Enhanced Show interfaces commands in a Cisco Routers & Cisco Catalyst Switches.

Enhanced Show interfaces commands in a Cisco Routers & Cisco Catalyst Switches.

I was amazed to see many options available with “show interfaces commands which are undocumented, most of these commands are available in IOS release 12.2(44) (may be available with earlier versions, if so do comment).

Some of the undocumented commands are as follows
1) Show interfaces description displays interfaces names, Line and Line protocol status and interface description. Extremely useful to know the status of interfaces which are up or down.
2) Show interfaces counters protocol status displays the L3 protocols active on each interface.
3) Show interfaces summary displays the state of various interface queues and related drop counters in a good tabular format.
4) Show interfaces accounting displays per-protocol in/out counters.

Here are few sample outputs:

Sample Output from Cisco 3745 Router
MBGF-DAC-3745R01#sho interfaces description
Interface                      Status         Protocol Description
Fa0/0                           up             up       WAN connection THru. Bayanat
Fa0/1                            up             up       Connected to LAN
Tu0                                up             up      
MBGF-DAC-3745R01#

Sample output for Cisco 3560 Switch
MBGF-DAC-3560-AS02#sho interfaces description
Interface               Status         Protocol       Description
Vl1                               up             up      
Vl50                            up             up      
Gi0/1                          up             up      
Gi0/2                          up             up      
Gi0/3                          up             up      
Gi0/4                          up             up      
Gi0/5                          up             up      
Gi0/6                          up             up      
Gi0/7                          down           down    
…… 
Gi0/25                         up             up                con2 Khalid
Gi0/26                         down           down    
Gi0/27                         down           down    
Gi0/40                         up             up             CON2-DCAP-50
Gi0/41                         up             up      
Gi0/42                         up             up      
Gi0/43                         up             up  

Gi0/52                         up             up      
MBGF-DAC-3560-AS02#
MBGF-DAC-3745R01#show interfaces counters protocol status
Protocols allocated:
 FastEthernet0/0: Other, IP, DEC MOP, ARP, CDP
 FastEthernet0/1: Other, IP
 Tunnel 0:        Other, IP
 
MBGF-DAC-3560-AS02#sho interfaces counters protocol status
Protocols allocated:
 Vlan1: Other, IP, ARP
 Vlan50: Other, IP, ARP
 GigabitEthernet0/1: Other, IP, Spanning Tree, CDP
 GigabitEthernet0/2: Other, IP, Spanning Tree, CDP
 GigabitEthernet0/3: Other, IP, Spanning Tree, CDP
 GigabitEthernet0/4: Other, IP, Spanning Tree, CDP
 GigabitEthernet0/5: Other, IP, Spanning Tree, CDP
 GigabitEthernet0/6: Other, IP, Spanning Tree, CDP
Allocation failures: 0
MBGF-DAC-3560-AS02#
MBGF-DAC-3745R01#sho interfaces summary

 *: interface is up
 IHQ: pkts in input hold queue     IQD: pkts dropped from input queue
 OHQ: pkts in output hold queue    OQD: pkts dropped from output queue
 RXBS: rx rate (bits/sec)          RXPS: rx rate (pkts/sec)
 TXBS: tx rate (bits/sec)          TXPS: tx rate (pkts/sec)
 TRTL: throttle count

  Interface                    IHQ   IQD  OHQ   OQD  RXBS RXPS  TXBS TXPS TRTL
————————————————————————
* FastEthernet0/0          0     0    0     0 10803000  1233 1511000  873    0
* FastEthernet0/1          0     0    0     0 1379000  876 10614000  1237    0
* Tunnel0                         0     0    0     0 10664000  1233 1414000  873    0
NOTE:No separate counters are maintained for subinterfaces
     Hence Details of subinterface are not shown
MBGF-DAC-3745R01#

MBGF-DAC-3560-AS02#sho interfaces summary

 *: interface is up
 IHQ: pkts in input hold queue     IQD: pkts dropped from input queue
 OHQ: pkts in output hold queue    OQD: pkts dropped from output queue
 RXBS: rx rate (bits/sec)          RXPS: rx rate (pkts/sec)
 TXBS: tx rate (bits/sec)          TXPS: tx rate (pkts/sec)
 TRTL: throttle count

