My preliminary Cisco router setup

As a potential engineer one of the many basic skills you’ll need to master in your career is setting up a newly purchased router. Surprisingly I know a lot of Engineers that have worked in NOC’s (Network Operations Centers) for years, troubleshooting all sorts Cisco devices and various issues and never really having to configure anything. This is truly one of the down sizes of working in a large company; you tend to get pigeon-toed into doing on particular thing all the time.

Two skills are needed to know from memory.

• Basic setup a router or switch

• Basic password recovery for a router or switch Continue reading

What I got from a typo with the Cisco show command.

While working on another article dealing with telnet and SSH.  I ran across a command I never used or seen before.   Originally I wanted see the configuration for line console and typed out “show run line console 0” but instead, for some reason or another I hit the enter key after I typed “sho run line” and saw this.

ConfigBytes#sho run line
Building configuration…
Current configuration : 1034 bytes
1 : !
2 : version 12.4
3 : service timestamps debug datetime msec
4 : service timestamps log datetime msec

5 : no service password-encryption
6 : !
7 : hostname ConfigBytes
8 : !
9 : boot-start-marker
10 : boot-end-marker
11 : !
12 : logging buffered 4096 emergencies
13 : !
14 : no aaa new-model
15 : memory-size iomem 5
16 : ip cef
17 : !
18 : !
19 : !
20 : !
21 : no ip domain lookup

Continue reading

CVOICE 642-436 Completed!

I just finished my CVOICE test. A requirement for work, the nice thing is that this will grant me the CCNA-Voice certification. Big thanks to Cisco Press CVOICE by Kevin Wallace.

The toughest hurdle in this book for was getting pass chapter 2 which goes in great lengths describing how a fax transmission flows through a VoIP network.  I found myself re-reading certain paragraphs and full pages several times. Just to grasp the concept.

After reading this book I have defiantly walked away a better understating of dial-peers and how h.323 works.   I want to emphasize that reading this book alone will not help you pass your CVOICE exam, this was merely an addendum of various materials I have gathered, to include a Cisco 1751 router purchased from eBay for 15 bucks.

Continue reading

How to prevent toll fraud on Cisco Gateways.

Link

Recently I experienced an issue with a customer that had their long distance carrier shut the service down .  The reason why was that they were showing an excessively large amount of long distance calls made to various African countries as well as Cuba.   

Click to open PDF

The customer is using a Call Manager Business Edition which puts the Call Manger and Unity on the same 7800 server.

The way the problem was presented to us suggested that these calls may have been made internally (it’s my experience that someone on the cleaning crew could be making these calls) which can be easily and quickly identify, all we need to do is look for a pattern when the calls were made, time, day and extension.

Most the time internal fraud calls like theses are made from an open fax machine that has a headset attached to it.  Sometimes Fax lines may be configured to go straight to the gateway on an FXS port; relying on whatever the dial peerforward-digits 7that port is configure to.   Of course this type of configuration bypasses the CM and its logging, dial restriction ability.    Other times the fax line can be set to go into the CM and required to follow what every the dial restrictions are set to.

dial-peers configured
dial-peer voice 11 pots
destination-pattern 9[2-9]……
port 0/2/0:23

Dial Restrictions

Dial Restrictions

The CM log showed unauthorized long distance calls made from the VM extension.    But how was this possible?    CM and Unity normally run independent of one of another, however the business edition is BOTH ran on the same sever.   Which is fine; once a call enters Unity it out of CM’s hands, but if call can somehow be rerouted back to CM, CM can and will forward to call to the outside.

Cisco said that there are rare instances when someone can make a long distance call from VM if they can manipulate an extension into reaching a dial tone.  A lot of variables have to be met before this can happen as well as the person needs to have a working knowledge of how CME and Unity works.  I’ve even heard of people forwarding lines to an outside line.

This can all be fixed with a few minor adjustments on the dial restrictions.

With the dial restrictions in place, we waited…   after 56 days the customer called back to say they were being hit again with toll frauds.    This time, the CM logs reported NOTHING, nada; there were NO forwarded calls from the VM.    They found another way out…   The only item left was the gateway, a Cisco 2821

First thing I check was the dial-peers, I went through each one and found **ADD250X250** no issues at all… but I did notice that this customer did not have a basic access-list to block various ports.  Further investigation showed a lack of an access-list.  I explained to the customer a lack of an access-list can and will allow unauthorized connection to the gateway and make long distance calls; I proved this with a program call XLTE , with this I was able to connect to the gateway using sip and make a call.

This was resolved with the access-list below and applied to the internet connection.

Extended IP access list 101
access-list 101 deny udp any any eq 2427 log
access-list 101 deny tcp any any eq 2428 log
access-list 101 deny tcp any any range 1718 1720 log
access-list 101 deny tcp any any eq 1731 log
access-list 101 deny tcp any any eq 2000 log
access-list 101 deny tcp any any eq 5060 log
access-list 101 deny udp any any eq 5060 log
access-list 101 permit ip any any

Next we apply this to our interface with the following command.

ip access-group 101 in

We have “log” at each end so we can keep track of what protocols are being hit from the outside.  It’s been my experience that you will large amount of hits on 5060 TCP/UDP due to the fact the port belongs to SIP, which a common open standard VOIP protocol that most vendors support.

