ZZTopping's Blog

Monday, August 24, 2009

Cisco Passive Interface Address-Family Warning

When you are configuring passive interfaces for the global VRF as well as other configured address-families, there is a difference between how the 12.4/12.4T Router IOS behaves and how a 6500/3750/3560 behaves. If you don't know what a passive interface is, this post isnt for you, but here is a step in the right direction.

On Routers, passive-interface settings are shared amongst ALL ADDRESS-FAMILIES, INCLUDING GLOBAL. While on the 3560/3750/6500 etc L3 Switch IOS, the address-families each have their own unique passive interface settings.

For instance:

router eigrp 1
 network 10.0.0.0
 no auto-summary
 passive-interface default
 !
 address-family ipv4 vrf VRF-A
  network 10.0.0.0
  no auto-summary
 exit-address-family
 !
 address-family ipv4 vrf VRF-B
  network 10.0.0.0
  no auto-summary
 exit-address-family
end

The above code snippet on a Cisco Router would cause no EIGRP neighbor relationships to form, in either VRF or the global route table. However, on a Cisco L3 switch, the passive-interface command would ONLY apply to the global route table and each VRF will not have any of its member interfaces be acting as passive.

This final code snippet is not valid on a Router IOS, but is perfectly valid(and desired) on a L3 Switch IOS, with Po1 in the global route table, Po2 in VRF-A, and Po3 in VRF-B:

router eigrp 1
 network 10.0.0.0
 no auto-summary
 passive-interface default
 no passive-interface Po1
 !
 address-family ipv4 vrf VRF-A
  network 10.0.0.0
  no auto-summary
  passive-interface default
  no passive-itnerface Po2
 exit-address-family
 !
 address-family ipv4 vrf VRF-B
  network 10.0.0.0
  no auto-summary
  passive-interface default
  no passive-interface Po3
 exit-address-family
end

Wednesday, June 17, 2009

Renumbering a Cisco 3750 Stack

For those of you familiar with the Cisco 3750 switches, their killer feature is their ability to "stack". Stacking sets one switch as the "master" and utilizing stack cables out of the back of the switch, each switch in the stack appears as one. This allows for expandability, and ease of management.

Anywho, one annoyance of stacking 3750s is that an engineer building or adding to a stack can often install switches "out of order" meaning their stack ID does not match their order as-racked. Basically, most English(or any other Western language) speaking peoples. would assume that a group of 5 switches in a rack would be numbered 1-5, top to bottom. If this isnt the case, ASSumptions can lead to some mistakes and mistakes lead to fussy customers. Yes, this can be checked by pressing the mode button on the front of any stack member, but isnt it better to not worry with that and have it right from the beginning?

Anyway, as a best practice, I always set the order as racked to match the stack order. Its not as simple as issuing the renumber subcommand as it won't move your switch port configurations with the move, you have to do some trickery to move the configurations(it even warns you of this when you hit the commands). If you want to renumber switches in a stack, here is a little HOWTO, since Cisco really doesn't go over this scenario, and I've done it a few times.

*************
Example:
*************
Stack of 2 switches in a rack, Switch 2 is on top, switch 1 is on the bottom.

Step 1: Prime the switches by setting their new stack numbers
We want 2 to become 1 and 2 to become 2, right?

In config mode:

switch 1 renumber 2
switch 2 renumber 1

Then write your config...simple enough.

Step 2:
Copy the startup config to your favorite text editor via screen scrape or file transfer. Do a find replace on all 2/0/ and replace with X/0/ and then find replace 1/0/ with 2/0/, and finally X/0/ with 1/0/. Basically you have flip-flopped all the port configs between the two switches using the power of find/replace.

Step 3:
Upload the file you edited above and have it overwrite the startup config of the stack. Reload the stack

Step 4:
Test. (of course).

Wednesday, April 22, 2009

Ultimate "sed" guide, manipulate many files on *nix!

