Archive

Posts Tagged ‘Useful commands’

Cisco diff – compare configurations

January 31, 2014 4 comments

Just a quick post to show how one can compared what is in the startup-configuration
compared to the running-configuration or to compare to different configurations
stored on flash on Cisco devices.

The device boots up with the startup-configuration. Then we add some commands to
the running-configuration but we do not save them.

R1(config)#int f0/0
R1(config-if)#ip add 192.168.0.1 255.255.255.0
R1(config-if)#no shut
R1(config-if)#description link to Datacenter
R1(config-if)#ip route 192.168.2.0 255.255.255.0 192.168.0.2

Then the show archive command is used to show what’s different between the two versions.

R1#show archive config differences
Contextual Config Diffs:
interface FastEthernet0/0
 +no ip address
 +shutdown
interface FastEthernet0/0
 -description link to Datacenter
 -ip address 192.168.0.1 255.255.255.0
-ip route 192.168.2.0 255.255.255.0 192.168.0.2

Commands with a + sign in front of it are present in the startup-configuration but
not in the running-configuration. If there is a – sign then they are present in the
running-configuration but not in startup-configuration.

It is also possible to compare a file stored in NVRAM to the running-configuration.

R1#dir flash:
Directory of flash:/

    1  -rw-         967                      config.old

16777212 bytes total (16776180 bytes free)

R1(config)#int f0/1
R1(config-if)#ip add 10.0.0.1 255.255.255.0
R1(config-if)#no shut
R1(config-if)#description to Firewall
R1#show archive config differences system:running-config flash:config.old
Contextual Config Diffs:
interface FastEthernet0/1
 +no ip address
 +shutdown
interface FastEthernet0/1
 -description to Firewall
 -ip address 10.0.0.1 255.255.255.0

Just a little tool that may be helpful to see what is different between versions. It
could be used for such things as editing an ACL by uploading a file to the device.
Then do a diff between the files to see what is changing in the ACL.

OSPF Vol1 finished

November 7, 2011 4 comments

Finished OSPF Vol1 tonight. I should know pretty much everything about OSPF by now. Here are some advice that I think is good when handling OSPF.

show ip ospf data self-originate – Will show what LSAs the local router is generating

show ip ospf data summary 150.3.0.0 adv-router 150.8.4.4 – Will show the Type3 inter-area summary as advertised by the router 150.8.4.4 (Router-ID)

show ip ospf border-routers – Shows the cost of reaching ABR and ASBR, a nice shortcut for finding the forward metric when you are looking at external routes. You can find this out yourself by checking costs of the links to reach the advertising router but this is a nice shortcut.

show ip ospf data | be Type-7 – Will start the OSPF database output for the NSSA external prefixes, change Type to whatever you want to look at.

These are some of my favourites, what commands do you use yourselves? Post in comments.

Categories: CCIE, OSPF, Routing Tags: , , ,

INE TS Vol4 – two labs done

August 18, 2011 Leave a comment

Did some of these TS labs this week. They are very challenging but they are designed by Petr Lapukhov so they should be… I found these to be more difficult than the ASET TS labs. From what I’ve heard from Petr these labs are not specifically designed to help you do the TS at the lab but more of a learning tool to become very proficient in TS. If you can solve these tasks my guess is that the TS at the lab should not be that difficult except that the lab topology is much larger.

While doing one of the tasks I learned a new cool command from the solution guide, debug ip packet detail dump. The dump at the end is a hidden command and will show the contents of the packet. This can be useful when troubleshooting authentication if the key is in plain text. Newer versions of IOS seem to show the key in log messages but it could still be handy. This is how we use it.

As you can see, I do all of my labs with PuTTY to be comfortable with it on the exam.

Some comments after doing Vol3 lab 7

August 3, 2011 3 comments

Just did this lab earlier today and wanted to post some stuff that might help people. I’ve posted earlier on how to quickly find out IP-addresses and masks with different commands. I played around a little more today and this is another one that works nicely.

RSRack1R3#sh ip int | i Internet_address|FastEth|Serial|Loop|Vlan
FastEthernet0/0 is up, line protocol is up
Internet address is 144.1.34.3/24
FastEthernet0/1 is up, line protocol is up
Internet address is 204.12.1.3/24
Serial1/0 is administratively down, line protocol is down
Serial1/1 is administratively down, line protocol is down
Serial1/2 is administratively down, line protocol is down
Serial1/3 is administratively down, line protocol is down
Loopback0 is up, line protocol is up
Internet address is 150.1.3.3/24

And then we have an OSPF command that I don’t use often enough.

RSRack1R1#sho ip ospf border-routers
OSPF Process 1 internal Routing Table
Codes: i – Intra-area route, I – Inter-area route
i 150.1.5.5 [64] via 144.1.15.5, Serial0/0.105, ASBR, Area 0, SPF 10
I 192.10.1.254 [3] via 144.1.17.7, FastEthernet0/0, ASBR, Area 0, SPF 10
i 150.1.10.10 [65] via 144.1.15.5, Serial0/0.105, ABR, Area 0, SPF 10
i 150.1.2.2 [1001] via 144.1.17.7, FastEthernet0/0, ASBR, Area 1, SPF 15
i 150.1.7.7 [1] via 144.1.17.7, FastEthernet0/0, ABR, Area 0, SPF 10
i 150.1.7.7 [1] via 144.1.17.7, FastEthernet0/0, ABR, Area 1, SPF 15
i 150.1.8.8 [2] via 144.1.17.7, FastEthernet0/0, ABR, Area 0, SPF 10
i 150.1.8.8 [2] via 144.1.17.7, FastEthernet0/0, ABR, Area 1, SPF 15
i 150.1.4.4 [128] via 144.1.15.5, Serial0/0.105, ABR/ASBR, Area 0, SPF 10

This commands shows the cost to reach the ABRs/ASBRs. This cost can be calculated manually but this way is faster for sure.

Useful commands for CCIE lab exam

July 27, 2011 7 comments

Was chatting with Darren at Darren’s CCIE mission yesterday. We started to discuss some of the commands we frequently used to check IP addresses etc. He thought I should do a post on it and here it is.

This first one I stumbled upon when I was going to type show ip prot but accidentally typed show ip port which turned out to be a good thing. This command show port mappings for different protocols used by IOS. If we get a task on lab to do filtering and can’t remember the port this can be really useful.

As you can see we can do an include to match on a port number or a protocol name.

The next command is one of the commands I use the most, show ip int brief | ex una. This will list all interfaces that have an IP address configured.

This is good but it will not tell us the netmask. If we have a troubleshooting task it is nice to check what IP’s are configured and if the correct netmask is used. Wit the next command we can check the netmask. Show ip int | i Internet.

If I want to verify reachability quickly I need to list all IP address configured on the devices. I use the show ip aliases command to do this. I paste the command in including a line feed on all devices and then hold alt down while I mark all the adresses.

I then put these addresses in a simple TCP script like below:

tclsh
foreach ip {
1.1.1.1
2.2.2.2
3.3.3.3
} { ping $ip}

This post should give you some tips on how to quickly discover IP addresses configured.

What can my interface do? – Show interface capabilities

August 29, 2010 Leave a comment

Want an easy way to find out what speeds your interface supports? Or what encapsulation it supports? Then show interface capabilites is the command you want. Lets look at an sample output:

Switch#sh int gi0/1 capabilities
GigabitEthernet0/1
Model: WS-C3560X-24
Type: 10/100/1000BaseTX
Speed: 10,100,1000,auto
Duplex: half,full,auto
Trunk encap. type: 802.1Q,ISL
Trunk mode: on,off,desirable,nonegotiate
Channel: yes
Broadcast suppression: percentage(0-100)
Flowcontrol: rx-(off,on,desired),tx-(none)
Fast Start: yes
QoS scheduling: rx-(not configurable on per port basis),
tx-(4q3t) (3t: Two configurable values and one fixed.)
CoS rewrite: yes
ToS rewrite: yes
UDLD: yes
Inline power: no
SPAN: source/destination
PortSecure: yes
Dot1x: yes

This shows that the port is gigabit capable (gigabitethernet kind of gives that away) but it shows that speed can be set to 10, 100 or 1000. Some gigabit ports are fixed speed. It has support for both 802.1Q and ISL, Ciscos proprietary trunking method. The port supports storm-control, it supports rewriting CoS and ToS headers, we have four egress queues for QoS with three thresholds and two of them are configurable. We can use SPAN and the port can be a source or a destination. We also have support for 802.1X. So this command gives us a brief and concise output of all features the interface supports. I will post some other useful commands later on as well.