Monday, August 22, 2011

Recovery procedure for Cisco switch when IOS image gets deleted

If you accidentally reload the switch before you get an image on it, you will be forced into rommon mode. No worries, but, you will need console access.

1) Connect to the console port with the following settings and increase the baud rate for your image         transfer:

Bits per sec:   9600
Data bits:     8
Parity:           none
Stop bits:     1
Flow control:   none

2) Disconnect and reconnect to the console with 115200 bits per sec.
3) Start the xmodem file transfer:

The not so obvious thing here is, after you see the words "Begin the Xmodem transfer.....," you must now "send Xmodem" from your terminal session software...

4) Once the file transfer is finished, set the baud rate for console back to the default, and reconnect your session at 9600...


5) Lastly, set the boot system parameter and reset. (In theory, you don't have to run this command because, if there is no image defined in the config, the system loads the first image it finds in flash. It is good to know about in case you have multiple sources, usb drive, etc.)


Alternate Method from USB Drive:
1) boot into rommon mode
2) run: boot system usbflash0:c3825-advipservicesk9-mz.124-24.T3.bin

Be aware of these settings in your running-config and set them appropriately. See below entries...
boot system flash:c3825-advipservicesk9-mz.124-24.T3.bin
boot system usbflash0:c3825-advipservicesk9-mz.124-24.T3.bin

For example, if you only had the usb entry from above and reloaded your router without the usb drive inserted, guess what?
You guessed it, the router will fail to load because it can't find an image. (Unless you have one in flash.)

Friday, August 12, 2011

Cisco Port Security

Cisco's port security feature is a great way to increase your internal network security. The port security feature associates MAC addresses to switch ports and allows only those MAC addresses to access the ports. This can be done on a per port basis, except for trunk ports or etherchannel ports. If an unknown MAC address tries to communicate through the port, port security will shutdown the port (default setting).

Basically you are going to do the following steps, depending on your needs:

1) Determine which ports you will apply port-security to. (Not trunk or etherchannel ports.)
2) Decide if you will use an aging time and how many minutes.
3) Choose how many MAc addresses you will allow on the ports.
4) Choose the security violation mode to enforce.
Apply Port-Security
I will setup port 1/0/1 with the default port-security (you could use t
he range command here)...

Apply Aging Time and Maximum Mac Addresses
The default settings will allow only one MAC address to communicate through the port (Maximum MAC Addresses). This is done dynamically by default, meaning that only the first MAC learned will be allowed. Also, remember that once a MAC is learned on a port it can't be used on another port. This may be terribly inconvenient. What if you use a laptop and need to take it to the conference room? This is what the "aging time" setting is for. After the specified time (in minutes) the port will clear the MACs it has learned dynamically, allowing you to use them elsewhere.

Also, I need more than one MAC address here because I'm plugged into a Cisco phone. Let's add these parameters to the port...

Here is my interface config now...

If another MAC tries to communicate on that port, a violation will occur, and...

1) The port gets shut down.
2) A message gets generated in the log.
3) An snmp trap is generated.

Log entry...

Aug 2 15:18:26.583 MDT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0c26.0a1d.1ec2 on port FastEthernet1/0/1.

Verify with these commands...

To recover from the err-disabled state, do a "shutdown", "no shutdown" on the interface.
Other global commands can be helpful also, the "clear port-security all" can clear all MACs learned on the switch.
If you are using the default port-security configuration, running the "err-disable recovery cause psecure-violation" command will bring all secure ports out of the error-disabled state.


User's also viewed these links:
cisco phone boot basics

Friday, July 29, 2011

Top Ten Cisco IOS Commands

Here are some invaluable commands to master when dealing with Cisco IOS devices. Please realize that choosing the actual numbered order is an excercise in futility. The most important IOS command is the one that helps you put out the current fire. Also, the options that can be used with these presents a ginormous number of possible commands. I've just compiled some of my favorites.
  1. sh interface
  2. packet-tracer
  3. sh line
  4. sh cdp neighbor
  5. sh archive log config all
  6. "netstat"
  7. sh arp
  8. debug
  9. sh ver
  10. sh run 

Top Ten Cisco IOS Commands - 1) sh int

The Cisco IOS "show interface" command is an invaluable command to know. Also, it is probably one you have used before. With this command you can see the following info and more:

  • IP address & mask
  • Speed & duplex
  • MAC address
  • Status
  • Errors
  • Utilization
  • Last clear counter time

You may know this already, but, what can be difficult is how to extract the precise data you want in a format that you can use. Here are some forms of the "sh int" command that I've found very useful:
Obviously, the basic first...

Ok, I cheated on this one. "Show ip interface brief" displays management IPs and up/down status...

Same command from a router...

 A summary of interfaces and their utilization...

The description field can be handy. If you use it when programming ports, it can come back to help you later...

Also, errors can be seen. Here you'll see I've got some collisions and a receive error...

Another variation on errors...

Trunk info...

