Archive for July, 2010|Monthly archive page

Data Capture on Cisco ASA

In Uncategorized on July 22, 2010 at 20:21

A few weeks ago t I blogged on the iPhone FaceTime application and how the communication worked.  Since I did the data capture on the Cisco ASA via CLI, I thought I would share the basics on how to do that.  Capturing data right on you ASA makes it much easier to troubleshoot as well as support new applications where you are unsure of how they are working.  Honestly though, we know that good documentation comes with all in-house application development, right?

For this blog, the inside IP that I wanted to capture information for was to any outside IP address.

1.  Create the appropriate access-list on your ASA for the interesting traffic. Below I am capturing any traffic to and from my iPhone (IP Address
access-list capture_iphone extended permit ip host any
access-list capture_iphone extended permit ip any host

2. From the Enable prompt, you then create the capture.  In this case I am creating a capture called iPhone against access-list created in the last step of capture_iphone with a buffer of 1m bytes and a packet length of 2000, on the inside interface and set to overwrite when the buffer is full.
capture iPhone type raw-data access-list capture_iphone buffer 1000000 packet-length 2000 interface inside circular-buffer

3. Once the capture file is running, you can view it by using the command sh capture iPhone , or my preference is to download it from the ASA in PCAP format:
or in this example:

4. After you d/l the capture file, just open it in Wireshark and you are good to go!

There is another way to view the capture and that is from the CLI. Below are the command options and their Cisco explanation.

FryGuyFW-ASA# sh capture iPhone ?

access-list    Display packets matching access-list
count          Display <number> of packets in capture
decode         Display decode information for each packet
detail         Display more information for each packet
dump           Display hex dump for each packet
packet-number  Display packet <number> in capture
trace          Display extended trace information for each packet
|              Output modifiers


CCIE SP Bootcamp – Cancelled

In Uncategorized on July 22, 2010 at 14:13

Well, did not hear it until today – but they are canceling the CCIE SP Bootcamp next week at the CCIE Expo hosted by CCIE Flyer. Eman did all he could (and then some)  to get me into another SP class in August, but sadly they are canceling that one as well.  Guess I will be doing some heavy study on my own for the next few weeks – I have the material, just need to make the time.

Guess I can now use that money for some good rack time – or I am sure the Mrs will find a good use for it 😉

1 week until CCIE SP Bootcamp (AKA CCIE Expo)

In Uncategorized on July 19, 2010 at 16:29

Well, one more week until I am attending the CCIE Expo down in Wilmington, DE with the CCIE Flyer man, Eman. 

If you are not aware, Eman is hosting what they are calling a “CCIE Expo” where he will have CCIE Training for R&S, SP, Voice, and Security.  The price for this class and the hotel stay where too hard to pass up – especially when you consider that it is about a 2 hour drive from where I live in PA.  I know I am not as ready as I wanted to be, so I have a few days to refresh my memory and get ready.  Whatever happens next week, the one thing that I know is that it will be a learning experience.

I will learn my strengths and weaknesses – and once I am sure of them I know where I need to focus.

If you want to read more on the Expo, here is a link to the CCIE Flyer Article or to the CCIE Agent site

In case you where wondering who is leading the classes there, below is the list:


Eman Conde
 CCIE Agent™ known to many CCIEs around the world will play ring master to an historic and memorable week of training and networking

Serivce Provider

CCIE #14856 Paul Negron

Paul is a CCIE Service Provider with over 12 years of networking experience and numerous published works on topics such as MPLS Paul is a giant in the Cisco networking arena.

In his own words

The changes in our industry have motivated me to improve the CCIE Service Provider Track to help with the various issues that come up in deployment as well as preparing for the lab exam. I want people to leave my class knowing they got more than they expected. I approach this responsibility with much humility and I am very grateful for the opportunity to work with the people I have so far. I can’t wait to help more of them.

With the goal of helping others in mind I have been finishing off the labs that are a part of my SP boot camp in Colorado this March.  The SP track is a more significant certification these days and interest in professionals with this certification and skills becoming more valuable.  Training is one of my passions and I am humbled by the way many of the students I have tutored have responded to my approach.


