Skip to content

Category: Networking

SSL-certificate on Cisco Prime Infrastructure

Usually I don’t bother installing appropriate (i.e. public/proper) HTTPS/SSL-certificates for management softwares and other “internal” software. However, making parts of Cisco Prime Infrastructure available for “outsiders” can be quite useful, hence I saw the need to install a proper certificate.

I recently had to do this while installing Cisco Prime Infrastructure 3.0, so I thought I’d document it, since it’s not as straight-forward as one would think. The last time I did the procedure, was after installing Prime Infrastructure 2.0 almost 2 years ago.

There are basically three steps;

1) Fetch CA + properly convert the certificate
2) Install the CA certificates
3) Install the actual certificate

Leave a Comment

Rename AP’s on Cisco WLC

Recently I came across an issue with Windows DHCP & DNS, specifically related to Cisco AP’s and DDNS. By default Cisco AP’s have period in the hostname (APxxxx.yyyy.zzzz), and this apparently causes issues for Windows DHCP/DNS regarding DDNS. If you have a scope with option 15 (Domain Name) set to foo.bar, and you have clients that only returns option 12 (hostname) and no FQDN (option 81) you’d expect Windows to append option 15 to the hostname. In the case for Cisco AP’s, they seem to only return option 12. You’d then expect Windows DHCP to use APxxxx.yyyy.zzzz.foo.bar as the FQDN for the DDNS update, but this is not the case. In stead, it tries to update the DNS with APxxxx.yyyy.zzzz as the FQDN (where yyyy.zzzz is considered a domain due to the period), hence it will obviously fail, as you don’t have any zone yyyy.zzzz configured in your DNS.

Leave a Comment

PVLAN Trunk-hack

Ever had the need to use PVLANs in conjunction with one or more trunks, but your Cisco-switch doesn’t support it? I did. And I found a solution. It works well, but if you need to trunk many PVLANs, then this is not the solution you’re looking for; get a 4500/6500 to play with instead.

I’ll be using my scenario as an example in this article, but you could use it for whatever other reasons you might have. At school we have a Cisco-lab, with 5 racks containing various Cisco-equipment. For a while now, there’s been situations where you’d really like a DHCP-server, TFTP-server, or similar, at hand. So, since we already had a VMware ESXi-server running in the lab, it was fairly easy to setup a dedicated lab-server. However, since this ESXi also had to be publicly available, and the lab-network shouldn’t be, we decided to use a trunk between the ESXi and our 3560G (sitting as a gateway between the lab, the servers, and the internet). Each VM is then assigned to their respective VLANs. All well so far.

4 Comments

Cisco IOS Clock Sync (with NTP) and Summer Time/Daylight Saving Time

Tired of having a Cisco-device that always ends up with a wrong clock? I was.

The first thing you’ll need, is a proper NTP-server. You can either set up one locally (which syncs from a hardware-device ? like a GPS ? or from an external server), or you can choose one of the public available NTP-servers. I’ve chosen to use ?158.37.91.134? in this example.

9 Comments

Add timestamp to ping

I’ve been in some situations where I’d like to add timestamp to pings. There could be loads of reasons as to why you’d like to do this, but I used it to check if there where specific times of the day that had higher latency on my internet-connection at home.

26 Comments

Cisco IOS NAT Virtual Interface

Up until recently, I’ve had ADSL at home for some years. For the last year or so, I’ve used a Cisco 1812 as my router (the ISP-router was put into bridge-mode). A few weeks ago, when I got a 10/10Mbps fiber-connection, it suddenly became more relevant to host some services at home (why pay for web-hosting, when you can host it home, for free?). As a result of this, I stumbled upon a “problem” that annoyed me a bit; loopback-support – the ability to reach your services using your external IP, and hence applying port-forwards (this way you could use ssh externalip -p "some odd port number" regardless if you are home or not). This is quite useful if you move between different networks a lot (e.g. using a laptop – which was the case for me). This feature is known as tromboning, or hairpinning, and is something that often works on cheap routers you get from your ISP. So, why shouldn’t this work on a Cisco-device?

39 Comments