Today I will be adding some show commands... Although these are well known to myself and many others, I just feel it will be nice to have them available online for reference before they get lost among the sea of ever growing piles of notes!
sw1#show interfaces status
Port Name Status Vlan Duplex Speed Type
Fa0/1 notconnect 1 auto auto 10/100BaseTX
Fa0/2 notconnect 1 auto auto 10/100BaseTX
_______________
sw1#sh spanning-tree mst config
Name []
Revision 0 Instances configured 1
Instance Vlans mapped
-------- ---------------------------------------------------------------------
0 1-4094
_______________
r2#sh ip cef
Prefix Next Hop Interface
0.0.0.0/0 drop Null0 (default route handler entry)
0.0.0.0/32 receive
1.1.1.1/32 192.168.1.1 FastEthernet0/0
2.2.2.2/32 receive
192.168.1.0/24 attached FastEthernet0/0
192.168.1.0/32 receive
192.168.1.1/32 192.168.1.1 FastEthernet0/0
192.168.1.2/32 receive
192.168.1.255/32 receive
224.0.0.0/4 drop
224.0.0.0/24 receive
255.255.255.255/32 receive
_______________
r2#sh ip route | inc FastEthernet0/0
O 1.1.1.1 [110/2] via 192.168.1.1, 00:04:17, FastEthernet0/0
C 192.168.1.0/24 is directly connected, FastEthernet0/0
_______________
sw1#sh interfaces fa 0/19 switchport
Name: Fa0/19
Switchport: Enabled
Administrative Mode: dynamic auto
Operational Mode: trunk
Administrative Trunking Encapsulation: negotiate
Operational Trunking Encapsulation: isl
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk associations: none
Administrative private-vlan trunk mappings: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none
_______________
sw1#sh spanning-tree blockedports
Name Blocked Interfaces List
-------------------- ------------------------------------
Number of blocked ports (segments) in the system : 0
_______________
sw1#sh mls qos inter fa 0/24 queueing
FastEthernet0/24
QoS is disabled. When QoS is enabled, following settings will be applied
Egress Priority Queue : disabled
Shaped queue weights (absolute) : 25 0 0 0
Shared queue weights : 25 25 25 25
The port bandwidth limit : 100 (Operational Bandwidth:100.0)
The port is mapped to qset : 1
_______________
r1#sh ip proto
Routing Protocol is "ospf 1"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Router ID 1.1.1.1
Number of areas in this router is 1. 1 normal 0 stub 0 nssa
Maximum path: 4
Routing for Networks:
0.0.0.0 255.255.255.255 area 0
Reference bandwidth unit is 100 mbps
Routing Information Sources:
Gateway Distance Last Update
2.2.2.2 110 00:09:06
1.1.1.1 110 00:10:05
Distance: (default is 110)
_______________
show ip eigrp 1 topology X.X.X.X
_______________
Switch#sh spanning-tree summary
Switch is in pvst mode
Root bridge for: none
Extended system ID is enabled
Portfast Default is disabled
PortFast BPDU Guard Default is disabled
Portfast BPDU Filter Default is disabled
Loopguard Default is disabled
EtherChannel misconfig guard is enabled
UplinkFast is disabled
BackboneFast is disabled
Configured Pathcost method used is short
Name Blocking Listening Learning Forwarding STP Active
---------------------- -------- --------- -------- ---------- ----------
VLAN0001 5 0 0 1 6
---------------------- -------- --------- -------- ---------- ----------
1 vlan 5 0 0 1 6
_______________
sw1#sh spanning-tree summary
Switch is in mst mode (IEEE Standard)
Root bridge for: MST0
Extended system ID is enabled
Portfast Default is disabled
PortFast BPDU Guard Default is disabled
Portfast BPDU Filter Default is disabled
Loopguard Default is disabled
EtherChannel misconfig guard is enabled
UplinkFast is disabled
BackboneFast is disabled
Configured Pathcost method used is short (Operational value is long)
Name Blocking Listening Learning Forwarding STP Active
---------------------- -------- --------- -------- ---------- ----------
MST0 0 0 0 8 8
---------------------- -------- --------- -------- ---------- ----------
1 mst 0 0 0 8 8
_______________
sw1#sh spanning-tree summary
Switch is in rapid-pvst mode
Root bridge for: none