  Interface               IHQ   IQD  OHQ   OQD  RXBS RXPS  TXBS TXPS TRTL
————————————————————————-
* Vlan1                                0     0    0     0     0    0     0    0    0
* Vlan50                             0     0    0     0  1000    2  1000    2    0
* GigabitEthernet0/1       0     0    0 54684     0    0  2000    3    0
* GigabitEthernet0/2       0     0    0 54675     0    0  3000    3    0
* GigabitEthernet0/3       0     0    0 54675     0    0  2000    3    0
* GigabitEthernet0/4       0     0    0 54688     0    0  2000    3    0
* GigabitEthernet0/5       0     0    0 54664     0    0  2000    3    0
* GigabitEthernet0/6       0     0    0 54663     0    0  2000    3    0
………
  GigabitEthernet0/46      0     0    0   274     0    0     0    0    0
* GigabitEthernet0/47      0     0    0  5036     0    0  2000    3    0
* GigabitEthernet0/48      0     0    0 16702     0    0  3000    3    0
* GigabitEthernet0/49      0     0    0     0 10000   18     0    0    0
 * GigabitEthernet0/52      3     0    0     0 389000  208 1652000  223    0
MBGF-DAC-3560-AS02#

MBGF-DAC-3745R01#show interfaces accounting
FastEthernet0/0 WAN connection THru. Bayanat
                Protocol    Pkts In   Chars In   Pkts Out  Chars Out
                   Other          0          0      78271    4696260
                      IP  228129752  604147266  238404086 3496449051
                 DEC MOP          0          0       1304     100408
                     ARP      61201    3672060        230      13800
FastEthernet0/1 Connected to LAN
                Protocol    Pkts In   Chars In   Pkts Out  Chars Out
                   Other      13048    5206152      78271    4696260
                      IP  239500045 3032167184  230865599 2990242469
                 DEC MOP          0          0       1304     100408
                     ARP      97797    5867820      75355    4521300
Tunnel0
                Protocol    Pkts In   Chars In   Pkts Out  Chars Out
                      IP  228294310 1722638248  238403420  156253505
MBGF-DAC-3745R01#

Most Commonly used Network Layer Utilities

I was just thinking about the most commonly used Network Layer utilities in day to day business. Here are they which are useful to guys who are aspiring for their CCNA.
1) Address Resolution Protocol (ARP)
2) Domain Name Systems (DNS)
3) Dynamic Host Configuration Protocol (DHCP)
4) Ping.

You can find more details about  Network Layer Utilities  in detail, how they work etc.

A cool tool to solve layer 1 UTP cable issues in Cisco Catalyst Switches.

Here is a simple and cool tool for solving layer 1 UTP cable issues in a Cisco Catalyst Switches, the command used for this function is “test cable-diagnostics tdr interface”
Here is the example

MBGF-DAC-3560-AS01#test cable-diagnostics tdr interface gigabitEthernet 0/1
TDR test started on interface Gi0/1
A TDR test can take a few seconds to run on an interface
Use ’show cable-diagnostics tdr’ to read the TDR results.
MBGF-DAC-3560-AS01#
The Catalyst 2960, 2970, 3560/3560-E, and 3750/3750-E switches have an integrated Time Domain Reflector (TDR), which is used to test cables associated with a port. TDR is supported only on 10/100/1000 and some 10/100 (Catalyst 2960) copper Ethernet ports. It is not supported on 10 GigabitEthernet or SFP module ports.

A TDR test can take a few seconds to run on an interface. Use “show cable-diagnostics tdr” to read the TDR results.

MBGF-DAC-3560-AS01#sho cable-diagnostics tdr interface gigabitEthernet 0/1
TDR test last run on: August 30 08:01:35

Interface Speed Local pair Pair length        Remote pair Pair status
——— —– ———- —————— ———– ——————–
Gi0/1     1000M Pair A     54   +/- 4  meters Pair A      Normal             
                Pair B     52   +/- 4  meters Pair B      Normal             
                Pair C     53   +/- 4  meters Pair C      Normal             
                Pair D     54   +/- 4  meters Pair D      Normal             
MBGF-DAC-3560-AS01#

How to reset the Cisco Catalyst Switch to Factory Defaults

To reset the Cisco Catalyst switches to factory defaults, you need access to the Cisco Catalyst Switch console through either a physical console or a Telnet connection. You also need the console/enable passwords. If you forget the console and enable password of your Cisco Catalyst Switch , you cannot reset the Cisco Catalyst Switch  configuration to factory default to reset the password.

So you have decided to reset the Cisco Catalyst  Switch to factory default settings or else to delete the complete configuration along with VLAN data, here is the easy way.Log in to your Cisco Switch, in global configuration mode issue the following commands

ITKE# write erase
ITKE # delete flash:vlan.dat
ITKE # reload

Here is the graphical snap shots I took while reseting the Cisco Catalyst 3550 Switch.

This snap shot is before reseting with exsisting configuration.

Now lets issue the following commands to reset the Cisco Catalyst Switch to factory default setting,

ITKE# write erase
ITKE # delete flash:vlan.dat
ITKE # reload

After reload you will see the following

Discover Cisco Network Assistant (CNA)

Cisco Network Assistant (CNA) is a PC-based graphical network management application which is free tool included when a new Cisco Switch is purchased. Cisco Network Assistant (CNA) is capable of managing the standalone Cisco Switches and clusters of Cisco Switches in your intranet. Cisco Network Assistant (CNA) is best suited for Small to Mid Sized LANS. . Cisco Network Assistant (CNA) supports wide range of Cisco Catalyst Switches from Cisco 2900 through Cisco Catalyst 4506. The Cisco Network Assistant (CNA) manages many of the critical functions of a Cisco Switches & is optimized for wired and Wireless LANs (WLANs). The Cisco Network Assistant (CNA) provides a centralized network view and allows network administrators to employ its features across Cisco switches, routers, and access points.  With Cisco Network Assistant (CNA) a Network Administrators can easily apply common services, generate inventory reports, synchronize passwords and employ features across Cisco Switches, routers and access points.   Cisco Network Assistant (CNA) is available at no cost and can be downloaded from the Cisco Network Assistant Software Download.

What’s new in Cisco Network Assistant (CNA) Version 5.4?

Increased device limits: Supports up to 40 switches and routers

Enhanced discovery: Discover devices with subnet or IP range 

Diagnostics: Conduct on-demand or scheduled tests to verify hardware functionality 

Command-line interface (CLI) preview: View CLIs before they are sent to the device

In my next article I will focus on how to use the Cisco Network Assistant (CNA).

What is Service timestamps logging, and how it can be configured Cisco Switch or a Router?

Logging is a quite essential part of a secure network configuration. Logging not only helps the Network Administrators to identify the issue while troubleshooting, also enables them to react to intrusion attempts or Denial-of –Service attacks.

By default  on Cisco IOS , no timestamp information is included; however, you can enable timestamps and also modify the format of the timestamp attached to SYSLOG message by using the service timestamps log global configuration commands as follows:

ITKE(Config)# service timestamps log {uptime |datetime [msec |localtime |show-timezone]}

I will demonstrate how to configure a Cisco IOS Switch to log the datetime and loclatime.

Before Configuring the service timestamps log you will get the following logs in a IOS Switch.

ITKE#sho log

Syslog logging: enabled (0 messages dropped, 0 messages rate-limited, 0 flushes, 0 overruns, xml disabled, filtering disabled)

No Active Message Discriminator.

No Inactive Message Discriminator.

