.EA4a.bin
4 -rwx 1307 Mar 01 1993 00:08:08 +00:00 gyan.text
5 -rwx 24 Mar 01 1993 00:08:08 +00:00 private-config.text
7741440 bytes total (4052480 bytes free)
[reload the switch, by given command]
switch: boot
[After completing boot switch will prompt you for setup mode]
--- System Configuration Dialog ---
Would you like to enter the initial configuration dialog? [yes/no]: no
[Ignore setup mode]
Press RETURN to get started!
[You will get user EXEC mode, Entre into priviledge EXEC mode and veryfy that startup-config is not present]
Switch>enable
Switch#show startup-config
startup-config is not present
[list the files in flash:]
Switch#sh flash:
Directory of flash:/
2 -rwx 3685701 Mar 01 1993 00:07:11 +00:00 c2950-i6k2l2q4-mz.121-22.EA4a.bin
4 -rwx 1307 Mar 01 1993 00:08:08 +00:00 gyan.text
5 -rwx 24 Mar 01 1993 00:08:08 +00:00 private-config.text
7741440 bytes total (4052480 bytes free)
[rename gyan.text to config.text]
Switch#rename flash:gyan.text flash:config.text
[copy configurations into running-config manually]
Switch#copy config.text running-config
[verify running-config, and check any plain text password]
sw1#show running-config
[Verify that starup-config has the same configuration at this time]
sw1#show startup-config
[Entre into global configuration mode for changing all encrypted passwords]
sw1#configure terminal
sw1(config)#enable secret cisco
sw1(config)#end
sw1#
[save your changes]
sw1#copy running-config startup-config
sw1#
[exit and log-in again to check your applied passwords]
sw1#exit
sw1 con0 is now available
Press RETURN to get started.
sw1>en
Password:
sw1#
[Congrats you have successfully changes your switch passwords]
For more reading please follow the link:
http://www.cisco.com/en/US/products/sw/iosswrel/ps1831/products_tech_note09186a00801746e6.shtml
Wednesday, February 17, 2010
How To Host Web Server On Dynamic IP Address??
Would you like to host a web server or e-mail server on your Internet connection, but don’t want to pay for a static IP address? Dynamic DNS (DDNS) is here to allow you to host that website while still using a dynamic IP address. Previously, this was only available as an executable computer program, or was offered on some small home routers. However, with IOS version 12.4 (and some versions of 12.3), DDNS is now available in the Cisco IOS.
What can DDNS do for me?
The problem with hosting a web server, or email server, on an Internet link that has a dynamic IP address is that your IP address could change. For example, you might register your website as www.mywebsite.com and point it to IP address 20.20.20.20. Later, your IP address could change to 30.30.30.30 and all the users trying to get to your website suddenly cannot connect. You would then have to update your DNS record and that change could take a couple of days to propagate to all Internet DNS servers. The result is some serious downtime for your server.
DDNS solves this issue by monitoring your IP address and, if it changes, that change is immediately reported to your DNS provider. This DNS provider is the only host of that domain and, thus, the DNS record is instantly updated when your IP address changes. There should be only seconds of downtime for any users trying to connect to your web or mail server.
In the Cisco IOS, you must first have the proper IOS to use DDNS. To be safe, any version of IOS 12.4 will work. However, the easiest way to see if you have DDNS available on your router is to go to global configuration and type ip ddns ?. Here is output from two routers. The first router has DDNS, the second does not:
Router with DDNS : " % Unrecognized command"
Router without DDNS : "Update configure dynamic DNS update"
In other words, if you have DDNS, you will receive the option to update your DDNS.
Having DDNS built into the IOS makes it much more reliable than having a PC client. Even better, the IOS offers powerful debugging tools for DDNS by using the show ip ddns update and debug ip ddns update commands. For those who have dynamic IP addresses and want to host a server, DDNS is virtually a requirement. In summary, DDNS is a powerful feature to have available in your Cisco IOS router.
169.254.X.X IP Problem
Some of you might have had this problem in the past, you know that your network working perfectly yet suddenly its not working and only showing ip address 169.254.X.X where X can be 0 to 255.
This can happen if you use DHCP in your network. What happen is that the computer set as DHCP client will search for DHCP server and when it can't find the server it will automatically assign ip address of 169.254.X.X. This is actually called APIPA (Automatic Private IP Addressing).
In case of Vista, it will search for DHCP server for about 6 seconds and then assign the APIPA, it will continuously search the server afterward - or so they say.
Tuesday, February 16, 2010
Port Security Configuration On Cisco Switches
Port Security can be configured on Cisco switches to limit number of Hosts as well as which MAC address is allowed on a specific interface. If the security violation occurs on port, port may automatically shutdown. Two ways are there for securing MAC addresses:
1> Static Secure MAC addresses
We can manually specify which MAC is secure by switchport port-security macaddress
mac-address interface configuration command.
Example:
switch(config-if)# switchport port-security mac-address mac-address
2> Dynamic (sticky) Secure MAC addresses
If we enable sticky address learning on a switchport, then the address which switch learns on that port, automatically gets added to mac-address-table and becomes part of running-configuration. if we save the running-configuration these sticky Mac addresses will become permanently Secure Mac-addresses.
Example:
switch(config-if)# switchport port-security mac-address sticky
Some characteristics of sticky mac-addresses
1- If we disable sticky learning by no switchport port-security mac-address sticky command, mac-addresses will be removed from running-configuration but still appear in mac-address table as static secure mac-address.
2- If we disable port-security by no switchport port-security command, mac-addresses will removed from mac-address table but still appear in running-configuration.
Three violation modes[ states of ports when security violation occurs]:
1. Protect- Port will not be shutdown but unknown mac-address will be dropped,
no SNMP trap sent.
2. Restrict- Port will not shutdown but unknown mac-address will be dropped,
SNMP trap sent.
3. Shutdown- Port will shutdown and SNMP trap sent.
Port-Security Default Settings:
To show port-security status:
switch# show port-security interface interface_name
Steps for Configuring Port Security:
Description Command
Select switchport : switch(config)#int fa0/1
Sets the port mode as access: switch(config-if)#switchport mode access
Enable port-security: switch(config-if)#switchport port-security
Sets max. secure mac-address: switch(config-if)#switchport port-security maximum 10
Enable sticky learning: switch(config-if)#switchport port-security mac-address sticky
Return to priviledge EXEC mode: switch(config-if)#end
Verification Commands:
To show secure mac-addresses: switch# show port-security address
To show mac-addresses-table: switch# show mac-address-table
To show brief details of port-security: switch# show port-security
1> Static Secure MAC addresses
We can manually specify which MAC is secure by switchport port-security macaddress
mac-address interface configuration command.
Example:
switch(config-if)# switchport port-security mac-address mac-address
2> Dynamic (sticky) Secure MAC addresses
If we enable sticky address learning on a switchport, then the address which switch learns on that port, automatically gets added to mac-address-table and becomes part of running-configuration. if we save the running-configuration these sticky Mac addresses will become permanently Secure Mac-addresses.
Example:
switch(config-if)# switchport port-security mac-address sticky
Some characteristics of sticky mac-addresses
1- If we disable sticky learning by no switchport port-security mac-address sticky command, mac-addresses will be removed from running-configuration but still appear in mac-address table as static secure mac-address.
2- If we disable port-security by no switchport port-security command, mac-addresses will removed from mac-address table but still appear in running-configuration.
Three violation modes[ states of ports when security violation occurs]:
1. Protect- Port will not be shutdown but unknown mac-address will be dropped,
no SNMP trap sent.
2. Restrict- Port will not shutdown but unknown mac-address will be dropped,
SNMP trap sent.
3. Shutdown- Port will shutdown and SNMP trap sent.
Port-Security Default Settings:
- Port Security Disabled on port
- Max. secure mac-addresses = 1
- Violation Mode Shutdown
- Sticky Address Learning Disabled
To show port-security status:
switch# show port-security interface interface_name
Steps for Configuring Port Security:
Description Command
Select switchport : switch(config)#int fa0/1
Sets the port mode as access: switch(config-if)#switchport mode access
Enable port-security: switch(config-if)#switchport port-security
Sets max. secure mac-address: switch(config-if)#switchport port-security maximum 10
Enable sticky learning: switch(config-if)#switchport port-security mac-address sticky
Return to priviledge EXEC mode: switch(config-if)#end
Verification Commands:
To show secure mac-addresses: switch# show port-security address
To show mac-addresses-table: switch# show mac-address-table
To show brief details of port-security: switch# show port-security
Understanding Configuration-register
The configuration register tells the router whether to use a full-featured IOS, ROMMON, or the limited-feature IOS, which is also called RXBOOT mode. The configuration register is a 16-bit software register in the router, and its value is set using the config-register global configuration command.
Binary version of Configuration register (0x2102) is shown here:
| 15 14 13 12 | 11 10 9 8 | 7 6 5 4 | 3 2 1 0 |
| 0 0 1 0 | 0 0 0 1 | 0 0 0 0 | 0 0 1 0 |
The boot field is the name of the low-order 4 bits of the configuration register. This field can be considered a 4-bit value, represented as a single hexadecimal digit. (Here it is set as 0x2102, it can be written as 0x2)
If the boot field is hex 0 (0x0), ROMMON is loaded.
If the boot field is hex 1 (0x1), RXBOOT mode is used.
For anything else (0x2-0xF), it loads a full-featured IOS.
Note: To ignore the NVRAM content during booting (for password recovery) set the bit 6 in config-register as 1, this will change the config-register value to 0x2142.
Subscribe to:
Posts (Atom)