Podcasts about cisco ios

  • 26PODCASTS
  • 69EPISODES
  • 36mAVG DURATION
  • ?INFREQUENT EPISODES
  • Apr 9, 2024LATEST

POPULARITY

20172018201920202021202220232024


Best podcasts about cisco ios

Latest podcast episodes about cisco ios

DSO Overflow
S4Ep4 - IoT, AI and DevSecOps with Darren Richardson

DSO Overflow

Play Episode Listen Later Apr 9, 2024 34:07


DSO Overflow S4EP4IoT, AI and DevSecOpswithDarren RichardsonIn this month's episode, Jess and Glenn speak with networking graduate, security enthusiast, coder and giant with a great bushy beard Darren Richardson from Eficode.Darren is an IT graduate specializing in system administration, network operation and information security with experience in Cisco IOS operation and network management. He has a passion for information security with a bias towards offensive security and ethical hacking.In this episode, Darren talks about the inherent security challenges of using IoT devices, and discusses the intersection of AI and DevSecOps and how AI is changing the way we do DevOps.Resources mentioned in this podcast:Darren's LinkedIn profileEficode's websiteDSO Overflow is a DevSecOps London Gathering production. Find the audio version on all good podcast sources like Spotify, Apple Podcast and Buzzsprout.This podcast is brought to you by our sponsors:  Prisma Cloud, Tigera and ApiiroYour HostsSteve Giguere linkedin.com/in/stevegiguereGlenn Wilson linkedin.com/in/glennwilsonJessica Cregg linkedin.com/in/jessicacreggDevSecOps - London GatheringKeep in touch with our events associated with this podcast via our website.For more about DevSecOps - London Gathering check out https://dsolg.com

Storm⚡️Watch by GreyNoise Intelligence

The StormWatch podcast episode from October 31, 2023, began with the hosts in a light-hearted mood, donning costumes for Halloween. The hosts discussed the latest happenings in the cybersecurity world, focusing on the latest phones, developments at Censys and GreyNoise, and important cybersecurity news. They also touched on conspiracy theories. The hosts were in costumes, with one host dressed as the Invisible Man, another as Louise Belcher from Bob's Burgers, and another as Cozy Bear, a reference to APT 29, a cyber espionage group. They also discussed their "scariest vulnerabilities," with one host mentioning the mercenary spyware like Pegasus as a significant concern. The hosts then discussed the recent security breaches involving Okta, Beyond Trust, and 1Password. They praised 1Password for their transparent and detailed response to the incident. They also discussed the recent vulnerabilities found in SolarWinds and the subsequent charges filed by the SEC against SolarWinds and their Chief Information Security Officer for fraud and internal control failures. The hosts also discussed a tool called cvecrowd.com, which tracks CVE mentions on Mastodon, a social network. They praised the tool for its usefulness in tracking cybersecurity vulnerabilities and incidents. They also mentioned an upcoming event at a brewery where they would discuss threat hunting techniques and tips. The hosts then discussed the recent vulnerabilities found in Cisco IOS, with one host sharing her findings from her investigation into the vulnerabilities. They also discussed the importance of patching and updating systems to protect against these vulnerabilities. This Episodes Slides >> Join our Community Slack >> Learn more about GreyNoise >>  

Paul's Security Weekly
Meet the Cyber Mercenary Who Can Overthrow a Government - Chris Rock - PSW #803

Paul's Security Weekly

Play Episode Listen Later Oct 20, 2023 167:53


Chris Rock is a Cyber Mercenary who has worked in the Middle East, US and Asia for the last 30 years working for both government and private organizations. ˇHe is the Chief Information Security Officer and co-founder of SIEMonster. Chris has presented three times at the largest hacking conference in the world, DEFCON in Las Vegas on controversial vulnerabilities. Chris is also the author of the Baby Harvest, a book based on criminals and terrorists using virtual babies and fake deaths for financing. He has also been invited to speak at TED global. In the Security News: Fried squid is tasty, but the squid proxy is vulnerable, Flipper zero and other tools can now BLE Spam more than just Apple devices, Cisco IOS vulnerability in the web interface, again, is Signal vulnerable?, WinRAR being exploit, still, Math.Random is not really all that random, get your malware samples, and my inside look into Android TV devices, malware, and the horrors of the supply chain! All that and more on this episode of Paul's Security Weekly! Visit https://www.securityweekly.com/psw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/psw-803

Paul's Security Weekly (Podcast-Only)
Meet the Cyber Mercenary Who Can Overthrow a Government - Chris Rock - PSW #803

Paul's Security Weekly (Podcast-Only)

Play Episode Listen Later Oct 20, 2023 167:53


Chris Rock is a Cyber Mercenary who has worked in the Middle East, US and Asia for the last 30 years working for both government and private organizations. ˇHe is the Chief Information Security Officer and co-founder of SIEMonster. Chris has presented three times at the largest hacking conference in the world, DEFCON in Las Vegas on controversial vulnerabilities. Chris is also the author of the Baby Harvest, a book based on criminals and terrorists using virtual babies and fake deaths for financing. He has also been invited to speak at TED global. In the Security News: Fried squid is tasty, but the squid proxy is vulnerable, Flipper zero and other tools can now BLE Spam more than just Apple devices, Cisco IOS vulnerability in the web interface, again, is Signal vulnerable?, WinRAR being exploit, still, Math.Random is not really all that random, get your malware samples, and my inside look into Android TV devices, malware, and the horrors of the supply chain! All that and more on this episode of Paul's Security Weekly! Visit https://www.securityweekly.com/psw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/psw-803

Paul's Security Weekly (Video-Only)
Fried Squid, Flipper Zero BLM Spam, Apple Devices, Signal Vulns? & Android TV Devices - PSW #803

Paul's Security Weekly (Video-Only)

Play Episode Listen Later Oct 19, 2023 103:36


In the Security News: Fried squid is tasty, but the squid proxy is vulnerable, Flipper zero and other tools can now BLE Spam more than just Apple devices, Cisco IOS vulnerability in the web interface, again, is Signal vulnerable?, WinRAR being exploit, still, Math.Random is not really all that random, get your malware samples, and my inside look into Android TV devices, malware, and the horrors of the supply chain! All that and more on this episode of Paul's Security Weekly! Show Notes: https://securityweekly.com/psw-803

Paul's Security Weekly TV
Fried Squid, Flipper Zero BLM Spam, Apple Devices, Signal Vulns? & Android TV Devices - PSW #803

Paul's Security Weekly TV

Play Episode Listen Later Oct 19, 2023 103:36


In the Security News: Fried squid is tasty, but the squid proxy is vulnerable, Flipper zero and other tools can now BLE Spam more than just Apple devices, Cisco IOS vulnerability in the web interface, again, is Signal vulnerable?, WinRAR being exploit, still, Math.Random is not really all that random, get your malware samples, and my inside look into Android TV devices, malware, and the horrors of the supply chain! All that and more on this episode of Paul's Security Weekly! Show Notes: https://securityweekly.com/psw-803

Storm⚡️Watch by GreyNoise Intelligence
Storm⚡️Watch - BREAKING NEWS - 10/18/23

Storm⚡️Watch by GreyNoise Intelligence

Play Episode Listen Later Oct 18, 2023 20:44


This "Breaking News" edition of the Storm Watch podcast begins with the hosts introducing themselves and their guest, Mark from Censys. The hosts discuss the recent surge in activity around a new Cisco IOS vulnerability and the subsequent system implants. Censys has published a blog post on the topic and discovered that approximately 41,983 hosts had this implant installed, an increase of about 5,000 to 6,000 from the previous day. The hosts discuss the unique nature of this implant, noting that it does not persist through reboots or maintenance. However, attackers can establish a more permanent threshold or entry point post-implant pre-reboot. The hosts also discuss the development of a scan profile for this vulnerability, which was facilitated by information provided by Talos in their blog post. Then they discuss the distribution of the affected hosts, noting that they are spread across many different autonomous system organizations. They speculate that many of the affected systems are likely small businesses or residential users who received their devices from their Internet Service Providers (ISPs). The hosts also note that many different entities are scanning for this vulnerability, some of which are unknown, indicating that many people are opportunistically jumping on this issue. The hosts conclude the podcast by discussing the severity of this vulnerability, noting that it provides top-tier, or "God mode," access to people's networks. They encourage listeners to stay informed and safe, and they express hope that they won't have to report on another breaking news issue before their next scheduled episode. Be sure to check out the GreyNoise blog for more details and updates on this active vulnerability. Episode Slides >> Join our Community Slack >> Learn more about GreyNoise >>  

Storm⚡️Watch by GreyNoise Intelligence

On this episode of Storm Watch the hosts discuss a recent vulnerability in the Cisco IOS software, which they describe as a "legit terrible vulnerability". This vulnerability can be triggered to place an implant on a Cisco device, granting the attacker full access to the device. They emphasize that this is a serious issue and encourage listeners to look into it further. They also discuss a vulnerability in WordPad, which they find surprising given that WordPad is often forgotten about. They note that Microsoft has claimed to have updated WordPad to address this vulnerability and also that Microsoft is abandoning WordPad (though they made an update for this vuln). The hosts also discuss the importance of blocking outbound NTLM over SMB in Windows, with Glenn emphasizing that organizations should not allow SMB outbound from their perimeter. They discuss the challenges of restricting outbound internet access for the general user base, noting that it would require an application firewall and could potentially lead to a large number of help desk tickets. Another topic of discussion is a recent blog post by Vulncheck, which reveals that many devices have already been compromised due to the iOS software vulnerability. They note that the compromised devices were found in Digital Ocean, which they find amusing.  Finally the team reviews recent GreyNoise Tags, additions to CISA KEV, a new "KEV API" open-source tool, and the new KEV "ransomware" field, with a daily-updated visualization by GreyNoise. Episode Slides >> Join our Community Slack >> Learn more about GreyNoise >>    

ALEF SecurityCast
Ep#192 - Univerzita Obrany Neubránila Svá Data

ALEF SecurityCast

Play Episode Listen Later Oct 3, 2023 7:01


Shrnutí týdne 38/23. Kapitoly: 00:00 Úvod 00:36 Univerzitě Obrany Utekla Data 01:47 Měsíc Kybernetické Bezpečnosti 03:18 USA a Japonsko Varují Před Čínskými Hackery 04:52 Zranitelnost v Cisco IOS a IOS XE 06:03 Google Urgetně Patchuje Chrome 06:49 Meme Of The Week Odkazy: https://thehackernews.com/2023/09/upd... https://thehackernews.com/2023/09/cis... https://www.bleepingcomputer.com/news... www.stanovo.cz  #ITBezpecnost #IT #Novinky #Bezpecnost

Configuration Examples with KevTechify for the Cisco Certified Network Associate (CCNA)
Use a TFTP Server to Upgrade a Cisco IOS Image - Network Management - Configuration Examples for Enterprise Networking, Security, and Automation - CCNA - KevTechify | podcast 85

Configuration Examples with KevTechify for the Cisco Certified Network Associate (CCNA)

Play Episode Listen Later Dec 7, 2022 22:03


In this episode we are going to look at Use a TFTP Server to Upgrade a Cisco IOS Image.A TFTP server can help manage the storage of IOS images and revisions to IOS images. For any network, it is good practice to keep a backup copy of the Cisco IOS Software image in case the system image in the router becomes corrupted or accidentally erased. A TFTP server can also be used to store new upgrades to the IOS and then deployed throughout the network where it is needed. In this activity, we will upgrade the IOS images on Cisco devices by using a TFTP server. We will also backup an IOS image with the use of a TFTP server. We will be Upgrading an IOS Image on a Cisco Device and Backing up an IOS Image on a TFTP Server.Thank you so much for listening to this episode of my series on Enterprise Networking, Security, and Automation for the Cisco Certified Network Associate (CCNA).Once again, I'm Kevin and this is KevTechify. Let's get this adventure started.All my details and contact information can be found on my website, https://KevTechify.com-------------------------------------------------------Cisco Certified Network Associate (CCNA)Configuration Examples for Enterprise Networking, Security, and Automation v3 (ENSA)Network ManagementLab 10.7.6 - Use a TFTP Server to Upgrade a Cisco IOS ImagePodcast Number: 85Season: 1-------------------------------------------------------Equipment I like.Home Lab ►► https://kit.co/KevTechify/home-labNetworking Tools ►► https://kit.co/KevTechify/networking-toolsStudio Equipment ►► https://kit.co/KevTechify/studio-equipment 

Configuration Examples with KevTechify for the Cisco Certified Network Associate (CCNA)
Basic Device Configuration - Basic Router Configuration - Configuration Examples for Introduction to Networks - CCNA - KevTechify | podcast 15

Configuration Examples with KevTechify for the Cisco Certified Network Associate (CCNA)

Play Episode Listen Later Jun 27, 2022 58:27


In this episode we are going to look at configuring Basic Device Configuration.Our network manager is impressed with our performance in our job as a LAN technician. She would like us to demonstrate your ability to configure a router that connects two LANs. Our tasks include configuring basic settings on a router and a switch using the Cisco IOS. We will also configure IPv6 addresses on network devices and hosts. We will then verify the configurations by testing end-to-end connectivity. Our goal is to establish connectivity between all devices. We will be discussing Complete the network documentation, Perform basic device configurations on a router and a switch, an finally Verify connectivity and troubleshoot any issues.Thank you so much for watching this episode of my series on Configuration Examples for the Cisco Certified Network Associate (CCNA).Once again, I'm Kevin and this is KevTechify. Let's get this adventure started.All my details and contact information can be found on my website, https://KevTechify.comYouTube Channel: https://YouTube.com/KevTechify-------------------------------------------------------Cisco Certified Network Associate (CCNA)Configuration Examples for Introduction to Networks v1 (ITN)Basic Router ConfigurationLab 10.4.3 - Basic Device ConfigurationPod Number: 15Season: 1-------------------------------------------------------Equipment I like.Home Lab ►► https://kit.co/KevTechify/home-labNetworking Tools ►► https://kit.co/KevTechify/networking-toolsStudio Equipment ►► https://kit.co/KevTechify/studio-equipment 

Configuration Examples with KevTechify for the Cisco Certified Network Associate (CCNA)
Basic Switch and End Device Configuration - Basic Switch and End Device Configuration - Configuration Examples for Introduction to Networks - CCNA - KevTechify | podcast 5

Configuration Examples with KevTechify for the Cisco Certified Network Associate (CCNA)

Play Episode Listen Later Jun 3, 2022 26:42


In this episode we are going to look at Configuring Basic Switch and End Device Configuration.As a recently hired LAN technician, our network manager has asked us to demonstrate our ability to configure a small LAN. Our tasks include configuring initial settings on two switches using the Cisco IOS and configuring IP address parameters on host devices to provide end-to-end connectivity. We are to use two switches and two hosts/PCs on a cabled and powered network.We will be discussing Configure hostnames and IP addresses on two Cisco Internetwork Operating System (IOS) switches using the command-line interface (CLI), use Cisco IOS commands to specify or limit access to the device configurations, use IOS commands to save the running configuration, configure two host devices with IP addresses, and finally verify connectivity between the two PC end devices.Thank you so much for watching this episode of my series on Configuration Examples for the Cisco Certified Network Associate (CCNA).Once again, I'm Kevin and this is KevTechify. Let's get this adventure started.All my details and contact information can be found on my website, https://KevTechify.comYouTube Channel: https://YouTube.com/KevTechify-------------------------------------------------------Cisco Certified Network Associate (CCNA)Configuration Examples for Introduction to Networks v1 (ITN)Basic Switch and End Device ConfigurationLab 2.9.1 - Basic Switch and End Device ConfigurationLab Number: 5Pod Number: 5Season: 1-------------------------------------------------------Equipment I like.Home Lab ►► https://kit.co/KevTechify/home-labNetworking Tools ►► https://kit.co/KevTechify/networking-toolsStudio Equipment ►► https://kit.co/KevTechify/studio-equipment  

Configuration Examples with KevTechify for the Cisco Certified Network Associate (CCNA)
Navigate the IOS - Basic Switch and End Device Configuration - Configuration Examples for Introduction to Networks - CCNA - KevTechify | pod 2

Configuration Examples with KevTechify for the Cisco Certified Network Associate (CCNA)

Play Episode Listen Later May 27, 2022 24:04


In this episode we are going to look at Navigating the IOS.We'll look at the skills necessary for navigating the Cisco IOS, such as different user access modes, various configuration modes, and common commands used on a regular basis. We will also practice accessing the context-sensitive Help by configuring the clock command.We will be looking at Establishing Basic Connections, Accessing the CLI, and finally Explore Help, Explore EXEC Modes, Set the Clock.Thank you so much for watching this episode of my series on Configuration Examples for the Cisco Certified Network Associate (CCNA).Once again, I'm Kevin and this is KevTechify. Let's get this adventure started.All my details and contact information can be found on my website, https://KevTechify.comYouTube Channel: https://YouTube.com/KevTechify-------------------------------------------------------Cisco Certified Network Associate (CCNA)                                                                                                            Configuration Examples for Introduction to Networks v1 (ITN)Basic Switch and End Device ConfigurationLab 2.3.7 - Navigate the IOSLab Number: 2Pod Number: 2-------------------------------------------------------Equipment I like.Home Lab ►► https://kit.co/KevTechify/home-labNetworking Tools ►► https://kit.co/KevTechify/networking-toolsStudio Equipment ►► https://kit.co/KevTechify/studio-equipment 

Switching, Routing, and Wireless Essentials with KevTechify on the Cisco Certified Network Associate (CCNA)
Configure a Cisco IOS Dynamic Host Configuration Protocol v4 (DHCPv4) Server - DHCPv4 - Switching, Routing, and Wireless Essentials - CCNA - KevTechify | Podcast 24

Switching, Routing, and Wireless Essentials with KevTechify on the Cisco Certified Network Associate (CCNA)

Play Episode Listen Later Mar 15, 2022 27:20


In this episode we are going to look at Configure a Cisco IOS Dynamic Host Configuration Protocol v4 (DHCPv4) Server.We will be discussing Cisco IOS Dynamic Host Configuration Protocol v4 (DHCPv4) Server, Steps to Configure a Cisco IOS DHCPv4 Server, Configuration Example, DHCPv4 Verification Commands, Verify DHCPv4 is Operational, Disable the Cisco IOS DHCPv4 Server, DHCPv4 Relay, and other Service Broadcasts Relayed.Thank you so much for listening to this episode of my series on Switching, Routing, and Wireless Essentials for the Cisco Certified Network Associate (CCNA).Once again, I'm Kevin and this is KevTechify. Let's get this adventure started.All my details and contact information can be found on my website, https://KevTechify.com-------------------------------------------------------Cisco Certified Network Associate (CCNA)Switching, Routing, and Wireless Essentials v2Episode 7 - DHCPv4Part B - Configure a Cisco IOS DHCPv4 ServerPodcast Number: 24-------------------------------------------------------Equipment I like.Home Lab ►► https://kit.co/KevTechify/home-labNetworking Tools ►► https://kit.co/KevTechify/networking-toolsStudio Equipment ►► https://kit.co/KevTechify/studio-equipment  

Introduction to Networks with KevTechify on the Cisco Certified Network Associate (CCNA)
Cisco IOS Access - Basic Switch and End Device Configuration - Introduction to Networks - CCNA - KevTechify | Podcast 10

Introduction to Networks with KevTechify on the Cisco Certified Network Associate (CCNA)

Play Episode Listen Later Mar 1, 2022 8:05


In this episode we are going to look at Cisco IOS Access.We will be discussing Operating Systems, GUI, Purpose of an OS, Access Methods, and Terminal Emulation Programs.Thank you so much for listening to this episode of my series on Introduction to Networks for the Cisco Certified Network Associate (CCNA).Once again, I'm Kevin and this is KevTechify. Let's get this adventure started.All my details and contact information can be found on my website, https://KevTechify.com-------------------------------------------------------Cisco Certified Network Associate (CCNA)Introduction to Networks v1Episode 2 - Basic Switch and End Device ConfigurationPart A - Cisco IOS AccessPodcast Number: 10-------------------------------------------------------Equipment I like.Home Lab ►► https://kit.co/KevTechify/home-labNetworking Tools ►► https://kit.co/KevTechify/networking-toolsStudio Equipment ►► https://kit.co/KevTechify/studio-equipment  

Network Security with KevTechify on the Cisco Certified Network Associate (CCNA)
Secure Cisco IOS Image and Configuration Files - Device Monitoring and Management - Network Security - KevTechify | Podcast 19

Network Security with KevTechify on the Cisco Certified Network Associate (CCNA)

Play Episode Listen Later Feb 20, 2022 19:29


In this episode we are going to look at Secure Cisco IOS Image and Configuration Files.We will be discussing Cisco IOS Resilient Configuration Feature, Enable the IOS Image Resilience Feature, The Primary Bootset Image, Configure Secure Copy, and Recover a Router Password.Thank you so much for listening to this episode of my series on Network Security.Once again, I'm Kevin and this is KevTechify. Let's get this adventure started.http://KevTechify.com***********************************Network Security v1Episode 6 - Device Monitoring and ManagementPart A- Secure Cisco IOS Image and Configuration FilesPodcast Number: 19

David Bombal
#325: Ansible Network Automation

David Bombal

Play Episode Listen Later Oct 5, 2021 62:51


Learn how to use Ansible to automate Cisco IOS network devices. This is the future: Network Automation using Ansible and Python. If you want to be a network engineer in future, you need to learn Cisco DevNet and automation technologies. Menu: Welcome: 0:00 Who is Donald? 0:12 Books that Donald wrote: 1:00 What is Ansible and why is it recommended? 1:22 Idempotency: 2:27 Create a project: 3:50 Create a hosts.ini file: 4:20 Agent vs agentless / puppet vs ansible: 5:00 What does Ansible use to connect to devices: 7:40 New / Better way of doing things (hosts.yml): 17:40 Which is better? 23:20 Global ansible.cfg file: 24:01 Never use tab: 27:30 Create a repository: 27:55 Do you need to use Git: 30:20 Is Linux recommended? Or is Windows ok? 30:35 Can you use a Mac? 31:24 Redo the process using public github: 31:52 Files on github: 35:34 Copy files to the Ansible server: 36:02 Create a virtual environment: 37:55 Install Ansible: 38:38 Check the ansible docs: 41:40 Run Ansible adhoc commands: 43:55 What did ping do? 46:20 What is an Ansible playbook: 47:50 Create Ansbile playbook: 48:20 Run Ansible Playbooks: 53:09 Add an IP address: 56:06 Code: https://github.com/the-packet-thrower... Amazon books: https://amzn.to/2Wm639i ================ Connect with me: ================ Discord: https://discord.com/invite/usKSyzb Twitter: https://www.twitter.com/davidbombal Instagram: https://www.instagram.com/davidbombal LinkedIn: https://www.linkedin.com/in/davidbombal Facebook: https://www.facebook.com/davidbombal.co TikTok: http://tiktok.com/@davidbombal YouTube: https://www.youtube.com/davidbombal ================= Connect with Donald: ================= LinkedIn: https://www.linkedin.com/in/the-packe... Blog: https://the-packet-thrower.com/ GitHub: https://github.com/the-packet-thrower... ansible devnet cisco devnet ansible automation network automation python Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! #ansible #devnet #ccna

