Home
Cisco router changes to support new DST
The Energy Policy Act of 2005 offically took effect March 11, 2007. This basically extends daylight saving time. The chart built into the most routers is not going to be correct. In lieu of code upgrade you can manually specify the start and stop times. The example below sets the router/switch so DST starting 2nd Sun in March and ending the 1st Sun in November.
clock timezone EST -5
clock summer-time EDT recurring 2 Sun Mar 2:00 1 Sun Nov 2:00
 
Maximum Domain Length
RFC 883 (http://ietf.org/rfc/rfc0883.txt) States:
Domain names messages are expressed in terms of a sequence of labels. Each label is represented as a one octet length field followed by that number of octets. Since every domain name ends with the null label of the root, a compressed domain name is terminated by a length byte of zero. The high order two bits of the length field must be zero, and the remaining six bits of the length field limit the label to 63 octets or less.
To simplify implementations, the total length of label octets and label length octets that make up a domain name is restricted to 255 octets or less. Since the trailing root label and its dot are not printed, printed domain names are 254 octets or less.
In the doman "yahoo.com" There are 2 labels "yahoo" and "com" no single label can exceed 63 characters. The '.' is not part of the label character count, it is however part of the total character count which must not exceed 253 bytes there is a unwritten '.' at the end of every domain name so that is why the 253 bytes. There is not a limit to subdomains as long as the total amount is less than 253 bytes.
 
Typical ACLs on Edge Routers

Add the ACLs into the router... This is not a dangerious step, nothing will happen untill you apply it on the interface.

configure terminal
access-list 1 remark Anti Spof for Serial I/F
access-list 1 deny   63.127.106.56 0.0.0.7
access-list 1 deny   127.0.0.0 0.255.255.255
access-list 1 deny   10.0.0.0 0.255.255.255
access-list 1 deny   172.16.0.0 0.15.255.255
access-list 1 deny   192.168.0.0 0.0.255.255
access-list 1 permit any
access-list 2 remark Access to Admin Interface
access-list 2 permit 63.127.106.56 0.0.0.7
access-list 2 deny   any
[CTRL]+[Z]

To verify the access lists:

sh access-lists

To apply the ACL for telnet to the admin interface:

configure terminal
line vty 1 4
access-class 2 in
[CTRL]+[Z]

This does not affect session 0 just 1-4. Make sure it works, by first making sure you can telnet to the vty from inside your network. Then make sure you cannot from the outside internet.

Next apply it to all vtys:

configure terminal
line vty 0 4
access-class 2 in
[CTRL]+[Z]

Retest, make sure you can get in BEFORE you drop your current console. Now the Anti-Spoof ACLs on the serial I/F. NOTE I am guessing on the interface name.

configure terminal
interface serial 0
ip access-group 1 in
[CTRL]+[Z]
 
More...
<< Start < Prev 1 2 Next > End >>

Results 5 - 8 of 8