I use this a lot when setting up a new printer or workstation...

Need to check on the status of your gbics?...

As you can see, the data that can be extracted from this root command "sh int" is only limited by your ability to understand the options and some experience with the cli.

Check this out. It is a Cisco page giving the field descriptions...
Cisco 12.2 docs "interface" command

Wednesday, July 20, 2011

Top Ten Cisco IOS Commands - 4) sh cdp neighbor

CDP (Cisco discovery protocol) is a layer 2 proprietary protocol for Cisco devices. It sends announcements (default is every 60 seconds) about IOS version, IP address, hostname, etc. to multicast address 0100-0ccc-cccc on each connected interface. The type of information that you receive from the "show cdp neighbors" command varies depending on the version of IOS you are running. CDP can be enabled on a per-interface basis and I would recommend disabling it on external facing interfaces. (You may not want devices outside your network to glean anything from the CDP protocol running on your router!) Also, it is often used in conjunction with snmp by some monitoring software to map networks, poll IOS versions, etc.

Here are some examples...

R1# sh cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
                  S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,
                  D - Remote, C - CVTA, M - Two-port Mac Relay
Device ID                   Local Intrfce     Holdtme    Capability    Platform     Port ID
SEPE9CA70FB2479  Fas 3/0/11        125             H P M        IP Phone     Port 1            Fas 1/0/48        134             R S I          2821            Gig 0/0.1

R1# sh cdp neighbors ?
  Async                     Async interface
  Auto-Template      Auto-Template interface
  BVI                          Bridge-Group Virtual Interface
  CTunnel                 CTunnel interface
  Dialer                      Dialer interface
  FastEthernet         FastEthernet IEEE 802.3
  Filter                       Filter interface
  Filtergroup            Filter Group interface
  GigabitEthernet   GigabitEthernet IEEE 802.3z
  GroupVI                Group Virtual interface
  Lex                        Lex interface
  Port-channel        Ethernet Channel of interfaces
  Portgroup             Portgroup interface
  Pos-channel        POS Channel of interfaces
  Tunnel                  Tunnel interface
  Vif                          PGM Multicast Host interface
  Virtual-Template Virtual Template interface
  Virtual-TokenRingVirtual TokenRing
  Vlan                      Catalyst Vlans
  detail                    Show detailed information
  fcpa                      Fiber Channel
  |                            Output modifiers

R1# sh cdp neighbors detail
Device ID: SEPE9CA70FB2479
Entry address(es):
  IP address:
Platform: Cisco IP Phone 7975,  Capabilities: Host Phone Two-port Mac Relay
Interface: FastEthernet3/0/11,  Port ID (outgoing port): Port 1
Holdtime : 178 sec
Second Port Status: Up

advertisement version: 2
Duplex: full
Power drawn: 12.000 Watts
Power request id: 31097, Power management id: 3
Power request levels are:12000 0 0 0 0
Management address(es):
Device ID:
Entry address(es):
  IP address:
Platform: Cisco 2821,  Capabilities: Router Switch IGMP
Interface: FastEthernet1/0/48,  Port ID (outgoing port): GigabitEthernet0/0.1
Holdtime : 127 sec

advertisement version: 2
VTP Management Domain: ''
Duplex: full
Management address(es):

R1# sh cdp traffic
CDP counters :
        Total packets output: 393013, Input: 15743
        Hdr syntax: 0, Chksum error: 0, Encaps failed: 0
        No memory: 0, Invalid packet: 0,
        CDP version 1 advertisements output: 0, Input: 0
        CDP version 2 advertisements output: 393013, Input: 15743

R1# sh cdp interface Fa1/0/48
FastEthernet1/0/48 is up, line protocol is up
  Encapsulation ARPA
  Sending CDP packets every 60 seconds
  Holdtime is 180 seconds

As I mentioned, you can and should disable it on some interfaces...

R1# config t
R1(config)# int fa0/0
R1(config-if)# no cdp enable

Top Ten Cisco IOS Commands - 3) sh line, sh users

A good understanding of terminal connections is important when administering Cisco devices.
The Cisco IOS command "show line" gives you a snapshot of which terminal "lines" are in use...

R1# sh line
   Tty Line   Typ     Tx/Rx    A Modem  Roty  Uses  Noise Overruns  Int
        0    0    CTY              -    -      -    -    -         0      0    0/0      -
*      1    1    AUX 115200/115200- inout     -    3      0   53/0      -
*   514  514 VTY              -    -      -    -    -    80     0    0/0      -
    515  515 VTY              -    -      -    -    -     2      0    0/0      -
    516  516 VTY              -    -      -    -    -     0      0    0/0      -
    517  517 VTY              -    -      -    -    -     0      0    0/0      -
    518  518 VTY              -    -      -    -    -     0      0    0/0      -
    519  519 VTY              -    -      -    -    -     0      0    0/0      -
    520  520 VTY              -    -      -    -    -     0      0    0/0      -
    521  521 VTY              -    -      -    -    -     0      0    0/0      -
    522  522 VTY              -    -      -    -    -     0      0    0/0      -
    523  523 VTY              -    -      -    -    -     0      0    0/0      -
    524  524 VTY              -    -      -    -    -     0      0    0/0      -
    525  525 VTY              -    -      -    -    -     0      0    0/0      -
    526  526 VTY              -    -      -    -    -     0      0    0/0      -
    527  527 VTY              -    -      -    -    -     0      0    0/0      -
    528  528 VTY              -    -      -    -    -     0      0    0/0      -
    529  529 VTY              -    -      -    -    -     0      0    0/0      -

