In Windows this is easy to find, ‘ipconfig /all‘ will tell you 🙂 On macOS it’s not so simple.
Solution
First you need to know which network card we are talking about! Your wireless network card is nearly always en0 (that’s a zero), if you are on a wired connection simply run ifconfig and find the right network card.
to double check you can run;
[box]
ipconfig getifaddr en0
[/box]
Then to see your DHCP server address, issue the following command;
[box]
ipconfig getpacket en0
[/box]
Look for the value of server_identifier this is the DHCP servers address.
Related Articles, References, Credits, or External Links
I see this get asked in forums A LOT, typically the poster has another problem they are trying to fix, someone has asked them to debug the problem and they cant see any debug output.
Solution
Firstly you need to understand what logging is, and how debugging fits within it. (Bear with me, this is good knowledge to have).
The firewall saves logs in syslog format, and there are 8 Levels of logs, the one with the MOST information is called ‘debugging’ (or severity 7 in Syslog world)
0=Emergencies
1=Alert
2=Critical
3=Errors
4=Warnings
5=Notifications
6=Informational
7=Debugging
So if you are debugging, then all you are doing is looking at syslog output thats severity 7. The ASA can send these logs to an internal memory buffer, and external Syslog server, or to the screen, either the console (via rollover cable) or the monitor (SSH/Telnet session, or what router types, call the virtual terminal lines).
Fine but I cant see anything doofus, that’s why I’m here!
OK, now you understand how it all works, you should understand when you see the commands, why it wasn’t working!
Issue a ‘show log’ command;
What does this tell us? Well mose importantly it tells us logging in ON.
[box]Syslog logging: enabled[/box]
If it were disabled then you turn it on with;
[box]logging on[/box]
The next piece of pertinent information is.
[box]Timestamp Logging: Disabled[/box]
While not critical, logs are much easier to interpret when they are stamped with the correct time! I’m in the UK so this is the command I would use (Note: I’m enabling NTP Time sync, this can take a while to synchronise);
[box]
clock timezone GMT 0
clock summer-time BST recurring last Sun Mar 1:00 last Sun Oct 2:00
!
ntp server 130.88.203.12 source outside
!
logging timestamp
[/box]
Sending Debug Output to the Screen
As mentioned above, you can send output to the console or the monitor;
Send Debug to SSH/Telnet Session
[box]logging monitor debugging
terminal monitor[/box]
Note: To disable, the command is ‘terminal no monitor‘ NOT ‘no terminal monitor’ (Thanks Cisco!)
Sending Debug Output to the Console (Serial Connection)
Send Debug to SSH/Telnet Session
[box]logging console debugging[/box]
Note: To stop it, set it back to ‘warnings’ (the default).
[box]logging console warnings[/box]
Sending Debug Output to the Internal Log (Buffer)
This is easier, as you can filter the results for particular IP addresses/ports/usernames etc, which is handy if there are pages and pages to look though, and they are not scrolling past you yes, faster than you can read them!
Me to the office: Does anyone know how to create a password protected Zip file on a Mac?
Reply: Use Windows
Well actually this advice is ‘bobbins!’ Windows still can’t do this without installing an application, (I would recommend 7-Zip). But with a Mac of course you can 🙂
Solution
First open an Terminal window, then ‘change directory’ to the folder that contains the uncompressed file(s), or folder(s) you want to Zip.
Changing Directory With Spaces In Your Foldernames
I thought I’d better put this here, if you have spaces in your folder names, you use the following syntax;
And repeat if you have multiple spaces like so;
Mac OSX: Create a Normal Zip File
Before we try and password protect a Zip, file let’s see how to create a simple one;
Normally I simply connect a new MSA to a clients network, and it gets it’s address from DHCP. Then I can get the address for the DHCP Scope, and point my web browser at it.
Yesterday I was starting with new virtual infrastructure and had no DHCP. With the G1 and G2 models, you got a console/serial cable and could just terminal in. With the G3 they have replaced the serial socket with a mini USB socket. Each time I put in a new P2000, I think “I wonder how that USBCLI socket works?” Yesterday I had to find out.
Solution
The Quickest Solution – is to connect the MSA to the network, and if it cannot get a DHCP address it automatically gives itself 10.0.0.2/24 on controller A and 10.0.0.3/24 on controller B.
1. If you do have DHCP running, connect your MSA and run the MSA Device Discovery Tool, (On the CD that came with the device).