Its not often I directly rip off others' content, but today is one of those days. (all credit is given, however ;-))

Sed is the *nix utility for stream editing...basically its a great file manipulator. Below you will see a bunch of GREAT uses for it. I've cached a copy here in case the internets eat it alive.

Grabbed from here: http://www.student.northpark.edu/pemente/sed/sed1line.txt

-------------------------------------------------------------------------
HANDY ONE-LINERS FOR SED (Unix stream editor)               Apr. 26, 2004
compiled by Eric Pement - pemente[at]northpark[dot]edu        version 5.4
Latest version of this file is usually at:
   http://sed.sourceforge.net/sed1line.txt
   http://www.student.northpark.edu/pemente/sed/sed1line.txt
This file is also available in Portuguese at:
   http://www.lrv.ufsc.br/wmaker/sed_ptBR.html

FILE SPACING:

 # double space a file
 sed G

 # double space a file which already has blank lines in it. Output file
 # should contain no more than one blank line between lines of text.
 sed '/^$/d;G'

 # triple space a file
 sed 'G;G'

 # undo double-spacing (assumes even-numbered lines are always blank)
 sed 'n;d'

 # insert a blank line above every line which matches "regex"
 sed '/regex/{x;p;x;}'

 # insert a blank line below every line which matches "regex"
 sed '/regex/G'

 # insert a blank line above and below every line which matches "regex"
 sed '/regex/{x;p;x;G;}'

NUMBERING:

 # number each line of a file (simple left alignment). Using a tab (see
 # note on '\t' at end of file) instead of space will preserve margins.
 sed = filename | sed 'N;s/\n/\t/'

 # number each line of a file (number on left, right-aligned)
 sed = filename | sed 'N; s/^/     /; s/ *\(.\{6,\}\)\n/\1  /'

 # number each line of file, but only print numbers if line is not blank
 sed '/./=' filename | sed '/./N; s/\n/ /'

 # count lines (emulates "wc -l")
 sed -n '$='

TEXT CONVERSION AND SUBSTITUTION:

 # IN UNIX ENVIRONMENT: convert DOS newlines (CR/LF) to Unix format
 sed 's/.$//'               # assumes that all lines end with CR/LF
 sed 's/^M$//'              # in bash/tcsh, press Ctrl-V then Ctrl-M
 sed 's/\x0D$//'            # gsed 3.02.80, but top script is easier

 # IN UNIX ENVIRONMENT: convert Unix newlines (LF) to DOS format
 sed "s/$/`echo -e \\\r`/"            # command line under ksh
 sed 's/$'"/`echo \\\r`/"             # command line under bash
 sed "s/$/`echo \\\r`/"               # command line under zsh
 sed 's/$/\r/'                        # gsed 3.02.80

 # IN DOS ENVIRONMENT: convert Unix newlines (LF) to DOS format
 sed "s/$//"                          # method 1
 sed -n p                             # method 2

 # IN DOS ENVIRONMENT: convert DOS newlines (CR/LF) to Unix format
 # Can only be done with UnxUtils sed, version 4.0.7 or higher.
 # Cannot be done with other DOS versions of sed. Use "tr" instead.
 sed "s/\r//" infile >outfile         # UnxUtils sed v4.0.7 or higher
 tr -d \r <infile >outfile            # GNU tr version 1.22 or higher

 # delete leading whitespace (spaces, tabs) from front of each line
 # aligns all text flush left
 sed 's/^[ \t]*//'                    # see note on '\t' at end of file

 # delete trailing whitespace (spaces, tabs) from end of each line
 sed 's/[ \t]*$//'                    # see note on '\t' at end of file

