Press "Enter" to skip to content

Category: Tech

IOS downgrade Cisco 877

I decided to downgrade to IOS c870-advsecurityk9-mz.124-15.T6.bin so I could try ADSL firmware AMR-3.0.043.bin, ver 20/22 of this IOS doesnt work with this firmware.

So far ive noticed 3.0.043 has slightly less Reed Solomon/CRC/Header errors, and notice improved performance. On previous firmware I noticed on upstream, I would get quite a few errors upon sync however with this firmware it seems fine and shows 0.


Port Forward on Cisco 877

Are you running a server, utorrent or some other application which requires a port to be forwarded back to your internal network?

Its very simple and easy to do on the Cisco 877.

Direct Forwarding

a) We have a webserver on port 80 and we wish to forward port 80 from outside back to internal

ip nat inside source static tcp 80 interface Dialer1 80

b) A torrent type port forward:

ip nat inside source static tcp 61437 interface Dialer1 61437

As we can see basically we are opening external ports on the router, and allowing that port to be routed back to our internal network on the specified IP address. (Remember to substitute your internal IP address above and the port you wish to use. You may also need to change the Dialer, either Dialer1 or Dialer0 depending how your device is configured)

Re-Direct Forwarding

In your internal network you may have 3 machines which all run RDP on port 3389. Now you cannot map 3389 three times, only 1 port can be used at a time.

So what you can do, is setup a redirection so that the external port numbers are different but map to the same 3389 port numbers internally.


ip nat inside source static tcp 3389 interface Dialer1 4321

In this example, port 4321 is opened externally which maps back to the internal IP address on port 3389  (RDP)

ip nat inside source static tcp 3389 interface Dialer1 1832

Another example opening another external port to redirect to a different host inside the internal network for RDP

Another good example is you might be running a SSH server on your inside network on port 22, while externally you can configure it to be seen as port 6211.

ip nat inside source static tcp 3389 interface Dialer1 6211

This is a good security practice, so that you do not get constantly probed by bots on port 22 to try hack into your box with username/password combinations.

Leave a Comment

Network Monitoring

I started to learn a bit more about network monitoring tools and how to monitor the network. One of these tools is “Whats UpGold”, which can monitor uptime on devices, probe for interface bandwidth utilization and various other items. I have just begun using this software to monitor 300+ cisco devices for uptime, bandwidth utilisation, and recommend it highly. One thing about it I like, you can setup maps of a town/city/state with dot points and if a device goes down the dot shows red, and if its up its green, so you exactly know when/where it goes down.

See website below for more info.

Whats Up Gold network monitoring
Whats Up Gold network monitoring

Ipswitch WhatsUp Gold is the world’s leading network management software with over 70,000 networks reliably managed worldwide. Built on a scalable and extensible architecture offering automated device discovery and network mapping, real-time SNMP and WMI monitoring, and versatile alerting, notification, and reporting functionality, WhatsUp Gold delivers 360° visibility, actionable intelligence, and complete control.

Now if you have the $$$ this other superb tool offers far more in-depth monitoring called CA eHealth, it has a deeper inspection inside the network such as utilization, latency, uptime between interfaces, and capacity planning, and other very detailed reports, compared to WhatsUp Gold.

Apparently this tool for enterprises costs around $500,000AUD to have it setup, which is why this is only used by the best of the best network operation centres to monitor large and complex networks.

For more info

CA eHealth
CA eHealth

Help ensure the network performance and availability of LANs, WANs, routers, switches and the technologies and the network services provided over them. CA eHealth® Network Performance Manager provides comprehensive, vendor-independent technology that enables you to pinpoint areas of network performance degradation and generate real-time management reports to identify the causes of problems.

Now you are probably wondering what about some FREE monitoring tools?! I personally use CACTI which is a fantastic monitoring tool for my home network, but can be used for business/large enterprise also. The tool is open source, and has a great support forum which is excellent. The tool is a network graphing solution and many examples can be found on its website what can be monitored.

Using Cacti to monitor WAN traffic on DDWRT firmware routers
Using Cacti to monitor WAN traffic on DDWRT firmware routers

Cacti is a complete network graphing solution designed to harness the power of RRDTool‘s data storage and graphing functionality. Cacti provides a fast poller, advanced graph templating, multiple data acquisition methods, and user management features out of the box. All of this is wrapped in an intuitive, easy to use interface that makes sense for LAN-sized installations up to complex networks with hundreds of devices.