Screwloose - Cisco

Posts Tagged Cisco

Cisco IOS Port forward Range

Posted by Andrew on April 16, 2018

Port forwarding on Cisco IOS devices can be a bit tricky but here is a easy way to do it.

192.168.59.10 is the server you want to port forward to. (You need to have this in twice for the NAT Pool)

ip nat pool POOL1 192.168.59.10 192.168.59.10 netmask 255.255.255.0 type rotary
ip nat inside destination list VOIP pool POOL1
!
ip access-list extended VOIP
permit tcp any any eq 5060
permit udp any any eq 5060
permit tcp any any range 10000 15000
permit udp any any range 10000 15000

Tags: Cisco

Posted in: Blog

Leave a Comment (0) →

Reset AP in 887VAW

Posted by Andrew on November 2, 2016

If you need to get access to the AP in a 887VAW but don’t know the password you can always

service-module wlan-ap 0 reset default-config

It will reset it back to factory defaults.

Tags: 887VAW, Cisco

Posted in: Blog, Technical

Leave a Comment (0) →

Cisco Router Secuirty

Posted by Andrew on March 16, 2015

Cisco Routers are cool but i have been finding a few issues with DDOS attacks of late. Mainly DNS and NTP.

DNS DDOS

access-list 153 remark Block DOS DNS
access-list 153 permit ip host 202.62.147.50 any – Replace this with the DNS server your using
access-list 153 deny tcp any any eq domain
access-list 153 deny udp any any eq domain
access-list 153 permit ip any any

Then add

!
interface Dialer0 – your dialer interface
ip access-group 153 in

NTP DDOS

! Core NTP configuration
ntp update-calendar             ! update hardware clock (certain hardware only, i.e. 6509s)
ntp server 192.0.2.1            ! a time server you sync with
ntp peer   192.0.2.2            ! a time server you sync with and allow to sync to you
ntp source Loopback0            ! we recommend using a loopback interface for sending NTP messages if possible
!
! NTP access control
ntp access-group query-only 1   ! deny all NTP control queries
ntp access-group serve 1        ! deny all NTP time and control queries by default
ntp access-group peer 10        ! permit time sync to configured peer(s)/server(s) only
ntp access-group serve-only 20  ! permit NTP time sync requests from a select set of clients
!
! access control lists (ACLs)
access-list 1 remark utility ACL to block everything
access-list 1 deny any
!
access-list 10 remark NTP peers/servers we sync to/with
access-list 10 permit 192.0.2.1
access-list 10 permit 192.0.2.2
access-list 10 deny any
!
access-list 20 remark Hosts/Networks we allow to get time from us
access-list 20 permit 192.0.2.0 0.0.0.255
access-list 20 deny any

Taken from http://www.team-cymru.org/secure-ntp-template.html

Tags: Cisco, Cisco DDOS, DNS, NTP

Posted in: Blog, Technical

Leave a Comment (0) →

Linksys / Cisco Dial Plans

Posted by Andrew on March 16, 2012

Just a quick post. Put in a SRP527W for a customer that is using the AT for cordless phones.

To make the phone dial quicker i changed the dial plan to

It also add’s a 03 for local numbers. (For the SIP providers that need it)

Tags: Cisco, Linksys, SIP, VOIP

Posted in: Blog

Leave a Comment (0) →