This is the best explanation that I’ve come across for the direction of flow when applying an acl INBOUND/OUTBOUND on an SVI. This is not my making and snaffled from here: https://supportforums.cisco.com/discussion/12043016/pls-explain-svi-acl-source-and-destination-direction all credit goes to Peter Paluch.
IPplan is an IP/DNS address management system designed for use by service providers. There are many methods and operating systems on which you can install it including but not limited to Ubuntu Server 14.04. One of the great features I find useful is the means to query routing tables via SNMP.
If you choose to install on Ubuntu 14.04 then the following may be of use to you. Please note this is not a how to guide and if your inclined then it may assist you in bypassing the few hours I spent twiddling with packages and permissions.
Base install of Ubuntu Server 14.04
sudo apt-get update
sudo apt-get dist-upgrade
sudo apt-get install apache2
sudo apt-get install mysql-server
sudo apt-get install php5
sudo apt-get install php5-snmp
sudo apt-get install php5-mysql
GET IPPLAN AND EXTRACT:
sudo mkdir downloads
tar -xvzf ipplan-4.92b.tar.gz
sudo mv ipplan /var/www/ipplan
mysqladmin -u root -p create ipplan
mysql> grant all on ipplan.* to ipplan@localhost identified by ‘MYSQL PASSWORD’;
sudo vi /var/www/ipplan/config.php
define(“DBF_PASSWORD”, ‘IPPLAN PASSWORD’);
define(“ADMINPASSWD”, ‘IPPLAN PASSWORD’);
sudo chown -R /var/www/ipplan
sudo chmod -R 750 /var/www/ipplan
ACCESS WEB PORTAL:
# I updated my apache2 default directory
# May need to create some /tmp/dhcp /tmp/dns directories
As part of a network migration between one ISP and another. We had to find a way to update remote switch configurations with little fuss and ensuring if anything went wrong then the network would revert back to its previous state. Open the door to Macros’ The following was used on Cisco 3560 series switches.
macro name OBS-NETMAN-IP
do reload in 30
ip address 10.100.17.2 255.255.255.240
no shutdown @
# the migrations run:
macro global apply OBS-NETMAN-IP
If access was not available then after 30 minutes the switch would reload and pick up its old configuration. Please note in this case we were at least 500 miles away from the closest site and up to 5000 miles away from the farthest. The benefit of the macro is that it continues to run even though you may have just “shutdown” the interface you had a terminal session to.
ip local pool IPADDR_VPN_POOL x.x.x.x x.x.x.x
aaa authentication login LETMEIN_GROUPx local
aaa authentication login userauthen local
aaa authorization network LETMEIN_GROUPx local
username AVAYAx1 password 0 xxxx1
username AVAYAx2 password 0 xxxx2
username AVAYAx3 password 0 xxxx3
username AVAYAx4 password 0 xxxx4
crypto isakmp policy 1
crypto isakmp client configuration group LETMEIN_GROUPx
crypto ipsec transform-set MYTSET_3DESx esp-3des esp-md5-hmac
crypto ipsec security-association lifetime seconds 86400
crypto dynamic-map dynmap2 20
set transform-set MYTSET
set pfs group2
crypto map clientmap client authentication list userauthen
crypto map clientmap isakmp authorization list groupauthor
crypto map clientmap client configuration address respond
ip address X.X.X.X X.X.X.X
crypto map clientmap
crypto map clientmap 20 ipsec-isakmp dynamic dynmap2
The black and white from Cisco defines that the use of Data Rates options to specify the rates at which data can be transmitted between the access point and the client.
The data rates are available:
• 802.11a—6, 9, 12, 18, 24, 36, 48, and 54 Mbps
• 802.11b/g—1, 2, 5.5, 6, 9, 11, 12, 18, 24, 36, 48, or 54 Mbps
For each data rate, choose one of these options:
Mandatory—Clients must support this data rate in order to associate to an access point on the controller. Why force 11Mbps on an SSID, if not only to enforce better performance.
Supported—Any associated clients that support this data rate may communicate with the access point using that rate. However, the clients are not required to be able to use this rate in order to associate.
Disabled—The clients specify the data rates used for communication.
The notes say the clients must support and not operate at this rate and the supported option identifies a not required. I think I will attempt to test the overall enforcement and remove any ambiguity. I know this is one that I’ve always assumed what the options mean…
More to follow
The following link was one I found when investigating the use of 1131AG access points. The positioning on a ceiling is certainly better qualified after reviewing this document.
Update the 000-default file with the following details below to add basic authentication.
Options Indexes FollowSymLinks MultiViews
allow from all
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
AuthName “CVS REPO”
The command below will allow you to create a new user and it will lead you through adding a password for that user.
network@S-ABD-RANCID:$ sudo htpasswd -c .htpasswd myuser