Sunday, January 30, 2011

Cisco 1720 Reconfigure

I had the need to reconfigure a Cisco 1720. This router has two Ethernet WICs along with a BRI WIC. Ummm.... it's been a while since I have been in the Cisco IOS so I created a little refresher tutorial for myself as I went and did the work. Maybe you (someone) will find it useful.

A couple of notes: The router's name in all cases was set to JonahHex. I usually back up running-config via TFTP somewhere. You might see output cut and pasted from my Console that does not appear on yours. The version of the Cisco IOS might make a difference on the commands to copy/write/save. I basically wanted to blow the config away and start over. Don't get hung up on a minor difference below since I did this multiple times, so a minor setting might differ from print out to print out.

If you have some insight or correction to make, feel free to post comment. I will publish ASAP.

Have fun!

Delco


Instructions to Reset a Cisco Router Back to Factory Defaults

There are two main methods to return a Cisco router to its original factory defaults. These two methods are described below.

Method 1

This method uses the config-register 0x2102 command in global configuration mode.

1. Check the configuration register on the router by issuing the show version command.

The configuration register setting is displayed in the last line of the show version command output and should be set to 0x2102. If this is not the case, enter the config-register 0x2102 command once in global configuration mode.

In the example below, look the last line

**************** Cisco IOS Version *************************
JonahHex#show ver
Cisco Internetwork Operating System Software
IOS (tm) C1700 Software (C1700-Y-M), Version 12.3(5b), RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2004 by cisco Systems, Inc.
Compiled Fri 16-Jan-04 05:16 by kellythw
Image text-base: 0x80008120, data-base: 0x809FA874

ROM: System Bootstrap, Version 12.0(3)T, RELEASE SOFTWARE (fc1)

JonahHex uptime is 3 minutes
System returned to ROM by power-on
System restarted at 20:48:54 est Sun Jan 9 2011
System image file is "flash:c1700-y-mz.123-5b.bin"

cisco 1720 (MPC860T) processor (revision 0x601) with 24576K/8192K bytes of memory.
Processor board ID JAD05300KGG (76996103), with hardware revision 0000
MPC860T processor: part number 0, mask 32
Bridging software.
X.25 software, Version 3.0.0.
Basic Rate ISDN software, Version 1.1.
1 Ethernet/IEEE 802.3 interface(s)
1 FastEthernet/IEEE 802.3 interface(s)
1 ISDN Basic Rate interface(s)
32K bytes of non-volatile configuration memory.
8192K bytes of processor board System flash (Read/Write)

Configuration register is 0x2102

JonahHex#
***************************************************************
Because the line "Configuration register is 0x2102 it is all set.
If it is no there, then enter the commands below:

JonaHex#configure terminal
JonaHex#(config)#config-register 0x2102
JonaHex#(config)#end
JonaHex#reload

2. If the show version command is issued again, the same line in the command output will have '(will be 0x2102 at next reload)' appended to the current register setting.

3. Erase the current start-up configuration on the router with the write erase command.

JonahHex#write erase
JonaHex#show ver
Erasing the nvram filesystem will remove all configuration files! Continue? [confirm]
Erase of nvram: complete
JonahHex#

4. Reload the router with the reload command. When prompted to save the configuration, DO NOT save.

JonaHex#reload

Proceed with reload? [confirm]

Press RETURN to get started!


Jan 9 20:53:59.795: %PQUICC_ETHER-1-LOSTCARR: Unit 0, lost carrier. Transceiver problem?
Jan 9 20:53:59.803: %LINK-3-UPDOWN: Interface FastEthernet0, changed state to up
Jan 9 20:53:59.803: %LINK-3-UPDOWN: Interface Ethernet0, changed state to up
Jan 9 20:54:00.803: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0, changed state to up
Jan 9 20:54:00.803: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0, changed state to down
Jan 9 20:54:08.815: AUTOINSTALL: FastEthernet0 is assigned 192.168.10.49
Jan 9 20:54:08.819: AUTOINSTALL: Obtain siaddr 192.168.10.4 (as config server)
Jan 9 20:54:08.819: AUTOINSTALL: Obtain default router (opt 3) 192.168.10.1
Jan 9 20:54:16.967: %LINK-5-CHANGED: Interface BRI0, changed state to administratively down
Jan 9 20:54:17.967: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0, changed state to down
Jan 9 20:54:19.123: %LINK-5-CHANGED: Interface Ethernet0, changed state to administratively down
Jan 9 20:54:21.043: %SYS-5-RESTART: System restarted --
Cisco Internetwork Operating System Software
IOS (tm) C1700 Software (C1700-Y-M), Version 12.3(5b), RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2004 by cisco Systems, Inc.
Compiled Fri 16-Jan-04 05:16 by kellythw
Jan 9 20:54:21.083: %SNMP-5-COLDSTART: SNMP agent on host Router is undergoing a cold start

************************************************* This ends the reseting of the Cisco router to factory *******************************

Configure the router

5: After you hit Enter and got to the Router> prompt. Type Setup

Router>enable
Router#setup

--- System Configuration Dialog ---
Would you like to enter the initial configuration dialog? [yes/no]:


6. Choosing yes gives you a wizard that gives you enough settings to get the router basic configurations.

At any point you may enter a question mark '?' for help.
Use ctrl-c to abort configuration dialog at any prompt.
Default settings are in square brackets '[]'.


Basic management setup configures only enough connectivity
for management of the system, extended setup will ask you
to configure each interface on the system

Would you like to enter basic management setup? [yes/no]:

7. Enter Y (You should have some basic information for the router, like name of router, IP address for at least one interface, etc., ahead of time

Enter host name [Router]:JonahHex

The enable secret is a password used to protect access to
privileged EXEC and configuration modes. This password, after
entered, becomes encrypted in the configuration.
Enter enable secret:mycisco

The enable password is used when you do not specify an
enable secret password, with some older software versions, and
some boot images.
Enter enable password:mycisco2

The virtual terminal password is used to protect
access to the router over a network interface.
Enter virtual terminal password:mycisco
Configure SNMP Network Management? [no]:y
Community string [public]:public
Current interface summary

Interface IP-Address OK? Method Status Protocol
FastEthernet0 192.168.10.49 YES DHCP up up
Ethernet0 unassigned YES unset administratively down down
BRI0 unassigned YES unset administratively down down
BRI0:1 unassigned YES unset administratively down down
BRI0:2 unassigned YES unset administratively down down

Enter interface name used to connect to the
management network from the above interface summary:FastEthernet0
Configuring interface FastEthernet0:
Use the 100 Base-TX (RJ-45) connector? [yes]:y
Operate in full-duplex mode? [no]:y
Configure IP on this interface? [yes]:y
IP address for this interface [192.168.10.49]:192.168.10.6
Subnet mask for this interface [255.255.255.0] :

Configuring interface FastEthernet0:
Use the 100 Base-TX (RJ-45) connector? [yes]:
Operate in full-duplex mode? [no]:
Configure IP on this interface? [yes]:
IP address for this interface [192.168.10.49]: 192.168.10.6
Subnet mask for this interface [255.255.255.0] :
Class C network is 192.168.10.0, 24 subnet bits; mask is /24

The following configuration command script was created:

hostname JonahHex
enable secret 5 $1$u09L$HuPWT0sRNS.kwIQ8xMyWz0
enable password cisco2
line vty 0 4
password mycisco
snmp-server community mynet
!
no ip routing

!
interface Ethernet0
shutdown
no ip address
!
interface FastEthernet0
no shutdown
media-type 100BaseX
full-duplex
ip address 192.168.10.6 255.255.255.0
!
end


[0] Go to the IOS command prompt without saving this config.
[1] Return back to the setup without saving this config.
[2] Save this configuration to nvram and exit.

Enter your selection [2]:

8. At this point select number 2

Enter your selection [2]:2

Building configuration...
[OK]
Use the enabled mode 'configure' command to modify this configuration.

JonahHex#

8. At this point you can do a:

JonahHex#show run

and a

JonahHex#show start

Both of this config files should be the same.

9. Test your configuration.

JonahHex#reload
Proceed with reload? [confirm]y

The router should reboot and reload.

10.When you see the message Press Enter to get started, press Enter. You will get to the prompt, then type enable, then enter the cosole password you set above mycisco

JonahHex>enable
Password:
JonahHex#

********************************** This ends the part about creating a basic cisco configuration *******************************

At this point I want to make sure any error or console messages are not appearing in the middle of the lines as I am typing.

11. At the # prompt type

JonahHex#config t
JonahHex(config)#line console 0
JonahHex(config-line)#JonahHex(config-line)#loggin sync level all

12. The following only do in a lab router or make sure you change later because it will leave console open forever if you walk away!!!
JonahHex(config-line)#Exec-timeout 0 0
JonahHex(config-line)#exit

13. If I am getting this message: %Error opening tftp://255.255.255.255/cisconet.cfg (Timed out)
JonahHex(config)#no service config

14. Backup my work to the startup-configuration, otherwise if you reboot you will lose all your work.

JonahHex#copy run start
Destination filename [startup-config]?
Building configuration...
[OK]
JonahHex#

15. I am a test crazy guy, so I again reload. If you are sure and don't want to, that is ok.

JonahHex#reload
Proceed with reload? [confirm]y

*********************************** End this part of the configuration ***********************************************************

Get the darn thing to route
16. After reload, and I am again in the router, and I am in privaleged mode by entering enable, and my console password, I want to get this thing to route.
This router has multiple interfaces, but I am only interested in two. FastEthernet0 and Ethernet0.
This is because I am routing IP over ethernet, not a WAN T1 or BRI (Isdn).

At the # type show run
JohanHex#show ver

Look at this part of the config file:

interface Ethernet0
no ip address
no ip route-cache
shutdown
half-duplex
!
interface FastEthernet0
ip address 192.168.10.6 255.255.255.0
no ip route-cache
speed auto
full-duplex

Look at the Ethernet0, there is no ip address and the interface is shutdown.

17. Configure IP address for Ethernet0 interface

JonahHex#config t
Enter configuration commands, one per line. End with CNTL/Z.
JonahHex(config)#int ethernet0
JonahHex(config-if)#ip address 192.168.20.6 255.255.255.0
JonahHex(config-if)#no shutdown
JonahHex(config-if)#exit
JonahHex(config)#exit
JonahHex#show run

Look for the following in the running-config

interface Ethernet0
ip address 192.168.20.6 255.255.255.0
no ip route-cache
half-duplex
!
interface FastEthernet0
ip address 192.168.10.6 255.255.255.0
no ip route-cache
speed auto
full-duplex

Notice now we have an ip address, and the interface is not shudown. If you do not have an ethernet cable in the port, you will get some messages about a possible transiever problem. Putting a loopback takes care of that, but then you get collisions messages. If you don't care about the messages, just ignore them right now.

18. I want to save run to start, and yes test again, you can skip reload if you like.

JonahHex#copy run start
JonahHex#reload

************************************************** End setting up the other Interace *********************************

Finish setting up routing

19. Well let's look at a couple of things. We have two interfaces set up on the router with different subnets 192.168.10.0, and 192.168.20.0.
If I ping each interface from the router, and if I ping one node on each subnet, I get echo back. See below:

JonahHex#
Jan 9 21:10:08.563: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0, changed state to up
JonahHex#ping 192.168.10.6

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.10.6, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
JonahHex#ping 192.168.20.6

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.20.6, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
JonahHex#ping 192.168.10.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.10.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/201/1000 ms
JonahHex#ping 192.168.20.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.20.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/200/1000 ms
JonahHex#

20. If I ping from 192.168.10.0 on some node to 192.168.20.6, I do not get a reply, and I cannot ping beyond it. In my case, this is where my main network is, and the gateway is set for the internet gateway.

21. If I ping from 192.168.20.0 on some node to 192.168.20.6, and 192.168.10.6, I do get a reply, but it will not go past 192.168.10.6
Make sure node on the 20.x network has the gateway set to 192.168.20.6.

22. We have to to tell the router to "route". Notice the show run line below were it says "no ip routing"

memory-size iomem 25
no aaa new-model
ip subnet-zero
no ip routing
!
--More--

23. Tell it to route

JonahHex#config t
JonahHex(config)#ip routing
JonahHex(config)#exit
JonahHex#show run

memory-size iomem 25
no aaa new-model
ip subnet-zero

Notice that the line "no ip routing" is gone

24. Add Gateway to router - this would be the existing gateway you are using now for internet or in cisco speak the gateway of last resort

JohanHex#config t
JonahHex(config)#ip route 0.0.0.0 0.0.0.0 192.68.10.1

25. Now if you do a show run again

JonahHex#show run
Building configuration...

Current configuration : 926 bytes
!
! Last configuration change at 21:26:40 UTC Sun Jan 9 2011
! NVRAM config last updated at 21:26:46 UTC Sun Jan 9 2011
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname JonahHex
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$u09L$HuPWT0sRNS.kwIQ8xMyWz0
enable password mycisco
!
memory-size iomem 25
no aaa new-model
ip subnet-zero
!
!
!
ip cef
!
!
!
!
interface BRI0
no ip address
shutdown
!
interface Ethernet0
ip address 192.168.20.6 255.255.255.0
half-duplex
!
interface FastEthernet0
ip address 192.168.10.6 255.255.255.0
speed auto
full-duplex
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.10.1
no ip http server
!
snmp-server community homenet RO
snmp-server enable traps tty
!
line con 0
exec-timeout 0 0
logging synchronous level all
line aux 0
line vty 0 4
password mycisco
login
!
no scheduler allocate
!
end

JonahHex#

You should be ok. If you need full routing to work, make sure that on the Gateway, you add route to the 192.168.20.0
route 192.168.20.0 255.255.255.0 192.168.10.6
********************** End of finish setting up routing ***************************************

Monday, January 24, 2011

Framework NGEN

Real quick, here is an error that I have seen probably too many times:

The Microsoft .NET Framework NGEN v4.0.3010_x86 service on local computer started and stopped. Some Services stop anutomatically if they have work to do for example, the Performace logs and alert service.

While the statement is true, the way I found to fix this, is to:

1. Uninstall Microsoft .NET Framework 4 Client Profile
2. Uninstall Microsoft .NET Framework 4 Extender
3. Download Microsoft .NET 4 : dotNetFx40_Full_setup
4. Reinstall

Delco

Sunday, January 23, 2011

Bada Bing Bada Boom - Silverlight

You know Mr. Microsoft, you now Bing, and it is not bad search engine; but what is up with Silverlight? It's not that I think it is bad, it's just a pain every time I am on a machine and I want to watch one of your online videos, but it is not enough that I have Flash, Java, QuickTime, and everything else, but now I need Silverlight. Could of you just not used what everybody else uses? I don't know, just asking. Why Silverlight? Somebody tell me why please. Thanks.

Delco

Monday, January 10, 2011

Put Literati on Wifi ( Where is the MAC Address? )

Family member brought the Literati over to my house over the weekend, and me being the techno weirdo that I am, wanted to put it on my Wireless Network. As an added roadblock to my script kiddies neighbors or passerby(s), I usually use MAC filtering, and I noticed some poor fellow out there in the cloud struggling with it also.

Actually, the Literati is quite straight forward where it displays it's MAC address which is nice seeing some devices bury it deep in the bowels of the config, stats or network setups.

1. Select Menu button.
2. About

Should be right there.

If you are looking for this it will be 12 digit Hex code that looks like 00:00:00:00:00:00 - Hex can be any of 16 characters ranging from 0,...9,A,B,C,D,E,F

You will need that to add to the MAC filtering list on your wireless router.

Delco

Saturday, January 8, 2011

Spiceworks Software Scans Not always Accurate

Spiceworks is a great product. Great because it does a good job and it is free from costs; but like all software, and especially software that audits other software, there is sometimes some discrepancies. As you can see in the graphic below, even though Spiceworks correctly identifies that I have two installations of Microsoft Security Essentials, and that the version numbers are correct, it is a little confusing about what the numbers of the versions relate to: Software or Virus Signatures.

I compared the two machines and they were both exactly the same, but Spiceworks used the different numbers to report on the Dashboard.



Delco

Restoring or Moving Spiceworks

This is a straight forward procedure. Spiceworks backs up the data structure and creates a zip file containing all the Spiceworks folders. So it makes it really easy to restore or move the Spiceworks installation.

Follow this link to Spiceworks Community How to.

Delco

Friday, January 7, 2011

Getting WMI to work with Spiceworks and Windows OS(es)

Actually, not just Spiceworks, but any software that needs information from WMI or might need remote administration privileges. If you have better solutions or workarounds, please feel free to comment on this topic.

Windows 7 per Spiceworks Group:

Tried this and did not work although it is what is specified:

netsh advfirewall firewall set rule group="windows management instrumentation (wmi)" new enable=yes
netsh advfirewall firewall set rule group="remote administration" new enable=yes

Then I did this and it worked

1. Check Ping

2. netsh firewall set service remoteadmin enable

3. Create reg and merge:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=dword:00000005
"ConsentPromptBehaviorUser"=dword:00000003
"EnableInstallerDetection"=dword:00000001
"EnableLUA"=dword:00000001
"EnableSecureUIAPaths"=dword:00000001
"EnableUIADesktopToggle"=dword:00000000
"EnableVirtualization"=dword:00000001
"ValidateAdminCodeSignatures"=dword:00000000
"dontdisplaylastusername"=dword:00000001
"legalnoticecaption"=""
"legalnoticetext"=""
"scforceoption"=dword:00000000
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"FilterAdministratorToken"=dword:00000000
"PromptOnSecureDesktop"=dword:00000000
"DisableCAD"=dword:00000001
"DontDisplayLockedUserId"=dword:00000003
"LocalAccountTokenFilterPolicy"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\UIPI]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\UIPI\Clipboard]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\UIPI\Clipboard\ExceptionFormats]
"CF_TEXT"=dword:00000001
"CF_BITMAP"=dword:00000002
"CF_OEMTEXT"=dword:00000007
"CF_DIB"=dword:00000008
"CF_PALETTE"=dword:00000009
"CF_UNICODETEXT"=dword:0000000d
"CF_DIBV5"=dword:00000011

Windows XP:

1. turn on icmp
2. added port 135
3. netsh firewall set service remoteadmin enable
4 netsh firewall set service remoteadmin enable subnet

Windows 2008:

Turn on icmp:

Firewall with Advanced Settings
Find: File and Print Sharing (Echo Requests-icmpv4-in) ENABLE THIS

You can also try netsh firewall set icmpsetting 8 (disable)

netsh firewall set service remoteadmin enable

Windows Home Server

Windows XP:

1. turn on icmp
2. netsh firewall set service remoteadmin enable
3. netsh firewall set service remoteadmin enable subnet

Might have to add port 135, I did not at this time

Delco

Tuesday, January 4, 2011

DD-WRT Port Forwarding to wrong IP address

Techbyte:

I had a port forward set up for a particular address. Now I had disabled the port forward months ago. I then created a new port forward for the same port, this case it was 443, but the machine that it hit was the old one. Not only that, even after I deleted all the rules for the old port forwards in addition to the 443 like port 80, still went to the old machine. The new one I added to port 3389 worked. This persisted like I said even though they were deleted and I even rebooted the router.

What I needed to do was set UPNP to clear port forwards on boot. Like a cache. I assume that if I would unplugged it and restarted it would of done the same thing, but it was not at my location.

See Screen shot below (click to see larger image)



Delco

Monday, January 3, 2011

Use Autodialer with Skype

Do you use Skype? Do you have to all a number and all you get is busy, busy, busy- Especially a toll free number?

You know you try to call the IRS or some other Government agency and what do you expect? You expect busy dial tone.

Try this, use Skype, go to the Tools, Extras and "Get Extras" search for Autodialer, or just for Moolight21, install it. You might get a prompt that a program is trying to use Skype. You have to say yes. Now it will sit in your service tray down by the clock.

Once installed, when you call the number, Moonlight will continually autodial until you either connect (Get human), or the number exceeds the times you told it to autodial.

You can configure how many times it tries and how many seconds between tries among other options.

Anyway, this was a cool free way to sit there and try to hit autodial on my land line phone, or struggle with my Blackberry.

Use at your own risk and responsibly :)

Delco