Device Boots to ROMMON (Cisco ASA)
KB ID 0001199 Problem After recently picking up some second hand ASA5512-X firewalls, I went to run them up, and make sure they were ok, however on boot up they went straight to ROMMON like so; Use ? for help. rommon #0> Now I know what ROMMON is, it’s the base operating system of the device, its job is a bit like the BIOS on a PC, it locates and loads the operating system. The only time you should ever see a rommon prompt...
Microsoft – NDES Site Shows ‘HTTP Error 500.0 – Internal Server Error’
KB ID 0001181 Problem I was doing some testing for a client this week, a while ago I had deployed a three tier PKI solution for them, and as part of the rollout we deployed NDES for their network devices, (they were going to use certificates to secure site to site VPNs). The client was concerned, and wanted the auto renewal process testing. This could not be done on the live system. So myself and a colleague went to the test bench, I...
Cisco – Testing AAA Authentication (Cisco ASA and IOS)
KB ID 0001175 Problem I always forget the syntax for this, and I’ve been meaning to publish this for a while so here you go. If you have AAA setup and people can’t log in, then the ability to test authentication against a user’s username and password is a good troubleshooting step! Usually I’m on a Cisco ASA but I’ll tag on the syntax for IOS as well. Solution Cisco ASA Test AAA Authentication From...
Cisco IOS – DHCP Helper (DHCP Relay) – IP-Helper Setup
KB ID 0001168 Problem Cisco documentation calls this a ‘DHCP Relay’, and uses the command IP-Helper, and I usually call this DHCP Helper, just to confuse everyone. To be fair the term DHCP Relay is an industry standard, it’s not particular to Cisco (as you will see later when I Wireshark the traffic). So If you are reading this you have a DHCP server and you want to use it to lease addresses to clients that are on a...
Cisco IOS – An interface whose trunk encapsulation is “Auto” can not be configured to “trunk” mode.
KB ID0001167 Problem If you try and change a ports status, to make it a trunk port, you may see this error; Petes-Switch(config-if)#switchport mode trunk Command rejected: An interface whose trunk encapsulation is “Auto” can not be configured to “trunk” mode. Trunk Settings I don’t know if this is a throwback to when we had ISL trunking and 802.1q, but you need to specify the encapsulation before you can...
Cisco Small Business (SG500) Link Aggregation (LAG) With LACP
KB ID 0001277 Problem At work a client was having trouble with a NAS Drive (Buffalo Terastation). It was being used as a backup target and some of the servers were dropping connections. I knew the client had some Catalist 3750’s So I suggested going and creating an Ether Channel to the two NICs in the NAS box, to try and cure the problem. However when I went onsite, I noticed the 3750 didn’t have any spare Gigabit ports...