Skip to Content


Cisco Systems is a major network technologies company. This tag identifies general information related to the company.

Navigating the IOS command line

I decided to put together a quick blog post on some handy IOS file management commands. I'll likely add to this again in the future to make it more complete, but I wanted to get something started, so here it is..

dir - Get a directory listing of whatever path your are in. 

Cisco Wireless Certifications Get a Refresh

Cisco recently updated their wireless exams to version 2.0 for both CCNA Wireless and CCNP Wireless.The new version brings a much needed update that is more in line with current Cisco wireless technologies.

Some of the updated content includes more recent versions of WLC and client software. They've also expanded 802.11n support and added more information about Video over wireless and Voice over wireless. Check Cisco's website for more details.

How to setup Configuration Change Notification and Tracking

Have you ever found yourself troubleshooting a problem caused by a coworker or consultant mistyping a command? It happens, everyone makes mistakes, but what's frustrating is when people won't own up and admit they made the mistake. Not only is it dishonest, it can impede a fast resolution by knowing what to undo.

As a result, you might find yourself wishing there was a relatively simple way to see every command typed into every router and switch in the network... You can do this with a AAA server, but it can be cumbersome to have to scour through the logs on your ACS server. However, there is another way and it's really easy to configure.

Configuration Change Notification and Logging, or simply Configuration Logging, is Cisco's method to log every configuration command entered on your Cisco IOS routers and switches. The feature was introduced in 12.3(4)T & 12.2(25)S, so it should be available in almost any IOS device that's been upgraded in the last 5 years. It can log locally up to a specified number of lines of config, and even send the commands off to a syslog server.

The following examples are from a Cisco 3550 switch and demonstrate how to configure and monitor change logging.

How to configure DHCP Snooping on a Cisco Catalyst switch

Command Line

A question was asked in the Tekcert forums regarding DHCP snooping configuration. After thinking about writing an in depth response, I decided to just write a full blown blog post.

Everything in this post has been tested in a lab environment with a Cisco 3550, Infoblox DHCP servers, a Netgear router as a "rogue" dhcp server, and a MacBook Pro as a client. The 3550 is configured with ip routing and a layer 3 interface on the subnet where the DHCP servers are located ( VLAN 20 has been created on the 3550 with an interface ip address of All the DHCP server configuration and helper addresses were tested and working prior to implementing DHCP snooping to eliminate any doubt as to whether the DHCP snooping configuration is working or not. So, let's get started.

Cisco QOS Exam

If you are currently working toward the CCVP, which was renamed to the CCNP Voice last year, one of the exams on the check list is the 642-642 QOS Exam, but only for a couple more months. If you take the QOS exam after February 28th 2012, it will no longer count toward the CCNP Voice. The new exam list is available on Cisco's page for the CCNP Voice, but here's a quick reference:

IPv6 Action Plan Video

If you have just been given the task of implementing IPv6 in your company or if you are in the middle of a deployment, you may be asking yourself "How?!" How exactly should you roll out an IPv6 network? Do you configure /64 subnets on point to point links or do you use /127's? How do you secure your network against the initial IPv6 attacks that are available?

These questions and more are covered in this hour long TechWise TV  episode, The IPv6 Action Plan. Some very good points and useful information here, have a look...

Cisco Security Advisory - IKE Resource Exhaustion Attack

If you have ever setup an IPSEC VPN, then you are most likely aware of IKE. IKE is a protocol that can be used to get the first phase of an IPSEC VPN established, a.k.a exchange keys. Well, Cisco has identified a vulnerability in the IKE implementation on Cisco platforms thanks to the work of Roy Hills from NTA Monitor Ltd that could allow a malicious individual to unleash a denial of service on your VPN devices.

What's Vulnerable

Essentially, if your Internet facing VPN devices or border routers
allow anyone on the planet to establish an IKE session with your Cisco
VPN devices (Cisco 3000 VPN Concentrator, Pix, ASA, ISR, etc), then you
are vulnerable.

The issue is pretty much present in anything that supports IPSEC VPNs and doesn't explicitly filter traffic to the VPN devices. Cisco is tracking the issue in the following bug ID's:

CCNA Cert Library, 3rd Edition

A couple months back, I blogged about the pre-order status of the new CCNA Library, 3rd edition. Well, the new edition is now available for purchase. If you are looking to begin your studies toward a CCNA, this would be an invaluable place to start. 

The library includes two books, one for each of the two tests you can take to achieve the CCNA certification. Alternatively you could read both books and take the single CCNA exam. The library also includes updated practice questions, videos, and a network simulator.

CCDE Certification Exams Revised to Version 2.0

If you are studying for the CCDE, that's the design expert certification, then you most likely are aware that you have about a week left before the first version of the written and practical exams are retired. Version 2 of the CCDE written and practical exams will be the only available version beginning October 22, 2011.

If you are interested in more information regarding this announce, here's the official announcement.

For more information about the CCDE certification, here are some helpful links:

CCDE Certification Page

CCDE Data Sheet (PDF)

Let the IPv6 Vulnerabilities Begin

Cisco last week released a slew of security advisories. One that specifically caught my eye is a Denial of Service vulnerability due to "improper processing of malformed IP version 6 (IPv6) packets by Cisco IOS Software."

I've been wondering how long it would take for the exploits to start to trickle in with IPv6. One can only imagine how many vulnerabilities Windows will have with IPv6 enabled by default. Expect to see more of these in the future as IPv6 becomes more prevalent.

The alert details are available here.

The vulnerability details are available here.

How to configure Rate Limit to stop bandwidth hogs

Have you ever had a low speed serial link get overrun by a single user hogging all the bandwidth? Well, there is a quick and easy way to prevent any type of traffic from using up an entire link - rate-limit.

To implement this feature, you simply type in rate-limit under an interface and specify a few parameters such as the allowable bits per second and the burst rate. However, if you do that it will rate-limit all traffic traversing the link which honestly the link will do on its own when traffic exceeds the available bandwidth. A more useful configuration is to include the access-group keyword in the command and point it to an access list that defines the traffic you want to rate-limit.

To demonstrate, I've configured two routers connected with a low speed serial link clocked at 128k. Without the rate limit configured, you can ping between them with no problems:

Cisco Certified Technician (CCT)

The newest addition to Cisco's line of certifications is the CCT, or Cisco Certified Technician. Released in August of this year, the CCT certification has three different areas of focus:

Each certification focuses on the on-site maintenance and support of Cisco equipment in each specific area.

You might be wondering what is the difference between the CCT and the CCENT? Cisco explains that and several more questions in their FAQ, but for those not interested in reading through all of that, here's the basics...

Mobile CCIE Labs

If you are planning on going for the CCIE R&S or Security and you live in a country where the lab is not administered, it can be a challenge to get to the testing center, let alone pass the exam! Cisco has had a program in place to combat this very issue for quite some time called the Mobile CCIE Lab. The program allows you to register to take the lab exam in your city or one closer to you than in a foreign country. The benefits here, of course, are potential savings in travel expenses and missing less work ( even though you might not be missing it).

For a complete schedule of where and when the lab will be available, or if you are interested in learning more about this program, check out the official Mobile CCIE Lab page at Cisco's website.

How to configure an IPv4 GRE tunnel to carry IPv6 traffic

Continuing the review of the TSHOOT Topology, on the IPv6 network map there is a GRE tunnel that is configured between Router 3 and Router 4. This tunnel is in place to allow IPv6 traffic to traverse the IPv4 network. So, while reviewing the IPv6 tshoot topology, I decided to try out the tunnel configuration.

There are several ways to configure tunnels to allow IPv6 traffic to traverse IPv4 networks (and vice versa). This post will be focusing on a GRE tunnel configuration. If you want to review the other ways to create tunnels, i.e.  Automatic IPv4-Compatible IPv6 Tunnels, IPv6 Rapid Deployment Tunnels, and Automatic 6to4 Tunnels, I've included a link below to a great resource on Cisco's website that shows some great examples of other tunnels.

I threw together the following network diagram to provide a visual of what we are configuring: 


Cisco SG100-16 Unmanaged Switch

Need more Gigabit Ethernet? Don't need it to be a managed switch? This 16 port 10/100/1000 Cisco switch might be a quick and easy solution for you.


The Cisco SR2016T 16-Port Rackmount 10/100/1000 Gigabit Switch (A.K.A. SG100-16) is currently listing for below $200 USD and has several appealing features:

Syndicate content