How to download CiscoLive! recording

I like to watch CiscoLive! recordings for training and studying. But not all the time that I have Internet access when I am Free…Plus there are times I just simply want to play the recording at 1.2/1.3x speed to save some time…

I found actually it is quiet easy to download the recording. I use Firefox but should be similiar to Chrome as well.

Steps:

  1. Load the video in browser
  2. Press “Ctrl+Shift+C” to open Web inspector on Windows. Do not have a Mac at the moment to find shortcut key.
  3. Click on the Video player inside browser
  4. The source link of the Video should be showing in inspector window
  5. Double click the source link to copy it
  6. Paste the link to a new browser tab
  7. Once the page loaded, right click on the video and “Save Video As…”
Advertisements

USB-Serial adaptor on Mac OS X

I have a USB-Serial adaptor (prolific pl2303 chip) and MBP Mac OS 10.11.4 for connecting to console of switches, routers and firewalls via screen. Since somewhere between Mac OS 10.11.2 and 10.11.3, the setup is broken as screen will hang if I exit the screen session and then try to reconnect to the device via USB-Serial adaptor. I did upgrade to the latest firmware from prolific page for Mac but did not help…So I started posting for help on Internet forums…

janm on Stack Exchange really helped. Here is the workarounds: use cu instead of screen on Mac for the task. The catch though is by default cu needs to be run with sudo. So,

  1. Type in the password everytime you try to connect to console.
  2. Use one of the followings to get rid of the password prompts:

OPTION 1: Create cu configuration file like “/Users/test/cu.conf” with content below and also create the lock folder accordingly. Run the cu command as “cu -I /Users/test/cu.conf -l /dev/cu.usbserial -s 9600 –nostop

lockdir /Users/test/cu_lockdir

OPTION 2(HIGHLY NOT Recommended): Run “sudo visudo” and uncomment the line below and save and exit.

 %wheel ALL=(ALL) NOPASSWD: ALL

BTW, I also opened a bug report with Apple and provided necessary debug but have not heard back yet…I think the screen compiled with Mac OS X changed on handling port open/close.

3G on Cisco 819 Router

After two days of researching and testing, finally it is working. It was not any configuration difficulty but some technology confusion. Plus the configuration sample cisco provides doesnot really work…Here below is my working configure with Telus SIM Card.

chat-script hspa-R7 "" "AT!SCACT=1,1" TIMEOUT 30 "OK"
!
!Tried "ATDT*99*1#" and made no difference
!
interface Cellular0
description PrimaryWAN
ip address negotiated
ip nat outside
ip virtual-reassembly in
encapsulation slip
load-interval 30
dialer in-band
dialer string hspa-R7
dialer watch-group 1
no peer default ip address
async mode interactive
!
ip route 0.0.0.0 0.0.0.0 Cellular0
!
ip access-list extended nat-list
permit ip 10.100.100.0 0.0.0.127 any
!
dialer watch-list 1 ip 5.6.7.8 0.0.0.0
dialer watch-list 1 delay route-check initial 60
dialer watch-list 1 delay connect 1
dialer-list 1 protocol ip permit
!
ip nat inside source list nat-list interface Cellular0 overload
!
line 3
script dialer hspa-R7
modem InOut
no exec
transport input all
transport output all
!

Under exec mode, create/modify the profile for GSM to match the telus requirement.

cellular 0 gsm profile create 1 isp.telus.com

Mac OS X and Dell Monitor via HDMI

Please refer to here for issue background details. Below is just steps for El Capitan running on Retina MBP with Dell U2410/U2414 monitors.

  1. Download the patch-edid.rb script from Andrew Daugherity’s improved patch-edid.rb script. Put the script on Desktop.
  2. Connect the external monitor.
  3. Type “cd Desktop; chmod +x ruby patch-edid.rb; ./ruby patch-edid.rb” in Terminal.
  4. A new folder will be created on desktop. Move it into the “/System/Library/Displays/Contents/Resources/Overrides/” folder. If prompted if you want to overwrite an existing folder, consider backing it up first.
  5. Restart Mac. The monitor should changed color mode to RGB.
  6. Optionally, Adjust the color profile inside Mac OS and/or monitor presets as needed.

 

Really tried to keep using the Terminal App coming with Mac…

Actually I tried several times by removing iterm2 in last 2-3 months but I always find the feature/function I dislike that provided by Terminal while features I need are not….

1. Why high-light to copy inside Terminal can not sync with CMD-C/CMD-V?

2. Why background colour is included when high-light to copy inside Terminal and paste into Word editor?

3. Why Tabs can not be opened inside one Terminal window? I am too lazy to merge them manually…

4. Why Terminal Tab name can not be automatically set to be just the device name?

5. Where is the logging!!!?

TO BE CONTINUED…

IPSec tunnel with Policy-Based NAT on Fortigate

First, here is the highlevel diagram

Drawing1

The requirements are:

1. Establish IPSec VPN Tunnel between Fortigate and Cisco ASA

2. Translate the Source IP address to 10.153.153.0/24 when 10.100.100.0/24 connect to 172.24.200.0/24 via the IPSec tunnel.

3. Do not translate 172.24.200.0/24 when connect to 10.153.153.0/24 via IPSec tunnel.

With end using ASA, this is just a standard IPSec tunnel setup. Even replace the Fortigate with an ASA, the configuration is fairly straight forward. But with Fortigate, it is a little bit tricky, at least at the very beginning. Because there is no GUI configuration option in my FortiOS 5.2 to create such tunnel. So I have to start from CLI.

Here below are the configuration put onto the Fortigate.

config firewall address
edit "LocalSubnet-RealIP-1"
set associated-interface "LAN"
set subnet 10.100.100.1 255.255.255.0
next
edit "LocalSubnet-RealIP-2"
set associated-interface "LAN"
set subnet 10.100.100.2 255.255.255.0
next
edit "RemoteSubnet"
set subnet 172.24.200.0 255.255.255.0
next
end

config vpn ipsec phase1
edit "Tunnel4Test"
set interface "WAN"
set nattraversal disable
set proposal aes128-sha1 3des-sha1
set dhgrp 5 2
set remote-gw 204.204.204.18
set psksecret ENC YHbmejTH3Doryywk/KkQZ+qWXBEOP1RScs+ewjBmhzXcTguEdmuKsW8g==
next
end

config vpn ipsec phase2
edit "Tunnel4TestP2"
set phase1name "Tunnel4Test"
set use-natip disable
set proposal aes128-sha1
set pfs disable
set keepalive enable
set auto-negotiate enable
set src-addr-type ip
set dst-addr-type ip
set src-subnet 10.153.153.0 255.255.255.0
set dst-subnet 172.24.200.0 255.255.255.0
next
end

config firewall policy
edit 1
set srcintf "LAN"
set dstintf "WAN"
set srcaddr "LocalSubnet-RealIP-1"
set dstaddr "RemoteSubnet"
set action ipsec
set schedule "always"
set service "ALL"
set utm-status enable
set natip 10.153.153.1 255.255.255.255
set av-profile "Default"
set webfilter-profile "Default"
set ips-sensor "Default"
set application-list "Default"
set profile-protocol-options "default"
set inbound enable
set outbound enable
set natoutbound enable
set vpntunnel "Tunnel4Test"
next
edit 2
set srcintf "LAN"
set dstintf "WAN"
set srcaddr "LocalSubnet-RealIP-2"
set dstaddr "RemoteSubnet"
set action ipsec
set schedule "always"
set service "ALL"
set utm-status enable
set natip 10.153.153.2 255.255.255.255
set av-profile "Default"
set webfilter-profile "Default"
set ips-sensor "Default"
set application-list "Default"
set profile-protocol-options "default"
set inbound enable
set outbound enable
set natoutbound enable
set vpntunnel "Tunnel4Test"
next
end

 
Once the initial configuration is done on Fortigate, you can then modify the settings from GUI.

Did I configure the QoS Policy Wrong!!??

“The short answer is maybe”. This was what I gave to one of the customers when he asked me.

The story was he has Cisco 2960-S switches and configure policy-maps for prioritize the Voice Traffic. But when he run “show policy-map interface” on any of his switch, he got no matches…

There is indeed an known bug for the 2960 switch but somehow Cisco only identifies it for IOS 12 while my customer is using IOS 15… Being lazy??…

Anyhow, “show mls qos interface statistics” does show the matches.

openSUSE as I-CAP Server for Content filter

Components needs to be installed on openSUSE 13.2:

  • Squid
  • ClamAV
  • C-ICAP
  • SquidClamAV

They can all be found by searching on openSUSE Website. I used 1-Click install to add the repository as well.

Once the components are installed, add followings to be started automatically during system boot:

  • squid
  • clamd
  • c-icap

You can restart any of those services by running: rc(service-name) restart, e.g. rcsquid restart

I did not put too much customized configuration into squid and/or c-icap. Here below are the configures I added on top of the default configuration.

For Squid(/etc/squid/squid.conf):

icap_enable on
icap_send_client_ip on
icap_send_client_username on
icap_client_username_header X-Authenticated-User

icap_service service_req reqmod_precache bypass=1 icap://127.0.0.1:1344/squidclamav
adaptation_access service_req allow all

icap_service service_resp respmod_precache bypass=0 icap://127.0.0.1:1344/squidclamav
adaptation_access service_resp allow all

For C-ICAP(/etc/c-icap/c-icap.conf): Only updated ServerAdmin, ServerName values and added following line.

Service squidclamav squidclamav.so

For ClamAV(/etc/freshclam.conf): Uncomment the line below and Change “XY” to your country code. I am in Canada so I used CA.

DNSDatabaseInfo current.cvd.clamav.net
DatabaseMirror db.ca.clamav.net
DatabaseMirror database.clamav.net

Donot forget to add “TCP/1344” as allowed service on openSUSE Firewall.

NOTE: if file scanning is needed, the maxsize value inside /etc/squidclamav.conf file and StreamMaxLength value in /etc/clamd.conf need to be adjusted accordingly.