Pocket commands guide

You must have seen those small “form factor” books named like “Handy command line guide”. Now you can make your own pocket commands guide for Cisco devices.

Well, there is an blog post at ciscoblog.com about a “show parser” command. The “show parser” displays all the commands and their syntax that are known and are available in the CLI. You can create a dump of all available commands, save it info a file, and then if you are looking for a command related to BGP, just grep the output file for BGP.

gw#show parser dump all tftp://s/ListOfCommands-124-15.T4.txt

I was trying to find of how many BGP commands are in the list:

jozjan@stargate:/tftpboot$ grep bgp ListOfCommands-124-15.T4.txt |wc -l
1058

But WOW, there are more OSPF commands than BGP:

jozjan@stargate:/tftpboot$ grep ospf ListOfCommands-124-15.T4.txt | wc -l
1181

:-)

Cisco: Remote CLI access without Login/Password

When I configure a bunch of Cisco gears in lab environment, just for fun or testing some new feature, I like the ability to get CLI access with telnet without having to authenticate myself with any username nor password. You can achieve this level of “insecurity” which is totally great for a lab only use simply by changing the VTY’s configuration.

In normal situations you configure VTY to allow remote CLI access to your device like:

Router>
Router>en
Router#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#line vty 0 4
Router(config-line)#password Cisco
Router(config-line)#login

and then you login to your device (10.0.0.1) with telnet like:

> telnet 10.0.0.1
Trying 10.0.0.1 ... Open

User Access Verification

Password:
Router>
Router>enable
% No password set

(Don’t forget to set up enable password, otherwise you will not reach the privileged exec mode.)

So, to overcome the login screen, and to gain access without authentication it’s enough to turn off the “login”, simple as:

Router#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#line vty 0 4
Router(config-line)#no login

And then the telnet looks like this:

> telnet 10.0.0.1
Trying 10.0.0.1 ... Open

Router>

Well, if you want to make your work even faster, configure a VTY line, so that you will be put directly into a privileged exec mode by setting a VTY’s privilege level to level 15. And don’t forget to turn on one of the greatest CLI feature – the “logging synchronous”. The final configuration then looks like:

Router#sh run | section line vty
line vty 0 4
privilege level 15
logging synchronous
no login

and a telnet login then looks like:

> telnet 10.0.0.1
Trying 10.0.0.1 ... Open

Router#

 

Update (30.8.2008):

I forgot to add the “exec-timeout 0” command. By default, after 15 minutes of inactivity, the device will automatically disconnect your telnet session. With the “exec-timeout” command you can change the default value. If you set it to 0, the device will never try to disconnect your telnet session. It’s very useful on labs. So the final configuration would be:

Router#sh run | section line vty
line vty 0 4
privilege level 15
exec-timeout
logging synchronous
no login

VMWARE ESXi is now FREE!

The battleship of VMWARE, the ESXi server has became a free product! You can download it directly from vmware.com and you are free to use it. Without any restrictions and with all the ESX power!

Ready? Go! Virtualize :-)

HOWTO: Clear the DNS Cache

When you use DNS to resolve hostnames to IP addresses or services end point addresses, and you make a change in your domain zone configuration you have to reload the cached records on your devices so the new addresses will be used for processing. You have two options:

• wait while the DNS cache of your device will expire and your device will send a new DNS query request
• clear the cache manually

On Windows you can clear the DNS cache with the “ ipconfig /flushdns ” command.

On Cisco gears you can use the “ clear hosts * ” enable mode command.

Packet Tracer 5.0 – Unofficial release date

From some sources I’ve got an information that the new Packet Tracer 5.0 is planed to be officially released on Academy Connection on 28th of July 2008.

So on July 28th, be ready to find a new download icon on the left navigation toolbar on your academy connection site to download the final version of PT 5.0.

If you want to know more about new features in PT 5.0, read my previous post.

Access some Cisco.com pages that require higher level CCO without CCO

Today I came across some documentation on cisco.com related to IP Telephony Express and was really disappointed to find that after clicking on the link that was there to find out more about some features, a higher level CCO (guest level was not enough) account was required to access them.

Here I prepared some screenshots:

 
Fig. 1 – Cisco Feature Navigator with a link to a Feature Guide

 
Fig. 2 – CCO account required to access the Feature Guide link from above

Fig. 3 – My guest level CCO account seems to be not enough :-(

So I started to think about it and got to a conclusion that why the hell I have to have higher level CCO to read a documentation that should be publicly available. I mean there is nothing confidential, is there?

So I started to compare URLs that do not require CCO at all, with this link that does required it. And I found a pretty nice “hack” :-)

As it’s shown on fig. 1, this is the link that required higher level CCO account to access it:

http://www.cisco.com/en/US/customer/products/ps6441/products_feature_guide09186a00804a878f.html

Well, I guess that there is some J2EE application server in the background that processes URLs and uses different modules based on what “commands” are in the URL (like en – English language, US – guess that some USA specific stuff, …). I found that if you do not use the “customer” module, then there is no authentication required and the requested page is directly served to you :-)

So the only thing that you have to do to access these kind of URLs even without any CCO account is to remove the “/customer” from the URL. And then it works. Try it:

http://www.cisco.com/en/US/products/ps6441/products_feature_guide09186a00804a878f.html

First Day of July, the First Day of me as an Employee

Since today, I have became a member of thousands of people around a world who are employed in some companies. I am working as a “systems engineer” at Center of Computers (or what’s the official translation) at Technical University of Kosice. I am responsible there mainly for the VoIP Network and for backup systems.