dokucama

User Tools

Site Tools

Trace:
network_stuff:cisco:ios

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
network_stuff:cisco:ios [2021/07/26 16:42] jotasandokunetwork_stuff:cisco:ios [2024/10/02 11:48] (current) jotasandoku
Line 31: Line 31:
  
 ---- ----
-**COPY FILES FROM AND TO NIX BOX**+__**IOS NEW HARDWARE SETUP INITIAL CONFIGURATION**__\\ 
 +  - If this is a used device, remove the configuration and the vlan database 
 +    - write erase ; reload **without saving the configuration** 
 +    - delete flash:vlan.dat  # note that default location is flash: 
 +    - reload again 
 +  - Add IP in the mgmt interface. Normally g0/0 
 +    - Add a static route in mgmt interface. It needs to be in the mgmt vrf 
 +  - enable ssh: 
 +    - crypto key generate rsa modulus 1024 
 +    - ip ssh version 2 ; time-out 60 ; authentication-retries 2 
 +    - do not add any aaa configuration as yet 
 +    - Add the device to TACACS server (eg: to cisco ISE via the GUI) 
 + 
 +---- 
 + 
 +__**COPY FILES FROM AND TO LINUX BOX**__\\ 
 +** scp needs to be enabled in the switch. Also in some cases this aaa needs to be in for authentication ** 
 +\\ 
 +Regarding TFTP, remember that it uses udp-69 just for the initial message but then it uses 64001 through 65000 as ports are specific per each session (both in src and dst). 
 + 
 +  aaa new-model 
 +  aaa authentication login default local 
 +  aaa authorization exec default local if-authenticated 
 +\\
   (IOS)#copy scp://sfuller@192.168.11.100//app/tftpboot/poap.py flash:   (IOS)#copy scp://sfuller@192.168.11.100//app/tftpboot/poap.py flash:
   (IOS)#cd ? ! To show available file systems   (IOS)#cd ? ! To show available file systems
   (IOS)#delete flash:<file> ! To delete a file in flash   (IOS)#delete flash:<file> ! To delete a file in flash
-  CP02-N5K-SW01#  copy  scp://10.50.254.204/var/tmp/n5000-uk9.7.0.3.N1.1.bin bootflash:+  LINUX#  copy  scp://10.50.254.204/var/tmp/n5000-uk9.7.0.3.N1.1.bin bootflash: 
 +   
 \\ \\
   (linux)# scp test1 netrobot@10.8.90.21:flash:/test  ! be sure router is scp server !!   (linux)# scp test1 netrobot@10.8.90.21:flash:/test  ! be sure router is scp server !!
Line 57: Line 82:
   show line   show line
   clear line <n>   clear line <n>
 +  control-shift-6 then x ! disconnects session
  
  
Line 63: Line 89:
 **SOFTWARE UPGRADES:** **SOFTWARE UPGRADES:**
 \\ \\
-ASA: [[http://evilrouters.net/2012/02/15/how-to-upgrade-cisco-asa-software-and-asdm/]]+__ASA UPGRADES__: [[http://evilrouters.net/2012/02/15/how-to-upgrade-cisco-asa-software-and-asdm/]]
 \\ \\
 ASA: Apply lincense: ASA: Apply lincense:
Line 76: Line 102:
   show run brief | s crypto|isakmp|access-list   show run brief | s crypto|isakmp|access-list
 \\ \\
-\\+__IOS (ios-xe) UPGRADE__: [[https://www.cisco.com/c/en/us/support/docs/switches/catalyst-3850-series-switches/117552-technote-cat3850-00.html|External Link]]\ 
 + 
 +Old way: upload the image and change the boot command 
 +  boot system switch all flash:c3750-ipbasek9-mz-122-55.SE1.bin 
 +   
 +New way: 
 +  software install file flash:cat3k_caa-universalk9.SPA.03.03.01.SE.150-1.EZ1.bin 
 + 
 +---- 
 + 
 AAA RADIUS TACACS+ \\ AAA RADIUS TACACS+ \\
 To verify AAA authentication: To verify AAA authentication:
Line 278: Line 314:
 A useful analogy is: Catalyst VSS is like juniper VC. VSS operates on a unified control plane with a distributed forwarding architecture in which the active supervisor (or switch) is responsible for actively participating with the rest of the network and for managing and maintaining control plane information. A useful analogy is: Catalyst VSS is like juniper VC. VSS operates on a unified control plane with a distributed forwarding architecture in which the active supervisor (or switch) is responsible for actively participating with the rest of the network and for managing and maintaining control plane information.
 \\ \\
-[[http://networkphil.com/2016/01/18/short-and-sweet-cisco-vss/?utm_content=bufferd7644&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer]]\\ +  * [[http://networkphil.com/2016/01/18/short-and-sweet-cisco-vss/?utm_content=bufferd7644&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer]]\\ 
-[[http://www.cisco.com/c/en/us/support/docs/switches/catalyst-6500-series-switches/117564-technote-issu-00.html]]+  [[http://www.cisco.com/c/en/us/support/docs/switches/catalyst-6500-series-switches/117564-technote-issu-00.html]]
 \\ \\
  
Line 346: Line 382:
 Netflow status: Netflow status:
   show platform hardware capacity netflow   show platform hardware capacity netflow
 +  show mls sampling
 +  show ip flow export # To see see Netflow packets being exported from router
 +  show mls nde # Netflow Data Export
 +  show mls netflow table-contention summary # To see if there is excessive Netflow CAM Utilization (and potential buffer overflows)
 +
      
 \\ \\
Line 355: Line 396:
   show ip cef <interface>    ! To see routes pointing to a certain interface   show ip cef <interface>    ! To see routes pointing to a certain interface
   show ip cef exact-route <src> <dst>   show ip cef exact-route <src> <dst>
 +  show ip cef 10.1.93.0/24 internal    ! This shows the hash packets when the route has more than one equal cost path
 [[http://packetlife.net/blog/2011/may/27/show-ip-cef/]] \\ [[http://packetlife.net/blog/2011/may/27/show-ip-cef/]] \\
   * receive: for connected IP subnets for the base address of the IP subnet and for the local IP address in the IP subnet.   * receive: for connected IP subnets for the base address of the IP subnet and for the local IP address in the IP subnet.
Line 383: Line 425:
  
 \\ \\
-**TERMINAL SERVER**\\# 
-Disconnect session: 
-  control-shift-6 then x  
- 
  
 ---- ----
Line 438: Line 476:
   for host in $(seq --format='cc%02.0f' 01 17); do ssh $host "/sbin/ip link show|egrep '(em|eth|bond)[0-9]:' | cut -d: -f 2"| xargs -n 1 ssh $host ip link set mtu 9000 dev ; done   for host in $(seq --format='cc%02.0f' 01 17); do ssh $host "/sbin/ip link show|egrep '(em|eth|bond)[0-9]:' | cut -d: -f 2"| xargs -n 1 ssh $host ip link set mtu 9000 dev ; done
 **__TEMPLATE__** **__TEMPLATE__**
-  for host in $(seq --format='sw-e%02.0f' 12 20); do sshh jaime_santos@"$host".dc.grapeshot.co.uk "sh config | match 401"; done+  for host in $(seq --format='sw-e%02.0f' 12 20); do sshh jaime_santos@"$host".dc.mycompany1.co.uk "sh config | match 401"; done
 To send a bunch of commands (e.g.: edit, configuration and commit, contained in a file called 'commands'): To send a bunch of commands (e.g.: edit, configuration and commit, contained in a file called 'commands'):
-  for host in $(seq --format='sw-e%02.0f' 12 20); do cat commands | sshh jaime_santos@"$host".dc.grapeshot.co.uk ; done+  for host in $(seq --format='sw-e%02.0f' 12 20); do cat commands | sshh jaime_santos@"$host".dc.mycompany1.co.uk ; done
 \\ \\
 PIPE NOT AVAILABLE \\ PIPE NOT AVAILABLE \\
Line 447: Line 485:
 \\ \\
 Extract current IPs in dns server Extract current IPs in dns server
-  ssh root@marrow "egrep "10.8.8" /var/named/db.dc.grapeshot.co.uk | awk '{print $4}' | grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}' | sort -n -t . -k 1,1 -k 2,2 -k 3,3 -k 4,4 | uniq" +  ssh root@marrow "egrep "10.8.8" /var/named/db.dc.mycompany1.co.uk | awk '{print $4}' | grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}' | sort -n -t . -k 1,1 -k 2,2 -k 3,3 -k 4,4 | uniq" 
-  ssh root@marrow "egrep "10.8.8" /var/named/db.dc.grapeshot.co.uk | awk '{print $1}'  | egrep -v ";" | egrep -v '\$' | egrep -v mgt | sed -e 's/$/.dc.grapeshot.co.uk/'+  ssh root@marrow "egrep "10.8.8" /var/named/db.dc.mycompany1.co.uk | awk '{print $1}'  | egrep -v ";" | egrep -v '\$' | egrep -v mgt | sed -e 's/$/.dc.mycompany1.co.uk/'
  
 \\ \\
Line 508: Line 546:
  
  
 +----
 +**CABLE TESTING**:\\
 +  test cable-diagnostics tdr interface  ! it resets the state machine for that interface
 +  show cable-diagnostics  tdr interface  gigabitEthernet 1/0/1
 +
 +
 +----
 +==== CISCO DNAC AND NDO ==== 
 +( CATALYST CENTER AND NEXUS DASHBOARD ORCHESTRATOR )
 +
 +  * You cannot run Catalyst Centre (DNAC) and NDO on the same VM/ Appliance.
 +  * Cisco have DNAC/ NDO appliances which are built on UCS platforms but sold as appliances (bundled h/w s/w).
 +=== DNAC platform support===
 +  * DNAC offers flexible deployment options. It can be deployed on a hardware appliance or as a virtual appliance, on either VMware ESXi or AWS.
 +  * DNAC can be run as 1 node 3 or 5 node clusters – base level is 1 node for **lifecycle and assurance** (recommend 3+nodes for fabric deployments) [[https://www.cisco.com/c/en/us/products/collateral/cloud-systems-management/dna-center/nb-06-dna-center-data-sheet-cte-en.html|External Link]]
 +=== NDO platform support ===
 +  * NDO Cisco Nexus Dashboard portfolio comprises physical, virtual, and cloud form factors also – base level is 1 to 3 nodes (up to 9 in a cluster)
 +  * [[https://www.cisco.com/c/en/us/products/collateral/data-center-analytics/nexus-dashboard/datasheet-c78-744371.html|External Link]] – details NDO features and platform options (appliance, Vmware, KVM, AWS, Azzure)
 +  * [[https://www.cisco.com/c/dam/en/us/td/docs/dcn/tools/nd-sizing/index.html|External Link]]Cisco Nexus Dashboard Capacity Planning – details appliances required for deployment
 +  * NOTE: Onboarding standalone switches is supported only on 3-node physical clusters.  Virtual Nexus Dashboard clusters, 1-node physical clusters, and 6-node clusters do not support this use case. See Nexus Dashboard [[https://www.cisco.com/c/en/us/td/docs/dcn/ndi/6x/release-notes/dcnm/cisco-ndi-ndfc-release-notes-641.html|External Link]]
network_stuff/cisco/ios.1627317722.txt.gz · Last modified: (external edit)

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki