Tag: Cisco

Cisco Configuration Professional Installation Notes

To install the Cisco Configuration Professional (CCP) software for the Catalyst 2960X/XR platform from a .tar file, you’ll need to extract and set it up on the switch’s flash memory. Here’s a step-by-step guide to install the .tar file on your Cisco 2960X switch:

What You’ll Need

  • The .tar file (e.g., ccp-c2960x.tar)
  • TFTP server (or FTP/USB depending on your method)
  • Console or SSH access to the switch

Step 1: Transfer the .tar File to the Switch

Use a TFTP server (like tftpd32 or SolarWinds TFTP) to upload the .tar file to the switch’s flash.

From the switch CLI:

copy tftp: flash:

You’ll be prompted:

Address or name of remote host []? 192.168.1.100  <-- your TFTP server
Source filename []? ccp-c2960x.tar
Destination filename [ccp-c2960x.tar]? <Enter>

Step 2: Extract the .tar File

Once the file is on the switch, extract it with:

archive extract flash:ccp-c2960x.tar flash:

This will unpack the files into a directory (e.g., ccp-web) inside flash.

Step 3: Enable the Web Interface

To use Configuration Professional, you need:

  • HTTP/HTTPS server enabled
  • A working VLAN interface with an IP address
  • Authentication (username/password)

Commands:

conf t
ip http server
ip http secure-server
username admin privilege 15 secret YourSecurePassword
interface vlan1
 ip address 192.168.1.1 255.255.255.0
 no shutdown
exit
ip default-gateway 192.168.1.254  ! Adjust as needed
end
write memory

🔗 Step 4: Access the Web Interface

Open a browser and go to:

http://192.168.1.1

or

https://192.168.1.1

You should see the Configuration Professional (CP Express) interface.

🧹 (Optional) Clean Up and Set as Default Web UI

If you want this web interface to load automatically on boot:

conf t
ip http path flash:ccp-web
end
write memory

And if you’re done, you can remove the .tar file to save space:

delete flash:ccp-c2960x.tar

Unable to negotiate with port 22: no matching key exchange method found.

Working with an older Cisco ASA, I was not able to directly SSH to the host using SSH on Windows unless I specified the diffie-hellman-group1-sha1 algorithm.

PuTTY gives the following warning:

For Windows, I can use the following command to SSH (as well as SCP).

ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 user@host

Extracting unique words from all my blog post titles

Had an idea to extract all the unique words from my blog post titles and sort and rank them by frequency. I used MySQL, sed, tr, grep, cat and a little bash script hacked together to do this.

Here’s the top 10 unique words in my blog post titles.

OccurrencesWord
150Windows
46Server
32Cisco
26Command
25Microsoft
22SQL
20Explorer
19Linux
18Internet
18Error

Here’s how I got to this…

SQL Query

select id,post_title from wp_posts where post_type='post' and post_status='publish'

Bash Script

The script splits each word into a new line and also removes any non-alphanumeric characters sh split.sh > single-words.txt

#!/bin/bash

cat post-titles.csv | while read line
do
    for word in $line
    do
        echo $word | tr -cd '[:alnum:]\n'
    done
done

Cleanup and Sorting

Remove empty lines

sed -i '/^$/d' single-words.txt

Prepare stopwords

wget https://gist.githubusercontent.com/sebleier/554280/raw/ -O stopwords.txt

Remove stopwords from list I have so far.

cat single-words.txt | grep -v -Fix -f stopwords.txt|sort -rn|uniq -c|sort -rn|head -15

And that’s a wrap.

Could not establish trust relationship for the SSL/TLS secure channel.

Working with some older Cisco ASA devices, I’m trying to access the ASDM interface. The browser isn’t giving me luck, so I turned to PowerShell to help me, but I get the following error when trying an Invoke-WebRequest to grab the asdm.jnlp file I need.

The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.

Eh, ok. My first thought was to somehow avoid a certificate check but I did not see a native way of doing this with Invoke-WebRequest (at least from an old Server 2008 box with PowerShell v4.0).

StackOverflow to the rescue. Here’s the solution that worked for me.

if (-not("dummy" -as [type])) {
    add-type -TypeDefinition @"
using System;
using System.Net;
using System.Net.Security;
using System.Security.Cryptography.X509Certificates;

public static class Dummy {
    public static bool ReturnTrue(object sender,
        X509Certificate certificate,
        X509Chain chain,
        SslPolicyErrors sslPolicyErrors) { return true; }

    public static RemoteCertificateValidationCallback GetDelegate() {
        return new RemoteCertificateValidationCallback(Dummy.ReturnTrue);
    }
}
"@
}

[System.Net.ServicePointManager]::ServerCertificateValidationCallback = [dummy]::GetDelegate()

Now I can add on my Invoke-WebRequest and everything works.

Cisco WAP571 SNMP poll of apRadioNumAssociatedStations returning 0

For some reason on a Cisco WAP571, the SNMP value returned from apRadioNumAssociatedStations is always zero.

This is true on firmware tested WAP571 (pgwap571, 1.1.0.3).

I have a few of these units around that are not updated to the latest firmware and will test that OID.

I can find data in the apAssocTable to create indexes. For now I’ve created a hack to just snmptable the apAssocTable and count return index values to then pass to Cacti to graph.

snmptable -Cl -CB -Ci -OX -Cb -Cc 16 -Cw 64 -v2c -c <community> <host:port> CISCO-WLAN-ACCESS-POINT-MIB::apAssocTable | grep index | wc -l