UDP 2427 (MGCP)
TCP 2428 l (MGCP)
TCP 1718 1720 (H323)
TCP 1731 (MSICCP)
TCP 2000 (SCCP) SKiNNY  Cisco
TCP 5060 (SIP)
UDP 5060 (SIP)

It’s been several months now and there have NOT been any toll fraud issues reported.  A simple access-list like the one above helped elevate this common mistake.

rstaples@configbytes.com www.configbytes.com

Goodbye to Microsoft Windows 2000

July 13 2010 marks the end of Microsoft’s extended support for Windows 2000

I’m sad to see it go, it’s my opinion that Windows 2000 was probably one of the most stable OS’s that Microsoft put out.  I rarely had any issues running it and I know that a lot of businesses were still using the OS, it does a great job of getting basic internet tasks done.

Windows 2000We seen several services packs released over years for Windows 2000, service pack 1 gave us IPV6 support which was easily enable with the net start tcpipv6 command.   Service pack 2 gave us DX 9c and 128-bit encryption, SP 3 gave more security updates and SP 4 allows users of an Win2k users who have not applied any packs to fully upgrade.

Granted is was not all was warm and fuzy in Win2k land, there were security issues in the beginning most notably was the leak memo by Marry Jo Foley who revealed that Win2K had over sixty thousand known defects .  Win2K also received its fair virus share of famous attacks such as Code Red and Nimda.


Continue reading

So long 3.5 inch floppy

Earlier this week Sony announced that it will stop making the 3.5 inch floppy disk March 1 2011. The disk first appeared in 1982 with 264KB formatted.  When I bought the Amiga Computer in 1988  It sported a 720k 3.5 inch drive, later on I moved on to a 386 IBM compatible  with 1.44MB 3.5 inch drive allowing for the latest HD = High Density floppies..  Later years we saw the 3.5 inch grow to 2.8 MB (wish i rarely saw and truthfully don’t think they even took off) .

I moved on to the 120 MB zip disk, which i still have a few today.  It’s funny just last month I found a box of old floppy disks from the mid 90’s.  Going through the disks was traveling back in time, I found old word docs, Viso drawings and some digital pics that were save in 320x 240 resolution.

WOOT.    Most of the people I talked to about this thought that the production of floppy had already stopped years ago.  Desktops and Laptops have not included a floppy drive for sometime, but if you administer a server you are familiarized with the old “recovery disk” ; Linux and Microsoft servers both use them.

Flash drives are here to stay but I don’t think that I will be finding a flash drive still in good condition and able to retrieve files that is 15 years old.  I heard to many horror stories of flash drives failing after a few years, Perhaps has they mature in the future they will become more durable.

New CCNP Books

Yesterday I received my new CCNP books from Cisco Press.  Surprisingly the price was not that bad what I got.  All three courses, 642- 902, 813 and the 832.  I opt for Certs Kits for each as well.

The complete course was around $250 which includes the “Official Certification Guides” , Cert Kits and shipping.

The Cert Kits includes a Quick Reference booklets, flash cards (found online) and a DVD. Each DVD in the same familiar format as the the Video Mentor series is, each with an introduction and roughly 5 to 6 hours of video, each covering the the material talk about in the Certification Guides.

This is makes this series stand out is that the Cert Kits complement the Cert Guides.  I would recommend that you buy them both.  While scanning through the new material I notice that this time Cisco is really pushing hard on the routing and switching.  They have left a lot of the VOiP and security out, which was found in the ONT (642-845) and ISCW (642-825) tracks.

Continue reading

Troubleshooting 101

Just revived an interesting email from Global Knowledge on troubleshooting.
This is subject where I find that new upcoming engineers are lacking in the fine art of effective troubleshooting.  It is real easy to become a “parts-engineer” in today’s throw -it-away and replace society.    However with the economy on stand still, most companies are reluctant to take that approach, they would rather “configure-it-out”.

Troubleshooting is not something you can easily read from a book, it must be physical learned. you can find that guides like the one blow may give you a foundation.

Troubleshooting 101
Gather the facts: This process is the corner stone of all the other processes rely on. First of all, refer to previous trouble tickets to see if this particular problem has occurred in the past and what methods were used to correct it. If this is the very first time, determine if changes were made to the system (i.e., IOS or other application upgrades). Interview user(s) who are affected by the problem and see if this just recently occurred or has been occurring over a period of time. Then review any protocols that may be involved with the problem to understand how they normally function. Pull any necessary trace files or dumps and analyze the traces for abnormal behaviors and you may have to execute debug commands when needed. Also topology diagrams are critical in helping to isolate the problem.

Read the complete article here here…