7 Minute Security
7MS #474: Password Cracking in the Cloud - Part 3

7 Minute Security

Play Episode Listen Later Jun 30, 2021 46:12


Hey friends! Today we're dusting off an old mini-series about password cracking in the cloud (check out part 1 and part 2) and sharing some awesome info on building a monster of a cracking rig in AWS! One reason we haven't talked about password cracking in the cloud in a while is because back in winter of 2019 I built baby's first password cracking. Unfortunately, this week, Hashy (the name I gave to the rig) is overheating, and GPUs are impossible to find, so what's a pentester to do? Well, in today's episode I talk about this article from Sevnx which walks you through building a virtual password-cracking beast in the cloud. The article (complemented by a sweet video) will get you running in short order. WARNING: running this instance is super expensive (the author warns the instance would cost ~$9k/month if you left it run continuously). The steps are pretty straightforward, but between reboots I found that hashcat acted all wonky. Luckily, the article addresses that with this great tip: Pro tip: Save the Cuda download somewhere. If you ever turn your cracker off and get errors running hashcat when you turn it back on, re-run the install line. We think AWS sometimes refreshes the drivers or something and hashcat doesn't like it very much. If you need help installing one of my fave tools, hatecrack check out my password cracking in the cloud gist. Also, our buddy Joe pointed me towards a utility called duplicut to help de-dupe large password-cracking wordlists. Once the AWS instance is setup, what kind of stats do we get out of this demon? Here's the result of hashcat -b: Hashmode: 0 - MD5 Speed.#1.........: 55936.1 MH/s (47.79ms) @ Accel:32 Loops:1024 Thr:1024 Vec:8 Speed.#2.........: 55771.4 MH/s (47.94ms) @ Accel:32 Loops:1024 Thr:1024 Vec:8 Speed.#3.........: 55827.0 MH/s (47.88ms) @ Accel:32 Loops:1024 Thr:1024 Vec:8 Speed.#4.........: 55957.7 MH/s (47.78ms) @ Accel:32 Loops:1024 Thr:1024 Vec:8 Speed.#*.........: 223.5 GH/s Hashmode: 100 - SHA1 Speed.#1.........: 17830.1 MH/s (75.08ms) @ Accel:16 Loops:1024 Thr:1024 Vec:1 Speed.#2.........: 17774.0 MH/s (75.21ms) @ Accel:16 Loops:1024 Thr:1024 Vec:1 Speed.#3.........: 17780.9 MH/s (75.26ms) @ Accel:16 Loops:1024 Thr:1024 Vec:1 Speed.#4.........: 17795.6 MH/s (75.22ms) @ Accel:16 Loops:1024 Thr:1024 Vec:1 Speed.#*.........: 71180.6 MH/s Hashmode: 1400 - SHA2-256 Speed.#1.........: 7709.9 MH/s (86.84ms) @ Accel:8 Loops:1024 Thr:1024 Vec:1 Speed.#2.........: 7718.3 MH/s (86.75ms) @ Accel:8 Loops:1024 Thr:1024 Vec:1 Speed.#3.........: 7710.4 MH/s (86.75ms) @ Accel:8 Loops:1024 Thr:1024 Vec:1 Speed.#4.........: 7694.4 MH/s (87.02ms) @ Accel:8 Loops:1024 Thr:1024 Vec:1 Speed.#*.........: 30833.0 MH/s Hashmode: 1700 - SHA2-512 Speed.#1.........: 2399.8 MH/s (69.70ms) @ Accel:8 Loops:256 Thr:1024 Vec:1 Speed.#2.........: 2401.1 MH/s (69.68ms) @ Accel:8 Loops:256 Thr:1024 Vec:1 Speed.#3.........: 2397.3 MH/s (69.78ms) @ Accel:8 Loops:256 Thr:1024 Vec:1 Speed.#4.........: 2400.3 MH/s (69.70ms) @ Accel:8 Loops:256 Thr:1024 Vec:1 Speed.#*.........: 9598.5 MH/s Hashmode: 22000 - WPA-PBKDF2-PMKID+EAPOL (Iterations: 4095) Speed.#1.........: 866.5 kH/s (94.23ms) @ Accel:16 Loops:256 Thr:1024 Vec:1 Speed.#2.........: 866.7 kH/s (94.21ms) @ Accel:16 Loops:256 Thr:1024 Vec:1 Speed.#3.........: 865.6 kH/s (94.30ms) @ Accel:16 Loops:256 Thr:1024 Vec:1 Speed.#4.........: 866.7 kH/s (94.20ms) @ Accel:16 Loops:256 Thr:1024 Vec:1 Speed.#*.........: 3465.5 kH/s Hashmode: 1000 - NTLM Speed.#1.........: 102.2 GH/s (26.05ms) @ Accel:32 Loops:1024 Thr:1024 Vec:8 Speed.#2.........: 102.3 GH/s (26.05ms) @ Accel:32 Loops:1024 Thr:1024 Vec:8 Speed.#3.........: 102.2 GH/s (26.07ms) @ Accel:32 Loops:1024 Thr:1024 Vec:8 Speed.#4.........: 102.3 GH/s (26.04ms) @ Accel:32 Loops:1024 Thr:1024 Vec:8 Speed.#*.........: 409.0 GH/s Hashmode: 3000 - LM Speed.#1.........: 41104.7 MH/s (64.74ms) @ Accel:512 Loops:1024 Thr:64 Vec:1 Speed.#2.........: 40216.5 MH/s (66.11ms) @ Accel:512 Loops:1024 Thr:64 Vec:1 Speed.#3.........: 40507.3 MH/s (65.89ms) @ Accel:512 Loops:1024 Thr:64 Vec:1 Speed.#4.........: 39181.4 MH/s (68.13ms) @ Accel:512 Loops:1024 Thr:64 Vec:1 Speed.#*.........: 161.0 GH/s Hashmode: 5500 - NetNTLMv1 / NetNTLMv1+ESS Speed.#1.........: 55861.0 MH/s (47.87ms) @ Accel:32 Loops:1024 Thr:1024 Vec:2 Speed.#2.........: 55864.3 MH/s (47.87ms) @ Accel:32 Loops:1024 Thr:1024 Vec:2 Speed.#3.........: 55519.4 MH/s (47.98ms) @ Accel:32 Loops:1024 Thr:1024 Vec:2 Speed.#4.........: 55826.6 MH/s (47.89ms) @ Accel:32 Loops:1024 Thr:1024 Vec:2 Speed.#*.........: 223.1 GH/s Hashmode: 5600 - NetNTLMv2 Speed.#1.........: 3968.0 MH/s (84.37ms) @ Accel:4 Loops:1024 Thr:1024 Vec:1 Speed.#2.........: 3968.1 MH/s (84.38ms) @ Accel:4 Loops:1024 Thr:1024 Vec:1 Speed.#3.........: 3965.6 MH/s (84.38ms) @ Accel:4 Loops:1024 Thr:1024 Vec:1 Speed.#4.........: 3967.8 MH/s (84.37ms) @ Accel:4 Loops:1024 Thr:1024 Vec:1 Speed.#*.........: 15869.5 MH/s Hashmode: 1500 - descrypt, DES (Unix), Traditional DES Speed.#1.........: 1752.8 MH/s (95.32ms) @ Accel:32 Loops:1024 Thr:64 Vec:1 Speed.#2.........: 1729.3 MH/s (96.65ms) @ Accel:32 Loops:1024 Thr:64 Vec:1 Speed.#3.........: 1749.5 MH/s (95.53ms) @ Accel:32 Loops:1024 Thr:64 Vec:1 Speed.#4.........: 1740.6 MH/s (96.01ms) @ Accel:32 Loops:1024 Thr:64 Vec:1 Speed.#*.........: 6972.3 MH/s Hashmode: 500 - md5crypt, MD5 (Unix), Cisco-IOS $1$ (MD5) (Iterations: 1000) Speed.#1.........: 24882.8 kH/s (50.59ms) @ Accel:16 Loops:1000 Thr:1024 Vec:1 Speed.#2.........: 24828.0 kH/s (50.60ms) @ Accel:16 Loops:1000 Thr:1024 Vec:1 Speed.#3.........: 24865.7 kH/s (50.60ms) @ Accel:16 Loops:1000 Thr:1024 Vec:1 Speed.#4.........: 24849.6 kH/s (50.59ms) @ Accel:16 Loops:1000 Thr:1024 Vec:1 Speed.#*.........: 99426.0 kH/s Hashmode: 3200 - bcrypt $2*$, Blowfish (Unix) (Iterations: 32) Speed.#1.........: 69071 H/s (54.00ms) @ Accel:4 Loops:16 Thr:24 Vec:1 Speed.#2.........: 68818 H/s (54.25ms) @ Accel:4 Loops:16 Thr:24 Vec:1 Speed.#3.........: 68926 H/s (54.13ms) @ Accel:4 Loops:16 Thr:24 Vec:1 Speed.#4.........: 69013 H/s (54.04ms) @ Accel:4 Loops:16 Thr:24 Vec:1 Speed.#*.........: 275.8 kH/s Hashmode: 1800 - sha512crypt $6$, SHA512 (Unix) (Iterations: 5000) Speed.#1.........: 386.4 kH/s (84.04ms) @ Accel:8 Loops:256 Thr:1024 Vec:1 Speed.#2.........: 377.9 kH/s (85.68ms) @ Accel:8 Loops:256 Thr:1024 Vec:1 Speed.#3.........: 372.3 kH/s (86.76ms) @ Accel:8 Loops:256 Thr:1024 Vec:1 Speed.#4.........: 382.7 kH/s (84.51ms) @ Accel:8 Loops:256 Thr:1024 Vec:1 Speed.#*.........: 1519.3 kH/s Hashmode: 7500 - Kerberos 5, etype 23, AS-REQ Pre-Auth Speed.#1.........: 1177.0 MH/s (71.08ms) @ Accel:256 Loops:128 Thr:32 Vec:1 Speed.#2.........: 1175.4 MH/s (71.17ms) @ Accel:256 Loops:128 Thr:32 Vec:1 Speed.#3.........: 1171.5 MH/s (71.28ms) @ Accel:256 Loops:128 Thr:32 Vec:1 Speed.#4.........: 1177.4 MH/s (71.05ms) @ Accel:256 Loops:128 Thr:32 Vec:1 Speed.#*.........: 4701.3 MH/s Hashmode: 13100 - Kerberos 5, etype 23, TGS-REP Speed.#1.........: 1068.5 MH/s (78.29ms) @ Accel:32 Loops:1024 Thr:32 Vec:1 Speed.#2.........: 1069.4 MH/s (78.25ms) @ Accel:32 Loops:1024 Thr:32 Vec:1 Speed.#3.........: 1068.4 MH/s (78.32ms) @ Accel:32 Loops:1024 Thr:32 Vec:1 Speed.#4.........: 1068.6 MH/s (78.29ms) @ Accel:32 Loops:1024 Thr:32 Vec:1 Speed.#*.........: 4275.0 MH/s Hashmode: 15300 - DPAPI masterkey file v1 (Iterations: 23999) Speed.#1.........: 148.5 kH/s (93.95ms) @ Accel:8 Loops:512 Thr:1024 Vec:1 Speed.#2.........: 148.4 kH/s (93.99ms) @ Accel:8 Loops:512 Thr:1024 Vec:1 Speed.#3.........: 148.5 kH/s (93.96ms) @ Accel:8 Loops:512 Thr:1024 Vec:1 Speed.#4.........: 148.4 kH/s (93.95ms) @ Accel:8 Loops:512 Thr:1024 Vec:1 Speed.#*.........: 593.8 kH/s Hashmode: 15900 - DPAPI masterkey file v2 (Iterations: 12899) Speed.#1.........: 80610 H/s (80.47ms) @ Accel:4 Loops:256 Thr:1024 Vec:1 Speed.#2.........: 80606 H/s (80.47ms) @ Accel:4 Loops:256 Thr:1024 Vec:1 Speed.#3.........: 80596 H/s (80.48ms) @ Accel:4 Loops:256 Thr:1024 Vec:1 Speed.#4.........: 80378 H/s (80.46ms) @ Accel:4 Loops:256 Thr:1024 Vec:1 Speed.#*.........: 322.2 kH/s Hashmode: 7100 - macOS v10.8+ (PBKDF2-SHA512) (Iterations: 1023) Speed.#1.........: 1002.4 kH/s (78.60ms) @ Accel:32 Loops:31 Thr:1024 Vec:1 Speed.#2.........: 1002.4 kH/s (78.60ms) @ Accel:32 Loops:31 Thr:1024 Vec:1 Speed.#3.........: 1002.1 kH/s (78.62ms) @ Accel:32 Loops:31 Thr:1024 Vec:1 Speed.#4.........: 1002.7 kH/s (78.58ms) @ Accel:32 Loops:31 Thr:1024 Vec:1 Speed.#*.........: 4009.6 kH/s Hashmode: 11600 - 7-Zip (Iterations: 16384) Speed.#1.........: 897.6 kH/s (82.05ms) @ Accel:4 Loops:4096 Thr:1024 Vec:1 Speed.#2.........: 896.4 kH/s (82.09ms) @ Accel:4 Loops:4096 Thr:1024 Vec:1 Speed.#3.........: 893.3 kH/s (83.60ms) @ Accel:4 Loops:4096 Thr:1024 Vec:1 Speed.#4.........: 912.4 kH/s (81.95ms) @ Accel:4 Loops:4096 Thr:1024 Vec:1 Speed.#*.........: 3599.7 kH/s Hashmode: 12500 - RAR3-hp (Iterations: 262144) Speed.#1.........: 116.6 kH/s (60.91ms) @ Accel:16 Loops:16384 Thr:128 Vec:1 Speed.#2.........: 111.4 kH/s (63.61ms) @ Accel:16 Loops:16384 Thr:128 Vec:1 Speed.#3.........: 111.6 kH/s (63.63ms) @ Accel:16 Loops:16384 Thr:128 Vec:1 Speed.#4.........: 115.0 kH/s (61.81ms) @ Accel:16 Loops:16384 Thr:128 Vec:1 Speed.#*.........: 454.7 kH/s Hashmode: 13000 - RAR5 (Iterations: 32799) Speed.#1.........: 93248 H/s (54.69ms) @ Accel:16 Loops:128 Thr:1024 Vec:1 Speed.#2.........: 93202 H/s (54.72ms) @ Accel:16 Loops:128 Thr:1024 Vec:1 Speed.#3.........: 93009 H/s (54.70ms) @ Accel:16 Loops:128 Thr:1024 Vec:1 Speed.#4.........: 93241 H/s (54.69ms) @ Accel:16 Loops:128 Thr:1024 Vec:1 Speed.#*.........: 372.7 kH/s Hashmode: 6211 - TrueCrypt RIPEMD160 + XTS 512 bit (Iterations: 1999) Speed.#1.........: 672.2 kH/s (55.34ms) @ Accel:16 Loops:64 Thr:1024 Vec:1 Speed.#2.........: 672.1 kH/s (55.34ms) @ Accel:16 Loops:64 Thr:1024 Vec:1 Speed.#3.........: 671.4 kH/s (55.34ms) @ Accel:16 Loops:64 Thr:1024 Vec:1 Speed.#4.........: 672.2 kH/s (55.34ms) @ Accel:16 Loops:64 Thr:1024 Vec:1 Speed.#*.........: 2687.9 kH/s Hashmode: 13400 - KeePass 1 (AES/Twofish) and KeePass 2 (AES) (Iterations: 24569) Speed.#1.........: 111.2 kH/s (122.52ms) @ Accel:32 Loops:128 Thr:1024 Vec:1 Speed.#2.........: 111.1 kH/s (122.55ms) @ Accel:32 Loops:128 Thr:1024 Vec:1 Speed.#3.........: 111.2 kH/s (122.58ms) @ Accel:32 Loops:128 Thr:1024 Vec:1 Speed.#4.........: 111.2 kH/s (122.52ms) @ Accel:32 Loops:128 Thr:1024 Vec:1 Speed.#*.........: 444.7 kH/s Hashmode: 6800 - LastPass + LastPass sniffed (Iterations: 499) Speed.#1.........: 5944.3 kH/s (35.66ms) @ Accel:8 Loops:249 Thr:1024 Vec:1 Speed.#2.........: 5942.0 kH/s (35.66ms) @ Accel:8 Loops:249 Thr:1024 Vec:1 Speed.#3.........: 5939.0 kH/s (35.67ms) @ Accel:8 Loops:249 Thr:1024 Vec:1 Speed.#4.........: 5943.8 kH/s (35.66ms) @ Accel:8 Loops:249 Thr:1024 Vec:1 Speed.#*.........: 23769.0 kH/s Hashmode: 11300 - Bitcoin/Litecoin wallet.dat (Iterations: 200459) Speed.#1.........: 11370 H/s (73.48ms) @ Accel:2 Loops:1024 Thr:1024 Vec:1 Speed.#2.........: 11355 H/s (73.50ms) @ Accel:2 Loops:1024 Thr:1024 Vec:1 Speed.#3.........: 11369 H/s (73.49ms) @ Accel:2 Loops:1024 Thr:1024 Vec:1 Speed.#4.........: 11370 H/s (73.49ms) @ Accel:2 Loops:1024 Thr:1024 Vec:1 Speed.#*.........: 45464 H/s For a real world example, I had ~1,500 NTLM hashes to crack that I ran through some of the hatecrack methodology, and here's how the instance performed: 100 LM hashes discovered, all cracked in 7 minutes (heh, 7 minutes :-) Ran hatecrack's quick crackw ith no rules: done in 7 minutes, cracked 108 accounts Quick crack against one rule to rule them all: ran in 25 minutes, got got 271 new passwords Ran extensive hatecrack methodology, it ran for a little over 2 hours and got 88 new passwords. All said and done, about 1/3 of the passwords cracked in about 3 hours. Not bad! Don't forget, the second you're done with your cracking efforts, SHUT THE BOX DOWN! Otherwise you're in for a sour surprise come AWS billing day :-( On a few personal notes: Last Comic Standing was the show I couldn't think of during the episode :-) After a toxic non-toxic foam pit incident a few years ago, my family and I had another injury this weekend with a rented waterslide - the fun ended in a concussion!

David Bombal
#176: CML 2.1 is almost here! What's changed?

David Bombal

Play Episode Listen Later Aug 10, 2020 12:53


Some fantastic changes in CML 2.1! Wireshark, dark mode and more.

More Than Just Code podcast - iOS and Swift development, news and advice

Friend of the show Dan sports an MTJC face mask and friend of the show Dee asks about CloudKit use. Canadians can now opt out of Clearview AI facial recognition, with a catch. We discuss Big Sur - Working / Not Working Apps. Apple updates coding programs and resources for educators and students. SoftBank mulls sale of Arm Holdings, could Apple be a potential buyer? Apple wins appeal against EU’s $14.9 billion tax bill. Apple releases iOS and iPadOS 13.6, macOS 10.15.6, and watchOS 6.2.8. Apple files ‘Path to Apple Card’ patent application in Canada. Apple reportedly plans to release 13-inch, 14-inch and 16-inch ARM-based MacBooks. Rene Ritchie: Wrong About the Apple Silicon Mac. Unreal’s new iPhone app does live motion capture with Face ID sensors. What’s new in SwiftUI from Swift with Majid. Creating Lists with Collection View. Picks: List of Apple codenames, Apple promotes working from home in relatable new video featuring ‘The Underdogs’, Circle of Fifths, How To Create A GitHub Profile README, NotificationCenter.Publisher.

David Bombal
#150: CML FAQs: Wireshark, passwords, Docker and more.

David Bombal

Play Episode Listen Later Jun 9, 2020 7:19


How do you capture packets in CML? Is Wireshark available? Is Docker supported? What are devices passwords? How do I add interfaces to devices? These are some of the questions I answer in this video. Cisco CML-P (VIRL 2) is here: Learn how to download, install and configure Cisco CML-P (VIRL 2) in my series of videos. The new version of Cisco VIRL allows you to create virtual Cisco networks using just your Web browser. You don't have to use a thick client or any other software - everything is included and everything is easy to use. The new version of Cisco VIRL 2 is one of your best options for CCNA, CCNP and CCIE Labs. VIRL 2 has multiple advantages over other platforms such as GNS3 or EVE-NG. VIRL 2 supports an HTML5 web client and contains all the Cisco IOS images. You don't have to use a thick client like you do with GNS3. You don't have to follow a convoluted process to get Cisco images working like you do with EVE-NG. You don't have to try to find images as they are all included as part of your VIRL subscription and by simply mapping an ISO drive to your virtual machine you can immediately start using all Cisco IOS images in your topologies. VIRL2 is also an official Cisco product - that means that you don't have to worry about any legal issues with regards to running Cisco IOS images on your laptop. This is an official Cisco product that is supported by Cisco. By paying your yearly subscription fee of $199, you can use Cisco IOS images such as IOSv, IOSvL2, ASAv, NX-OSv and others without any worries. VIRL 2 has everything you need to get started. Cisco have made massive changes to their certification programs and it is fantastic to see the new version of VIRL in action. Menu: Overview: 0:01 Wireshark captures: 0:53 Default usernames and passwords: 3:08 Does CML support Docker? 4:57 Add additional interfaces: 5:24 ====================== Special Offers: ====================== Cisco Press: Up to 50% discount Save every day on Cisco Press learning products! Use discount code BOMBAL during checkout to save 35% on print books (plus free shipping in the U.S.), 45% on eBooks, and 50% on video courses and simulator software. Offer expires December 31, 2020. Shop now. Link: bit.ly/ciscopress50 Boson software: 15% discount Link: bit.ly/boson15 Code: DBAF15P GNS3 Academy: CCNA ($10): bit.ly/gns3ccna10 Wireshark ($10): bit.ly/gns3wireshark DavidBombal.com CCNA ($10): bit.ly/ccnafor10 Wireshark ($9): bit.ly/wireshark9 ====================== Free and trial Network Software: ====================== Engineers Toolset: http://bit.ly/gns3toolset Solar-PuTTY: http://bit.ly/SolarPutty SolarWinds NPM: http://bit.ly/getnpm CML-P CML-E Cisco Modeling Labs Personal VIRL VIRL 2 EVE-NG GNS3 Packet Tracer CCNA Cisco Devnet Associate CCNP Enterprise CCNP Security CCNP Data Center CCNP Service Provider CCNP Collaboration Cisco Certified Devnet Professional Cisco Certified Network Professional Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! #cml #devnet #ciscocml

David Bombal
#149: CML FAQs: How to connect to external networks?

