Cisco Tricks

home | blog | Teh Internet | guest blog |rants | placeholder | political | projects | Gwen and Liam | Citadel patched | Tools | Scouts


- Careful Chrome users, this search box might be "Not secure"


To change the number of lines before pausing in long output:

terminal length lines (where lines is 0 to 511) - put in 0 for don't pause
To change current switch for configuration in a stack
To list the swich numbers in the stack:
show switch

To change the current switch in stack context:
session 1
session 2

Whack that port back to default -

conf t
default interface gi1/0/2

To show all ports on all of the stack: - handy to find the port name of the port in a stack....

show interfaces switchport

Connect to the usb (sorta serial) port on newer switches?
Give screen a go:

screen /dev/ttyUSB1 9600
(newer 300 sort of Linux based switches up that to 115200)

bring an interface up or down?

no shutdown <- interface up
shutdown <- interface down (check out the test a setting section below to keep from shooting yourself in the foot first!)

need to just find out what the device is and other info?

enable
sh version

Or to find details for cards:
show diagbus

How about if you have a computer on a port, and you want to figure out what port it is on (Cisco only trick):
Grab this tool: http://sourceforge.net/projects/cdpr/
Might need this as well (winpcap): http://www.winpcap.org/
Thanks monkeymental.com !

cdpr
cdpr - Cisco Discovery Protocol Reporter Version 1.0.7
Copyright (c) 2002 - MonkeyMental.com

1. \Device\NPF_GenericNdisWanAdapter (Generic NdisWan adapter)
2. \Device\NPF_{blahblah} (AMD PCNet Adapter)
Enter the interface number (1-2):2
Using Device: \Device\NPF_{blahblah}
Waiting for CDP advertisement
(default config is to transmit CDP packets every 60 seconds)
Device ID
  value:  switch101
Addresses
  value:  10.6.8.253
  value:  10.6.8.253
Port ID
  value:  GigabitEthernet0/5


- Alternate method:
Parthiban show how in his blog, using tcpdump:
http://www.lazysystemadmin.com/2011/09/find-out-which-switch-port-connected.html
In case that link goes away, here is an example - replace eth0 with your wired interface name:

 tcpdump -nn -v -i eth0 -s 1500 -c 1 'ether[20:2] == 0x2000'

Check for port id in the output:
	Port-ID (0x03), length: 20 bytes: 'GigabitEthernet1/0/3'

Have an unsupported gbic module? (WARNING! - can case warranty issues see warnings that the command issues!)

Here is a list of supported gbic modules on the 2960 at least:


http://www.cisco.com/en/US/products/hw/modules/ps4999/products_tech_note09186a00807a30d6.shtml#support6


Also, if the "unsupported command" gets knocked out by a future Cisco IOS upgrade, you are on your own (not that you did not know that already, as you are reading a geek blog).

Links for future reference. Thanks folks!

http://www.velocityreviews.com/forums/t35169-gbic-down.html
http://www.wifi-forum.com/wf/showthread.php?t=71439
http://www.elemental.net/~lf/undoc/

telnet switchip

(if unconfigured, boot and hold the mode button - with no devices connected) until the 4 leds turn green - about 2 seconds - then release and go to 10.0.0.1 after setting up your computer for the range and connecting the Ethernet cable)

enable
show interfaces status err-disabled
(see that you have gbic-invalid port!)

configure terminal
no errdisable detect cause gbic-invalid
service unsupported-transceiver    #possibly with "config IOS" at the end?
end
copy run start
reload

To get the sfp port working (by disabling the paired copper Gig port on a cisco 2960 -

enable
configure terminal
interface gi0/1
media-type sfp
end
show interfaces gi0/1 transceiver properties
(see that you get Configured Media: sfp) - note, this disables the copper port below on the 2960.
copy run start
reload

To "test" a setting that may make you lose your connection:

reload in 5 #reboot switch and reload original config in 5 min - go Scotty go!

make changes you need to test and if you loose connection, the reload is still in place.

If all is well, cancel the reload with this:
reload cancel

This makes a nice way to not have to tell end users to unplug a remote switch / router

Don't forget to save!
copy start run

To find the switch port devices are on using Cisco IOS:

show mac-address-table show mac address-table

To set up remote syslog using Cisco IOS:

enable
config
logging on
logging w.x.y.z
logging trap debugging
service timesamps log uptime
exit
copy run start
more info on troubleshooting a t1 and syslog here:

http://www.cisco.com/en/US/tech/tk713/tk628/technologies_tech_note09186a00800a5f40.shtml

http://www.cisco.com/en/US/products/sw/cscowork/ps2073/products_tech_note09186a00800a7275.shtml

Telnet in with Python and snag the interface counters

Ever want to get more than shown by syslog but don't have all day and night to stay up and capture the interface status?

