Archive

Archive for the ‘Useful commands’ Category

Cisco diff – compare configurations

January 31, 2014 4 comments

Just a quick post to show how one can compared what is in the startup-configuration
compared to the running-configuration or to compare to different configurations
stored on flash on Cisco devices.

The device boots up with the startup-configuration. Then we add some commands to
the running-configuration but we do not save them.

R1(config)#int f0/0
R1(config-if)#ip add 192.168.0.1 255.255.255.0
R1(config-if)#no shut
R1(config-if)#description link to Datacenter
R1(config-if)#ip route 192.168.2.0 255.255.255.0 192.168.0.2

Then the show archive command is used to show what’s different between the two versions.

R1#show archive config differences
Contextual Config Diffs:
interface FastEthernet0/0
 +no ip address
 +shutdown
interface FastEthernet0/0
 -description link to Datacenter
 -ip address 192.168.0.1 255.255.255.0
-ip route 192.168.2.0 255.255.255.0 192.168.0.2

Commands with a + sign in front of it are present in the startup-configuration but
not in the running-configuration. If there is a – sign then they are present in the
running-configuration but not in startup-configuration.

It is also possible to compare a file stored in NVRAM to the running-configuration.

R1#dir flash:
Directory of flash:/

    1  -rw-         967                      config.old

16777212 bytes total (16776180 bytes free)

R1(config)#int f0/1
R1(config-if)#ip add 10.0.0.1 255.255.255.0
R1(config-if)#no shut
R1(config-if)#description to Firewall
R1#show archive config differences system:running-config flash:config.old
Contextual Config Diffs:
interface FastEthernet0/1
 +no ip address
 +shutdown
interface FastEthernet0/1
 -description to Firewall
 -ip address 10.0.0.1 255.255.255.0

Just a little tool that may be helpful to see what is different between versions. It
could be used for such things as editing an ACL by uploading a file to the device.
Then do a diff between the files to see what is changing in the ACL.

Advertisements

INE TS Vol4 – two labs done

August 18, 2011 Leave a comment

Did some of these TS labs this week. They are very challenging but they are designed by Petr Lapukhov so they should be… I found these to be more difficult than the ASET TS labs. From what I’ve heard from Petr these labs are not specifically designed to help you do the TS at the lab but more of a learning tool to become very proficient in TS. If you can solve these tasks my guess is that the TS at the lab should not be that difficult except that the lab topology is much larger.

While doing one of the tasks I learned a new cool command from the solution guide, debug ip packet detail dump. The dump at the end is a hidden command and will show the contents of the packet. This can be useful when troubleshooting authentication if the key is in plain text. Newer versions of IOS seem to show the key in log messages but it could still be handy. This is how we use it.

As you can see, I do all of my labs with PuTTY to be comfortable with it on the exam.

Some comments after doing Vol3 lab 7

August 3, 2011 3 comments

Just did this lab earlier today and wanted to post some stuff that might help people. I’ve posted earlier on how to quickly find out IP-addresses and masks with different commands. I played around a little more today and this is another one that works nicely.

RSRack1R3#sh ip int | i Internet_address|FastEth|Serial|Loop|Vlan
FastEthernet0/0 is up, line protocol is up
Internet address is 144.1.34.3/24
FastEthernet0/1 is up, line protocol is up
Internet address is 204.12.1.3/24
Serial1/0 is administratively down, line protocol is down
Serial1/1 is administratively down, line protocol is down
Serial1/2 is administratively down, line protocol is down
Serial1/3 is administratively down, line protocol is down
Loopback0 is up, line protocol is up
Internet address is 150.1.3.3/24

And then we have an OSPF command that I don’t use often enough.

RSRack1R1#sho ip ospf border-routers
OSPF Process 1 internal Routing Table
Codes: i – Intra-area route, I – Inter-area route
i 150.1.5.5 [64] via 144.1.15.5, Serial0/0.105, ASBR, Area 0, SPF 10
I 192.10.1.254 [3] via 144.1.17.7, FastEthernet0/0, ASBR, Area 0, SPF 10
i 150.1.10.10 [65] via 144.1.15.5, Serial0/0.105, ABR, Area 0, SPF 10
i 150.1.2.2 [1001] via 144.1.17.7, FastEthernet0/0, ASBR, Area 1, SPF 15
i 150.1.7.7 [1] via 144.1.17.7, FastEthernet0/0, ABR, Area 0, SPF 10
i 150.1.7.7 [1] via 144.1.17.7, FastEthernet0/0, ABR, Area 1, SPF 15
i 150.1.8.8 [2] via 144.1.17.7, FastEthernet0/0, ABR, Area 0, SPF 10
i 150.1.8.8 [2] via 144.1.17.7, FastEthernet0/0, ABR, Area 1, SPF 15
i 150.1.4.4 [128] via 144.1.15.5, Serial0/0.105, ABR/ASBR, Area 0, SPF 10

This commands shows the cost to reach the ABRs/ASBRs. This cost can be calculated manually but this way is faster for sure.

Useful commands for CCIE lab exam

July 27, 2011 7 comments

Was chatting with Darren at Darren’s CCIE mission yesterday. We started to discuss some of the commands we frequently used to check IP addresses etc. He thought I should do a post on it and here it is.

This first one I stumbled upon when I was going to type show ip prot but accidentally typed show ip port which turned out to be a good thing. This command show port mappings for different protocols used by IOS. If we get a task on lab to do filtering and can’t remember the port this can be really useful.

As you can see we can do an include to match on a port number or a protocol name.

The next command is one of the commands I use the most, show ip int brief | ex una. This will list all interfaces that have an IP address configured.

This is good but it will not tell us the netmask. If we have a troubleshooting task it is nice to check what IP’s are configured and if the correct netmask is used. Wit the next command we can check the netmask. Show ip int | i Internet.

If I want to verify reachability quickly I need to list all IP address configured on the devices. I use the show ip aliases command to do this. I paste the command in including a line feed on all devices and then hold alt down while I mark all the adresses.

I then put these addresses in a simple TCP script like below:

tclsh
foreach ip {
1.1.1.1
2.2.2.2
3.3.3.3
} { ping $ip}

This post should give you some tips on how to quickly discover IP addresses configured.

Transport preferred none

May 18, 2011 Leave a comment

Have you ever mistyped a command and the router thinks you want to telnet
another device? Sure you have and so have I. The most common solution is
to turn off name lookups.

no ip domain-lookup

This will tell the router to not use DNS for looking up names and will
speed up the failing of the command. However if you need to have DNS
enabled we can’t use this solution and there is a cleaner way of doing
it.

line vty 0 4
transport preferred none

By default telnet is the preferred protocol and when mistyping the router
will try to telnet the “name” you typed. If we set it to none the router
won’t try to telnet when mistyping and you can have DNS enabled which is
the best of two worlds. If you want to telnet to another device you have
to type telnet 1.1.1.1 instead of just 1.1.1.1 but that is a small price
to pay.

Categories: Useful commands

Debug condition – conditional debugging

February 28, 2011 3 comments

Sometimes we have a need for debugging and Cisco has a lot of options for debugging, this is one of the things why I definately prefer Cisco to HP or other network vendors.

I did some vol2 labbing yesterday and had a need to debug OSPF packets to verify that an adjacency was being form over unicast and not multicast. Sounds easy but when running labs with many neighbors there can be a lot of packets flowing and we might miss some important information when debugging. If we are debugging IP packets we can specify an ACL to narrow down the selection but I am not aware of such an option when debugging routing protocols, at least not for the IGP’s. What I found out is that there is an option for settings conditions on what to debug. This is how we do it.

Rack8R2#debug condition ?
application Application
called called number
calling calling
card card
glbp interface group
interface interface
ip IP address
mac-address MAC address
match-list apply the match-list
standby interface group
username username
vcid VC ID
vlan vlan
voice-port voice-port number
xconnect Xconnect conditional debugging on segment pair

So we have some different options we can used, the two most obvious are ip and interface. I will show how to debug OSPF packets coming in or out a specific interface, this will narrow down traffic a lot if we have multiple neighbors.

Rack8R2#debug condition interface serial 0/1
Condition 1 set

Only traffic coming in or out Serial 0/1 will be debugged. Use show debug condition to see what conditions has been set.

Rack8R2#show debug condition
Condition 1: interface Se0/1 (1 flags triggered)
Flags: Se0/1

Lets debug OSPF packets.

Rack8R2#debug ip ospf packet
OSPF packet debugging is on
Rack8R2#
*Mar 1 00:14:44.523: OSPF: rcv. v:2 t:1 l:48 rid:150.8.3.3
aid:0.0.0.0 chk:BB84 aut:0 auk: from Serial0/1
Rack8R2#
*Mar 1 00:14:53.987: OSPF: rcv. v:2 t:1 l:48 rid:150.8.3.3
aid:0.0.0.0 chk:BB84 aut:0 auk: from Serial0/1
Rack8R2#
*Mar 1 00:15:03.859: OSPF: rcv. v:2 t:1 l:48 rid:150.8.3.3
aid:0.0.0.0 chk:BB84 aut:0 auk: from Serial0/1

So this is a very handy command to use when the need for debugging arises. As every CCIE candidate we should avoid using Google to find this information and you can find the document describing this feature by going to Cisco.com -> Configure -> Products -> Cisco IOS and NX-OS Software -> Cisco IOS -> Cisco IOS Software Release 12.4 Family -> Cisco IOS Software Releases 12.4T -> Reference Guides -> Command References -> Debug

The direct URL is here.

Categories: CCIE, Useful commands Tags: ,

What can my interface do? – Show interface capabilities

August 29, 2010 Leave a comment

Want an easy way to find out what speeds your interface supports? Or what encapsulation it supports? Then show interface capabilites is the command you want. Lets look at an sample output:

Switch#sh int gi0/1 capabilities
GigabitEthernet0/1
Model: WS-C3560X-24
Type: 10/100/1000BaseTX
Speed: 10,100,1000,auto
Duplex: half,full,auto
Trunk encap. type: 802.1Q,ISL
Trunk mode: on,off,desirable,nonegotiate
Channel: yes
Broadcast suppression: percentage(0-100)
Flowcontrol: rx-(off,on,desired),tx-(none)
Fast Start: yes
QoS scheduling: rx-(not configurable on per port basis),
tx-(4q3t) (3t: Two configurable values and one fixed.)
CoS rewrite: yes
ToS rewrite: yes
UDLD: yes
Inline power: no
SPAN: source/destination
PortSecure: yes
Dot1x: yes

This shows that the port is gigabit capable (gigabitethernet kind of gives that away) but it shows that speed can be set to 10, 100 or 1000. Some gigabit ports are fixed speed. It has support for both 802.1Q and ISL, Ciscos proprietary trunking method. The port supports storm-control, it supports rewriting CoS and ToS headers, we have four egress queues for QoS with three thresholds and two of them are configurable. We can use SPAN and the port can be a source or a destination. We also have support for 802.1X. So this command gives us a brief and concise output of all features the interface supports. I will post some other useful commands later on as well.