Line(s) not in async mode -or- with no hardware support:

The terminal types are CTY=console, AUX=auxilliary, and VTY=virtual terminal.
The console and auxilliary ports are serial connections and the vty lines are for remote connections over the network using telnet or ssh.

The console port is typically used when setting up the device for the first time or in disaster recovery type scenarios when an IOS image upgrade isn't cooperating, or the device doesn't have a valid IOS image, for example.

The auxiliary port is typically used by a modem for "out-of-band" access as a backup connection for when the network is having issues. It's almost as good as the console port, but, doesn't give you rommon access.

You can manually disconnect any of these lines with the following command...

R1# clear line <x>
[confirm] <------------press enter here

Additionally, sometimes you'll want to know what IP addresses are connected. Use the "sh users" command for this...

R1# sh users
    Line       User       Host(s)              Idle           Location
  514    vty 0                idle                    2d00h
  515    vty 1                idle                 00:01:01
*516    vty 2                idle                 00:00:00

  Interface    User               Mode         Idle             Peer Address
  Se0/2/0:0                       Sync PPP     00:00:00
  Se0/2/1:0                       Sync PPP     00:00:00
  Se0/2/2:0                       Sync PPP     00:00:00
  Mu1                               Sync PPP     00:00:00

Here the asterisk by line 516 shows my IP address. Also, try the command "who" on some IOS versions. It does pretty much the same thing.

Monday, July 11, 2011

Top Ten Cisco IOS Commands - 5) sh archive log config all

This will be one of your favorites if you ever have to use it to roll back changes to a Cisco router or switch.

First, setup the configuration change logging:

R1# config term

Enter archive config mode:
R1(config)# archive

Enter logger config mode:
R1(config-archive)# log config

Enable logging of config changes:
R1(config-archive-log-config)# logging enable

Set the max number of entries to retain in the log:
R1(config-archive-log-config)# logging size 500

Suppress displaying passwords in the log file:
R1(config-archive-log-config)# hidekeys

Enable sending config changes to a syslog server:
R1(config-archive-log-config)# notify syslog

In order to view the log entries:
R1# sh archive log config all
  387    28   unknown user@vty0     |ip access-list standard GoodIP
  388    28   unknown user@vty0     | remark Internal Servers
  389    28   unknown user@vty0     | permit
  390    28   unknown user@vty0     | permit
  391    28   unknown user@vty0     | permit
  392    28   unknown user@vty0     | permit
  393     0    unknown user@vty2     |!exec: enable
  394     0    unknown user@vty0     |!exec: enable
  395    31   unknown user@vty0     |interface Tunnel200
  396    31   unknown user@vty0     | shutdown

That's pretty useful if you need to know the last command(s) you or someonelse issued on the device. But, for larger entries or pastes wouldn't it be great if you could see that same data in a format ready to copy into a text editor? Try this...

sh archive log config all provisioning

Saturday, July 2, 2011

Top Ten Cisco IOS Commands - 6) "netstat"

These are your Cisco "netstat" commands. Basic protocol, IP, and port info can be seen with this IOS command on your switch...

Switch1# sh ip sockets
Proto    Remote      Port      Local            Port     In    Out    Stat    TTY    OutputIF
 17   --listen--          10000     0        0       11         0
 17   --listen--            1975     0        0       11         0
 17                  0      2228     0        0     211         0
 17                  0          67     0        0   2211         0
 17    2603        161     0        0   1001         0
 17   --listen--              162     0        0   1011         0
 17   --listen--          60839     0        0   1011         0
 17   --listen--          --any--                        161     0        0 20001         0
 17   --listen--          --any--                        162     0        0 20011         0
 17   --listen--          --any--                    65150     0        0 20001         0
 17   --listen--              123     0        0         1         0
 17        162    49391     0        0         0         0

Here is the Cisco router equivalent...

R1# sh tcp brief
TCB                   Local Address                       Foreign Address                     (state)
48C0AD3C                   sql.domain.local.445              TIMEWAIT
48BF3818                   domain.web.local.1433          TIMEWAIT
4AD39ED8                        ESTAB
4AB25F74      25-149-211-185-TX.39937                 TIMEWAIT
4908FBA0                               ESTAB
4896967C       25-149-211-185-TX.58906                     TIMEWAIT
4A7B74F4      25-149-211-185-TX.32817     TIMEWAIT
4A4298F0                         ESTAB
48C0C658                       TIMEWAIT
4AC486D0                         ESTAB
4A7CA068                           ESTAB
4A29B594                  domain.web.local.1120         TIMEWAIT
497F0088                                   ESTAB

And lastly, the firewall equivalent...