CCIE #19860 Piotr Matusiak

Piotr is a dual CCIE R&S and Security with over 10 years experience in the field.  His work is interesting and focussed on security architecture and risk management in complex enterprise class networks. 

Advice on preparing for the Security CCIE lab

As the Security is a very broad topic there is no chance to go through everything from the beginner level. Hence, all students should have at least CCSP level of knowledge. This does not mean you must have CCSP certificate but an equivalent level of knowledge and two years of experience will help a lot. Of course I will be teaching core topics from scratch but some of the topics will be touched on at the higher level. Moreover, I highly recommend subscribing to Group Study mailing list as this is the place where someone can learn a lot and dispel any doubts.

The most important thing is that I will use Narbik’s philosophy of teaching using only a whiteboard and markers, without trying to bore the students through PowerPoint. This approach is much better and current Narbik students, including myself, like it a lot

Routing and Switching

CCIE #12410 Narbik Kocharians

Narbik is a triple CCIE R&S, Security and SP with over a dozen years of experience.  His training background is a history of who’s who in the Cisco certification training arena.  His textbooks have been used by these companies as he developed his art.  As the brain trust of Micronics Training he has been personally responsible for mentoring some of the brightest in the industry.

Thoughts about obtaining a CCIE certification

Believe it or NOT, the CCIE cert is NOT hard at all. As a matter of fact, it is ridiculously easy, but its so easy its hard. Let’s just say my grand mother could do it. But she is a dual CCIE (just kidding).  On a serious note, you need to study thoroughly.  You need to study very hard and know every topic and sub topics.  Cisco wants their CCIEs to know their material. If you look at the blueprint and go over each item one at a time, you will pass. It is as simple as that. There are some “007” configurations that you may have to perform, but all in all its NOT that bad.

Cisco 4948, Star Wars, and IOS Upgrades

In Uncategorized on July 13, 2010 at 15:26

Just figured I would post a quick blurb on the Star Wars switch – The Cisco 4948. (Actually I think the whole 4500 series is Star Wars related).

Why do I say Star Wars Switch? Easy.  Here are two SHOW VERSIONS from two Cisco 4948s that we have.

Cisco 4948 w/4 SFP
Cisco IOS Software, Catalyst 4500 L3 Switch Software (cat4500-ENTSERVICESK9-M), Version 12.2(31)SGA11, RELEASE SOFTWARE (fc1)
Technical Support:
Copyright (c) 1986-2010 by Cisco Systems, Inc.
Compiled Fri 08-Jan-10 16:44 by alnguyen
Image text-base: 0x10000000, data-base: 0x118C04CC

ROM: 12.2(31r)SGA1
Dagobah Revision 226, Swamp Revision 5


Cisco 4948 w/10GE
Cisco IOS Software, Catalyst 4500 L3 Switch Software (cat4500-ENTSERVICESK9-M), Version 12.2(54)SG, RELEASE SOFTWARE (fc3)
Technical Support:
Copyright (c) 1986-2010 by Cisco Systems, Inc.
Compiled Sun 27-Jun-10 00:29 by prod_rel_team
Image text-base: 0x10000000, data-base: 0x123F21AC

ROM: 12.2(31r)SGA4
Pod Revision 0, Force Revision 31, Gill Revision 19

Dogabah?  Swamp? Pod? Force?

I also have spoke with TAC engineers and they said that the CIsco 4500 team is into Star Wars like midi-chlorlians where to Ani.

So, now that I have that out of the way – my gripe on the Cisco 4948 out of the box.

When you receive one of these switches, the config-register is set to 0x2101 by default.  Now, most people will not notice this until then want to upgrade the IOS code.  What the 0x2101 on the 4948 does is tell the switch to load the first IOS image loaded into bootflash, not the one you configure in the boot variable.  When you boot with 0x2101, here is the message that is flashed on the console:

******** The system will autoboot now ********

config-register = 0x2101

Autobooting using the first file from bootflash…..

