Disable Windows Live ID SSO for IE 11

With release of Windows 8/8.1, Windows account, previously called live ID, is required to setup the OS.

When you open IE and access some Microsoft owned/integrated websites, like live.com, your pre-entered windows account will be used by IE automatically. However there are times you just need to use other account to login. Here below is a work around:

There are cookies saved in the registry under
HKCU\Software\Microsoft\AuthCookies\Live. 

Just delete the Live subkey and change the permissions so that your daily account does not have permission to create new subkey.

Advertisements

Traffic Capture on IOS router

Ever run into scenario that you need to capture the traffic on production network but you can not do SPAN or put the capture device inline to network without bring down network briefly? The answer is capture on the IOS router directly.

First, Create a monitor buffer on router:

Router# monitor capture buffer MYCAPBUFFER Circular

Then create a capture point on router:

Router# monitor capture point ip cef MYCAP serial 1/0 both

Then, Associate the buffer and capture point

Router# monitor capture point associate MYCAP MYCAPBUFFER

Now, Turn on the capture point

Router# monitor capture point start MYCAP

The following message should show up on the console of router.

*May 2 16:25:46.727: %BUFCAP-6-ENABLE: Capture Point MYCAP enabled.

Then try to generate some traffic on network, or simply just use ping. 

Once you think enough traffic has been generated and captured, stop the traffic capture

Router# monitor capture point stop MYCAP

You can view the status of capture, it should show “inactive”.

Router# show monitor capture buffer all parameters

You can also view the traffic dump on router but not much making sense to me though…

Router# show monitor capture buffer MYCAPBUFFER dump

Router# show monitor capture buffer MYCAPBUFFER

I prefer to Export the dump/capture into a proper capture file for further analysis

Router# monitor capture buffer MYCAPBUFFER export ?

bootflash: Location to dump buffer

disk0:     Location to dump buffer

disk1:     Location to dump buffer

flash:     Location to dump buffer

ftp:       Location to dump buffer

http:       Location to dump buffer

https:     Location to dump buffer

pram:       Location to dump buffer

rcp:       Location to dump buffer

scp:       Location to dump buffer

slot0:     Location to dump buffer

slot1:     Location to dump buffer

tftp:       Location to dump buffer

Remote Access vCloud Director VM Console

Not sure if VMware did not do the documentation properly OR I did not read it properly. It took me over 2-day to figure out how to setup vCloud Director to provide VM console access of VM to authorized user on Internet. The highlevel diagram is attached below. This might not be the best setup but works and makes sense to me.
Image
The configuration on Firewall (I use ASA):
  1. Configure Static NAT for 172.16.8.10 to 1.2.3.4. So user on Internet can access 1.2.3.4 to login to vCloud Director portal
  2. Configure identity NAT between External and LAN interfaces: for any traffic, which arrives on External interface of firewall, destines for 1.2.3.5, firewall will translate the source address to 1.1.1.1 and destination address to 172.16.9.10
The configuration on vCloud Director (I use centOS with 2 NICs and default gateway 172.16.8.1):
  1. Set the external proxy IP to 1.2.3.5 in the vCloud Director management portal
  2. Add static route in centOS: Send traffic to 172.16.9.2 if the destination address is 1.1.1.1

Names for special characters on keyboard

I am not sure if school teaches the names for special characters/signs on keyboard in English speaking countries, but we did not have these taught in School or at least shown in text book in China.

So if you have no knowledge or limited knowledge of the names for keyboard signs, here you have the list to help you:

‘~’ -> ’tilde dash’

‘`’ -> ‘backquote’

‘!’ -> ‘exclamation mark’

‘@’ -> ‘at sign’

‘#’ -> ‘number sign’ or ‘hash’ or ‘pump sign’

‘$’ -> ‘dollar sign’

‘%’ -> ‘percentage sign’

‘^’ -> ‘caret sign’

‘&’ -> ‘ampersand’

‘*’ -> ‘asterisk’ or ‘star sign’

‘(‘ -> ‘parenleft’ or ‘opening parentheses’

‘)’ -> ‘parenright’ or ‘closing parenteses’

‘-‘ -> ‘minus’

‘_’ -> ‘underscore’

‘+’ -> ‘plus’

‘=’ -> ‘equal’

‘{‘ -> ‘braceleft’

‘[‘ -> ‘bracketleft’

‘}’ -> ‘braceright’

‘]’ -> ‘bracketright’

‘|’ -> ‘bar’

‘\’ -> ‘back slash’

‘:’ -> ‘colon’

‘;’ -> ‘semicolon’

‘”‘ -> ‘double quote’

”’ -> ‘single quote’

‘<‘ -> ‘less than sign’

‘,’ -> ‘comma’

‘>’ -> ‘greater than sign’

‘.’ -> ‘period’

‘?’ -> ‘question mark’

‘/’ -> ‘forward slash’

‘ ‘ -> ‘space’

Recovery Cisco router/switch login password

There might be tons of same topic on Inter-Web, especially on Cisco website, but I still decide to post it, at least I can archive in case I lost computer or notebook…

Cisco Router/Switch Password Recovery:

1. Apply break during the device booting sequence: Mostly the “Ctrl + Break” will work. I use putty 99% of time and putty needs to be configure/accessed via clicking the left mouse button on the icon in the top left corner of PuTTY’s terminal window to see the special command “break”.

2. Set configure register: rommon 1> confreg 0x2142

3. Reset the device: rommon 2> reset

4. Type no after each setup question, or press Ctrl-C in order to skip the initial setup procedure.

5. Type configure memory OR copy start run

6. Change password(s) when device boots up completely

7. Restore the config register: hostname(config)#config-register 0x2102 <– REMEMBER TO DO IT

8. Type write memory or copy running-config startup-config in order to commit the changes.

9. Reload device.

NOTE, all interfaces are shutdown when doing password recovery. So manual “no shut” is needed for each interface.

For recovering password for Cisco ASA, check here.

See Also: Cisco Reference

Processor Load Troubleshooting Tips

Apply to IOS Cisco gears ONLY:

Router#show processes cpu | exclude 0.00%__0.00%__0.00%

Router#show processes cpu | include CPU|IP Input

Router#show processes cpu history

Router#show processes | include ARP Input <- ARP messages orginated from router itself. There will be a lot of the ARP message sent out if router has to keep asking for Mac address of the next hop.

Router#show processes | include Net Background <- process used to create packet buffer when hardware buffer is full. If also the interfaces also loaded, it could also have this process loaded.

Router#show processes | include IP Background <- handle the configuration change for interface. Maybe a bad interface flapping up and down could cause issue.

Router#show processes | include TCP Timer <- handle the TCP session terminated on router itself. A lot of ssh/telnet/https sessions to router for management could increase the processor load.

•Check the default route setting on router. It is better to set default route to an address instead of the broadcast interface, like the fast ethernet interface, to avoid keep generating ARP Messages.
•Check the interface throttles, overruns, ignores in “show interface” command, which could increase the load.
•Run “Router#show tcp statitics” to see the statistics of connections.
•Run “Router#show tcp brief” to see sessions to router/switch as management connection.
•Hacker could generate thousands of connections to DoS of router. So put some access-list on VTY to protect remote management.

If you find the above looks familiar, study the CCNP yourself, you might write some fancier ones 🙂

Memory Load issue on Cisco gear

Cisco gear possible memory Load issue:
•Pay attention to log message, like ‘%SYS-2-MALLOCFAIL: …’ on Cisco device, run to the device to reboot it. The memory is leaking bad!! I found this: ‘%SYS-3-INVMEMINT: Invalid memory action (free) at interrupt level’ on Cisco 1920 router with IOS 15.1(4)M3 and Cisco openned a bug (#CSCtx59639). But not sure when there can be a fix…
•If “show” commands show nothing but blank screen, there is something wrong with memory on device.
•From serial console: “Unable to create Exec – No Memory OR Too many Processes”, that means something is wrong related memory.
•If wrong IOS image loaded, could be because of not enough memory.
•If bug in IOS image, there could be memory leak.
•Worn or Virus focus on IOS
•BGP could also load memory

If you find the above looks familiar, study the CCNP yourself, you might write some fancier ones 🙂

High Interface Utilization?!

Is it really possible that Interface utilization could cause issue on Cisco gear? Yes!!
•If there are a lot of collision OR late collision in “show interface” command, there might be a duplex mismatch. Especially when you connect a router external interface to a half-duplex modem…
•If there are High CPU utilization, packet drop, unreachable destinations, there could be something loaded on interface.
•Check the switching mode on device:
◦Process Switch: Check header of every single packets received for requesting next hop ARP and routing.
◦Fast Switch: Check header for very first packet and cache the record for rest of the packets. There is still potential issue with handling the first packet.
◦CEF(Cisco Express Forwarding): When router boots up, it pre-caches all the ARP results according to the routing table. So when packets arrive, it just forward according to caches.
•Check the routing table for the routes
•Check CEF / ARP Cache

If you find the above looks familiar, study the CCNP yourself, you might write some fancier ones 🙂