1. Auto secure
Cisco also provides a One-step lockdown-like feature at the command line! This feature is called AutoSecure. It uses the command shown below:auto secure [management | forwarding] [no-interact | full] [ntp | login | ssh | firewall | tcp-intercept]
2. Change Site-to-Site VPN Idle time out to 5 minutes
For IOS Router
R1(config)#crypto ipsec security-association idle-time 300 |
For ASA
ASA1(config)#group-policy GP_1.1.1.2 attributes ASA1(config-group-policy)#vpn-idle-timeout 300 ASA1(config-group-policy)#vpn-session-timeout none |
Usually we could use 'show version' command to find out SN , but for Nexus you will have to use 'show inventory' to get Chassis SN
Nexus1# show inventory
NAME: "Chassis", DESCR: "Nexus5548 Chassis" PID: N5K-C5548UP , VID: V01 , SN: SSI163604J NAME: "Module 1", DESCR: "O2 32X10GE/Modular Universal Platform Supervisor" PID: N5K-C5548UP , VID: V01 , SN: FOC1645D5F NAME: "Fan 1", DESCR: "Chassis fan module" PID: N5548P-FAN , VID: N/A , SN: N/A NAME: "Fan 2", DESCR: "Chassis fan module" PID: N5548P-FAN , VID: N/A , SN: N/A NAME: "Power supply 1", DESCR: "AC power supply" PID: N55-PAC-750W , VID: V02 , SN: ART16310D6 NAME: "Power supply 2", DESCR: "AC power supply" PID: N55-PAC-750W , VID: V02 , SN: ART16310SQ NAME: "Module 3", DESCR: "O2 Daughter Card with L3 ASIC" PID: N55-D160L3-V2 , VID: V01 , SN: FOC1637NT8 NAME: "FEX 101 CHASSIS", DESCR: "N2K-C2248TP-1GE CHASSIS" PID: N2K-C2248TP-1GE , VID: V03 , SN: SSI1637FHK NAME: "FEX 101 Module 1", DESCR: "Fabric Extender Module: 48x1GE, 4x10GE Supervi sor" PID: N2K-C2248TP-1GE , VID: V03 , SN: FOC1645WH9 NAME: "FEX 101 Fan 1", DESCR: "Fabric Extender Fan module" PID: N2K-C2248-FAN , VID: N/A , SN: N/A NAME: "FEX 101 Power Supply 1", DESCR: "Fabric Extender AC power supply" PID: N2200-PAC-400W , VID: V04 , SN: LIT16390H9 NAME: "FEX 101 Power Supply 2", DESCR: "Fabric Extender AC power supply" PID: N2200-PAC-400W , VID: V04 , SN: LIT16390HH NAME: "FEX 102 CHASSIS", DESCR: "N2K-C2248TP-1GE CHASSIS" PID: N2K-C2248TP-1GE , VID: V03 , SN: SSI16390DJ |
4. Show Commands Information
Flash: IOS
RAM: All tables and configuration when router is running. Info will be lost when power off.
ROM: POST, Bootstrap, Mini-IOS
NVRAM:Startup-config
5. SYSLOG Writing to Local Disk or Flash Card
Router(config)# logging persistent url disk0:/syslog size 134217728 filesize 16384
%Warning: the ratio between logging persistent size and logging persistent filesize is 134217728/16384, suggested ratio is less than 196 in order to achieve good system performace Router(config)# logging persistent url disk0:/syslog size 134217728 filesize 1342177 Router#sh log Syslog logging: enabled (0 messages dropped, 9 messages rate-limited, 0 flushes, 0 overruns, xml disabled, filtering disabled) No Active Message Discriminator. No Inactive Message Discriminator. Console logging: disabled Monitor logging: level debugging, 0 messages logged, xml disabled, filtering disabled Buffer logging: level debugging, 8665 messages logged, xml disabled, filtering disabled Exception Logging: size (4096 bytes) Count and timestamp logging messages: disabled Persistent logging: enabled, url disk0:/syslog, disk space 134217728 bytes, file size 1342177 bytes, batch size 4096 bytes No active filter modules. Trap logging: level debugging, 8669 message lines logged Logging to 10.2.2.3 (udp port 514, audit disabled, link up), 8668 message lines logged, 0 message lines rate-limited, 0 message lines dropped-by-MD, xml disabled, sequence number disabled filtering disabled Logging Source-Interface: VRF Name: Loopback0 Log Buffer (8192 bytes): 12 EST: %C7600_PLATFORM-SP-3-LOW_BATT: Low Voltage detected for NVRAM Battery ........[Omitted] Router# copy disk0:/syslog ftp://myuser:[email protected]/syslog |
6. Check Routers Power Supply Status
Router#show environment SYSTEM POWER SUPPLY STATUS ========================== Internal Power Supply 1 Type: AC Internal Power Supply 1 12V Output Status: Normal Internal Power Supply 2 Type: AC Internal Power Supply 2 12V Output Status: Fail SYSTEM FAN STATUS ================= Fan 1 OK, Low speed setting Fan 2 OK, Low speed setting Fan 3 OK, Low speed setting Fan 4 OK, Low speed setting Fan 5 OK, Low speed setting SYSTEM TEMPERATURE STATUS ========================= Intake Left temperature: 25 Celsius, Normal Intake Right temperature: 22 Celsius, Normal Exhaust Right temperature: 29 Celsius, Normal Exhaust Left temperature: 31 Celsius, Normal CPU temperature: 24 Celsius, Normal Power Supply Unit 1 temperature: 24 Celsius, Normal REAL TIME CLOCK BATTERY STATUS ============================== Battery OK (checked at power up) CPU CORE TEMPERATURE STATUS =========================== CPU Core current reading, target = 24, reading = 62 : Normal CPU Core out of target history in past 1045868.0 mins: Consecutive out-of-range mins high water mark: 0.0 Total minutes out-of-range: 0.0 Last 5 minutes out-of-range: 0.0 Last 5 minutes consecutive out-of-range: 0.0 Last 5 minutes read failure count: 0 SYSTEM WATTAGE =============== Motherboard, EHWIC, PVDM, Power Supply and Fan Power consumption = 123.1 W Total System Power consumption is: 123.1 W Environmental information last updated 00:00:11 ago |
7. Portchannel Adding vlan without downtime
For trunk links, it is best to take out portfast and bpduguard from interface configuration.
no spanning-tree portfast no spanning-tree bpduguard enable
Always add or remove VLANs from the port-channel interface since the individual physical links will inherit the VLAN set automatically. If added a VLAN to a phyiscal layer2 interface instead of the logical layer2 port-channel, it will bring the etherchannel down.
For example, to add vlan 50 to etherchannel 3:
conf t
interface port-channel 3
switchport trunk allowed vlan add 50
end
show run interface gi0/3
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 2-49
switchport mode trunk
channel-group 3 mode on
The last line "channel-group 1 mode on" indicates that this port is part of etherchannel 3. If you try to add a VLAN 50 to the etherchannel by adding the VLAN 50 to the physical port g0/3, this port will be removed from the etherchannel 3 and this will cause spanning tree to throw a wobbly.
8. Cisco Switch Lights Meaning
SYSTEM(SYST) Light
Overall status of the switch.
- Off: Switch is not powered on
- Green: Switch is working fine
- Amber: Switch is powered on but faulty
REDUNDANT POWER SUPPLY(RPS) Light
Provides backup power to the switch if the main supply goes off.
- Off: No RPS available,
- Green: RPS is working fine
- Blinking Green: Providing backup to some other device
- Amber: RPS is faulty
- Flashing Amber: RPS is providing backup(primary power off)
DUPLEX
Duplex status of the switch ports.
- Off: Switch port is half duplex
- Green: Switch port is full duplex
UTIL
Utilization status of the switch ports.
SPEED
Speed status of the switch ports.
- Off: Switch port is operating at 10Mbps
- Green: Switch port is operating at 100Mbps
- Flashing green: Switch port is operating at 1000Mbps
Status of the switch ports.
- Off: No device connected/port is administratively down.
- Green: Device is connected.
- Blinking green: Port is sending/receiving data.
- Alternating green amber: Fault in link/Frames experiencing error
- Amber: Port is blocked by Spanning Tree Protocol