Gary Langston: September 2017

Friday, September 29, 2017

Configuring Cisco Interfaces

I ran into a small issue the other day. I upgraded our network connections speed from our host, and I was not getting the speed I was suppose too. Turns out my ip-based switch port speed was throttled.
If you ever run into this change around the port speed on your router.

interface GigabitEthernet0/0
switchport access vlan 2
switchport mode access
speed 100
duplex full

Notice the highlighted speed in the config.

corerouter#config t
Enter configuration commands, one per line. End with CNTL/Z.
corerouter(config)#
corerouter(config)#interface GigabitEthernet0/0
corerouter(config)#speed auto
ctrl+z
corerouter#wr
corerouter#reload

Tuesday, September 19, 2017

Getting To Know Powershell

First off Windows Domain Admins need to get really familiar with the Powershell Administration.

Let's start off with a couple examples. By the way you can install the Windows PowerShell ISE in add and remove Windows options.

Knowing what FSMO Roles about you AD environment.

Here is the script.

Retrieving Active Directory FSMO roles with PowerShell
$dom = [System.DirectoryServices.ActiveDirectory.Domain]::getcurrentdomain()
$dom | Format-List *
Transferring Active Directory FSMO roles with PowerShell
$dom = [System.DirectoryServices.ActiveDirectory.Domain]::getcurrentdomain()
$dc = $dom.FindDomainController()
$dc.TransferRoleOwnership(’PdcRole’)
$dc.TransferRoleOwnership(’InfrastructureRole’)
Raising Active Directory Domain and Forest functionality to Windows 2003 with PowerShell
$dom = [System.DirectoryServices.ActiveDirectory.Domain]::getcurrentdomain()
$dom.RaiseDomainFunctionality(’Windows2000NativeDomain’)
$dom.RaiseDomainFunctionality(’Windows2003Domain’)
Enabling and disabling a Global Catalog server with PowerShell
$for = [System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest()
$gc = $for.FindGlobalCatalog()
$gc.DisableGlobalCatalog()
$gc.EnableGlobalCatalog()

Also if you are like me, I am always looking to clean up unneeded data on your WSUS server.

#Region VARIABLES
# WSUS Connection Parameters:
[String]$updateServer = "wsusserver.nrgnetworks.local"
[Boolean]$useSecureConnection = $False
[Int32]$portNumber = 80

# Cleanup Parameters:
# Decline updates that have not been approved for 30 days or more, are not currently needed by any clients, and are superseded by an aproved update.
[Boolean]$supersededUpdates = $True
# Decline updates that aren't approved and have been expired my Microsoft.
[Boolean]$expiredUpdates = $True
# Delete updates that are expired and have not been approved for 30 days or more.
[Boolean]$obsoleteUpdates = $True
# Delete older update revisions that have not been approved for 30 days or more.
[Boolean]$compressUpdates = $True
# Delete computers that have not contacted the server in 30 days or more.
[Boolean]$obsoleteComputers = $True
# Delete update files that aren't needed by updates or downstream servers.
[Boolean]$unneededContentFiles = $True

#EndRegion VARIABLES

#Region SCRIPT

# Load .NET assembly
[void][reflection.assembly]::LoadWithPartialName("Microsoft.UpdateServices.Administration")

# Connect to WSUS Server
$Wsus = [Microsoft.UpdateServices.Administration.AdminProxy]::getUpdateServer($updateServer,$useSecureConnection,$portNumber)

# Perform Cleanup
$CleanupManager = $Wsus.GetCleanupManager()
$CleanupScope = New-Object Microsoft.UpdateServices.Administration.CleanupScope($supersededUpdates,$expiredUpdates,$obsoleteUpdates,$compressUpdates,$obsoleteComputers,$unneededContentFiles)
$CleanupManager.PerformCleanup($CleanupScope)

#EndRegion SCRIPT

Cisco Show Commands

You will learn most information on your Cisco device will easy to gather from simple show commands. Everything from sessions to configs. Also Traffic Statistics for errors, or DDoS Attacks.

