Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
cisco:pastebin [2008/02/10 01:28] 193.77.56.193 |
cisco:pastebin [2014/05/17 13:18] (current) 79.24.101.124 [Slow ADSL with 12.4 IOS version?!] |
||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== Cisco random pastebin :) ====== | ||
+ | |||
+ | ===== See open ports ===== | ||
+ | |||
R1# show control-plane host open-ports | R1# show control-plane host open-ports | ||
| | ||
Line 14: | Line 18: | ||
* This show command does not display non-TCP/UDP servers (OSPF, EIGRP, RSVP) or even some UDP-based services (RIP). | * This show command does not display non-TCP/UDP servers (OSPF, EIGRP, RSVP) or even some UDP-based services (RIP). | ||
+ | ===== Policy QoS ===== | ||
---- | ---- | ||
Line 23: | Line 28: | ||
| | ||
+ | ---- | ||
+ | **Why are you receiving significantly more than 5Mbps inbound on interface f0/0 from the device with the MAC address of 1111.2222.3333? | ||
+ | |||
+ | Answer: Rate-limit command is wrong. | ||
+ | |||
+ | | ||
+ | | ||
+ | ! | ||
+ | | ||
+ | |||
+ | | ||
+ | | ||
+ | Input | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | last packet: 2557168ms ago, current burst: 0 bytes | ||
+ | last cleared 00:01:43 ago, conformed 0 bps, exceeded 0 bps | ||
+ | |||
+ | ---- | ||
+ | |||
+ | |||
+ | ===== Alias ===== | ||
+ | |||
+ | To display IP addresses assigned to router' | ||
+ | |||
+ | Here is a sample printout: | ||
+ | |||
+ | < | ||
+ | C1#show ip int brief | excl unassigned | ||
+ | Interface | ||
+ | FastEthernet0/ | ||
+ | Serial1/ | ||
+ | Loopback0 | ||
+ | Tunnel0 | ||
+ | </ | ||
+ | |||
+ | You could define an alias to create a new IOS command generating this printout, for example, **'' | ||
+ | |||
+ | **List of useful aliases** | ||
+ | < | ||
+ | alias exec ifconfig show ip interface brief | exclude unassigned | ||
+ | alias exec sofn show ip ospf neighbor | ||
+ | alias exec proc show processes cpu | exclude 0.00%__0.00%__0.00% | ||
+ | </ | ||
+ | |||
+ | and some more | ||
+ | |||
+ | < | ||
+ | alias exec siib sh ip int brief | ||
+ | alias exec srint sh run int | ||
+ | alias exec srb sh run | begin | ||
+ | alias exec srs sh run | sec | ||
+ | alias exec sri sh run | incl | ||
+ | alias exec sia sh ip access-list | ||
+ | </ | ||
+ | |||
+ | < | ||
+ | alias configure ping do ping | ||
+ | alias configure sh do sh | ||
+ | alias configure siib do siib | ||
+ | alias configure srint do srint | ||
+ | alias configure srb do srb | ||
+ | alias configure sri do sri | ||
+ | alias configure sia do sia | ||
+ | |||
+ | alias interface ping do ping | ||
+ | alias interface sh do sh | ||
+ | alias interface siib do siib | ||
+ | alias interface srint do srint | ||
+ | alias interface srb do srb | ||
+ | alias interface sri do sri | ||
+ | alias interface sia do sia | ||
+ | |||
+ | alias subinterface ping do ping | ||
+ | alias subinterface sh do sh | ||
+ | alias subinterface siib do siib | ||
+ | alias subinterface srint do srint | ||
+ | alias subinterface srb do srb | ||
+ | alias subinterface sri do sri | ||
+ | |||
+ | alias subinterface sia do sia | ||
+ | </ | ||
+ | |||
+ | < | ||
+ | alias exec s show run | ||
+ | alias exec c config t | ||
+ | alias exec srs show run | section | ||
+ | alias exec srb show run | begin | ||
+ | alias exec si show run interface | ||
+ | alias exec sri show run | include | ||
+ | alias exec siib show ip interface brief | exclude admin | ||
+ | alias exec sib show ip bgp | ||
+ | alias exec sir show ip route | ||
+ | alias exec sirp show ip route vrf PURPLE | ||
+ | alias exec sibp show ip bgp vpnv4 vrf PURPLE | ||
+ | alias exec pp ping vrf PURPLE | ||
+ | alias exec zp show policy-map type inspect zone-pair | ||
+ | alias exec sci show crypto ipsec | ||
+ | alias exec sck show crypto isakmp | ||
+ | alias exec cci clear crypto sa | ||
+ | alias exec cck clear crypto isakmp | ||
+ | alias exec sio show ip ospf | ||
+ | alias exec sie show ip eigrp | ||
+ | </ | ||
+ | |||
+ | ===== A basic script for handling ACLs of your Cisco Catalyst ===== | ||
+ | A handy script //( [[http:// | ||
+ | |||
+ | <code perl|f cisco-acl.pl> | ||
+ | #! / | ||
+ | # Note: in Debian/ | ||
+ | # to be installed on your system. | ||
+ | |||
+ | use Net:: | ||
+ | use File:: | ||
+ | |||
+ | my $host = ' | ||
+ | my $hostname = ' | ||
+ | my $username = ' | ||
+ | my $passwd = ' | ||
+ | my $enable = ' | ||
+ | my $aclname = $ARGV[0]; | ||
+ | my $filepath = dirname($0)."/" | ||
+ | my $logfile = '/ | ||
+ | |||
+ | sub Usage { | ||
+ | print " | ||
+ | exit 1; | ||
+ | } | ||
+ | |||
+ | if ( scalar @ARGV != 1) | ||
+ | { | ||
+ | print "Wrong number of arguments!\n"; | ||
+ | & | ||
+ | } | ||
+ | |||
+ | if ( ! -e $filepath ) | ||
+ | { | ||
+ | print "File " . $filepath . " does not exist\n"; | ||
+ | & | ||
+ | } | ||
+ | |||
+ | open(ACL, $filepath) || die(" | ||
+ | @file = < | ||
+ | |||
+ | $session = Net:: | ||
+ | | ||
+ | | ||
+ | $session-> | ||
+ | $session-> | ||
+ | |||
+ | $session-> | ||
+ | $session-> | ||
+ | $session-> | ||
+ | $session-> | ||
+ | foreach $line (@file) | ||
+ | { | ||
+ | | ||
+ | | ||
+ | } | ||
+ | $session-> | ||
+ | $session-> | ||
+ | @output = $session-> | ||
+ | print @output; | ||
+ | $session-> | ||
+ | </ | ||
+ | |||
+ | |||
+ | ===== Cisco IPIP Tunnels ===== | ||
+ | |||
+ | **Linux (192.168.2.1): | ||
+ | |||
+ | / | ||
+ | / | ||
+ | |||
+ | **Cisco (192.168.1.1): | ||
+ | |||
+ | | ||
+ | ip address 192.168.3.1 255.255.255.252 | ||
+ | ip mtu 1500 | ||
+ | | ||
+ | | ||
+ | | ||
+ | |||
+ | ===== GRE tunel (Cisco & Juniper) ===== | ||
+ | |||
+ | | ||
+ | |||
+ | **Juniper Configuration** | ||
+ | < | ||
+ | > show configuration interfaces gr-0/1/0 | ||
+ | unit 0 { | ||
+ | tunnel { | ||
+ | source 219.93.2.1; | ||
+ | destination 219.93.2.2; | ||
+ | key 123456; ## problem | ||
+ | } | ||
+ | family inet { | ||
+ | mtu 1514; | ||
+ | address 192.168.1.1/ | ||
+ | } | ||
+ | } | ||
+ | </ | ||
+ | |||
+ | **Cisco Configuration** | ||
+ | < | ||
+ | interface | ||
+ | Tunnel0 | ||
+ | ip address 192.168.1.2 255.255.255.252 | ||
+ | no ip unreachables | ||
+ | no ip proxy-arp | ||
+ | ip mtu 1514 | ||
+ | | ||
+ | | ||
+ | | ||
+ | </ | ||
+ | |||
+ | ===== Is there a way to block VTP from coming in a port ===== | ||
+ | |||
+ | * make the port an access port | ||
+ | * block 01-00-0C-CC-CC-CC (used by CDP too) | ||
+ | * use transparent vtp v1 & different domain | ||
+ | * block vlan 1 (although actually that's not possible) | ||
+ | |||
+ | You can also use " | ||
+ | (different vtp domains on each side). | ||
+ | |||
+ | ===== DHCP Configuration for Cisco VOIP Phones ===== | ||
+ | < | ||
+ | .... | ||
+ | authoritative; | ||
+ | ddns-update-style none; | ||
+ | option voip-tftp-server code 150 = ip-address; | ||
+ | option voip-tftp-server 192.168.134.192; | ||
+ | </ | ||
+ | |||
+ | This should likely work for you as well, just make sure you replace the IP for “voip-tftp-server” with the address to your core phone server. | ||
+ | |||
+ | ===== Slow ADSL with 12.4 IOS version?! ===== | ||
+ | |||
+ | < | ||
+ | Ciscozine(config-if)# | ||
+ | 1000000 | ||
+ | 1300000 | ||
+ | 1600000 | ||
+ | 2000000 | ||
+ | 2600000 (default) | ||
+ | 3200000 | ||
+ | 4000000 | ||
+ | 5300000 | ||
+ | 7000000 | ||
+ | |||
+ | < | ||
+ | | ||
+ | |||
+ | Ciscozine(config-if)# | ||
+ | 1000000 | ||
+ | 1300000 | ||
+ | 1600000 | ||
+ | 2000000 | ||
+ | 2600000 (default) | ||
+ | 3200000 | ||
+ | 4000000 | ||
+ | 5300000 | ||
+ | 7000000 | ||
+ | |||
+ | < | ||
+ | | ||
+ | |||
+ | Ciscozine(config-if)# | ||
+ | </ | ||
+ | |||
+ | In fact, if you don’t define the clock rate command into the atm interface, the IOS set to 2600000 this parameter. To force it, use the command ‘clock rate aal5′; in my case I use the command ‘clock rate aal5 7000000′. | ||
+ | |||
+ | Below the download speed test guarantee the bandwith improvement. More info on http:// | ||
+ | |||
+ | ===== 1:1 NAT (not Cisco NAT) example ===== | ||
+ | |||
+ | < | ||
+ | ! WAN interface | ||
+ | interface FastEthernet0/ | ||
+ | | ||
+ | ip address 10.66.175.21 255.255.240.0 | ||
+ | ip nat outside | ||
+ | ! PPPoE ip tcp adjust-mss 1412 | ||
+ | ! | ||
+ | ! LAN interface | ||
+ | interface FastEthernet0/ | ||
+ | ip address 192.168.156.1 255.255.255.0 | ||
+ | ip nat inside | ||
+ | ! | ||
+ | ! Redirect 0.0.0.0 --> 10.66.175.21 --> 192.168.156.2 | ||
+ | ip nat inside source static 192.168.156.2 10.66.175.21 | ||
+ | </ | ||
+ | |||
+ | <note tip>With this rule '' | ||
+ | |||
+ | |||
+ | ==== Cisco NAT ==== | ||
+ | |||
+ | < | ||
+ | ip nat pool NAT 10.252.162.2 10.252.162.2 netmask 255.255.255.252 | ||
+ | ip nat inside source list 10 pool NAT overload | ||
+ | |||
+ | |||
+ | access-list 10 permit 10.52.4.0 0.0.0.255 | ||
+ | </ | ||
+ | ===== NAT Based Upon Source Address ===== | ||
+ | |||
+ | {{http:// | ||
+ | |||
+ | See original source: http:// | ||
+ | |||
+ | |||
+ | |||
+ | |||
+ | ====== Foobar ====== | ||
< | < |