WinSCP to FMC

Adding this for posterity as Cisco forum threads have a tendency to disappear. Thanks to Fatjon.Celaj for this information.

Whilst SSH’d into the FMC enter expert mode using the keyboard ‘expert’.
Run more or less on /etc/password to confirm what the default shell is for the admin user. (If this is what you’re using).

For example:
admin@fmc:~$ more /etc/passwd
root:x:0:0:Operator:/root:/bin/sh
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
mysql:x:27:27:MySQL:/var/lib/mysql:/sbin/nologin
nobody:x:99:99:nobody:/:/sbin/nologin
sshd:x:33:33:sshd:/:/sbin/nologin
www:x:67:67:HTTP server:/var/www:/sbin/nologin
sfrna:x:88:88:SF RNA User:/Volume/home/sfrna:/sbin/nologin
snorty:x:90:90:Snorty User:/Volume/home/snorty:/sbin/nologin
sfsnort:x:95:95:SF Snort User:/Volume/home/sfsnort:/sbin/nologin
sfremediation:x:103:103::/Volume/home/remediations:/sbin/nologin
admin:x:100:100::/Volume/home/admin:/usr/bin/clish
casuser:x:101:104:CiscoUser:/var/opt/CSCOpx:/sbin/nologin
lamplighter:x:110:110::/var/opt/lamplighter:/bin/sh
monetdb:x:111:111::/Volume/lib/monetdb:/sbin/nologin
fatjon:x:1000:201::/Volume/home/fatjon:/usr/bin/clish

Notice that the default shell is ‘clish’. If you’ve attempted to connect to the FMC using WinSCP with the protocol set to SCP, you’ll be presented with an error message about the shell type.

To change the shell type you need to switch to the root user by executing ‘sudo su‘.

Modify the admin’s shell to use Bash with the following

usermod –shell /bin/bash admin‘.

Now you’ll be able to use WinSCP. To revert it back use

usermod –shell /usr/bin/clish admin‘.

SecureCRT on Linux

TL;DR Using SecureCRT as my native terminal emulator for EVE-NG on Arch works.

To my surprise SecureCRT has a Linux installer. After following the instructions from the comments on the AUR for SecureCRT I managed to get it installed.

There was a few niggling things that I needed to do before I was able to settle in. First thing, use Firefox or any browser based on Firefox. When launching a console from inside EVE, Firefox prompt’s you to select an application. Find and select SecureCRT and set it as the default program. Whenever future console sessions are opened it automatically launches SecureCRT. When using Chrome it doesn’t give me that option, it attempts to launch it through whatever is configured in ‘eve-ng integration‘. I’ve tried setting it to SecureCRT, it would launch but wouldn’t connect. If anyone has any tips on fixing that please leave a comment.

The were two other annoyances I ran into. When launching a console it would open each session in a separate window. If you only want a single window with each session opening inside a tab, then you need to edit the ‘Single Instance’ command inside the Global.ini

The Global.ini on Arch is currently located in $HOME/.vandyke/SecureCRT/

You need to change:

D:”Single Instance”=00000000

To:

D:”Single Instance”=00000001

The other issue that I had was that the top menu bar was missing. This is needed if you ever need/want to access things like the Global options. I had to change the following from:

D:”Show Menu Bar”=00000000

To:

D:”Show Menu Bar”=00000001

This has been a really nice upgrade to my workflow. I’ve attached an image of what it looks like below.

Homelab

After spending some time on the subreddit r/homelab I recently purchased a used Dell R720 so that I can setup a proper homelab environment for my studies. Along with that I also purchased Cisco’s CML personal edition so that I can use the supplied images with EVE-NG Pro.

Here’s the images that come with CML.

 

Image

Description

Version

ASAv Cisco ASA firewall image 9.12.2
CSR 1000v IOS-XE Cloud Services Router 16.11.01b
IOS XRv IOS XR classic image (32-bit, deprecated) 6.3.1
IOS XRv 9000 IOS XR 64-bit image 6.6.2
Nexus 7000v NX-OS layer 3 image (deprecated) 7.3.0.d1.1
Nexus 9000v NX-OS layer 2/3 image 9.2.3
IOSv IOS classic layer 3 image 15.8(3)
IOSv L2 IOS classic layer 2/3 switch image 15.2
Linux Images
TRex Linux-based image with Cisco’s packet generator 2.6.5
WAN Emulator Linux-based image that provides WAN-like delay, jitter, and loss effects to links 3.10
Alpine Linux Desktop Alpine Linux image that provides a graphical, Xfce interface 3.10
Tiny Core Linux Tiny Core Linux server image 8.2.1
Ubuntu 18.04 Full-featured Ubuntu server image using cloud-init YAML configuration 18.04.3 LTS
CoreOS Linux container-focused OS using cloud-init YAML configuration 2135.4.0

As this is all new to me I found Rob Willis‘ YouTube introductory videos on VMware ESXi and installation guides were great for getting me started.

