Security

The NAC (Network Admission Control) Business Unit is conducting a survey to get information from customers. I would greatly appreciate it if you could take part in this survey, the survey will not take more than 15 minutes to complete.
Click here to access the customer survey: NAC Customer Survey
Any customer that takes the survey will [...]

12Nov2008 | Joe Harris | 0 comments | Continued

James Bond: Quantum of Solace - US Only

Ironport invites all US based customers (or any customer that happens to be in the US at the time) to a thrilling discussion of the latest email and Web security threats and how to stop them on Friday November 14, followed by the James Bond, Quantum of Solace premier screening.
Agenda
9 a.m. Arrival
9:30 a.m. IronPort Presentation
10:30 [...]

11Nov2008 | Joe Harris | 0 comments | Continued

WPA Wi-Fi encryption is cracked

Security researchers say they’ve developed a way to partially crack the Wi-Fi Protected Access (WPA) encryption standard used to protect data on many wireless networks.
The attack, described as the first practical attack on WPA, will be discussed at the PacSec conference in Tokyo next week. There, researcher Erik Tews will show how he was able [...]

6Nov2008 | Joe Harris | 2 comments | Continued

Excellent Security Demo’s

Chris Durkin has put together some very nice demo’s focused on many of Cisco’s security portfolio products over at his newest website. These demo’s are very well done and give you a thorough explanation of the products capabilities and interfaces. I would like to personally thank Chris for actually getting around to doing what I [...]

3Nov2008 | Joe Harris | 0 comments | Continued

ASA SNMP OID’s

Ever have a need to find a specific SNMP Object ID on your ASA? Well you could use the Cisco SNMP Object Navigator for the ASA/PIX to locate the information or you could simply enter a command into the CLI. What command are you talking about you might say? I don’t see a command that [...]

23Oct2008 | Joe Harris | 4 comments | Continued

Tool: FirePlotter

FirePlotter shows you the traffic that is flowing through your internet connection - in real-time. FirePlotter is a real-time session monitor or connection monitor for your Cisco ASA firewall. Click to see a 3 minute FirePlotter Demonstration.
FirePlotter provides tabular listings and summary of sessions by Service (HTTP, FTP etc), Destination IP, Source IP and [...]

23Oct2008 | Joe Harris | 1 comment | Continued

IPSec pass through Inspection Engine

Instead of permitting ESP and AH through the ASA via the interface ACL, you can permit just ISAKMP (UDP/500) and apply the ipsec-pass-thru inspection to permit the corresponding ESP or AH flow. The IPSec Pass Through application inspection provides convenient traversal of ESP (IP protocol 50) and/or AH (IP protocol 51) traffic associated with an [...]

18Oct2008 | Joe Harris | 3 comments | Continued

Stateful Failover Support of WebVPN Sessions

To ensure that WebVPN and SVC connections reconnect quickly in the event of a failover, enable the security appliance to respond to incoming client TCP packets with the service resetoutside command from global configuration mode:
[no] service resetoutside
This will cause a TCP Reset to be sent from the security appliance that takes over the existing WebVPN [...]

18Oct2008 | Joe Harris | 0 comments | Continued

Looking for firewall features for ASA

Have you ever thought of a great feature on the ASA and wanted a way to tell Cisco about that feature but did not feel as though you had any avenue to provide that communication directly to the ASA Business Unit? Well now you do, I am looking for input on compelling firewall features that [...]

16Oct2008 | Joe Harris | 9 comments | Continued

Cisco Response to Microsoft Security Bulletin Release - October

Microsoft published its monthly security bulletin release on October 14, 2008. Eleven bulletins were released that address twenty individual vulnerabilities. Microsoft has rated four bulletins as Critical, six as Important, and one as Moderate. The advisories that address Critical vulnerabilities cover remote code execution flaws in Active Directory, Host Integration Server, Internet Explorer, and Microsoft [...]

15Oct2008 | Joe Harris | 0 comments | Continued

Tool: Cisco VPN Client GUI Error Lookup Tool

The Cisco VPN Client GUI Error Lookup tool is used to list and describe the errors and warning messages that can be produced by the Cisco VPN Client for use by Cisco Technical Support and Engineering Support.
The information provided by this tool enables the Cisco Technical Support engineer to resolve your problem faster and more [...]

9Oct2008 | Joe Harris | 0 comments | Continued

Cisco Virtual Office: Cisco on Cisco Case Study

At any given time, one-third or more of Cisco’s global workforce is connected to the corporate network by remote access. Like many enterprises, Cisco gains significant productivity and cost benefits from providing employees with secure, anytime access to the corporate network and other resources.
This security case study describes Cisco IT’s internal deployment of the [...]

9Oct2008 | Joe Harris | 0 comments | Continued

Cisco IOS Zone Based Firewall: CME/CUE/GW Single Site or Branch Office with SIP Trunk to CCM at HQ

We have published a new IOS ZBF document on CCO. This document describes design and configuration considerations for firewall security aspects of specific Cisco ISR-based data and voice application scenarios. The configurations for voice services and the firewall are provided for each application scenario. Each scenario describes the VoIP and security configurations separately, followed by [...]

9Oct2008 | Joe Harris | 0 comments | Continued

IntelliShield Cyber Risk Report

The IntelliShield Cyber Risk Report is a strategic intelligence product that highlights current security activity and mid- to long-range perspectives. The report addresses seven major risk management categories: vulnerability, physical, legal, trust, identity, human, and geopolitical. The Cyber Risk Reports are a result of collaborative efforts, information sharing, and collective security expertise of senior analysts [...]

Cyber Risk Report: Hide Player | Play in Popup | Download

2Oct2008 | Joe Harris | 0 comments | Continued

Control Plane ACL Limiting

I knew it was only a matter of time but for a while I have been pushing to get rid of the ‘to-the-box’ access controls on the ASA with individual commands and replace them with a control-plane interface just like IOS routers have and in 8.0 you can do just that. Basically what you do [...]

12Sep2008 | Joe Harris | 0 comments | Continued

IPSec 64-bit VPN Client

You may have noticed that the Cisco IPSec VPN Client does not currently support 64-bit Operating Systems nor will it. If you have a need for an IPSec Client that does have 64-bit OS support, NCP Secure Communications has a Universal VPN Client that is 64 Bit compatible and will even import/convert your existing .pcf [...]

12Sep2008 | Joe Harris | 0 comments | Continued

IntelliShield Event Response: Microsoft Security Bulletin for September 2008

Microsoft announced four security bulletins that contain eight vulnerabilities as part of the monthly security bulletin release on Sept 9, 2008. A summary of these bulletins is on the Microsoft website at http://www.microsoft.com/technet/security/bulletin/ms08-sep.mspx. This document highlights the vulnerabilities that can be effectively identified and/or mitigated using Cisco network devices.
The vulnerabilities that have a client software [...]

12Sep2008 | Joe Harris | 0 comments | Continued

The Security Deep Dive Portal

This site was put together by some security guys inside Cisco with the aim of giving a short but in-depth discussion on how to use and install Cisco Security Products. The average attendance of the original events were around 150-200 attendees. After these sessions, the team received countless email requests about these sessions. So [...]

31Aug2008 | Joe Harris | 0 comments | Continued

The SSL Trap

Current HTTPS encryption methodologies for web users create a false sense of security. In order to enforce corporate acceptable use and security policies, an enterprise must employ a Web security gateway that has the ability to inspect HTTPS traffic. See how IronPort can help your overall bottom line by performing HTTPS inspection even on HTTPS [...]

31Aug2008 | Joe Harris | 0 comments | Continued

IronPort Encryption Technology

Want to experience the simplicity of IronPort PXE technology firsthand? Send yourself an encrypted message right now, just by filling out this form.

addthis_url = ‘http%3A%2F%2F6200networks.com%2F2008%2F08%2F31%2Fironport-encryption-technology%2F’;
addthis_title = ‘IronPort+Encryption+Technology’;
addthis_pub = ”;

31Aug2008 | Joe Harris | 0 comments | Continued

An out of this world virus

A virus designed to swipe passwords from online gamers has inexplicably popped up in some laptop computers aboard the international space station.
The low-risk virus was detected on July 25, but did not infect the space station’s command and control computers and poses no threat to the orbiting laboratory, NASA officials said.
Continue reading the story here: [...]

28Aug2008 | Joe Harris | 0 comments | Continued

ASA temporary license

You may or may not be aware but the ASA does allow for temporary licenses for certain feature sets in order for you to test these features for an extended period of time (like 30 days). However I’ve received quite a few emails regarding what happens to the ASA after the temporary license for a [...]

25Aug2008 | Joe Harris | 0 comments | Continued

IntelliShield Cyber Risk Report

25Aug2008 | Joe Harris | 0 comments | Continued

Security Monthly Newsletter

The sixth issue of Cisco’s Security Monthly Newsletter went out last Wednesday, August 20 to customers who have subscribed to receive this information. If you are not familiar with it, the Security Monthly Newsletter highlights Cisco’s recent product info, white papers, podcasts, programs, webcasts, web sites, events, threat info and much more. If you [...]

25Aug2008 | Joe Harris | 0 comments | Continued

Cisco IPS Auto-Upgrade

If you have a Cisco IPS Appliance and/or Network Module and assuming you have purchased Cisco Services for IPS and would like configure your appliance to perform auto-upgrades to the latest signatures or software, you can use the sample configuration below as a starting place to accomplish this task. After implementing this configuration on your [...]

wireless

Wireless

WPA Wi-Fi encryption is cracked

6Nov2008 | Joe Harris | 2 comments | Continued

Reminder: CCIE Wireless Beta Testers Needed

Cisco is now soliciting beta candidates for Cisco’s upcoming CCIE Wireless Written Exam. We are looking for an exclusive set of professional and expert level Wireless Networking Engineers who can dedicate 3 hours of their time to take the beta exam.
The CCIE Wireless certification, to be launched later this year, will validate that professionals have [...]

12Sep2008 | Joe Harris | 0 comments | Continued

Cisco Compatible Extensions Program

How do you know if a client device is interoperable with a Cisco wireless LAN (WLAN) infrastructure - supporting the latest WLAN standards and Cisco innovations? Look for the Cisco Compatible logo, which is earned through the Cisco Compatible Extensions program for WLAN client devices.
In the program, Cisco licenses a specification with the latest WLAN [...]

8Jul2008 | Joe Harris | 0 comments | Continued

Upgrading a WLAN controller to 4.2 code

This post comes to us from one of Cisco’s wireless specialists, Joe Rosado…WLAN 4.2 code has been released and posted to CCO. Prior to any code upgrade, it is recommended that you thoroughly read through the release notes to understand any open caveats that might affect your particular deployment. This blog post will serve as [...]

5Nov2007 | Joe Harris | 0 comments | Continued

Cisco Wireless HWIC Config

You may be or may not be aware that Cisco has High-Speed Wireless WAN Interface Cards (HWIC-AP) that can be installed in your ISR routers that provides A/B/G wireless connectivity services integrated right into the ISR router.
Read More Here
Adding wireless access point functionality to the Cisco integrated services router’s capabilities helps simplify configuration, deployment, [...]

cisco

Introduction

This document explains the different ports and adapter pintouts for Cisco 1000, 1600, 2500, 2600, and 3600 Series Routers.

Prerequisites

Requirements

There are no specific requirements for this document.

Components Used

The information in this document is based on these software and hardware versions:

Cisco 1000, 1600, 2500, 2600, and 3600 Series Routers

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

Conventions

Refer to Cisco Technical Tips Conventions for more information on document conventions.

Auxiliary and Console Ports

The console and auxiliary ports on Cisco IOS® routers are asynchronous serial ports. The console port and the auxiliary port are configured as data terminal equipment (DTE). For Cisco 1000, 1600, 2500, 2600, and 3600 Series Routers, the console and auxiliary ports both use RJ-45 connectors. Adapters are available for connections to PC terminals, modems, or other external communications equipment.

This table shows the console port pinouts for the RJ-45 connector:

Console Port (DTE)
Pin¹	Signal	Input/Output
1	-	-
2	DTR	Output
3	TxD	Output
4	GND	-
5	GND	-
6	RxD	Input
7	DSR	Input
8	-	-

¹Any pin not referenced is not connected.

This table shows the auxiliary port pinouts of the RJ-45 connector:

Auxiliary Port (DTE)
Pin²	Signal	Input/Output
1	RTS	Output
2	DTR	Output
3	TXD	Output
4	GND	-
5	GND	-
6	RXD	Input
7	DSR	Input
8	CTS	Input

²Any pin not referenced is not connected.

Identify a Rollover Cable

In order to identify a rollover cable, compare the two modular ends of the cable. Hold the cables in your hand, side-by-side, with the tab at the back. The wire connected to the pin on the outside of the left connector (pin 1) must be the same color as the pin on the outside of the right connector (pin 8). On Cisco cables, pin 1 is white on one connector, and pin 8 is white on the other connector.

This table shows the RJ-45 rolled (console) cable pinouts:

Signal	Pin	Pin	Signal
-	1	8	-
-	2	7	-
-	3	6	-
-	4	5	-
-	5	4	-
-	6	3	-
-	7	2	-
-	8	1	-

Console Port Connection to a PC

To connect a PC terminal to the console port, use the RJ-45-to-RJ-45 rollover cable, and either the RJ-45-to-DB-25 female DTE adapter or the RJ-45-to-DB-9 female DTE adapter (labeled "TERMINAL").

The default parameters for the console port are:

9600 baud
8 data bits
No parity generated or checked
1 stop bit
No Flow Control

Console Port Signaling and Cabling with a DB-9 Adapter

The next table shows the pinout descriptions for the DB-9 connections:

Console Port (DTE)	RJ-45-to-RJ-45 Rollover Cable		RJ-45-to-DB-9 Terminal Adapter	Console Device
Signal	RJ-45 Pin	RJ-45 Pin	DB-9 Pin	Signal
RTS	1³	8	8	CTS
DTR	2	7	6	DSR
TxD	3	6	2	RxD
GND	4	5	5	GND
GND	5	4	5	GND
RxD	6	3	3	TxD
DSR	7	2	4	DTR
CTS	8	1	7	RTS

³Pin 1 is connected internally to Pin 8.

Console Port Signaling and Cabling with a DB-25 Adapter

The next table shows the pinout descriptions for the DB-25 connections:

Console Port (DTE)⁴	RJ-45-to-RJ-45 Rollover Cable		RJ-45-to-DB-25 Terminal Adapter	Console Device
Signal	RJ-45 Pin	RJ-45 Pin	DB-25 Pin	Signal
RTS	1⁵	8	5	CTS
DTR	2	7	6	DSR
TxD	3	6	3	RxD
GND	4	5	7	GND
GND	5	4	7	GND
RxD	6	3	2	TxD
DSR	7	2	20	DTR
CTS	8	1	4	RTS

⁴You can use the same cabling to connect a console to the auxiliary port.

⁵Pin 1 is connected internally to Pin 8.

Auxiliary Port Connection to a Modem

In order to connect a PC terminal to the router, use the RJ-45-to-RJ-45 roll-over cable and either the RJ-45-to-DB-25 female DTE adapter or the RJ-45-to-DB-9 female DTE adapter (labeled "TERMINAL"). This section lists the pinout descriptions for both DB-9 and DB-25 connections.

In order to connect a modem to the auxiliary port, use the RJ-45-to-RJ-45 rollover cable and the RJ-45-to-DB-25 male DCE adapter (labeled "MODEM").

Auxiliary Port Signaling and Cabling Using a DB-25 Adapter

Here is the pinout description for the modem connection:

Auxiliary Port (DTE)	RJ-45-to-RJ-45 Rollover Cable		RJ-45-to-DB-25 Modem Adapter	Modem
Signal	RJ-45 Pin	RJ-45 Pin	DB-25 Pin	Signal
RTS	1⁶	8	4	RTS
DTR	2	7	20	DTR
TxD	3	6	3	TxD
GND	4	5	7	GND
GND	5	4	7	GND
RxD	6	3	2	RxD
DSR	7	2	8	DCD
CTS	8	1	5	CTS

⁶Pin 1 is connected internally to Pin 8.

Alternative Terminal and Modem Connections

Cisco Port Connection	RJ-45 Cable Type	Adapter
Console port to PC	Straight-through	DCE, DB-9 female
Console port to terminal	Straight-through	DCE, DB-25 female
Auxiliary port to modem	Rollover⁷	DCE⁸, DB-25, male
-	Straight-through	DTE⁸, DB-25, male

⁷An octal cable or RJ-45 breakout cable is equivalent to a rollover cable.

⁸Modify the DB-25 adapter by removing pin 6 and placing it into the pin 8 position.

NetPro Discussion Forums - Featured Conversations

Networking Professionals Connection is a forum for networking professionals to share questions, suggestions, and information about networking solutions, products, and technologies. The featured links are some of the most recent conversations available in this technology.

Introduction

With VLAN Membership Policy Server (VMPS), you can assign switch ports to VLANs dynamically, based on the source MAC address of the device connected to the port. When you move a host from a port on one switch in the network to a port on another switch in the network, the switch dynamically assigns the new port to the proper VLAN for that host.