Example

ciscoasa# show traffic
OUTSIDE:
received (in 2395890.690 secs):
317946819 packets 315525385708 bytes
0 pkts/sec 131000 bytes/sec
transmitted (in 2395890.690 secs):
280139669 packets 79618073485 bytes
0 pkts/sec 33001 bytes/sec
1 minute input rate 218 pkts/sec, 142346 bytes/sec
1 minute output rate 192 pkts/sec, 45133 bytes/sec
1 minute drop rate, 7 pkts/sec
5 minute input rate 164 pkts/sec, 109398 bytes/sec
5 minute output rate 153 pkts/sec, 35406 bytes/sec
5 minute drop rate, 6 pkts/sec
INSIDE:
received (in 2395890.690 secs):
255240733 packets 76128164260 bytes
0 pkts/sec 31000 bytes/sec
transmitted (in 2395890.690 secs):
294891373 packets 247485048480 bytes
1 pkts/sec 103001 bytes/sec
1 minute input rate 196 pkts/sec, 44396 bytes/sec
1 minute output rate 234 pkts/sec, 142469 bytes/sec
1 minute drop rate, 5 pkts/sec
5 minute input rate 158 pkts/sec, 35241 bytes/sec
5 minute output rate 178 pkts/sec, 110074 bytes/sec
5 minute drop rate, 4 pkts/sec
DMZ:
received (in 2395890.690 secs):
32384633 packets 2955292920 bytes
0 pkts/sec 1000 bytes/sec
transmitted (in 2395890.690 secs):
49137094 packets 65615227653 bytes
0 pkts/sec 27001 bytes/sec
1 minute input rate 0 pkts/sec, 82 bytes/sec
1 minute output rate 0 pkts/sec, 125 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 1 pkts/sec, 435 bytes/sec
5 minute output rate 1 pkts/sec, 1075 bytes/sec
5 minute drop rate, 0 pkts/sec
management:
received (in 2395890.750 secs):
14277133 packets 946118886 bytes
0 pkts/sec 0 bytes/sec
transmitted (in 2395890.750 secs):
0 packets 0 bytes
0 pkts/sec 0 bytes/sec
1 minute input rate 5 pkts/sec, 424 bytes/sec
1 minute output rate 0 pkts/sec, 0 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 6 pkts/sec, 407 bytes/sec
5 minute output rate 0 pkts/sec, 0 bytes/sec
5 minute drop rate, 0 pkts/sec