ASA1#sh conn all
683 in use, 5678 most used
TCP OUTSIDE DMZ, idle 0:00:02, bytes 5797, flags UIOB
TCP OUTSIDE DMZ, idle 0:00:04, bytes 6596, flags UIOB
TCP OUTSIDE DMZ, idle 0:00:06, bytes 6951, flags UIOB
TCP OUTSIDE DMZ, idle 0:00:08, bytes 4121, flags UIOB
TCP OUTSIDE DMZ, idle 0:00:08, bytes 22512, flags UIOB
TCP OUTSIDE DMZ, idle 0:00:14, bytes 36091, flags UIOB
TCP OUTSIDE DMZ, idle 0:00:24, bytes 3944, flagsUIOB
TCP OUTSIDE DMZ, idle 0:00:34, bytes 10785, flags UIOB
TCP OUTSIDE DMZ, idle 0:00:03, bytes 26135, flags UIOB
TCP OUTSIDE DMZ, idle 0:00:29, bytes 103690, flags UIOB
TCP OUTSIDE DMZ, idle 0:00:05, bytes 86075, flags UIOB
TCP OUTSIDE DMZ, idle 0:00:04, bytes 6565, flags UIOB
TCP OUTSIDE DMZ, idle 0:00:03, bytes 72144, flags UIOB

If you are looking for a specific IP address within any of the above commands, filter the results by adding 'pipe' and 'include' to the end of the command...

sh conn | i <ip address>
sh tcp brief | i <ip address>
sh ip sockets | i <ip address>

Friday, July 1, 2011

Top Ten Cisco IOS Commands - 7) sh arp

A brief into to ARP:

In order for a node to communicate with another node on an Ethernet network they must know 2 things, the IP address and the MAC address. Arp is the liason between layer 2 (the MAC address) and layer 3 (the IP address). First, the DNS protocol is used to resolve the host name to an IP address. Then, ARP takes over by sending a broadcast to all nodes on the local subnet (aka, broadcast domain) to resolve the IP to a MAC address.

Arp broadcasts only go as far as the local subnet before being replied to. Usually there are only 2 things that can happen here, 1) the destination node responds with its MAC address (through a switch). Or, 2) a router or other gateway device responds with its MAC address because it knows a route to the destination node on a different subnet (this is referred to as proxy-arp, it forwards the broadcast for you to the non-local subnet). Knowing these two possible results is an important concept to remember when looking up IP or MAC info on your Cicso routers and switches.

The requesting node doesn't care who responds as long as it gets the MAC address, so there are some obvious security concerns with this protocol.

If you run the "sh arp" on your switch or router you can see the results are about the same. You get info about devices that are communicating directly with interfaces on the device (i.e., IP, MAC, interface name, aging timer)...

Switch1# s arp
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet             41   0025.13f7.0141  ARPA   Vlan333
Internet              -   0025.13f6.c041  ARPA   Vlan333
Internet             98   0025.77c2.6dc1  ARPA   Vlan333
Internet             140   0025.77c2.6dc1  ARPA   Vlan333
Internet             0   0025.77c2.6dc1  ARPA   Vlan333
Internet              7   00e0.d812.77f1  ARPA   Vlan333

Router1# s arp
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet               43   da30.9171.834a  ARPA   GigabitEthernet0/0
Internet               19   f4ac.c178.f442  ARPA   GigabitEthernet0/0
Internet             227   0026.77c2.6bc1  ARPA   GigabitEthernet0/0
Internet             156   001f.bd8b.3545  ARPA   GigabitEthernet0/0
Internet             266   001b.044c.1280  ARPA   GigabitEthernet0/0
Internet              64   0024.c4d5.4cf0  ARPA   GigabitEthernet0/0
Internet             157   001b.2acc.2b50  ARPA   GigabitEthernet0/0
Internet              86   001d.9d13.55c1  ARPA   GigabitEthernet0/0
Internet              -   001d.2abb.2a36  ARPA   GigabitEthernet0/0
Internet          5   001f.9e58.c0d3  ARPA    GigabitEthernet0/1
Internet          -   001b.2abb.3337  ARPA    GigabitEthernet0/1

Now that you know the IPs and MACs you just need the port numbers associated with them and you'll have a pretty decent port mapping of the switch. Try this...

Switch1# sh mac address-table

Vlan    Mac Address       Type        Ports
----    -----------       --------    -----
 All    0200.0ccc.cccc    STATIC      CPU
 All    0200.0ccc.cccd    STATIC      CPU
 All    0162.c200.0000    STATIC      CPU
 All    0162.c200.0001    STATIC      CPU
 All    0162.c200.0002    STATIC      CPU
 All    0162.c200.0003    STATIC      CPU
 All    0162.c200.0004    STATIC      CPU
 All    0162.c200.0005    STATIC      CPU
 All    0162.c200.0006    STATIC      CPU
 All    0162.c200.0007    STATIC      CPU
 All    0162.c200.0008    STATIC      CPU
 All    0162.c200.0009    STATIC      CPU
 All    0162.c200.000a    STATIC      CPU
 All    0162.c200.000b    STATIC      CPU
 All    0162.c200.000c    STATIC      CPU
 All    0162.c200.000d    STATIC      CPU
 All    0162.c200.000e    STATIC      CPU
 All    0162.c200.000f    STATIC      CPU
 All    0162.c200.0010    STATIC      CPU
 All    ffff.ffff.ffff    STATIC      CPU
   1    0025.8386.9034    DYNAMIC     Gi1/0/3
   1    0025.83f0.e52a    DYNAMIC     Gi3/0/4
 300    001b.2abb.2f90    DYNAMIC     Gi1/0/3
 300    001b.2abb.25c0    DYNAMIC     Gi1/0/3
 300    001b.d44c.9277    DYNAMIC     Gi1/0/3
 300    001e.bd8b.2145    DYNAMIC     Gi1/0/3
 300    0024.c4c5.4df0    DYNAMIC     Gi1/0/3
 300    0025.8206.9085    DYNAMIC     Gi1/0/3
 300    0025.83c2.5ac1    DYNAMIC     Gi1/0/3
 300    ec30.9171.8322    DYNAMIC     Gi1/0/3
 333    001b.d44c.1180    DYNAMIC     Gi1/0/3
 333    0025.5586.9485    DYNAMIC     Gi1/0/3
 333    0015.83c2.6dc4    DYNAMIC     Gi1/0/3
 333    0fe0.d810.ba7f    DYNAMIC     Gi1/0/3
 333    0fe0.d812.83d1    DYNAMIC     Gi1/0/3
 333    0fe0.d812.644f    STATIC      Fa1/0/47

Looking at MAC addresses associated with IP addresses can be confusing at first. For example, you may be wondering why there are so many MAC addresses assigned to one port, Gi1/0/3 above. This port happens to be a trunk port which carries all inter-vlan traffic. So, some of these are other switches, routers, etc.

When looking at your devices arp cache, you'll sometimes see multiple IP addresses with the same MAC entry. This is because of the proxy-arp mentioned above. The MAC you see is your gateway device. Run an "arp -a" command on your Windows pc you'll only see your gateway device's MAC for anything you ping outside your local subnet.

Additional notes:

Arp cache timeout defaults vary by vendor. Windows is sometimes 10 minutes, while Cisco devices are often 4 hours!

Most newer switches today have layer 3 (routing) capability, so, they may be the gateway device and perform the inter-vlan routing that used to require a router.

Also, sometimes you'll see "bia" in front of the MAC address on cisco routers and switches, this means "burned in address."

Sunday, June 26, 2011

Top Ten Cisco IOS Commands - 8) debug

debug - is a fickle command that doesn't always give you the smoking gun you'd hope for. However, sometimes it really comes through. (This is a command that you really want to be careful with! It can bring a device to its knees in a hurry.) That said, there are hundreds of possible options for debugging, I not going to dive in that deep, but, here's a good example to get you off and running.

Let's debug our dhcp server...

