Cisco ISE Device Administration – Two Factor Authentication (2FA) with Common Access Card (CAC) using SecureCRT

The network device authenticates you and ISE authorizes you. Just enter your PIN, and you’re in.

Continue reading “Cisco ISE Device Administration – Two Factor Authentication (2FA) with Common Access Card (CAC) using SecureCRT”

Cisco – Gratuitous ARP: Disabling / Blocking / Ignoring / Spoofing

Send, clear, ignore and spoof ARP. Know how to truly disable the processing of gratuitous ARP in a Cisco router.

Continue reading “Cisco – Gratuitous ARP: Disabling / Blocking / Ignoring / Spoofing”

DHCP – BAD_ADDRESS entries caused by IP Device Tracking

Microsoft Windows has a feature that detects IP conflicts.  A Cisco switch can effectively turn that feature into a DoS attack on your DHCP server.  That’s pretty neat.

Continue reading “DHCP – BAD_ADDRESS entries caused by IP Device Tracking”

Cisco – IOS XE Password Recovery on Catalyst 3850

NOTE: Mr. Bray recommends disabling the ability to recover the password/config with one of these commands (varies):
no service password-recovery     or
system disable password recovery switch all

Apply power to the switch. Immediately press the Mode button while the System LED is flashing. Hold the Mode button until all the system LEDs turn on and remain solid; then release it.

  1. Initialize flash
    Switch: flash_init
  2. Ignore the startup configuration
  3. Boot packages.conf
    Switch: boot flash:packages.conf
  4. Terminate the initial configuration dialog by answering No.
    Would you like to enter the initial configuration dialog? [yes/no]: No
  5. At the switch prompt, enter privileged EXEC mode.
    Switch> enable
  6. Copy the startup configuration to running configuration.
    Switch# copy startup-config running-config
    Destination filename [running-config]?

    Press Return in response to the confirmation prompts. The configuration file is now reloaded, and you can change the password.
  7. Enter global configuration mode and change the enable password.
    Switch# configure terminal
  8. Write the running configuration to the startup configuration file.
    Switch# copy running-config startup-config
  9. Confirm that manual boot mode is enabled.
    Switch# show boot
    BOOT variable = flash:packages.conf;
    Manual Boot = yes
    Enable Break = yes
  10. Reload the switch.
    Switch# reload
  11. Return the Bootloader parameters (previously changed in Steps 2 and 3) to their original values.
    Switch: switch: SWITCH_IGNORE_STARTUP_CFG=0
  12. Boot the switch with the packages.conf file from flash.
    Switch: boot flash:packages.conf
  13. After the switch boots up, disable manual boot on the switch.
    Switch(config)# no boot manual