Tuesday, June 23, 2009

RIP database and administrative distance

I was helping a friend study for CCNA the other day and saw a RIP behavior I'd never noticed before. I knew that RIP keeps a local route database that is displayed with the show ip rip database command. If another route to the same prefix with a better administrative distance is preferred in the global routing table, however, the RIP database doesn't show the route. This is different than more sophisticated routing protocols in which a prefix is kept in the protocol-specific topology table even if a route from another protocol with a better AD is in the global routing table.

Wednesday, June 10, 2009

Cisco IPS Manager Express

I've been doing Cisco IDS/IPS stuff recently for the first time in a long while. If you haven't tried Cisco's new free IPS Manager Express application, check it out. It makes IDS/IPS event monitoring and management reasonably useful and almost pain-free. The interface is much more intuitive that other Cisco IDS/IPS GUI products. The only problem is that the current version supports only 5 sensors; supposedly this will increase in a future release.

Added 12/15/09:
The latest version of IME supports 10 sensors.

open ports on IOS router

Haven't posted here in ages. Interesting trivia: the old "show ip sockets" command doesn't work in new 12.4T images. It's been replaced by "show control-plane host open-ports":

#sh control-plane host open-ports
Active internet connections (servers and established)
Prot Local Address Foreign Address Service State
tcp *:22 *:0 SSH-Server LISTEN
tcp *:23 *:0 Telnet LISTEN
tcp *:15904 x.x.x.x:179 IOS host service ESTABLIS
tcp *:179 x.x.x.x:38441 BGP ESTABLIS
tcp *:179 *:0 BGP LISTEN
tcp *:179 *:0 BGP LISTEN
tcp *:179 *:0 BGP LISTEN
udp *:49 x.x.x.x:0 TACACS service LISTEN
udp *:161 *:0 IP SNMP LISTEN
udp *:162 *:0 IP SNMP LISTEN
udp *:57421 *:0 IP SNMP LISTEN
udp *:1985 *:0 cisco HSRP LISTEN