Press "Enter" to skip to content

Month: April 2009

New Cisco 877 IOSes

Cisco recently released new version of its IOS for the 877 router:


Giving advsecurity ios a test, and seems to work really well, also this IOS works with the various DSL firmware releases eg.adsl_alc_20190.bin.4.0.15 etc, unlike where -22 did not work! Cisco finally fixed it it in this new release 🙂

UPDATE: It seems this IOS is a bit buggy, can crash at times and create a crash dump file 🙁
Work harder cisco 😛

1 Comment

Cisco 877W [Wireless Config]

Well i thought id post a Cisco877W wireless config, configured only as a access point. can cut bits here and there and fit it into your existing 877 configuration. Bold indicates what you may need to change..

Cisco uses the Centre Frequency MHz to configure its wireless channel. So in our example below 2442 is used, which means that is actually Channel Identifier 7.

For more info on this you can see go here

version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
no service dhcp
hostname yourhostname
enable secret yoursecretpass
no aaa new-model
resource policy
ip subnet-zero
ip cef
bridge irb
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
interface FastEthernet0
interface FastEthernet1
interface FastEthernet2
interface FastEthernet3
interface Dot11Radio0
no ip address
encryption mode ciphers tkip
ssid YourAPssidhere
authentication open
authentication key-management wpa
wpa-psk ascii yourwirelesskeyhere

speed basic-1.0 basic-2.0 basic-5.5 basic-6.0 basic-9.0 basic-11.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0
channel 2442
station-role root
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
interface Vlan1
no ip address
bridge-group 1
bridge-group 1 spanning-disabled
interface BVI1
ip address
ip access-group 102 in
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
ip classless
no ip http server
no ip http secure-server
bridge 1 route ip
line con 0
password yourconsolepass
no modem enable
transport preferred none
stopbits 1
line aux 0
line vty 0 4
session-timeout 240
access-class 2 in
password yourtelnetpass
transport preferred none
scheduler max-task-time 5000


Leave a Comment

Netdisco – Ultimate Open Source Network Management Tool

Well since I am working in all types of networky things, I really recommend “netdisco” for working on any big network projects which require big implementations or changes to the current network, and of course your normal day to day network support of devices.

At the moment im working on this quite largish project to segment a /20 huge broadcast domain to 40 x /24 vlaned subnets. We need to know what sits on the big network and how we will transition every single device accross to new IP addresses and what kind of impact that will have.

This is where netdisco comes in, I put in all my devices into this tool (well all the Cisco switches etc which exist in my network via SNMP + CDP) and I let the tool monitor the devices. So basically it monitors every port, whats plugged in to the switch, and what IP is connected to each port, MAC etc.

From this we can gather a database of whats currently present in the network and how we will transition it accross to individual subnets. It is particularly useful if you wish to migrate printers & devices with static IP, because it will tell you what switch they sit on, their current IP, and MAC address. This way before starting your work to transition over you can plan your DHCP server configuration, and new IP reservations etc.

Another great thing about this tool as well is, it shows archived data for each port, so if something has been unplugged for 2 days, you can still find what has been connected to the port!

However it is also useful for your normal day to day support of your network switches/routers and knowing what exacly it is connected to each port. So for example you want to know in your network what is No worries, this tool will find it for you, and what switch its connected to and port + its MAC address!

Netdisco you can operate through a web browser, and the current features it offers are: (as taken from the website

  • MAC Address to switch port resolution.
  • IP Address to switch port resolution.
  • Find Switch Ports with multiple nodes attached
  • Find nodes using multiple IP addresses
  • Find nodes by vendor (using MAC address OUI)
  • View and Change VLAN assigned to port
  • SSID And Channel Information on wireless ports
  • Central location to disable/enable switch ports.
  • Navigation through a Web Interface. Maintenance through a Command Line Interface (CLI).
  • Database store for scalability and speed (Postgresql).
  • Easily extendible to new network device types and vendors.
  • Built-in user system to restrict access to sensitive data and features.
  • Administratively enable/disable switch ports from web interface with logging.
  • Automatic inventory and search of network hardware.
  • Duplex Mismatch Finder for uplink ports.
  • Find rogue Wireless Access Points (APs) from the wired-side of network.
  • Netdisco creates a clickable graph/map of your network topology.
  • Get statistics of the number of actual nodes connected to network and their address-space usage.
  • Find devices using IP Addresses without DNS entries

There is one thing with this tool, it is very tedios to setup and configure, you can spend virtually days trying to get things right…

However I came accross this website which has a Vmware image of the tool, which you can download. Its already pre-setup, and you just follow a few of the instructions and its all ready to go. The OS it runs under is FreeBSD, and netdisco was originally configured to run smoothly & secure on this OS.

If you wish to take netdisco to a production level in your environment you can setup a VMware ESX server and run the image. As a general rule, the thing to watch is the polling frequencies versus how long it takes to poll all of your devices, every 10mins polling should be sufficient for about 50-150 devices.

However, if in your network you have 2000+ devices it is recommended to increase the polling time to 4 hours and let it run on a Dual CPU, 4GB RAM, 15GB+ Hdd space, since it will be processing a fairly large amount of SQL data etc

For most users the Vmware image should be sufficient to use, or you can set it up using the installation procedure on the official netdisco website. (be warned its quite a long process!)

Leave a Comment