Blog

Posts Tagged Cisco

Cisco Router 3G 4G Modem Firmware upgrade

Initiate a modem firmware upgrade using the microcode reload command. Ex :
Router# microcode reload cellular 0
lte modem-provision flash:<directory>?
Router# microcode reload cellular 0 0 modem-provision flash: TELSTRA_MC7304_05.05.58.00
Reload microcode? [confirm]
Log status of firmware download in router flash?[confirm]
Firmware download status will be logged in usbflash0:fwlogfile
Microcode Reload Process launched for hwic slot=0; hw type=0x721
Router#
*****************************************************
The interface will be Shut Down for Firmware Upgrade
This will terminate any active data connections.
*****************************************************
Sending cmd=ifconfig eth0 20.20.20.2 up to Linux
*****************************************************
Modem will be upgraded!
Upgrade process will take up to 15 minutes. During
this time the modem will be unusable.
Please do not remove power or reload the router during
the upgrade process.
*****************************************************
*Mar 17 10:02:50.971 PST: %LINK-3-UPDOWN: Interface Ethernet0/0, changed state to up
*Mar 17 10:02:51.971 PST: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/0, changed
state to up
*Mar 17 10:02:52.959 PST: %LINK-5-CHANGED: Interface Cellular0/0/0, changed state to administratively down
*Mar 17 10:02:52.959 PST: %LINK-5-CHANGED: Interface Cellular0/0/1, changed state to administratively down
*Mar 17 10:02:52.959 PST: %LINK-5-CHANGED: Interface Cellular0/0/3, changed state to administratively down
Sending F/W[MC7304_1102029_9903299_05.05.58.00_00_TELSTRA_005.010_000.spk] to the card [34841143bytes]:
Firmware file: MC7304_1102029_9903299_05.05.58.00_00_TELSTRA_005.010_000.spk sent to the card
The current modem F/W App Version: SWI9X15C_05.05.58.00 r27038 carmd-fwbuild1 2015/03/04 21:30:23
The current modem F/W Boot Version: SWI9X15C_05.05.58.00 r27038 carmd-fwbuild1 2015/03/04 18:38:46
The current modem Carrier String: 1
The current modem Device ID: MC7304
The current modem Package Identifier: 1102029_9903299_MC7304_05.05.53.00_00_Cisco_005.009_000
The current modem SKU ID: 1102029
Firmware Upgrade is in Progress…
*Mar 17 10:03:33.683 PST: %CELLWAN-2-MODEM_DOWN: Modem in HWIC slot 0/0 is DOWN
*Mar 17 10:04:06.443 PST: %CELLWAN-2-MODEM_DOWN: Modem in HWIC slot 0/0 is DOWN
F/W Upgrade: Firmware Upgrade has Completed Successfully
*Mar 17 10:06:10.243 PST: %CELLWAN-2-MODEM_UP: Modem in HWIC slot 0/0 is now UP
*Mar 17 10:07:00.443 PST: %CELLWAN-2-MODEM_RADIO: Cellular0/0/0 Modem radio has been turned on
After the firmware upgrade is complete, reload the router. Some modem types require multiple firmware upgrades,
please complete all the firmware upgrades before reloading the router.
HIDDEN COMAND(I got this command from TAC engineer:
Router#conf t
Router#service internal
Router#Test cellular 0 modem-power-cycle

I hope that i will help someone.

Posted in: Blog, Scripts

Leave a Comment (0) →

Cisco IOS Port forward Range

Port forwarding on Cisco IOS devices can be a bit tricky but here is a easy way to do it.

192.168.59.10 is the server you want to port forward to. (You need to have this in twice for the NAT Pool)

ip nat pool POOL1 192.168.59.10 192.168.59.10 netmask 255.255.255.0 type rotary
ip nat inside destination list VOIP pool POOL1
!
ip access-list extended VOIP
permit tcp any any eq 5060
permit udp any any eq 5060
permit tcp any any range 10000 15000
permit udp any any range 10000 15000

Posted in: Blog

Leave a Comment (0) →

Cisco Router Secuirty

Cisco Routers are cool but i have been finding a few issues with DDOS attacks of late. Mainly DNS and NTP.

DNS DDOS

access-list 153 remark Block DOS DNS
access-list 153 permit ip host 202.62.147.50 any – Replace this with the DNS server your using
access-list 153 deny tcp any any eq domain
access-list 153 deny udp any any eq domain
access-list 153 permit ip any any

Then add

!
interface Dialer0 – your dialer interface
ip access-group 153 in

 

NTP DDOS

 

! Core NTP configuration
ntp update-calendar             ! update hardware clock (certain hardware only, i.e. 6509s)
ntp server 192.0.2.1            ! a time server you sync with
ntp peer   192.0.2.2            ! a time server you sync with and allow to sync to you
ntp source Loopback0            ! we recommend using a loopback interface for sending NTP messages if possible
!
! NTP access control
ntp access-group query-only 1   ! deny all NTP control queries
ntp access-group serve 1        ! deny all NTP time and control queries by default
ntp access-group peer 10        ! permit time sync to configured peer(s)/server(s) only
ntp access-group serve-only 20  ! permit NTP time sync requests from a select set of clients
!
! access control lists (ACLs)
access-list 1 remark utility ACL to block everything
access-list 1 deny any
!
access-list 10 remark NTP peers/servers we sync to/with
access-list 10 permit 192.0.2.1
access-list 10 permit 192.0.2.2
access-list 10 deny any
!
access-list 20 remark Hosts/Networks we allow to get time from us
access-list 20 permit 192.0.2.0 0.0.0.255
access-list 20 deny any

Taken from http://www.team-cymru.org/secure-ntp-template.html


                            

Posted in: Blog, Technical

Leave a Comment (0) →

Linksys / Cisco Dial Plans

Just a quick post. Put in a SRP527W for a customer that is using the AT for cordless phones.

To make the phone dial quicker i changed  the dial plan to

(*xxS0|000S0|<:03>[4689]xxxxxxxS0|13[1-9]xxx S0|1300xxxxxxS0|1800xxxxxxS0|0[2478]xxxxxxxxS0|0011xxxxxx.|09xxxxxxS0)

It also add’s a 03 for local numbers. (For the SIP providers that need it)

Posted in: Blog

Leave a Comment (0) →