Friday, 22 January 2021

setting http source interface on cisco switch

This command was needed to copy files from a http server to a switch

ip http client source-interface G0/0


Similar to ip tftp source-interface

http transfers should be faster and more reliable for large files

Posted by at No comments:
Labels: , , , ,

Tuesday, 5 January 2021

linux tools

Shells to consider

Bash (on basically everything)

zsh (auto complete etc)

fish (friendly interactive shell)




Posted by at No comments:

Monday, 23 November 2020

DHCP scope full of BAD_ADDRESS Entries

This one comes up a lot. I've come across the following causes:

1 - Malware just filling up your DHCP scope to break it. 

2 - Rouge DHCP server

3 - Broken NIC on some device, never completes the DHCP steps and keeps taking IP's (some times fixed with driver update)

3 - Proxy arp issue. Similar to above. The client gets DHCP offer but before it accepts it will arp the IP to see if anyone is using it. The firewall responds to the arp so the client rejects the IP and starts DHCP request again multiple clients fill up the DHCP rules. Check NAT rules and make sure they have "no-proxy-arp" even if the NAT rule matches different traffic. Look for any any nat rules.

You can look in DHCP logs on the DHCP server

Check arp -a and wireshark looking for dhcp request/offers on the DHCP server.

If the DHCP is being forwarded by an IP helper you'll need to take the capture on the LAN and can check arp on the device that is doing the IP helper

If its just one mac address a quick work around is to make a reservation for that MAC so it always gets the same IP. That way it won't fill up your DHCP scope. Then clear out the DHCP scope.

You also have the option of setting the DHCP lease times down lower. You can get a script/scheduled task to stop/start the DHCP service (clearing down the scope). If you have scripting skills you can look for "BAD_IPADDRESS" entries and delete those with a script.

The longer/better fix is to find the device(s) that are causing the issue and sort them out. 

You may also have the option to enable DHCP snooping on your switch. You can configure the switch ports to your DHCP servers so they are the only ones allow to respond to DHCP requests.

https://www.petenetlive.com/KB/Article/0001651



Posted by at No comments:
Labels: , , ,

Tuesday, 10 November 2020

Internet browsing and webpages loading slow for no reason

I have hit an issue where internet browsing is slow but when looking at wireshark the round trip time on TCP 3WHS is always good. Not seeing delays in packets. Network graphs show the connection is not being maxed out. Network speed looks good yet the users report that page load times are slow.


I had to allow google and facebook tracking IP block/ranges

The traffic I saw was UDP 443


Google URLS

admin.google.com

ssl.google-analytics.com

*.google.com

www.google-analytics.com

www.google.com

code.google.com

update.googleapis.com

talk.google.com

*.gstatic.com

clientservices.googleapis.com

www.googleapis.com

accounts.google.com

clients4.google.com

*.googleapis.com

oauthaccountmanager.googleapis.com

clients2.googleusercontent.com

update.googleapis.com


Have also seen windows updates using up all the bandwidth so windows updates can be blocked during business hours or controlled with WSUS etc.


MS URLs

login.microsoftonline.com

aadcdn.msauth.net

*.microsoft.com

autologon.microsoftazuread-sso.com


IP's

FB ranges

31.13.64.0/18

66.220.144.0/20

69.171.224.0/19

69.63.176.0/20


Google Ranges

74.125.0.0/16

172.253.0.0/16

209.85.128.0/17

216.58.192.0/19

172.217.0.0/16

64.233.160.0/19

108.177.0.0/17

66.102.0.0/20

173.194.0.0/16


Posted by at No comments:

Friday, 23 October 2020

internal dialing phone issue

Needed to set these commands on router

 10.100.200.10 is the voice router

h323-gateway voip bind srcaddr 10.100.200.10
h323-gateway voip interface 

Also had to reset the voice card

Posted by at No comments:

Friday, 2 October 2020

find what objects an IP is a member of in cisco ASA CLI

 sh run object-group network | i object-group|192.168.1.100


It will spit out all the object-groups and you scroll down until you see the one that has your IP inside.


It will look like this. we found 192.168.1.100 is a member of DNS_FORWARDERS

object-group network DomainControllers

object-group network DNS_FORWARDERS

 network-object host 192.168.1.100

object-group network smtprelay_group

object-group network Office365relayIPs_Group

remember to keep scrolling as it could be a member of more groups.


Posted by at No comments:
Labels: , , ,

Wednesday, 23 September 2020

Cisco to juniper CLI cheat sheet

 https://www.tunnelsup.com/cisco-asa-to-juniper-ssg-command-reference-cheat-sheet/


Posted by at No comments:
Subscribe to: Posts (Atom)