David Bombal

Play Episode Listen Later Jun 9, 2020 8:33


How do you connect CML to a physical network? Well, here I show you how to use both bridged and NAT modes to connect your CML networks to a WiFi network. Cisco CML-P (VIRL 2) is here: Learn how to download, install and configure Cisco CML-P (VIRL 2) in my series of videos. The new version of Cisco VIRL allows you to create virtual Cisco networks using just your Web browser. You don't have to use a thick client or any other software - everything is included and everything is easy to use. The new version of Cisco VIRL 2 is one of your best options for CCNA, CCNP and CCIE Labs. VIRL 2 has multiple advantages over other platforms such as GNS3 or EVE-NG. VIRL 2 supports an HTML5 web client and contains all the Cisco IOS images. You don't have to use a thick client like you do with GNS3. You don't have to follow a convoluted process to get Cisco images working like you do with EVE-NG. You don't have to try to find images as they are all included as part of your VIRL subscription and by simply mapping an ISO drive to your virtual machine you can immediately start using all Cisco IOS images in your topologies. VIRL2 is also an official Cisco product - that means that you don't have to worry about any legal issues with regards to running Cisco IOS images on your laptop. This is an official Cisco product that is supported by Cisco. By paying your yearly subscription fee of $199, you can use Cisco IOS images such as IOSv, IOSvL2, ASAv, NX-OSv and others without any worries. VIRL 2 has everything you need to get started. Cisco have made massive changes to their certification programs and it is fantastic to see the new version of VIRL in action. Menu: Overview 0:01 Bridge CML to physical network: 0:35 NAT CML to physical network 5:03 ====================== Special Offers: ====================== Cisco Press: Up to 50% discount Save every day on Cisco Press learning products! Use discount code BOMBAL during checkout to save 35% on print books (plus free shipping in the U.S.), 45% on eBooks, and 50% on video courses and simulator software. Offer expires December 31, 2020. Shop now. Link: bit.ly/ciscopress50 Boson software: 15% discount Link: bit.ly/boson15 Code: DBAF15P GNS3 Academy: CCNA ($10): bit.ly/gns3ccna10 Wireshark ($10): bit.ly/gns3wireshark DavidBombal.com CCNA ($10): bit.ly/ccnafor10 Wireshark ($9): bit.ly/wireshark9 ====================== Free and trial Network Software: ====================== Engineers Toolset: http://bit.ly/gns3toolset Solar-PuTTY: http://bit.ly/SolarPutty SolarWinds NPM: http://bit.ly/getnpm CML-P CML-E Cisco Modeling Labs Personal VIRL VIRL 2 EVE-NG GNS3 Packet Tracer CCNA Cisco Devnet Associate CCNP Enterprise CCNP Security CCNP Data Center CCNP Service Provider CCNP Collaboration Cisco Certified Devnet Professional Cisco Certified Network Professional Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! #cml #virl2 #devnet

David Bombal
#148: CML FAQs: How to export and import labs & configs?

David Bombal

Play Episode Listen Later Jun 9, 2020 11:40


How do I export and import CML topologies and configurations David? This is a frequency asked question I receive. In this video I'll show you how to export and import (1) CML topologies (2) CML topologies and configurations. The configuration files are exported as YAML files - a really intuitive and easy to read format. Cisco CML-P (VIRL 2) is here: Learn how to download, install and configure Cisco CML-P (VIRL 2) in my series of videos. The new version of Cisco VIRL allows you to create virtual Cisco networks using just your Web browser. You don't have to use a thick client or any other software - everything is included and everything is easy to use. The new version of Cisco VIRL 2 is one of your best options for CCNA, CCNP and CCIE Labs. VIRL 2 has multiple advantages over other platforms such as GNS3 or EVE-NG. VIRL 2 supports an HTML5 web client and contains all the Cisco IOS images. You don't have to use a thick client like you do with GNS3. You don't have to follow a convoluted process to get Cisco images working like you do with EVE-NG. You don't have to try to find images as they are all included as part of your VIRL subscription and by simply mapping an ISO drive to your virtual machine you can immediately start using all Cisco IOS images in your topologies. VIRL2 is also an official Cisco product - that means that you don't have to worry about any legal issues with regards to running Cisco IOS images on your laptop. This is an official Cisco product that is supported by Cisco. By paying your yearly subscription fee of $199, you can use Cisco IOS images such as IOSv, IOSvL2, ASAv, NX-OSv and others without any worries. VIRL 2 has everything you need to get started. Cisco have made massive changes to their certification programs and it is fantastic to see the new version of VIRL in action. Menu: ====================== Special Offers: ====================== Cisco Press: Up to 50% discount Save every day on Cisco Press learning products! Use discount code BOMBAL during checkout to save 35% on print books (plus free shipping in the U.S.), 45% on eBooks, and 50% on video courses and simulator software. Offer expires December 31, 2020. Shop now. Link: bit.ly/ciscopress50 Boson software: 15% discount Link: bit.ly/boson15 Code: DBAF15P GNS3 Academy: CCNA ($10): bit.ly/gns3ccna10 Wireshark ($10): bit.ly/gns3wireshark DavidBombal.com CCNA ($10): bit.ly/ccnafor10 Wireshark ($9): bit.ly/wireshark9 ====================== Free and trial Network Software: ====================== Engineers Toolset: http://bit.ly/gns3toolset Solar-PuTTY: http://bit.ly/SolarPutty SolarWinds NPM: http://bit.ly/getnpm CML-P CML-E Cisco Modeling Labs Personal VIRL VIRL 2 EVE-NG GNS3 Packet Tracer CCNA Cisco Devnet Associate CCNP Enterprise CCNP Security CCNP Data Center CCNP Service Provider CCNP Collaboration Cisco Certified Devnet Professional Cisco Certified Network Professional Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! #cml #virl2 #devnet

David Bombal
#141: CML 2.0 Is Here! Quick Start Guide

David Bombal

Play Episode Listen Later May 19, 2020 24:17


Cisco have released Cisco Modeling Labs - Personal (CML-P) today. In this video I show you how to get CML running on a Windows 10 computer and create Cisco topologies. I'll cover all the steps in this video: 1) How to download CML 2) How to download and install VMware Player (free hypervisor software) 3) How to import CML and properly configure VMware Player settings 4) How to configure CML initial settings such as usernames and IP addresses 5) How to access the CML server using the CLI and Web UI 6) How to license the CML server 7) How to build a Cisco topology consisting of Cisco routers and switches This is a full demonstration showing you how to get CML working on your computer. Cisco CML-P (VIRL 2) is almost here: Learn how to download, install and configure Cisco CML-P (VIRL 2) using VMware Player and Windows 10. The new version of Cisco VIRL allows you to create virtual Cisco networks using just your Web browser. You don't have to use a thick client or any other software - everything is included and everything is easy to use. The new version of Cisco VIRL 2 is one of your best options for CCNA, CCNP and CCIE Labs. VIRL 2 has multiple advantages over other platforms such as GNS3 or EVE-NG. VIRL 2 supports an HTML5 web client and contains all the Cisco IOS images. You don't have to use a thick client like you do with GNS3. You don't have to follow a convoluted process to get Cisco images working like you do with EVE-NG. You don't have to try to find images as they are all included as part of your VIRL subscription and by simply mapping an ISO drive to your virtual machine you can immediately start using all Cisco IOS images in your topologies. Both EVE-NG and GNS3 require that you provide your own IOS images - typically they recommend that you buy a VIRL subscription anyway. That means that you are already paying for VIRL. VIRL2 is also an official Cisco product - that means that you don't have to worry about any gray legal issues with regards to running Cisco IOS images on your laptop. This is an official Cisco product that is supported by Cisco. By paying your yearly subscription fee of $199, you can use Cisco IOS images such as IOSv, IOSvL2, ASAv, NX-OSv and others without any worries. VIRL 2 has everything you need to get started. Disadvantages include the requirement to license your installation. That however has been simplified dramatically from previous releases. There is also a 20 node limited in topologies. However, for most of us that is fine for a lot of labs. Is VIRL better than GNS3 or EVE-NG? In many ways it is. But, all platforms have advantages and disadvantages. If you are studying for your ccie, you many prefer gns3 or eve-ng as they don't limit the number of devices in a topology like virl does. VIRL-PE limits you to 20 devices - so your topologies cannot be massive like they could with gns3 or eve ng. However, if you are studying for your ccna or ccnp, VIRL may be more than enough. Cisco have made massive changes to their certification programs and it is fantastic to see the new version of VIRL in action. Videos mentioned: VIRL 1 installation: https://youtu.be/Ie5GwqtUVc8 ====================== Special Offers: ====================== Cisco Press: Up to 50% discount Save every day on Cisco Press learning products! Use discount code BOMBAL during checkout to save 35% on print books (plus free shipping in the U.S.), 45% on eBooks, and 50% on video courses and simulator software. Offer expires December 31, 2020. Shop now. Link: bit.ly/ciscopress50 Boson software: 15% discount Link: bit.ly/boson15 Code: DBAF15P GNS3 Academy: CCNA ($10): bit.ly/gns3ccna10 Wireshark ($10): bit.ly/gns3wireshark DavidBombal.com CCNA ($10): bit.ly/ccnafor10 Wireshark ($9): bit.ly/wireshark9 ====================== Free and trial Network Software: ====================== Engineers Toolset: http://bit.ly/gns3toolset Solar-PuTTY: http://bit.ly/SolarPutty SolarWinds NPM: http://bit.ly/getnpm

David Bombal
#137: Can CML (VIRL 2) run Windows 10 VMs?

David Bombal

Play Episode Listen Later May 8, 2020 37:21


Can CML support multivendor topologies? Can you use other vendor VMs with CML? These are often asked questions. In this video I'm going to show you how to run a Windows 10 Virtual Machine (VM) in Cisco CML (VIRL 2). Be warned! There are a number of steps required to make this work, but it's definitely possible. This is Part 7 of my CML (VIRL 2) series showing you how to download, install and configure Cisco VIRL 2 (CML-P). The new version of Cisco VIRL allows you to create virtual Cisco networks using just your Web browser. You don't have to use a thick client or any other software - everything is included and everything is easy to use. The new version of Cisco CML is one of your best options for CCNA, CCNP and CCIE Labs. CML has multiple advantages over other platforms such as GNS3 or EVE-NG. CML supports an HTML5 web client and contains all the Cisco IOS images. You don't have to use a thick client like you do with GNS3. You don't have to follow a convoluted process to get Cisco images working like you do with EVE-NG. You don't have to try to find images as they are all included as part of your CML subscription and by simply mapping an ISO drive to your virtual machine you can immediately start using all Cisco IOS images in your topologies. Both EVE-NG and GNS3 require that you provide your own IOS images - typically they recommend that you buy a CML subscription anyway. That means that you are already paying for CML. CML (VIRL2) is also an official Cisco product - that means that you don't have to worry about any gray legal issues with regards to running Cisco IOS images on your laptop. This is an official Cisco product that is supported by Cisco. By paying your yearly subscription fee of $199, you can use Cisco IOS images such as IOSv, IOSvL2, ASAv, NX-OSv and others without any worries. CML (VIRL 2) has everything you need to get started. Disadvantages include the requirement to license your installation. That however has been simplified dramatically from previous releases. There is also a 20 node limited in topologies. However, for most of us that is fine for a lot of labs. Is VIRL better than GNS3 or EVE-NG? In many ways it is. But, all platforms have advantages and disadvantages. If you are studying for your ccie, you many prefer gns3 or eve-ng as they don't limit the number of devices in a topology like virl does. VIRL-PE limits you to 20 devices - so your topologies cannot be massive like they could with gns3 or eve ng. However, if you are studying for your ccna or ccnp, VIRL may be more than enough. Cisco have made massive changes to their certification programs and it is fantastic to see the new version of VIRL in action. Menu: Overview: 0:01 Steps: 4:17 Download Windows VMs: 7:00 Download and install QEMU: 8:32 Unzip Windows Zip file: 12:14 QEMU command to convert vmdk to qcow2: 13:17 Increase storage space on CML (VIRL 2): 15:23 Use scp to copy qcow2 file to CML: 20:45 Node and image definitions: 24:37 Add Windows VM to CML Topology: 28:57 Start Windows lab 30:15 Ping Windows from outside: 32:38 RDP (Remote Desktop to Windows VM): 33:50 PDF: https://bit.ly/cmlwindow10vm Videos: Start here for CML information: https://youtu.be/sW5-jHLygFg Cisco Modeling Labs CML-P CML-E VIRL VIRL 2 CML Cisco Modeling Labs - Personal EVE-NG GNS3 Packet Tracer CCNA Cisco Devnet Associate CCNP Enterprise CCNP Security CCNP Data Center CCNP Service Provider CCNP Collaboration Cisco Certified Devnet Professional Cisco Certified Network Professional Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! #cml #devnet #windows10

David Bombal
#129: All I Need Is 443 CML - P (VIRL 2)

David Bombal

Play Episode Listen Later Apr 24, 2020 17:54


The only port you need to open on a CML-P (VIRL 2) server is 443. You can telnet to devices using an encrypted, authenticated tunnel using the local breakout tool that comes with CML-P. No need to open lots of port numbers on your firewall. Just open TLS (Port 443) and you can connect remotely to the server. Very nice feature! I like this. This is Part 5 of my CML-P (VIRL 2) series showing you how to download, install and configure Cisco VIRL 2 (CML-P). The new version of Cisco VIRL allows you to create virtual Cisco networks using just your Web browser. You don't have to use a thick client or any other software - everything is included and everything is easy to use. The new version of Cisco VIRL 2 is one of your best options for CCNA, CCNP and CCIE Labs. VIRL 2 has multiple advantages over other platforms such as GNS3 or EVE-NG. VIRL 2 supports an HTML5 web client and contains all the Cisco IOS images. You don't have to use a thick client like you do with GNS3. You don't have to follow a convoluted process to get Cisco images working like you do with EVE-NG. You don't have to try to find images as they are all included as part of your VIRL subscription and by simply mapping an ISO drive to your virtual machine you can immediately start using all Cisco IOS images in your topologies. Both EVE-NG and GNS3 require that you provide your own IOS images - typically they recommend that you buy a VIRL subscription anyway. That means that you are already paying for VIRL. VIRL2 is also an official Cisco product - that means that you don't have to worry about any gray legal issues with regards to running Cisco IOS images on your laptop. This is an official Cisco product that is supported by Cisco. By paying your yearly subscription fee of $199, you can use Cisco IOS images such as IOSv, IOSvL2, ASAv, NX-OSv and others without any worries. VIRL 2 has everything you need to get started. Disadvantages include the requirement to license your installation. That however has been simplified dramatically from previous releases. There is also a 20 node limited in topologies. However, for most of us that is fine for a lot of labs. Is VIRL better than GNS3 or EVE-NG? In many ways it is. But, all platforms have advantages and disadvantages. If you are studying for your ccie, you many prefer gns3 or eve-ng as they don't limit the number of devices in a topology like virl does. VIRL-PE limits you to 20 devices - so your topologies cannot be massive like they could with gns3 or eve ng. However, if you are studying for your ccna or ccnp, VIRL may be more than enough. Cisco have made massive changes to their certification programs and it is fantastic to see the new version of VIRL in action. Menu: VIRL 2 name change: 0:01 Overview of Breakout Tool: 0:51 Lab Overview: 3:30 Download Breakout Tool: 4:40 Configure Breakout Tool: 6:15 View available labs: 9:14 Connect to lab devices: 9:56 Wireshark captures: 13:50 Shutdown Breakout Tool: 15:20 Videos mentioned: VIR2 Part 1: https://youtu.be/sW5-jHLygFg VIRL VIRL 2 CML-P CML Cisco Modeling Labs Cisco Modeling Labs - Personal EVE-NG GNS3 Packet Tracer CCNA Cisco Devnet Associate CCNP Enterprise CCNP Security CCNP Data Center CCNP Service Provider CCNP Collaboration Cisco Certified Devnet Professional Cisco Certified Network Professional Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! #virl #ccna #cml

David Bombal
#130: CML For FREE! (VIRL 2)

David Bombal

Play Episode Listen Later Apr 24, 2020 19:38


You can now access Cisco Modeling Labs (CML) for free! Thanks to Cisco DevNet, you use a cloud based version of CML for free. All you need is your web browser (you will need to install Cisco AnyConnect VPN client to access the labs remotely). This is Part 6 of my CML (VIRL 2) series showing you how to download, install and configure Cisco VIRL 2 (CML-P). The new version of Cisco VIRL allows you to create virtual Cisco networks using just your Web browser. You don't have to use a thick client or any other software - everything is included and everything is easy to use. The new version of Cisco VIRL 2 is one of your best options for CCNA, CCNP and CCIE Labs. VIRL 2 has multiple advantages over other platforms such as GNS3 or EVE-NG. VIRL 2 supports an HTML5 web client and contains all the Cisco IOS images. You don't have to use a thick client like you do with GNS3. You don't have to follow a convoluted process to get Cisco images working like you do with EVE-NG. You don't have to try to find images as they are all included as part of your VIRL subscription and by simply mapping an ISO drive to your virtual machine you can immediately start using all Cisco IOS images in your topologies. Both EVE-NG and GNS3 require that you provide your own IOS images - typically they recommend that you buy a VIRL subscription anyway. That means that you are already paying for VIRL. VIRL2 is also an official Cisco product - that means that you don't have to worry about any gray legal issues with regards to running Cisco IOS images on your laptop. This is an official Cisco product that is supported by Cisco. By paying your yearly subscription fee of $199, you can use Cisco IOS images such as IOSv, IOSvL2, ASAv, NX-OSv and others without any worries. VIRL 2 has everything you need to get started. Disadvantages include the requirement to license your installation. That however has been simplified dramatically from previous releases. There is also a 20 node limited in topologies. However, for most of us that is fine for a lot of labs. Is VIRL better than GNS3 or EVE-NG? In many ways it is. But, all platforms have advantages and disadvantages. If you are studying for your ccie, you many prefer gns3 or eve-ng as they don't limit the number of devices in a topology like virl does. VIRL-PE limits you to 20 devices - so your topologies cannot be massive like they could with gns3 or eve ng. However, if you are studying for your ccna or ccnp, VIRL may be more than enough. Cisco have made massive changes to their certification programs and it is fantastic to see the new version of VIRL in action. Menu: Overview: 0:01 More surprises: 2:10 Differences between CML-E and CML-P: 3:04 Link to access CML lab: 4:39 How to book a lab: 5:12 AnyConnect VPN Software: 7:40 Access the Lab: 9:11 Troubleshooting: 10:15 Login in to CML: 13:00 Create and configure own lab: 14:00 Videos mentioned: CML-P Part 1: https://youtu.be/sW5-jHLygFg Previous DevNet VIRL: https://youtu.be/TmGNtvh1eeY Cisco Modeling Labs CML-P CML-E VIRL VIRL 2 CML Cisco Modeling Labs - Personal EVE-NG GNS3 Packet Tracer CCNA Cisco Devnet Associate CCNP Enterprise CCNP Security CCNP Data Center CCNP Service Provider CCNP Collaboration Cisco Certified Devnet Professional Cisco Certified Network Professional Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! #cml #devnet #ccna

David Bombal
#126: VIRL 2 ASAv Install And Configuration

David Bombal

Play Episode Listen Later Apr 7, 2020 20:15


It's really easy to go from zero to a working Cisco ASA network using Cisco VIRL 2. No longer do you need to struggle to build networks that consist of Cisco ASAs - you can get a network up and running in a few minutes using Cisco VIRL. The initial installation of VIRL 2 is easy. The import of ASAv appliances is easy. It is also easy to get things working. VIRL 2 is so much better than VIRL 1. This is Part 3 of my VIRL series showing you how to download, install and configure Cisco VIRL 2. The new version of Cisco VIRL allows you to create virtual Cisco networks using just your Web browser. You don't have to use a thick client or any other software - everything is included and everything is easy to use. The new version of Cisco VIRL 2 is one of your best options for CCNA, CCNP and CCIE Labs. VIRL 2 has multiple advantages over other platforms such as GNS3 or EVE-NG. VIRL 2 supports an HTML5 web client and contains all the Cisco IOS images. You don't have to use a thick client like you do with GNS3. You don't have to follow a convoluted process to get Cisco images working like you do with EVE-NG. You don't have to try to find images as they are all included as part of your VIRL subscription and by simply mapping an ISO drive to your virtual machine you can immediately start using all Cisco IOS images in your topologies. Both EVE-NG and GNS3 require that you provide your own IOS images - typically they recommend that you buy a VIRL subscription anyway. That means that you are already paying for VIRL. VIRL2 is also an official Cisco product - that means that you don't have to worry about any gray legal issues with regards to running Cisco IOS images on your laptop. This is an official Cisco product that is supported by Cisco. By paying your yearly subscription fee of $199, you can use Cisco IOS images such as IOSv, IOSvL2, ASAv, NX-OSv and others without any worries. VIRL 2 has everything you need to get started. Disadvantages include the requirement to license your installation. That however has been simplified dramatically from previous releases. There is also a 20 node limited in topologies. However, for most of us that is fine for a lot of labs. Is VIRL better than GNS3 or EVE-NG? In many ways it is. But, all platforms have advantages and disadvantages. If you are studying for your ccie, you many prefer gns3 or eve-ng as they don't limit the number of devices in a topology like virl does. VIRL-PE limits you to 20 devices - so your topologies cannot be massive like they could with gns3 or eve ng. However, if you are studying for your ccna or ccnp, VIRL may be more than enough. Cisco have made massive changes to their certification programs and it is fantastic to see the new version of VIRL in action. Menu: Overview: 0:01 Requirements: 1:36 Import OVA: 2:38 macBook specifications: 3:20 Customize VMware Settings: 3:34 Start VIRL: 4:30 Initial system wizard: 4:47 Browse to VIRL Web UI: 7:30 License the server: 8:09 Build my ASA Lab: 9:23 Start Lab: 10:34 Configure ASA: 14:05 Test network: 17:50 Conclusion: 18:38 Videos mentioned: VIR2 Part 1: https://youtu.be/sW5-jHLygFg VIRL 2 Cisco Live: https://youtu.be/5xUvqDMxH3g VIRL 1 installation: https://youtu.be/Ie5GwqtUVc8 ============================ Cisco ASAv configuration: ============================ interface GigabitEthernet0/1 nameif outside security-level 0 ip address 8.8.8.254 255.255.255.0 no shut ! interface GigabitEthernet0/0 nameif inside security-level 100 ip address 10.1.1.254 255.255.255.0 no shut route outside 0.0.0.0 0.0.0.0 8.8.8.8 object network obj_any subnet 0.0.0.0 0.0.0.0 nat (inside,outside) dynamic interface policy-map global_policy class inspection_default inspect icmp ============================