This introduction to EVE-NG, which is a collaboration with INE’s Rohit Pardasani and EVE-NG’s CEO Uldis Dzerkals, along with the EVE cookbook is what I used to get EVE-NG up and running on ESXi.

After a while of testing and tweaking with the native console options thanks to this EVE-NG-integration repo, I’m currently settled with using Remina for both RDP and VNC sessions and Roxterm for terminal access (struggling to get tabbed sessions working with terminator). Along with testing out Waterfox because I wanted a completely separate browser to manage ESXi and EVE-NG. Here’s the final result.

Just wanted to add that the reason I chose native over the HTML5 console was because I was having issues with copying and pasting. It was failing to work on Firefox/waterfox but it works fine in Chrome!

I’m looking forward to setting up some large topologies and being able to play around with server side technologies so that I can start experimenting with things like 802.1 x, parsing syslogs/netflow/snmp, testing security with Kali, automation and so on.

Enabling telnet access for the ASAv

When launching the ASAv in GNS3 by default telnet will partially load and you’ll be welcomed by a blank screen. This has caught me out a few times. The fix is detailed in this excellent blog post.

For posterity to summarise that post. Boot up the ASAv using console type vnc or if you’re on Linux try using spice. Once it’s booted up execute the following command:

ciscoasa#copy disk0:/coredumpinfo/coredump.cfg use_ttyS0

Be careful not to use the letter O it has to be the number 0 at the end of use_ttyS0. Shutdown the ASA, change the console type to Telnet. Power it back on and it should now work.

Formatting a MAC address

I’m often given huge lists of MAC addresses and they tend to arrive in a variety of different formats. Such as the following:

AABBCCDDEEFF
AA-BB-CC-DD-EE-FF
AAB.BCC.DDE.EFF
AABB.CCDD.EEFF
AA:BB:CC:DD:EE:FF

Typically I need them formatted as the last example above, with colons between every 2 characters.

The formula below works great in Excel, where A2 is the cell you’re targeting:

=LEFT(A2,2)&”:”&MID(A2,3,2)&”:”&MID(A2,5,2)&”:”&MID(A2,7,2)&”:”&MID(A2,9,2)&”:”&RIGHT(A2,2)

Splitting a CSV file

I was a little reluctant to push out a change that would affect nearly 600 Access Points, so I wanted to do it in batches of 100. As the method of input was CSV, I needed to break this up.

The Split command from the GNU coreutils was the perfect solution for my needs.

split -l 100 list.csv –additional-suffix=.csv output/test -d

The output of that command produces the following files, each with 100 lines of data and places them inside the directory named output.

test01.csv
test02.csv
test03.csv
test04.csv
test05.csv
test06.csv

Without the –additional-suffice and -d options the files would not have the extension I was looking for, and it would have been ordered alphabetically instead of numerically.

A review of 2019

2019 was a roller coaster of a year when it came to examinations. Having passed the CCNA Wireless and Security exams on my first attempt I then went on to fail the CCNP SWITCH twice! Due to time constraints and having read other peoples experiences with the CCNP track I’ve decided I will no longer be pursuing it, instead I will now concentrate on the new exams launching in February 2020, starting with ENCOR.

Of the Cisco exams I’ve sat so far, the CCNP Switch exam felt like an extreme exercise in memorising esoteric trivia. There aren’t many topics in this exam but they each require a deep amount of knowledge. With hindsight I would have approached this exam like I did the CCNA Security and used material from a level above, i.e. CCIE.  I wrongly assumed at the CCNP level things would be different but they aren’t, they’re still looking to trip you up with ambiguity. That said, even though I failed this exam I did learn a lot. So it wasn’t a complete waste.

To the future. At the moment the certifications that interest me the most are the following:

I’m currently taking a deep dive into packet analysis. This is a topic that’s been in the periphery for some time but recently a situation in work was the proverbial straw that broke the camel’s back and it sent me down a youtube rabbit hole. On that journey I discovered the hilariously insightful channel Packet Bomb by Kary Rogers. I ended up purchasing his fundamentals course which is excellent. I’m now working my way through Laura Chappell’s “Troubleshooting with Wireshark”, and I’ve also got Wireshark Fundamentals by Jerome Henry / James Garringer queued up on O’Reilly.com. (You can get a year subscription for $99 via ACM.org!).  Sprinkle a ton of videos from past SharkFest events along with Practical Analysis by Chris Sanders and that’s going to keep me busy. Ultimately the goal of this endeavour is being able to diagnose and troubleshoot issues more efficiently.

