To enable logging after failed login attempts ciscorouter(config)# login on-failure log This logs every time there is a failed login attempt. We can customize the number of failed attempts after which the message is logged. ciscorouter(config)# login on-failure log 3 The above logs the failed attempts after 3 successive failure. Similarly, successful logins can be [...]

We can enforce a time delay after a failed login attempt. As soon as the “login lock-for” option is set, this automatically kicks in with the default value of 1 second. However, this can manually changed to anything upto 10 seconds. ciscorouter(config)# login delay 10 Here we set a delay of 10 seconds after a [...]

Block Logins after failed attempts From the Global configuration mode enter the login block-for command to block login attempts to the Cisco Router and Switches for a set period after a preset number of failed login attempts in a specified period of time. ciscorouter# conf t ciscorouter(config)# login block-for 300 attempts 3 within 60 Here [...]

Sometimes, simple tasks like enabling a bunch of Administratively shutdown ports, assigning a range of switchports to a particular VLAN can become boring and tedious. This is where the “interface range” can help where we can specify a comma seperated list of range of ports or vlans in the interface configuration mode and any command [...]

A Cisco Router running Cisco IOS can function as a Caching or Forwarding DNS Server which answers to DNS queries from clients either from its host table or cache or forward it to a DNS server which can respond to the query. This feature can come in handy in small network environments where the router [...]

Cisco IOS supports multiple IP Addresses on an interface. There will be one Primary IP Address on the interaface and multiple Secondary IP Addresses on the interface. There is no limit on the number of IP Addresses that can be configure on an interface. Configurng multiple IP Addresses on your cisco routers can sometime help [...]

Careful consideration has to be given as this can consume considerable amount of resources like CPU cycles on the Cisco Router. If you are a small network and realise your Cisco ROuter is under utilised then there is a good business case to turn your router into a DNS server. Enable DNS Server From the [...]

When troubleshooting a problem with Access Control lists, one of the things you would want to do is to clear the counters on the ACL matches. In Cisco IOS, you can clear the ACL Matches counters as follows: Clear Counters on All ACLs ciscorouter# clear access-list counters This clears the matches on all the ACLs [...]

If you want to allow a low-priviledged user on a Cisco router or a Switch to view the Startup Config then this can be done in Routers and Switches running Cisco IOS. This infact is a simple 2 step procedure as follows: Set Privileges to view Startup Config From the Global configuration mode, set the [...]

Cisco Routers and Switches with L3 routing functions are seen to have problems with High CPU usage when SNMP is enabled. This can range anything from 15% to 40%. According to Cisco, these are low priority processes and other priority processes requiring CPU cycles are given priority over these processes and this level of CPU [...]

The enhanced password security in Cisco IOS introduced in 12.0(18)S allows an admin to configure MD5 encryption for passwords. Prior to this feature the encryption level on Type 7 passwords used a week encryption and can be cracked easily and the clear text password (type 0) as anyone would know is completely insecure. Anyone who [...]

VLAN Interfaces are required in network scenarios where you have different VLANs and need Inter-VLAN switching on Layer3 (Routing capable) switches. Every VLAN that needs to be routed should have a VLAN interface. Let’s say we have VLAN 10 which hosts the subnet 192.168.10.0 subnet, VLAN hosts 192.168.20.0 subnet and VLAN 30 hosts 192.168.30.0 subnet. [...]

ACLs in Cisco IOS can be used to control traffic flow and to use it as a simple list to define another function like NATing or Route-Maps. Standard Access List (ACL) in Cisco IOS are the simplest and oldest type of ACLs. Standard ACLs simply compare the Source IP Address on the packet against the [...]

Access Control Lists (ACLs) are sequential lists of permit and deny conditions applied to traffic flows on a device interface. ACLs are based on various criteria including protocol type source IP address, destination IP address, source port number, and/or destination port number. ACLs can be used to filter traffic for various purposes including security, monitoring, [...]

Always make sure your PIX has a: o        correct default route. The default is the one with the lots of zeros. aquapix# show route         outside 0.0.0.0 0.0.0.0 97.158.253.30 1 DHCP static         outside 12.210.24.0 255.255.252.0 12.210.27.161 1 CONNECT static         inside 192.168.1.0 255.255.255.0 192.168.1.1 1 CONNECT static aquapix#   o        default gateway that you can “ping”. [...]