dokucama

User Tools

Site Tools

Trace: openstack
network_stuff:cisco:ios

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
network_stuff:cisco:ios [2021/07/26 16:42] jotasandokunetwork_stuff:cisco:ios [2024/10/02 11:48] (current) jotasandoku
Line 31: Line 31:
  
 ---- ----
-**COPY FILES FROM AND TO NIX BOX**+__**IOS NEW HARDWARE SETUP INITIAL CONFIGURATION**__\\ 
 +  - If this is a used device, remove the configuration and the vlan database 
 +    - write erase ; reload **without saving the configuration** 
 +    - delete flash:vlan.dat  # note that default location is flash: 
 +    - reload again 
 +  - Add IP in the mgmt interface. Normally g0/0 
 +    - Add a static route in mgmt interface. It needs to be in the mgmt vrf 
 +  - enable ssh: 
 +    - crypto key generate rsa modulus 1024 
 +    - ip ssh version 2 ; time-out 60 ; authentication-retries 2 
 +    - do not add any aaa configuration as yet 
 +    - Add the device to TACACS server (eg: to cisco ISE via the GUI) 
 + 
 +---- 
 + 
 +__**COPY FILES FROM AND TO LINUX BOX**__\\ 
 +** scp needs to be enabled in the switch. Also in some cases this aaa needs to be in for authentication ** 
 +\\ 
 +Regarding TFTP, remember that it uses udp-69 just for the initial message but then it uses 64001 through 65000 as ports are specific per each session (both in src and dst). 
 + 
 +  aaa new-model 
 +  aaa authentication login default local 
 +  aaa authorization exec default local if-authenticated 
 +\\
   (IOS)#copy scp://sfuller@192.168.11.100//app/tftpboot/poap.py flash:   (IOS)#copy scp://sfuller@192.168.11.100//app/tftpboot/poap.py flash:
   (IOS)#cd ? ! To show available file systems   (IOS)#cd ? ! To show available file systems
   (IOS)#delete flash:<file> ! To delete a file in flash   (IOS)#delete flash:<file> ! To delete a file in flash
-  CP02-N5K-SW01#  copy  scp://10.50.254.204/var/tmp/n5000-uk9.7.0.3.N1.1.bin bootflash:+  LINUX#  copy  scp://10.50.254.204/var/tmp/n5000-uk9.7.0.3.N1.1.bin bootflash: 
 +   
 \\ \\
   (linux)# scp test1 netrobot@10.8.90.21:flash:/test  ! be sure router is scp server !!   (linux)# scp test1 netrobot@10.8.90.21:flash:/test  ! be sure router is scp server !!
Line 57: Line 82:
   show line   show line
   clear line <n>   clear line <n>
 +  control-shift-6 then x ! disconnects session
  
  
Line 63: Line 89:
 **SOFTWARE UPGRADES:** **SOFTWARE UPGRADES:**
 \\ \\
-ASA: [[http://evilrouters.net/2012/02/15/how-to-upgrade-cisco-asa-software-and-asdm/]]+__ASA UPGRADES__: [[http://evilrouters.net/2012/02/15/how-to-upgrade-cisco-asa-software-and-asdm/]]
 \\ \\
 ASA: Apply lincense: ASA: Apply lincense:
Line 76: Line 102:
   show run brief | s crypto|isakmp|access-list   show run brief | s crypto|isakmp|access-list
 \\ \\
-\\+__IOS (ios-xe) UPGRADE__: [[https://www.cisco.com/c/en/us/support/docs/switches/catalyst-3850-series-switches/117552-technote-cat3850-00.html|External Link]]\ 
 + 
 +Old way: upload the image and change the boot command 
 +  boot system switch all flash:c3750-ipbasek9-mz-122-55.SE1.bin 
 +   
 +New way: 
 +  software install file flash:cat3k_caa-universalk9.SPA.03.03.01.SE.150-1.EZ1.bin 
 + 
 +---- 
 + 
 AAA RADIUS TACACS+ \\ AAA RADIUS TACACS+ \\
 To verify AAA authentication: To verify AAA authentication:
Line 346: Line 382:
 Netflow status: Netflow status:
   show platform hardware capacity netflow   show platform hardware capacity netflow
 +  show mls sampling
 +  show ip flow export # To see see Netflow packets being exported from router
 +  show mls nde # Netflow Data Export
 +  show mls netflow table-contention summary # To see if there is excessive Netflow CAM Utilization (and potential buffer overflows)
 +
      
 \\ \\
Line 355: Line 396:
   show ip cef <interface>    ! To see routes pointing to a certain interface   show ip cef <interface>    ! To see routes pointing to a certain interface
   show ip cef exact-route <src> <dst>   show ip cef exact-route <src> <dst>
 +  show ip cef 10.1.93.0/24 internal    ! This shows the hash packets when the route has more than one equal cost path
 [[http://packetlife.net/blog/2011/may/27/show-ip-cef/]] \\ [[http://packetlife.net/blog/2011/may/27/show-ip-cef/]] \\
   * receive: for connected IP subnets for the base address of the IP subnet and for the local IP address in the IP subnet.   * receive: for connected IP subnets for the base address of the IP subnet and for the local IP address in the IP subnet.
Line 383: Line 425:
  
