Layer3

Adventures in Networking, Routing, Switching, Virtualization, Storage, etc.

Creating Command Aliases in IOS

Posted by Chris on January 31, 2010

Wouldn’t it be nice if you could shorten commonly used command sequences to a few characters.  As luck would have it, IOS provides this feature via the alias command.

Depending on the version of IOS, a handful of command aliases already exist on your router.  Use the show alias command to display them.

The command syntax for creating an alias is as follows; (note – the mode argument must match the command mode from which the original command would be issued)
alias <mode> <alias> <original command>

Usage
Say we want to shorten the show interface fastethernet command sequence.
Since “show interface” is an exec mode command, we’ll specify exec as the mode argument.
Now we can view our interface info using the alias and the interface number, sif 0/0.
One of my favorite aliases is u all. (undebug all)  ;-)

Additional Reading

Posted in CCNP, Cisco, IOS | Tagged: , , | Leave a Comment »

Passwords, folks still like them short and simple…

Posted by Chris on January 21, 2010

A company called Impervia has released the findings of it’s analysis of the 32 million passwords that were exposed in the Rockyou security breach last month.  The results shouldn’t be surprising to anyone who has worked in IT for any length of time.

If password length and complexity requirements are not enforced, most end users will resort to short, dictionary passwords or sequential letters and numbers that are easy to remember.

Your end users need to know the importance of protecting not only the company’s information but their own personal information as well.  Strong password habits shouldn’t be confined to the corporate environment.

Social engineering attacks are also a threat.  Are all visitors required to have an escort?  Do you shred discarded documents?  How about discarded hard drives?  Are employees allowed to wear their ID badges outside the office where they risk being lost or photographed and counterfeited?

Good infosec practices cause inconvenience, which in turn can make it more difficult for employees to perform their jobs.   Education, communication, and executive buy-in are key.  Before changing your password policy, gather the troops and tell them why.  Explain the threats and what’s at risk and follow up on a regular basis.

Posted in FAIL, Security | Tagged: | Leave a Comment »

DHCP Part 3 – Address Release and Reuse

Posted by Chris on January 16, 2010

RFC2131 does not specify that a client is required to release it’s address upon shutdown or reboot.

Rather, section 4.4.6 of RFC2131 states the following:
“If the client no longer requires use of its assigned network address (e.g., the client is gracefully shut down),
the client sends a DHCPRELEASE message to the server. Note that the correct operation of DHCP does not depend on
the transmission of DHCPRELEASE messages.

I conducted some tests with Windows Xp, Ubuntu 8.04 and Mac OS 10.4  DHCP clients with a Windows 2003 DHCP server and noted the following:

Windows Xp
An Xp client does not release it’s DHCP address when shutdown or restarted.  Upon restart,  Xp broadcasts a DHCPRequest if it’s lease had not expired.
If the lease has expired, the client will go through the normal DHCPDiscover process.  (Discover, Offer, Request, Ack)

Ubuntu (Hardy Heron)
Unbuntu 8.04 will send a  DHCPRelease when shutdown.  This immediately returns the address to the DHCP pool and makes it available for use by another host.

Mac OS 10.4
My Macbook Pro does not release it’s IP address when shut down.  However, when the OS is restarted it goes through the normal DHCPDiscover process rather than
broadcasting a DHCPRequest in an attempt to obtain the same IP address.

When an address is not released, it’s still marked as in use by the DHCP server until the lease expires.  This normally doesn’t cause a problem.  However, if you’re managing a small pool of addresses and/or a large number of transient clients, returning addresses to the pool when a client leaves the network is beneficial.  If you’re running a Microsoft DHCP server and managing a large number of Windows clients, this can be accomplished with combination of shorter lease lengths and modifying a DHCP server option.

On your Windows 2003 DHCP server, open the DHCP MMC Snapin, go to the scope and right click on Scope Options.  Then click on the Advanced tab.

In the Vendor Class drop-down, select Microsoft Windows 2000 Options and then select the corresponding check box for option 002, Microsoft Release DHCP Lease On Shutdown Option.  Apply the change then click ok.

I haven’t yet found a way to force Mac OS to release on shutdown.  However, based on a few older documents I found it appears that “DHCP release on shutdown” was normal behavior in Mac OS 9.0 and earlier, similar to the way that Ubuntu 8.04 behaves.

Posted in DHCP, Networking | Leave a Comment »

« Previous Entries