Networking-Blog

(No tags)

by admin

Setting up NetFlow Lite on the 2960x Switch

Step 1: create a flow record

flow record flows
match datalink mac source address input
match datalink mac destination address input
match ipv4 tos
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
collect transport tcp flags
collect interface input
collect flow sampler
collect counter bytes long
collect counter packets long
collect timestamp sys-uptime first
collect timestamp sys-uptime last
!
!
!

Step 2: create a flow exporter

flow exporter export-to-inside
description flexible NF v9
destination 172.24.21.58
source Vlan98
transport udp 9996
template data timeout 60
!
!lets export some cool option templates
option interface-table
option exporter-stats
option sampler-table
!
!
!

Step 3: create a flow monitor

flow monitor nftest
record flows
exporter export-to-inside
cache timeout active 60
statistics packet protocol
!
!

Step 4 : Define a sampler :

sampler my-random-sampler
mode random 1 out-of 100
!
!

Step 5: Apply the flow monitor ‘nftest’ to each interface with the defined
sampler ‘my-random-sampler input” is for ingress

interface GigabitEthernet1/0/47
ip flow monitor nftest sampler my-random-sampler input
!
interface GigabitEthernet1/0/48
ip flow monitor nftest sampler my-random-sampler input
.
.
Diagnostics :

show flow exporter
show flow exporter export-to-inside statistics

Flow Exporter export-to-inside:
Packet send statistics (last cleared 00:13:03 ago):
Successfully sent: 0 (0 bytes)
Enqueued to process level: 18 (13924 bytes)

Client send statistics:
Client: Option options interface-table
Records added: 112
– sent: 112
Bytes added: 11200
– sent: 11200

Client: Option options exporter-statistics
Records added: 2
– sent: 2
Bytes added: 56
– sent: 56

Client: Option options sampler-table
Records added: 2
– sent: 2
Bytes added: 94
– sent: 94

Client: Flow Monitor nftest
Records added: 10
– sent: 10
Bytes added: 590
– sent: 590

January 19, 2017 10:12 am

(No tags)

by admin

CISCO UPGRADE IOS VIA USB :

If Switch is in recovery mode :

Stick USB into Switch with the required IOS loaded. Run the command “boot”, this will look for a
compatible IOS withing the USB and intall it.

Now continue with the update process of both the stack switches. Displaying Available File Systems :

To display the available file systems on your switch, use the show file systems privileged EXEC
command as shown in this example for a standalone switch:

Switch# show file system

File Systems:
          Size(b)            Free(b)          Type         Flags        =Prefixes
* 8238202880   8052273152      disk            rw        disk0: flash:
   31440470016 31296831488    disk            rw        disk1:
               –                        –               network      rw        tftp:
            –                         –               opaque       rw         system:
            –                         –               network     ro          http:
            –                         –               network     ro          https:
            –                         –               network     rw         scp:
            –                         –               network     rw         ftp:
            –                         –               network     wo        cluster:
            –                         –               stub            ro         cluster_trace:
            –                         –               network     rw        smb:

Under 2nd line “31440470016 31296831488 disk rw disk1:”
if it say’s “Unknown“, this means the USB pen drive inserted is uncompatible or not formatted
to fat32 partition”.

To see the contents within the USB pen inserted into Cisco hardware :

CAW-DC1-AS1-1#dir usbflash1:
Directory of usbflash1:/

1 drw- 0 Aug 14 2014 08:07:38 +00:00 PUTTYCM
8 drw- 0 Feb 9 2015 11:03:34 +00:00 Cisco IOS
10 -rw- 18229248 Feb 9 2015 10:31:08 +00:00 c2960x-universalk9-mz.150-2.EX5.bin
Now let’s copy the IOS from USB over to FLASH0:

copy usbflash01:c2960x-universalk9-mz.150-2.EX5.bin flash1:
Destination filename [c2960x-universalk9-mz.150-2.EX5.bin]?
Copy in progress…CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
CCCCCCCCCCCCCCCC
18229248 bytes copied in 271.291 secs (67194 bytes/sec)
Check to see if IOS is copied from USB to Flash1:

CAW-DC1-AS1-1#show flash1:
1953775K bytes of USB Flash usbflash0 (Read/Write)