router1# debug ip dhcp server packet detail
router1# sh log
Log Buffer (65534 bytes):
 CST:   DHCPD: htype 1 chaddr 0025.84a2.1b56
Oct 14 07:49:52.389 CST:   DHCPD: lease time remaining (secs) = 86400
Oct 14 07:50:11.641 CST: DHCPD: Sending notification of ASSIGNMENT:
Oct 14 07:50:11.641 CST:  DHCPD: address mask
Oct 14 07:50:11.641 CST:   DHCPD: htype 1 chaddr 0025.8418.cb21
Oct 14 07:50:11.641 CST:   DHCPD: lease time remaining (secs) = 86400
Oct 14 07:50:13.405 CST: DHCPD: Sending notification of ASSIGNMENT:
Oct 14 07:50:13.405 CST:  DHCPD: address mask
Oct 14 07:50:13.405 CST:   DHCPD: htype 1 chaddr 0025.84a2.1c7a
Oct 14 07:50:13.405 CST:   DHCPD: lease time remaining (secs) = 86400
Oct 14 07:50:21.677 CST: DHCPD: Sending notification of DISCOVER:
Oct 14 07:50:21.677 CST:   DHCPD: htype 1 chaddr 10d0.d812.83f1
Oct 14 07:50:21.677 CST:   DHCPD: remote id 020a00000a3c00fe00000384
Oct 14 07:50:21.677 CST:   DHCPD: circuit id 00000000
Oct 14 07:50:21.677 CST: DHCPD: Seeing if there is an internally specified pool class:
Oct 14 07:50:21.677 CST:   DHCPD: htype 1 chaddr 10d0.d812.83f1
Oct 14 07:50:21.677 CST:   DHCPD: remote id 020a00000a3c00fe00000384
Oct 14 07:50:21.677 CST:   DHCPD: circuit id 00000000
Oct 14 07:50:21.677 CST: DHCPD: there is no address pool for
Oct 14 07:50:26.153 CST: %ISDN-6-CONNECT: Interface Serial0/0/0:0 is now connected to 4177666471 N/A
Oct 14 07:50:29.901 CST: DHCPD: Sending notification of DISCOVER:
Oct 14 07:50:29.901 CST:   DHCPD: htype 1 chaddr 10d0.d812.f606
Oct 14 07:50:29.901 CST:   DHCPD: remote id 020a00000a3c00fe00000384
Oct 14 07:50:29.901 CST:   DHCPD: circuit id 00000000
Oct 14 07:50:29.901 CST: DHCPD: Seeing if there is an internally specified pool class:
Oct 14 07:50:29.901 CST:   DHCPD: htype 1 chaddr 10d0.d812.f606
Oct 14 07:50:29.901 CST:   DHCPD: remote id 020a00000a3c00fe00000384
Oct 14 07:50:29.901 CST:   DHCPD: circuit id 00000000
Oct 14 07:50:29.901 CST: DHCPD: there is no address pool for
Oct 14 07:50:32.153 CST: %ISDN-6-CONNECT: Interface Serial0/0/0:0 is now connected to 4177666471 N/A
Oct 14 07:50:34.557 CST: DHCPD: Sending notification of ASSIGNMENT:
Oct 14 07:50:34.557 CST:  DHCPD: address mask
Oct 14 07:50:34.557 CST:   DHCPD: htype 1 chaddr 0025.84a0.f328
Oct 14 07:50:34.557 CST:   DHCPD: lease time remaining (secs) = 86400

This is what you'd expect to see, discovery of MACs and assignment of IP addresses. Good stuff.

Don't forget to stop the debugging when you're done with it. Otherwise you're just chewing up valuable resources...

router1# undebug all
All possible debugging has been turned off

Also, you can check to see what debugging you or someone else has turned on...

router1# sh debug
DHCP server packet detail debugging is on

Wednesday, June 22, 2011

Top Ten Cisco IOS Commands - 9) sh ver, sh inventory, sh platform

sh ver - sh inventory - sh platform
I couldn't help but throw these all in together as they are equally informative Cisco commands. The show platform command is quite different when run on a switch compared to the router's output, but, it's still a handy command.

Sh ver -
This seemingly harmless command will give you a ton of info:

IOS image version
Hardware model
Modules installed
Memory info
Serial number
Switch stack info
Current configuration register setting
How the system was last started (reload command, power-on, etc.)
What, you wanted more?? Sheesh!

router1# s ver
Cisco IOS Software, 2800 Software (C2800NM-IPSERVICESK9-M), Version 12.4(24)T3, RELEASE SOFTWARE (fc2)
Technical Support:
Copyright (c) 1986-2010 by Cisco Systems, Inc.
Compiled Tue 21-Jul-10 08:43 by prod_rel_team

ROM: System Bootstrap, Version 12.4(13r)T, RELEASE SOFTWARE (fc1)

router1 uptime is 19 hours, 21 minutes
System returned to ROM by reload at 16:03:11 CDT Tue Jun 21 2011
System restarted at 16:07:38 CDT Tue Jun 21 2011
System image file is "flash:c2800nm-ipservicesk9-mz.124-24.T3.bin"

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Blah, blah, blah....

If you require further assistance please contact us by sending email

Cisco 2821 (revision 53.50) with 237568K/24576K bytes of memory.
Processor board ID FDX1398A2GD
2 Gigabit Ethernet interfaces
1 Serial interface
2 Virtual Private Network (VPN) Modules
DRAM configuration is 64 bits wide with parity enabled.
239K bytes of non-volatile configuration memory.
62720K bytes of ATA CompactFlash (Read/Write)

Configuration register is 0x2102

Sh inventory -
Obviously, this command gives you some great detailed info about your hardware, too:

router1# sh inventory
NAME: "2821 chassis", DESCR: "2821 chassis"
PID: CISCO2821         , VID: V03 , SN: FDX1398A2GD

NAME: "WAN Interface Card - DSU/CSU T1 Fractional (V2) on Slot 0 SubSlot 2", DESCR: "WAN Interface Card - DSU/CSU T1 Fractional (V2)"
PID: WIC-1DSU-T1-V2      , VID: 1.2, SN: FO730343CHD

NAME: "WAN Interface Card - DSU/CSU T1 Fractional (V2) on Slot 0 SubSlot 3", DESCR: "WAN Interface Card - DSU/CSU T1 Fractional (V2)"
PID: WIC-1DSU-T1-V2      , VID: 1.2, SN: FO730380RTG

