CCNP: TSHOOT rocks!

Never in my life I left a testing facility with a smile that big like I did on 16 august last year. It was just minutes ago that I received my score on the Cisco CCNP Troubleshoot (TSHOOT) exam. It was the magic 1000 points, incredible high! Not that the a lower score should had matter, the reason behind the smile was the fun I had in answering the tickets. All the pain of doing the CCNP route exam twice earlier that year was suddenly disappeared.. πŸ™‚

Cisco did a very good job in creating this exam. I have to troubleshoot a lot in my daily work, so for me troubleshooting is like a second nature. However I do have a few recommendation to make it more fun;
– Create a few tickets where more than one thing is broken, stuff like that happens in the real world!
– I missed the option “it is not the network, it is the server..” sounds like a joke but with the ability to look into the network traffic and spot a “tcp reset” from the server could prove a configuration failure on the server. (yes, that kind of prove is sometimes necessary…)
– Where was the option “It is a IOS bug, create a TAC case”? πŸ˜‰

Cisco Aironet 1600/2600/3600 AP back on track from rommon

There where Cisco lacks in writing documentation on this subject at this point, I figured out that it could be handy to write the (small) steps down on how to get a 1600/2600/3600 AP in rommon back on track (autonomous or controller based).

So here you have it… πŸ™‚

ap: set IP_ADDR 192.168.1.2
ap: ether_init
ap: tftp_init
ap: tar -xtract tftp://192.168.1.1/ap3g2-k9w7-tar.152-2.JA.tar flash:
ap: set BOOT flash:/ap3g2-k9w7-mx.152-2.JA/ap3g2-k9w7-mx.152-2.JA
ap: boot

Cisco ASA’s en HTTP / L7 inspection

With Cisco ASA’s you can open HTTP network traffic so you can inspect it and even block websites if you want to. Remember that this only works for non-encrypted traffic, if you want to inspect encrypted traffic you gonna need a solution where you can do a MITM (Man In The Middle) attack.

Here you have a very simple example where the dutch website “autoblog.nl” is being blocked for clients in VLAN 10 with a IPv4 address in the 192.168.10.0/24 network.

regex URL-AUTOBLOG.NL ".autoblog.nl"
access-list ACL-CMAP-VLAN10-HTTP extended permit tcp 192.168.10.0 255.255.255.0 any eq www
class-map type regex match-any CMAP-REGEX-HTTP
match regex URL-AUTOBLOG.NL
class-map CMAP-VLAN10-HTTP
match access-list ACL-CMAP-VLAN10-HTTP
policy-map type inspect http PMAP-VLAN10-HTTP
parameters
match request header host regex class CMAP-REGEX-HTTP
reset log

service-policy PMAP-VLAN10 interface VLAN10