Directory of flash:/

2 -rwx 3096 Feb 6 2015 16:17:54 +00:00 multiple-fs
3 -rwx 1516 Feb 6 2015 15:04:43 +00:00 vlan.dat
4 -rwx 8126 Feb 6 2015 16:17:54 +00:00 config.text
647 -rwx 18229248 Feb 9 2015 11:17:35 +00:00 c2960x-universalk9-mz.150-2.EX5.bin
5 -rwx 3830 Feb 6 2015 16:17:54 +00:00 private-config.text
6 drwx 512 Jan 12 2014 10:28:44 +00:00 c2960x-universalk9-mz.150-2.EX4
645 drwx 512 Jan 12 2014 10:28:46 +00:00 dc_profile_dir

Check IOS in Flash2:

CAW-DC1-AS1-1#show flash2:
1953775K bytes of USB Flash usbflash0 (Read/Write)

Directory of flash2:/

2 -rwx 1048 Feb 14 2014 15:10:10 +00:00 multiple-fs
3 -rwx 1516 Feb 6 2015 15:04:51 +00:00 vlan.dat
4 -rwx 2733 Feb 5 2015 14:42:47 +00:00 express_setup.debug
5 -rwx 5594 Feb 5 2015 14:49:28 +00:00 config.text.old
6 -rwx 8126 Feb 6 2015 16:17:54 +00:00 config.text
7 -rwx 3830 Feb 6 2015 16:17:54 +00:00 private-config.text
649 -rwx 8126 Feb 6 2015 15:04:58 +00:00 config.text.backup
8 drwx 512 Jan 12 2014 14:04:25 +00:00 c2960x-universalk9-mz.150-2.EX4
647 drwx 512 Jan 12 2014 14:04:26 +00:00 dc_profile_dir
650 -rwx 3830 Feb 6 2015 15:04:59 +00:00 private-config.text.backup

no IOS c2960x-universalk9-mz.150-2.EX5.bin found on Flash2:

This will copy IOS from USB over to Flash1: which is stack 1 on the 2960x.

Repeat the steps for Flash2: on stack 2 from the same console session.

copy usbflash01:c2960x-universalk9-mz.150-2.EX5.bin flash2:

Destination filename [c2960x-universalk9-mz.150-2.EX5.bin]?
Copy in progress…CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
CCCCCCCCCCCCCCCC
18229248 bytes copied in 326.135 secs (55895 bytes/sec)

CAW-DC1-AS1-1#show flash2:
1953775K bytes of USB Flash usbflash0 (Read/Write)

Directory of flash2:/

2 -rwx 1048 Feb 14 2014 15:10:10 +00:00 multiple-fs
3 -rwx 1516 Feb 6 2015 15:04:51 +00:00 vlan.dat
4 -rwx 2733 Feb 5 2015 14:42:47 +00:00 express_setup.debug
5 -rwx 5594 Feb 5 2015 14:49:28 +00:00 config.text.old
6 -rwx 8126 Feb 6 2015 16:17:54 +00:00 config.text
7 -rwx 3830 Feb 6 2015 16:17:54 +00:00 private-config.text
649 -rwx 8126 Feb 6 2015 15:04:58 +00:00 config.text.backup
8 drwx 512 Jan 12 2014 14:04:25 +00:00 c2960x-universalk9-mz.150-2.EX4
647 drwx 512 Jan 12 2014 14:04:26 +00:00 dc_profile_dir
650 -rwx 3830 Feb 6 2015 15:04:59 +00:00 private-config.text.backup
651 -rwx 18229248 Feb 9 2015 11:43:25 +00:00 c2960x-universalk9-mz.150-2.EX5.bin

Finally we need to tell the Switches to boot the new loaded IOS :

config t
boot system c2960x-universalk9-mz.150-2.EX5.bin

or

#boot system switch all flash1:c2960x-universalk9-mz.150-2.EX5.bin

Reload the Primary and Secondary Stacks.

This completes this exercise.

