Cisco IOS Command Tips and Tricks - Part 2

Cisco IOS command list is getting longer , and it has been split into two posts:

• Cisco IOS Command Tips and Tricks – Part 1
• Cisco IOS Command Tips and Tricks – Part 2

1. Auto secure

Cisco also provides a One-step lockdown-like feature at the command line! This feature is called AutoSecure. It uses the command shown below:

auto secure [management | forwarding] [no-interact | full] [ntp | login | ssh | firewall | tcp-intercept]


2. Change Site-to-Site VPN Idle time out to 5 minutes

For IOS Router

R1(config)#crypto ipsec security-association idle-time 300

For ASA

ASA1(config)#group-policy GP_1.1.1.2 attributes ASA1(config-group-policy)#vpn-idle-timeout 300 ASA1(config-group-policy)#vpn-session-timeout none

3. Find Cisco Devices Serial Number
Usually we could use 'show version' command to find out SN , but for Nexus you will have to use 'show inventory' to get Chassis SN

Nexus1# show inventory NAME: "Chassis", DESCR: "Nexus5548 Chassis" PID: N5K-C5548UP       , VID: V01 , SN: SSI163604J NAME: "Module 1", DESCR: "O2 32X10GE/Modular Universal Platform Supervisor" PID: N5K-C5548UP       , VID: V01 , SN: FOC1645D5F NAME: "Fan 1", DESCR: "Chassis fan module" PID: N5548P-FAN        , VID: N/A , SN: N/A NAME: "Fan 2", DESCR: "Chassis fan module" PID: N5548P-FAN        , VID: N/A , SN: N/A NAME: "Power supply 1", DESCR: "AC power supply" PID: N55-PAC-750W      , VID: V02 , SN: ART16310D6 NAME: "Power supply 2", DESCR: "AC power supply" PID: N55-PAC-750W      , VID: V02 , SN: ART16310SQ NAME: "Module 3", DESCR: "O2 Daughter Card with L3 ASIC" PID: N55-D160L3-V2     , VID: V01 , SN: FOC1637NT8 NAME: "FEX 101 CHASSIS", DESCR: "N2K-C2248TP-1GE  CHASSIS" PID: N2K-C2248TP-1GE   , VID: V03 , SN: SSI1637FHK NAME: "FEX 101 Module 1", DESCR: "Fabric Extender Module: 48x1GE, 4x10GE Supervi sor" PID: N2K-C2248TP-1GE   , VID: V03 , SN: FOC1645WH9 NAME: "FEX 101 Fan 1", DESCR: "Fabric Extender Fan module" PID: N2K-C2248-FAN     , VID: N/A , SN: N/A NAME: "FEX 101 Power Supply 1", DESCR: "Fabric Extender AC power supply" PID: N2200-PAC-400W    , VID: V04 , SN: LIT16390H9 NAME: "FEX 101 Power Supply 2", DESCR: "Fabric Extender AC power supply" PID: N2200-PAC-400W    , VID: V04 , SN: LIT16390HH NAME: "FEX 102 CHASSIS", DESCR: "N2K-C2248TP-1GE  CHASSIS" PID: N2K-C2248TP-1GE   , VID: V03 , SN: SSI16390DJ

4. Show Commands Information

Show Version / Show Flash / Show Interfaces

Show processes CPU / Show memory / Show stacks / Show buffers

Show running-config / Show startup-config

Flash: IOS
RAM: All tables and configuration when router is running. Info will be lost when power off.
ROM: POST, Bootstrap, Mini-IOS
NVRAM:Startup-config
5. SYSLOG Writing to Local Disk or Flash Card

Router(config)# logging persistent url disk0:/syslog size 134217728 filesize 16384         %Warning: the ratio between logging persistent size and logging persistent filesize is 134217728/16384, suggested ratio is less than 196 in order to achieve good system performace Router(config)# logging persistent url disk0:/syslog size 134217728 filesize 1342177   Router#sh log  Syslog logging: enabled (0 messages dropped, 9 messages rate-limited, 0 flushes, 0 overruns, xml disabled, filtering disabled) No Active Message Discriminator. No Inactive Message Discriminator.     Console logging: disabled     Monitor logging: level debugging, 0 messages logged, xml disabled,                      filtering disabled     Buffer logging:  level debugging, 8665 messages logged, xml disabled,                     filtering disabled     Exception Logging: size (4096 bytes)     Count and timestamp logging messages: disabled     Persistent logging: enabled, url disk0:/syslog, disk space 134217728 bytes, file size 1342177 bytes, batch size 4096 bytes No active filter modules.     Trap logging: level debugging, 8669 message lines logged         Logging to 10.2.2.3  (udp port 514, audit disabled,               link up),               8668 message lines logged,                0 message lines rate-limited,                0 message lines dropped-by-MD,                xml disabled, sequence number disabled               filtering disabled         Logging Source-Interface:       VRF Name:         Loopback0                        Log Buffer (8192 bytes): 12 EST: %C7600_PLATFORM-SP-3-LOW_BATT: Low Voltage detected for NVRAM Battery ........[Omitted] Router# copy disk0:/syslog ftp://myuser:[email protected]/syslog

