Cisco – adding a static route to router

To show what routes your cisco router currently has loaded type the following command (from the enable prompt) ;

show ip route

To add any new static routes you need to use the following command (from the config terminal prompt) ;

ip route 10.10.20.0 255.255.255.0 192.168.100.1

the syntax as above is ip route network netmask gateway


Cisco – MLS (QoS) on a switch

If you find alot of MLS entries in your running-config file you may have QoS enabled. Within the lab i dont require QoS (Quality of Service) to be enabled so have disabled it via this command (config t);

no mls qos

Note: this was a 2960G switch.

Remember to save running config to startup config. Done.

A good reference page here…

http://www.cisco.com/en/US/docs/switches/lan/catalyst2960/software/release/12.2_37_ey/configuration/guide/swqos.html#wp1021247

Squid – optimizing cache hits

The first place to look for increasing your hit ratio is the refresh_pattern parameter within the squid.conf file.

Note: the following applies to squid 3.0 and higher only….

I have found a really good page here http://linux.com/archive/feature/153221 that explains some good setups if you with to increase your cache hits…

refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i \.(gif|png|jpg|jpeg|ico)$ 10080 90% 43200 override-expire ignore-no-cache ignore-no-store ignore-private
refresh_pattern -i \.(iso|avi|wav|mp3|mp4|mpeg|swf|flv|x-flv)$ 43200 90% 432000 override-expire ignore-no-cache ignore-no-store ignore-private
refresh_pattern -i \.(deb|rpm|exe|zip|tar|tgz|ram|rar|bin|ppt|doc|tiff)$ 10080 90% 43200 override-expire ignore-no-cache ignore-no-store ignore-private
refresh_pattern -i \.index.(html|htm)$ 0 40% 10080
refresh_pattern -i \.(html|htm|css|js)$ 1440 40% 40320
refresh_pattern . 0 40% 40320

This is an example of a site that you may wish to heavily cache…

refresh_pattern -i youtube.com/.* 10080 90% 43200

http://wiki.squid-cache.org/ConfigExamples/DynamicContent/YouTube

http://wiki.squid-cache.org/ConfigExamples/DynamicContent/YouTube

# REMOVE these lines from squid.conf

acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY

 

# Break HTTP standard for flash videos. Keep them in cache even if asked not to.
refresh_pattern -i \.flv$ 10080 90% 999999 ignore-no-cache override-expire ignore-private

# Apparently youtube.com use 'Range' requests
# - not seen, but presumably when a video is stopped for a long while then resumed, (or fast-forwarded).
# - convert range requests into a full-file request, so squid can cache it
# NP: BUT slows down their _first_ load time.
quick_abort_min -1 KB

# Also videos are LARGE; make sure you aren't killing them as 'too big to save'
# - squid defaults to 4MB, which is too small for videos and even some sound files
maximum_object_size 4 GB

# Let the clients favorite video site through with full caching
# - they can come from any of a number of youtube.com subdomains.
# - this is NOT ideal, the 'merging' of identical content is really needed here
acl youtube dstdomain .youtube.com
cache allow youtube

# kept to demonstrate that the refresh_patterns involved above go before this.
# You may be missing the CGI pattern, it will need to be added if so.
refresh_pattern -i (/cgi-bin/|\?)   0   0%      0
refresh_pattern .                   0   0%   4320

 


Cisco – Stop console messages

Sometimes when logged into a router or switch via the null modem (console port) the console messages make it hard to see the commands you are trying to run.

There is a way to turn off the messages on the console session. Log on to your switch router, enter into configuration terminal mode then type…

no logging console

Done

DHCP Client – Error 5: Access is denied.

I’ve had this on a few windows 2003 machines, where the “DHCP client” service refuses to start and prompts with an access denied window.

Unsure of the cause at this point (it may be a security patch), but here is the fix…

Give the local “network service” account full rights to the following registry key;

hkey_local_machine\system\currentcontrolset\services\dhcp

Now try starting the service, should work. In some cases you may also need to add the rights to the following key..

hkey_local_machine\system\currentcontrolset\services\tpip

Done.