 # delete BOTH leading and trailing whitespace from each line
 sed 's/^[ \t]*//;s/[ \t]*$//'

 # insert 5 blank spaces at beginning of each line (make page offset)
 sed 's/^/     /'

 # align all text flush right on a 79-column width
 sed -e :a -e 's/^.\{1,78\}$/ &/;ta'  # set at 78 plus 1 space

 # center all text in the middle of 79-column width. In method 1,
 # spaces at the beginning of the line are significant, and trailing
 # spaces are appended at the end of the line. In method 2, spaces at
 # the beginning of the line are discarded in centering the line, and
 # no trailing spaces appear at the end of lines.
 sed  -e :a -e 's/^.\{1,77\}$/ & /;ta'                     # method 1
 sed  -e :a -e 's/^.\{1,77\}$/ &/;ta' -e 's/\( *\)\1/\1/'  # method 2

 # substitute (find and replace) "foo" with "bar" on each line
 sed 's/foo/bar/'             # replaces only 1st instance in a line
 sed 's/foo/bar/4'            # replaces only 4th instance in a line
 sed 's/foo/bar/g'            # replaces ALL instances in a line
 sed 's/\(.*\)foo\(.*foo\)/\1bar\2/' # replace the next-to-last case
 sed 's/\(.*\)foo/\1bar/'            # replace only the last case

 # substitute "foo" with "bar" ONLY for lines which contain "baz"
 sed '/baz/s/foo/bar/g'

 # substitute "foo" with "bar" EXCEPT for lines which contain "baz"
 sed '/baz/!s/foo/bar/g'

 # change "scarlet" or "ruby" or "puce" to "red"
 sed 's/scarlet/red/g;s/ruby/red/g;s/puce/red/g'   # most seds
 gsed 's/scarlet\|ruby\|puce/red/g'                # GNU sed only

 # reverse order of lines (emulates "tac")
 # bug/feature in HHsed v1.5 causes blank lines to be deleted
 sed '1!G;h;$!d'               # method 1
 sed -n '1!G;h;$p'             # method 2

 # reverse each character on the line (emulates "rev")
 sed '/\n/!G;s/\(.\)\(.*\n\)/&\2\1/;//D;s/.//'

 # join pairs of lines side-by-side (like "paste")
 sed '$!N;s/\n/ /'

 # if a line ends with a backslash, append the next line to it
 sed -e :a -e '/\\$/N; s/\\\n//; ta'

 # if a line begins with an equal sign, append it to the previous line
 # and replace the "=" with a single space
 sed -e :a -e '$!N;s/\n=/ /;ta' -e 'P;D'

 # add commas to numeric strings, changing "1234567" to "1,234,567"
 gsed ':a;s/\B[0-9]\{3\}\>/,&/;ta'                     # GNU sed
 sed -e :a -e 's/\(.*[0-9]\)\([0-9]\{3\}\)/\1,\2/;ta'  # other seds

 # add commas to numbers with decimal points and minus signs (GNU sed)
 gsed ':a;s/\(^\|[^0-9.]\)\([0-9]\+\)\([0-9]\{3\}\)/\1\2,\3/g;ta'

 # add a blank line every 5 lines (after lines 5, 10, 15, 20, etc.)
 gsed '0~5G'                  # GNU sed only
 sed 'n;n;n;n;G;'             # other seds

SELECTIVE PRINTING OF CERTAIN LINES:

 # print first 10 lines of file (emulates behavior of "head")
 sed 10q

 # print first line of file (emulates "head -1")
 sed q

 # print the last 10 lines of a file (emulates "tail")
 sed -e :a -e '$q;N;11,$D;ba'

 # print the last 2 lines of a file (emulates "tail -2")
 sed '$!N;$!D'

 # print the last line of a file (emulates "tail -1")
 sed '$!d'                    # method 1
 sed -n '$p'                  # method 2

 # print only lines which match regular expression (emulates "grep")
 sed -n '/regexp/p'           # method 1
 sed '/regexp/!d'             # method 2

 # print only lines which do NOT match regexp (emulates "grep -v")
 sed -n '/regexp/!p'          # method 1, corresponds to above
 sed '/regexp/d'              # method 2, simpler syntax

 # print the line immediately before a regexp, but not the line
 # containing the regexp
 sed -n '/regexp/{g;1!p;};h'

 # print the line immediately after a regexp, but not the line
 # containing the regexp
 sed -n '/regexp/{n;p;}'

 # print 1 line of context before and after regexp, with line number
 # indicating where the regexp occurred (similar to "grep -A1 -B1")
 sed -n -e '/regexp/{=;x;1!p;g;$!N;p;D;}' -e h

 # grep for AAA and BBB and CCC (in any order)
 sed '/AAA/!d; /BBB/!d; /CCC/!d'

 # grep for AAA and BBB and CCC (in that order)
 sed '/AAA.*BBB.*CCC/!d'

 # grep for AAA or BBB or CCC (emulates "egrep")
 sed -e '/AAA/b' -e '/BBB/b' -e '/CCC/b' -e d    # most seds
 gsed '/AAA\|BBB\|CCC/!d'                        # GNU sed only

 # print paragraph if it contains AAA (blank lines separate paragraphs)
 # HHsed v1.5 must insert a 'G;' after 'x;' in the next 3 scripts below
 sed -e '/./{H;$!d;}' -e 'x;/AAA/!d;'

 # print paragraph if it contains AAA and BBB and CCC (in any order)
 sed -e '/./{H;$!d;}' -e 'x;/AAA/!d;/BBB/!d;/CCC/!d'

 # print paragraph if it contains AAA or BBB or CCC
 sed -e '/./{H;$!d;}' -e 'x;/AAA/b' -e '/BBB/b' -e '/CCC/b' -e d
 gsed '/./{H;$!d;};x;/AAA\|BBB\|CCC/b;d'         # GNU sed only

 # print only lines of 65 characters or longer
 sed -n '/^.\{65\}/p'

 # print only lines of less than 65 characters
 sed -n '/^.\{65\}/!p'        # method 1, corresponds to above
 sed '/^.\{65\}/d'            # method 2, simpler syntax

 # print section of file from regular expression to end of file
 sed -n '/regexp/,$p'

 # print section of file based on line numbers (lines 8-12, inclusive)
 sed -n '8,12p'               # method 1
 sed '8,12!d'                 # method 2

 # print line number 52
 sed -n '52p'                 # method 1
 sed '52!d'                   # method 2
 sed '52q;d'                  # method 3, efficient on large files

 # beginning at line 3, print every 7th line
 gsed -n '3~7p'               # GNU sed only
 sed -n '3,${p;n;n;n;n;n;n;}' # other seds

 # print section of file between two regular expressions (inclusive)
 sed -n '/Iowa/,/Montana/p'             # case sensitive

SELECTIVE DELETION OF CERTAIN LINES:

 # print all of file EXCEPT section between 2 regular expressions
 sed '/Iowa/,/Montana/d'

 # delete duplicate, consecutive lines from a file (emulates "uniq").
 # First line in a set of duplicate lines is kept, rest are deleted.
 sed '$!N; /^\(.*\)\n\1$/!P; D'

 # delete duplicate, nonconsecutive lines from a file. Beware not to
 # overflow the buffer size of the hold space, or else use GNU sed.
 sed -n 'G; s/\n/&&/; /^\([ -~]*\n\).*\n\1/d; s/\n//; h; P'

 # delete all lines except duplicate lines (emulates "uniq -d").
 sed '$!N; s/^\(.*\)\n\1$/\1/; t; D'

 # delete the first 10 lines of a file
 sed '1,10d'

 # delete the last line of a file
 sed '$d'

 # delete the last 2 lines of a file
 sed 'N;$!P;$!D;$d'

 # delete the last 10 lines of a file
 sed -e :a -e '$d;N;2,10ba' -e 'P;D'   # method 1
 sed -n -e :a -e '1,10!{P;N;D;};N;ba'  # method 2

 # delete every 8th line
 gsed '0~8d'                           # GNU sed only
 sed 'n;n;n;n;n;n;n;d;'                # other seds