Extended system ID is enabled
Portfast Default is disabled
PortFast BPDU Guard Default is disabled
Portfast BPDU Filter Default is disabled
Loopguard Default is disabled
EtherChannel misconfig guard is enabled
UplinkFast is disabled
BackboneFast is disabled
Configured Pathcost method used is short
Name Blocking Listening Learning Forwarding STP Active
---------------------- -------- --------- -------- ---------- ----------
VLAN0001 7 0 0 1 8
---------------------- -------- --------- -------- ---------- ----------
1 vlan 7 0 0 1 8
_______________
r1#sh ip ospf | inc ID
Routing Process "ospf 1" with ID 1.1.1.1
_______________
r1#sh frame-relay pvc 102
PVC Statistics for interface Serial0/1/0 (Frame Relay DTE)
DLCI = 102, DLCI USAGE = LOCAL, PVC STATUS = INACTIVE, INTERFACE = Serial0/1/0.1
input pkts 321 output pkts 225 in bytes 109716
out bytes 70324 dropped pkts 0 in pkts dropped 0
out pkts dropped 0 out bytes dropped 0
in FECN pkts 0 in BECN pkts 0 out FECN pkts 0
out BECN pkts 0 in DE pkts 0 out DE pkts 0
out bcast pkts 220 out bcast bytes 69804
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
pvc create time 04:22:51, last time pvc status changed 00:20:21
_______________
r1#show traffic-shape ser 0/1/0.1
Interface Se0/1/0.1
Access Target Byte Sustain Excess Interval Increment Adapt
VC List Rate Limit bits/int bits/int (ms) (bytes) Active
102 56000 875 7000 0 125 875 -
_______________
r2#sh ip protocols
Routing Protocol is "ospf 1"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Router ID 2.2.2.2
Number of areas in this router is 1. 1 normal 0 stub 0 nssa
Maximum path: 4
Routing for Networks:
0.0.0.0 255.255.255.255 area 0
Reference bandwidth unit is 100 mbps
Routing Information Sources:
Gateway Distance Last Update
1.1.1.1 110 00:27:47
Distance: (default is 110)
Routing Protocol is "eigrp 1"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Default networks flagged in outgoing updates
Default networks accepted from incoming updates
EIGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0
EIGRP maximum hopcount 100
EIGRP maximum metric variance 1
Redistributing: eigrp 1
EIGRP NSF-aware route hold timer is 240s
Automatic network summarization is not in effect
Maximum path: 4
Routing for Networks:
2.2.2.2/32
192.168.1.0
Routing Information Sources:
Gateway Distance Last Update
Distance: internal 90 external 170
_______________
r2#sh ip eigrp inter detail
IP-EIGRP interfaces for process 1
Xmit Queue Mean Pacing Time Multicast Pending
Interface Peers Un/Reliable SRTT Un/Reliable Flow Timer Routes
Fa0/0 0 0/0 0 0/1 0 0
Hello interval is 5 sec
Next xmit serial <none>
Un/reliable mcasts: 0/0 Un/reliable ucasts: 0/0
Mcast exceptions: 0 CR packets: 0 ACKs suppressed: 0
Retransmissions sent: 0 Out-of-sequence rcvd: 0
Authentication mode is not set
Use multicast
Lo0 0 0/0 0 0/1 0 0
Hello interval is 5 sec
Next xmit serial <none>
Un/reliable mcasts: 0/0 Un/reliable ucasts: 0/0
Mcast exceptions: 0 CR packets: 0 ACKs suppressed: 0
Retransmissions sent: 0 Out-of-sequence rcvd: 0
Authentication mode is not set
Use multicast
_______________
r1#sh key chain
Key-chain oer:
key 1 -- text "cisco"
accept lifetime (always valid) - (always valid) [valid now]
send lifetime (always valid) - (always valid) [valid now]
_______________
r1#sh ipv inter fa 0/0
FastEthernet0/0 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::1
No Virtual link-local address(es):
Global unicast address(es):
2001:1::1, subnet is 2001:1::/64
Joined group address(es):
FF02::1
FF02::2
FF02::1:FF00:1
MTU is 1500 bytes
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ICMP unreachables are sent
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds
ND advertised reachable time is 0 milliseconds
ND advertised retransmit interval is 0 milliseconds
ND router advertisements are sent every 200 seconds
ND router advertisements live for 1800 seconds
ND advertised default router preference is Medium
Hosts use stateless autoconfig for addresses.
