BenchAddix » cisco

PacketLife.net Community Cisco Lab

Nerm — Sat, 04 Feb 2012 17:57:00 +0000

If you are on a tight budget and can’t afford to build your own Cisco lab then head over to PacketLife.net. They have a community Cisco lab that is free. All you have to do is register for a free account, schedule an open time slot, and get to playing. Whether your are studying for your CCNA or just want to do some pre-project simulation this site is very useful.

Here is a list of their currently available lab hardware:

1x Cisco 2811 (with 2x WIC-2T)
2x Cisco 1841 (with 1x WIC-2T)
1x Cisco Catalyst 3560-24
1x Cisco Catalyst 3550-24 (with Inline Power)
1x Cisco ASA 5505

1x Cisco 2811 (with 2x WIC-2T)
2x Cisco 1841 (with 1x WIC-2T)
1x Cisco Catalyst 3560G-24 (with IEEE 802.3af PoE)
1x Cisco Catalyst 3550-24
1x Cisco ASA 5505
1x Cisco Aironet 1232AG

1x Force10 S25N

Configuring DHCP relay in Cisco IOS

Nerm — Sat, 28 Jan 2012 02:19:25 +0000

There are times when you don’t want to use the routers built in DHCP server and want to use say a Windows Server to hand out your networks DHCP scopes. This guide is for basic DHCP relay configuration in Cisco IOS.

In this example we are going to be configuring the “ip helper” command on interface FastEthernet0/1. Our IP for the interface will be 10.10.20.1/24 and the IP of our DHCP server will be 10.10.10.5/24.

After you have accessed the command line of the router the first thing you will need to do is get into configuration mode by issuing the following command:

conf t

The DHCP server and relay agent should be enabled by default, however if for some reason they are not already enabled they can be enabled by issuing the following command:

service dhcp

Next we will want to enable the DHCP relay agent information option:

ip dhcp relay information option

Now we need to configure the actual interface via the following commands:

interface fastethernet0/1
ip address 10.10.20.1 255.255.255.0
ip helper-address 10.10.10.5
no shut

We now have a working DHCP relay pointing to our Windows DHCP Server for clients that connect to interface FastEthernet0/1. There are tons more ways to utilize and configure this functionality. For example you could assign “ip helper” to sub-interfaces for vlans. We will dive into the more advanced functionality in later articles, but for now this gives you the basic principal of the commands for configuring DHCP relay.

Misconfigured Cisco AP could allow unwanted access

Nerm — Thu, 01 Jul 2010 03:58:32 +0000

According to an article at networkworld researchers have found a potential security risk in Cisco’s Aironet 1200 Series Access Points if the devices are configured incorrectly. This is not an actual bug as it has more to do with user error.

“The issue has to do with Cisco’s Aironet 1200 Series Access Point, which is used to power centrally managed wireless LANs. The Aironet 1200 can be set to a WPA (Wi-Fi Protected Access) migration mode, in which it provides wireless access for devices that use either the insecure WEP (Wired Equivalent Privacy) protocol or the more secure WPA standard.

This gives companies a way to gradually move from WEP to WPA without immediately buying all-new, WPA-capable equipment. But while auditing the network of a customer who used the product, Core researchers discovered that even networks that had stopped using WEP devices could still be vulnerable, so long as the Aironet’s migration mode was enabled.

Researchers were able to force the access point to issue WEP broadcast packets, which they then used to crack the encryption key and gain access to the network.”

Anyone that is using this series of access points from Cisco might want to check and make sure that migration mode is not enabled unless absolutely necessary.

[networkworld]