My Network Lab

Saturday, March 29, 2014

My Cisco 2811 and NM-8A/S

Kudos to my Mom for doing a splendid job packing my Cisco 2811 routers! I just realized how heavy they were (I got two) when the package arrived. So I went ahead and tested if the 3x fans are working.

I almost woke up my baby girl who was sleeping that night when I booted up the 2811 router for the first time. It made a loud noise fan upon boot up but went silent afterwards.

Router#show version
Cisco IOS Software, 2800 Software (C2800NM-ADVIPSERVICESK9-M), Version 12.4(16), RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Wed 20-Jun-07 07:19 by prod_rel_team

ROM: System Bootstrap, Version 12.4(13r)T, RELEASE SOFTWARE (fc1)

Router uptime is 6 minutes
System returned to ROM by power-on
System image file is "flash:c2800nm-advipservicesk9-mz.124-16.bin"

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/techsupport

If you require further assistance please contact us by sending email to
export@cisco.com.

Cisco 2811 (revision 53.51) with 249856K/12288K bytes of memory.
Processor board ID FHK1129F477
2 FastEthernet interfaces
2 Serial(sync/async) interfaces
1 Virtual Private Network (VPN) Module
DRAM configuration is 64 bits wide with parity enabled.
239K bytes of non-volatile configuration memory.
62720K bytes of ATA CompactFlash (Read/Write)

Configuration register is 0x2102

Router#show environment all

Main Power Supply is AC

Fan 1 OK
Fan 2 OK
Fan 3 OK

System Temperature: 24 Celsius (normal)

Environmental information last updated 00:00:03 ago

I also tested my NM-8A/S network module and upgraded the IOS on my 2811. My Frame Relay switch is now ready. All I need now are my serial cables. The 2811 will also make a perfect Call Manager Express (CME) router if I choose to take the Cisco voice track.

Router#show inventory
NAME: "2811 chassis", DESCR: "2811 chassis"
PID: CISCO2811         , VID: V05 , SN: FHK1129F40H

NAME: "Eight Port Low-Speed A/S Serial", DESCR: "Eight Port Low-Speed A/S Serial"
PID: NM-8A/S=          , VID: 1.0, SN: 28816743

Router#show ip interface brief
Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0/0            unassigned      YES unset administratively down down
FastEthernet0/1            unassigned      YES unset administratively down down
Serial1/0                  unassigned      YES unset administratively down down
Serial1/1                  unassigned      YES unset administratively down down
Serial1/2                  unassigned      YES unset administratively down down
Serial1/3                  unassigned      YES unset administratively down down
Serial1/4                  unassigned      YES unset administratively down down
Serial1/5                  unassigned      YES unset administratively down down
Serial1/6                  unassigned      YES unset administratively down down
Serial1/7                  unassigned      YES unset administratively down down

Router#show diag
Slot 0:
        C2811 Motherboard with 2FE and integrated VPN Port adapter, 2 ports
        Port adapter is analyzed
        Port adapter insertion time unknown
        Onboard VPN             : v2.2.0
        EEPROM contents at hardware discovery:
        PCB Serial Number        : FOC11276FF2
        Hardware Revision        : 1.0
        Top Assy. Part Number    : 800-26920-04
        Board Revision           : A0
        Deviation Number         : 0
        Fab Version              : 04
        RMA Test History         : 00
        RMA Number               : 0-0-0-0
        RMA History              : 00
        Processor type           : 87
        Hardware date code       : 20070710
        Chassis Serial Number    : FHK1129F40H
        Chassis MAC Address      : 001c.58b9.3d58
        MAC Address block size   : 24
        CLEI Code                : COM7R00ARA
        Product (FRU) Number     : CISCO2811
        Part Number              : 73-10258-05
        Version Identifier       : V05
        EEPROM format version 4
        EEPROM contents (hex):
          0x00: 04 FF C1 8B 46 4F 43 31 31 32 37 36 46 46 32 40
          0x10: 03 E7 41 01 00 C0 46 03 20 00 69 28 04 42 41 30
          0x20: 88 00 00 00 00 02 04 03 00 81 00 00 00 00 04 00
          0x30: 09 87 83 01 32 41 36 C2 8B 46 48 4B 31 31 32 39
          0x40: 46 34 30 48 C3 06 00 1C 58 B9 3D 58 43 00 18 C6
          0x50: 8A 43 4F 4D 37 52 30 30 41 52 41 CB 8F 43 49 53
          0x60: 43 4F 32 38 31 31 20 20 20 20 20 20 82 49 28 12
          0x70: 05 89 56 30 35 20 D9 02 40 C1 FF FF FF FF FF FF

Slot 1:
        Sync/Async Port adapter, 8 ports
        Port adapter is analyzed
        Port adapter insertion time unknown
        EEPROM contents at hardware discovery:
        Hardware revision 1.0           Board revision E0
        Serial number     28816743      Part number    800-01225-03
        FRU Part Number     NM-8A/S=
        Test history      0x0           RMA number     00-00-00
        EEPROM format version 1
        EEPROM contents (hex):
          0x00: 01 25 01 00 01

01 25 01 00 01 B7 B5 67 50 04 C9 03 00 00 00 00
          0x10: 70 00 00 00 02 08 02 17 FF FF FF FF FF FF FF FF
          0x20: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
          0x30: FF FF FF FF FF FF FF FF FF FF FF FF

Router#copy tftp://192.168.1.2/c2800nm-adventerprisek9-mz.124-24.T8.bin flash
Destination filename [c2800nm-adventerprisek9-mz.124-24.T8.bin]?
Accessing tftp://192.168.1.2/c2800nm-adventerprisek9-mz.124-24.T8.bin...
Erase flash: before copying? [confirm]
Erasing the flash filesystem will remove all files! Continue? [confirm]
Erasing device... eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee ...erased
Erase of flash: complete
Loading c2800nm-adventerprisek9-mz.124-24.T8.bin from 192.168.1.2 (via FastEthernet0/0): !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
[OK - 59490092 bytes]

Verifying checksum... CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC OK (0xEFB5)
59490092 bytes copied in 779.836 secs (76285 bytes/sec)
Router#show flash

CompactFlash directory:
File Length   Name/status
1   59490092 c2800nm-adventerprisek9-mz.124-24.T8.bin
[59490156 bytes used, 4735120 available, 64225276 total]
62720K bytes of ATA CompactFlash (Read/Write)

Router#reload

System configuration has been modified. Save? [yes/no]: y
Building configuration...
[OK]
Proceed with reload? [confirm]

*Jan 31 00:16:35.791: %SYS-5-RELOAD: Reload requested by console. Reload Reason: Reload Command.

System Bootstrap, Version 12.4(13r)T, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 2006 by cisco Systems, Inc.

Initializing memory for ECC
.
c2811 platform with 262144 Kbytes of main memory
Main memory is configured to 64 bit mode with ECC enabled

Readonly ROMMON initialized

program load complete, entry point: 0x8000f000, size: 0x38bbd64
Self decompressing the image : ################################################################################################################################################################################################################################################################################################################################################### [OK]

Smart Init is enabled
smart init is sizing iomem
ID            MEMORY_REQ                 TYPE
0003E7          0X00474800 C2811 Mainboard
000025          0X00033480 Eight port Async/Sync
                0X00264050 Onboard VPN
                0X000021B8 Onboard USB
                0X002C29F0 public buffer pools
                0X00211000 public particle pools
TOTAL:          0X00BE1878

If any of the above Memory Requirements are
"UNKNOWN", you may be using an unsupported
configuration or there is a software problem and
system operation may be compromised.
Rounded IOMEM up to: 12Mb.
Using 4 percent iomem. [12Mb/256Mb]

              Restricted Rights Legend

Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013

252.227-7013.

           cisco Systems, Inc.
           170 West Tasman Drive
           San Jose, California 95134-1706

Cisco IOS Software, 2800 Software (C2800NM-ADVENTERPRISEK9-M), Version 12.4(24)T8, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2012 by Cisco Systems, Inc.
Compiled Sun 09-Sep-12 04:01 by prod_rel_team

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/techsupport

If you require further assistance please contact us by sending email to
export@cisco.com.

Installed image archive
Cisco 2811 (revision 49.46) with 249856K/12288K bytes of memory.
Processor board ID FHK1129F40H
2 FastEthernet interfaces
8 Low-speed serial(sync/async) interfaces
1 Virtual Private Network (VPN) Module
DRAM configuration is 64 bits wide with parity enabled.
239K bytes of non-volatile configuration memory.
62720K bytes of ATA CompactFlash (Read/Write)

Press RETURN to get started!

*Jan 31 00:20:31.731: %VPN_HW-6-INFO_LOC: Crypto engine: onboard 0 State changed to: Initialized
*Jan 31 00:20:31.739: %VPN_HW-6-INFO_LOC: Crypto engine: onboard 0 State changed to: Enabled
*Jan 31 00:20:33.851: %LINEPROTO-5-UPDOWN: Line protocol on Interface VoIP-Null0, changed state to up
*Jan 31 00:20:33.851: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up
*Jan 31 00:20:33.851: %LINK-3-UPDOWN: Interface FastEthernet0/1, changed state to up
*Jan 31 00:20:33.855: %LINK-3-UPDOWN: Interface Serial1/0, changed state to down
*Jan 31 00:20:33.855: %LINK-3-UPDOWN: Interface Serial1/1, changed state to down
*Jan 31 00:20:33.855: %LINK-3-UPDOWN: Interface Serial1/2, changed state to down
*Jan 31 00:20:33.855: %LINK-3-UPDOWN: Interface Serial1/3, changed state to down
*Jan 31 00:20:33.855: %LINK-3-UPDOWN: Interface Serial1/4, changed state to down
*Jan 31 00:20:33.855: %LINK-3-UPDOWN: Interface Serial1/5, changed state to down
*Jan 31 00:20:33.855: %LINK-3-UPDO
Router>WN: Interface Serial1/6, changed state to down
*Jan 31 00:20:33.855: %LINK-3-UPDOWN: Interface Serial1/7, changed state to down
*Jan 31 00:20:35.275: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
*Jan 31 00:20:35.275: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down
*Jan 31 00:20:35.275: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0, changed state to down
*Jan 31 00:20:35.275: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/1, changed state to down
*Jan 31 00:20:35.275: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/2, changed state to down
*Jan 31 00:20:35.275: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/3, changed state to down
*Jan 31 00:20:35.275: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/4, changed state to down
*Jan 31 00:20:35.275: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/5, changed state to down
*Jan 31 00:20:35.275: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/6, changed state to down
*Jan 31 00:20:35.275: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/7, changed state to down
*Jan 31 00:20:37.635: %LINK-5-CHANGED: Interface FastEthernet0/1, changed state to administratively down
*Jan 31 00:20:37.679: %LINK-5-CHANGED: Interface Serial1/0, changed state to administratively down
*Jan 31 00:20:37.695: %LINK-5-CHANGED: Interface Serial1/1, changed state to administratively down
*Jan 31 00:20:37.703: %LINK-5-CHANGED: Interface Serial1/2, changed state to administratively down
*Jan 31 00:20:37.711: %LINK-5-CHANGED: Interface Serial1/3, changed state to administratively down
*Jan 31 00:20:37.723: %LINK-5-CHANGED: Interface Serial1/4, changed state to administratively down
*Jan 31 00:20:37.731: %LINK-5-CHANGED: Interface Serial1/5, changed state to administratively down
*Jan 31 00:20:37.739: %LINK-5-CHANGED: Interface Serial1/6, changed state to administratively down
*Jan 31 00:20:37.751: %LINK-5-CHANGED: Interface Serial1/7, changed state to administratively down
*Jan 31 00:20:39.439: %SYS-5-RESTART: System restarted --
Cisco IOS Software, 2800 Software (C2800NM-ADVENTERPRISEK9-M), Version 12.4(24)T8, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2012 by Cisco Systems, Inc.
Compiled Sun 09-Sep-12 04:01 by prod_rel_team
*Jan 31 00:20:39.451: %SNMP-5-COLDSTART: SNMP agent on host Router is undergoing a cold start
*Jan 31 00:20:39.711: %SYS-6-BOOTTIME: Time taken to reboot after reload = 243 seconds
*Jan 31 00:20:39.895: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is OFF
*Jan 31 00:20:39.895: %CRYPTO-6-GDOI_ON_OFF: GDOI is OFF
*Jan 31 00:20:39.899: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is OFF
*Jan 31 00:20:39.899: %CRYPTO-6-GDOI_ON_OFF: GDOI is OFF
Router>enable
Router#show version
Cisco IOS Software, 2800 Software (C2800NM-ADVENTERPRISEK9-M), Version 12.4(24)T8, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2012 by Cisco Systems, Inc.
Compiled Sun 09-Sep-12 04:01 by prod_rel_team

ROM: System Bootstrap, Version 12.4(13r)T, RELEASE SOFTWARE (fc1)

Router uptime is 1 minute
System returned to ROM by reload at 00:16:35 UTC Fri Jan 31 2014
System image file is "flash:c2800nm-adventerprisek9-mz.124-24.T8.bin"

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/techsupport

If you require further assistance please contact us by sending email to
export@cisco.com.

Cisco 2811 (revision 53.50) with 249856K/12288K bytes of memory.
Processor board ID FHK1129F40H
2 FastEthernet interfaces
8 Low-speed serial(sync/async) interfaces
1 Virtual Private Network (VPN) Module
DRAM configuration is 64 bits wide with parity enabled.
239K bytes of non-volatile configuration memory.
62720K bytes of ATA CompactFlash (Read/Write)

Configuration register is 0x2102

Saturday, February 8, 2014

Testing Cisco WAN Interface Card (WIC)

My serial WICs started to arrive one by one. These will be used for my spoke routers. I also plan to use a NM-8A/S (8-port Asynchronous/Synchronous network module) for my Frame Relay switch.

The first thing I wanted to check is whether they've arrived in working condition. These are my quick handy commands in verifying them. Make sure to "ground" yourself by holding something metallic for a few seconds. You can also use an anti-static wrist band in order to avoid electrostatic discharge (ESD) that could potentially damage the WICs.

1841-1#show inventory
NAME: "chassis", DESCR: "1841 chassis"
PID: CISCO1841         , VID: V06 , SN: FHK143872B5

NAME: "WIC 0", DESCR: "WAN Interface Card - Serial 2T"
PID: WIC-2T=           , VID: 1.0, SN: 27148634

NAME: "WIC 1", DESCR: "WAN Interface Card - Serial (1T)"
PID: WIC-1T=           , VID: 1.0, SN: 32317356

1841-1#show version
Cisco IOS Software, 1841 Software (C1841-ADVENTERPRISEK9-M), Version 12.4(24)T2, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Mon 19-Oct-09 16:11 by prod_rel_team

ROM: System Bootstrap, Version 12.4(13r)T, RELEASE SOFTWARE (fc1)

1841-1 uptime is 1 minute
System returned to ROM by power-on
System image file is "flash:c1841-adventerprisek9-mz.124-24.T2.bin"

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/techsupport

If you require further assistance please contact us by sending email to
export@cisco.com.

Cisco 1841 (revision 7.0) with 238592K/23552K bytes of memory.
Processor board ID FHK143872B5
2 FastEthernet interfaces
3 Serial(sync/async) interfaces
1 Virtual Private Network (VPN) Module
DRAM configuration is 64 bits wide with parity disabled.
191K bytes of NVRAM.
62720K bytes of ATA CompactFlash (Read/Write)

Configuration register is 0x2102

1841-1#show diag
Slot 0:
        C1841 2FE 2SLOT Mainboard Port adapter, 5 ports
        Port adapter is analyzed
        Port adapter insertion time 00:02:09 ago
        EEPROM contents at hardware discovery:
        Chassis MAC Address      : b4a4.e308.3de4
        MAC Address block size   : 34
        PCB Serial Number        : FOC14356TP9
        Hardware Revision        : 7.0
        Part Number              : 73-8191-08
        Board Revision           : H0
        Top Assy. Part Number    : 800-23434-07
        Deviation Number         : 0
        Fab Version              : 04
        CLEI Code                : IPMNN10DRA
        RMA Test History         : 00
        RMA Number               : 0-0-0-0
        RMA History              : 00
        Product (FRU) Number     : CISCO1841
        Version Identifier       : V06
        Processor type           : 86
        Chassis Serial Number    : FHK143872B5
        EEPROM format version 4
        EEPROM contents (hex):
          0x00: 04 FF C3 06 B4 A4 E3 08 3D E4 43 00 22 C1 8B 46
          0x10: 4F 43 31 34 33 35 36 54 50 39 40 04 1B 41 07 00
          0x20: 82 49 1F FF 08 42 48 30 C0 46 03 20 00 5B 8A 07
          0x30: 88 00 00 00 00 02 04 C6 8A 49 50 4D 4E 4E 31 30
          0x40: 44 52 41 03 00 81 00 00 00 00 04 00 CB 89 43 49
          0x50: 53 43 4F 31 38 34 31 89 56 30 36 20 D9 03 40 C1
          0x60: C2 09 86 C2 8B 46 48 4B 31 34 33 38 37 32 42 35
          0x70: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
          0x80: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
          0x90: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
          0xA0: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
          0xB0: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
          0xC0: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
          0xD0: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
          0xE0: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
          0xF0: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
          0x100: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
          0x110: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
          0x120: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
          0x130: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
          0x140: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
          0x150: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
          0x160: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
          0x170: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
          0x180: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
          0x190: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
          0x1A0: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
          0x1B0: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
          0x1C0: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
          0x1D0: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
          0x1E0: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
          0x1F0: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF

        WIC/HWIC Slot 0:
        Serial 2T (12in1)
        Hardware revision 1.0           Board revision F0
        Serial number     27148634      Part number    800-03181-01
        FRU Part Number     WIC-2T=
        Test history      0x0           RMA number     00-00-00
        Connector type    PCI
        EEPROM format version 1
        EEPROM contents (hex):
          0x20: 01 12 01 00 01 9E 41 5A 50 0C 6D 01 00 00 00 00
          0x30: 78 00 00 00 01 11 20 00 FF FF FF FF FF FF FF FF

        WIC/HWIC Slot 1:
        Serial 1T WAN daughter card
        Hardware revision 1.0           Board revision B0
        Serial number     32317356      Part number    800-01514-02
        FRU Part Number     WIC-1T=
        Test history      0x0           RMA number     00-00-00
        Connector type    Wan Module
        EEPROM format version 1
        EEPROM contents (hex):
          0x20: 01 02 01 00 01 ED 1F AC 50 05 EA 02 00 00 00 00
          0x30: 58 00 00 00 04 05 16 01 FF FF FF FF FF FF FF FF

1841-1#show ip interface brief
Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0/0            172.16.1.5      YES NVRAM up                    down
FastEthernet0/1            172.16.20.254   YES NVRAM up                    down
Serial0/0/0                unassigned      YES unset administratively down down
Serial0/0/1                unassigned      YES unset administratively down down
Serial0/1/0                unassigned      YES unset administratively down down

Saturday, January 18, 2014

My Complete Network Lab Setup

This is a continuation of my previous post and fully integrated the Layer 2 switched network and added a couple of 1841 routers.

There were some minor modifications on the 871w router for NAT to function properly. I also opened ICMP, SSH and Telnet ports on the ASA5505 firewall for troubleshooting and testing purposes. The switch's management IP were changed I used the 172.16.0.0 /16 subnet solely for my lab. I then isolate my wifi users on the 192.168.1.0 /24 subnet.

871W#configure terminal
871W(config-if)#interface fastethernet0    // MOVE TRUNK FROM FE3 TO FE0 PORT
871W(config-if)#description TRUNK TO ASA5505
871W(config-if)#do show ip interface brief
Interface                  IP-Address      OK? Method Status                Protocol
BVI1                       192.168.1.1     YES NVRAM up                    up
Dot11Radio0                unassigned      YES NVRAM up                    up
FastEthernet0              unassigned      YES unset up                    up
FastEthernet1              unassigned      YES unset administratively down down
FastEthernet2              unassigned      YES unset administratively down down
FastEthernet3              unassigned      YES unset administratively down down
FastEthernet4              59.189.109.1    YES DHCP   up                    up
Group-Async4               unassigned      YES NVRAM down                  down
NVI0                       unassigned      YES unset administratively down down
Vlan1                      unassigned      YES NVRAM up                    up
871W(config)#ip route 172.16.0.0 255.255.0.0 192.168.1.2 // ROUTE TO LAB NETWORK
871W(config)#access-list 10 permit 172.16.0.0 0.0.255.255
871W(config)#do show access-list 10
Standard IP access list 10
    10 permit 172.16.0.0, wildcard bits 0.0.255.255 (54 matches)      // NAT ACL FOR 172.16.0.0/16 (LAB)
    20 permit 192.168.1.0, wildcard bits 0.0.0.255 (862 matches)    // NAT ACL FOR 192.168.1.0 /24 (WIFI)

871W(config)#exit
871W#show ip nat translations | include 172.16.1.6
udp 59.189.105.139:49226 172.16.1.6:49226      8.8.8.8:33506         8.8.8.8:33506
udp 59.189.105.139:49227 172.16.1.6:49227      8.8.8.8:33507         8.8.8.8:33507
udp 59.189.105.139:49228 172.16.1.6:49228      8.8.8.8:33508         8.8.8.8:33508
udp 59.189.105.139:49229 172.16.1.6:49229      8.8.8.8:33509         8.8.8.8:33509
udp 59.189.105.139:49230 172.16.1.6:49230      8.8.8.8:33510         8.8.8.8:33510
udp 59.189.105.139:49231 172.16.1.6:49231      8.8.8.8:33511         8.8.8.8:33511
udp 59.189.105.139:49232 172.16.1.6:49232      8.8.8.8:33512         8.8.8.8:33512
udp 59.189.105.139:49233 172.16.1.6:49233      8.8.8.8:33513         8.8.8.8:33513
udp 59.189.105.139:49234 172.16.1.6:49234      8.8.8.8:33514         8.8.8.8:33514
udp 59.189.105.139:49235 172.16.1.6:49235      8.8.8.8:33515         8.8.8.8:33515
udp 59.189.105.139:49236 172.16.1.6:49236      8.8.8.8:33516         8.8.8.8:33516
udp 59.189.105.139:49237 172.16.1.6:49237      8.8.8.8:33517         8.8.8.8:33517
udp 59.189.105.139:49238 172.16.1.6:49238      8.8.8.8:33518         8.8.8.8:33518
udp 59.189.105.139:49239 172.16.1.6:49239      8.8.8.8:33519         8.8.8.8:33519
udp 59.189.105.139:49240 172.16.1.6:49240      8.8.8.8:33520         8.8.8.8:33520
udp 59.189.105.139:49241 172.16.1.6:49241      8.8.8.8:33521         8.8.8.8:33521
udp 59.189.105.139:49242 172.16.1.6:49242      8.8.8.8:33522         8.8.8.8:33522
udp 59.189.105.139:49243 172.16.1.6:49243      8.8.8.8:33523         8.8.8.8:33523

871W#ping 172.16.1.6     // PING AND TELNET TO 1841-2 LAB ROUTER

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.1.6, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
871W#telnet 172.16.1.6
Trying 172.16.1.6 ... Open

+--------------------------------------------------------------+
| This equipment is privately owned and monitored.             |
| Disconnect immediately if you are not an authorized user.    |
+--------------------------------------------------------------+

User Access Verification

Username:

----

ASA5505# configure terminal
ASA5505(config)# interface ethernet0/0     // WAN PORT
ASA5505(config-if)# description LINK TO 871W
ASA5505(config-if)# interface ethernet0/1     // LAN PORT
ASA5505(config-if)# description TRUNK TO SW1
ASA5505(config-if)# exit
ASA5505(config)# banner motd +--------------------------------------------------------------+
ASA5505(config)# banner motd | This equipment is privately owned and monitored.             |
ASA5505(config)# banner motd | Disconnect immediately if you are not an authorized user.    |
ASA5505(config)# banner motd +--------------------------------------------------------------+
ASA5505(config)# policy-map global_policy
ASA5505(config-pmap)# class inspection_default
ASA5505(config-pmap-c)# inspect icmp error    // FOR TRACEROUTE FUNCTION
ASA5505(config-pmap-c)# exit
ASA5505(config-pmap)# exit
ASA5505(config)# access-list OUTSIDE-IN extended permit icmp any 172.16.0.0 255.255.0.0 echo
ASA5505(config)# access-list OUTSIDE-IN extended permit tcp any 172.16.0.0 255.255.0.0 eq telnet
ASA5505(config)# access-list OUTSIDE-IN extended permit tcp any 172.16.0.0 255.255.0.0 eq ssh
ASA5505(config)# access-list OUTSIDE-IN extended permit icmp any any time-exceeded   // FOR TRACEROUTE FUNCTION
ASA5505(config)# access-list OUTSIDE-IN extended permit icmp any any unreachable   // FOR TRACEROUTE FUNCTION

PING TO SWITCHES:

ASA5505# ping 172.16.1.2    // SW1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

ASA5505# ping 172.16.1.3    // SW2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.1.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/10 ms

ASA5505# ping 172.16.1.4    // SW3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.1.4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

PING TO ROUTERS:

ASA5505# ping 172.16.1.6    // 1841-2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.1.6, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

PING TO OUTSIDE:

ASA5505# ping 8.8.8.8    // GOOGLE PUBLIC DNS
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/24/30 ms

ASA5505# ping www.cisco.com
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 60.254.168.170, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 40/48/50 ms

----

SW1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
SW1(config)#interface fastethernet0/8
SW1(config-if)#description TRUNK TO ASA5505
SW1(config-if)#switchport trunk encapsulation dot1q
SW1(config-if)#switchport mode trunk
SW1(config-if)#do show interface description
Interface                      Status         Protocol Description
Vl1                            up             up       L3 MANAGEMENT VLAN
Fa0/1                          up             up       L2 ETHERCHANNEL TO SW2 (LINK#1)
Fa0/2                          up             up       L2 ETHERCHANNEL TO SW2 (LINK#2)
Fa0/3                          up             up       L2 ETHECHANNEL TO SW3 (LINK#1)
Fa0/4                          up             up       L2 ETHECHANNEL TO SW3 (LINK#2)
Fa0/5                          down           down
Fa0/6                          down           down
Fa0/7                          down           down
Fa0/8                          up             up       TRUNK TO ASA5505
Gi0/1                          down           down
Po1                            up             up       L2 ETHERCHANNEL TO SW2
Po2                            up             up       L2 ETHECHANNEL TO SW3
SW1(config)#interface vlan1
SW1(config-if)#ip address 172.16.1.2 255.255.255.0   // CHANGED MANAGEMENT IP ADDRESS
SW1(config)#ip default-gateway 172.16.1.1    // ASA INSIDE IP ADDRESS
SW1(config)#exit
00:41:14: %SYS-5-CONFIG_I: Configured from console by console
SW1#ping 172.16.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/202/1007 ms

SW2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
SW2(config)#interface vlan1
SW2(config-if)#ip address 172.16.1.3 255.255.255.0
SW2(config)#interface fastethernet0/8
SW2(config-if)#description LINK TO 1841-1
SW2(config-if)#switchport mode trunk
SW2(config-if)#exit
SW2(config)#ip default-gateway 172.16.1.1
SW2(config)#exit
SW2#
01:00:29: %SYS-5-CONFIG_I: Configured from console by console
SW2#ping 172.16.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/201/1000 ms

----

SW3#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
SW3(config)#interface vlan1
SW3(config-if)#ip address 172.16.1.4 255.255.255.0
SW3(config-if)#exit
SW3(config)#ip default-gateway 172.16.1.1
SW3(config)#interface fastethernet0/8
SW3(config-if)#description LINK TO 1841-2
SW3(config-if)#switchport mode trunk
SW3(config-if)#do show interface description
Interface                      Status         Protocol Description
Vl1                            up             up       L3 MANAGEMENT VLAN
Fa0/1                          up             up       L2 ETHERCHANNEL TO SW1 (LINK#1)
Fa0/2                          up             up       L2 ETHERCHANNEL TO SW1 (LINK#2)
Fa0/3                          up             up       L2 ETHERCHANNEL TO SW2 (LINK#1)
Fa0/4                          up             up       L2 ETHERCHANNEL TO SW2 (LINK#2)
Fa0/5                          down           down
Fa0/6                          down           down
Fa0/7                          down           down
Fa0/8                          down           down     LINK TO 1841-2
Gi0/1                          down           down
Po1                            up             up       L2 ETHERCHANNEL TO SW1
Po2                            up             up       L2 ETHERCHANNEL TO SW2
SW3(config)#exit
*Mar 1 00:59:09.169: %SYS-5-CONFIG_I: Configured from console by console
SW3#ping 172.16.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/203/1006 ms

----

Router#show ip interface brief
Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0/0            unassigned      YES NVRAM up                    up
FastEthernet0/1            unassigned      YES NVRAM administratively down down
Router#configure terminal
Router(config)# hostname 1841-2
1841-2(config)#service timestamps debug datetime msec localtime show-timezone
1841-2(config)#service timestamps log datetime msec localtime show-timezone
1841-2(config)#service password-encryption
1841-2(config)#banner login #
Enter TEXT message. End with the character '#'
+--------------------------------------------------------------+
| This equipment is privately owned and monitored.             |
| Disconnect immediately if you are not an authorized user.    |
+--------------------------------------------------------------+
#
1841-2(config)#logging buffered 4096
1841-2(config)#enable password cisco
1841-2(config)#ip domain name lagura.com
1841-2(config)#ip name-server 8.8.8.8
1841-2(config)#ip name-server 4.2.2.2
1841-2(config)#username cisco privilege 15 password cisco
1841-2(config)#interface fastethernet0/0
1841-2(config-if)#description CONNECTION TO WAN
1841-2(config-if)#ip address 172.16.1.6 255.255.255.0
1841-2(config-if)#interface fastethernet0/1
1841-2(config-if)#description CONNECTION TO LAN
1841-2(config-if)#ip address 172.16.20.254 255.255.255.0
1841-2(config-if)#no shutdown
1841-2(config-if)#exit
*Nov 6 09:24:53.155: %SYS-5-CONFIG_I: Configured from console by console
*Nov 6 09:24:54.235: %LINK-3-UPDOWN: Interface FastEthernet0/1, changed state to up
*Nov 6 09:24:55.235: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up
*Nov 6 09:25:00.671: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down
1841-2(config)#ip route 0.0.0.0 0.0.0.0 172.16.1.1   // STATIC DEFAULT ROUTE TO ASA INSIDE IP ADDRESS
1841-2(config)#router eigrp 1
1841-2(config-router)#network 172.16.0.0 0.0.255.255
1841-2(config-router)#no auto-summary
1841-2(config-router)#exit1841-2(config)#line vty 0 4
1841-2(config-line)#exec-timeout 0
1841-2(config-line)#logging synchronous
1841-2(config-line)#login local
1841-2(config-line)#line console 0
1841-2(config-line)#no exec-timeout
1841-2(config-line)#logging synchronous
1841-2(config-line)#end
1841-2#ping 172.16.1.1      // ASA INSIDE IP ADDRESS

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms

1841-2#ping 8.8.8.8

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 24/27/28 ms
1841-2#ping www.cisco.com

Translating "www.cisco.com"...domain server (8.8.8.8) [OK]

Translating "www.cisco.com"...domain server (8.8.8.8) [OK]

Translating "www.cisco.com"...domain server (8.8.8.8) [OK]

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 23.58.240.170, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/21/24 ms

1841-2#traceroute www.google.com

Type escape sequence to abort.
Tracing the route to www.google.com (74.125.200.105)

1 192.168.1.1 0 msec 0 msec 4 msec
2 cm1.delta104.maxonline.com.sg (59.189.104.1) 8 msec 12 msec 12 msec
3 172.20.43.1 12 msec 12 msec 12 msec
4 172.26.43.1 32 msec 12 msec 16 msec
5 172.20.7.114 28 msec 12 msec 12 msec
6 203.117.36.89 12 msec 16 msec 16 msec
7 203.117.36.21 [MPLS: Label 16040 Exp 0] 28 msec 12 msec 12 msec
8 203.117.35.206 12 msec 12 msec 12 msec
9 72.14.196.189 12 msec 12 msec 12 msec
10 66.249.95.124 12 msec
    66.249.95.122 16 msec 20 msec
11 72.14.239.61 12 msec
    209.85.244.23 12 msec 16 msec
12 * * *
13 www.google.com (74.125.200.105) 20 msec 28 msec 16 msec

Below are the logical network diagram and the actual physical setup of my lab. I plan to add more stuff like DDNS, enable EIGRP, use PRTG monitoring and experiment on the different styles of VPN and MPLS. I'll also rack mount my gears to a 12 RU rack to give it a more "professional" look.

Sunday, January 5, 2014

Configuring My Cisco ASA 5505 Home Lab Firewall

I'm done with FIREWALL and will start my VPN very soon. So I took out my ASA 5505 to test my firewall skills, made a factory default and hooked it up on my lab network.

I did a two network approach using the "inside" and "outside" network since my ASA 5505 has a Base License, which supports only 3 VLANs. I could setup the firewall with a DMZ, but it would only be "restricted." This means that if I add a DMZ network, it can only go out to the outside (Internet) while the inside network can communicate with both the outside and DMZ network.

Licensed features for this platform:
Maximum Physical Interfaces       : 8              perpetual
VLANs                             : 3              DMZ Restricted
Dual ISPs                         : Disabled       perpetual
VLAN Trunk Ports                  : 0              perpetual
Inside Hosts                      : 10             perpetual
Failover                          : Disabled       perpetual
Encryption-DES                    : Enabled        perpetual
Encryption-3DES-AES               : Enabled        perpetual
AnyConnect Premium Peers          : 2              perpetual
AnyConnect Essentials             : Disabled       perpetual
Other VPN Peers                   : 10             perpetual
Total VPN Peers                   : 12             perpetual
Shared License                    : Disabled       perpetual
AnyConnect for Mobile             : Disabled       perpetual
AnyConnect for Cisco VPN Phone    : Disabled       perpetual
Advanced Endpoint Assessment      : Disabled       perpetual
UC Phone Proxy Sessions           : 2              perpetual
Total UC Proxy Sessions           : 2              perpetual
Botnet Traffic Filter             : Disabled       perpetual
Intercompany Media Engine         : Disabled       perpetual
Cluster                           : Disabled       perpetual

This platform has a Base license.

ASA5505(config)# interface vlan 3
ASA5505(config-if)# nameif dmz
ERROR: This license does not allow configuring more than 2 interfaces with
nameif and without a "no forward" command on this interface or on 1 interface(s)
with nameif already configured.

This scenario fits with my current network topology since I wanted my 871w router to function as the Internet edge router and the ASA 5505 behind it. Another good reason for doing this setup is that NAT is much simpler to configure and mange on a Cisco router.

ciscoasa(config)# hostname ASA_5505
ERROR: Invalid hostname: 'ASA_5505'
INFO: A hostname must start and end with a letter or digit, and have as interior characters only letters, digits, or a hyphen.
ciscoasa(config)# hostname ASA5505
ASA5505(config)# username cisco password cisco privilege 15    // NOT RECOMMENDED IN A PRODUCTION NETWORK
ASA5505(config)# enable password cisco
ASA5505(config)# interface vlan 1
ASA5505(config-if)# ip address 172.16.1.1 255.255.255.0
ASA5505(config-if)# nameif inside
INFO: Security level for "inside" set to 100 by default.
ASA5505(config-if)# interface vlan 2
ASA5505(config-if)# ip address 192.168.1.2 255.255.255.0
ASA5505(config-if)# nameif outside
INFO: Security level for "outside" set to 0 by default.
ASA5505(config-if)# exit
ASA5505(config)# route outside 0 0 192.168.1.1 // STATIC DEFAULT ROUTE TO 871W
ASA5505(config)# interface ethernet0/0    // E0/0 PORT IS USED FOR WAN BY DEFAULT
ASA5505(config-if)# no shutdown
ASA5505(config-if)# ping 192.168.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/10 ms
ASA5505(config-if)# exit
ASA5505(config)# http server enable
ASA5505(config)# http 192.168.1.0 255.255.255.0 outside     // FOR ASDM ACCESS
ASA5505(config)# ping 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/28/40 ms
ASA5505(config)# ping www.cisco.com
                      ^
ERROR: % Invalid Hostname
ASA5505(config)# dns ?

configure mode commands/options:
domain-lookup       Enable/Disable DNS host-to-address translation
expire-entry-timer Specify DNS entry expire timer
name-server         Specify DNS servers
poll-timer          Specify dns update interval
retries             Configure DNS retries
server-group        Configure a DNS server group
timeout             Configure DNS query timeout

exec mode commands/options:
update Update FQDN IP addresses
ASA5505(config)# dns domain-lookup ?

configure mode commands/options:
Current available interface(s):
inside   Name of interface Vlan1
outside Name of interface Vlan2
ASA5505(config)# dns domain-lookup outside
ASA5505(config)# dns domain-lookup inside
ASA5505(config)# dns server-group DefaultDNS   // DNS DOESN'T WORK ON A DIFFERENT DNS GROUP
ASA5505(config-dns-server-group)# name-server 8.8.8.8
ASA5505(config-dns-server-group)# name-server 4.2.2.2
ASA5505(config-dns-server-group)# exit
ASA5505(config)# ping www.cisco.com
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 23.58.16.170, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 40/48/70 ms
ASA5505(config)# object network INSIDE_HOSTS // CREATE NETWORK OBJECT FOR SIMPLIFIED AND CLEAN CONFIG (IOS 8.3+)
ASA5505(config-network-object)# subnet 172.16.0.0 255.255.0.0
ASA5505(config-network-object)# exit
ASA5505(config)# object network INSIDE_LAN
ASA5505(config-network-object)# ?

description Specify description text
fqdn         Enter this keyword to specify an FQDN
help         Help for network object configuration commands
host         Enter this keyword to specify a single host object
nat          Enable NAT on a singleton object
no           Remove an object or description from object
range        Enter this keyword to specify a range
subnet       Enter this keyword to specify a subnet
ASA5505(config-network-object)# subnet 172.16.0.0 255.255.0.0
ASA5505(config-network-object)# ?

description Specify description text
fqdn         Enter this keyword to specify an FQDN
help         Help for network object configuration commands
host         Enter this keyword to specify a single host object
nat          Enable NAT on a singleton object
no           Remove an object or description from object
range        Enter this keyword to specify a range
subnet       Enter this keyword to specify a subnet
ASA5505(config-network-object)# nat (?

network-object mode commands/options:
Current available interface(s):

any      Global address space     // ANY KEYWORD IS AVAILABLE ON IOS 8.3+
inside   Name of interface Vlan1
outside Name of interface Vlan2

configure mode commands/options:
Current available interface(s):

any      Global address space
inside   Name of interface Vlan1
outside Name of interface Vlan2
ASA5505(config-network-object)# nat (inside,outside) ?

network-object mode commands/options:
dynamic Specify NAT type as dynamic
static   Specify NAT type as static

configure mode commands/options:
<1-2147483647> Position of NAT rule within before auto section
after-auto      Insert NAT rule after auto section
source          Source NAT parameters
ASA5505(config-network-object)# nat (inside,outside) static ?

network-object mode commands/options:
A.B.C.D             Mapped IP address
WORD                Mapped network object/object-group name
X:X:X:X::X/<0-128> Enter an IPv6 prefix
interface           Use interface address as mapped IP
ASA5505(config-network-object)# nat (inside,outside) static INSIDE_HOSTS   // IDENTITY NAT
ASA5505(config-network-object)# exit
ASA5505(config)# telnet 172.16.0.0 255.255.0.0 inside     // TELNET IS DISALLOWED ON THE OUTSIDE INTERFACE
ASA5505(config)# ssh 192.168.1.0 255.255.255.0 outside
ASA5505(config)# domain-name ?

configure mode commands/options:
WORD Domain names must begin and end with a digit/letter, only letters,
        digits, and hyphen are allowed as internal characters, labels are
        separated by a dot. A maximum of 63 characters is allowed.
ASA5505(config)# domain-name lagura.com    // DOMAIN NAME AND RSA KEYS ARE NEEDED FOR SSH CONNECTION
ASA5505(config)# crypto key generate rsa modulus ?

configure mode commands/options:
1024 1024 bits
2048 2048 bits
512   512 bits
768   768 bits
ASA5505(config)# crypto key generate rsa modulus 1024
INFO: The name for the keys will be: <Default-RSA-Key>
Keypair generation process begin. Please wait...
ASA5505(config)# aaa authentication ssh console LOCAL    // USE LOCAL DATABASE FOR SSH
ASA5505(config)# ssh timeout 60   // SSH TIMEOUT CAN'T BE DISABLED AND CAN ONLY BE SET TO 60 MINS MAX

I can now remotely access my ASA 5505 firewall via ASDM and with an SSH client on my iPad.

Friday, December 13, 2013

Cisco 1841 router IOS Update

I've purchased a couple of Cisco 64 MB Compact Flash (CF) cards for my 1841 routers in order to run the

c1841-adventerprisek9-mz.124-24.T2.bin code. This IOS is feature packed compared to the default IP BASE IOS according Cisco's Feature Navigator Tool.

It is also able to run MP-BGP/MPLS VPN, which is essential in doing labs for the CCIE R/S blueprint. So I went ahead and downloaded the IOS.

I found an easy and quick way to perform the IOS update. I first let the router bootup and run the default IOS, which in this case is the IP BASE.

Router>show version
Cisco IOS Software, 1841 Software (C1841-IPBASE-M), Version 12.4(12a), RELEASE SOFTWARE (fc3)
Technical Support: http://splashurl.com/m6n5s3d
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Thu 22-Feb-07 15:10 by prod_rel_team

ROM: System Bootstrap, Version 12.4(13r)T, RELEASE SOFTWARE (fc1)

Router uptime is 1 minute
System returned to ROM by reload at 15:03:47 SGT Tue Aug 20 2013
System image file is "flash:c1841-ipbase-mz.124-12a.bin"

Cisco 1841 (revision 7.0) with 114688K/16384K bytes of memory.
Processor board ID FHK111819JT
2 FastEthernet interfaces
DRAM configuration is 64 bits wide with parity disabled.
191K bytes of NVRAM.
31360K bytes of ATA CompactFlash (Read/Write)

Configuration register is 0x2102

I ejected the 32 MB CF card and swapped with a 64 MB card, connected an RJ45 patch cable to the FE0/0 port (using FE0/1 doesn't work), which is connected to a TFTP server (my PC) on the other end. We also check if the new CF card is formatted (FAT16) and doesn't contain any irrelevant files.

After that we can transfer the new IOS via TFTP to the CF and check its integrity afterwards. We do a reboot for the new IOS to take effect.

Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#interface fastethernet0/0
Router(config-if)#ip address 192.168.1.1 255.255.255.0
Router(config-if)#no shutdown
*Nov 16 15:10:28.423: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up
*Nov 16 15:10:29.423: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
Router(config-if)#end
*Nov 16 15:10:45.719: %SYS-5-CONFIG_I: Configured from console by console
*Nov 16 15:10:52.735: %FILESYS-5-CF: External CompactFlash removed       // EJECTED 32 MB CF
Router#
Flash card inserted in flash. Reading filesystem on the device...
Wait for the completion message before accessing device
Filesystem read completed in flash.
Device in flash available for use

*Nov 16 15:11:06.111: %FILESYS-5-CF: External CompactFlash inserted      // INSERTED 64 MB CF
Router#dir

Directory of flash:/

    1 -rw-         720   May 2 2007 21:56:14 +00:00 vlan.dat
    2 -rw-        1821   Aug 1 2006 19:08:30 +00:00 sdmconfig-2801.cfg
    3 -rw-     4734464   Aug 1 2006 19:09:04 +00:00 sdm.tar
    4 -rw-      833024   Aug 1 2006 19:09:28 +00:00 es.tar
    5 -rw-     1052160   Aug 1 2006 19:09:50 +00:00 common.tar
    6 -rw-        1038   Aug 1 2006 19:10:10 +00:00 home.shtml
    7 -rw-      102400   Aug 1 2006 19:10:30 +00:00 home.tar
    8 -rw-      491213   Aug 1 2006 19:10:50 +00:00 128MB.sdf
    9 -rw-     1684577   Aug 1 2006 19:11:22 +00:00 securedesktop-ios-3.1.1.27-k9.pkg
   10 -rw-      398305   Aug 1 2006 19:11:54 +00:00 sslclient-win-1.1.0.154.pkg
   11 -rw-    32999900 Mar 12 2008 19:46:56 +00:00 c2801-adventerprisek9-mz.124-19.bin
   12 -rw-        2362 Nov 23 2009 17:25:20 +00:00 pre_autosec.cfg
   13 -rw-      386294 Nov 23 2009 19:03:44 +00:00 crashinfo_20091123-190339
   14 -rw-      214858 Nov 23 2009 19:18:42 +00:00 crashinfo_20091123-191843
   15 -rw-         839 Mar 24 2010 23:48:34 +00:00 n
   16 -rw-         981 Apr 20 2011 20:00:54 +00:00 config
   17 -rw-        1091 Jan 31 2011 22:01:30 +00:00 startup-config
   18 -rw-        1105 Oct 18 2012 21:17:50 +00:00 exit
   19 -rw-        1407 Oct 23 2012 21:52:36 +00:00 o

Router#delete ?
/force      Force delete
/recursive Recursive delete
flash:      File to be deleted
nvram:      File to be deleted

Router#delete /force ?
/recursive Recursive delete
flash:      File to be deleted
nvram:      File to be deleted

Router#delete /force /recursive ?
flash: File to be deleted
nvram: File to be deleted

Router#delete /force /recursive flash:?
flash:128MB.sdf                    flash:c2801-adventerprisek9-mz.124-19.bin
flash:common.tar                   flash:config
flash:crashinfo_20091123-190339    flash:crashinfo_20091123-191843
flash:es.tar                       flash:exit
flash:home.shtml                   flash:home.tar
flash:n                            flash:o
flash:pre_autosec.cfg              flash:sdm.tar
flash:sdmconfig-2801.cfg           flash:securedesktop-ios-3.1.1.27-k9.pkg
flash:sslclient-win-1.1.0.154.pkg flash:startup-config
flash:vlan.dat

Router#delete /force /recursive flash:    // erase /all nvram: DOESN'T SEEM TO WORK
Router#dir
Directory of flash:/

No files in directory

64012288 bytes total (64012288 bytes free)
Router#copy tftp://192.168.1.2/c1841-adventerprisek9-mz.124-24.T2.bin flash
Destination filename [c1841-adventerprisek9-mz.124-24.T2.bin]?
Accessing tftp://192.168.1.2/c1841-adventerprisek9-mz.124-24.T2.bin...
Loading c1841-adventerprisek9-mz.124-24.T2.bin from 192.168.1.2 (via FastEthernet0/0):

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
[OK - 40529832 bytes]

40529832 bytes copied in 212.124 secs (191067 bytes/sec)
Router#verify flash:c1841-adventerprisek9-mz.124-24.T2.bin
%Filesystem does not support verify operations
Verifying file integrity of flash:c1841-adventerprisek9-mz.124-24.T2.bin.........................................................................................................

<OUTPUT TRUNCATED>

....................................................................................................Done!
Embedded Hash   MD5 : D4265070CE2266CB3C7F459A49C1EFAA
Computed Hash   MD5 : D4265070CE2266CB3C7F459A49C1EFAA
CCO Hash        MD5 : B7C09EB264EA1D50E0E8254DB8DFF429

Signature Verified
Router#reload

System configuration has been modified. Save? [yes/no]: no
Proceed with reload? [confirm]

*Nov 16 15:17:17.563: %SYS-5-RELOAD: Reload requested by console. Reload Reason: Reload Command.
System Bootstrap, Version 12.4(13r)T, RELEASE SOFTWARE (fc1)
Technical Support: http://splashurl.com/m6n5s3d
Copyright (c) 2006 by cisco Systems, Inc.
PLD version 0x10
GIO ASIC version 0x127
c1841 platform with 131072 Kbytes of main memory
Main memory is configured to 64 bit mode with parity disabled

Readonly ROMMON initialized
program load complete, entry point: 0x8000f000, size: 0xcb80
program load complete, entry point: 0x8000f000, size: 0xcb80

program load complete, entry point: 0x8000f000, size: 0x26a6e08
Self decompressing the image :

##################################################################################################################

############################################################################################## [OK]

Smart Init is enabled
smart init is sizing iomem
ID            MEMORY_REQ         TYPE
                0X003AA110 public buffer pools
                0X00211000 public particle pools
                0X00020000 Crypto module pools
                0X000021B8 Onboard USB

If any of the above Memory Requirements are
"UNKNOWN", you may be using an unsupported
configuration or there is a software problem and
system operation may be compromised.

Allocating additional 1701480 bytes to IO Memory.
PMem allocated: 123731968 bytes; IOMem allocated: 10485760 bytes

              Restricted Rights Legend

Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.

           cisco Systems, Inc.
           170 West Tasman Drive
           San Jose, California 95134-1706

Cisco IOS Software, 1841 Software (C1841-ADVENTERPRISEK9-M), Version 12.4(24)T2, RELEASE SOFTWARE (fc2)
Technical Support: http://splashurl.com/m6n5s3d
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Mon 19-Oct-09 16:11 by prod_rel_team

licensing flash block 0 needs to be initialized
licensing flash block 1 needs to be initialized
licensing flash block 0 needs to be initialized
licensing flash block 1 needs to be initialized

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://splashurl.com/lc8pd9c

If you require further assistance please contact us by sending email to
export@cisco.com.

Installed image archive
Cisco 1841 (revision 7.0) with 120832K/10240K bytes of memory.
Processor board ID FHK111915FK
2 FastEthernet interfaces
1 Virtual Private Network (VPN) Module
DRAM configuration is 64 bits wide with parity disabled.
191K bytes of NVRAM.
62720K bytes of ATA CompactFlash (Read/Write)

         --- System Configuration Dialog ---

Would you like to enter the initial configuration dialog? [yes/no]: no

Press RETURN to get started!

*Nov 16 15:19:29.343: %VPN_HW-6-INFO_LOC: Crypto engine: onboard 0 State changed to: Initialized
*Nov 16 15:19:29.347: %VPN_HW-6-INFO_LOC: Crypto engine: onboard 0 State changed to: Enabled
*Nov 16 15:19:31.971: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to down
*Nov 16 15:19:32.571: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down
*Nov 16 15:19:35.711: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
*Nov 16 15:20:22.075: %LINK-5-CHANGED: Interface FastEthernet0/0, changed state to administratively down
*Nov 16 15:20:22.079: %LINK-5-CHANGED: Interface FastEthernet0/1, changed state to administratively down
*Nov 16 15:20:22.587: %IP-5-WEBINST_KILL: Terminating DNS process
*Nov 16 15:20:23.075: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to down
*Nov 16 15:20:33.611: %SYS-5-RESTART: System restarted --
Cisco IOS Software, 1841 Software (C1841-ADVENTERPRISEK9-M), Version 12.4(24)T2, RELEASE SOFTWARE (fc2)
Technical Support: http://splashurl.com/m6n5s3d
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Mon 19-Oct-09 16:11 by prod_rel_team
*Nov 16 15:20:33.615: %SNMP-5-COLDSTART: SNMP agent on host Router is undergoing a cold start
*Nov 16 15:20:33.819: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is OFF
*Nov 16 15:20:33.819: %CRYPTO-6-GDOI_ON_OFF: GDOI is OFF
*Nov 16 15:20:33.819: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is OFF
*Nov 16 15:20:33.819: %CRYPTO-6-GDOI_ON_OFF: GDOI is OFF
*Nov 16 15:20:35.051: %SYS-6-BOOTTIME: Time taken to reboot after reload = 197 seconds
Router>show version | include IOS
Cisco IOS Software, 1841 Software (C1841-ADVENTERPRISEK9-M), Version 12.4(24)T2, RELEASE SOFTWARE (fc2)

I ran into a problem with one of the routers. It displayed a traceback error and the loading of the IOS kept on looping. I initially though it was a DRAM issue but I noticed the device created an IOMEM (Input/Output Memory) of 25% and it complains not having enough memory to run the IOS code.

Readonly ROMMON initialized
program load complete, entry point: 0x8000f000, size: 0xcb80
program load complete, entry point: 0x8000f000, size: 0xcb80

program load complete, entry point: 0x8000f000, size: 0x26a6e08
Self decompressing the image :

##################################################################################################################

############################################################################################## [OK]

IOMEM set to: 25
25 percent IO memory configuration is too large. Decreasing to 24117248 bytes.
PMem allocated: 110100480 bytes

              Restricted Rights Legend

Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.

           cisco Systems, Inc.
           170 West Tasman Drive
           San Jose, California 95134-1706

Cisco IOS Software, 1841 Software (C1841-ADVENTERPRISEK9-M), Version 12.4(24)T2, RELEASE SOFTWARE (fc2)
Technical Support: http://splashurl.com/m6n5s3d
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Mon 19-Oct-09 16:11 by prod_rel_team

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://splashurl.com/lc8pd9c

If you require further assistance please contact us by sending email to
export@cisco.com.

Installed image archive
Cisco 1841 (revision 7.0) with 107520K/23552K bytes of memory.
Processor board ID FHK112717FB
2 FastEthernet interfaces
1 Virtual Private Network (VPN) Module
DRAM configuration is 64 bits wide with parity disabled.
191K bytes of NVRAM.
62720K bytes of ATA CompactFlash (Read/Write)

SYSTEM INIT: INSUFFICIENT MEMORY TO BOOT THE IMAGE!

%Software-forced reload

15:27:29 UTC Sat Nov 16 2013: Breakpoint exception, CPU signal 23, PC = 0x60673B88

--------------------------------------------------------------------
   Possible software fault. Upon reccurence, please collect
   crashinfo, "show tech" and contact Cisco Technical Support.
--------------------------------------------------------------------

-Traceback= 0x6066C2C8z 0x6066A794z 0x602B310Cz 0x602D21A8z 0x60F88B94z 0x60FAF288z 0x60FAF7C4z 0x60FAF8D0z

0x60FAF97Cz 0x614C1C98z 0x614BBD8Cz 0x614B3D44z 0x614BEF40z 0x614BF0D0z 0x614BF158z 0x60F4AE78z
$0 : 00000000, AT : 64B50000, v0 : 00000000, v1 : 00000000
a0 : 00000000, a1 : 635C860C, a2 : 00000000, a3 : 635D0000
t0 : 64C83DE0, t1 : 64E60000, t2 : 60679488, t3 : 64B49184
t4 : 60679488, t5 : 6545CD48, t6 : 3401FF01, t7 : 3401FF00
s0 : 00000000, s1 : 00000000, s2 : 646D0000, s3 : 64790000
s4 : 00000000, s5 : 00000000, s6 : 00000000, s7 : 6346E6DC
t8 : 00000000, t9 : 64E60000, k0 : 3041E801, k1 : 00100000
gp : 64B50F20, sp : 6545C788, s8 : 654971E4, ra : 60672054
EPC : 60673B88, ErrorEPC : BFC05FDC, SREG     : 3401FF03
MDLO : 0000002E, MDHI     : 00000000, BadVaddr : FE804254
TEXT_START : 0x600171C0
DATA_START : 0x632078C0
Cause 00000024 (Code 0x9): Breakpoint exception

Writing crashinfo to flash:crashinfo_20131116-152729

15:27:29 UTC Sat Nov 16 2013: Breakpoint exception, CPU signal 23, PC = 0x60673B88

--------------------------------------------------------------------
   Possible software fault. Upon reccurence, please collect
   crashinfo, "show tech" and contact Cisco Technical Support.
--------------------------------------------------------------------

-Traceback= 0x6066C2C8z 0x6066A794z 0x602B310Cz 0x602D21A8z 0x60F88B94z 0x60FAF288z 0x60FAF7C4z 0x60FAF8D0z

0x60FAF97Cz 0x614C1C98z 0x614BBD8Cz 0x614B3D44z 0x614BEF40z 0x614BF0D0z 0x614BF158z 0x60F4AE78z
$0 : 00000000, AT : 64B50000, v0 : 00000000, v1 : 00000000
a0 : 00000000, a1 : 635C860C, a2 : 00000000, a3 : 635D0000
t0 : 64C83DE0, t1 : 64E60000, t2 : 60679488, t3 : 64B49184
t4 : 60679488, t5 : 6545CD48, t6 : 3401FF01, t7 : 3401FF00
s0 : 00000000, s1 : 00000000, s2 : 646D0000, s3 : 64790000
s4 : 00000000, s5 : 00000000, s6 : 00000000, s7 : 6346E6DC
t8 : 00000000, t9 : 64E60000, k0 : 3041E801, k1 : 00100000
gp : 64B50F20, sp : 6545C788, s8 : 654971E4, ra : 60672054
EPC : 60673B88, ErrorEPC : BFC05FDC, SREG     : 3401FF03
MDLO : 0000002E, MDHI     : 00000000, BadVaddr : FE804254
TEXT_START : 0x600171C0
DATA_START : 0x632078C0
Cause 00000024 (Code 0x9): Breakpoint exception

-Traceback= 0x6066C2C8z 0x6066A794z 0x602B310Cz 0x602D21A8z 0x60F88B94z 0x60FAF288z 0x60FAF7C4z 0x60FAF8D0z

0x60FAF97Cz 0x614C1C98z 0x614BBD8Cz 0x614B3D44z 0x614BEF40z 0x614BF0D0z 0x614BF158z 0x60F4AE78z

=== Flushing messages (15:27:30 UTC Sat Nov 16 2013) ===

Queued messages:
*Nov 16 15:27:30.699: %SYS-3-LOGGER_FLUSHING: System pausing to ensure console debugging output.

*Nov 16 15:27:25.591: %VPN_HW-6-INFO_LOC: Crypto engine: onboard 0 State changed to: Initialized
*Nov 16 15:27:25.595: %VPN_HW-6-INFO_LOC: Crypto engine: onboard 0 State changed to: Enabled
*Nov 16 15:27:28.223: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to down
*Nov 16 15:27:28.823: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down
*Nov 16 15:27:28.875: %SYS-2-MALLOCFAIL: Memory allocation of 32768 bytes failed from 0x602D9A60, alignment 0
Pool: Processor Free: 34708 Cause: Memory fragmentation
Alternate Pool: None Free: 0 Cause: No Alternate pool
-Process= "Init", ipl= 0, pid= 3, -Traceback= 0x6029C4C8z 0x602B310Cz 0x602D21A8z 0x60F88B94z 0x60FAF288z

0x60FAF7C4z 0x60FAF8D0z 0x60FAF97Cz 0x614C1C98z 0x614BBD8Cz 0x614B3D44z 0x614BEF40z 0x614BF0D0z 0x614BF158z

0x60F4AE78z 0x60F4AEC4z
*Nov 16 15:27:30.059: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
No warm reboot Storage
*** System received a Software forced crash ***
signal= 0x17, code= 0x24, context= 0x64e60db0
PC = 0x606882ec, Cause = 0x20, Status Reg = 0x3401c102

The router is unable to run normally even with a simple configuration of a hostname and failed to allocate a memory. I tried swapping with another 64 MB CF card and also tried to reformat but the global config command default memory-size iomem resolved this issue.

Router(config)#hostname ROUTER
ROUTER(config)#end
ROUTER#write memory
Building configuration...

*Nov 16 15:43:14.887: %SYS-5-CONFIG_I: Configured from console by console[OK]
ROUTER#
*Nov 16 15:43:15.783: %SYS-2-MALLOCFAIL: Memory allocation of 65536 bytes failed from 0x602DE440, alignment 0
Pool: Processor Free: 147748 Cause: Memory fragmentation
Alternate Pool: None Free: 0 Cause: No Alternate pool
-Process= "Exec", ipl= 0, pid= 3, -Traceback= 0x6029C4C8z 0x602B310Cz 0x602D21A8z 0x61B53664z 0x61B56F1Cz 0x61B875D8z 0x6041EF08z 0x60F86868z 0x60F4B878z 0x60F4C188z 0x60FAD35Cz 0x60F8B194z 0x60FB1214z 0x625BB1BCz 0x625BB1A0z
ROUTER#show run | include host
hostname ROUTER
ROUTER#
*Nov 16 15:43:49.655: %SYS-2-MALLOCFAIL: Memory allocation of 65536 bytes failed from 0x602DE440, alignment 0
Pool: Processor Free: 153604 Cause: Memory fragmentation
Alternate Pool: None Free: 0 Cause: No Alternate pool
-Process= "Exec", ipl= 0, pid= 3, -Traceback= 0x6029C4C8z 0x602B310Cz 0x602D21A8z 0x61B56948z 0x61B875C0z

0x6041EF08z 0x60F86868z 0x60F4B878z 0x60F4BD14z 0x60FACC94z 0x60F8B194z 0x60FB1214z 0x625BB1BCz 0x625BB1A0z
64012288 bytes total (64012288 bytes free)

Router#format flash:
Format operation may take a while. Continue? [confirm]
Format operation will destroy all data in "flash:". Continue? [confirm]
Writing Monlib sectors....
Monlib write complete

Format: All system sectors written. OK...

Format: Total sectors in formatted partition: 125408
Format: Total bytes in formatted partition: 64208896
Format: Operation completed successfully.

Format of flash: complete

Router(config)#default memory-size iomem    // THE COMMAND WORKS LIKE A CHARM
Smart-init will be enabled upon reload.
Router(config)#do reload

System configuration has been modified. Save? [yes/no]: yes
Building configuration...

*Nov 17 14:49:23.743: %SYS-2-MALLOCFAIL: Memory allocation of 32768 bytes failed from 0x602DA974, alignment 0
Pool: Processor Free: 160464 Cause: Memory fragmentation
Alternate Pool: None Free: 0 Cause: No Alternate pool
-Process= "Exec", ipl= 0, pid= 3, -Traceback= 0x6029C4C8z 0x602B9CF8z 0x602D217Cz 0x60F86AFCz 0x60F86B74z 0x60F86C0Cz 0x60416178z 0x60F8EBA0z 0x60420CE8z 0x60F86868z 0x60F4B878z 0x60F4C188z 0x60FAD35Cz 0x60FB2D5Cz 0x60F8B194z 0x60F8BDD0z[OK]
Proceed with reload? [confirm]

*Nov 17 14:49:29.827: %SYS-5-RELOAD: Reload requested by console. Reload Reason: Reload Command.

<OUTPUT TRUNCATED>

Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname ROUTER
ROUTER(config)#^Z
*Nov 17 14:58:17.211: %SYS-5-CONFIG_I: Configured from console by console
ROUTER#show run | include host
hostname ROUTER