   Console logging: level debugging, 453895 messages logged, xml disabled,

                     filtering disabled

    Monitor logging: level debugging, 0 messages logged, xml disabled,

                     filtering disabled

    Buffer logging:  level debugging, 453895 messages logged, xml disabled,

                    filtering disabled

    Exception Logging: size (4096 bytes)

    Count and timestamp logging messages: disabled

    File logging: disabled

    Persistent logging: disabled

    Trap logging: level informational, 453898 message lines logged

        Logging to 10.0.0.2  (udp port 514,  audit disabled,

              authentication disabled, encryption disabled, link up),

              453898 message lines logged,

              0 message lines rate-limited,

              0 message lines dropped-by-MD,

              xml disabled, sequence number disabled

              filtering disabled

        Logging to 10.0.0.1  (udp port 514,  audit disabled,

              authentication disabled, encryption disabled, link up),

              453898 message lines logged,

              0 message lines rate-limited,

              0 message lines dropped-by-MD,

              xml disabled, sequence number disabled

              filtering disabled

          Log Buffer (4096 bytes):

17w5d: %LINK-3-UPDOWN: Interface GigabitEthernet0/41, changed state to down

17w5d: %LINK-3-UPDOWN: Interface GigabitEthernet0/41, changed state to up

17w5d: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/41, changed state to up

17w5d: %SEC-6-IPACCESSLOGP: list 102 permitted tcp 10.0.0.6(49336) -> 0.0.0.0(23), 1 packet

Now we will configure the Cisco IOS Switch with the Service timestamp log command with date & local time of the Switch by issuing the following command from the global configuration mode. 

ITKE(config)#service timestamps log datetime localtime

Here are the details of log show in the switch after configuring the service timestamps log command

ITKE#sho log

Syslog logging: enabled (0 messages dropped, 0 messages rate-limited, 0 flushes, 0 overruns, xml disabled, filtering disabled)

No Active Message Discriminator.

No Inactive Message Discriminator.

    Console logging: level debugging, 454006 messages logged, xml disabled,

                     filtering disabled

    Monitor logging: level debugging, 0 messages logged, xml disabled,

                     filtering disabled

    Buffer logging:  level debugging, 454006 messages logged, xml disabled,

                    filtering disabled

    Exception Logging: size (4096 bytes)

    Count and timestamp logging messages: disabled

    File logging: disabled

    Persistent logging: disabled

    Trap logging: level informational, 454009 message lines logged

        Logging to 10.0.0.2  (udp port 514,  audit disabled,

              authentication disabled, encryption disabled, link up),

              454009 message lines logged,

              0 message lines rate-limited,

              0 message lines dropped-by-MD,

              xml disabled, sequence number disabled

              filtering disabled

        Logging to 10.0.0.1  (udp port 514,  audit disabled,

              authentication disabled, encryption disabled, link up),

              454009 message lines logged,

              0 message lines rate-limited,

              0 message lines dropped-by-MD,

              xml disabled, sequence number disabled

              filtering disabled

Log Buffer (4096 bytes):

Aug 20 09:10:48: %LINK-3-UPDOWN: Interface GigabitEthernet0/13, changed state to up

Aug 20 09:10:49: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/13, changed state to up

Aug 20 09:10:55: %SYS-5-CONFIG_I: Configured from console by yasir on vty2 (10.0.0.6)

Aug 20 09:11:19: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/13, changed state to down

Aug 20 09:11:20: %LINK-3-UPDOWN: Interface GigabitEthernet0/13, changed state to down

Aug 20 09:11:22: %SEC-6-IPACCESSLOGP: list 102 permitted tcp 10.0.0.1(44420) -> 0.0.0.0(23), 1 packet

Aug 20 09:11:23: %LINK-3-UPDOWN: Interface GigabitEthernet0/13, changed state to up

Aug 20 09:11:24: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/13, changed state to up

Aug 20 09:11:37: %SEC-6-IPACCESSLOGP: list 102 permitted tcp 10.0.0.6(49493) -> 0.0.0.0(23), 1 packet

ITKE#

What is the Link-flap error in Cisco Switches?

Link flap means that the interface continually goes up and down in a Cisco Switch. The interface is put into the errdisabled state if it flaps more than five times in 10 seconds. The common cause of link flap is a Layer 1 issue such as a bad cable, duplex mismatch, or bad Gigabit Interface Converter (GBIC) card. Look at the console messages or the messages that were sent to the syslog server that state the reason for the port shutdown.