2. Once you know the IP address, you can connect with your web browser.
Connect to and Manage your MSA via the USB/CLI Cable
1. For your machine to see the MSA as a device, you need to install a driver, there is a copy of the drivers on the CD that came with the device.
Note: Windows 7 users, use the Windows 2008 Drivers or use this one.
2. Install the driver.
3. Connect the USB lead from the MSA controller to your machine, TAKE NOTE of the COM port number it’s using.
4. Now you can use whatever terminal emulation program you prefer to connect to that COM port. (I prefer HyperTerminal, or you can use Putty if you want something a bit lighter).
5. Set the following, Bits per second = 115200, Data bits = 8, Parity = None, Stop bits = 1, and Flow control = None.
6. You will need to press {enter} to connect, then login.
If you want to manage your Cisco Catalyst switch it’s not always practical to plug a console cable in to change its settings or monitor what it is doing. Putting an IP address on it and enabling remote management via Telnet or from your web browser is a better alternative, particularly if you have a lot of switches.
Solution
Enable Telnet Management on Cisco Catalyst Switch
1. Connect to the Switch using a terminal emulation program like HyperTerminal or Putty,
2. Issue the following commands;
[box]
enable
{enter enable password if prompted}
conf t
line vty 0 15
password {password required}
login
exit
[/box]
Add a Management IP to a Cisco Catalyst Switch
3. Whilst still in configure terminal mode issue the following commands;
[box]
int vlan1
ip address {IP address required} {Subnet required}
no shutdown
exit
[/box]
Cisco Catalyst Set an Enable Password
4. If you telnet in you cant change any system settings without an enable password being set.
[box]enable password {Password required}[/box]
Optional : Set the Cisco Catalyst Switches Default Gateway
5. Just in case you need to manage the switch from another subnet, you will need to set a default gateway.
When looking at a router, switch or firewall running config, it will usually display a page at a time, you can page down with the space bar, or line down with the Enter/Return key.
Normally that’s fine, but what if you want to capture (take a quick backup,) of the config?
If you do that, and page down you get a copy of the config that looks like this;
–More–
Yes, you can delete them, but in a big config that can take time, how about making the config scroll right to the end without the breaks/pauses.
Solution
Cisco ASA Disable Paging
On a firewall that’s done with a pager command, normally a firewall config will display 25 lines at a time, to get it to scroll straight to the end set the pager length to zero.
[box]
Type help or '?' for a list of available commands.
Petes-ASA> enable
Password:*********
Petes-ASA# configure terminal
Petes-ASA(config)# pager 0
Petes-ASA(config)#
[/box]
Tip: If you want to take a copy of a firewall config it will blank, (replace with asterisks) the VPN shared secrets and failover keys, you can suppress that from happening, and show the hidden values with the following command;
[box]
Petes-ASA(config)# more system:running-config
[/box]
To return it back to pausing every 25 lines and giving the <— More —> prompt again.
[box]
Petes-ASA(config)# pager 25
[/box]
Cisco Router / Switch IOS Terminal Length
On IOS the default is 24 lines at a time (show terminal will tell you). You can change this by changing the terminal length. Note: This is NOT a global configuration command.
[box]
Petes-Router#terminal length 0
[/box]
To reset it, and get the –More– prompt back again;
[box]
Petes-Router#terminal length 24
[/box]
Related Articles, References, Credits, or External Links
A colleague asked me if I had a USB console cable, because the switch he was working on had a failed RJ45 console port. I thought it was just the same cable that charged my phone (USB A to micro USB). But it isn’t, it’s mini USB.
I thought, that might happen to me at some point, and rather than carry yet another cable I got onto eBay and got a female micro USB to male mini USB converter for about 99p. Then all I needed to do was test it.
Solution
Use Cisco USB Console Cable on Mac OSX
1. Just plug it in and the Mac detects it without the need for drivers, (providing the other end is plugged into a device!). You may see something like the following popup, if you run VMware Fusion;
Note: if you want to find out what device it is being called by macOS, simply issue the following command;
[box]ls -ltr /dev/*usb*[/box]
2. You can then can connect directly to it (using 9600 baud as usual), with the following command (your device name in red will differ);
[box]screen /dev/tty.usbmodem1411 9600[/box]
3. Or if you use an application;
RoyalTSX
Using SecureCRT
4. And we are in.
Use Cisco USB Console Cable on Windows
Things are a little more convoluted on Windows, you need to install a driver (which involves a reboot).