Pages

NetScreen commands.



  • Get clock: show system time
  • get config: to get device configuration
  • save: to save changes to config
  • get system : gets system information, Netscreen mode
  • get session info : shows load on the firewall 85+ implies there will be some latency
  • get interface : shows interfaces, zones
  • get address trust/unturst: shows defined network objects
  • get Arp : shows firewall Arp entries
  • get route : shows firewall routes
  • get service : shows firewall services
  • get group address : network groups
  • get group service : service groups
  • get policy in/out : shows applied firewall policies
  • get log traffic : shows firewall logs – options: based on src/dst/IP/port
  • unset : to remove a config statement
  • get user all : shows vpn users
  • get log event : shows vpn logs
  • get MIP : shows one to one Nat’s
  • get VIP : shows configured port forwarding rules
  • get route ip x.x.x.x: finds the specific route for an ip
  • set policy id xx : put you in a specific policy then you can add more objects it instead of creating a group

To disable a command : unset
Labels:

Enable ssh on NetScreen 5gt

set ssh version v2
set ssh enable
Labels:

Cisco ASA troubleshooting

  • If cannot login to ASA via SSH or Telnet
   #aaa authentication ssh console LOCAL
Labels:

Configure time, time zone, summer time on Cisco switch


Samples:
#clock timezone utc -5
#clock summer-time utc-5 date Mar 9 2014 2:00 Nov 2 2014 2:00

The 2nd Sunday or March start summer time;The 1st Sunday of Novemver end the summer time
#clock summer-time utc-5 recurring 2 Sunday March 02:00 1 Sunday November 02:00

Labels:

ASA useful commands

1.To show what ports are opened on ASA

#show asp table socket
Labels:

Reset Cisco 1800 router to factory default

Reset Cisco 1800 router to factory default
-Connected via console
-Ctrl-Break to get to "Rommon 1>" prompt
-Entered 'confreg 0x142'
-Entered 'reset'
-Entered save running-config startup-config
-Power off/on
-Ctrl-Break to get to "Rommon 1>" prompt
-Entered 'confreg 0x2102'
-Entered 'reset'
Labels:

Resetting a Cisco ASA 5510 to Factory Defaults


  1. Connect your console cable and make sure you can see the command prompt for the ASA. 
  2. Power cycle the appliance – flick the power switch on the front off and on again. 
  3. Watch the boot progress, and when prompted, press Esc to interrupt the boot and enter ROM Monitor mode. you should now see the rommon prompt: 
    4. rommon #0>
  4. Enter the confreg command to view the current Configuration Register setting: 
    5. rommon #0> confreg
  5. The appliance will most probably have the default Configuration Register setting of 0×01. Answer no when it asks you if you want to change the Configuration Register setting. 
  6. Change the Configuration Register to 0×41, which causes the appliance to bypass its saved config at boot: 
    7. rommon #1> confreg 0×41
  7. Reboot the appliance with the boot command: 
    8. rommon #2> boot
  8. The appliance bypasses its startup configuration. When it finishes booting, you should see the default prompt: 
    9. ciscoasa>
  9. Enter the enable command to enter Privileged Mode. The default password is blank, so when the appliance prompts you for a password, simply press return: 
    10. ciscoasa> enable
  10. Erase the startup config by issuing the write erase command: 
    11. ciscoasa# write erase
  11. Enter Configuration Mode: 
    12. ciscoasa# configure terminal
  12. Reset the Configuration Register to the default of 0×01: 
    13. ciscoasa(config)# config-register 0×01
  13. Exit from Configuration mode: 
    14. ciscoasa(config)# exit
  14. Verify the Configuration Register settings by issuing the Show Version command: 
    15. ciscoasa# show version
  15. At the bottom of the output, you should see the Configuration Register settings:Configuration register is 0×41 (will be 0×1 at next reload) 
  16. Save the settings by issuing the write command: 
    17. ciscoasa# write
  17. Reboot the appliance: 
    18. ciscoasa# reload
  18. When the appliance reboots, it will have a basic factory default configuration, with a blank password. 
Labels:

Enable ASDM

#http server enable
#http 0.0.0.0 0.0.0.0 inside
#asdm image flash:asdm-621.bin
Labels:

Switch Interface Configuration

Configure switch port with macro

  • Define macro
   #define interface-range ccie f0/1 – 2, f0/4, f0/6 – 10
  • Configure interface
   #Interface range macro ccie
   #description abc
Labels:
Subscribe to: Posts (Atom)