----------------------------------------
Aggregated Traffic on Physical Interface
----------------------------------------
GigabitEthernet0/0:
received (in 2395890.790 secs):
318032181 packets 321511281805 bytes
0 pkts/sec 134000 bytes/sec
transmitted (in 2395890.790 secs):
280139730 packets 85167104894 bytes
0 pkts/sec 35000 bytes/sec
1 minute input rate 218 pkts/sec, 146592 bytes/sec
1 minute output rate 192 pkts/sec, 49034 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 164 pkts/sec, 112593 bytes/sec
5 minute output rate 153 pkts/sec, 38521 bytes/sec
5 minute drop rate, 0 pkts/sec
GigabitEthernet0/1:
received (in 2395890.810 secs):
255241934 packets 81218647412 bytes
0 pkts/sec 33001 bytes/sec
transmitted (in 2395890.810 secs):
294891391 packets 253102758608 bytes
1 pkts/sec 105000 bytes/sec
1 minute input rate 196 pkts/sec, 48364 bytes/sec
1 minute output rate 234 pkts/sec, 146984 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 158 pkts/sec, 38456 bytes/sec
5 minute output rate 178 pkts/sec, 113510 bytes/sec
5 minute drop rate, 0 pkts/sec
GigabitEthernet0/2:
received (in 2395890.850 secs):
32384636 packets 3547413050 bytes
0 pkts/sec 1000 bytes/sec
transmitted (in 2395890.850 secs):
49137094 packets 66502670016 bytes
0 pkts/sec 27000 bytes/sec
1 minute input rate 0 pkts/sec, 98 bytes/sec
1 minute output rate 0 pkts/sec, 138 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 1 pkts/sec, 470 bytes/sec
5 minute output rate 1 pkts/sec, 1108 bytes/sec
5 minute drop rate, 0 pkts/sec
GigabitEthernet0/3:
received (in 2395890.860 secs):
14278281 packets 1203253101 bytes
0 pkts/sec 0 bytes/sec
transmitted (in 2395890.860 secs):
0 packets 0 bytes
0 pkts/sec 0 bytes/sec
1 minute input rate 5 pkts/sec, 531 bytes/sec
1 minute output rate 0 pkts/sec, 0 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 6 pkts/sec, 516 bytes/sec
5 minute output rate 0 pkts/sec, 0 bytes/sec
5 minute drop rate, 0 pkts/sec
GigabitEthernet0/4:
received (in 2395890.900 secs):
0 packets 0 bytes
0 pkts/sec 0 bytes/sec
transmitted (in 2395890.900 secs):
0 packets 0 bytes
0 pkts/sec 0 bytes/sec
1 minute input rate 0 pkts/sec, 0 bytes/sec
1 minute output rate 0 pkts/sec, 0 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 0 bytes/sec
5 minute output rate 0 pkts/sec, 0 bytes/sec
5 minute drop rate, 0 pkts/sec
GigabitEthernet0/5:
received (in 2395890.910 secs):
0 packets 0 bytes
0 pkts/sec 0 bytes/sec
transmitted (in 2395890.910 secs):
0 packets 0 bytes
0 pkts/sec 0 bytes/sec
1 minute input rate 0 pkts/sec, 0 bytes/sec
1 minute output rate 0 pkts/sec, 0 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 0 bytes/sec
5 minute output rate 0 pkts/sec, 0 bytes/sec
5 minute drop rate, 0 pkts/sec
Internal-Control0/0:
received (in 2395890.950 secs):
4813061 packets 348829320 bytes
0 pkts/sec 0 bytes/sec
transmitted (in 2395890.950 secs):
5452144 packets 383499485 bytes
0 pkts/sec 0 bytes/sec
1 minute input rate 2 pkts/sec, 146 bytes/sec
1 minute output rate 2 pkts/sec, 160 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 2 pkts/sec, 145 bytes/sec
5 minute output rate 2 pkts/sec, 160 bytes/sec
5 minute drop rate, 0 pkts/sec
Internal-Data0/0:
received (in 2395890.960 secs):
21248059 packets 1966209991 bytes
1 pkts/sec 1 bytes/sec
transmitted (in 2395890.960 secs):
6170575 packets 958796353 bytes
0 pkts/sec 0 bytes/sec
1 minute input rate 8 pkts/sec, 850 bytes/sec
1 minute output rate 2 pkts/sec, 402 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 8 pkts/sec, 836 bytes/sec
5 minute output rate 2 pkts/sec, 403 bytes/sec
5 minute drop rate, 0 pkts/sec
Internal-Data0/1:
received (in 2395890.990 secs):
603754038 packets 429853468179 bytes
1 pkts/sec 179000 bytes/sec
transmitted (in 2395890.990 secs):
603754038 packets 429853468179 bytes
1 pkts/sec 179000 bytes/sec
1 minute input rate 397 pkts/sec, 209501 bytes/sec
1 minute output rate 397 pkts/sec, 209501 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 313 pkts/sec, 164474 bytes/sec
5 minute output rate 313 pkts/sec, 164474 bytes/sec
5 minute drop rate, 0 pkts/sec
Internal-Data0/2:
received (in 2395891.020 secs):
6170575 packets 918208209 bytes
0 pkts/sec 1 bytes/sec
transmitted (in 2395891.020 secs):
21248059 packets 1881217957 bytes
1 pkts/sec 0 bytes/sec
1 minute input rate 2 pkts/sec, 385 bytes/sec
1 minute output rate 8 pkts/sec, 815 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 2 pkts/sec, 386 bytes/sec
5 minute output rate 8 pkts/sec, 800 bytes/sec
5 minute drop rate, 0 pkts/sec
Management0/0:
received (in 2395891.040 secs):
14278311 packets 1146069880 bytes
0 pkts/sec 1 bytes/sec
transmitted (in 2395891.040 secs):
0 packets 0 bytes
0 pkts/sec 0 bytes/sec
1 minute input rate 5 pkts/sec, 507 bytes/sec
1 minute output rate 0 pkts/sec, 0 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 6 pkts/sec, 492 bytes/sec
5 minute output rate 0 pkts/sec, 0 bytes/sec
5 minute drop rate, 0 pkts/sec

If you have a upgraded device with the security services you can even look at possible attacks against your network. Such as;

ciscoasa# show threat-detection scanning-threat

and

ciscoasa# show threat-detection statistics

Host:cicsoasa: tot-ses:30722 act-ses:5 fw-drop:0 insp-drop:0 null-ses:8 bad-acc:0
1-hour Sent byte: 423 241 0 1523092
1-hour Sent pkts: 2 1 0 9023
1-hour Recv byte: 1 0 0 3632
1-hour Recv pkts: 0 0 0 48

Top 10 protected servers under attack (sorted by average rate)
Monitoring window size: 30 mins Sampling interval: 30 secs

1 192.168.0.1:443 DMZ 0 0 39 172.16.42.6 (21 secs ago)

Basic HTTP Enable Commands for Cisco Routers

ciscorouter#en
ciscorouter#config t
ciscorouter#ip http server
ciscorouter#ip http authentication local
ciscorouter#ip http secure-server
Ctrl+z
wr

On Another Note if you have not removed SSL V2 and V3
You need to disable it so you can do this by the following commands

ciscorouter#en
ciscorouter#config t
ciscorouter#no ip http server
ciscorouter#no ip http authentication local
ciscorouter#no ip http secure-server
Ctrl+z
wr

How To Show ASA Active Sessions

If when using IPSec for your sessions

ciscoasa#show vpn-sessiondb remote

ciscoasa#show vpn-sessionsdb summary

Also

ciscoasa#show logging

Pages