Networking – Tech Notes

Networking page 1 of 4 for 34 posts

Cisco WAP571 SNMP poll of apRadioNumAssociatedStations returning 0

For some reason on a Cisco WAP571, the SNMP value returned from apRadioNumAssociatedStations is always zero. This is true on firmware tested WAP571 (pgwap571, 1.1.0.3). I have a few of these units around that are not updated to the latest firmware and will test that OID. I can find data in the apAssocTable to create indexes. For now I've created a hack to just snmptable the apAssocTable and count return index values to then pass to Cacti to graph. snmptable -Cl -CB -Ci -OX -Cb Continue Reading...

snmptable

snmptable -Cl -CB -Ci -OX -Cb -Cc 16 -Cw 64 -v2c -c <community> <host:port> CISCO-WLAN-ACCESS-POINT-MIB::apAssocTable On a Cisco WAP571, it produces the following output. Interface Authenticated Associated RxPackets TxPackets RxBytes TxBytes ListenInterval LastRssi TxDropBytes RxDropBytes TxDropPackets RxDropPackets ClntQoSStatus BwLimitUp BwLimitDown ACLType ACL Policy TsViolateTxPack TsViolateRxPack Continue Reading...

ISAKMP (IKE Phase 1) Status Messages MM_WAIT_MSG#

I've been meaning to copy this back here but haven't had the chance until now. I reference this so much, figured it'd have stuck in my mind by now... Anyway, this is one of the best resources for quick analysis troubleshooting of MM_WAIT_MSG errors on VPN tunnels for Cisco ASA / PIX from https://www.tunnelsup.com/isakmp-ike-phase-1-status-messages/. ISAKMP (IKE Phase 1) Negotiations States The MM_WAIT_MSG state can be an excellent clue into why a tunnel is not forming. If your firewall Continue Reading...

Warning, DHCP pool range is limited to 128 addresses

For all ASA models, the maximum number of DHCP client addresses varies depending on the license:

If the limit is 10 hosts, the maximum available DHCP pool is 32 addresses.
If the limit is 50 hosts, the maximum available DHCP pool is 128 addresses.
If the number of hosts is unlimited, the maximum available DHCP pool is 256 addresses.

That’s annoying.

The vpn client agent was unable to create the interprocess communication depot.

When installing Cisco AnyConnect VPN client, encountered an error:
The vpn client agent was unable to create the interprocess communication depot.
This error is due to Internet Connection Sharing being enabled. To resolve, disable ICS per adapter, or globally through Services.
Per Adapter:

Click the Start button.
Click on Control Panel.
Click on View Network Status and Tasks
Click on Change adapter settings
Right-click the shared connection and choose Properties
Click the Sharing tab
Continue Reading...

Configure WPA on Cisco Aironet 350 Access Point

Quick setup for WPA on Cisco Aironet 350 Access Point to remind myself…

interface Dot11Radio0
 no ip address
 no ip route-cache
 !
 encryption mode ciphers tkip
 !
 ssid HomeWIFI
    authentication open
    authentication key-management wpa
    guest-mode
    wpa-psk ascii 0 s3cr3t

Enable SSH Login on a Cisco Router

Quick example of setting up SSH access on a Cisco router. I have a few dozen routers in my lab I'm working on and actually made this scripted. This is here for me to remember in the future.
Router(config)# crypto key generate rsa usage-keys label rtr-key
The name for the keys will be: rtr-key
Choose the size of the key modulus in the range of 360 to 2048 for your
Signature Keys. Choosing a key modulus greater than 512 may take
a few minutes.
How many bits in the modulus [512]: 1024
Choose the size Continue Reading...

Configure Cisco ASA to Capture Specific Port Traffic

On a Cisco ASA you can configure capturing of data to allow for deeper troubleshooting of issues. With the recent issue of the Heartbleed bug, I needed a way to capture HTTPS traffic and inspect remote hosts for the vulnerability. If the site was vulnerable, I would create a temporary block until that site patched.
Continue Reading...

Test Cisco ASA VPN Authentication

Had an issue with a user that was failing to log into the VPN from remote. Couldn't initially figure it out while at home while troubleshooting the authentication. So here's how to test authentication from the Cisco ASA CLI.
Continue Reading...

Cisco IOS EEM: Send Email on VPN Connection

I set up a Cisco router to send an email whenever a VPN user connected. I did this for accounting purposes before I moved to RADIUS. I'll put this up here because someone else may be interested in this for their own use.
Step 1: Environment Variable Setup
I like to configure variables to use throughout my EEM applets so I don't get crazy with having to remember everything. These setup a few such as a mail server, from email, to email.
router(config)#event manager environment _email_server Continue Reading...