13w0d: %PM-4-ERR_DISABLE: link-flap error detected on Fa0/28, putting Fa0/28 in err-disable state 

Issue this command in order to view the flap values:

SRCL-ONC-3550-AS01# sho errdisable flap-values  ErrDisable Reason    Flaps     Time (sec)

—————–        ——   ———-

pagp-flap                        3       30

dtp-flap                           3       30

link-flap                           5       10

SRCL-ONC-3550-AS01# 

The interface can be recovered from errdisable state by reenabling the port using the errdisable recovery cause link-flap. This command is used to configure the recovery mechanism so that the interface can be brought out of the disabled state and allowed to try again. You can also set the time interval. Errdisable recovery is disabled by default in Cisco Switches; when enabled, the default time interval is 300 seconds.

Once you enable the errdisable state you can see the following log in the Cisco switch which is trying to recover the error disable interface (link-flap error)

13w0d: %PM-4-ERR_RECOVER: Attempting to recover from link-flap err-disable state on Fa0/28

How to change an IP address in a HP Procurve Switch

Changing an IP address in a Cisco Switch is quite simple, where as in HP Procurve Switches if you try to change an IP address for any existing vlan you get an error message  The IP address (or subnet) 10.0.0.122/23 already exists.. 

I will demonstrate how to change an IP address for an existing VLAN. In this example we have a VLAN 100 assigned with an IP address 10.0.0.99/23 in a HP Procurve Switch.

vlan 100

   name “VLAN100″

   ip address 10.0.0.97 255.255.248.0

   tagged 25-26

   exit

We will try to change the IP address in a normal way as we do in a Cisco Catalyst Switch.

ICU(config)# vlan 100

ICU(vlan-100)# ip address 10.0.0.122 255.255.254.0

The IP address (or subnet) 10.0.0.122/23 already exists.. 

The moment you enter the IP address command you will get an error message mentioned above.

In order to change an IP address do the following things

Log in to the Switch thro a console port.

Then from the global parameters use the following commands

vlan 100

 name “VLAN100″

 no ip address 10.0.0.97 255.255.248.0

 ip address 10.0.0.122  255.255.248.0

However, you can’t do that if you connect to the switch remotely. As soon as the “no ip address” command is received and processed by the switch, your session will be disconnected and you won’t be able to get to the switch.The trick to get around this issue is to make this IP address change through the switch’s built-in menu system instead of using the plain old CLI.

1. Type “menu”, hit Enter
2. Select “Switch Configuration”
3. Select “IP Configuration”
4. Navigate to Edit, hit Enter
5. Change the IP and then Save

Juniper Networks launches Network and Security Manager (NSM)

Juniper Networks is expanding its network and security management capabilities across routing, switching and security infrastructure with the launch of the Network and Security Manager (NSM).

The new Network and Security Manager (NSM) offers centralized management for Juniper Networks J-series services routers, EX-series Ethernet switches, Secure Access SSL VPN and firewall/VPN and Intrusion Detection and Prevention appliances, and the newly announced Unified Access Control (UAC) solution.

The Network and Security Manager (NSM) enables high-performance businesses to consolidate and simplify the management of their network infrastructure to increase security, reduce cost and realize operational gains.

Overview

Network and Security Manager (NSM) is a powerful, centralized management solution that controls the entire device life cycle of firewall/IPSec VPN, Secure Access (SSL), Infranet Controller (IC), J-series and EX-series switches (JUNOS® software). NSM handles the basic setup and network configuration with local and global security policy deployment for these products. Unmatched role-based administration allows IT departments to delegate appropriate levels of administrative access to specific users, minimizing the possibility of a configuration error that may result in a security hole. NSM can scale from small to large enterprises with NSMXpress and NSM Central Manager as a plug-and-play appliance preloaded with the latest version of NSM software.

What happened to the telnet client in Windows Vista?

As we all know how important is a Telnet client.  But by default, Telnet client is not installed with Windows Vista, but you can always install telnet client in Widnows Vista by following the steps below.

1)      Click on Start – Control Panel

 1)      Click on Programs.

 3) Click on Turn Windows features on or off.

4) In the Windows Features dialog box, select the Telnet Client check box.

5) Click on OK.

6) Windows will now install and enable Telnet so it is available from command line.