 \\ \\
-**TERMINAL SERVER**\\# 
-Disconnect session: 
-  control-shift-6 then x  
- 
  
 ---- ----
Line 438: Line 476:
   for host in $(seq --format='cc%02.0f' 01 17); do ssh $host "/sbin/ip link show|egrep '(em|eth|bond)[0-9]:' | cut -d: -f 2"| xargs -n 1 ssh $host ip link set mtu 9000 dev ; done   for host in $(seq --format='cc%02.0f' 01 17); do ssh $host "/sbin/ip link show|egrep '(em|eth|bond)[0-9]:' | cut -d: -f 2"| xargs -n 1 ssh $host ip link set mtu 9000 dev ; done
 **__TEMPLATE__** **__TEMPLATE__**
-  for host in $(seq --format='sw-e%02.0f' 12 20); do sshh jaime_santos@"$host".dc.grapeshot.co.uk "sh config | match 401"; done+  for host in $(seq --format='sw-e%02.0f' 12 20); do sshh jaime_santos@"$host".dc.mycompany1.co.uk "sh config | match 401"; done
 To send a bunch of commands (e.g.: edit, configuration and commit, contained in a file called 'commands'): To send a bunch of commands (e.g.: edit, configuration and commit, contained in a file called 'commands'):
-  for host in $(seq --format='sw-e%02.0f' 12 20); do cat commands | sshh jaime_santos@"$host".dc.grapeshot.co.uk ; done+  for host in $(seq --format='sw-e%02.0f' 12 20); do cat commands | sshh jaime_santos@"$host".dc.mycompany1.co.uk ; done
 \\ \\
 PIPE NOT AVAILABLE \\ PIPE NOT AVAILABLE \\
Line 447: Line 485:
 \\ \\
 Extract current IPs in dns server Extract current IPs in dns server
-  ssh root@marrow "egrep "10.8.8" /var/named/db.dc.grapeshot.co.uk | awk '{print $4}' | grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}' | sort -n -t . -k 1,1 -k 2,2 -k 3,3 -k 4,4 | uniq" +  ssh root@marrow "egrep "10.8.8" /var/named/db.dc.mycompany1.co.uk | awk '{print $4}' | grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}' | sort -n -t . -k 1,1 -k 2,2 -k 3,3 -k 4,4 | uniq" 
-  ssh root@marrow "egrep "10.8.8" /var/named/db.dc.grapeshot.co.uk | awk '{print $1}'  | egrep -v ";" | egrep -v '\$' | egrep -v mgt | sed -e 's/$/.dc.grapeshot.co.uk/'+  ssh root@marrow "egrep "10.8.8" /var/named/db.dc.mycompany1.co.uk | awk '{print $1}'  | egrep -v ";" | egrep -v '\$' | egrep -v mgt | sed -e 's/$/.dc.mycompany1.co.uk/'
  
 \\ \\
Line 508: Line 546:
  
  
 +----
 +**CABLE TESTING**:\\
 +  test cable-diagnostics tdr interface  ! it resets the state machine for that interface
 +  show cable-diagnostics  tdr interface  gigabitEthernet 1/0/1
 +
 +
 +----
 +==== CISCO DNAC AND NDO ==== 
 +( CATALYST CENTER AND NEXUS DASHBOARD ORCHESTRATOR )
 +
 +  * You cannot run Catalyst Centre (DNAC) and NDO on the same VM/ Appliance.
 +  * Cisco have DNAC/ NDO appliances which are built on UCS platforms but sold as appliances (bundled h/w s/w).
 +=== DNAC platform support===
 +  * DNAC offers flexible deployment options. It can be deployed on a hardware appliance or as a virtual appliance, on either VMware ESXi or AWS.
 +  * DNAC can be run as 1 node 3 or 5 node clusters – base level is 1 node for **lifecycle and assurance** (recommend 3+nodes for fabric deployments) [[https://www.cisco.com/c/en/us/products/collateral/cloud-systems-management/dna-center/nb-06-dna-center-data-sheet-cte-en.html|External Link]]
 +=== NDO platform support ===
 +  * NDO Cisco Nexus Dashboard portfolio comprises physical, virtual, and cloud form factors also – base level is 1 to 3 nodes (up to 9 in a cluster)
 +  * [[https://www.cisco.com/c/en/us/products/collateral/data-center-analytics/nexus-dashboard/datasheet-c78-744371.html|External Link]] – details NDO features and platform options (appliance, Vmware, KVM, AWS, Azzure)
 +  * [[https://www.cisco.com/c/dam/en/us/td/docs/dcn/tools/nd-sizing/index.html|External Link]]Cisco Nexus Dashboard Capacity Planning – details appliances required for deployment
 +  * NOTE: Onboarding standalone switches is supported only on 3-node physical clusters.  Virtual Nexus Dashboard clusters, 1-node physical clusters, and 6-node clusters do not support this use case. See Nexus Dashboard [[https://www.cisco.com/c/en/us/td/docs/dcn/ndi/6x/release-notes/dcnm/cisco-ndi-ndfc-release-notes-641.html|External Link]]
network_stuff/cisco/ios.1627317741.txt.gz · Last modified: (external edit)

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki