IOS commands

Sep 8 2009   9:45AM GMT

Remote Telnet useful tips!

Posted by: Yasir Irfan
Switches, Cisco, Cisco Tips, Cisco 3560, Cisco Learning, Network Troubleshooting, IOS commands, Cisco Routers, reload, Cisco Switch, Cisco Troubleshooting, Router Troubleshooting, Telnet, SSH

 

We all work remotely with Cisco routers and Switches, we often do login to do some configuration changes in the Cisco routers and Switches. What if we configured wrongly in the live Cisco routers and Switches which are located in the remote sites, we don’t enjoy the liberty of resetting the devices unless we have control over the power distribution.

 

In this scenario the “reload” command proves to be very handy and useful. Just before making any changes to the configuration we can use the “reload” command as demonstrated below

 

ITKE-Cisco#reload in ?

Delay before reload (mmm or hhh:mm)

 

ITKE-Cisco#reload in 10

 

System configuration has been modified. Save? [yes/no]: no

Building configuration…

[OK]

Reload scheduled in 10 minutes by yasir on vty0 (10.0.0.5)

Proceed with reload? [confirm]

ITKE-Cisco#

ITKE-Cisco#

 

 

***

*** — SHUTDOWN in 0:05:00 —

***

 

The above demonstrated command will reload the device in 10 minutes. After applying the “reload” command we can proceed with the configuration changes. If things go wrong and we lost connectivity

to the device, then try back after 10 minutes as the device will get reloaded with the original startup-configuration which can helps us to restore the connectivity to the device.

 

Once we are sure about the new configuration and its working properly without any hassles there is always a way  “reload cancel” command is there to cancel the reload.

 

ITKE-Cisco#reload cancel

 

I find this command to be very handy and useful especially when we have to telnet or SSH to remote Cisco router or a Switch.

Nov 22 2008   12:56PM GMT

How to configure DHCP Snooping in a Cisco Catalyst Switches.

Posted by: Yasir Irfan
Networking, DHCP, Switches, Cisco, Switching, Routing and Switching, CCNP, Cisco IOS, Cisco 2960, Cisco 2950, HSRP, Cisco 6500, Cisco Tips, Cisco 3560, Cisco Learning, Server Security, Cisco 3750-E, Cisco 3560-E, IOS commands, Cisco Systems, Cisco 6500 Series Catalyst Switch, Cisco 6503, Cisco Catalyst 6503-E Switch, Cisco Catalyst 6506-E Switch, Cisco Catalyst 6509-V-E Switch, Cisco Catalyst 6509-E Switch, Cisco Catalyst 6513 Switch, DHCP Snooping, Configuring DHCP Snooping, 802.1 Q, Trunk Ports

 So here we go, with the configuration of DHCP snooping on a Cisco Switch. This feature protects the network by allowing the Cisco Switches to accept DHCP response message only from the authorized servers connected to the trusted interfaces in a Cisco Switch.

All Switch to  Switch connections are configured as 802.1 1Q Trunk ports.

IP Address and HSRP Details for the Core Switches  From the above scenario we have two Cisco 6513 Series Switches as a Core/ Distribution with three VLANS one for management of Switches VLAN 50,VLAN 100 for all the servers and VLAN 101 for clients. Two Cisco 3560 Series Switches as Server Farm Switches and a Cisco 3560 Series Switch as an Access Switch.There are two DHCP servers with an IP address 10.0.1.100 and 10.0.1.101 connected with Server Farm Switches with HP NIC teaming. We configure DHCP Snooping based on above scenario. 

The first step to configure DHCP Snooping is to turn on DHCP snooping in all Cisco Switches using the “ip dhcp snooping” command. 

All Cisco Switches (config)#ip dhcp snooping  Second step is to configure the trusted interfaces, from the above scenario all trunk ports are configured as trusted ports as well as the interfaces G0/7,(ITKESF01 50.0.0.6),  G0/17,(ITKESF02 50.0.0.7),  G0/9 ITKESF01 50.0.0.6)  and G0/18 ITKESF02 50.0.0.7)  connected to DHCP servers with IP 10.0.1.100 and 10.0.1.101. Lets configure all trunk ports in ITKEBB01 

ITKEBB01(config)#interface range  gigabitEthernet 3/21 - 23

ITKEBB01 (config-if)#ip dhcp snooping trust 

Now let’s configure all trunk ports in ITKEBB02 

ITKEBB02(config)#interface range  gigabitEthernet 3/21 - 23 ITKEBB02 (config-if)#ip dhcp snooping trust 

ITKEBB02 (config)#interface gigabitEthernet 3/16

ITKEBB02 (config-if)#ip dhcp snooping trust 

Now let’s configure the trusted ports for the DHCP servers  

ITKESF01(config)#interface gigabitEthernet 0/7

ITKESF01 (config-if)#ip dhcp snooping trust 

ITKESF01(config)#interface gigabitEthernet 0/17 ITKESF01 (config-if)#ip dhcp snooping trust 

ITKESF02(config)#interface gigabitEthernet 0/9

ITKESF02 (config-if)#ip dhcp snooping trust 

ITKESF02(config)#interface gigabitEthernet 0/18 ITKESF02 (config-if)#ip dhcp snooping trust 

Now let’s configure the trunk ports  Access Switch ITKEAS01 

ITKEAS01(config)#interface range  gigabitEthernet 0/49 - 52

ITKEAS01 (config-if)#ip dhcp snooping trust 

Finally we are going to configure VLANS for DHCP snooping DHCP snooping will used on all the VLANs (VLAN 100 & 101)except management VLAN 50 . Also we will limit the requests rate received in the Access Switch (ITKEAS01)  ALL SWITCHES(config)# ip dhcp snooping VLAN 100,101 

ITKEAS01(config)#interface range  gigabitEthernet 0/1 - 48

ITKEAS01 (config-if)#ip dhcp snooping limit rate 20

Displaying the DHCP snooping  

For further reference please do check this article from Cisco about DHCP snooping.

Oct 12 2008   5:17AM GMT

How to configure SNMPv3 in a Cisco Catalyst Switch – Series 1

Posted by: Yasir Irfan
Security, Switches, Cisco, SNMP, Cisco IOS, Cisco 2950, Cisco 6500, Cisco Tips, Cisco 3560, Cisco 3745, Cisco Learning, Cisco 3560-E, IOS commands, SNMPv3, RFC3410, SNMP Version 3

Configuring SNMP Version 3 in a Cisco Catalyst Switch is bit more complicated compared to SNMP v1 and v2.  But after configuring SNMPv3 you can relax as the SNMPv3 provides more security by adding authentication (username and password) as well as encryption to the protocol.  

What is SNMPv3 ?Simple Network Management Protocol version 3. The specification for this Full Standard protocol is published in RFCs 3410 and 3418. SNMPv3 provides a Full Standard administrative framework (authorization, access control, etc.) and a remote configuration/administration MIB. Also check the SNMPv3 documentation from Cisco Systems. 

How to configure SNMPv3 in a Cisco Catalyst Switch ? 

First we begin with configuration of SNMPv3 on the Cisco Catalyst Switch by creating a SNMP “view”. A “view” defines what information can be accessed by the SNMP user/group when they query the SNMPv3 enabled  Cisco Catalyst Switch.  In the below example we will create “view” called ITKEView. We will enable “system” , “internet” and  “interfaces” SNMP OIDS on the Cisco Catalyst Switch. 

ITKE(config)# snmp-server view ITKEView internet includedITKE(config)# snmp-server view ITKEView system includedITKE(config)# snmp-server view ITKEView interfaces included 

To be continued in next series

Oct 6 2008   7:34AM GMT

Things to be considered before upgrading an IOS in a Cisco 6500 Series Switch with SUP720- Series 3

Posted by: Yasir Irfan
Networking, Switches, Cisco IOS, Cisco 6500, Cisco Tips, Network Troubleshooting, Redundency, IOS commands, IOS Upgrade, Cico 6500 IOS Upgarde, Cisco 6500 Power Supply, Redundent Power Supply

In the second series I  was talking about the Compact flash memory, now let’s proceed further, one more key thing you must consider before starting an IOS upgrade for a Cisco Catalyst 6513 Switch with Supervisor Engine SUP720 is the redundant power supply.  Make sure the Cisco Catalyst 6513 Switch is installed with the redundant power supply and they are connected to two different power sources.  Suppose one power source fails then the other source can take care of the Cisco Catalyst 6513 Switch while the IOS upgrade is going on.

Oct 4 2008   12:21PM GMT

Things to be considered before upgrading an IOS in a Cisco 6500 Series Switch with SUP720- Series 2

Posted by: Yasir Irfan
Networking, Switches, Cisco, Cisco IOS, Cisco 6500, Cisco Tips, IOS commands, IOS Upgrade, Cico 6500 IOS Upgarde

In the first series I was talking about the TFTP severs, now let’s proceed further, one more key thing you must consider before starting an IOS upgrade for a Cisco Catalyst 6513 Switch with Supervisor Engine SUP720 is the Compact flash memory. The Supervisor Engine SUP720 comes with two slots for memory. Recommended part number

MEM-C6K-CPTFL256M

Cat6500 Sup720 Compact Flash Mem 256MB

The Compact flash memory is required in order to avoid any failure IOS file upload through TFTP server. As before uploading the file the current IOS file is deleted from the boot flash memory of the switch. Before starting the IOS upgrade in the  Cisco Catalyst 6513 Switch with Supervisor Engine SUP720 issue a boot command to boot from the flash memory if the Cisco Catalyst 6513 Switch with Supervisor Engine SUP720 fails to boot from the boot flash memory by issuing following command.Note:  the Compact flash memory is inserted in the slot 1 of the Supervisor Engine SUP720.

Sep 24 2008   8:27AM GMT

How to configure intervlan routing between Cisco Catalyst Switches and HP Procurve Switches Series 2

Posted by: Yasir Irfan
Networking, Switches, Cisco, HP Procurve, Cisco Tips, Cisco 3560, Cisco Learning, Cisco 3560-E, Intervlan routing, IP Address, IOS commands, HP switches

In my previous post I did discussed about the how common terminologies are applied by both Cisco & HP, now it’s time  proceed further , in this example we will create two VLANs and make intervlan communication between HP Procurve Switches  and Cisco Catalyst Switches.

 

 

We will create 2 VLANS in both Switches, as shown in the below table

 

Now let’s see what configuration commands required to create a VLAN, and enable intervlan communication between HP Procurve Switches  and Cisco Catalyst Switches.

Sep 22 2008   6:53AM GMT

How to configure intervlan routing between Cisco Catalyst Switches and HP Procurve Switches Series 1.

Posted by: Yasir Irfan
Networking, Switches, Cisco, HP Procurve, Cisco 6500, Cisco Tips, Intervlan routing, IOS commands, HP switches, Trunking

In this series of article you are going to experience how to configure VLAN trunking between HP Procurve Switches  and Cisco Catalyst Switches.

Before proceeding further lest understand the basic terminoly applied by both Cisco and HP for the following things

When it comes to VLANs in Cisco every one thinks of the term TRUKING.

HP applies trunking for ether channel where as in Cisco it applies for VLANs

Let’s compare how both vendors define Trunking

Source:HP

VLAN Terminologies applied by Both Cisco & HP

 

to be continued in next series

Sep 8 2008   8:12AM GMT

How to reset/delete the password & configuraton on a Cisco WS-C350-48-SMI

Posted by: Yasir Irfan
Switches, Cisco, Cisco 2950, HyperTerminal, Cisco Tips, Cisco 3560, Cisco 3750-E, Cisco 3560-E, IOS commands, Password reset

This article describes the procedure for resetting / delete  the  password & current configuration on a Cisco Catalyst WS-C3550-48-SMI.Model: WS-C3550-48-SMI
Warning: This procedure will remove the switch configuration. Be sure to have a backup of you current switch configuration before proceeding.The Cisco WS-C3550-48-SMI Catalyst switch is similar to most Catalyst switches and the procedure for resetting the password is the same.

Step 1: Connect the console cable to the switch and start your terminal program (HyperTerminal/Secure CRT). Console port settings are 9600,8,N,1

Step 2: Hold the MODE button (on the front of the switch) while you power on the switch.

Step 3: Hold the MODE button for a few seconds until you the System light stop flashing.Step 4: At this point, the switch should be in ROMmon mode. Step 5: From ROMmon mode, type: flash_initStep 6: From ROMmon mode, type: delete flash:config.textStep 7: From ROMmon mode, type: boot

At this point the switch will boot as normal with a new configuration and no password.

 

Sep 6 2008   10:40AM GMT

The best way to record the serial number for Cisco Devices for Remote support.

Posted by: Yasir Irfan
Switches, Cisco, Telnet, Cisco 2950, Cisco 6500, Cisco Tips, Cisco 3745, IOS commands

Imagine if you are accesing the remote router and need to figure out the serial number for a router or the Circuit IDs of the serial interface, then you may start looking your docmented data or call the remote technician to help you out in figuring these details. The best and easy way to get these details in matter of seconds is to put the serial number of each device in the Banner MOTD, and the circuit IDs in the serial interface descriptions.

Sep 3 2008   10:13AM GMT

Enhanced Show interfaces commands in a Cisco Routers & Cisco Catalyst Switches.

Posted by: Yasir Irfan
Switches, Routers, Cisco 2950, Cisco 6500, Cisco Tips, Cisco 3745, Show commands, IOS commands

Enhanced Show interfaces commands in a Cisco Routers & Cisco Catalyst Switches.

I was amazed to see many options available with “show interfaces commands which are undocumented, most of these commands are available in IOS release 12.2(44) (may be available with earlier versions, if so do comment).

Some of the undocumented commands are as follows
1) Show interfaces description displays interfaces names, Line and Line protocol status and interface description. Extremely useful to know the status of interfaces which are up or down.
2) Show interfaces counters protocol status displays the L3 protocols active on each interface.
3) Show interfaces summary displays the state of various interface queues and related drop counters in a good tabular format.
4) Show interfaces accounting displays per-protocol in/out counters.

Here are few sample outputs:

Sample Output from Cisco 3745 Router
MBGF-DAC-3745R01#sho interfaces description
Interface                      Status         Protocol Description
Fa0/0                           up             up       WAN connection THru. Bayanat
Fa0/1                            up             up       Connected to LAN
Tu0                                up             up      
MBGF-DAC-3745R01#

Sample output for Cisco 3560 Switch
MBGF-DAC-3560-AS02#sho interfaces description
Interface               Status         Protocol       Description
Vl1                               up             up      
Vl50                            up             up      
Gi0/1                          up             up      
Gi0/2                          up             up      
Gi0/3                          up             up      
Gi0/4                          up             up      
Gi0/5                          up             up      
Gi0/6                          up             up      
Gi0/7                          down           down    
…… 
Gi0/25                         up             up                con2 Khalid
Gi0/26                         down           down    
Gi0/27                         down           down    
Gi0/40                         up             up             CON2-DCAP-50
Gi0/41                         up             up      
Gi0/42                         up             up      
Gi0/43                         up             up  

Gi0/52                         up             up      
MBGF-DAC-3560-AS02#
MBGF-DAC-3745R01#show interfaces counters protocol status
Protocols allocated:
 FastEthernet0/0: Other, IP, DEC MOP, ARP, CDP
 FastEthernet0/1: Other, IP
 Tunnel 0:        Other, IP
 
MBGF-DAC-3560-AS02#sho interfaces counters protocol status
Protocols allocated:
 Vlan1: Other, IP, ARP
 Vlan50: Other, IP, ARP
 GigabitEthernet0/1: Other, IP, Spanning Tree, CDP
 GigabitEthernet0/2: Other, IP, Spanning Tree, CDP
 GigabitEthernet0/3: Other, IP, Spanning Tree, CDP
 GigabitEthernet0/4: Other, IP, Spanning Tree, CDP
 GigabitEthernet0/5: Other, IP, Spanning Tree, CDP
 GigabitEthernet0/6: Other, IP, Spanning Tree, CDP
Allocation failures: 0
MBGF-DAC-3560-AS02#
MBGF-DAC-3745R01#sho interfaces summary

 *: interface is up
 IHQ: pkts in input hold queue     IQD: pkts dropped from input queue
 OHQ: pkts in output hold queue    OQD: pkts dropped from output queue
 RXBS: rx rate (bits/sec)          RXPS: rx rate (pkts/sec)
 TXBS: tx rate (bits/sec)          TXPS: tx rate (pkts/sec)
 TRTL: throttle count

  Interface                    IHQ   IQD  OHQ   OQD  RXBS RXPS  TXBS TXPS TRTL
————————————————————————
* FastEthernet0/0          0     0    0     0 10803000  1233 1511000  873    0
* FastEthernet0/1          0     0    0     0 1379000  876 10614000  1237    0
* Tunnel0                         0     0    0     0 10664000  1233 1414000  873    0
NOTE:No separate counters are maintained for subinterfaces
     Hence Details of subinterface are not shown
MBGF-DAC-3745R01#

MBGF-DAC-3560-AS02#sho interfaces summary

 *: interface is up
 IHQ: pkts in input hold queue     IQD: pkts dropped from input queue
 OHQ: pkts in output hold queue    OQD: pkts dropped from output queue
 RXBS: rx rate (bits/sec)          RXPS: rx rate (pkts/sec)
 TXBS: tx rate (bits/sec)          TXPS: tx rate (pkts/sec)
 TRTL: throttle count

  Interface               IHQ   IQD  OHQ   OQD  RXBS RXPS  TXBS TXPS TRTL
————————————————————————-
* Vlan1                                0     0    0     0     0    0     0    0    0
* Vlan50                             0     0    0     0  1000    2  1000    2    0
* GigabitEthernet0/1       0     0    0 54684     0    0  2000    3    0
* GigabitEthernet0/2       0     0    0 54675     0    0  3000    3    0
* GigabitEthernet0/3       0     0    0 54675     0    0  2000    3    0
* GigabitEthernet0/4       0     0    0 54688     0    0  2000    3    0
* GigabitEthernet0/5       0     0    0 54664     0    0  2000    3    0
* GigabitEthernet0/6       0     0    0 54663     0    0  2000    3    0
………
  GigabitEthernet0/46      0     0    0   274     0    0     0    0    0
* GigabitEthernet0/47      0     0    0  5036     0    0  2000    3    0
* GigabitEthernet0/48      0     0    0 16702     0    0  3000    3    0
* GigabitEthernet0/49      0     0    0     0 10000   18     0    0    0
 * GigabitEthernet0/52      3     0    0     0 389000  208 1652000  223    0
MBGF-DAC-3560-AS02#

MBGF-DAC-3745R01#show interfaces accounting
FastEthernet0/0 WAN connection THru. Bayanat
                Protocol    Pkts In   Chars In   Pkts Out  Chars Out
                   Other          0          0      78271    4696260
                      IP  228129752  604147266  238404086 3496449051
                 DEC MOP          0          0       1304     100408
                     ARP      61201    3672060        230      13800
FastEthernet0/1 Connected to LAN
                Protocol    Pkts In   Chars In   Pkts Out  Chars Out
                   Other      13048    5206152      78271    4696260
                      IP  239500045 3032167184  230865599 2990242469
                 DEC MOP          0          0       1304     100408
                     ARP      97797    5867820      75355    4521300
Tunnel0
                Protocol    Pkts In   Chars In   Pkts Out  Chars Out
                      IP  228294310 1722638248  238403420  156253505
MBGF-DAC-3745R01#