NAME: "Virtual Private Network (VPN) Module on Slot 0", DESCR: "Encryption AIM Element"
PID: AIM-VPN/SSL-2     , VID: V01, SN: FOC1104K58T

Sh platform -
I do use this command more on the router than the switches. Notice how you can see that Dimm 1 slot is empty? That could be handy when you are needing to upgrade multiple devices:

router1# sh platform
 2821 Network IO Interrupt Throttling:
 throttle count=1040, timer count=1
 throttle counts= 1040 0 0 0 0
 active=0, configured=1
 netint usec=20000, netint mask usec=1000
 real netint usec=4000, real netint mask usec=200
 IO Mask is F34F
 Per Slot Intr Mask is F34F

2821 Backplane EEPROM:
        PCB Serial Number        : FOC11090U7R
        Hardware Revision        : 1.0
        Top Assy. Part Number    : 800-26921-02
        Board Revision           : A0
        Deviation Number         : 0
        Fab Version              : 03
        RMA Test History         : 00
        RMA Number               : 0-0-0-0
        RMA History              : 00
        Processor type           : 87
        Hardware date code       : 20070302
        Chassis Serial Number    : FTX1111A3FV
        Chassis MAC Address      : 001b.534f.7d98
        MAC Address block size   : 32
        CLEI Code                : COM3D00BRA
        Product (FRU) Number     : CISCO2821     
        Part Number              : 73-8853-04
        Version Identifier       : V03
        EEPROM format version 4
        EEPROM contents (hex):
          0x00: 04 FF C1 8B 46 4F 43 31 31 30 39 30 55 37 52 40
          0x10: 03 E8 41 01 00 C0 46 03 20 00 69 29 02 42 41 30
          0x20: 88 00 00 00 00 02 03 03 00 81 00 00 00 00 04 00
          0x30: 09 87 83 01 32 3F 9E C2 8B 46 54 58 31 31 31 31
          0x40: 41 33 46 56 C3 06 00 1B 53 4F 7D 98 43 00 20 C6
          0x50: 8A 43 4F 4D 33 44 30 30 42 52 41 CB 8F 43 49 53
          0x60: 43 4F 32 38 32 31 20 20 20 20 20 20 82 49 22 95
          0x70: 04 89 56 30 33 20 D9 02 40 C1 FF FF FF FF FF FF

TLB entries :
Size  Virt Address range      Phy Address range       Attributes
 16M  0x40000000:0x41FFFFFF   0x00000000:0x01FFFFFF   CacheMode=3, RO, Valid
 16M  0x42000000:0x43FFFFFF   0x02000000:0x03FFFFFF   CacheMode=3, RO, Valid
 256K 0x44000000:0x4407FFFF   0x04000000:0x0407FFFF   CacheMode=3, RO, Valid
 256K 0x44080000:0x440FFFFF   0x04080000:0x040FFFFF   CacheMode=3, RO, Valid
 256K 0x44100000:0x4417FFFF   0x04100000:0x0417FFFF   CacheMode=3, RO, Valid
 64K  0x44180000:0x4419FFFF   0x04180000:0x0419FFFF   CacheMode=3, RO, Valid
 64K  0x441A0000:0x441BFFFF   0x041A0000:0x041BFFFF   CacheMode=3, RW, Valid
 64K  0x441C0000:0x441DFFFF   0x041C0000:0x041DFFFF   CacheMode=3, RW, Valid
 64K  0x441E0000:0x441FFFFF   0x041E0000:0x041FFFFF   CacheMode=3, RW, Valid
 1M   0x44200000:0x443FFFFF   0x04200000:0x043FFFFF   CacheMode=3, RW, Valid

Dimm 0 SPD data :
Size of dimm                 = 256 Megabytes
Memory Type                  = 0x7
Row Addresses                = 0xD
Column Address               = 0xA
Module Rows                  = 0x1
Data Width                   = 0x48 
Voltage Interface            = 0x4
Cycle Time                   = 0x75
Access Time                  = 0x75
Configuration Type           = 0x2
Refresh Rate/Type            = 0x82
Primary Width                = 0x8
Error Width                  = 0x8
Minimum Clock Delay          = 0x1
Burst Lengths                = 0xE
Number of Banks              = 0x4
Cas Latencies                = 0xC
Write Latency                = 0x2
Module Attributes            = 0x20
General Attributes           = 0x0
Min Cycle Time, CAS of 2     = 0xA0
Access Clock Cycle, CAS of 2 = 0x75
Min Cycle Time, CAS of 1     = 0x0
Access Clock Cycle, CAS of 2 = 0x0
Row Precharge                = 0x50
Row Active to Row Active     = 0x3C
RAS CAS Delay                = 0x50
Ras Pulse Width              = 0x2D
Row Density                  = 0x40
Vendor Id                    = 7FA8000000000000
Module Part Number           = CIS00-21077-414IC
Module Revision Code         = 0100
        SPD contents (hex):
         0x00: 80 08 07 0D 0A 01 48 00 04 75 75 02 82 08 08 01
         0x10: 0E 04 0C 01 02 20 00 A0 75 00 00 50 3C 50 2D 40
         0x20: 90 90 50 50 00 00 00 00 00 41 4B 34 32 75 00 00
         0x30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 38
         0x40: 7F A8 00 00 00 00 00 00 01 43 49 53 30 30 2D 32
         0x50: 31 30 37 37 2D 34 31 34 49 43 20 01 00 06 48 10
         0x60: D7 11 00 53 69 6D 70 6C 65 54 65 63 68 00 00 00
         0x70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Dimm 1 SPD data :
Memory Slot Empty

