Cisco Tips

Nov 18 2009   1:06PM GMT

How to archive your Cisco Router or Switch Configuration?

Posted by: Yasir Irfan
Cisco Router tips, Cisco Switches tips, Cisco Tips, Network Tips, Cisco IOS tips, archive command, archive config, configure replace flash, IOS version 12.3 (4) T, IOS Version, Cisco Systems, Cisco Routers, Cisco Switches, Cisco IOS configuration, Cisco Configuration, Router Configuration, Network Technologies and Trends, running config, FTP, HTTP, HTTPS, RCP, SCP, TFTP, protocols, How to archive your Cisco Router or Switch Configuration?

Do you all know there is a great way to archive the tasks you carry out in your Cisco Router or a Cisco Switch? Especially whenever you perform a “write memory or copy run start” in your Cisco Router or a Cisco Switch.

Most people do not realize starting an IOS version 12.3 (4) T and higher an “archive” and “archive config” commands were introduced by Cisco Systems.

The main advantage of advantage of an “archive” command is to have incremental backups of your Cisco Router or Switches configurations and for some reasons if you have blowup with the configuration then using the this feature you can retrieve the old configuration file into your Cisco router or switch.

The “archive config” command allows you to save Cisco IOS configurations in the configuration archive using a standard location and filename prefix that is automatically appended with an incremental version number (and optional timestamp) as each consecutive file is saved.
Once the maximum number of file saved in the archive, the oldest file will be automatically replaced by the next file.

The “show archive” command displays information for all configuration files saved in the Cisco IOS configuration archive.
In this example, we will save the archive configuration files on the flash memory; however, you can also store the configuration files remotely using such protocols as FTP, HTTP, HTTPS,RCP, SCP, and TFTP.
By using following set of commands we can enable archive feature in a Cisco Router or a Cisco Switch provided the IOS version is either 12.3 (4) T or higher . In this example, the location and filename prefix is specified as disk0: itkebackup

ITKE-AS0 (config)#archive

ITKE-AS01(config-archive)#path flash:itkebackup

To save the current running configuration in the configuration archive use the “archive config” command as shown below

ITKE-AS01# archive config

The “show archive” command displays information of the files saved in the configuration archive as shown in the following example:

ITKE-AS01#show archive

         There are currently 3 archive configurations saved.

         The next archive file will be named flash: itkebackup -3

         Archive # Name

         0

         1 flash: itkebackup -1

         2 flash: itkebackup -2 <- Most Recent

         3

         4

         5

         6

         7

         8

         9

         10

         11

         12

         13

         14

 

ITKE-AS01#

By using the “configure replace flash” command you can restore the configuration

ITKE-AS01#configure replace flash: itkebackup -2

         This will apply all necessary additions and deletions

         to replace the current running configuration with the

         contents of the specified configuration file, which is

         assumed to be a complete configuration, not a partial

         configuration. Enter Y if you are sure you want to proceed. ? [no]: y

         Total number of passes: 0

         Rollback Done

The “archive” command is quite handy to keep the he is great for keeping multiple copies of the running config in an archive.

Nov 17 2009   6:38AM GMT

How to disable SSH in Cisco Devices?

Posted by: Yasir Irfan
How to disable SSH in Cisco devices, SSH, Cisco Router, Cisco Switch, crypto key zeroize rsa, enable SSH, Disable SSH, Cisco-remote-access, remote access, Routing and Switching, ssh disable, ssh enable, ssh reconfigure, Cisco Tips, Cisco Networking, Router Configuration, Switch Configuration, disable SSH in Cisco routers, disable SSH in Cisco Switches, Network Technologies and Trends, Cisco Commands

We all know the importance of SSH, and it is one of most used method for remote access of Cisco Devices either it might be a Cisco Router or a Cisco Switch. Most of the Network Engineers I come across say it is so complicated to either enable or disable the SSH in Cisco Devices.

 If you simply try to use “no commands” used to enable SSH it will not work. Here is the tip to disable the SSH in either Cisco Router or Cisco Switches.