January 9, 2017 2:40 pm

(No tags)

by admin

Cisco Changing media type – RJ45 – SFP

I’ve a trunk connection between two 6509 made with a RJ45 connector in the second port of the 720 supervisor. Now, I’ve the SFP connector. I’ve plugged one in the first port and it’s working, but in the second is different. When I try to change the media-type from RJ45 to SFP a message appears: “Please unbundle first.” and I can’t change it.

What’s the problem? why is it not possible to do it?

Resolution :

The trunk port is part of an EtherChannel. Shut the port down, remove the EtherChannel configuration from the port and then change it.

Command to change media type under interface :

media-type rj45
or
media-type sfp

September 14, 2016 1:56 pm

(No tags)

by admin

Cisco – Stack Switch Cable Diagnostics

show switch stack-ports summary

Switch#/ Stack Neighbor Cable Link Link Sync # In
Port# Port Length OK Active OK Changes Loopback
Status To LinkOK
——– —— ——– ——– —- —— —- ——— ——–
1/1 OK 2 50 cm Yes Yes Yes 2 No
1/2 OK 2 50 cm Yes Yes Yes 2 No
2/1 OK 2 50 cm Yes Yes Yes 1 No
2/2 OK 2 50 cm Yes Yes Yes 1 No

Cable Testing : Use the test cable-diagnostics tdr privileged EXEC command on the switch stack or on a standalone switch to run the Time Domain Reflector (TDR) feature on an interface :

BTW – show cable-diagnostics tdr int Gi4/0/14 is very cool…

Interface Speed Local pair Pair length Remote pair Pair status
——— —– ———- —————— ———– ——————–
Gi4/0/14 1000M Pair A 79 +/- 0 meters Pair B Normal
Pair B 75 +/- 0 meters Pair A Normal
Pair C 77 +/- 0 meters Pair D Normal
Pair D 79 +/- 0 meters Pair C Normal

show cable-diagnostics tdr – Displays the TDR results

This example shows how to run TDR on an interface:

Switch# test cable-diagnostics tdr interface gigabitethernet1/0/2

TDR test started on interface Gi1/0/2

A TDR test can take a few seconds to run on an interface

Use ‘show cable-diagnostics tdr‘ to read the TDR results

February 7, 2014 1:53 pm

Tags: 3750, diag, stack, switch

by admin

CISCO – STACK SWITCH 3750 BASIC COMMANDS

Reviewing How the Stack Master is Rebooted or Disconnected :

A new stack master is elected when you:

•Power off, disconnect, or reboot the current stack master.

•Power on all switches in a new stack at the same time.

•Reboot all switches after you manually change the stack member priorities by using the CLI.

•Connect a powered-on stack to another powered-on stack merging two separate stacks merge into one.

These rules determine switch priority:

1. You can manually set the switch priority when stack master election or re-election occurs. You can set a priority of 1 to 15; 15 is the highest priority.
This command sets switch 1 to priority 15, and it will be the stack master when you reload the stack if no other switches are also set to priority 15:

Stack(config)# switch 1 priority 15

You can then assign a lower priority to the remaining switches in the stack, or they can remain at default.

To display information related to the stack member or the switch stack, enter the show switch user EXEC command:

Stack# show switch

Switch/Stack Mac Address : 0064.40b0.7580
H/W Current
Switch# Role Mac Address Priority Version State

———————————————————-
*1 Master 0064.40b0.7580 15 0 Ready
2 Member 0064.40a3.c480 1 0 Ready

This example shows a mixed stack of Catalyst 3750-E switches. All switches in a stack should be running the same Cisco IOS version.

Use the archive download-sw privileged EXEC command to simultaneously update the Cisco IOS image in all switches.
Reboot the upgraded switch to load and run the compatible Cisco IOS version:

Stack# reload slot 3

Enter the show switch stack-ring speed user EXEC command to see the StackWise bandwidth:

This Example shows a Catalyst 3750 stack with a complete StackWise ring.

Stack Ring Speed : 32G
Stack Ring Configuration: Full
Stack Ring Protocol : StackWise

This Example shows a Catalyst 3750 stack with an incomplete complete ring.

