According to this LINK. A vulnerability in the Secure Sockets Layer (SSL) VPN functionality of the Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code.

  1. Login as root.
  2. switchdisable
  3. configremoveall
  4. reboot

To install macOS from a USB disk, you might want to change the system time to finally get it installed.

Example: to install EL Capitan to a macbook pro. You need to change the date from terminal using command:

date 122014102015.30

[ Family ] Mother passed away

| No Comments

[ Cisco ] NM-16A / NM-32A

| No Comments

The following documentation from Cisco indicating that you will not be able to use the NM-16A on the Cisco 2800 Series routers.

  1. https://www.cisco.com/c/en/us/support/docs/routers/3600-series-multiservice-platforms/7258-hw-async.html
  2. https://www.cisco.com/c/en/us/td/docs/ios/interface/configuration/guide/ir_nm16as.html

But chances are, you can. I have installed the NM-16A to my Cisco 2821 Router, and it has been recognized and configurable.

Cisco 2821 (revision 53.51) with 419840K/104448K bytes of memory.
Processor board ID FTXXXXXXXXX
2 Gigabit Ethernet interfaces
1 Serial(sync/async) interface
16 terminal lines
1 Virtual Private Network (VPN) Module
DRAM configuration is 64 bits wide with parity enabled.
239K bytes of non-volatile configuration memory.
250880K bytes of ATA CompactFlash (Read/Write)

Just remember, do not plug this module into the upper right slot (marked as EVM only), put it into the left-bottom slot instead.

[ MacOS ] Uninstall Java

| No Comments

sudo rm -fr /Library/Internet\ Plug-Ins/JavaAppletPlugin.plugin
sudo rm -fr /Library/PreferencesPanes/JavaControlPanel.prefPane
sudo rm -fr ~/Library/Application\ Support/Java

MacOS Capitan 版本在访问ASA 5505 的AIP-SSC-5 时,会出现如下错误。

Unsigned application requesting unrestricted access to system. The following resource is signed with a weak signature algorithm MD5withRSA and is treated as unsigned.

此时,编辑如下文件:

/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/securit/java.security

注释掉如下这行:

jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024

即可启用Java 对MD5 with SHA1 的支持。

For the following Cisco Wireless LAN Controller model:

  • 2500 DTLS License (Product_Id "AIR-CT2504-K9" )
  • 5500 DTLS License (Product_Id "AIR-CT5508-K9" )
  • 7500 DTLS License (Product_Id "AIR-CT7510-K9" )
  • WISM2 DTLS License (Product_Id "WS-SVC-WISM2-K9" )
  • VWLC DTLS License(WCVWLCDTLS)

You can obtain your DTLS license from this page.

[ Photography ] The new Audi A3

| 2 Comments

20170922182913.jpgPhotographed by : erebus
Processed by : Shen, Li Feng
Camera : Nikon D610 with Nikkor 105mm f/2.8 VR IF ED

最近开始有不少家庭用户,在购买Cisco AP 后询问,是否可以创建多个SSID。原因不外乎是为了设置一个访客专用的SSID,然后设置和主要SSID 不同的密码。防止常用密码被WIFI 万能钥匙一类的软件盗取。

在一般的家庭环境拓扑中,此配置方法不适用。只因思科限制一个SSID 只能绑定到同一个radio 的单个VLAN 下。换言之。你只能在2.4GHz ( dot11radio0 ) 下面,设置一个属于vlan1 的ssid -> Cisco1。

参考思科的文档中所提到的:

SSIDs, VLANs, and encryption schemes are mapped together on a one-to-one-to-one basis; one SSID can be mapped to one VLAN, and one VLAN can be mapped to one encryption scheme. When using a global SSID configuration, you cannot configure one SSID with two different encryption schemes. For example, you cannot apply SSID north with TKIP on interface dot11 0 and also apply SSID north with WEP128 on interface dot11 1.

所以再有类似需求的用户不要再找我了,我也没有办法。特发文公告之。感谢。

Photography

Tools / Links

Recent Comments

Recent Entries

Books