So, even if you load an newer IOS image in the system and configure the bootvar, the switch will not load that image.  Below is a SHOW BOOTVAR showing the config-register of 0x2101 as well as the boot variable for the other IOS image in flash

4948-1#sh bootvar
BOOT variable = bootflash:cat4500-entservicesk9-mz.122-54.SG.bin,1;
CONFIG_FILE variable does not exist
BOOTLDR variable does not exist
Configuration register is 0x2101

So, when you change the config-register to 0x2102, the system will boot with the image file specified in the config.

******** The system will autoboot now ********

config-register = 0x2102
Autobooting using BOOT variable specified file…..

Current BOOT file is — bootflash:cat4500-entservicesk9-mz.122-54.SG.bin

Below is the bootvar after changing it as well as the config fil:

4948-1#sh bootvar
BOOT variable = bootflash:cat4500-entservicesk9-mz.122-54.SG.bin,1;
CONFIG_FILE variable does not exist
BOOTLDR variable does not exist
Configuration register is 0x2102

While this is not really a big deal, it is enough to drive someone nuts in the middle of the night doing an upgrade.  Just think, you uploaded code, checked the boot statement, but you IOS did not load.  It is enough to drive a person crazy at times.

Just wanted to share…

Console Server Configuration using Menu’s

In Uncategorized on July 6, 2010 at 16:41

I know that there are quite a few how-to’s for configuring your Cisco Console server, but I figured I would throw my hat in the ring and add a twist.  You see, when I connect to my console server I am presented with a MENU, and from there I can select the device that I want to connect to.  Now normally you would not use this, but when you want to share your rack with others – a menu makes it easier for them to connect to the devices without knowing what is where and what it is called.

Here is the menu that I am presented with when I connect to the console server:

**     Cisco :: Terminal Server for Access to CCIE SP Lab      **

[1]        Connect to R1                                                             [10] Connect to FR
[2]        Connect to R2                                                            [11] Connect to ATM
[3]        Connect to R3                                                            [12] Connect to BB1
[4]        Connect to R4                                                            [13] Connect to BB2
[5]        Connect to R5                                                            [14] Connect to BB3
[6]        Connect to R6
[7]        Connect to R7
[8]        Connect to R8
[9]        Connect to R9                                                            [99] Exit to CLI


In order to configure this, here is what you have to do!

1.  Create a loopback address with an arbitrary IP address – Here I am using

interface Loopback0
ip address

2. Create host entries for each device that is connected to your console server.
To break down the first-line, 2033 is the port on the console server and is the loopback IP address of the console server

ip host R1 2033
ip host R2 2034
ip host R3 2035
ip host R4 2036
ip host R5 2037
ip host R6 2038
ip host R7 2039
ip host R8 2040
ip host R9 2041
ip host BB1 2042
ip host BB2 2043
ip host BB3 2044
ip host FR 2062
ip host ATM 2063

3.  Create the menu commands – here the menu is called CONSOLE

menu CONSOLE command 1 resume R1 /connect telnet R1
menu CONSOLE command 2 resume R2 /connect telnet R2
menu CONSOLE command 3 resume R3 /connect telnet R3
menu CONSOLE command 4 resume R4 /connect telnet R4
menu CONSOLE command 5 resume R5 /connect telnet R5
menu CONSOLE command 6 resume R6 /connect telnet R6
menu CONSOLE command 7 resume R7 /connect telnet R7
menu CONSOLE command 8 resume R8 /connect telnet R8
menu CONSOLE command 9 resume R9 /connect telnet R9
menu CONSOLE command 10 resume FR /connect telnet FR
menu CONSOLE command 11 resume ATM /connect telnet ATM
menu CONSOLE command 12 resume BB1 /connect telnet BB1
menu CONSOLE command 13 resume BB2 /connect telnet BB2
menu CONSOLE command 14 resume BB3 /connect telnet BB3
menu CONSOLE command 99 menu-exit