_______________
show policy-map interface serial 0/1/0
_______________
r1#sh ip interface
FastEthernet0/0 is up, line protocol is up
Internet address is 192.168.1.1/24
Broadcast address is 255.255.255.255
Address determined by setup command
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Multicast reserved groups joined: 224.0.0.5 224.0.0.6 224.0.0.10
Outgoing access list is not set
Inbound access list is not set
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is enabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP fast switching on the same interface is disabled
IP Flow switching is disabled
IP CEF switching is enabled
IP CEF Fast switching turbo vector
IP multicast fast switching is enabled
IP multicast distributed fast switching is disabled
IP route-cache flags are Fast, CEF
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
RTP/IP header compression is disabled
Policy routing is disabled
Network address translation is disabled
BGP Policy Mapping is disabled
WCCP Redirect outbound is disabled
WCCP Redirect inbound is disabled
WCCP Redirect exclude is disabled
FastEthernet0/1 is administratively down, line protocol is down
Internet protocol processing disabled
Serial0/1/0 is up, line protocol is up
Internet protocol processing disabled
Serial0/1/0.1 is down, line protocol is down
Internet address is 10.1.1.1/24
Broadcast address is 255.255.255.255
Address determined by setup command
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Multicast reserved groups joined: 224.0.0.5
Outgoing access list is not set
Inbound access list is not set
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is enabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP fast switching on the same interface is enabled
IP Flow switching is disabled
IP CEF switching is enabled
IP CEF Fast switching turbo vector
IP multicast fast switching is enabled
IP multicast distributed fast switching is disabled
IP route-cache flags are Fast, CEF
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
RTP/IP header compression is disabled
Policy routing is disabled
Network address translation is disabled
BGP Policy Mapping is disabled
WCCP Redirect outbound is disabled
WCCP Redirect inbound is disabled
WCCP Redirect exclude is disabled
_______________
r1#sh ip rpf event
Last 15 triggered multicast RPF check events
RPF backoff delay: 500 msec
RPF maximum delay: 5 sec
DATE/TIME BACKOFF PROTOCOL EVENT RPF CHANGES
Jan 1 00:00:00.000 500 msec Connected Route UP 0
_______________
r1#sh ip rpf 1.1.1.1
RPF information for ? (1.1.1.1) failed, no route exists
Saturday, September 25, 2010
Wednesday, September 22, 2010
Lab Notes - Misc 9.22.2010
Well I am trying to catch up to my ever growing stack of notes that I have made so I will just be adding stuff without any real thought of organization. I will note that since I have gotten my own real hardware, things have become much easier to learn as I am able to stop and start when I like and be able to do all of the required tasks!
________________________
UDLD Note:
UDLD - Uses layer a 2 protocol to echo frames between the switches in which it is configured on to verify the ability to Tx / Rx.
Note: On the lab, should they ask "Provide Link Integrity" they are looking for UDLD.
________________________
DAI Note & Small Configuration:
DAI - Dynamic Arp Inspection
Here is a small snippet on how to configure DAI:
arp access-list oscar
permit ip 172.16.1.10 0.0.0.0 mac 1111.2222.2222 0.0.0
SW1(config)#ip arp inspection
SW1(config)#ip arp inspection filter oscar vlan 500 static
SW1(config)#ip arp inspection validate src-mac ip
Here is a show command to verify results:
SW1(config)#do sh ip arp ins vla 500
Source Mac Validation : Enabled
Destination Mac Validation : Disabled
IP Address Validation : Enabled
Vlan Configuration Operation ACL Match Static ACL
---- ------------- --------- --------- ----------
500 Enabled Active oscar Yes
Vlan ACL Logging DHCP Logging Probe Logging
---- ----------- ------------ -------------
500 Deny Deny Off
________________________
PBR Note & Small Configuration:
If your lab should mention that it is looking for a next-hop of last resort, it is probably looking for PBR (Policy Based Routing)
Here is an example:
Route-Map Out_R4
set ip default next-hop 172.16.1.1
ip local policy Out_R4
Note: If there is not a longer match in the router's RIB, then this can be used as a way to provide next hop redundancy.
________________________
Spanning-Tree Note:
When trying to manipulate the path when there are multiple connections to multiple switches, "Cost" is evaluated before Priority. Just remember that "Priority" is used on the Root Switch and "Cost" is used on the Non-Root Switch.
________________________
BGP Note:
When you are configuring BGP and using Advertise Maps / Non-Exist Maps, you must use an ACL (Do not use Prefix-List) to match your routes.