David Bombal
#125: Cisco VIRL 2 Download, Install And Configure (Part 2)

David Bombal

Play Episode Listen Later Apr 7, 2020 13:15


This is Part 2 of my VIRL series showing you how to download, install and configure Cisco VIRL 2 using VMware Player and Windows 10. The new version of Cisco VIRL allows you to create virtual Cisco networks using just your Web browser. You don't have to use a thick client or any other software - everything is included and everything is easy to use. The new version of Cisco VIRL 2 is one of your best options for CCNA, CCNP and CCIE Labs. VIRL 2 has multiple advantages over other platforms such as GNS3 or EVE-NG. VIRL 2 supports an HTML5 web client and contains all the Cisco IOS images. You don't have to use a thick client like you do with GNS3. You don't have to follow a convoluted process to get Cisco images working like you do with EVE-NG. You don't have to try to find images as they are all included as part of your VIRL subscription and by simply mapping an ISO drive to your virtual machine you can immediately start using all Cisco IOS images in your topologies. Both EVE-NG and GNS3 require that you provide your own IOS images - typically they recommend that you buy a VIRL subscription anyway. That means that you are already paying for VIRL. VIRL2 is also an official Cisco product - that means that you don't have to worry about any gray legal issues with regards to running Cisco IOS images on your laptop. This is an official Cisco product that is supported by Cisco. By paying your yearly subscription fee of $199, you can use Cisco IOS images such as IOSv, IOSvL2, ASAv, NX-OSv and others without any worries. VIRL 2 has everything you need to get started. Disadvantages include the requirement to license your installation. That however has been simplified dramatically from previous releases. There is also a 20 node limited in topologies. However, for most of us that is fine for a lot of labs. Is VIRL better than GNS3 or EVE-NG? In many ways it is. But, all platforms have advantages and disadvantages. If you are studying for your ccie, you many prefer gns3 or eve-ng as they don't limit the number of devices in a topology like virl does. VIRL-PE limits you to 20 devices - so your topologies cannot be massive like they could with gns3 or eve ng. However, if you are studying for your ccna or ccnp, VIRL may be more than enough. Cisco have made massive changes to their certification programs and it is fantastic to see the new version of VIRL in action. Menu: Overview: 0:01 License VIRL server: 0:54 Start VIRL topology: 2:06 Interface overview: 2:42 Open Device Console: 4:20 Configure Cisco Network: 5:30 Rename Nodes in VIRL: 7:20 Create loopbacks and enable OSPF: 7:57 Do I recommend VIRL? 11:00 Videos mentioned: VIR2 Part 1: https://youtu.be/sW5-jHLygFg VIRL 2 Cisco Live: https://youtu.be/5xUvqDMxH3g VIRL 1 installation: https://youtu.be/Ie5GwqtUVc8 VIRL VIRL 2 CML Cisco Modeling Labs EVE-NG GNS3 Packet Tracer CCNA Cisco Devnet Associate CCNP Enterprise CCNP Security CCNP Data Center CCNP Service Provider CCNP Collaboration Cisco Certified Devnet Professional Cisco Certified Network Professional LPIC 1 LPIC 2 Linux Professional Institute LX0-103 LX0-104 XK0-004 Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! #virl #ccna #virl2

David Bombal
#127: VIRL 2 Terminal Server SSH, Multiple Tabs, Scripts And More

David Bombal

Play Episode Listen Later Apr 7, 2020 19:51


VIRL 2 has a built-in multiplexing terminal server that allows you to SSH directly to devices running in VIRL. You can either SSH to the terminal server and then use commands to access devices, or you can SSH directly to the individual devices. The advantage of this is that you can use applications such SecureCRT, Royal TSX or SolarPutty that support multiple tabs to easily access individual devices running with in VIRL. This is Part 4 of my VIRL series showing you how to download, install and configure Cisco VIRL 2. The new version of Cisco VIRL allows you to create virtual Cisco networks using just your Web browser. You don't have to use a thick client or any other software - everything is included and everything is easy to use. The new version of Cisco VIRL 2 is one of your best options for CCNA, CCNP and CCIE Labs. VIRL 2 has multiple advantages over other platforms such as GNS3 or EVE-NG. VIRL 2 supports an HTML5 web client and contains all the Cisco IOS images. You don't have to use a thick client like you do with GNS3. You don't have to follow a convoluted process to get Cisco images working like you do with EVE-NG. You don't have to try to find images as they are all included as part of your VIRL subscription and by simply mapping an ISO drive to your virtual machine you can immediately start using all Cisco IOS images in your topologies. Both EVE-NG and GNS3 require that you provide your own IOS images - typically they recommend that you buy a VIRL subscription anyway. That means that you are already paying for VIRL. VIRL2 is also an official Cisco product - that means that you don't have to worry about any gray legal issues with regards to running Cisco IOS images on your laptop. This is an official Cisco product that is supported by Cisco. By paying your yearly subscription fee of $199, you can use Cisco IOS images such as IOSv, IOSvL2, ASAv, NX-OSv and others without any worries. VIRL 2 has everything you need to get started. Disadvantages include the requirement to license your installation. That however has been simplified dramatically from previous releases. There is also a 20 node limited in topologies. However, for most of us that is fine for a lot of labs. Is VIRL better than GNS3 or EVE-NG? In many ways it is. But, all platforms have advantages and disadvantages. If you are studying for your ccie, you many prefer gns3 or eve-ng as they don't limit the number of devices in a topology like virl does. VIRL-PE limits you to 20 devices - so your topologies cannot be massive like they could with gns3 or eve ng. However, if you are studying for your ccna or ccnp, VIRL may be more than enough. Cisco have made massive changes to their certification programs and it is fantastic to see the new version of VIRL in action. Menu: Overview: 0:01 VIRL setup: 1:05 SSH to VIRL Console Server: 2:14 Console Server commands: 2:45 Putty connections: 6:14 Script logins: 9:20 Using multiple tabs: 12:30 Videos mentioned: VIR2 Part 1: https://youtu.be/sW5-jHLygFg VIRL VIRL 2 CML Cisco Modeling Labs EVE-NG GNS3 Packet Tracer CCNA Cisco Devnet Associate CCNP Enterprise CCNP Security CCNP Data Center CCNP Service Provider CCNP Collaboration Cisco Certified Devnet Professional Cisco Certified Network Professional LPIC 1 LPIC 2 Linux Professional Institute LX0-103 LX0-104 XK0-004 Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! #virl #ccna #cml

David Bombal
#124: Cisco VIRL 2: Download, Install and Configure (Part 1)

David Bombal

Play Episode Listen Later Apr 4, 2020 32:21


Cisco VIRL 2 is almost here: Learn how to download, install and configure Cisco VIRL 2 using VMware Player and Windows 10. The new version of Cisco VIRL allows you to create virtual Cisco networks using just your Web browser. You don't have to use a thick client or any other software - everything is included and everything is easy to use. The new version of Cisco VIRL 2 is one of your best options for CCNA, CCNP and CCIE Labs. VIRL 2 has multiple advantages over other platforms such as GNS3 or EVE-NG. VIRL 2 supports an HTML5 web client and contains all the Cisco IOS images. You don't have to use a thick client like you do with GNS3. You don't have to follow a convoluted process to get Cisco images working like you do with EVE-NG. You don't have to try to find images as they are all included as part of your VIRL subscription and by simply mapping an ISO drive to your virtual machine you can immediately start using all Cisco IOS images in your topologies. Both EVE-NG and GNS3 require that you provide your own IOS images - typically they recommend that you buy a VIRL subscription anyway. That means that you are already paying for VIRL. VIRL2 is also an official Cisco product - that means that you don't have to worry about any gray legal issues with regards to running Cisco IOS images on your laptop. This is an official Cisco product that is supported by Cisco. By paying your yearly subscription fee of $199, you can use Cisco IOS images such as IOSv, IOSvL2, ASAv, NX-OSv and others without any worries. VIRL 2 has everything you need to get started. Disadvantages include the requirement to license your installation. That however has been simplified dramatically from previous releases. There is also a 20 node limited in topologies. However, for most of us that is fine for a lot of labs. Is VIRL better than GNS3 or EVE-NG? In many ways it is. But, all platforms have advantages and disadvantages. If you are studying for your ccie, you many prefer gns3 or eve-ng as they don't limit the number of devices in a topology like virl does. VIRL-PE limits you to 20 devices - so your topologies cannot be massive like they could with gns3 or eve ng. However, if you are studying for your ccna or ccnp, VIRL may be more than enough. Cisco have made massive changes to their certification programs and it is fantastic to see the new version of VIRL in action. Menu: Overview: 0:01 Supported Virtualization Software: 0:59 What do you download? 1:30 Advantages & disadvantages of VIRL: 1:42 VMware Workstation Player download and install: 4:58 Download Cisco VIRL 2: 8:03 Import VIRL into VMware Workstation Player: 10:45 Change VIRL settings: 11:58 Enable Intel VT-x / AMD-V: 13:04 Connect Cisco images ISO to VM: 20:34 Start VIRL and install VMware tools: 21:14 VIRL 2 First Deployement Configuration Wizard: 21:57 VIRL CLI: 26:15 Troubleshooting VMware Network issues: 27:15 Network Settings: 27:54 Web UI login: 28:40 Create my first VIRL lab: 29:55 Licensing: 2nd video Initial Cisco device configuration: 2nd video Videos mentioned: VIRL 2 Cisco Live: https://youtu.be/5xUvqDMxH3g VIRL 1 installation: https://youtu.be/Ie5GwqtUVc8 VIRL VIRL 2 EVE-NG GNS3 Packet Tracer CCNA Cisco Devnet Associate CCNP Enterprise CCNP Security CCNP Data Center CCNP Service Provider CCNP Collaboration Cisco Certified Devnet Professional Cisco Certified Network Professional LPIC 1 LPIC 2 Linux Professional Institute LX0-103 LX0-104 XK0-004 Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! #virl #ccna #virl2

The History of Computing
A Brief History Of Cisco

The History of Computing

Play Episode Listen Later Jan 30, 2020 18:19


The History Of Cisco Welcome to the History of Computing Podcast, where we explore the history of information technology. Because understanding the past prepares us to innovate (and sometimes cope with) the future! Today we're going to talk about the history of Cisco. They have defined the routing and switching world for decades. Practically since the beginning of the modern era. They've bought companies, they've grown and shrunk and grown again. And their story feels similar in many ways to the organizations that came out of the tail end of the grants tossed around by DARPA. These companies harnessed the incredibly innovative ideas and technology to found the companies who commercialized all of that amazing research and changed the world. These companies ushered in a globally connected network, almost instantaneously transmitting thoughts and hopes and dreams and failures and atrocities. They made money. Massive, massive truckloads of money. But they changed the world for the better. Hopefully in an irrevocable kind of way. The Cisco story is interesting because it symbolizes a time when we were moving from the beginnings of the Internet. Stanford had been involved in ARPAnet since the late 60s but Vint Cerf and Bob Kahn had been advancing TCP and IP in the 70s, establishing IPv4 in 1983. And inspired by ALOHAnet, Bob Metcaffe and the team at Xerox PARC had developed Ethernet in 74. And the computer science research community had embraced these, with the use of Email and time sharing spurring more and more computers to be connected to the Internet. Raw research being done out of curiosity and to make the world a better place. The number of devices connected to the growing network was increasing. And Stanford was right in the center of it. Silicon Valley founders just keep coming out of Stanford but this one, they were professors, and early on. They invented the multi-protocol router and finance the startup with their own personal credit cards. Leonard Bosack and Sandy K. Lerner are credited for starting Cisco, but the company rose out of projects to network computers on the Stanford campus. The project got started after Xerox PARC donated some Alto workstations and Ethernet boards they didn't need anymore in 1980, shortly after Metcaffe left Xerox to start 3COM. And by then Cerf was off to MCI to help spur development of the backbones faster. And NSFnet came along in 1981, bringing even more teams from universities and private companies into the fold. The Director of Computer Facilities, Ralph Gorin, needed to be able to get longer network cables to get even more devices connected. He got what would amount to a switch today. The team was informal. They used a mother board from Andy Bechtolsheim, later the founder of Sun Microsystems. They borrow boards from other people. Bosack himself, who had been an ARPAnet contributor, donated a board. And amongst the most important was the software, which William Yeager wrote, which had a little routing program that connected medical center computers to the computer science department computers and could use the Parc Universal Packet (PUP), XNS, IP and CHAOSNet.. The network linked any types of computers, from Xerox Altos to mainframes using a number of protocols, including the most important for the future, IP, or the Internet Protocol. They called it the Blue Box. And given the number of computers that were at Stanford, various departments around campus started asking for them, as did other universities. There were 5,000 computers connected at Stanford by the time they were done. Seeing a potential business here, Bosack, then running the computers for the Computer Science department, and Lerner, then the Director of Computer Facilities for the Graduate School of Business, founded Cisco Systems in 1984, short for San Francisco, and used an image of the Golden Gate Bridge a their logo. You can see the same pattern unfold all over. When people from MIT built something cool, it was all good. Until someone decided to monetize it. Same with chip makers and others. By 1985, Stanford formally started a new project to link all the computers they could on the campus. Yeager gave the source to Bosack and Kirk Lougheed so they could strip out everything but the Internet Protocol and beef that up. I guess Yeager saw routers as commercially viable and he asked the university if he could sell the Blue Box. They said no. But Bosack and Lougheed were plowing ahead, using Stanford time and resources. But Bosack and Lerner hadn't asked and they were building these routers in their home and it was basically the same thing as the Blue Box, including the software. Most of the people at Stanford thought they were crazy. They kept adding more code and logic and the devices kept getting better. By 1986, Bosack's supervisor Les Earnest caught wind and started to investigate. He went to the dean and Bosack was given an ultimatum, it was go the wacky Cisco thing or stay at Stanford. Bosack quit to try to build Cisco into a company. Lougheed ran into something similar and quit as well. Lerner had already left but Greg Satz and Richard Troiano left as well, bringing them up to 5 people. Yeager was not one of them, even though he'd worked a lot on the software, including on nights and weekends. But everyone was learning and when it was to benefit the university, it was fine. But then when things went commercial, Stanford got the lawyers involved. Yeager looked at the code and still saw some of his in there. I'm sure the Cisco team considered that technical debt. Cisco launched the Advanced Gateway Server (AGS) router in 1986, two years after the Mac was released. The software was initially written by Yeager but improved by Bosack and Lougheed, as the operating system, later called Cisco IOS. Stanford thought about filing a criminal complaint of theft but realized it would be hard to prosecute, and ugly especially given that Stanford itself is a non-profit. They had $200,000 in contracts and couldn't really be paying all this attention to lawsuits and not building the foundations of the emerging Internet. So instead they all agreed to license the software and the imprint of the physical boards being used (known as photomasks), to the fledgling Cisco Systems in 1987. This was crucial as now Cisco could go to market with products without the fear of law suits. Stanford got discounts on future products, $19,300 up front, and $150,000 in royalties. No one knew what Cisco would become so it was considered a fair settlement at the time. Yeager, being a mensch and all, split his 80% of the royalties between the team. He would go on to give us IMAP and Kermit, before moving to Sun Microsystems. Speaking of Sun, there was bad blood between Cisco and Stanford, which I always considered ironic given that a similar thing happened when Sun was founded in some part, using Stanford intellectual property and unused hardware back in 1982. I think the difference is trying to hide things and being effusive with the credit for code and inventions. But as sales increased, Lougheed continued to improve the code and the company hired Bill Graves to be CEO in 1987 who was replaced with John Mordridge in 1988. And the sales continued to skyrocket. Cisco went public in 1990 when they were valued at $224 million. Lerner was fired later that year and Bosack decided to join her. And as is so often the case after a company goes public, the founders who had a vision of monetizing great research, were no longer at the startup. Seeing a need for more switching, Cisco acquired a number of companies including Grand Junction and Crescendo Communications which formed like Voltron to become the Cisco Catalyst, arguably the most prolific switching line in computing. Seeing the success of Cisco and the needs of the market, a number of others started building routers and firewalls. The ocean was getting redder. John Mays had the idea to build a device that would be called the PIX in 1994 and Branley Coile in Athens, Georgia programmed it to become a PBX running on IP. We were running out of IP addresses because at the time, organizations used public IPs. But NAT was about to become a thing and RFC 1918 was being reviewed by the IETF. They brought in Johnson Wu and shipped a device that could run NAT that year, ushering in the era of the Local Area Network. John T. Chambers replaced Mordridge in 1995 and led Cisco as its CEO until 2015. Cisco quickly acquired the company and the Cisco PIX would become the standard firewall used in organizations looking to get their computers on the Internets. The PIX would sell and make Cisco all the monies until it was replaced by the Cisco ASA in 2008. In 1996, Cisco's revenues hit $5.4 billion, making it one of Silicon Valley's biggest success stories. By 1998 they were up to $6B. Their stock peaked in 2000. By the end of the dot-com bubble in the year 2000, Cisco had a more than $500 billion market capitalization. They were building an industry. The CCNA, or Cisco Certified Network Associate, and CCNE, Cisco Certified Network Engineer were the hottest certifications on the market. When I got mine it was much easier than it is today. The market started to fragment after that. Juniper came out strong in 1999 and led a host of competitors that landed in niche markets and expanded into core markets. But the ASA combined Cisco's IPS, VPN concentration, and NAT functionality into one simpler box that actually came with a decent GUI. The GUI seemed like sacrilege at the time. And instead of sitting on top of a network operating system, it ran on Linux. At the top end they could handle 10 million connections, important once devices established and maintained so many connections to various services. And you could bolt on antivirus and other features that were becoming increasingly necessary at various layers of connectivity at the time. They went down-market for routing devices with an acquisition of Linksys in 2003. They acquired Webex in 2007 for over $3 billion dollars and that became the standard in video conferencing until a solid competitor called Zoom emerged recently. They acquired SourceFire in 2013 for $2.7B and have taken the various services offered there to develop Cisco products, such as the anti-virus to be a client-side malware scanning tool called Cisco AMP. Juniper gave away free training unlike the Cisco training that cost thousands of dollars and Alcatel-Lucent, Linksys, Palo Alto Networks, Fortinet, SonicWall, Barracuda, CheckPoint, and rising giant Huawei led to a death by a thousand competitors and Cisco's first true layoffs by 2011. Cisco acquired OpenDNS in 2015 to establish a core part of what's now known as Cisco Umbrella. This gives organizations insight into what's happening on increasingly geographically distributed devices; especially mobile devices due to a close partnership with Apple. And they acquired Broadsoft in 2017 to get access to even more sellers and technology in the cloud communication space. Why? Because while they continue to pump out appliances for IP connectivity, they just probably can't command a higher market share due to the market dynamics. Every vendor they acquire in that space will spawn two or more new serious competitors. Reaching into other spaces provides a more diverse product portfolio and gives their sellers more SKUs in the quiver to make quotas. And pushes the world forward with newer concepts, like fog computing. Today, Cisco is still based in San Jose and makes around $50 billion a year in revenue and boasts close to 75,000 employees. A lot has happened since those early days. Cisco is one of the most innovative and operationally masterful companies on the planet. Mature companies can have the occasional bumps in the road and will go through peaks and valleys. But their revenues are a reflection of their market leadership, sitting around 50 billion dollars. Yes, most of their true innovation comes from acquisitions today. However, the insights on whom to buy and how to combine technologies, and how to get teams to work well with one another. That's a crazy level of operational efficiency. There's a chance that the Internet explosion could have happened without Cisco effectively taking the mantle in a weird kind of way from BBN for selling and supporting routing during the storm when it came. There's also a chance that without a supply chain of routing appliances to help connect the world that the whole thing might have tumbled down. So consider this: technological determinism. If it hadn't of been Cisco, would someone else have stepped up to get us to the period of the dot com bubble? Maybe. And since they made so much money off the whole thing I've heard that Cisco doesn't deserve our thanks for the part they played. But they do. Without their training and appliances and then intrusion prevention, we might not be where we are today. So thank you Cisco for teaching me everything I know about OSI models and layers and all that. And you know… helping the Internet become ubiquitous and all. And thank you, listener, for tuning in to yet another episode of the history of computing podcast. We are so very lucky to have you. Have a great day!

Packet Pushers - Fat Pipe
Heavy Networking 499: Introducing Cisco IOS XR7 (Sponsored)

Packet Pushers - Fat Pipe

Play Episode Listen Later Jan 24, 2020 44:35


Cisco IOS XR version 7 is the topic of Heavy Networking in this sponsored episode. We dig into what's new in this latest network OS release, the hardware platforms it runs on (including whitebox), key security features, and more. Our guests from Cisco are Bhavna Prasad, Product Manager; and Reda Haddad, Distinguished Engineer. The post Heavy Networking 499: Introducing Cisco IOS XR7 (Sponsored) appeared first on Packet Pushers.

Packet Pushers - Heavy Networking
Heavy Networking 499: Introducing Cisco IOS XR7 (Sponsored)

Packet Pushers - Heavy Networking

Play Episode Listen Later Jan 24, 2020 44:35


Cisco IOS XR version 7 is the topic of Heavy Networking in this sponsored episode. We dig into what's new in this latest network OS release, the hardware platforms it runs on (including whitebox), key security features, and more. Our guests from Cisco are Bhavna Prasad, Product Manager; and Reda Haddad, Distinguished Engineer. The post Heavy Networking 499: Introducing Cisco IOS XR7 (Sponsored) appeared first on Packet Pushers.