4.  Create the menu title and text:

menu CONSOLE title %

**          Cisco :: Terminal Server for Access to CCIE SP Lab             **
menu CONSOLE text [1] Connect to R1                [10] Connect to FR
menu CONSOLE text [2] Connect to R2                [11] Connect to ATM
menu CONSOLE text [3] Connect to R3                [12] Connect to BB1
menu CONSOLE text [4] Connect to R4                [13] Connect to BB2
menu CONSOLE text [5] Connect to R5                [14] Connect to BB3
menu CONSOLE text [6] Connect to R6
menu CONSOLE text [7] Connect to R7
menu CONSOLE text [8] Connect to R8
menu CONSOLE text [9] Connect to R9                [99] Exit to CLI
menu CONSOLE clear-screen

5.  Under your VTY 0 4 interface use the autocommand interface to run the menu console command when a user connects.

line vty 0 4
autocommand menu CONSOLE

That is it!

Note: You could easily make 99 a hidden option and just enter 99 to enter the CLI.

CCIE Rack Re-Cabled

In Uncategorized on July 6, 2010 at 15:44

Well, just figured I would post up real quick to say that the CCIE SP Rack has been reacabled in IPExpert fashion.  The rack was previously cabled for INE session, but since I have completed their workbook I felt it was time to recable and prepare.  Did not get any studying done today – but getting the rack completely recabled in one day is a win for me.

Now to reconfigure the frame-relay switch with all the new ports and I am set.  Tomorrow will prove to be an interesting day!

Nexus 7000 Training Documentation

In Uncategorized on July 5, 2010 at 15:57

A few weeks ago the company that I work for received our Nexus 7000 (7010 to be exact) switches.  Since my team was not familiar with these switches, I decided to write some quick training docs and labs for them.  Since they where well received ( or perhaps they just do not know better ), I have decided to share them with the rest of the population.

These  docs are by no-means an end-all be-all type document on the Nexus 7000 switches, but they might be enough to get you familiar with them. They are in PDF format below:

Nexus 7000 Training

Nexus 7000 Labs w/Answers

Any questions, please let me know.

Cards 2, 3, 4, 7, 8, 9 and 10 are N7K-M148GT; cards 5 and 6 are N7K-SUP1, and cards 7 and 8 are N7K-M132XP.

There has been a recent request to post the cabling diagram, here it is to the best of my memory:

The configs for the switch and the router have been lost to time, but perhaps one day I can recreate them.

CCIE Service Provider

In Uncategorized on July 5, 2010 at 00:43

OK, now that Cisco Live is over I need to recharge and gear-up for my CCIE Service Provider lab that is currently scheduled for October.  I have already completed INE Volume 1 with little to no problems (multicast has always been my Achilles heel).  It has brought out some areas that I need to work on and others where I feel that I am strong in.

This month (July) I will be attending a CCIE Expo (Link)  down in Wilmington, Delaware that is being hosted by CCIE Flyer.  The CCIE Boot camp that I am attending is being taught by Paul Negron, who from my understanding, is supposed to host a very good boot camp class.  There are supposed to be other activities that week with regards to test taking strategy and such, so it should be a good experience.

Time to get back on the wagon for this test – time is ticking and the CC has been charged!

Cisco Live round-up

In Uncategorized on July 5, 2010 at 00:31

Well, that is another year of Cisco Live in the bag.  I have to admit, they keep getting better and better!

The week started out with my taking a CCDE class and ended with a CCIE Storage Class.  There where many other classes that week – IPV6, WAN Design, etc – but the first and last classes where the best.  I have already discussed the CCDE class, so here is some information on the CCIE Storage Class. The CCIE SAN class discussed what was on the lab, what you needed to know, and just some basic study information.  The best place to learn about the lab is Cisco Learning Network surprisingly enough.

So, some of the other highlights of the week was the announcement of the CIUS (See-Us) – a portable multi-media communication device. If this thing actually takes off, it will make a great impact to the educational society as well as the corporate business world.  This device has video meeting capabilities that would make working at home much easier and more personable.

To round out the week we had the Customer Appreciation Event.  Not a bad time, Smash Mouth was not the best performance as their headline songs where bad, but when they sang Van Halen songs, they rocked.

%d bloggers like this: