Cisco

Sometimes you need to remove SSH so that your customer will be able to access SSH behind NAT.

You can do this by means of :

no crypto key generate rsa

you device will reply you : no no !! You must do this :

crypto key zeroize rsa

such as :

Router(config)#no crypto key generate rsa 
% Use 'crypto key zeroize rsa' to delete signature keys.

Router(config)#crypto key zeroize rsa
% All RSA keys will be removed.
% All router certs issued using these keys will also be removed.
Do you really want to remove these keys? [yes/no]: yes
Router(config)#

For those of you who are planning your CCIE v5 lab, it can be useful to plan it by means of a spreadsheet instead of the PDF you can download on CLN.

You can download a XLS file here : blueprint-ccie-lab-v5.

All is in the title. After more than one year to study, I pass today CCIE R&S Written v4 :)

Cisco has released recently lot of materials to be friend with their new technologies. You can know learn more about IOS XE with Cisco CSR1000v  (it is a virtual router based on Cisco IOS XE code) and more recently (02/07/14) you can download Cisco IOS XRv 5.1. You can download it as a demo version (2M of bandwidth, AAA preconfigured, … : some restrictions). It is a virtual machine that you can import in VMware ESX VM.

It is finally out !

The v5.0 of the CCIE exam is here. There are lot of exciting new features to learn :) It will be great. In a first lecture, you can see these new things :

• L2VPN
• DMVPN
• IPSEC
• IS-IS
• EPC (Embedded Packet Capture)
• VSS
• difference between IOS and IOS XE

The things which are removed :

• Flexlink
• L2PT
• Frame-Relay
• RSVP
• WRR/SRR
• WCCP

The Lab is now in three parts :

• TS : as always troubleshooting on virtual equipments (1h30 through 2h (30 minutes shared with CONF))
• DIAG : closed-ended troubleshooting questions (30 minutes)
• CONF : configure the lab (5h30 through 6h (30 minutes shared with TS))

More to read about CCIE RS v5.0 :

If you search why your rules are applied by PPTP VPN sessions are not albe to established with an error 619 (on windows plateform) :

ASA# conf t
ASA(config)# policy-map global_policy
ASA(config)# (config-pmap)# class inspection_default
ASA(config)# inspect pptp
ASA(config)#

and :

ASA(config)# access-list outbound extended permit gre any any
ASA(config)# access-list outbound extended permit tcp any any eq pptp
ASA(config)# access-group outbound in interface inside

Have fun :)

For those of us like me who are working towards CCIE, you are certainly aware of the fact that CCIE v4 will be raised to v5. For INE.com, it seems that Frame-Relay (replaced by DMVPN), and some other features will be replaced.

I am studying really for fun now : I am studying Frame-Relay now :)

This is for me a new concept I don’t have any see anymore. I only imagine inter-vlan routing by L3 switch or router on a stick.

But you can make this kind of architecture :

In this case : as the request is originated from S1 (who has RA as gateway) to S2.

• RA acts as router : MAC src = RA ; MAC dsst = S2 in vlan 2

Return :

Finally a good explanation of what DF bit does ;)

Thanks to ipspace, it makes me smile :)

 

How to make the path through R2 to 99.99.99.1 prefered over throught R3 ???