 

 

 

Next goal: CCNP Routing and Switching

I’ve decided to pursue the CCNP R&S certification with the goal of achieving it before the end of 2019 (I have until February 2020 to get it done before the big refresh!). Based on my current position, this path is the next logical progression. Ultimately I hope the pursuit of this is going to help me diagnose and troubleshoot issues with more efficiency. Recently I’ve recognised gaps in my knowledge that I hope the CCNP R&S will help fill. In preparation for this series of exams I currently have the following material:

  • CBT Nuggets CCNP Routing and Switching series
  • CBT Nuggets CCNP Hands-on lab series
  • CCNP Routing and Switching  Official Cert Guide Premium Edition eBook and Practice Test series
  • CCNP Routing and Switching Portable Command Guide, Second Edition
  • CCNP Routing and Switching series by Kevin Wallace

Certifications aside. I’ve recently been dipping in and out of the following books:

  • Computer Networking Problems and Solutions: An innovative approach to building resilient, modern networks
  • Network Warrior
  • Cisco Networks: Engineers’ Handbook of Routing, Switching, and Security with IOS, NX-OS, and ASA
  • Practical Packet Analysis 3rd edition

 

My path to the CCNA Security certification

Today I earned the infamous CCNA Security certification. It’s exactly a month later than planned but I’m happy I managed to pass it on the first try. From reading other peoples experiences I went into this exam expecting to see some curve balls and I did.

The biggest complaints I’ve heard from people who have sat this exam is that the official certification guide doesn’t adequately prepare you for it. Also, the blueprint isn’t really that helpful either, see this post in Cisco’s learning forum. Daniel, the author of that post gives his perspective on how he found it, it’s eye opening. With hindsight, I agree. Had I simply used the OCG on its own I would have failed this exam. Even with all the material I went through I wasn’t confident during the exam that I had passed.

Below is a list of all the materials that I used to prepare for this:

  • CCNA Security 210-260 Official Cert Guide Premium Edition and Practice Test, ISBN: 9780134077895
  • CCNA Security 210-260 Complete Video Course
    By Omar Santos, Aaron Woland, Mason Harris
  • 31 Days Before Your CCNA Security Exam (Digital Study Guide): A Day-By-Day Review Guide for the IINS 210-260 Certification Exam (eBook, videos, interactive exercises, quizzes)
  • CCNA Security (210-260) Portable Command Guide, 2nd Edition
    By Bob Vachon
  • Cisco CCNA Security 210-260 IINS (references 640-554 A LOT) with Keith Barker
  • Cisco CCNP Security Firewall (CBT Nuggets)
  • Cisco CCNP Security VPN 2.0 (CBT Nuggets)

I started off with the OCG guide and Keith Barker’s 210-260 + 640-554 video series. Then I binged watched the ‘CCNA Security 210-260 Complete Video Course’ By Omar Santos, Aaron Woland, Mason Harris. All video series were a nice complement to the book. The latter might not be on most peoples radar but I highly recommend it.

For my virtual labs I used Keith Barker’s CCNP Security Firewall videos to get up to speed on ASDM. Along with using the 31 Days Before Your CCNA Security Exam and the Portable Command Guide. The digital version of the 31 Days Before Your Exam was surprisingly good. It has quite a bit of video content and a lot of quizzes throughout. Breaking it down into daily chunks and using it in combination with the Portable Command Guide was a nice combination.

Preparing for this exam was tough as some of the technology that you’re required to know about is simply no longer used in the real world. CCP and ACS being two of them. After installing CCP and briefly experimenting with it, I decided not to invest any more time on it and gambled that it wouldn’t show up on the exam. To practice AAA with tacacs+ I used an open source tacacs+ server to do so. I followed this guide to accomplish that using Ubuntu 18.04 LTS. (Cisco’s ISE was not an option that was available to me).

The practice exams that come with the Premium OCG guide was definitely worth the investment and I would highly recommend it if you’re on the same path.

My thoughts on the exam can be summed up in a single word..meh. I didn’t enjoy it, it was a classic Cisco exam in my opinion. Lots of tricky questions that are worded with a lot of ambiguity. Exam aside I really did learn a lot that’s been directly applicable to my job, which is the most important thing.