 # delete ALL blank lines from a file (same as "grep '.' ")
 sed '/^$/d'                           # method 1
 sed '/./!d'                           # method 2

 # delete all CONSECUTIVE blank lines from file except the first; also
 # deletes all blank lines from top and end of file (emulates "cat -s")
 sed '/./,/^$/!d'          # method 1, allows 0 blanks at top, 1 at EOF
 sed '/^$/N;/\n$/D'        # method 2, allows 1 blank at top, 0 at EOF

 # delete all CONSECUTIVE blank lines from file except the first 2:
 sed '/^$/N;/\n$/N;//D'

 # delete all leading blank lines at top of file
 sed '/./,$!d'

 # delete all trailing blank lines at end of file
 sed -e :a -e '/^\n*$/{$d;N;ba' -e '}'  # works on all seds
 sed -e :a -e '/^\n*$/N;/\n$/ba'        # ditto, except for gsed 3.02*

 # delete the last line of each paragraph
 sed -n '/^$/{p;h;};/./{x;/./p;}'

SPECIAL APPLICATIONS:

 # remove nroff overstrikes (char, backspace) from man pages. The 'echo'
 # command may need an -e switch if you use Unix System V or bash shell.
 sed "s/.`echo \\\b`//g"    # double quotes required for Unix environment
 sed 's/.^H//g'             # in bash/tcsh, press Ctrl-V and then Ctrl-H
 sed 's/.\x08//g'           # hex expression for sed v1.5

 # get Usenet/e-mail message header
 sed '/^$/q'                # deletes everything after first blank line

 # get Usenet/e-mail message body
 sed '1,/^$/d'              # deletes everything up to first blank line

 # get Subject header, but remove initial "Subject: " portion
 sed '/^Subject: */!d; s///;q'

 # get return address header
 sed '/^Reply-To:/q; /^From:/h; /./d;g;q'

 # parse out the address proper. Pulls out the e-mail address by itself
 # from the 1-line return address header (see preceding script)
 sed 's/ *(.*)//; s/>.*//; s/.*[:<] *//'

 # add a leading angle bracket and space to each line (quote a message)
 sed 's/^/> /'

 # delete leading angle bracket & space from each line (unquote a message)
 sed 's/^> //'

 # remove most HTML tags (accommodates multiple-line tags)
 sed -e :a -e 's/<[^>]*>//g;/</N;//ba'

 # extract multi-part uuencoded binaries, removing extraneous header
 # info, so that only the uuencoded portion remains. Files passed to
 # sed must be passed in the proper order. Version 1 can be entered
 # from the command line; version 2 can be made into an executable
 # Unix shell script. (Modified from a script by Rahul Dhesi.)
 sed '/^end/,/^begin/d' file1 file2 ... fileX | uudecode   # vers. 1
 sed '/^end/,/^begin/d' "$@" | uudecode                    # vers. 2

 # zip up each .TXT file individually, deleting the source file and
 # setting the name of each .ZIP file to the basename of the .TXT file
 # (under DOS: the "dir /b" switch returns bare filenames in all caps).
 echo @echo off >zipup.bat
 dir /b *.txt | sed "s/^\(.*\)\.TXT/pkzip -mo \1 \1.TXT/" >>zipup.bat

TYPICAL USE: Sed takes one or more editing commands and applies all of
them, in sequence, to each line of input. After all the commands have
been applied to the first input line, that line is output and a second
input line is taken for processing, and the cycle repeats. The
preceding examples assume that input comes from the standard input
device (i.e, the console, normally this will be piped input). One or
more filenames can be appended to the command line if the input does
not come from stdin. Output is sent to stdout (the screen). Thus:

 cat filename | sed '10q'        # uses piped input
 sed '10q' filename              # same effect, avoids a useless "cat"
 sed '10q' filename > newfile    # redirects output to disk

