Inline Bypass Modes

There are three inline bypass modes:

• Auto: In this mode, the sensor determines whether or not it should be in inline bypass mode. If the monitoring process is down, the sensor automatically shifts into inline bypass mode until the monitoring process returns.
• Off: Inline bypass mode is disabled. Traffic will be forwarded to and is inspected by the Analysis Engine.
• On: Inline bypass mode is disabled. Traffic flows but is not inspected.

There are two methods for putting the IPS into bypass mode.

Command-Line Interface (CLI)

This is really straightforward:

sensor# configure terminal
sensor(config)# service interface
sensor(config-int)# bypass-mode on
sensor(config-int)# exit
Apply Changes:?[yes]:

IPS Device Manager (IDM)

The IDM has a dedicated Bypass Mode Pane. Simply select "On" and save your configuration.

Router# show redundancy states
       my state = 13 -ACTIVE
     peer state = 1  -DISABLED
           Mode = Simplex
        Unit ID = 6
Redundancy Mode (Operational) = Non-redundant
Redundancy Mode (Configured)  = Non-redundant
Redundancy State              = Non Redundant

Enable SSO!

Router# config t
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)# redundancy
Router(config-red)# mode sso
Router(config-red)# ^Z
%CMRP-6-DUAL_IOS_REBOOT_REQUIRED: R0/0: cmand:  Configuration must be saved and the chassis must be rebooted for IOS redundancy changes to take effect
Router# reload

And once it's back live, you can see that SSO is up and working:

Router# show redundancy states
       my state = 13 -ACTIVE
     peer state = 8  -STANDBY HOT
           Mode = Duplex
           Unit = Primary
        Unit ID = 48

Redundancy Mode (Operational) = sso
Redundancy Mode (Configured)  = sso
Redundancy State              = sso
    Manual Swact = enabled
 Communications = Up

   client count = 87
 client_notification_TMR = 30000 milliseconds
          keep_alive TMR = 4000 milliseconds
        keep_alive count = 0
    keep_alive threshold = 7
           RF debug mask = 0x0

1. shift-t - By default, the command to tag messages based on a pattern is bound to shift-t. If you've changed this in your muttrc, use whatever you've bound tag-pattern to.
2. ~m1-5389 - ~m is the pattern indicator for message ID. It can accept a single value, or a range of values. In my case, I've told it to match messages 1 through 5,389.
3. Don't forget to use the tag-prefix key (; by default) to perform an action on the messages you've tagged.

Router#show ip bgp 8.8.8.8
BGP routing table entry for 8.8.8.0/24, version 50004440
Paths: (3 available, best #3, table Default-IP-Routing-Table)
  Advertised to update-groups:
     2

BGP Dynamic Update Peer-Groups is a feature of IOS that groups together neighbors that receive the same updates. These groups are created automatically and do not require intervention from the user.

In order to see who is a member of an update-group, use the show ip bgp update-group command.

Router#show ip bgp update-group 2
BGP version 4 update-group 2, internal, Address Family: IPv4 Unicast
  BGP Update version : 50945923/0, messages 0
  NEXT_HOP is always this router
  Community attribute sent to this neighbor
  Update messages formatted 15921628, replicated 15921628
  Number of NLRIs in the update sent: max 1065, min 0
  Minimum time between advertisement runs is 0 seconds
  Has 2 members (* indicates the members currently being sent updates):
   x.x.x.x          x.x.x.x

"autocmd BufRead *.xml :source ~/.vimrc.xml

It's embarrassing to admit how long it takes to find the answer to that question.

The problem is fairly well documented. Lion appears to prefer your original connection DNS servers rather than the servers assigned when the VPN connection comes up. Lots of Lion DNS lookup order workarounds have been proposed, but my preferred solution so far is to change the service order in the Network pane of System Preferences. By dragging my VPN connection to the top, I guarantee that the DNS servers specified in that connection will be the ones used.

This has solved my problem in most cases. Certain command line tools (host, dig, nslookup) do not honor the order, but that's a trivial problem.

You can download the latest version of the plugin from the WordPress Plugin Directory. Please visit my Projects page for a list of other projects I'm involved with.

Switch#write
startup-config file open failed (Not enough space)

Switch#dir nvram:
Directory of nvram:/

%Error opening nvram:/ (Function not implemented)

1048576 bytes total (1034573 bytes free)

Cisco Catalyst switches simulate NVRAM on their flash. Once in a blue moon, this simulated NVRAM will become corrupted. In order to clear up the corruption, I changed the size of the NVRAM and rebooted:

aus-bone-02#show boot
BOOT path-list      : flash:c3750me-i5k91-mz.122-58.SE2/c3750me-i5k91-mz.122-58.SE2.bin
Config file         : flash:/config.text
Private Config file : flash:/private-config.text
Enable Break        : no
Manual Boot         : no
HELPER path-list    :
Auto upgrade        : yes
Auto upgrade path   :
NVRAM/Config file
      buffer size:   1048576
Timeout for Config
          Download:    0 seconds
Config Download
       via DHCP:       disabled (next boot: disabled)

Notice that the size of the simulated NVRAM is 1,048,576 bytes. We'll change it back to the default (512K).

Switch#config t
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)#boot buffersize 524288
Switch(config)#^Z
Switch#show boot
BOOT path-list      : flash:c3750me-i5k91-mz.122-58.SE2/c3750me-i5k91-mz.122-58.SE2.bin
Config file         : flash:/config.text
Private Config file : flash:/private-config.text
Enable Break        : no
Manual Boot         : no
HELPER path-list    :
Auto upgrade        : yes
Auto upgrade path   :
NVRAM/Config file
      buffer size:   524288
Timeout for Config
          Download:    0 seconds
Config Download
       via DHCP:       disabled (next boot: disabled)

After reload:

Switch#dir nvram:
Directory of nvram:/

  500  -rw-        8807                      startup-config
  501  ----        2072                      private-config
    1  ----          35                      persistent-data

524288 bytes total (512333 bytes free)

defscrollback 5000
termcapinfo xterm* ti@:te@

Find the Dial Plan

My phone gets its configuration from our TFTP server. The dial plan is kept in a separate XML file. The dial plan file my phone is supposed to download is defined by the dialTemplate parameter. You should either change this parameter in the master phone configuration file or the configuration file specific to your phoen. Mine looks like this:

<dialTemplate>shh-dialplan.xml</dialTemplate>

I'm using a dial plan specific to my phone because I don't want to break anyone's dialing!

Edit the Dial Plan

In my case, I just need to add one line to my configuration. I want to match on 10 dialed digits that start with my local area code:

<TEMPLATE MATCH="512......." Timeout="1" Rewrite="%1" />

This line should be placed in between the <DIALTEMPLATE> and </DIALTEMPLATE> parameters. This line tells the phone to match any dialed 10 digits that starts with 512 (the area code for Austin, TX) and rewrite that with just the last 7 digits (those matched with the dots).

Reset Your Phone

In order to get the new configuration on your phone, you'll need to reset it. Hit the Settings button (on my phone it has a check mark on it) and then dial **#**. The phone will reset and download the updated configuration and dial plan files.

That should be all it takes.