Stack Ring Speed : 16G
Stack Ring Configuration: Half
Stack Ring Protocol : StackWise

Use the show switch detail user EXEC command to see the status of all StackWise interfaces in the stack. The switches in this example are all active stack members, but the ring is incomplete:

show switch detail

Switch/Stack Mac Address : 0064.40b0.7580
H/W Current
Switch# Role Mac Address Priority Version State
———————————————————-
*1 Master 0064.40b0.7580 15 0 Ready
2 Member 0064.40a3.c480 1 0 Ready

Stack Port Status Neighbors
Switch# Port 1 Port 2 Port 1 Port 2
——————————————————–
1 Ok Ok 2 2
2 Ok Ok 1 1

show switch stack-ports summary

Switch#/ Stack Neighbor Cable Link Link Sync # In
Port# Port Length OK Active OK Changes Loopback
Status To LinkOK
——– —— ——– ——– —- —— —- ——— ——–
1/1 OK 2 50 cm Yes Yes Yes 2 No
1/2 OK 2 50 cm Yes Yes Yes 2 No
2/1 OK 1 50 cm Yes Yes Yes 1 No
2/2 OK 1 50 cm Yes Yes Yes 1 No

Cable Testing :

BTW – show cable-diagnostics tdr int Gi4/0/14 is very cool…

Interface Speed Local pair Pair length Remote pair Pair status
——— —– ———- —————— ———– ——————–
Gi4/0/14 1000M Pair A 79 +/- 0 meters Pair B Normal
Pair B 75 +/- 0 meters Pair A Normal
Pair C 77 +/- 0 meters Pair D Normal
Pair D 79 +/- 0 meters Pair C Normal

February 7, 2014 12:30 pm

Tags: 3750, switch

by admin

ASA – Group Object

Create a Object-Group icmp-type ICMP traffic :

object-group icmp-type INBOUND
description Permit necessary inbound ICMP traffic
icmp-object echo
icmp-object echo-reply
icmp-object unreachable
icmp-object time-exceeded

Create a Object-Group service for TCP traffic :

object-group service INBOUND tcp
description Inbound Access
port-object eq 3389
port-object range 9998 9999

January 8, 2011 9:02 pm

BGP, CheckPoint, Cisco ASA, Cisco MPLS, Cisco Routers, Cisco Switch, FireBrick, FireWalls, Hot Standby, HP, IpTables, Linux, Microsoft, Routing Protocol, VM, xrio, Zyxel Router

Tags: asa, icmp object group, object group, tcp object group

by admin

ADSL2 v ADSL2+

There’s a common misconception that ADSL2+ is faster than ADSL2 on any line.
That’s not really the case. In simple terms,

ADSL2+ utilises twice the frequency range available on your phone line that ADSL2 does.
This again, in simple terms means twice as fast BUT that is only seen on short low attenuation lines.

If your line is only capable of supporting 7meg on ADSL2 then it’s only capable of supporting 7meg on ADSL2+
as it can only usually allow the use of the same frequencies for both (see below).

However, if you’re lucky enough to have a line that can support higher frequencies then you get up to :

12meg on ADSL2 (the maximum possible)
but up to
24meg on ADSL2+.

The cross over between ADSL2 and ADSL2+ is therefore in the 10-12 meg range (typically 35-40db if the line is relatively noise free).

It can give faster speeds but usually only on short lines as explained above.
The only time that wouldn’t be true is for a moderately short line
(that offered some higher frequencies above those usable by ADSL2)
that had induced noise at the lower frequencies and was clean at higher frequencies,
in which case ADSL2+ would possibly be better as it could use those higher frequencies.

There is also the possibility that a network uses equipment whose firmware works better in
certain conditions with specific ADSL modes hence why it is mentioned G.DMT sometimes being
better for problem lines.

January 8, 2011 5:36 pm

BGP, CheckPoint, Cisco ASA, Cisco MPLS, Cisco Routers, Cisco Switch, FireBrick, FireWalls, Hot Standby, HP, IpTables, Linux, Microsoft, Routing Protocol, VM, xrio, Zyxel Router

Tags: adsl2, dsl

by admin

Cisco: 1841 – 3G Configuration

This configuration example is for use with a 3G WIC card within a Cisco based
Router.

This was configured with a Vodafone Network.

Initialization

Place the SIM card into it, then insert the card in the router and power it on.

