Tag Archives: Cisco

Cisco IOS Self-Signed Certificate Expiration

On Jan 1, 2020 all self signed certificates that were generated on IOS/IOS-XE platforms got expired. After that time your device will not be able to generate self signed certificates.

There are some work arounds :

  • Obtain a valid certificate from a 3rd part Certificate Authority
  • Use the IOS CA Server to generate a new certificate
  • Use OpenSSL to generate a new self-signed certificate
  • Update your system, if possible, to a fixed SSC IOS version

Systems affected :

  • All IOS 12.x
  • all IOS 15.x prior to 15.6(3)M7, 15.7(3)M5, 15.8(3)M3, 15.9(3)M
  • all IOS-XE prior to 16.9.1

You can find more information here.

Telnet zero-day on cisco devices

Cisco announced a remote code execution vulnerability that affects telnet on catalyst series devices. Once again this has to do with the documents leaked by Wikileaks, known as Vault 7.

Cisco recommends to enable only SSH access on the devices affected, if possible. For devices that do not support SSH, VTY access lists may be applied to reduce the risk.

More information about the vulnerability and the devices affected, can be found here.

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)

Custom images on cisco 79XX telephone sets

To be able to add images on devices, you must already have a TFTP-Server and of course the necessary .xml configuration files.

Every cisco telephone set has it’s own demands. The image format must be on .PNG with specific dimensions

Telephone set Image dimensions (pixels) Thumbnail dimensions(pixels) TFTP Folder
7906/7911 95 X 34 23 X 8 /Desktops/95x34x1
7941/7961/7942/7962 320 X 196 80 X 49 /Desktops/320x196x4
7945/7965/7975 320 X 212 80 X 53 /Desktops/320x212x16
7970/7971 320 X 212 80 X 53 /Desktops/320x212x12

Continue reading

Cisco router initial configuration

There is no golden rule on this. Everyone has it’s own way to do a basic configuration on a cisco router. Here is mine.

Some routers are pre-configured by cisco. The first time that the router powers up, it will ask for a username and password which is always cisco/cisco. This is one-time-password. If you login from console and you don’t change this, then you will be locked out. In case of pre-configured router, I always erase the running configuration by issuing : Continue reading