For additional syntax instructions, including the way to apply editing
commands from a disk file instead of the command line, consult "sed &
awk, 2nd Edition," by Dale Dougherty and Arnold Robbins (O'Reilly,
1997; http://www.ora.com), "UNIX Text Processing," by Dale Dougherty
and Tim O'Reilly (Hayden Books, 1987) or the tutorials by Mike Arst
distributed in U-SEDIT2.ZIP (many sites). To fully exploit the power
of sed, one must understand "regular expressions." For this, see
"Mastering Regular Expressions" by Jeffrey Friedl (O'Reilly, 1997).
The manual ("man") pages on Unix systems may be helpful (try "man
sed", "man regexp", or the subsection on regular expressions in "man
ed"), but man pages are notoriously difficult. They are not written to
teach sed use or regexps to first-time users, but as a reference text
for those already acquainted with these tools.

QUOTING SYNTAX: The preceding examples use single quotes ('...')
instead of double quotes ("...") to enclose editing commands, since
sed is typically used on a Unix platform. Single quotes prevent the
Unix shell from intrepreting the dollar sign ($) and backquotes
(`...`), which are expanded by the shell if they are enclosed in
double quotes. Users of the "csh" shell and derivatives will also need
to quote the exclamation mark (!) with the backslash (i.e., \!) to
properly run the examples listed above, even within single quotes.
Versions of sed written for DOS invariably require double quotes
("...") instead of single quotes to enclose editing commands.

USE OF '\t' IN SED SCRIPTS: For clarity in documentation, we have used
the expression '\t' to indicate a tab character (0x09) in the scripts.
However, most versions of sed do not recognize the '\t' abbreviation,
so when typing these scripts from the command line, you should press
the TAB key instead. '\t' is supported as a regular expression
metacharacter in awk, perl, and HHsed, sedmod, and GNU sed v3.02.80.

VERSIONS OF SED: Versions of sed do differ, and some slight syntax
variation is to be expected. In particular, most do not support the
use of labels (:name) or branch instructions (b,t) within editing
commands, except at the end of those commands. We have used the syntax
which will be portable to most users of sed, even though the popular
GNU versions of sed allow a more succinct syntax. When the reader sees
a fairly long command such as this:

   sed -e '/AAA/b' -e '/BBB/b' -e '/CCC/b' -e d

it is heartening to know that GNU sed will let you reduce it to:

   sed '/AAA/b;/BBB/b;/CCC/b;d'      # or even
   sed '/AAA\|BBB\|CCC/b;d'

In addition, remember that while many versions of sed accept a command
like "/one/ s/RE1/RE2/", some do NOT allow "/one/! s/RE1/RE2/", which
contains space before the 's'. Omit the space when typing the command.

OPTIMIZING FOR SPEED: If execution speed needs to be increased (due to
large input files or slow processors or hard disks), substitution will
be executed more quickly if the "find" expression is specified before
giving the "s/.../.../" instruction. Thus:

   sed 's/foo/bar/g' filename         # standard replace command
   sed '/foo/ s/foo/bar/g' filename   # executes more quickly
   sed '/foo/ s//bar/g' filename      # shorthand sed syntax

On line selection or deletion in which you only need to output lines
from the first part of the file, a "quit" command (q) in the script
will drastically reduce processing time for large files. Thus:

   sed -n '45,50p' filename           # print line nos. 45-50 of a file
   sed -n '51q;45,50p' filename       # same, but executes much faster

If you have any additional scripts to contribute or if you find errors
in this document, please send e-mail to the compiler. Indicate the
version of sed you used, the operating system it was compiled for, and
the nature of the problem. Various scripts in this file were written
or contributed by:

 Al Aab <af137@freenet.toronto.on.ca>   # "seders" list moderator
 Edgar Allen <era@sky.net>              # various
 Yiorgos Adamopoulos <adamo@softlab.ece.ntua.gr>
 Dale Dougherty <dale@songline.com>     # author of "sed & awk"
 Carlos Duarte <cdua@algos.inesc.pt>    # author of "do it with sed"
 Eric Pement <pemente@northpark.edu>    # author of this document
 Ken Pizzini <ken@halcyon.com>          # author of GNU sed v3.02
 S.G. Ravenhall <stew.ravenhall@totalise.co.uk> # great de-html script
 Greg Ubben <gsu@romulus.ncsc.mil>      # many contributions & much help
-------------------------------------------------------------------------

