December 2008 Archives

Blocking Instant Messaging and Peer-to-Peer

December 30, 2008 2:50 PM | 10 Comments

Cisco has published a complete white paper on how to block IM and P2P applications using the Cisco IOS Firewall (the artist formerly known as CBAC). While there are many commands to be discussed for IOS Firewall, here's the core syntax needed:

appfw policy-name abuse-control
  application http
   port-misuse default action reset alarm

The complete white paper can be found here.

Configuring (simple) SNMPv3

December 19, 2008 9:31 AM | 3 Comments

SNMP is awesome...All the free SNMP utilities for Cisco devices are even more awesome...but the most popular versions of SNMP (Version 1 and 2c) are completely clear text, completely insecure. SNMPv3 adds authentication and encryption capabilities, however, GOOD LUCK finding an easy, working configuration on Cisco's website. Here's an SNMPv3 configuration that will provide both authentication and encryption services on Cisco routers and switches:

Router(config)#snmp-server group TESTGROUP v3 priv
Router(config)#snmp-server user Jeremy TESTGROUP v3 auth sha JeremyPassword priv des56 3NCRYPT!0NK3Y

*Note: "auth" methods support both md5 and sha
**Note: "priv" also allows AES encryption
***Note: Most SNMP utilities I've seen only support DES encryption

Cisco SmartNET Gets Better: "Smart Call Home"

December 18, 2008 7:00 PM | 2 Comments

If I get one more email about this from Cisco...I'm adding them to my SPAM list. Cisco is HEAVILY pushing the new "Smart Call Home" feature, implemented primarily on Cat 6500s and data center gear. Just to save you some reading, this feature allows Cisco devices to automatically create a secure connection to Cisco TAC to transmit troubleshooting / diagnostic information. It's supposed to hit the ISR series (800, 1800, 2800, etc...) in "Late 2009". Seems nice...as long as your device still has Internet access...


A Switch Powered by PoE

December 16, 2008 2:40 PM | 14 Comments

Interesting find: Cisco now makes a switch (8 ports) POWERED by PoE (not one that supplies PoE power, but receives it and does not need to be plugged in). Check it out: Catalyst 2960PD-8TT-L.

MGCP Configuration for Voice Gateways

December 10, 2008 9:41 AM | 20 Comments

I put this here primarily for my reference. I always end up forgetting one of the global commands when configuring a voice gateway for MGCP...this assumes a Cisco CallManager @ 172.30.100.104:

Router(config)#mgcp
Router(config)#mgcp call-agent 172.30.100.104
Router(config)#ccm-manager mgcp

!Now, the redundant CCM hosts:

Router(config)#ccm-manager redundant-host 172.30.100.105 172.30.100.106

!Now, the TFTP server configuration...gateway should be configured in CCM by this point.

Router(config)#ccm-manager config server 172.30.100.104
Router(config)#ccm-manager config

!In newer IOS/CCM versions, voice dial-peers are created automatically...older versions need this to place each port under MGCP control.

Router(config)#dial-peer voice 5000 pots
Router(config-dial-peer)#port 0/0/0 !FXS port
Router(config-dial-peer)#service MGCPAPP !or application MGCPAPP on older IOS versions

« November 2008 | Main Index | Archives | January 2009 »

Search

About this Archive

This page is an archive of entries from December 2008 listed from newest to oldest.

November 2008 is the previous archive.

January 2009 is the next archive.

Find recent content on the main index or look in the archives to find all content.