Packet Pushers - Full Podcast Feed
Heavy Networking 499: Introducing Cisco IOS XR7 (Sponsored)

Packet Pushers - Full Podcast Feed

Play Episode Listen Later Jan 24, 2020 44:35


Cisco IOS XR version 7 is the topic of Heavy Networking in this sponsored episode. We dig into what's new in this latest network OS release, the hardware platforms it runs on (including whitebox), key security features, and more. Our guests from Cisco are Bhavna Prasad, Product Manager; and Reda Haddad, Distinguished Engineer. The post Heavy Networking 499: Introducing Cisco IOS XR7 (Sponsored) appeared first on Packet Pushers.

Show IP Protocols
Where do we use Cisco Wildcard Masks?

Show IP Protocols

Play Episode Listen Later Nov 18, 2019


People might still be interested in about Cisco Wildcard Masks. I try to summarize interesting information about Wildcard Masks in this post.Use Case 1: IPv4 Access Control Lists on Cisco IOS, IOS XE, and IOS XRWildcard masks are for us to select only subsets of IPv4 addresses.When we define selected source or destination IPv4 addresses for an Access Control List (ACL), we use Wildcard Mask. Here is an example for Cisco IOS and IOS XE.ip access-list extended ACL-NAME deny tcp 172.16.9.0 0.0.0.255 172.16.0.0 0.0.255.255 eq 22 permit ip any anyHere is an equivalent ACL example for Cisco IOS XR.ipv4 access-list ACL-NAME deny tcp 172.16.9.0 0.0.0.255 172.16.0.0 0.0.255.255 eq 22 permit ip any anyAll Cisco IOS XR Access Control Lists are “extended, and named” in Cisco IOS’s sense. And we don’t need “extended” keyword in IOS XR commands.Use Case 2: Selecting interfaces to start Routing Protocols on Cisco IOS, and IOS XEThe “network” commands for OSPFv2 and EIGRP are to select interfaces to start OSPF or EIGRP by interfaces’ IPv4 addresses. For example:router eigrp 99 network 192.168.199.0 0.0.0.255router ospf 1 network 192.168.201.0 0.0.0.255 area 0Here, all interfaces with IPv4 addresses covered by “192.168.199.0 0.0.0.255” would be enabled with EIGRP AS 99, and all interfaces with IPv4 addresses covered by “192.168.201.0 0.0.0.255“ would be enabled with OSPF and assigned to area 0.Just in case you need some help about visualizing Wildcard Masks, you can download an Excel Spreadsheet Wildcard Mask Calculator in this post:Revised post: Covering Subnet Calculator to understand more about Wildcard MaskThat's all for use cases. We simply don't use Wildcard Masks, in any other scenarios.NX-OS, ASA, and IPv6 we do not have Wildcard MasksIf you are lucky enough to work on Cisco NX-OS, Cisco ASA alone, you don’t need Wildcard Masks because they are not supported at all on these operating systems.Or, if you work in IPv6-only world without IPv4, you don’t need Wildcard Masks at all because all IPv6 commands of any Cisco’s operating systems do not use Wildcard Masks at all.Tamsui River (淡水河) Estuary after sunset.Tamsui District, New Taipei City, Taiwan.One more thing…I always say that we can simply assume Cisco IOS Wildcard Mask are derived by mapping 1s to 0s and 0s to 1s of equivalent subnet mask in binary notation. This brings up a question: why do we need Wildcard Mask at the first place? Why not just reuse IP subnet masks instead of creating new objects like Wildcard Masks?I don’t have any official information source. In my opinion, “flexibility” might be the cause.I try to imagine two possible cases. We only want to select IP subnets with “even-number 3rd digits”, or, we want to select any hosts end with number “77”. Here are single line Wildcard Masks to select them out.Single line Wildcard Mask “192.168.0.0 0.0.254.255” selects IP subnets 192.168.0.0/24, 192.168.2.0/24. 192.168.4.0/24 … 192.168.254.0/24.Single line Wildcard Mask “192.168.0.77 0.0.255.0” selects 192.168.0.77, 192.168.1.77, 192.168.2.77 … 192.168.255.77.Subnet masks are not flexible. All subnet masks must begin with contiguous “1”s, and rest of the digits must be “0”s, it is complex to combine many more subnet masks to define the identical selections for above two imaginary examples.Please don’t get me wrong! I don’t like Wildcard Masks, either. I always avoid Wildcard Masks when managing a network. I do Wildcard Masks only when taking exams. These two imaginary examples are rare in practical networks. Most administrators I know of always group endpoints with IP subnets, instead of confusing even-odd way.Maybe I will create another post to tell you how I avoid Wildcard Masks!I am Li-Ji Hong. And this is my blog “Show IP Protocols”. See you next time!

David Bombal
#99: EVE-NG Cisco Images

David Bombal

Play Episode Listen Later Oct 21, 2019 25:11


How do you add and use Cisco images in EVE-NG topologies? This video shows you how to download Cisco IOS images from Cisco VIRL and then use them in your EVE-NG networks. This EVE-NG tutorial shows you step by step how to download Cisco IOS images, how to upload them to the EVE-NG server and then how to use them in EVE-NG topologies. This video is part of a series of videos that give you a full EVE-NG installation guide. Use this EVE-NG tutorial to add Cisco images to EVE-NG and get an EVE-NG lab set up. In a previous video, I showed you how to download and install VMware Workstation Player and how to add EVE-NG to VMware, how to create a topology. Previous Video: https://youtu.be/FDbgTlr-tnw Menu: Overview: 0:01 Download Cisco IOS images: 1:23 EVE-NG Upload process and tips & tricks: 2:34 Download and install WinSCP: 6:35 Upload vmdk & convert IOSv VIRL file to EVE-NG: 7:22 Upload & convert qcow2 file to EVE-NG: 13:45 Build a Cisco IOS network in EVE-NG: 16:08 Configure Cisco IOS network in EVE-NG 18:30 ========================== EVE-NG links: ================================= EVE-NG Website: https://www.eve-ng.net/ Download EVE-NG Community: https://www.eve-ng.net/downloads/eve-ng-2 Download EVE-NG Professional: https://www.eve-ng.net/downloads/eve-ng Community Cookbook: https://www.eve-ng.net/images/EVE-COMM-COOK-BOOK-latest.pdf ================================= Free Network Software: ================================= Solar-PuTTY: http://bit.ly/SolarPutty SolarWinds TFTP Server: http://bit.ly/2mbtD6j WAN Killer: http://bit.ly/wankiller Engineers Toolset: http://bit.ly/gns3toolset IP Address Scanner: http://bit.ly/swipscan Network Device Scanner: http://bit.ly/swnetscan Wifi Heat Map: http://bit.ly/wifiheat Wifi Analyzer: http://bit.ly/swwifianalyzer SolarWinds NPM: http://bit.ly/getnpm EVE-NG GNS3 VIRL Packet Tracer 10x Engineer CCNA Cisco Devnet Associate CCNP Enterprise CCNP Security CCNP Data Center CCNP Service Provider CCNP Collaboration Cisco Certified Devnet Professional Cisco Certified Network Professional LPIC 1 LPIC 2 Linux Professional Institute LX0-103 LX0-104 XK0-004 David's details: YouTube: https://www.youtube.com/davidbombal Twitter: https://www.twitter.com/davidbombal Instagram: https://www.instagram.com/davidbombal LinkedIn: https://www.linkedin.com/in/davidbombal Facebook: https://www.facebook.com/davidbombal.co Website: http://www.davidbombal.com #eveng #gns3 #virl

David Bombal
#96: Download Cisco IOS images and use in GNS3

David Bombal

Play Episode Listen Later Oct 14, 2019 19:53


How do you build Cisco networks in GNS3? In this video I show you how to download Cisco IOS images (Cisco VIRL images) to run IOSv and IOSvL2 in your GNS3 topologies. I also show you how to add Docker containers to your network. Cisco VIRL has fantastic images which you can download such as: - Cisco ASAv - Virtual Cisco ASA Firewall - Cisco IOSv - Virtual Cisco Router - Cisco IOSvL2 - Virtual Cisco Layer 2 and Layer 3 Switch (multilayer virtual switch) - Cisco NX-OSv - Virtual Cisco Nexus Device - And even more cool devices. Previous GNS3 GUI Install Video: https://youtu.be/Ibe3hgP8gCA Previous GNS3 VM Install Video: https://youtu.be/A0DEnMi09LY ================================= Menu: ================================= Overview: 0:01 Why do we need the GNS3 VM?: 0:50 Download Cisco VIRL IOS Images: 2:30 Import appliances into GNS3: 4:45 Build Cisco topology in GNS3: 7:15 Change GNS3 symbols / icons: 8:05 Configure Cisco IOS devices: 9:35 Add Docker container to network: 12:44 Save configurations, close GNS3 and restore GNS3: 16:02 ================================= GNS3 links: ================================= GNS3 website: https://gns3.com/ GNS3 GitHub page: https://github.com/GNS3/gns3-gui/releases Free Solar-PuTTY: http://bit.ly/SolarPutty Free Engineers Toolset: http://bit.ly/gns3toolset What is VTX / x86 virtualization? https://en.wikipedia.org/wiki/X86_virtualization HAXM: https://github.com/intel/haxm ================================= Calculators: ================================= Cisco VIRL: http://virl.cisco.com VIRL Resource Calculator: http://bit.ly/sizevirl GNS3 Calculator http://bit.ly/gns3requirements ================================= Free Software: ================================= SolarWinds TFTP Server: http://bit.ly/2mbtD6j WAN Killer: http://bit.ly/wankiller Engineers Toolset: http://bit.ly/gns3toolset IP Address Scanner: http://bit.ly/swipscan Network Device Scanner: http://bit.ly/swnetscan Wifi Heat Map: http://bit.ly/wifiheat Wifi Analyzer: http://bit.ly/swwifianalyzer SolarWinds NPM: http://bit.ly/getnpm ================================ Books: ================================= Cisco Press Book: https://amzn.to/2LpaU1a Good O'Reilly Book: https://amzn.to/2Lpbw6Z GNS3 EVE-NG VIRL Packet Tracer 10x Engineer CCNA Cisco Devnet Associate CCNP Enterprise CCNP Security CCNP Data Center CCNP Service Provider CCNP Collaboration Cisco Certified Devnet Professional Cisco Certified Network Professional LPIC 1 LPIC 2 Linux Professional Institute LX0-103 LX0-104 XK0-004 David's details: YouTube: https://www.youtube.com/davidbombal Twitter: https://www.twitter.com/davidbombal Instagram: https://www.instagram.com/davidbombal LinkedIn: https://www.linkedin.com/in/davidbombal Facebook: https://www.facebook.com/davidbombal.co Website: http://www.davidbombal.com #gns3 #eveng #virl

David Bombal
#95: GNS3 Install: VMware Workstation Pro

David Bombal

Play Episode Listen Later Oct 14, 2019 21:37


Want to know how to install, configure and setup GNS3 2.2? Well, these videos show you how. In this video, I show you how to integrate the GNS3 VM with the GNS3 GUI, setup Intel VTX in your computer's BIOS and make sure nested virtualization is enabled. Follow these steps to make sure you can get your GNS3 network working in preparation to run Cisco devices such as Cisco VIRL appliances on GNS3. In subsequent videos I'll show you how to download Cisco IOS images and use them in GNS3. Previous Video: https://youtu.be/Ibe3hgP8gCA ================================= Menu: ================================= Overview: 0:01 Download GNS3 VM: 2:19 Download VMware Workstation: 4:10 Install VMware Workstation: 5:03 Import GNS3 VM into VMware: 7:50 GNS3 GUI and GNS3 VM integration: 8:32 KVM support available: True: 10:30 Configure VTx in Computer BIOS: 11:04 Enable GNS3 KVM Support: 13:45 GNS3 RAM and CPU: 14:12 New Project: 16:25 Save project and restore project: 18:45 ================================= Calculators: ================================= VIRL Resource Calculator: http://bit.ly/sizevirl GNS3 Calculator http://bit.ly/gns3requirements ================================= GNS3 links: ================================= GNS3 website: https://gns3.com/ GNS3 GitHub page: https://github.com/GNS3/gns3-gui/releases Free Solar-PuTTY: http://bit.ly/SolarPutty Free Engineers Toolset: http://bit.ly/gns3toolset What is VTX / x86 virtualization? https://en.wikipedia.org/wiki/X86_virtualization ================================= Free Software: ================================= SolarWinds TFTP Server: http://bit.ly/2mbtD6j WAN Killer: http://bit.ly/wankiller Engineers Toolset: http://bit.ly/gns3toolset IP Address Scanner: http://bit.ly/swipscan Network Device Scanner: http://bit.ly/swnetscan Wifi Heat Map: http://bit.ly/wifiheat Wifi Analyzer: http://bit.ly/swwifianalyzer SolarWinds NPM: http://bit.ly/getnpm ================================ Books: ================================= Cisco Press Book: https://amzn.to/2LpaU1a Good O'Reilly Book: https://amzn.to/2Lpbw6Z GNS3 EVE-NG VIRL Packet Tracer 10x Engineer CCNA Cisco Devnet Associate CCNP Enterprise CCNP Security CCNP Data Center CCNP Service Provider CCNP Collaboration Cisco Certified Devnet Professional Cisco Certified Network Professional LPIC 1 LPIC 2 Linux Professional Institute LX0-103 LX0-104 XK0-004 David's details: YouTube: https://www.youtube.com/davidbombal Twitter: https://www.twitter.com/davidbombal Instagram: https://www.instagram.com/davidbombal LinkedIn: https://www.linkedin.com/in/davidbombal Facebook: https://www.facebook.com/davidbombal.co Website: http://www.davidbombal.com #gns3 #eveng #virl

David Bombal
#93: Do you know these Cisco IOS Commands?

David Bombal

Play Episode Listen Later Oct 7, 2019 15:19


How well do you know the Cisco IOS? Do you know these Cisco IOS commands? Hidden giveaways in this video :) Amaze others with your knowledge of the Cisco IOS. You don't need python for these scripts. Rock that job interview and show senior network engineers what you can do. Keep on learning and change your life. Get that good paying job by showing your skills. ================================= Menu: ================================= ^ 1:06 $ 1:52 . 2:26 2:54 | 3:20 linenum 4:44 _ 5:55 ? 6:35 sh run all 8:15 default interface 11:05 reload in / at 12:24 ================================= Documentation: ================================= Cisco IOS Fundamentals: http://bit.ly/2k3YFMG ================================ Books: ================================= Cisco Press Book: https://amzn.to/2LpaU1a Good O'Reilly Book: https://amzn.to/2Lpbw6Z ================================= Free TFTP Server: ================================= Free SolarWinds TFTP Server: http://bit.ly/2mbtD6j 10x Engineer CCNA Cisco Devnet Associate CCNP Enterprise CCNP Security CCNP Data Center CCNP Service Provider CCNP Collaboration Cisco Certified Devnet Professional Cisco Certified Network Professional LPIC 1 LPIC 2 Linux Professional Institute LX0-103 LX0-104 XK0-004 David's details: YouTube: https://www.youtube.com/davidbombal Twitter: https://www.twitter.com/davidbombal Instagram: https://www.instagram.com/davidbombal LinkedIn: https://www.linkedin.com/in/davidbombal Facebook: https://www.facebook.com/davidbombal.co Website: http://www.davidbombal.com #linux #cisco #DevNet

David Bombal
#92: Python and Linux on Cisco IOS?

David Bombal

Play Episode Listen Later Oct 2, 2019 29:40


Run Python and Linux directly on IOS XE? Yes you can! Take your network automation skills to the next level with scripting and automation directly on Cisco devices. You can be a DevNet Engineer! Amaze others with your knowledge of the Cisco IOS. You don't need python for these scripts. Rock that job interview and show senior network engineers what you can do. Keep on learning and change your life. Get that good paying job by showing your skills. Menu: Overview: 0:01 Lab Setup (GNS3 / CSR): 2:00 IOS XE & Container explanation: 3:14 Guestshell Setup: 7:14 Access the Linux Shell: 13:48 Sort out routing: 15:11 SSH to Guestshell remotely: 19:30 Install applications: 22:20 Python scripting: 23:14 ================================= Documentation: ================================= Cisco IOS Shell Configuration Guide: http://bit.ly/2kwMyYN ================================ Books: ================================= Cisco Press Book: https://amzn.to/2LpaU1a Good O'Reilly Book: https://amzn.to/2Lpbw6Z ================================= Free TFTP Server: ================================= Free SolarWinds TFTP Server: http://bit.ly/2mbtD6j ================================= Free DevNet Labs: ================================= DevNet Lab: Introduction to the Guest Shell: http://bit.ly/2oq9fj7 DevNet Lab: Introduction to On-Box Python: http://bit.ly/2nEXjcI ================================= CSR Configuration steps: ================================= ! Check if service is running en show iox-service ! Configure Basics conf t hostname CSR1 interface GigabitEthernet1 no shut ip address 10.1.1.1 255.255.255.0 exit exit ! Enable the service conf t iox exit show iox-service ! Configure Virtual Port conf t interface VirtualPortGroup0 ip unnumbered GigabitEthernet1 exit exit ! Enable the guestshell guestshell enable VirtualPortGroup 0 guest-ip 10.1.1.2 ! Access guestshell guestshell run bash ! Add DNS information to Linux container echo nameserver 8.8.8.8 | sudo tee —append /etc/resolv.conf ! Need to set up routing so Router knows how to route conf t ip route 10.1.1.2 255.255.255.255 virtualportgroup 0 ip route 0.0.0.0 0.0.0.0 10.1.1.254 ip domain-lookup ip name-server 8.8.8.8 exit ! Check stuff on guestshell host ====================== sudo ifconfig cat /etc/resolv.conf !Add a user sudo useradd david sudo passwd david ! Install nano and Python 3 sudo yum install nano -y ! You don't need Python3 for these script examples sudo yum install python3 ================================= Python Script: ================================= import sys import cli cli.executep(‘show ip int brief') cli.executep(‘show ver') ================================= Documentation ================================= Programmability Configuration Guide, Cisco IOS XE Fuji 16.9.x: http://bit.ly/2lUSETq Programmability Configuration Guide, Cisco IOS XE Gibraltar 16.10.x: http://bit.ly/2mErAIo DevNet presentation: http://bit.ly/2lWedD8 Hank Preston: http://bit.ly/2nu4VyG DevNet 10x Engineer CCNA Cisco Devnet Associate Python Devnet cert CCNP Enterprise CCNP Security CCNP Data Center CCNP Service Provider CCNP Collaboration Cisco Certified Devnet Professional Cisco Certified Network Professional LPIC 1 LPIC 2 Linux Professional Institute LX0-103 LX0-104 XK0-004 David's details: YouTube: https://www.youtube.com/davidbombal Twitter: https://www.twitter.com/davidbombal Instagram: https://www.instagram.com/davidbombal LinkedIn: https://www.linkedin.com/in/davidbombal Facebook: https://www.facebook.com/davidbombal.co Website: http://www.davidbombal.com #python #linux #DevNet

David Bombal
#91: Linux scripts on Cisco IOS?

David Bombal

Play Episode Listen Later Oct 2, 2019 11:54


Did you know you could use these Linux Shell scripts directly on Cisco IOS! No need to use Python or use a Linux VM. Just run these directly on Cisco IOS! You can be a 10x Engineer! Amaze others with your knowledge of the Cisco IOS. You don't need python for these scripts. Rock that job interview and show senior network engineers what you can do. Keep on learning and change your life. Get that good paying job by showing your skills. ================================= Documentation: ================================= Cisco IOS Shell Configuration Guide: http://bit.ly/2kwMyYN ================================ Books: ================================= Cisco Press Book: https://amzn.to/2LpaU1a Good O'Reilly Book: https://amzn.to/2Lpbw6Z ================================= Free TFTP Server: ================================= Free SolarWinds TFTP Server: http://bit.ly/2mbtD6j You don't need a linux shell or linux virtual machine to use these commands. You can use them directly in classic Cisco IOS! ================================= Script 1: ================================= for xx in `interface Ethernet`; do echo $xx; done ================================= Script 2: ================================= for xx in `interface Ethernet`; do echo $xx `show int $xx | inc input errors` ; done ================================= Script 3: ================================= function shrun(){ n=-1 while true; do let n++ if [[ $n -le 3 ]]; then show run int g0/$n echo $n else break; fi done } 10x Engineer CCNA Cisco Devnet Associate CCNP Enterprise CCNP Security CCNP Data Center CCNP Service Provider CCNP Collaboration Cisco Certified Devnet Professional Cisco Certified Network Professional LPIC 1 LPIC 2 Linux Professional Institute LX0-103 LX0-104 XK0-004 David's details: YouTube: https://www.youtube.com/davidbombal Twitter: https://www.twitter.com/davidbombal Instagram: https://www.instagram.com/davidbombal LinkedIn: https://www.linkedin.com/in/davidbombal Facebook: https://www.facebook.com/davidbombal.co Website: http://www.davidbombal.com #linux #cisco #DevNet

David Bombal
#90: How well do you know Cisco IOS?