Create a Profile specific to your mobile ISP

Insert the APN told by your ISP (Vodafone UK: ‘Internet’ username: ‘web’ password: ‘web’)
Insert the authentication method (chap or pap) and the credentials, also supplied from your ISP

Below is an example of a Vodafone UK Cellar Profilule.
Router# cellular 0/0/0 gsm profile create 1 Internet chap web web

From the profile you’ve just created, you can review it using command

router# sh cellular 0 profile

Profile Information
====================
Profile 1 = ACTIVE
--------
PDP Type = IPv4
PDP address = 192.168.1.1
Access Point Name (APN) = Internet
Authentication = PAP
Username: web, Password: web 

* - Default profile

Configuration

You need to define a chat script first, which is used for modem setup and call
initialization. If you are familiar with IOS dial configurations, you feel at home.
Please note that the last number in the dial string (1 in the example below) refers
to the modem profile number you hopefully have defined earlier.

! your chat script
chat-script vodafone “” “ATDT*98*1#” TIMEOUT 60 CONNECT

! the bare interface config
! subcommands at the Cellular interface

interface Cellular0/0/0
ip address negotiated
ip virtual-reassembly
encapsulation ppp
dialer in-band
dialer idle-timeout 0
dialer string vodafone
dialer-group 1
async mode interactive
ppp chap hostname web
ppp chap password 0 web
ppp ipcp dns request

!

ip route 0.0.0.0 0.0.0.0 Cellular0
dialer-list 1 protocol ip permit

! this is the async line assigned to the 3G modem
you need to specify your chat script here

line 0/0/0
script dialer vodaphone
no exec
rxspeed 3600000
txspeed 384000

If cellular int does not get an ip address, might need to go into
config t and add this line even thou we see it above :

line 0/0/0
script dialer vodaphone

!
!

show command:

Just in case you need it for troubleshooting, here are the show commands to use.

show cellular 0 network
show cellular 0 hardware
show cellular 0 connection
show cellular 0 radio
show cellular 0 profile
show cellular 0 security
show cellular 0 all Debug commands :
debug chat Rather than reloading the router to restart the module, you can
actually using CLI to reset or reboot the module :

debug chat

router(config)# service internal
router(config)# exit
router# test cellular 0 modem-power-cycle ! for rebooting
router# test cellular 0 modem-reset ! for resetting

debug commands :

debug chat
debug modem
debug dialer events
debug ppp authentication
Remember to create the Cellular Profile, after tftp config to router :
cellular 0/0/0 gsm profile create 1 Internet chap web web
This is the bare configuration, you will need to add NAT, firewalls etc etc.

January 6, 2011 5:54 pm

BGP, CheckPoint, Cisco ASA, Cisco MPLS, Cisco Routers, Cisco Switch, FireBrick, FireWalls, Hot Standby, HP, IpTables, Linux, Microsoft, Routing Protocol, VM, xrio, Zyxel Router

Tags: 3g, 3g 1841, cisco 1841

by admin

Linux Video Driver Version Command

Video Driver Version Command

dmesg | grep NVIDIA
sudo lspci -vvnn | grep 10de

What I did from the command line is to find the packages for nvidia

(dpkg -l | grep nvidia)
and then
apt-get remove nvidia-173

(or whatever package you get from the previous command).

The problem is that you will still have the nvidia modues listed in xorg.conf.
So, I also mv /etc/X11/xorg.conf /etc/X11/xorg.conf_backup
and rebooted.

I landed in a graphical mode as usual, without the nvidia GL stuff,
but then there are graphical tools to set it up.

At this state, it’s safe to delete the xorg.conf backup you just created.

####################
Whenever I try to start my computer from kernel version 3 (it boots fine with 2.6) Kubuntu stops booting
altogether.

11.10 stops booting at “Checking battery state … [OK]”

I had to reinstall my graphics drivers.

sudo apt-get install --reinstall nvidia-173

January 2, 2011 1:04 pm

BGP, CheckPoint, Cisco ASA, Cisco MPLS, Cisco Routers, Cisco Switch, FireBrick, FireWalls, Hot Standby, HP, IpTables, Linux, Microsoft, Routing Protocol, VM, xrio, Zyxel Router