 Commands used to enable SSH in a Cisco Device

ITKE-AS1(config)#ip domain-name itke.com

ITKE-AS1(config)#crypto key generate rsa general-keys modulus 512

The name for the keys will be: ITKE-AS1.itke.com

 

% The key modulus size is 512 bits

% Generating 512 bit RSA keys, keys will be non-exportable…[OK]

 

ITKE-AS1(config)#

ITKE-AS1(config)#aaa new-model

ITKE-AS1(config)#aaa authentication login default local

ITKE-AS1(config)#aaa authentication exec default local

 

Commands used to disable SSH in a Cisco Device

Do notice if you use the command “no crypto key generate rsa” it will not work rather the device will suggest you to use the ‘crypto key zeroize rsa’ command, amazing isn’t it

ITKE-AS1(config)#no crypto key generate rsa

% Use ‘crypto key zeroize rsa’ to delete signature keys.

 

ITKE-AS1(config)#crypto key zeroize rsa

% All RSA keys will be removed.

% All router certs issued using these keys will

will also be removed.

Do you really want to remove these keys? [yes/no]: yes

ITKE-AS1(config)#

Nov 14 2009   7:13AM GMT

How to configure Secure Copy (SCP) in Cisco Devices?

Posted by: Yasir Irfan
How to configure Secure Copy, How to configure SCP, Secure Copy, SCP, SSH, SSH Protocol, Port 22, encrypted tunnel, IOS transfer, Configuration backup, Cisco IOS 12.0(21)S, Cisco IOS 12.2(25)S, PIX/ASA firewalls 7.1, FWSM 3.1, Cisco Catalyst Switches, Cisco Routers, Cisco PIX/ASA TFPT, FTP, HTTPS, What is Secure Copy (SCP), secure, authenticated, Cisco Systems, Cisco Tips, Cisco Router tips, Cisco Switches tips, Network Tips, Network Technologies and Trends

In my previous post I was talking about the Secure Copy (SCP) what is it?  , now let’s see how to configure Secure Copy (SCP) in a Cisco Router or a Switch.

In order to configure Secure Copy (SCP) in a Cisco Router make sure the SSH is enabled and its working.

Step 1) Lets enable the SSH and AAA features in the Cisco Device

 

ITKE-AS1(config)#ip domain-name itke.com

ITKE-AS1(config)#crypto key generate rsa general-keys modulus 512

The name for the keys will be: ITKE-AS1.itke.com

 

% The key modulus size is 512 bits

% Generating 512 bit RSA keys, keys will be non-exportable…[OK]

 

ITKE-AS1(config)#

ITKE-AS1(config)#aaa new-model

ITKE-AS1(config)#aaa authentication login default local

ITKE-AS1(config)#aaa authentication exec default local

 

Step 2) In order to use the SCP feature to manage configuration we must have at least once user account with enough privilege to access it

ITKE-AS1(config)#

ITKE-AS1(config)#username itke privilege 15 password secret itkeleads

 

Step 3) Now you are ready to enable the SCP server on:

ITKE-AS1(config)#ip scp server enable

 

 

Just by following these 3 simple steps we can enable Secure Copy (SCP) in a Cisco router or a Switch. For any further clarifications you can always have a close look at Cisco’s document on Secure Copy (SCP). 

Nov 9 2009   6:47AM GMT

What is Secure Copy (SCP)?

Posted by: Yasir Irfan
Secure Copy, SCP, SSH, SSH Protocol, Port 22, encrypted tunnel, IOS transfer, Configuration backup, Cisco IOS 12.0(21)S, Cisco IOS 12.2(25)S, PIX/ASA firewalls 7.1, FWSM 3.1, Cisco Catalyst Switches, Cisco Routers, Cisco PIX/ASA TFPT, FTP, HTTPS, What is Secure Copy (SCP), secure, authenticated, Cisco Systems, Cisco Tips, Cisco Router tips, Cisco Switches tips, Network Tips, Network Technologies and Trends

 

We are all aware of the traditional way of transferring IOS files from and to Cisco Catalyst Switches, Cisco Routers and Cisco PIX/ASA firewall devices using TFPT, FTP and lately https. However there is also one more way to copy the IOS files, which is known as Secure Copy (SCP). The Secure Copy (SCP) is a secure and authenticated method of copying a configuration file or transferring an Image files to Cisco Catalyst Switches, Cisco Routers and Cisco PIX/ASA firewall devices.