David Bombal

Play Episode Listen Later Sep 25, 2019 19:39


Do you know these time saving Cisco IOS commands? Did you know this was possible traditional Cisco IOS? Use /, +, -, grep, include, section, exclude and lots more directly on Cisco IOS. Be a 10x engineer and show the world your Cisco and Linux skills. ================================= Menu: ================================= Documentation Reference: 0:27 Network Topology: 0:59 Cool IOS commands: / + - : 1:35 Linux options on Cisco IOS: 10:17 Personalized sections using grep: 12:30 ================================= More information here: ================================= Cisco IOS Fundamentals: http://bit.ly/2mTmnfL Linux Shell: http://bit.ly/2kwMyYN ================================= Books: ================================= Cisco Press Book: https://amzn.to/2LpaU1a Good O'Reilly Book: https://amzn.to/2Lpbw6Z You don't need a linux shell or linux virtual machine to use these commands. You can use them directly in classic Cisco IOS! 10x Engineer Cisco Devnet Associate CCNP Enterprise CCNP Security CCNP Data Center CCNP Service Provider CCNP Collaboration Cisco Certified Devnet Professional Cisco Certified Network Professional DevNet LPIC 1 LPIC 2 Linux Professional Institute LX0-103 LX0-104 XK0-004 David's details: YouTube: https://www.youtube.com/davidbombal Twitter: https://www.twitter.com/davidbombal Instagram: https://www.instagram.com/davidbombal LinkedIn: https://www.linkedin.com/in/davidbombal Facebook: https://www.facebook.com/davidbombal.co Website: http://www.davidbombal.com #linux #ccna #DevNet

David Bombal
#86: Network Automation: Schedule Cisco config backups with kron and archive

David Bombal

Play Episode Listen Later Sep 17, 2019 16:47


Network Automation isn't difficult. With just a few CLI commands you can automate the backup of your Cisco networks. Use Kron and archive to back up configs to TFTP, FTP or SCP servers. Don't try to do everything manually. Automate it! Just like cron in Linux, you can use kron on Cisco IOS to schedule things. Schedule backups, schedule TCL scripts and much more. Amaze others with your knowledge of the Cisco IOS. You don't need python for these scripts. Rock that job interview and show senior network engineers what you can do. Keep on learning and change your life. Get that good paying job by showing your skills. Menu: 1) Intro: 0:01 2) IOS requirements: 2:02 3) Lab Setup: 2:42 4) Kron config: 4:24 5) Archive config: 9:01 In later videos I'll show you how to use Python scripts and other cool options on Cisco IOS devices. ================================ Free TFTP Server: ================================= Free SolarWinds TFTP Server: http://bit.ly/2mbtD6j ================================= Documentation: ================================= Kron: http://bit.ly/2kkgIhU Archive: http://bit.ly/2kI8BMb http://bit.ly/2mgQa1L ================================= Books: ================================= Cisco Press Book: https://amzn.to/2LpaU1a Good O'Reilly Book: https://amzn.to/2Lpbw6Z ================================= Kron Script: ================================= kron policy-list backupconfig cli show running-config | redirect tftp://10.1.3.4/r1-shrun.cfg kron occurrence backupminute in 1 recurring policy-list backupconfig kron occurrence backupweekly at 23:00 Sun recurring policy-list backupconfig debug kron all show kron schedule ================================= Archive Script: ================================= archive log config logging enable hidekeys path tftp://10.1.3.4/$h- wr time-peiod 10080 ! sh archive ================================= 10x Engineer CCNA DevNet Cisco Devnet Associate CCNP Enterprise CCNP Security CCNP Data Center CCNP Service Provider CCNP Collaboration Cisco Certified Devnet Professional Cisco Certified Network Professional Python Network Automation Network Programmability LPIC 1 LPIC 2 Linux Professional Institute LX0-103 LX0-104 XK0-004 How did you find this video? Did you enjoy learning about kron and the archive of your configs? scripts? All the best! David Bombal David's details: YouTube: https://www.youtube.com/davidbombal Twitter: https://www.twitter.com/davidbombal Instagram: https://www.instagram.com/davidbombal LinkedIn: https://www.linkedin.com/in/davidbombal Facebook: https://www.facebook.com/davidbombal.co Website: http://www.davidbombal.com #ccna #devnet #python

David Bombal
#85: 10x Engineer: Linux, TCL and EEM scripts directly on Cisco IOS!

David Bombal

Play Episode Listen Later Sep 17, 2019 19:14


Learn TCL, Embedded Event Manager and Linux Shell scripts on Cisco IOS! No need to use Python or use a Linux VM. Just run these directly on Cisco IOS! You can be a 10x Engineer! Amaze others with your knowledge of the Cisco IOS. You don't need python for these scripts. Rock that job interview and show senior network engineers what you can do. Keep on learning and change your life. Get that good paying job by showing your skills. Menu: 1) TCL Scripts: 2:00 2) Embedded Event Manager Scripts: 7:45 3) Linux Scripts: 14:05 In later videos I'll show you how to use Python scripts and other cool options on Cisco IOS devices. ================================ Free TFTP Server: ================================= Free SolarWinds TFTP Server: http://bit.ly/2mbtD6j ================================= Documentation: ================================= TCL: http://bit.ly/2mbkRoT EEM: http://bit.ly/2lQZWHl Shell: http://bit.ly/2kwMyYN ================================= Books: ================================= Cisco Press Book: https://amzn.to/2LpaU1a Good O'Reilly Book: https://amzn.to/2Lpbw6Z ================================= TCL Script: ================================= tclsh foreach ipaddr { 10.1.1.1 10.1.1.2 10.1.1.3 10.1.1.4 10.1.1.1 10.1.1.2 10.1.1.3 } { ping $ipaddr} tclsh ping.tcl ================================= EEM Script: ================================= event manager applet GIG0_DOWN event syslog pattern "Interface GigabitEthernet0/0, changed state to administratively down" period 1 action 1.0 cli command "enable" action 2.0 cli command "config terminal" action 3.0 cli command "interface g0/0" action 4.0 cli command "shutdown" action 5.0 cli command "no shutdown" action 6.0 syslog msg "What's going on? GIG 0/0 went down!" ! end debug event manager action cli ================================= Linux Shell Script: ================================= for x in 1 2 3 do ping 10.1.1.$x done function testping(){ ping 10.1.1.1 ping 10.1.1.2 ping 10.1.1.3 ping 10.1.1.4 } function testecho(){ echo 10.1.1.1 echo 10.1.1.2 echo 10.1.1.3 echo 10.1.1.4 } 10x Engineer CCNA Cisco Devnet Associate CCNP Enterprise CCNP Security CCNP Data Center CCNP Service Provider CCNP Collaboration Cisco Certified Devnet Professional Cisco Certified Network Professional LPIC 1 LPIC 2 Linux Professional Institute LX0-103 LX0-104 XK0-004 How did you find this video? Did you enjoy learning about tcl, eem and linux scripts? All the best! David Bombal David's details: YouTube: https://www.youtube.com/davidbombal Twitter: https://www.twitter.com/davidbombal Instagram: https://www.instagram.com/davidbombal LinkedIn: https://www.linkedin.com/in/davidbombal Facebook: https://www.facebook.com/davidbombal.co Website: http://www.davidbombal.com #linux #ccna #devnet

David Bombal
#82: 10x Engineer: What? You can do this on Cisco IOS?

David Bombal

Play Episode Listen Later Sep 10, 2019 16:15


Wow! You can run these amazing Linux commands on Cisco IOS? And without a Linux shell? Just run these directly on Classic Cisco IOS switches and routers! Use grep, man, head, tail, cat and many other Linux commands directly on Cisco IOS. More information here: http://bit.ly/2k3YFMG You don't need a linux shell or linux virtual machine to use these commands. You can use them directly in classic Cisco IOS! 10x Engineer Cisco Devnet Associate CCNP Enterprise CCNP Security CCNP Data Center CCNP Service Provider CCNP Collaboration Cisco Certified Devnet Professional Cisco Certified Network Professional LPIC 1 LPIC 2 Linux Professional Institute LX0-103 LX0-104 XK0-004 David's details: YouTube: https://www.youtube.com/davidbombal Twitter: https://www.twitter.com/davidbombal Instagram: https://www.instagram.com/davidbombal LinkedIn: https://www.linkedin.com/in/davidbombal Facebook: https://www.facebook.com/davidbombal.co Website: http://www.davidbombal.com #linux #cisco #DevNet

David Bombal
#84: 10x Engineer: Linux commands on Cisco IOS? Wow!

David Bombal

Play Episode Listen Later Sep 10, 2019 15:33


You can run amazing Linux commands such as grep, line numbers, scripts and more on Cisco IOS! And without a Linux shell! Just run these directly on Classic Cisco IOS switches and routers! Use grep, man, head, tail, cat and many other Linux commands directly on Cisco IOS. Menu: 1) IOS version required: 2:09 2) IOS XE vs Classic IOS: 2:42 3) Terminal vs config mode: 5:00 4) grep -i (ignore case): 7:39 5) line numbers on any command: 9:28 6) Sorting the output: 12:41 Previous Video in series: https://youtu.be/31XuFB50oe8 Cisco IOS Shell Configuration Guide: http://bit.ly/2kwMyYN IOS vs IOS XE (via cows): http://bit.ly/2kcAWKq IOS XE: https://en.wikipedia.org/wiki/Cisco_IOS_XE You don't need a linux shell or linux virtual machine to use these commands. You can use them directly in classic Cisco IOS! 10x Engineer CCNA Cisco Devnet Associate CCNP Enterprise CCNP Security CCNP Data Center CCNP Service Provider CCNP Collaboration Cisco Certified Devnet Professional Cisco Certified Network Professional LPIC 1 LPIC 2 Linux Professional Institute LX0-103 LX0-104 XK0-004 David's details: YouTube: https://www.youtube.com/davidbombal Twitter: https://www.twitter.com/davidbombal Instagram: https://www.instagram.com/davidbombal LinkedIn: https://www.linkedin.com/in/davidbombal Facebook: https://www.facebook.com/davidbombal.co Website: http://www.davidbombal.com #linux #cisco #DevNet

David Bombal
#74: Will Dynamips and VPCS be removed from GNS3?

David Bombal

Play Episode Listen Later Aug 26, 2019 11:31


David Bombal talks to Jeremy Grossmann (creator of GNS3) about the future of GNS3. Here we discuss Dynamips and VPCS and their future in GNS3. Will they be removed from GNS3? Are they recommended? What do they actually do? What should be used instead of them? Does Dynamips support switching? In future videos we will discuss additional options in gns3 such as Cisco VIRL and IOU. Menu: 0:12 - Devices in GNS3. It can be confusing. What is Dynamips 0:57 - Does GNS3 support switching? 1:17 - Are they real IOS images? 1:47 - Issue 1: Where do I get Cisco images? Cisco restrictions. 2:07 - Issues 2: Only older versions of Cisco IOS are supported on a lot of platforms 2:11 - Is it stable? Issue 3: More memory and processor intensive 2:25 - What is Idle PC Value 4:23 - Advantage 1: Supports serial interfaces 4:50 - Dynamips is a dying product 5:00 - You can run Dynamips locally 5:40 - What does Jeremy recommend we use? 5:50 - Switching in Dynamips? 7:18 - Will Dynamips be removed from GNS3? 7:48 - What is VPCS? 8:28 - What is the advantage of VPCS? 8:55 - Should we be using VPCS? 9:58 - Will VPCS be removed from GNS3? David's details: YouTube: https://www.youtube.com/davidbombal Twitter: https://www.twitter.com/davidbombal Instagram: https://www.instagram.com/davidbombal LinkedIn: https://www.linkedin.com/in/davidbombal Facebook: https://www.facebook.com/davidbombal.co Website: http://www.davidbombal.com #gns3 #dynamips #virl

David Bombal
#64: GNS3 2.2 New Feature: Link Status Detection

David Bombal

Play Episode Listen Later Jul 16, 2019 9:05


Fantastic new feature is available in GNS3 2.2! Cisco IOS routers and switches (and others) can detect the status of interfaces - is the cable plugged in? Or not? Has the link been suspended? GNS3 2.2 New Feature: Detect when a link is plugged/unplugged for Qemu VMs. Qemu VMs will be informed when a link is plugged or unplugged or even when suspended. This should be really useful when testing redundancy scenarios, protocol convergence etc. This will really help with gns3 labs in future! #gns3 #gns3tutorial GNS3VM

David Bombal
#62: GNS3 IOS Images: Build a Cisco VIRL gns3 network

David Bombal

Play Episode Listen Later Jul 8, 2019 14:05


In this video I show you how to download Cisco IOS images and Cisco VIRL images to run IOSv, IOSvL2 in GNS3 2.2. I can only show you LEGAL ways of doing this. Please DO NOT ask for images that I am unable to provide. Previous videos in this series: Video 1: https://youtu.be/LvLGEKD-oqA Video 2: https://youtu.be/R6fSub4ycTk Video 3: https://youtu.be/anYw9pbAUiI Want to know to install, configure and setup GNS3 2.2? Well, these videos show you. In my first video, I show you how to download the components you require and how to install the GNS3 GUI on Windows 10. We build a basic network with GNS3. In the second video I show you how to use the GNS3 2.2 Web-UI and in this video I show you how to integrate the GNS3 VM with the GNS3 GUI. In the next video I show you how to build a network using Cisco VIRL IOS images. Thank you Jeremy for all your hard work creating and updating GNS3! #gns3 #gns3virl #gns3ios

Technically Religious
S1E9 - The Only Constant is Change

Technically Religious

Play Episode Listen Later Apr 30, 2019 26:04


In IT we know that the only constant is change. And for the most part, that's OK. What is difficult is when standards or processes are framed as immutable, and THEN they change. How do we adjust when the company spends $5million on a data center expansion, and then moves everything to the cloud 2 years later? Or when Windows abandons the GUI and goes to CLI, while Cisco moves away from IOS commands and on to GUI and API-driven interfaces? Does our religious/ethical/moral background help (or hinder) us from accepting and adapting to these moments in our work as IT pros? In this episode Kate, Josh, and Leon try to unpack the question and formulate some answers. Listen or read the transcript below. Leon: 00:00 Hey everyone. It's Leon. Before we start this episode, I wanted to let you know about a book I wrote. It's called The Four Questions Every Monitoring Engineer is Asked", and if you like this podcast, you're going to love this book. It combines 30 years of insight into the world of IT with wisdom gleaned from Torah, Talmud, and Passover. You can read more about it including where you can get a digital or print copy over on adatosystems.com. Thanks! Kate: 00:25 Welcome to our podcast where we talk about the interesting, frustrating and inspiring experience we have as people with strongly held religious views working in corporate IT. We're not here to preach or teach you our religion (or lack thereof). We're here to explore ways we make our career as IT professionals mesh - or at least not conflict - with our religious life. This is Technically Religious. Leon: 00:49 Last week, the Church of Jesus Christ of Latter Day Saints made an announcement which sent shock waves through the Mormon community and tremors throughout many other religious communities as well. We'll get into the details about that in a minute. But it caused us here at Technically Religious to think about how supposedly immutable truths, whether we're talking about replacing Latin with English during mass or Microsoft's adoption of open source, affect us and how we deal with those changes. Joining the conversation today is Kate Asaff Kate: 01:17 Hello. Leon: 01:18 And Josh Biggley. Josh: 01:20 Yeah, it's still cold in Canada! Leon: 01:23 and I'm Leon Adato and it's slightly warmer here in Cleveland. So Josh, do us a favor and run us down just the main points of the announcement from last week. Josh: 01:34 Sure. So this announcement was made in early April, and in order to understand it, we have to go all the way back to November, 2015, and maybe even a little further. So the Organization of the Mormon Church, or the LDS church, or the Church of Jesus Christ of Latter Day Saints, is such that it's a top down organization. So the President, or prophet, of the church, he makes a declaration, often he has to get his two counselors and the other 12 men that sit on the quorum of the 12 apostles. And then those 15 men make these proclamations. So in November of 2015, the church released a policy internally, that was leaked, and then they had to address it publicly, that said that any child who had parents who were of the same gender, so you're in a same sex-relationship or a same-gender relationship or if you are trans-gendered - first, they were now labeled apostates. And that's really heavy language within any religious community. There's one thing to have transgressed, but there's another thing to be considered an apostate. And then in addition to them being an apostate, they also said that no child whose primary residence was with those same sex couples could receive any ordinances within the church. So that spans the entire gamut of: You could not be blessed as an infant within the church; to: you couldn't be baptized; to: if you were in the church - there are certain things that you that you undertake within Mormonism, you know, if you're a boy at the age of 12 (and now the age of 11) you can receive the priesthood - just things that you can't do, many of those rites of passage. So last week, and of course we're recording this in the early days of April, so last week the church came out and said, "Hey, that policy that was put into place in November of 2015? We're going to change that policy. And we're going to make it so that now if you are the child of an LGBTQ family, you can be baptized as an infant, you can be blessed within the church, under the understanding that of course the church is going to reach out to you and, throughout your lifetime because you are now officially a member of the church, once you're, once you're blessed and in the LDS church. That's a huge change because leadership within the church and members at large - admittedly myself prior to my transition away from Mormonism - defended that policy with a couple of talking points. First and foremost that the prophet, he specifies what is the will of God. He speaks for God. He's God's mouthpiece on earth. And second that this was an act of kindness, because we didn't want to - as a church - we didn't want to have people, with their children attending the Mormon church where the Mormon church was teaching that their parents were apostates. And then having to go home to their parents and say, "Hey mom and dad...", sorry... I got... hey, look at that. "Hey Mom and mom, dad and dad." Or "Hey, mom and dad, you know, dad and dad or mom and mom. You're an apostate." Or "You know, we think that you should be excommunicated." And all those horrible things that go along with that. So yeah, that's um, that was huge. I was pretty... I'll admit I was pretty pissed off on Thursday. Not because I disagree with the change that children should be allowed to join whatever church they want to regardless of their parents. I was just pissed off because lots of people put a lot of time and effort into setting aside their personal views and trying to make it so that they align with what they were being told from the top of the church. And then the church went, "Hey, by the way, we're going to change." Leon: 05:36 Right. And you'd actually mentioned in an earlier episode when we talked about opposing as you follow, you said that that was one of the things that caused you and your family to move away from the Mormon church for a while. And then you came back and you suffered censure and a bunch of other things for those views. So you directly experienced some of that just for expressing an opinion. Josh: 05:58 Yeah. And that actually goes back pretty far in my marriage. That goes back probably 15 years ago when that particular experience happened. I mean, just to give some context and then, and I know that we want to talk about this as a foundation for IT. And I think there's a great parallel. And Leon, thanks for calling it out. Harold B. Lee, who was the president of the church from July of 1972 until his death in December of 1973, he said this: "You may not like what comes from the authority of the Church. It may contradict your political views. It may contradict your social views. It may interfere with some of your social life. But if you listen to these things, as if from the mouth of the Lord himself, with patience and faith, the promise is that 'the gates of hell shall not prevail against you; yea, and the Lord God will disperse the powers of darkness from before you, and cause the heavens to shake for your good, and his name's glory." So, you know, pretty powerful language from the LDS church. Fortunately in IT, apart from Mac users, right Kate? Nobody thinks that their salvation from any of their other platforms. Leon: 07:09 I think actually, yeah, there is actually a Mac airbook that blocks the gates of hell. Kate: 07:14 It's actually an iPad. Leon: 07:18 Oh, of course. It would be. And that, with making a little bit of lighthearted humor is where I actually want to go, which is the IT aspects of that. But before we dig too far into that can we think - the three of us - can we think of any other analogs in religions that may have been that same kind of thing? Again, I'm not talking about the fact that things change. I'm talking about things that were supposedly immutable, or somewhat permanent, and then the group, the organization sort of pivoted away from it. And, and I brought up one which was the change from the Catholic mass from Latin to English, which you know, happened I think in the seventies, if I remember correctly? I could be wrong because I don't pay very much attention to that kind of stuff. But I remember that it caused quite a bit of a stir, Josh: 08:13 Yeah, the ordination of women in the United Methodist Church, which happened well before I was born back in the mid fifties is an interesting one. Again, linking it to Mormonism. A woman named Kate Kelly founded an organization called Ordain Women. She's a lawyer and an activist and she was excommunicated by the LDS church in June, 2014. So everyone kind of waits for the day in which women will be ordained within the Mormon church or within the the LDS church. I don't know if it's going to happen, but we certainly see that adopted. And that's a huge thing, right? Because traditionally, you know, as far back as tradition goes religions tended to be very patriarchal. Where, you know, men were the heads, the household, they were the heads of the church. And so for the United Methodist to allow women to be ordained officially, even though it had been doing it for a long time, unofficially. That was huge. Kate: 09:04 It kinda reminds me in the 90's when the Catholic Church decided to start allowing girls to be altar servers. I remember there was a cardinal in Boston who had saw these girls serving and before the proclamation came from the Vatican, the story I heard was that he told the congregation, "Get these girls out of here." He didn't want to see them serving and that it was something, obviously 20 years later it has stuck with me Leon: 09:34 With religion you have things that really are dogmatic. Sometimes we throw that word around somewhat flippantly but religion actually is dogmatic. It has, you know, strictures or rules that are, at least in the eyes of it, internally immutable. And so you've got that. But pivoting to the IT piece, I want to talk a little bit about, about that. What are some of those changes? It's not going to change and then it does and you have to suddenly cope with it. What are some of the ones that we've either heard about or experienced ourselves? Kate: 10:08 Well since you guys were poking fun of me a little bit earlier as being a devoted Apple fan girl I will bring up the 2006 when Apple changed from Motorola to Intel processors. That was a huge thing for the Apple community and you know, many of us had spent years structuring these complex arguments as to why RISC processors are better than CISC processors and you know, insisting that megahertz and gigahertz aren't true measures of processing power. And then all of a sudden, like everything for us was just blown away overnight. Now Macs were Intel based and we kind of had to let go of, you know, our are sworn allegiance to the Motorola chipset. Leon: 10:56 That's, I'm going to say funny, not funny ha ha, but I just had, I would never have expected that to be overwhelming to a community. But I can see that the way that you describe it, I can absolutely understand that you had an emotional investment in a particular hardware standard. Josh: 11:16 Yeah. Well, I think that functional workspace, right? You know, Kate, you talked about defending the position of you know, RISC processors. That's why it's good. That's why it's the thing that makes Apple as awesome as it is. And we all go through that. You know, I've been in the industry long enough that I remember walking into data centers and seeing literally big metal, there were mainframes sitting on the data center floor. The idea that we would virtualize? It blew people's minds and I was like, I thought that was a great idea. Let's virtualize, let's get density. I will admit to being a little slower to adopt a shift to cloud because it, it put in place some barriers to entry for me. When I started my career, I loved the idea of networking, although I'm not a networking engineer, but I loved the idea that you could plug in cables and lights would start blinking and things just work. You know, there was, there was a command line and I actually, I had a reputation for asking questions in class, like "How do you do that from the command line?" But it got beaten out of me. I was that guy. But it got beaten out of me because Windows was the thing, Windows and at the time, a Netware were the platforms for for server managers and that's where I was headed. We've made this swing to having to code, and I don't code, but everything is code now. Networking is code, storage code, servers are code, everything is code. I'm made a very firm stance early in my career that I didn't want to code because I wasn't good at it. I'm still not good at it. I feel like I'm fumbling with 14 hands tied behind my back. I don't know what the analogy is. I just feel dumb. I feel like I'm the guy smashing his face on his keyboard trying to make things work anytime I code. So I get it. Those shifts are hard, and they're not hard because we don't, I don't want to accept the shift to cloud. It's hard because it makes me address other deficiencies in myself that I don't know that I'm 100% ready to address. Speaker 1: 13:24 And I think that that's actually a good point is that the change, the changes themselves may not be so troublesome, but they address either inadequacies or perceived inadequacies in ourselves and we don't like that. We don't always like to have a mirror held up to it. Sometimes I think it's not that though. So given a quintessential example, and I think many of us in IT have experienced this, where on Monday the business says, "Hey, you know, this event is occurring," whether it's a merger or an acquisition or whatever it is, "but don't worry, nothing's going to change for you. Everything's going to be just fine." And then Friday, metaphorically, they say, "Oh, by the way, we're shutting down the location" or "You're being let go" or you know, "We're moving this entire department to merge with this other department" or whatever it is. And, whether it happens in days or weeks or months, "You first told me nothing was going to change. And then it did." And that's the part that I think a lot of us have a hard time coping with. Don't tell me that it's not going to change when you know full well that it is. Enough times in business, things change and everyone says, oh yeah, we had no way of knowing that was going to happen. Those changes are unpredictable and so you just deal with them. But when it's clearly predictable, that's the part I think that is more difficult for us in IT to deal with. And I think that's the whole point of vendors offering what's known as LTS, Long Term Support, for something, like "We promise we're not going to pull the rug out from under you for x years." Josh: 15:09 I want to make sure that we understand or at least that we agree that IT is not religion. Religion is not IT. There's certainly some overlap and are dogmatic beliefs on both sides of of the row. But I tweeted earlier today and I'm going to read it, "A gentle reminder that you are more than your nationality, favorite sports team, political party, or religious ideology. Be more than the sum of your parts. Be better than your weakest part. Be human." And I think that that applies to IT as well. You might have been the person who was responsible for gateway computers, probably cause you liked cows. I don't know. Just because that is what you've always done doesn't mean it's what you always need to do. You are more than capable of transitioning and learning something new. And a coworker of mine, Zach, if you're listening, shout out, he will, he will admit that I am not a great scripter, but I'm also more than capable of being taught how to be an okay scripter, you know? Under his tutelage, I've become kind of useful with powershell and I have even remotely built some shell scripts recently. So it's possible you can be something more than what you thought you always were. And that is really a beautiful thing, both in IT and in humanity. Leon: 16:31 And I've written about that in the past. And I probably will again in response to this podcast about that's actually not what you are. You might be, you know, a Cisco IOS command line jockey. You might be, you know, you might know everything there is to know about the Apple platform, whatever it is, but that's not actually what makes you a great IT professional. What makes you a great IT professional is your sensibilities. The fact that you understand how networking works, how hardware reacts with software, how architecture and design and you know an idea converts itself and moves through the pipeline into an actual product. Those are the things that make you a great IT practitioner and those things will persist even when the foundational platform - software or hardware - change. But again, just to drive it back again, the point is that, you know, we know things change, but when we are told something is not going to change and then it does, what do we do about that? So my question does our perspective, our outlook, whether it's religious or philosophical, whether it's moral or ethical, does that make it easier or harder to deal with? Kinds of events that you know, we promise it won't change it than it does. On the one hand, I could see someone saying that if you are heavily religious, you come from a strongly dogmatic frame of view, then you carry with you baggage of what "forever" means. And when a vendor or my employer says "It's never going to change, we are standardizing on x," and then they change. That can feel like a betrayal because I brought along, "No, no wait, you said the f word, "forever", so you know that means something to me and you just broke your promise." That could be much harder than somebody who might not have, like I said, that baggage coming along with it. I don't know what, what's your take on that? Kate: 18:36 We talked about this a little bit before, but what I found was interesting about that question was that as an atheist, I obviously have a somewhat fluid view of, you know, how the world works and how things are. I am also, technology-wise the quintessential early adopter. I'm the first day that it's available. I will consume it, upgraded, download it, in any way that I can get the new stuff. I'm on board. Josh: 19:03 So I think that that makes you Kate an IT relativist. There's this great thing within Mormonism about moral relativism and how it's such a bad thing, which that is a whole different discussion, but I think that the very best IT practitioners are those who can balance a bit of that. Conservativis... can't say that word... Conservativism plus that moral relativism within IT that you see the changes, you're willing to bring them in, but you do it in a way that requires that you parse them through your personal and your community experience and then say, "Yes, that's something we actually want to bring in to our enterprise. We're willing to adopt it." You need to know about it so that you can also say to someone who has read a shiny brochure or seen a vendor pitch about how amazing a product is and say, "Nope actually that's not something that we want to do and here's why." And being able to speak to a multitude of points. I think makes us great IT practitioners, if you are just that sole sourced individual who only knows about one technology, you're going to find yourself in some IT challenges. I've got a great friend, who coincidentally is also ex Mormon and his name is also Josh. Interesting point. It's interesting for me to listen to him talk about his challenges within his career. He's a great DBA. He is actually not just a DBA, but he designs databases and he's worked on a bunch of different areas and he has really struggled because he thinks that he's only in that data space. And I want to say to him, "Hey Josh," which is a little weird cause I'm calling my name, "Hey Josh, you need to understand that you're better than what you think that you are because first, you're willing to look at your career and figure out the parts that are really useful for you and you know where your weaknesses are." That, for me, is the big part. Are we willing to look at what we're doing today and understand both its strengths and weaknesses and then leverage the strengths and minimize the weaknesses by adopting other technologies? It would be kind of like me saying, "Hey, Mormonism is still really awesome," - which I do think. There are some wonderful things about Mormonism, but I also am willing to adopt some ideologies from Judaism. Thank you Leon. And I'm also willing and very open to adopting that moral relativism that comes along with atheism and other non traditional religious beliefs." Leon: 21:36 I definitely think, Kate, that we have a new topic idea on the horizon, which is whether or not being staunchly religious makes you more or less likely to be an early adopter of technology. I think as an IT person, I really want to solve that problem because I like new technology and I would hate to think that I'm predisposed as an Orthodox Jew to like not want to do the things. Of course I could be an outlier. I could. So Josh, to your point, I think that that IT is not like religion in the sense that no matter how strongly a vendor or an organization says that something is never going to change, it's gonna. Right? Yeah. I mean we just know that that's the nature of IT, is that things are going to change and probably sooner rather than later when you look at the long game. However, I think one of the things that makes this issue, you know - "It's not going to change," and then it does - similar in both religious and IT contexts is what we as people hope and expect from that event. Which is, I think, that whoever's making the change needs to be transparent about it. I think they need to be intellectually honest about it. And they need to be consistent about it. And what I mean by those things is that they need to say that "This change is happening. We saw it coming, even if we couldn't tell you at the time, but we're telling you now that we knew it was coming. We just had to," you know, whatever it was, the merger was coming, but we couldn't say anything because blah, blah, blah, legal, blah, blah, blah, Wall Street, whatever. Right? Um, it needs to be intellectually honest. We're doing this because it supports our brand values. It supports our corporate goals. It, you know, whatever. And it needs to be consistent. And I think most of all, if people were hurt by that first statement, this is the way it is. "This is the way it's always going to be." And then it changes. And people were hurt. You know, an example that happened a couple of jobs back for me: $5 million investment in a data center, building it out, putting tons of hardware in there, and then they moved to the cloud. What are you kidding me? Like, we just bought all this stuff and the company did say, "We know we hired a lot of you for your depth expertise in on-premises data center operations. And now we're asking, you - we're in fact demanding - that you move to a cloud based model. We know that some of you are going to be upset by this. Some of you may want to leave. We're going to support you in whatever decision you make, but this is the direction we're going. That kind of statement makes it a lot easier to accept the, "We never will... Oops. We are" kind of thing. And I think just to tie it back to our opening topic. I would hope, although I'm not in the community, but I would hope that a statement is made to the families that were hurt within the Mormon community for, you know, the years of being called, you know, apostates and all that stuff, and say "We're really sorry about this and we're going to do what we can to make it better." I would hope that that statement would be forthcoming. I guess time is going to tell. Josh: 24:55 Time will absolutely will. Unfortunately Mormonism does not have a history of apologizing. The unfortunate reality of some of the current leadership has come out specifically and said that the church does not ask for, nor does it offer apologies. Kate: 25:12 A long, long time ago I worked for MCI Worldcom and, if you recall, it is now Verizon business. It was sold to Verizon about 18 months after the CEO promised all of the employees that he was not looking to sell the company. MCI is also a huge company. It had definitely been in the works. So your comment about honesty really struck home with me. Nobody likes to be blindsided by change, but even more, nobody likes to be lied to about it. Josh: 25:45 Thanks for making time for us this week. To hear more of Technically Religious, visit our website, technicallyreligious.com, where you can find our other episodes, leave us ideas for future discussions and connect with us on social media. Kate: 25:59 To paraphrase and old Greek guy, "the only constant in IT is change."