System RTC device  = DS1337

How about this one, ever wish you could see the LEDs on your router miles away? Try this:

router1# sh platform led
LED    :       SYSTEM   AUX      ACT      CF

LED    :        AIM0     AIM1

LED    :      PVDM0    PVDM1    PVDM2

Ethernet LEDs :    GE0/0    GE0/1
Link          :         GREEN    BLACK  
Speed 10      :      BLACK    BLACK  
Speed 100     :    GREEN    BLACK  
Speed 1000    :   BLACK    BLACK  
Duplex        :     GREEN    BLACK

Some of the acronyms from above:
SYSTEM= power
AUX= rps power
ACT= activity
CF= flash memory being accessed
AIM0= advanced integration modules (i.e.,T1 card)
PVDM0= packet voice data modules

Monday, June 20, 2011

Backup Cisco Config with HyperTerminal

Many times I've had to backup from a serial connection for many different reasons. Test labs, upgrades, etc. Hyperterminal is great for this. Most Cisco device consoles can be connected to with these settings: 9600 baud, 8 data bits, no parity, 1 stopbit, flow control none.
Once connected I'll set the terminal screen length to 0 so that it doesn't prompt me page by page. Do this with the "term len 0" command. Next type in the show run" command, but, don't press enter yet...

Now click on Transfer > Capture Text and then select where to save the config and what you want to name it and click Start...
At this point, any input/output from HyperTerminal will show up in your txt file. This is why I had you type in the "show run" command and wait. Spaces and commands will show up cluttering your config file. Now press enter in your HyperTerminal window and let the running-config scroll to the bottom until it stops. Now click on Transfer > Capture Text > Stop...
You now have your config backed up in the directory you specified earlier. Congrats!
If you didn't already love HyperTerminal, you do now, right? Hope this helps.

Send this link to a friend if you liked it. Thanks!

Thursday, June 16, 2011

Top Ten Cisco IOS Commands -10) Show Run

Let's face it...there's nothing sexy about this command. However, that being said, you may not know as much as you should about this command. I'm sure you've ran a "sh run" or two in your day, but how about these variances....
How about looking at just the config of one interface?

router1# sh run int G0/0

Building configuration...
Current configuration : 279 bytes
interface GigabitEthernet0/0
description to Master Switch
bandwidth 10000000
ip address
ip flow egress
ip nat inside
ip route-cache same-interface
ip route-cache flow
ip policy route-map SendThisWay
duplex auto
speed auto

Or, maybe you want to see the running-config starting at the auxiliary line...

router1# sh run | begin line aux

line aux 0
session-timeout 10
password 7 03F44C1E1A4A0E58D2
modem Dialin
stopbits 1
flowcontrol hardware
line vty 0 2
access-class ITGuys in
exec-timeout 0 0
password 7 03F44C1E1A4A0E58D2
logging synchronous
line vty 3 4
access-class ITGuys in
password 7 03F44C1E1A4A0E58D2
logging synchronous
line vty 5 15
access-class ITGuys in
password 7 03F44C1E1A4A0E58D2
ntp logging
ntp clock-period 17179769
ntp source GigabitEthernet0/3
ntp master
ntp server

If you need to remove an old ACL you'd better check to see what the ramifications might be.
Here I did an "include" to show me all the places this ACL was being used...

router1# sh run | i MyAcl

ip access-list extended MyAcl
remark ACL MyAcl
match ip address MyAcl

It looks like my access list is being used in a route-map!
I'd better use the "section" argument to look at sections in the running-config with MyAcl in them...

router1# sh run | sec MyAcl

ip access-list extended MyAcl
remark ACL MyAcl ver 4a
permit ip any host
permit ip any host
permit ip any host
permit ip any host
deny ip any any
route-map MyAcl permit 1
description Traffic for SQL
match ip address MyAcl
set ip next-hop verify-availability 10 track 1

Also, did you know the show run command tells the last time a write mem was performed...

router1# sh run

Building configuration...
Current configuration : 31823 bytes
! Last configuration change at 15:56:22 EST Tue Feb 15 2011
version 12.7

So as you can see, this command is pretty useful when you know which argument to use!
I almost hated to put this on the list, but, I use it on a daily basis.
Thanks for reading!