This is an old revision of the document!
R1# show control-plane host open-ports Active internet connections (servers and established) Prot Local Address Foreign Address Service State tcp *:23 *:0 Telnet LISTEN tcp *:80 *:0 HTTP CORE LISTEN tcp *:179 *:0 BGP LISTEN tcp *:179 10.0.7.2:43962 BGP ESTABLIS tcp *:23 10.0.7.2:18036 Telnet ESTABLIS udp *:67 *:0 DHCPD Receive LISTEN udp *:68 *:0 BootP client LISTEN udp *:123 *:0 NTP LISTEN
Notes:
- This show command does not display non-TCP/UDP servers (OSPF, EIGRP, RSVP) or even some UDP-based services (RIP).
Policy/QoS
policy-map 3GbE
class class-default
police cir 3000000000 bc 562500000 conform-action transmit
exceed-action drop violate-action drop
Why are you receiving significantly more than 5Mbps inbound on interface f0/0 from the device with the MAC address of 1111.2222.3333?
Answer: Rate-limit command is wrong. Should use ‘access-group rate-limit 100′ to reference rate-limit access-list 100, not ‘access-group 100′.
interface FastEthernet0/0 rate-limit input access-group rate-limit 100 5000000 2500 2500 conform-action transmit exceed-action drop ! access-list rate-limit 100 1111.2222.3333
r1(config-if)#do sh int fa0/0 rate-limit FastEthernet0/0 Input **matches: access-group rate-limit 100** params: 5000000 bps, 2500 limit, 2500 extended limit conformed 0 packets, 0 bytes; action: transmit exceeded 0 packets, 0 bytes; action: drop last packet: 2557168ms ago, current burst: 0 bytes last cleared 00:01:43 ago, conformed 0 bps, exceeded 0 bps
Alias
To display IP addresses assigned to router's interfaces (excluding interfaces with no IP address) use show ip interface brief | exclude unassigned command.
Here is a sample printout:
C1#show ip int brief | excl unassigned Interface IP-Address OK? Method Status Protocol FastEthernet0/0 172.16.0.1 YES NVRAM up up Serial1/0 10.0.7.17 YES NVRAM up up Loopback0 10.0.1.1 YES NVRAM up up Tunnel0 192.168.0.1 YES manual up up
You could define an alias to create a new IOS command generating this printout, for example, alias exec ipconfig show ip interface brief | exclude unassigned.
List of useful aliases
alias exec ifconfig show ip interface brief | exclude unassigned alias exec sofn show ip ospf neighbor alias exec proc show processes cpu | exclude 0.00%__0.00%__0.00%
A basic script for handling ACLs of your Cisco Catalyst
A handy script ( taken from this site ) to keep the ACLs of our Cisco Catalyst 3560 in separate files, so as be able to edit them without connecting to the device and finally update them on the switch by using a perl script like this:
f cisco-acl.pl
#! /usr/bin/perl -w
# Note: in Debian/Ubuntu you need libnet-telnet-perl package
# to be installed on your system.
use Net::Telnet;
use File::Basename;
my $host = '1.1.1.1';
my $hostname = 'Switch';
my $username = 'ciscouser';
my $passwd = 'ciscopasswd';
my $enable = 'enablesecret';
my $aclname = $ARGV[0];
my $filepath = dirname($0)."/".$aclname;
my $logfile = '/tmp/acl-update.log';
sub Usage {
print "Usage: " . basename($0) . " \n";
exit 1;
}
if ( scalar @ARGV != 1)
{
print "Wrong number of arguments!\n";
&Usage();
}
if ( ! -e $filepath )
{
print "File " . $filepath . " does not exist\n";
&Usage();
}
open(ACL, $filepath) || die("Could not open file $aclname!");
@file = <ACL>;
$session = Net::Telnet->new(Timeout => 05,
Prompt => '/$hostname(\(config.*\))?[#>] *$/',
Dump_Log => '$logfile');
$session->open($host);
$session->login($username, $passwd);
$session->cmd("en\n$enable");
$session->cmd("conf t");
$session->cmd("no ip access-list extended $aclname");
$session->cmd("ip access-list extended $aclname");
foreach $line (@file)
{
chomp($line);
$session->cmd($line);
}
$session->cmd("exit");
$session->cmd("exit");
@output = $session->cmd("sh access-list $aclname");
print @output;
$session->cmd("exit");
Level 1 Headline
interface FastEthernet0/5 description IP PHONE x1014 & HOST 10.1.20.5 switchport access vlan 20 switchport trunk encapsulation dot1q switchport trunk native vlan 20 switchport trunk allowed vlan none switchport mode access switchport nonegotiate switchport block multicast switchport block unicast switchport voice vlan 101 switchport port-security switchport port-security maximum 3 switchport port-security aging time 10 switchport port-security aging type inactivity no ip address ip access-group ip-device-list in mls qos trust device cisco-phone mls qos trust dscp dot1x port-control auto dot1x guest-vlan 999 dot1x reauthentication mac access-group mac-device-list in spanning-tree portfast spanning-tree bpdufilter enable spanning-tree bpduguard enable spanning-tree guard root ! interface FastEthernet0/6 description *** UNUSED Port *** switchport access vlan 999 switchport trunk encapsulation dot1q switchport trunk native vlan 999 switchport trunk allowed vlan none switchport mode access switchport nonegotiate switchport block multicast switchport block unicast switchport port-security switchport port-security aging time 10 switchport port-security aging type inactivity no ip address ip access-group ip-device-list in shutdown mls qos cos override storm-control broadcast level 0.00 storm-control multicast level 0.00 storm-control unicast level 0.00 dot1x port-control force-unauthorized dot1x guest-vlan 999 dot1x host-mode multi-host mac access-group mac-device-list in no cdp enable spanning-tree portfast spanning-tree bpdufilter enable spanning-tree bpduguard enable spanning-tree guard root
bba-group pppoe vpn1 virtual-template 1 sessions per-vc limit 1 (1 max number of vpdn session per-vc) sessions per-mac limit 1 ( 1 max number of vpnd session per-mac) sessions per-mac throtlle ...