Thursday, April 16, 2009

My PuTTY SSH Tunnel Guide

SSH Tunnelling is one of the most useful things you can setup for securely and discreetly accessing your home network. Anything you see below should only be done for your own private educational purposes or for small exceptions when you need to get something done that is in line with your job and do not want to wait on another to process your exception request.

The idea behind SSH Tunneling is, you have a SSH server that you can access, and from a SSH client, you can connect to this SSH server and tunnel traffic through your SSH connection to it. You then bounce from the server to connect to most everything else the server can connect to. This is extremely useful for accessing your home network without a true VPN put in place. All you need to do is SSH into a system on the other side of your home firewall, and then you can access you home PC securely, without opening it directly to the outside world(for example, port forwarding tcp/3389 to your home PC...baaaad idea).

Personally, I have a Linksys-hacked Linux box behind a FreeBSD firewall. The firewall port forwards the SSH traffic to the linksys box, where public key SSH authentication takes place, and from there I "bounce off" and am able to access my NAS via SCP and my home PC via RDP(its windows, you can do the same with VNC on Linux). My Private key is on my encrypted USB thumb drive with a nice passphrase on it....good security is like layers of an onion, right? :-)

Back to the walkthrough...here's an overview of how to setup putty(on windows) to easily tunnel anything you want.

What will it do?

Encrypt ALL traffic that goes through the tunnel, such that all Big Brother will see is SSH traffic between you and the SSH server, nothing else, this gives you plauible deniability if you get caught on a corporate network

Give you nearly 100% secure access to your home network, brute force attacks won't work(if you enable public key authentication only) and you protect your private workstation/servers from directly being able to come under attack

Remote Desktop, SCP, HTTP, other modern TCP, non-dynamic port protocols are all able to be forwarded

What won't it do?

FTP, unless your FTP server supports SSH redirection natively, this wont work...so don't bother. FTP is not an intelligent protocol and is quite old.

I've not had much luck forwarding CIFS/SMB shares

Hide the number of bytes transferred...if you are streaming video and your traffic use is being watched, they will see the total amount of traffic...so use this wisely!

What do you need to know beforehand? (i.e. I'm not going to explain these items in detail)

How to add port forwards on your firewall

How to setup a SSH Server with public key authentication(I'll probably write that up at a later time......maybe)

Initial Steps:

First, download PuTTY. While you are at it, download puttygen if you dont already have a valid ppk file.

If you don't have a ppk file, open puttygen and hit "Import Key" under the converstions menu, load your private key file and it will allow you to save a putty ppk file. (make sure the ppk file is saved in the same directory as the putty exe)

Now from the command line, run putty with the following syntax(this example will allow you to browse the web through your tunnel):

Encrypted Web Browsing(circumvent corporate blocks)

putty -ssh -l UserName -D 8080 -i home.ppk SSHServerAddress

For "UserName", enter the username you wish to use with your pubkey authentication on your SSH Server

Instead of home.ppk, enter the name of your ppk file

For SSHServerAddress, enter the IP Address you use to access your SSH server

Configure your browser of choice(hopefully firefox) to use a proxy server at 127.0.0.1 port 8080

Enjoy your encrypted browsing session :-)

Tunnel SCP traffic:

putty -ssh -l UserName -L 22:192.168.1.100:22 -i home.ppk SSHServerAddress

Fill out UserName, home.ppk, and SSHServerAddress as above

the -L command( as explained here) is the LocalListeningAddress(assumed here to be 127.0.0.1 since its excluded):LocalListeningPort:IPAddressToConnectTo:PortToConnectTo

The IPAddressToConnectTo is the IP address that the SSH server will use. This is important because if you are doing this to connect from work to your home file server through your home SSH Server, put your home servers PRIVATE IP Address, as your SSH Server uses the private address if it wants to communicate

After you connect, open your SCP program and connect to 127.0.0.1 port 22 and it will go through the SSH Tunnel and connect to the SCP server

Remote Desktop:

putty -ssh -l UserName -L 127.0.0.2:3390:192.168.1.100:3389 -i home.ppk SSHServerAddress

Notice the difference in the "LocalListeningPort" and the "PortToConnectTo" the reason for the difference is that for some reason since Windows XP SP2, you cannot connect to the local lookback of 127.0.0.1 or port 3389. Using the local loopback of 127.0.0.2 and local port of 3390 works fine, and with the above command, you can easily circumvent this issue

Have your RDP Client connect to 127.0.0.2:3390(type it just like that on the connect screen)

Sunday, March 15, 2009

Cisco's Interface Config Cache

Ever notice that doing a show run on a large 3750 Stack or a 6513 can take a (relatively) long time? Enter Cisco's Interface Config Cache:

http://www.cisco.com/en/US/docs/ios/12_3t/12_3t7/feature/guide/gtinvgen.html

Basically, what it does is cache the config in memory, so that your "show run"s execute a LOT faster. Normally, everytime you do show run, it has to query EVERY interface in the system to determine the config for each, and then displays it.

This command tells the IOS to cache it the first time "show run" is executed, so every subsequent "show run" is loading a cache'd copy. Every time a config change is made, the cache is cleared, to keep itself fresh.

In other words, this command won't make a difference the first time you do a "show run" after a config change, but every "show run" thereafter(until the next interface change) will be loaded from the cache and be SUPER speedy.

For the impatient, the command is:

parser config cache interface

Saturday, March 14, 2009

Sun JRE Native 64-bit Plugin support in Firefox

Finally, 64-bit Linux computing is becoming usable for the masses, I'm sure the major distros will pick up on this and make this even easier for those without patience.

Anyway, Sun's JRE 6.0 Update 12 added 64-bit support. I recommend downloading Update 14 build 03 to get the latest and greatest. (as of this writing of course)

http://download.java.net/jdk6/index.html

I've not tried this in Vista 64 or XP 64bit.

Under Linux, download the 64-bit bin file, chmod it to run(I recommend the /opt directory), and it will extract and install itself. Then you only need to add a symbolic link in your firefox plugin directory to the libnpjp2.so file in the /lib/amd64 subdirectory of the newly installed JRE.

Here is what I did under Ubuntu 8.10:

cd /opt
sudo mv ~/Desktop/jre-6u14-ea-bin-b03-linux-amd64-10_mar_2009.bin ./
sudo chmod 777 jre-6u14-ea-bin-b03-linux-amd64-10_mar_2009.bin
sudo ./jre-6u14-ea-bin-b03-linux-amd64-10_mar_2009.bin
cd /usr/lib/mozilla/plugins
sudo ln -s /opt/jre1.6.0_14/lib/amd64/libnpjp2.so

Taken from:

http://ubuntuforums.org/showthread.php?t=1011899

Friday, March 6, 2009

Testing Copper Cables with Cisco Switches (TDR)

You can quickly detect any cable problems from your test with any 3560G/3750G/4500(with Gig Ports)/6500(with Gig Ports) by using the built-in IOS TDR. It will tell you the length of the cable and if there are any open pairs(and if so, where in the line they occur). This is better than running up to the location with a Fluke in hand to test cable problems.

First, you must run the test(its intrusive on the interface its being run on, so only run it on something that is OK to be unreachable for about a minute):

test cable-diagnostics tdr interface <InterfaceName>

After it completes, all you have to do is view the result:

show cable-diagnostics tdr interface <InterfaceName>

See the link below for the full scoop from Cisco:

http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_46_se/configuration/guide/swtrbl.html#wp1400280