Packet Pushers - Full Podcast Feed
Heavy Networking 425: Advanced Zero Touch Provisioning For Cisco IOS-XR (Sponsored)

Packet Pushers - Full Podcast Feed

Play Episode Listen Later Jan 23, 2019 60:03


On today's Heavy Networking we discuss advanced ZTP features in Cisco's IOS-XR in this sponsored episode. Our guest is Akshat Sharma, a Technical Marketing Engineer at Cisco. The post Heavy Networking 425: Advanced Zero Touch Provisioning For Cisco IOS-XR (Sponsored) appeared first on Packet Pushers.

Packet Pushers - Fat Pipe
Heavy Networking 425: Advanced Zero Touch Provisioning For Cisco IOS-XR (Sponsored)

Packet Pushers - Fat Pipe

Play Episode Listen Later Jan 23, 2019 60:03


On today's Heavy Networking we discuss advanced ZTP features in Cisco's IOS-XR in this sponsored episode. Our guest is Akshat Sharma, a Technical Marketing Engineer at Cisco. The post Heavy Networking 425: Advanced Zero Touch Provisioning For Cisco IOS-XR (Sponsored) appeared first on Packet Pushers.

Packet Pushers - Heavy Networking
Heavy Networking 425: Advanced Zero Touch Provisioning For Cisco IOS-XR (Sponsored)

Packet Pushers - Heavy Networking

Play Episode Listen Later Jan 23, 2019 60:03


On today's Heavy Networking we discuss advanced ZTP features in Cisco's IOS-XR in this sponsored episode. Our guest is Akshat Sharma, a Technical Marketing Engineer at Cisco. The post Heavy Networking 425: Advanced Zero Touch Provisioning For Cisco IOS-XR (Sponsored) appeared first on Packet Pushers.

Show IP Protocols
Bank lost 1 million US Dollars because of outdated routers

Show IP Protocols

Play Episode Listen Later Jul 25, 2018


A recent news was about hackers hacked into a Russian bank because of outdated routers. When I saw the keyword “router”, I felt that I must dig further about what really happened.What I have understood nowThe victim is PIR Bank. One of the suspects is MoneyTaker. After the breach, PIR Bank hired company Group-IB to do the clean-ups, recovery, and investigating how the hackers got into their internal network.Up to this moment, Group-IB disclosed hackers exploited the outdated routers of PIR Bank. The model of the routers was Cisco 800 series routers, which was already declared publicly that the End of Support date would be someday in Year 2016, by Cisco. The running Cisco IOS version was 12.4.My understandingAll the routers involved in this incident in my opinion must had been deployed as Internet VPN routers. They must connect directly to the public Internet. Suppose those routers were purely internal routers without public Internet connections at all, hackers can only have access to them by getting through layers of firewalls. Suppose hackers already had broken through layers of firewalls, then hackers could have attacked directly without exploiting any of those outdated routers.I believe the VPN protocol used should be IPSec. However, IPSec was not to blame for this incident. Vulnerabilities were in the software or the hardware of those installed routers. It might be some discovered vulnerabilities and hackers took advantages of Zero-day Exploits to hack into the network. Hackers either used the hijacked router as a hopping location or changed the access rules so hackers had backdoor accesses to the internal network.I also want to emphasize that Cisco is not to blame. Cisco had already announced End of Support long time ago. If a customer insisted to keep using the old outdated routers, customers should take most of the responsibilities.It was a pity for a loss of nearly 1 Million US Dollars. One million dollars is enough to buy and replace a lot of new routers to prevent this loss.Enterprises should take actions, my suggestionsCreate a complete inventory of routers, especially for those connected to public Internet.Confirm with network hardware providers which routers are being or getting out of support. Create schedules to replace them as early as possible.Make sure all supported routers are running most up-to-date patched operating systems and software.Sun flowers in Taoyuan Agriculture Expo (桃園農業博覽會) 2018.Taoyuan City, TaiwanOne more thing…I don't think we should worry about the architecture of Internet VPN and IPSec protocol itself. Many new technologies are relying on Internet VPN and IPSec. For example, Software-defined Wide Area Network (SD WAN) is built on top of Internet VPN and IPSec.If we make sure all running VPN routers are in healthy condition, Internet VPN architecture is still a cost-effective WAN solution with great flexibilities for enterprises.

Cisco學習資訊分享
停止支援的路由器,讓銀行損失近百萬美金

Cisco學習資訊分享

Play Episode Listen Later Jul 23, 2018


這幾天我在ITHOME看到這則新聞。因為這則新聞,和路由器有關,我自己花了一些時間去深入理解。我目前的理解受害的銀行,是俄羅斯的PIR Bank。有嫌疑的駭客集團是MoneyTaker。事件發生過後,PIR Bank 請Group-IB公司進行入侵事件後的修復和調查。目前Group-IB已公開的資訊指出,駭客是透過停止支援的路由器的漏洞進入。駭客的步驟細節尚未公開。PIR Bank的路由器的型號是 Cisco 800系列路由器。這款路由器的軟硬體,已經在2016年停止支援。作業系統版本是Cisco IOS 12.4.我的解讀這些路由器,我判斷,應該是連接在Internet上面的VPN路由器。如果是封閉在內部網路的路由器,駭客必須穿過好多道防火牆才到的了路由器。假設駭客都能穿過防火牆了,當然也不需要透過路由器的缺陷。VPN加密的保護協定,應該就是IPSec,在這個事件中,本身並沒有被發現缺陷。有缺陷的是路由器軟硬體。駭客應該是透過了Cisco IOS的缺陷,例如針對某個缺陷,作「零時差攻擊」(Zero-day Exploit),控制了路由器之後,將路由器當成攻擊跳板,或是開後門讓駭客從 Internet 進入到內部網路中。這個事件的責任,主要也不在於Cisco,因為Cisco已經公告停止支援了。客戶如果硬要使用停止支援的路由器,客戶需要承擔大部分的風險。好可惜!所損失的一百萬美金,足夠買好多好多全新的路由器了。我給企業的建議立刻盤點現有的路由器,尤其是連結到、暴露在Internet上面的。立刻跟硬體供應商確認,哪些路由器已經停止支援的,或者是即將停止支援的,應該立刻、儘快更換。仍然有支援的路由器,需要逐一確認,上面的作業系統已經是最新修補過的版本。銀杏大道(イチョウ並木),日本北海道大學One More Thing…我建議大家不需要對於Internet VPN架構,或是IPSec協定,有任何恐慌。事實上,好多的網路新架構,例如軟體定義廣域網(Software-defined Wide Area Network, SD WAN),也都是基於Internet VPN和IPSec這樣的技術。只要能夠確保這些路由器隨時維持在最健康的狀態,軟體需要更新就隨時更新,硬體需要更換就隨時更換,Internet VPN架構還是一個同時能夠降低成本,和提升部署彈性的,企業內部智慧型廣域網路的方案。

Securit13 Podcast
Эпизод 97 - GDPR (12.04.2018)

Securit13 Podcast

Play Episode Listen Later May 17, 2018 53:46


Наши ведущие обсуждали эту страшную абревиатуру GDPR еще до того как это стало мейнстримом, но до публикации дошло с опозданием... И все же несколько слов о регуляции и как ее понимают наши ведущие. General Data Protection Regulation https://www.eugdpr.org/ How Europe's New Privacy Law Will Change the Web, and More https://www.wired.com/story/europes-new-privacy-law-will-change-the-web-and-more/amp Some more information: GDPR - A Practical Guide For Developers - Bozho's tech blog https://techblog.bozho.net/gdpr-practical-guide-developers/ America should borrow from Europe’s data-privacy law https://www.economist.com/news/leaders/21739961-gdprs-premise-consumers-should-be-charge-their-own-personal-data-right Action Required to Secure the Cisco IOS and IOS XE Smart Install Feature https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180409-smi Iran hit by global cyber attack that left U.S. flag on screens https://flipboard.com/@flipboard/-iran-hit-by-global-cyber-attack-that-le/f-9fa77d2247%2Freuters.com FIDO Alliance and W3C have a plan to kill the password https://techcrunch.com/2018/04/10/fido-alliance-and-w3c-have-a-plan-to-kill-the-password/amp/ Okay, Let’s Talk About John McAfee’s Paid Cryptocurrency Promotions https://motherboard.vice.com/en_us/article/3kjpyn/john-mcafee-100k-twitter-promote-cryptocurrency-paid   Music - KEYGEN MUSIC ~ One hour mix https://www.youtube.com/watch?v=c17k4LfLkaE

SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast

Configuring SSH Properly on Cisco IOS https://isc.sans.edu/forums/diary/Securing+SSH+Services+Go+Blue+Team/22992/ Ethereum Miners Hijacked via Default SSH Credentials https://labs.bitdefender.com/2017/11/ethereum-os-miners-targeted-by-ssh-based-hijacker/ Crypto Shuffler Steals Bitcoin From Clipboard https://www.kaspersky.com/blog/cryptoshuffler-bitcoin-stealer/19976/ Google Calender Event Injection Added To Mail Snipper https://www.blackhillsinfosec.com/google-calendar-event-injection-mailsniper/ November Ouch! Newsletter released: Shopping Security Online https://securingthehuman.sans.org/resources/newsletters/ouch/2017?utm_medium=Social&utm_source=Twitter&utm_content=OUCH+Nov+2017+all+languages+&utm_campaign=STH+Ouch+#november2017

SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast

Configuring SSH Properly on Cisco IOS https://isc.sans.edu/forums/diary/Securing+SSH+Services+Go+Blue+Team/22992/ Ethereum Miners Hijacked via Default SSH Credentials https://labs.bitdefender.com/2017/11/ethereum-os-miners-targeted-by-ssh-based-hijacker/ Crypto Shuffler Steals Bitcoin From Clipboard https://www.kaspersky.com/blog/cryptoshuffler-bitcoin-stealer/19976/ Google Calender Event Injection Added To Mail Snipper https://www.blackhillsinfosec.com/google-calendar-event-injection-mailsniper/ November Ouch! Newsletter released: Shopping Security Online https://securingthehuman.sans.org/resources/newsletters/ouch/2017?utm_medium=Social&utm_source=Twitter&utm_content=OUCH+Nov+2017+all+languages+&utm_campaign=STH+Ouch+#november2017

The Broadcast Storm, with Kevin Wallace, CCIEx2 #7945 Emeritus
Comparing Cisco IOS, NX-OS, and IOS-XR

The Broadcast Storm, with Kevin Wallace, CCIEx2 #7945 Emeritus

Play Episode Listen Later Apr 15, 2017 10:32


This podcast episode compares three Cisco operating systems: Cisco IOS Cisco NX-OS IOS-XR To go deeper on this topic, check out a replay of Joe Rinehart's 2016 CiscoLive US presentation (CiscoLive account required): NX-OS, IOS, and IOS-XR, Unique and Similar at the Same Time Also, to see examples of a sample configuration in each OS, visit the accompanying blog post: Comparing Cisco IOS, NX-OS, and IOS-XR Blog Post Finally, to keep up with everything Kevin is doing, visit his website: Kevin's Website  

Cisco學習資訊分享
Cisco IOS/IOS XE弱點,需要立刻關閉TELNET

Cisco學習資訊分享

Play Episode Listen Later Mar 22, 2017


今天的內容很短,我只是要提醒大家,Cisco這幾天公告了一個存在Cisco IOS和IOS XE作業系統的弱點。簡單的解決方法,就是將往路由器方向的TELNET服務關閉。如果需要遠端管理,請改成沒有這個弱點的Secure Shell (SSH)。櫻洲上面的櫻花。中國南京市的玄武湖詳細技術細節,請參閱原始公告內容。Cisco IOS and IOS XE Software Cluster Management Protocol Remote Code Execution VulnerabilityOne more thing…關閉TELNET服務的命令,同時打開SSH:transport input ssh如果要雙重確認,可以檢查作業系統等待的埠 (Listening Ports):show control-plane host open-portsshow tcp brief

Show IP Protocols
Cisco IOS/IOS XE Vulnerabiliy announced. Disable TELNET fast

Show IP Protocols

Play Episode Listen Later Mar 22, 2017


This is just a short notice for you in case you are not aware of it. Cisco announced a vulnerability on Cisco IOS and IOS XE operating system. For short, you only have to disable incoming TELNET service onto the router itself to avoid this vulnerability. You can use Secure Shell (SSH) instead for remote management. SSH is not vulnerable in this problem.The Jin-Dai Bridge (錦帶橋) in Dahu Park (大湖公園).Taipei City, Taiwan.You can read the original announcement for technical details.Cisco IOS and IOS XE Software Cluster Management Protocol Remote Code Execution VulnerabilityOne more thing…You can disable TELNET service and enable SSH at the same time by this command:transport input sshYou can list listening ports by these commands:show control-plane host open-portsshow tcp brief

Cisco學習資訊分享
EIGRP Named Mode,名稱設定模式

Cisco學習資訊分享

Play Episode Listen Later Oct 18, 2016


我們先了解EIGRP名稱模式是什麼,讓大家可以快速上手,來用名稱模式設定,或是快速讀懂既有的名稱模式設定。未來我們再來比較,新的名稱模式,到底有什麼樣的好處。1. 單一個”router eigrp”宣告我們不需要重複好幾次的 “router eigrp ASN” 來定義各種可能的EIGRP設定。在名稱設定模式,我們只需要宣告一次。例如:router eigrp ONE2. 用多重實例(instance)來思考宣告完成,EIGRP軟體、協定,並沒有開始運行。我們接下來要定義的是實例(Instance)。我們可以在IPv4/IPv6、VRF、ASN三個參數,來做多種的實例設定組合,例如:router eigrp ONE! instance 1 address-family ipv4 unicast autonomous-system 100  eigrp router-id 10.0.0.1! instance 2 address-family ipv6 unicast autonomous-system 100  eigrp router-id 10.0.0.1  ! instance 3 address-family ipv4 unicast vrf CUSTOMER autonomous-system 100  eigrp router-id 10.1.0.1! instance 4 address-family ipv6 unicast vrf CUSTOMER autonomous-system 100  eigrp router-id 10.1.0.13. 埠設定搬到實例內的af-interface設定在傳統模式裡面,為了要完成EIGRP全部的設定,我們需要在 “router eigrp” 和 “interface Ethernet0/0” 等模式,做來來回回的切換。在名稱模式下,我們不需要去碰觸到任何的埠設定,我們只需要在我們自己的EIGRP實例中,進到自己的 “af-interface”,就可以完成EIGRP在埠上面的設定。例如:af-interface S1/0.1  authentication mode md5  authentication key-chain KC  bandwidth-percent 104. 跟拓樸表有關,請改到實例內的Topology Mode設定在名稱模式裡面,各實例都是完全獨立的,因此,跟拓樸表有關的所有設定,例如路由資訊整理(Summarization)、重分配(redistribution)、等等,全部要改到實例內的Topology Mode設定。例如:topology basevariance 19  exit-af-topologyOne more thing…在名稱模式之下,IPv4協定,在任何一個VRF,只能有一個AS號碼。IPv6也是。如果真的需要多個AS號碼,在相同的Address Family出現,那我們就必須要宣告超過一份的EIGRP名稱模式設定。另外,Cisco IOS也提供一個轉換工具,幫助大家將既有的EIGRP設定,直接在不停機的情境下,將設定從傳統模式,轉換成名稱模式。eigrp upgrade-cli TEST到上海出差這麼多次,我第一次到了長江的岸邊上。天際線上應該只是長江口的 "長興島",我還沒有看到過 "崇明島"。這篇文章的照片,在「上海吳淞口國際郵輪港」拍攝。

Show IP Protocols
Diffie and Hellman Receive Turing Award 2015

Show IP Protocols

Play Episode Listen Later May 3, 2016


When we study IPSec, we know Mr. Diffie and Mr. Hellman invented a method in year 1976 that is the core of Internet Key Exchange (IKE) to create mutually shared secret. We also have to specify and configure DH Group Number in ISAKMP policy sets (crypto-map in Cisco IOS).A.M. Turing Award Logo. Captured on ACM Official Website.I am not going to dig in the details about the mathematics behind Diffie-Hellman method. I just want you to know Mr. Diffie and Mr. Hellman receive Turing Award 2015 together.Photo of Whitfield Diffie, captured on ACM Official Website.Photo of Martin E. Hellman, captured on ACM Website.A.M. Turing Award of Association for Computing Machinery (ACM) is the highest honorable award in computer science just like Nobel Prize for other fields of science.This was released on March 1, 2016.One more thing…In case you want to know more about Diffie-Hellman method, I found one video on YouTube is quite helpful for you to understand it more.Have fun!