 

Cisco Systems introduced the Secure Copy (SCP) feature in the following IOS releases

 

Release	Modification
12.2(2)T	This feature was introduced.
12.0(21)S	This feature was integrated into Cisco IOS 12.0(21)S.
12.2(25)S	This feature was integrated into Cisco IOS 12.2(25)S.

PIX/ASA firewalls 7.1 and above, FWSM 3.1 and above.

  

The Secure Copy (SCP) works on SSH protocol on port 22 which is like an encrypted tunnel. This tool is very useful especially to transfer files for upgrades or to perform safe backups.

 

In my next post you will find the commands to configure SCP in a Cisco Router and Switch.

Sep 12 2009   7:34AM GMT

How to capture a text using PuTTY client?

Posted by: Yasir Irfan
PuTTY, Telnet, SSH, Telnet Client, Backup, running config, Startup config, Cisco Router, Cisco Switch, Cisco Tips, Cisco backup

 

PuTTY doesn’t need any introduction as its one of the widely used for remote console utility. PuTTY is an SSH and telnet client.

In day to day operational activities we do telnet or SSH to our Cisco routers or Switches, at times we need to backup a running or startup config or   a Cisco router or a switch or even some times we need to capture the terminal session logs for technical information etc.  This is can be easily done by using the PuTTY client.

I will show you how to capture a text using PuTTY client.

Once you have established a remote session with a Cisco router or a Switch, follow the following steps

 

Step 1: Right Click on the menu bar and select “Change Settings”

 

Step 2: Click logging under the icon Session.

 

Step 3: Then select “All Session Output”.

 

Step 4: Select the location using the browse button and enter the desired file name and click apply.

 

These steps will create the log file in the specified location and it will log everything you did in that particular telnet or SSH session.

Sep 8 2009   9:45AM GMT

Remote Telnet useful tips!

Posted by: Yasir Irfan
Switches, Cisco, Cisco Tips, Cisco 3560, Cisco Learning, Network Troubleshooting, IOS commands, Cisco Routers, reload, Cisco Switch, Cisco Troubleshooting, Router Troubleshooting, Telnet, SSH

 

We all work remotely with Cisco routers and Switches, we often do login to do some configuration changes in the Cisco routers and Switches. What if we configured wrongly in the live Cisco routers and Switches which are located in the remote sites, we don’t enjoy the liberty of resetting the devices unless we have control over the power distribution.

 

In this scenario the “reload” command proves to be very handy and useful. Just before making any changes to the configuration we can use the “reload” command as demonstrated below

 

ITKE-Cisco#reload in ?

Delay before reload (mmm or hhh:mm)

 

ITKE-Cisco#reload in 10

 

System configuration has been modified. Save? [yes/no]: no

Building configuration…

[OK]

Reload scheduled in 10 minutes by yasir on vty0 (10.0.0.5)

Proceed with reload? [confirm]

ITKE-Cisco#

ITKE-Cisco#

 

 

***

*** — SHUTDOWN in 0:05:00 —

***

 

The above demonstrated command will reload the device in 10 minutes. After applying the “reload” command we can proceed with the configuration changes. If things go wrong and we lost connectivity

to the device, then try back after 10 minutes as the device will get reloaded with the original startup-configuration which can helps us to restore the connectivity to the device.

 

Once we are sure about the new configuration and its working properly without any hassles there is always a way  “reload cancel” command is there to cancel the reload.

 

ITKE-Cisco#reload cancel

 

I find this command to be very handy and useful especially when we have to telnet or SSH to remote Cisco router or a Switch.

Jul 27 2009   5:55AM GMT

Reset Cisco 1250 Access Point to factory default settings

Posted by: Yasir Irfan
Cisco Aironet 1250, Access Point, Access Point troubleshooting, factory default settings, Cisco Access Point reset, write erase, Cisco Access Points, Cisco Tips, Cisco Commands, troubleshooting, Network Troubleshooting, web browser interface, Static IP, default settings, Cisco, Cisco Aironet 1250 Access Point, Wireless

 

If you want to reset the Cisco Aironet 1250 Access Point to factory default settings you have to use “Write erase or erase/all nvram” command, these commands resets the Cisco Aironet 1250 Access Point to factory default settings except the static IP Configured. This feature is really helpful if you reset the Cisco Aironet 1250 Access Point accidentally. Still you will have an option to access Cisco Aironet 1250 Access Point  using a web browser interface.

Mindful thinking from Cisco.

 

 

May 24 2009   11:35AM GMT

How to Determine the Serial Number of Supervisor Engine installed in a Cisco Catalyst 6500 Switch

Posted by: Yasir Irfan
Cisco Tips, Cisco Catalyst 6500 Switch, Cisco IOS Commands, Cisco Supervisor Engine, show idprom, Show commands

Imagine you have a Cisco Catalyst 6500 Switch, you were asked to figure out the Serial number for the Supervisor Engine Installed in your Cisco Catalyst 6500 Switch , it can done by using issuing the following command  “show idprom module” as shown in the below example.

 

ITKE-DAC-6500-BB01#show idprom module 7

IDPROM for module #7

  (FRU is ‘Supervisor Engine 720′)

  OEM String = ‘Cisco Systems’

  Product Number = ‘WS-SUP720-3B’

  Serial Number = ‘SAD084608JG’

  Manufacturing Assembly Number = ‘73-9740-01′

  Manufacturing Assembly Revision = ‘A0′

  Hardware Revision = 4.0

  Current supplied (+) or consumed (-) = -4.50A

ITKE-DAC-6500-BB01#

Mar 17 2009   12:28PM GMT

Don’t Panic for ICND 1 Simualtion questions.

Posted by: Yasir Irfan
ICND 1 Simualtion questions, ICND1, CCENT, Show ip interface, Show ip interface brief, CCNA, CCNA Exam, ICND1 Exam, CCENT Exam, Cisco Tips, Routing, IP Address, sho running-config

One of my colleagues went for the ICND 1 (640-822) exam and he failed to pass the exams with a small margin. He got few simulation questions, in which he was suppose the find out the IP address for the router interfaces connected in the topology provided. The show running command was disabled, he was suppose to use alternative IOS commands to determine the IP address assigned to the router interface.

 

In this scenario don’t panic,  the best command to determine the IP address assigned to interface s in any router is “show ip interface brief” or Show ip interfaces. Here is the sample output of these commands

 

ITKE-DAC-3745R01#sho ip interface brief

Interface                     IP-Address      OK? Method Status                Protocol

FastEthernet0/0         10.135.5.21     YES DHCP   up                    up     

FastEthernet0/1         192.168.1.2     YES NVRAM  up                    up     

Tunnel0                       172.31.31.50    YES NVRAM  up                    up     

ITKE-DAC-3745R01#

 