6. Check Routers Power Supply Status

Router#show environment  SYSTEM POWER SUPPLY STATUS ==========================  Internal Power Supply 1 Type: AC  Internal Power Supply 1 12V Output Status: Normal  Internal Power Supply 2 Type: AC  Internal Power Supply 2 12V Output Status: Fail SYSTEM FAN STATUS =================  Fan 1 OK, Low speed setting  Fan 2 OK, Low speed setting  Fan 3 OK, Low speed setting  Fan 4 OK, Low speed setting  Fan 5 OK, Low speed setting SYSTEM TEMPERATURE STATUS =========================  Intake Left temperature: 25 Celsius, Normal  Intake Right temperature: 22 Celsius, Normal  Exhaust Right temperature: 29 Celsius, Normal  Exhaust Left temperature: 31 Celsius, Normal  CPU temperature: 24 Celsius, Normal  Power Supply Unit 1 temperature: 24 Celsius, Normal            REAL TIME CLOCK BATTERY STATUS ==============================  Battery OK (checked at power up) CPU CORE TEMPERATURE STATUS ===========================   CPU Core current reading, target = 24, reading = 62 : Normal   CPU Core out of target history in past 1045868.0 mins:      Consecutive out-of-range mins high water mark: 0.0      Total minutes out-of-range: 0.0      Last 5 minutes out-of-range: 0.0      Last 5 minutes consecutive out-of-range: 0.0      Last 5 minutes read failure count: 0 SYSTEM WATTAGE ===============  Motherboard, EHWIC, PVDM, Power Supply and Fan Power consumption = 123.1 W  Total System Power consumption is: 123.1 W  Environmental information last updated 00:00:11 ago

7. Portchannel Adding vlan without downtime

For trunk links, it is best to take out portfast and bpduguard from interface configuration.

no spanning-tree portfast
no spanning-tree bpduguard enable

Always add or remove VLANs from the port-channel interface since the individual physical links will inherit the VLAN set automatically.  If added a VLAN to a phyiscal  layer2 interface instead of the logical layer2 port-channel, it will bring the etherchannel down.

For example, to add vlan 50 to etherchannel 3:

conf t
interface port-channel 3
switchport trunk allowed vlan add 50
end

show run interface gi0/3
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 2-49
switchport mode trunk
channel-group 3 mode on

The last line "channel-group 1 mode on" indicates that this port is part of etherchannel 3.  If you try to add a VLAN 50 to the etherchannel by  adding the VLAN 50 to the physical port g0/3, this port will be removed from  the etherchannel 3 and this will cause spanning tree to throw a wobbly.


8. Cisco Switch Lights Meaning

SYSTEM(SYST) Light

Overall status of the switch.

• Off: Switch is not powered on
• Green: Switch is working fine
• Amber: Switch is powered on but faulty

REDUNDANT POWER SUPPLY(RPS) Light

Provides backup power to the switch if the main supply goes off.

• Off: No RPS available,
• Green: RPS is working fine
• Blinking Green: Providing backup to some other device
• Amber: RPS is faulty
• Flashing Amber: RPS is providing backup(primary power off)

DUPLEX
Duplex status of the switch ports.

• Off: Switch port is half duplex
• Green: Switch port is full duplex

UTIL
Utilization status of the switch ports.

SPEED
Speed status of the switch ports.

• Off: Switch port is operating at 10Mbps
• Green: Switch port is operating at 100Mbps
• Flashing green: Switch port is operating at 1000Mbps

STAT
Status of the switch ports.

• Off: No device connected/port is administratively down.
• Green: Device is connected.
• Blinking green: Port is sending/receiving data.
• Alternating green amber: Fault in link/Frames experiencing error
• Amber: Port is blocked by Spanning Tree Protocol