Show IP Protocols
Increase iPhones’ battery life by removing unnecessary IPv6 multicast Router Advertisements

Show IP Protocols

Play Episode Listen Later Feb 23, 2016


I came across a new RFC 7772: “Reducing Energy Consumption of Router Advertisements”. I want to share my learnings after reading this RFC.Internet Engineering Task Force (IETF) Logo, captured on Wikipedia.I intentionally mentioned “iPhone” at the subject to have your attention. Actually, the whole discussion applies to any mobile devices with limited battery capacity, such as smart phones and tablet computers.It is quite obvious mobile devices will consume more power while awake than asleep. The question is how serious this problem is?The problemAlthough the authors of this RFC did not mention how they got these numbers, I believe the numbers must be typical and derived from actual lab measurements.While asleep, a mobile device would consume 5 mA of current. While awake, it would consume 40 times more on the other hand. That is 200 mA.A single Router Advertisement (RA) will wake up the target mobile device. A single multicast RA to all hosts will wake up ALL the mobile devices attached to the same subnet.Remember, the power capacity of mobile devices are so limited. The more power consumption we can save, the more battery time we will have for every mobile devices attached to the same IPv6 subnet.Reasonable RA frequency: 7 RAs per hourHere I want to emphasize on the word “reasonable”. To keep IPv6 working, we do need RAs to push and refresh network information to mobile devices. If nothing changed at the network, why keep sending so many unnecessary RAs just to wake mobile devices up and waste battery capacity?Here is a reasonable goal: 2% of idle power consumption.Assume we want to achieve the goal: we do not want RAs to consume more than 2% of idle (sleeping) power consumption of every mobile device. After some calculations, we know the reasonable frequency for RAs is no more than 7 RAs per hour.Here is the calculation.A typical wakeup high power consumption surge mentioned in this RFC would last for 250 ms. That is, the wakeup power consumption is triggered by single RA is:{The battery capacity consumed for single RA wakeup in mAH} = 200 mA x 250ms/1 hour = 200 x 250/3,600,000 = 0.0138888… ~= 0.014 mAH.To calculate the idle (asleep) power consumption, I assume the device keeps asleep for the whole hour. This is the total budget for me to meet.{2% of idle (asleep) power consumption of battery capacity for an hour in mAH} = 2% x 5mA x 1 Hour = 0.02x5x1 mAH = 0.1 mAH.{Reasonable number of wakeups without exceeding the budget} = 0.1 / 0.014 ~= 7I have to be honest I did not expect this number to be this small. The default IPv6 RA interval is 200 seconds on Cisco IOS routers. That is equivalent to 18 RAs per hour. I believe configuring the interval to roughly 600 seconds would be a better idea.http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipv6/command/ipv6-cr-book/ipv6-i3.html#wp3911380069The default interval between IPv6 RA transmissions is 200 seconds.Note: the lifetime of each RA should be 5 to 10 times of this interval. This is also mentioned in this RFC as roughly 45~90 minutes.Recommendations at network sideI will just focus on the network side.To implement the recommendations of Section 5.1.1 and 5.1.2 of this RFC, I found one interesting command on Cisco’s web site.The command is:interface E0/0 ipv6 nd ra solicited unicasthttp://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipv6/command/ipv6-cr-book/ipv6-i3.html#wp5031733970Large networks with a high concentration of mobile devices might experience like battery depletion, when solicited Router Advertisement messages are multicast . Use the ipv6 nd ra solicited unicast to unicast solicited Router Advertisement messages extend battery life of mobile device in the network.Most of the IPv6 end devices could send out Router Solicitation even when their own link-local addresses are not determined yet. In that case, the replying RAs to such Router Solicitations would become destined to multicast address of all hosts. After enabling this feature, the router would ignore all such Router Solicitations. End devices can still get their global IPv6 prefix because after determination of their own link-local addresses, they can send out RS again and at this moment the router will respond to them because these RSs are sourced with unicast addresses.For stable network, we should keep the RA interval as large as possible to save more power on mobile devices. Here is a sample configuration on Cisco IOS Routers.interface ethernet 0/0  ipv6 nd ra interval 600  ipv6 nd ra lifetime 2700Here I use 45 minutes (2700 seconds) as a reasonable RA lifetime.We should consider increasing the frequency ONLY when we are changing network topology or renumbering address. For most of the time, we should keep below 7 RAs per hour as reasonable configuration.Zhuifen Station (追分車站) (Google Maps). Taichung City, Taiwan.One more thing…Increasing RA frequency indeed helps to push network changes much faster to all end devices. For devices without battery capacity concerns such as desktop computers, this advantage would outweigh the power consumption.My personal suggestion is we should put limited battery capacity mobile devices in separate IPv6 subnets, and enable only to such subnets with the recommendations discussed in this post.

Show IP Protocols
Cisco IOS OSPF Hidden Command: show ip ospf route

Show IP Protocols

Play Episode Listen Later Oct 13, 2015


I saw this Cisco IOS hidden command show ip ospf route for OSPF in this post. I tried to create a running example for myself so I can learn more about this hidden command.【Output at R4】R4#show ip ospf route            OSPF Router with ID (1.0.0.4) (Process ID 1)                Base Topology (MTID 0)    Area 4    Intra-area Route List*   4.0.1.0/24, Intra, cost 64, area 4, Connected      via 4.0.1.4, Serial1/0*   4.0.2.0/24, Intra, cost 64, area 4, Connected      via 4.0.2.4, Serial1/1    Intra-area Router Path Listi 1.0.0.2 [64] via 4.0.2.2, Serial1/1, ABR, Area 4, SPF 8i 1.0.0.1 [64] via 4.0.1.1, Serial1/0, ABR, Area 4, SPF 8    Inter-area Route List*>  3.0.1.0/24, Inter, cost 128, area 4      via 4.0.1.1, Serial1/0*>  3.0.2.0/24, Inter, cost 128, area 4      via 4.0.2.2, Serial1/1*>  3.0.0.3/32, Inter, cost 129, area 4      via 4.0.2.2, Serial1/1      via 4.0.1.1, Serial1/0R4#R4#show ip ospf database            OSPF Router with ID (1.0.0.4) (Process ID 1)                Router Link States (Area 4)Link ID         ADV Router      Age         Seq#       Checksum Link count1.0.0.1         1.0.0.1         632         0x80000006 0x00F099 21.0.0.2         1.0.0.2         946         0x80000008 0x000D76 21.0.0.4         1.0.0.4         1512        0x80000007 0x006E64 4                Summary Net Link States (Area 4)Link ID         ADV Router      Age         Seq#       Checksum3.0.0.3         1.0.0.1         632         0x80000003 0x00BD343.0.0.3         1.0.0.2         682         0x80000003 0x00B7393.0.1.0         1.0.0.1         632         0x80000003 0x00C62E3.0.1.0         1.0.0.2         946         0x80000003 0x0043703.0.2.0         1.0.0.1         632         0x80000003 0x003E753.0.2.0         1.0.0.2         946         0x80000003 0x00B53DR4#【Output at R1】R1#show ip ospf route            OSPF Router with ID (1.0.0.1) (Process ID 1)                Base Topology (MTID 0)    Area BACKBONE(0)    Intra-area Route List*   3.0.1.0/24, Intra, cost 64, area 0, Connected      via 3.0.1.1, Serial1/0*>  3.0.2.0/24, Intra, cost 128, area 0      via 3.0.1.3, Serial1/0*>  3.0.0.3/32, Intra, cost 65, area 0      via 3.0.1.3, Serial1/0    Intra-area Router Path Listi 1.0.0.2 [128] via 3.0.1.3, Serial1/0, ABR, Area 0, SPF 3    Area 4    Intra-area Route List*   4.0.1.0/24, Intra, cost 64, area 4, Connected      via 4.0.1.1, Serial1/1*>  4.0.2.0/24, Intra, cost 128, area 4      via 4.0.1.4, Serial1/1    Intra-area Router Path Listi 1.0.0.2 [128] via 4.0.1.4, Serial1/1, ABR, Area 4, SPF 9R1#R1#show ip ospf database            OSPF Router with ID (1.0.0.1) (Process ID 1)                Router Link States (Area 0)Link ID         ADV Router      Age         Seq#       Checksum Link count1.0.0.1         1.0.0.1         703         0x80000004 0x00CCC2 21.0.0.2         1.0.0.2         1019        0x80000006 0x00E89F 21.0.0.3         1.0.0.3         617         0x80000008 0x00368C 5                Summary Net Link States (Area 0)Link ID         ADV Router      Age         Seq#       Checksum4.0.1.0         1.0.0.1         703         0x80000003 0x00B93A4.0.1.0         1.0.0.2         1534        0x80000004 0x00347D4.0.2.0         1.0.0.1         1729        0x80000004 0x002F824.0.2.0         1.0.0.2         1019        0x80000003 0x00A849                Router Link States (Area 4)Link ID         ADV Router      Age         Seq#       Checksum Link count1.0.0.1         1.0.0.1         703         0x80000006 0x00F099 21.0.0.2         1.0.0.2         1019        0x80000008 0x000D76 21.0.0.4         1.0.0.4         1585        0x80000007 0x006E64 4                Summary Net Link States (Area 4)Link ID         ADV Router      Age         Seq#       Checksum3.0.0.3         1.0.0.1         703         0x80000003 0x00BD343.0.0.3         1.0.0.2         755         0x80000003 0x00B7393.0.1.0         1.0.0.1         703         0x80000003 0x00C62E3.0.1.0         1.0.0.2         1019        0x80000003 0x0043703.0.2.0         1.0.0.1         703         0x80000003 0x003E753.0.2.0         1.0.0.2         1019        0x80000003 0x00B53DR1#【My Observation】From my observation, this command is helpful when I am not familiar to other OSPF commands such as “show ip ospf database”. This command provides more readable information about ip prefixes themselves, instead of cryptic link state objects.Because this is a hidden command, do not rely on it when you are preparing for exams.【My Configurations】! R1hostname R1interface Loopback0 ip address 1.0.0.1 255.255.255.255!interface Serial1/0 ip address 3.0.1.1 255.255.255.0 no shutdown!interface Serial1/1 ip address 4.0.1.1 255.255.255.0 no shutdown!router ospf 1 network 3.0.0.0 0.0.255.255 area 0 network 4.0.0.0 0.0.255.255 area 4!! R2hostname R2!interface Loopback0 ip address 1.0.0.2 255.255.255.255!interface Serial1/0 ip address 3.0.2.2 255.255.255.0 no shutdown!interface Serial1/1 ip address 4.0.2.2 255.255.255.0 no shutdown!router ospf 1 network 3.0.0.0 0.0.255.255 area 0 network 4.0.0.0 0.0.255.255 area 4!! R3hostname R3interface Loopback0 ip address 1.0.0.3 255.255.255.255!interface Loopback1 ip address 3.0.0.3 255.255.255.0!interface Serial1/0 ip address 3.0.1.3 255.255.255.0 no shutdown!interface Serial1/1 ip address 3.0.2.3 255.255.255.0 no shutdown!router ospf 1 router-id 1.0.0.3 network 3.0.0.0 0.0.255.255 area 0!! R4interface Loopback0 ip address 1.0.0.4 255.255.255.255!interface Serial1/0 ip address 4.0.1.4 255.255.255.0 no shutdown!interface Serial1/1 ip address 4.0.2.4 255.255.255.0 no shutdown!router ospf 1 network 4.0.0.0 0.0.255.255 area 4!Skin-removed Persimmons are to be air-dried. This is a traditional Hakka sweets.Photoed at this farm (味衛佳觀光果園) in Hsinpu Township, Hsinchu County, Taiwan.

Show IP Protocols
Checking system-wide uptime on several Cisco hardware platforms

Show IP Protocols

Play Episode Listen Later Jun 21, 2015


We all know adding redundant supervisors/CPUs to any given system, we can increase the uptime for that system. With In-Service Software Upgrade (ISSU), Cisco hardware even allow us to upgrade the operating system software on-the-fly without stopping the whole system.Flowers of Cassia fistula was blooming together in southern Taiwan starting from mid-May.This photo was taken around this location in Baihe District of Tainan City, Taiwan.An interesting question might be asked. Does Cisco hardware keep track of system uptime even upon supervisor/CPU failover events? And how to display the system uptime, in addition to individual supervisor/CPU uptime?I spent some time and I summarize my findings in this post.[Cisco NX-OS on Nexus 7000 and MDS 9500]Basically the command “show system uptime” is for NX-OS to display system uptime for both Nexus 7000 and MDS 9500For Cisco MDS 9500, the official web site gives me an explaining example.http://www.cisco.com/c/en/us/td/docs/switches/datacenter/mds9000/sw/4_1/configuration/guides/cli_4_1/clibook/ha.html#pgfId-1120592switch# show system uptimeSystem start time: Fri Aug 27 09:00:02 2004System uptime: 1546 days, 2 hours, 59 minutes, 9 secondsKernel uptime: 117 days, 1 hours, 22 minutes, 40 secondsActive supervisor uptime: 117 days, 0 hours, 30 minutes, 32 seconds For Nexus 7000, the following link tell us “show system uptime” is a legal command for Nexus 7000.http://docwiki.cisco.com/wiki/Cisco_Nexus_7000_Series_NX-OS_Troubleshooting_Guide_--_Troubleshooting_Installs,_Upgrades,_and_RebootsHowever, the screen capture is not helpful for me to clarify system uptime and supervisor uptime.I found another more meaningful example here.http://ccie5851.blogspot.tw/2011/01/joys-of-issu-on-nexus-7000.htmlcmhlab-dc2-sw2-otv1# show system uptimeSystem start time: Tue Oct 26 19:46:38 2010System uptime: 89 days, 6 hours, 56 minutes, 26 secondsKernel uptime: 0 days, 0 hours, 29 minutes, 16 secondsActive supervisor uptime: 0 days, 0 hours, 19 minutes, 56 secondscmhlab-dc2-sw2-otv1#[Cisco IOS on Catalyst 6500 and Catalyst 4500]The command for Cisco IOS platforms, such as Catalyst 6500 and 4500, is “show redundancy”.http://www.cisco.com/c/en/us/support/docs/switches/catalyst-6500-series-switches/71585-cat6k-red-supeng-swimg-upg.htmlRouter#show redundancy Redundant System Information :------------------------------ Available system uptime = 34 minutesSwitchovers system experienced = 1 Standby failures = 0 Last switchover reason = unsupported Hardware Mode = Duplex Configured Redundancy Mode = Stateful SwitchOver - SSO Operating Redundancy Mode = Stateful SwitchOver - SSO!--- This verifies that software has set the redundancy mode !--- back to SSO after the software upgrade. Maintenance Mode = Disabled Communications = Up Current Processor Information :------------------------------- Active Location = slot 6 Current Software state = ACTIVE Uptime in current state = 4 minutes Image Version = Cisco Internetwork Operating System Software IOS (tm) MSFC2A Software (C6MSFC2A-IPBASE_WAN-M), Version 12.2(18)SXF6, RELEASE SOFTWARE (fc1)Technical Support: http://www.cisco.com/techsupportCopyright (c) 1986-2006 by cisco Systems, Inc.Compiled Mon 18-Sep-06 17:17 by tinhuang BOOT = bootflash:c6msfc2a-ipbase_wan-mz.122-18.SXF6.bin,1; CONFIG_FILE = BOOTLDR = Configuration register = 0x2102 Peer Processor Information :---------------------------- Standby Location = slot 5 Current Software state = STANDBY HOT Uptime in current state = 3 minutes Image Version = Cisco Internetwork Operating System Software IOS (tm) MSFC2A Software (C6MSFC2A-IPBASE_WAN-M), Version 12.2(18)SXF6, RELEASE SOFTWARE (fc1)Technical Support: http://www.cisco.com/techsupportCopyright (c) 1986-2006 by cisco Systems, Inc.Compiled Mon 18-Sep-06 17:17 by tinhuang BOOT = bootflash:c6msfc2a-ipbase_wan-mz.122-18.SXF6.bin,1; CONFIG_FILE = BOOTLDR = Configuration register = 0x2102This is for Catalyst 4500. However, the screen capture is not good.http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/12-2/25ew/configuration/guide/conf/RPR.html[Cisco IOS XR, ASR 9000]The command for ASR 9000 is again “show redundancy”.http://www.cisco.com/c/en/us/td/docs/routers/asr9000/software/asr9k_r4-2/rommon/configuration/guide/b_rommon_cg_42asr9k/b_rommon_cg_42asr9k_chapter_0101.html#ID2119RP/0/RSP1/CPU0:router# show redundancy Redundancy information for node 0/RSP1/CPU0:==========================================Node 0/RSP1/CPU0 is in ACTIVE rolePartner node (0/RSP0/CPU0) is in STANDBY roleStandby node in 0/RSP0/CPU0 is readyStandby node in 0/RSP0/CPU0 is NSR-readyReload and boot info----------------------A9K-RSP-4G-HDD reloaded Thu Dec 11 14:50:47 2008: 2 hours, 41 minutes agoActive node booted Thu Dec 11 17:15:15 2008: 16 minutes agoLast switch-over Thu Dec 11 17:19:29 2008: 12 minutes agoStandby node boot Thu Dec 11 17:28:56 2008: 3 minutes agoStandby node last went not ready Thu Dec 11 17:30:02 2008: 2 minutes agoStandby node last went ready Thu Dec 11 17:31:02 2008: 1 minute agoThere has been 1 switch-over since reloadRP/0/RSP1/CPU0:router#One more thing…I also found one example for Cisco ASA.[Cisco ASA Cluster]For Cisco ASA, the hardware itself does not provide system-wide redundancy. It only provides cluster-wide (pair-wide) redundancy. Here is the “show version” command output example of Cisco ASA, which explains Cisco ASA also keeps track of cluster-wide uptime in addition to single hardware box uptime.https://supportforums.cisco.com/discussion/11291816/failover-cluster-uptimeasa-firewall> sh verCisco Adaptive Security Appliance Software Version 8.2(1)Compiled on Tue 05-May-09 22:45 by buildersSystem image file is "disk0:/asa821-k8.bin"Config file at boot was "startup-config"asa-firewall up 2 days 22 hoursfailover cluster up 1 year 79 daysHardware:   ASA5550, 4096 MB RAM, CPU Pentium 4 3000 MHzWhy do I have to write down this post? If I can capture the system-wide uptime (or cluster-wide uptime) in addition to single hardware uptime, I have something much more persuading to buying decision makers because the traffic is not stopped at all right here at this system (or cluster) for such a long time.By the way, what is the “longest” system or cluster uptime you have ever seen before? Please share your experiences with me here at the comments area!Thank you so much!

Black Hat Briefings, Las Vegas 2006 [Audio] Presentations from the security conference

"When trying to analyze a complex system for its security properties, very little information is available in the beginning. If the complex system in question contains parts that the analyst cannot see or touch, proprietary hardware and software as well as large scale server software, the task doesn't get any easier. The talk will tell the story about how Phenoelit went about looking at RIM's BlackBerry messaging solution while focusing on the approaches tryed their expected and real effectiveness. FX is the leader of the Phenoelit group and loves to hack pretty much everything with a CPU and some communication, preferably networked. FX looks back at as little as eight years of (legal) hacking with only a few Cisco IOS and SAP remote exploits, tools for hacking HP printers and protocol attacks lining the road. Professionally, FX runs SABRE Security's consulting arm SABRE Labs, specializing in reverse engineering, source code audits and on-demand R&D of industry grade security architectures & solutions."

Black Hat Briefings, Las Vegas 2006 [Video] Presentations from the security conference

When trying to analyze a complex system for its security properties, very little information is available in the beginning. If the complex system in question contains parts that the analyst cannot see or touch, proprietary hardware and software as well as large scale server software, the task doesn't get any easier. The talk will tell the story about how Phenoelit went about looking at RIM's BlackBerry messaging solution while focusing on the approaches tryed their expected and real effectiveness. FX is the leader of the Phenoelit group and loves to hack pretty much everything with a CPU and some communication, preferably networked. FX looks back at as little as eight years of (legal) hacking with only a few Cisco IOS and SAP remote exploits, tools for hacking HP printers and protocol attacks lining the road. Professionally, FX runs SABRE Security's consulting arm SABRE Labs, specializing in reverse engineering, source code audits and on-demand R&D of industry grade security architectures & solutions."