ITKE-DAC-3745R01#show ip interface

FastEthernet0/0 is up, line protocol is up

  Internet address is 10.135.5.21/24

  Broadcast address is 255.255.255.255

  Address determined by DHCP

  MTU is 1500 bytes

  Helper address is not set

  Directed broadcast forwarding is disabled

  Outgoing access list is not set

  Inbound  access list is not set

  Proxy ARP is enabled

  Local Proxy ARP is disabled

  Security level is default

  Split horizon is enabled

  ICMP redirects are always sent

  ICMP unreachables are always sent

  ICMP mask replies are never sent

  IP fast switching is enabled

  IP fast switching on the same interface is disabled

  IP Flow switching is disabled

  IP CEF switching is enabled

  IP CEF Feature Fast switching turbo vector

  IP multicast fast switching is enabled

  IP multicast distributed fast switching is disabled

  IP route-cache flags are Fast, CEF

  Router Discovery is disabled

  IP output packet accounting is disabled

  IP access violation accounting is disabled

  TCP/IP header compression is disabled

  RTP/IP header compression is disabled

  Policy routing is disabled

  Network address translation is disabled

  WCCP Redirect outbound is disabled

  WCCP Redirect inbound is disabled

  WCCP Redirect exclude is disabled

  BGP Policy Mapping is disabled

FastEthernet0/1 is up, line protocol is up

  Internet address is 192.168.1.2/28

  Broadcast address is 255.255.255.255

  Address determined by non-volatile memory

  MTU is 1500 bytes

  Helper address is not set

  Directed broadcast forwarding is disabled

  Multicast reserved groups joined: 224.0.0.5 224.0.0.6

  Outgoing access list is not set

  Inbound  access list is 101

  Proxy ARP is enabled

  Local Proxy ARP is disabled

  Security level is default

  Split horizon is enabled

  ICMP redirects are always sent

  ICMP unreachables are always sent

  ICMP mask replies are never sent

  IP fast switching is enabled

  IP fast switching on the same interface is disabled

  IP Flow switching is enabled

  IP CEF switching is enabled

  IP CEF Flow Fast switching turbo vector

  IP multicast fast switching is enabled

  IP multicast distributed fast switching is disabled

  IP route-cache flags are Fast, Flow, CEF, Flow Cache

  Router Discovery is disabled

  IP output packet accounting is disabled

  IP access violation accounting is disabled

  TCP/IP header compression is disabled

  RTP/IP header compression is disabled

  Policy routing is disabled

  Network address translation is disabled

  WCCP Redirect outbound is disabled

  WCCP Redirect inbound is disabled

  WCCP Redirect exclude is disabled

  BGP Policy Mapping is disabled

Tunnel0 is up, line protocol is up

  Internet address is 172.31.31.50/30

  Broadcast address is 255.255.255.255

  Address determined by non-volatile memory

  MTU is 1476 bytes

  Helper address is not set

  Directed broadcast forwarding is disabled

  Multicast reserved groups joined: 224.0.0.5

  Outgoing access list is not set

  Inbound  access list is not set

  Proxy ARP is enabled

  Local Proxy ARP is disabled

  Security level is default

  Split horizon is enabled

  ICMP redirects are always sent

  ICMP unreachables are always sent

  ICMP mask replies are never sent

  IP fast switching is enabled

  IP fast switching on the same interface is disabled

  IP Flow switching is enabled

  IP CEF switching is enabled

  IP CEF Flow Fast switching turbo vector

  IP multicast fast switching is enabled

  IP multicast distributed fast switching is disabled

  IP route-cache flags are Fast, Flow, CEF, Flow Cache

  Router Discovery is disabled

  IP output packet accounting is disabled

  IP access violation accounting is disabled

  TCP/IP header compression is disabled

  RTP/IP header compression is disabled

  Policy routing is disabled

  Network address translation is disabled

  WCCP Redirect outbound is disabled

  WCCP Redirect inbound is disabled

  WCCP Redirect exclude is disabled

  BGP Policy Mapping is disabled

ITKE-DAC-3745R01#

Feb 18 2009   9:33AM GMT

Cisco Etherchannel Overview and how it can be configured in Cisco Catalyst Switches – Series 9

Posted by: Yasir Irfan
Cisco, Cisco Systems, Cisco Tips, Etherchannel, Etherchannel configuration, Etherchannel restrictions, Switches, Switching, Layer3 EtherChannel Configuration, PAGP EtherChannel Configuration, LACP, Cisco 3560 Catalyst Switch, Cisco online learning module, layer-2-design

Dear Friends

 Here we go,we are coming to the conclusion of the Ether channel series, I my self learned a lot and enjoyed while writing posts. Hope some of you are benifited from this series. Just before concluding this series,  I would stongly recommend you guys to check this wonderful quick learning module from Cisco Systems. which foucses on layer-2-design which might be helpful to you guys.