________________________
OSPF Note:
If you have multiple ABR routers and these routers connect to NSSA's, then the router with the highest router-id will do the Type7-5 translations.
________________________
IPv6 Redistribution:
Redistribution for IPv6 is different that IPv4 because you have to specifically redistribute connected, even if there part of the IGP.
______
Split Horizon for IPv6 is enabled / disabled under the ipv6 router command:
#ipv6 router rip oscar
#no split-horizon
Keep in mind that when you are working with IPv6 that you will be leaving off the "ip" portion as that is considered IPv4.
________________________
BVI - Bridged Virtual Interfaces
If you are using the same BVI on "one" interface, remember there might be an issue with split-horizon. Keep that in mind if only one router on the subnet is getting routes and the other is not.
________________________
________________________
UDLD Note:
UDLD - Uses layer a 2 protocol to echo frames between the switches in which it is configured on to verify the ability to Tx / Rx.
Note: On the lab, should they ask "Provide Link Integrity" they are looking for UDLD.
________________________
DAI Note & Small Configuration:
DAI - Dynamic Arp Inspection
Here is a small snippet on how to configure DAI:
arp access-list oscar
permit ip 172.16.1.10 0.0.0.0 mac 1111.2222.2222 0.0.0
SW1(config)#ip arp inspection
SW1(config)#ip arp inspection filter oscar vlan 500 static
SW1(config)#ip arp inspection validate src-mac ip
Here is a show command to verify results:
SW1(config)#do sh ip arp ins vla 500
Source Mac Validation : Enabled
Destination Mac Validation : Disabled
IP Address Validation : Enabled
Vlan Configuration Operation ACL Match Static ACL
---- ------------- --------- --------- ----------
500 Enabled Active oscar Yes
Vlan ACL Logging DHCP Logging Probe Logging
---- ----------- ------------ -------------
500 Deny Deny Off
________________________
PBR Note & Small Configuration:
If your lab should mention that it is looking for a next-hop of last resort, it is probably looking for PBR (Policy Based Routing)
Here is an example:
Route-Map Out_R4
set ip default next-hop 172.16.1.1
ip local policy Out_R4
Note: If there is not a longer match in the router's RIB, then this can be used as a way to provide next hop redundancy.
________________________
Spanning-Tree Note:
When trying to manipulate the path when there are multiple connections to multiple switches, "Cost" is evaluated before Priority. Just remember that "Priority" is used on the Root Switch and "Cost" is used on the Non-Root Switch.
________________________
BGP Note:
When you are configuring BGP and using Advertise Maps / Non-Exist Maps, you must use an ACL (Do not use Prefix-List) to match your routes.
________________________
OSPF Note:
If you have multiple ABR routers and these routers connect to NSSA's, then the router with the highest router-id will do the Type7-5 translations.
________________________
IPv6 Redistribution:
Redistribution for IPv6 is different that IPv4 because you have to specifically redistribute connected, even if there part of the IGP.
______
Split Horizon for IPv6 is enabled / disabled under the ipv6 router command:
#ipv6 router rip oscar
#no split-horizon
Keep in mind that when you are working with IPv6 that you will be leaving off the "ip" portion as that is considered IPv4.
________________________
BVI - Bridged Virtual Interfaces
If you are using the same BVI on "one" interface, remember there might be an issue with split-horizon. Keep that in mind if only one router on the subnet is getting routes and the other is not.
________________________
Tuesday, September 21, 2010
Switchport Port-Security
Learned something new yesterday about switchports and port-security. When you have a switchport that is doing Data / Voice, the switch will only see one MAC address such as the phone but we all know that the computer that plugs into the phone has a mac but not directly connected.
The switch will consider that (2) mac-address's but will only have one connected, hopefully you got that. I will put a sample configuration on here!
interface fastethernet 0/10
intf#switchport port-security
(You can add port-security to every port on the switch but until you actually turn it on then it is useless.)
intf#switchport port-security maximum <# of mac-address's>
intf#switchport port-security mac-address sticky
The switch will consider that (2) mac-address's but will only have one connected, hopefully you got that. I will put a sample configuration on here!
interface fastethernet 0/10
intf#switchport port-security
(You can add port-security to every port on the switch but until you actually turn it on then it is useless.)
intf#switchport port-security maximum <# of mac-address's>
intf#switchport port-security mac-address sticky
Subscribe to:
Comments (Atom)