Well, today is your lucky day. Just edit the script and set up a nice cron job for it and you can log the status using Python and telnetlib!

Enjoy: ciscointerface.py

Configure an ip address

conf t
interface vlan 1
ip address 192.168.0.2 255.255.255.252
no shut
switch(config)#write

now you need a password set:

switch(config)#line vty 0 15
switch(config-line)#password blah
switch(config-line)#transport input telnet
switch(config-line)#login
switch(config-line)#exit
switch#copy running-config startup-config
switch#config
switch(config)#enable secret enablesecretpassword
switch(config)#exit
switch#copy running-config startup-config

Try to telnet in from elsewhere with the password (and new enable password).
Set a host name
enable
conf t
hostname xyz
end
copy running-config startup-config

Configure a trunk for vlan propagation.

On the switch that is considered the vtp server (there can be only one):

conf t
vtp mode server
vtp domain somename
vtp password somepassword
copy run start

On the other switches:

conf t
vtp mode client
vtp domain somename
vtp password somepassword
copy run start

- update - make sure vtp version is 2 or you will get :
*** MD5 digest checksum mismatch on trunk

- if you do it later, you will have to set vtp version 3 and then back to 2 on the fly.

Now set up trunking on your interconnection interfaces:
(first the master switch - i.e. vtp server):
conf t
interface te1/0/1
switchport mode trunk (don't fret if the locks for a bit, wait for it!)
switchport trunk allowed vlan 1,100
no shutdown

do the trunk setup on the other client switches the same way.

Now set up some vlans on the master switches access ports and some on the client switches and give it a spin!
configure terminal
(config)#interface fastethernet 0/2
(config-if)#switchport mode access
(config-if)#switchport access vlan 100
(config-if)#exit
(config)#interface fastethernet 0/3
(config-if)#switchport mode access
(config-if)#switchport access vlan 100
(config-if)#end
#write memory
copy run start

Go back to the master switch and configure an IP in the new vlan space:
conf t
interface vlan 100
ip address 192.168.100.5 255.255.255.0

To check the vtp config:
show vtp status
show vtp counters

Check for advertisements from each of the switches and the status of the trunk ports!
Getting "max retries removing client" from your old Aironet AP's?
config t
interface dot11radio 0
packet retries 128 drop-packet
end
copy run start

The value ranges from 1-128. 128 seems to work for me when many clients are in use.
The dot11radio is 0 or 1 depending on B/G or A radios.

Is the Java in the web page for the Aironet devices you have full of the suck?
Since newer browsers won't show associations, you can get it via telnet (assuming you have that enabled):

show dot11 associations

Cisco NCS Prime Infrastructure - reset admin user via the vm console"

configure terminal
username admin password plain NEWSECRETPASSWORD role admin
exit
copy run start

Cisco NCS Prime Infrastructure - shutdown via the console

Log in as admin
# ncs stop
# halt

Cisco NCS Prime Infrastructure - no web interface for you?

Check it via the console vm:

show application status NCS
(see what is started / stopped / broken)

NCS stop
NCS cleanup
NCS start

Hope that works.  More drastic measures:
NCS  DB reinitdb <- clears out all data so don't do this unless you like setting everything up again

Cisco NCS Prime Infrastructure - weak in the keys? Is a weak ssl cert stopping your from managing via the web interface?
Found the workaround here: https://supportforums.cisco.com/discussion/12552276/pi-21-and-firefox-39

I am repeating the info from the link above in case it disappears in the future (before this blog does):

If you have problems with weak ssl keys and new browsers, here is a Firefox workaround:

about:config -> search security.ssl3.dhe_rsa_aes -> Double click each result (128 and 256) to toggle the Value to "false"

Change these settings back when you're done.


For a Cisco WLC 5500 series:
Change the management user password:
show mgmtuser
config mgmtuser password (mgmtusername) (new password)

Add a new user (read-write):
config mgmtuser add (new mgmtusername) (password for new mgmtusername) read-write


Linux vlan howto (brief):
apt install vlan
create vlan interface compatible with the vconfig naming.
(i.e. deviceX.Y - Y = vlan number)
ifup device0.50 (skip 1 and stay below 4096 for numbering for sure...0
(ensure 8021q module is loaded)
Trunk with: (Ubuntu 16.04 and up you must do this one first - before ifup)
ip link add link ethX name ethX.Y type vlan id Y
- verify it is up with (ip link) if not, set up with 
ip link set deviceX.Y up (bring vlan up)
ip link del ethX.Y (to remove)
Don't forget to do an ifup ethX.Y (if you still use the old form /etc/network/interfaces)
- and add: vlan-raw-device ethX.Y



[æ]