I finally got my ASA 5505 up and running at the house, but I ran into a little problem — the box wouldn’t add the DHCP-provided default route into its routing table. That one threw me for a loop since the box is made for SOHOs, but it makes sense in some corporate, lazy...
Monthly Archives: March 2008
Configuring GLBP
Believe it or not, I got a request for an article on how to configure GLBP. I’m as shocked as you are, so here it goes. The Gateway Load Balancing Protocol (GLBP) is another Cisco-proprietary protocol for providing highly-available gateways on a network…but there’s a twist. GLBP, as you can figure out from the...
Trunking on a Catalyst Switch
If you didn’t now already, trunks are connections between switches that carry traffic for all VLANs. It allows you to have, say, VLAN 10 and VLAN 20 on two switches appear as the same network. Unless you’re a really small shop, you’ve already dealt with trunks, so there’s no need for an introduction. Let’s...
HSRP vs. GLBP
HSRP (Hot Standby Router Protocol) is a Cisco-proprietary method for supplying a highly-available gateway for hosts to use. GLBP (Gateway Load Balancing Protocol) does the same thing. So, what’s the difference? HSRP works on layer 3 and provides a standby IP address for hosts on that network to use as their gateway (or other...
GRE Tunnels and Encryption
GRE tunnels rock. They are interfaces on a router that are used to “connect” to another router somewhere on your LAN, your WAN, the Internet, wherever. The most popular use for them is for router-to-router VPNs. I’ll let my friend Josh from blindhog.net show you how to do it. He’s got a video on...
Resetting Sections of the Config
I was configuring a switch the other day and realized I had configured a trunk on the wrong port. God, I hate that. Instead of dumping the configuration for the port and doing a “no” on each line, I used the default command. Switch(config)#default interface G0/1 This resets the configuration on interface G0/1 to...
AFOL-KE and Above.net
It looks like there was another bad BGP announcement over the weekend. This time, a 24-bit network belonging to the country of Kenya was being advertised by Above.net. The heart of the problem is the same as it was with the YouTube problem a few weeks ago: someone who wasn’t authoritative for a network...
NAT on a PIX/ASA
NATting sucks and can be confusing. I’m sure everyone agrees to that, but you have to use it at some times. In a PIX/ASA, it’s easy to configure a simple setup, but can be super-complicated in larger networks. In a simple lab, we have set up an ASA with inside and outside interfaces, with...
Commenting Access-lists
There’s a very-overlooked feature of access-lists — the remark. Yes, this is very basic, but it’s worth mentioning, as it has saved me anguish time and time again. I use remarks to document each line of an ACL (on IOS, PIX, FWSM, ASA, etc.) so that when I go back later, I actually know...
Wireless Headsets
We all have these at our desks. Not the bluetooth guys for your phone (we could talk about that for a while), but the 900MHz headsets that your company gave you for those long and annoying calls with the boss. These things rocks, but they are oh-so insecure. A coworker who fields support calls...
Recent Comments