June 13, 2008
My New Favorite IOS Command
I know I mentioned this command in passing a few posts ago, but this command has become so valuable to me, it needs its own post. It's the show run | section command. This allows you to define any "major heading" from the IOS configuration and it will filter the running configuration down to just those sections. This is very similar to how the ASA "show run" command works.
For example, I'm working on a book focused around CallManager Express (CME) right now. In CME, you create "ephones" which represent the IP Phones on your network. If I wanted to see the configuration for all my ephones, I can just type:
CME_Voice#show run | s ephone
max-ephones 24
ephone-dn 1
number 1000
ephone-dn 2 dual-line
number 1001
ephone-dn 3 dual-line
number 1003
ephone-dn 10 dual-line
number 1010
huntstop channel
ephone-dn 11
number 1010
preference 1
ephone 1
device-security-mode none
mac-address 0014.1C48.E71A
button 1:10
ephone 2
device-security-mode none
mac-address 0019.D122.DCF3
button 1:11
ephone 3
device-security-mode none
mac-address 0014.A89E.F845
button 1:1 2:2 3:3
ephone 4
device-security-mode none
(FYI - "s" is short for "section") As you can see, this shows all the sections of running-config that start with "ephone", which is all my ephones and ephone-dns (their directory numbers). Gotta love it!
Posted by JC at 9:11 AM | Comments (7) | TrackBack
June 2, 2008
Cisco Command Reference
Handy tip from Cisco TAC - if you've ever wanted to generate a command guide for your router, you can use the show parser dump command. Just type show parser dump <mode> where <mode> is the config mode of the router you'd like to see. For example:
CAT3550#show parser dump interface
Mode Name :interface
0 exit
0 help
15 description
15 switchport access vlan Number
15 switchport access vlan dynamic
15 switchport host
15 switchport mode access
15 switchport mode trunk
15 switchport mode dynamic auto
15 switchport mode dynamic desirable
15 switchport mode dot1q-tunnel
15 switchport trunk allowed vlan add
15 switchport trunk allowed vlan remove
15 switchport trunk allowed vlan except
15 switchport trunk allowed vlan all
15 switchport trunk allowed vlan none
15 switchport trunk allowed vlan
15 switchport trunk encapsulation isl
15 switchport trunk encapsulation dot1q
15 switchport trunk encapsulation negotiate
...
Generates a list of all commands from interface configuration mode. You can even see all the sub-commands and syntax description by typing show parser dump <mode> extend.
Posted by JC at 2:26 PM | Comments (1) | TrackBack
April 29, 2008
Yet More Handy IOS Filtering Commands
A list of commands you can use to filter output on a Cisco router:
show run | include <word>
show run | interface <interface>
show run | begin <word>
show run | section include <word>
The "section" command is my newest discovery. For example, if I want to see the configuration of ALL FastEthernet interfaces on my lab router, I could type:
PE1-T1#sh run | section include FastEthernet
interface FastEthernet1/0
description connection to PE1 Internet Router
ip address 51.88.99.2 255.255.255.252
speed 100
full-duplex
interface FastEthernet1/1
no ip address
shutdown
duplex auto
speed auto
interface FastEthernet2/0
no ip address
shutdown
duplex auto
speed auto
interface FastEthernet2/1
ip address 10.7.255.100 255.255.0.0
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
interface FastEthernet3/0
no ip address
shutdown
duplex auto
speed auto
interface FastEthernet3/1
no ip address
shutdown
duplex auto
speed auto
Posted by JC at 11:22 AM | Comments (6) | TrackBack
June 6, 2007
Using a Cisco Router as a DNS Server
The folks over at NIL have put together an excellent article on using a Cisco router as a central DNS server for your organization. They also include a new feature called DNS Views - it allows you to configure your Cisco router for split-DNS: giving private addresses to servers accessible to internal users but public addresses to anyone else asking from the Internet. Nice!!!
Click here for the full story.
Posted by JC at 5:36 AM | Comments (2) | TrackBack
March 14, 2007
Configuration Replacement
The group over at NIL have written an nice article on the configure replace command. I've seen this command a couple times, but never used it. It allows you to replace the running configuration with a copy of the startup configuration (or some other config you have on a TFTP server). Previously, this was only possible by rebooting the router or using a ton of "no" commands to back all your configuration out. The router can even list what commands will be negated as it replaces the running configuration! Nice!
The command to pull it off is this:
Router#configure replace nvram:startup-config list
The "list" command on the end will list the syntax the router is adding or removing as it goes...very nice! The entire write-up on this can be found here.
Posted by JC at 3:50 PM | Comments (3) | TrackBack
January 25, 2007
Show Interface Description
Where on earth have I been?!? I'm teaching a CCNA class this week and one of my students showed me the command show interface description. Until now, I thought the only way to see the description of an interface was to do a "show run" or "show interface" command. This command is SWEET! Talk about a quick way to see your connections.
Here's a sample from the Cat. 3500 I use at home:
CAT_3550#show interface description Interface Status Protocol Description Vl1 up up Vl50 up up Vl100 up up SERVER VLAN Vl200 up up LAN CLIENT VLAN Vl300 up up WIRELESS CLIENT VLAN Vl400 up up EXIT VLAN Vl600 up up VOICE VLAN Fa0/1 up up CONNECTION TO QWEST ISP Fa0/2 down down CONNECTION TO 2801 OUTSIDE INTERFACE Fa0/3 up up VONAGE LINKSYS ROUTER Fa0/4 up up NETGEAR WPA-PSK WIRELESS Fa0/5 down down CONNECTION TO 2801 INSIDE INTERFACE
Posted by JC at 4:12 PM | Comments (8) | TrackBack
December 24, 2006
Configuration Change Tracking...Built in?!?
For years, I have been relying on outside tools to tack changes in running configurations on Cisco devices. One of my favorite (cheaper) tools has been Kiwi CatTools. However, recently, someone turned me on to the fact that this functionality is BUILT-IN to the Cisco IOS! Here's the basics:
The feature is called Configuraton Change Notification and Logging. It has been available since IOS 12.3(4)T/12.2(25)S (it has really gone mainstream in 12.4).
For each configuration command that is executed, the following information will be logged:
• The command that was executed
• The configuration mode in which the command was executed
• The name of the user that executed the command
• The time at which the command was executed
• A configuration change sequence number
• Parser return codes for the command
Pretty nice - and you can have this information stored in a local buffer or sent to a syslog server. Here's a configuration that will get you going:
Router(config)# archive
Router(config-archive)# log config (enters config logging mode)
Router(config-archive-log-config)# logging enable (turns on running config change logging)
Router(config-archive-log-config)# logging size 500 (remembers the last 500 commands entered - 100 are default)
Router(config-archive-log-config)# hidekeys (hides passwords from being shown / logged)
Router(config-archive-log-config)# notify syslog (optional - exports changes to syslog server)
Watch this: this is an example of what the logging looks like in action:
CH_NAME_RTR# show archive log config all
idx sess user@line Logged command
1 1 jeremy@vty0 | logging enable
2 1 jeremy@vty0 | logging size 200
3 2 jeremy@vty0 |hostname CH_NAME_RTR
4 2 jeremy@vty0 |enable secret ***** (this is hidden because of hidekeys command)
5 2 jeremy@vty0 |interface FastEthernet0/0
6 2 jeremy@vty0 | bandwidth 100000
Posted by JC at 4:31 PM | Comments (2) | TrackBack
November 2, 2006
Recovering IOS from ROMMON via TFTP
This information is here primarily for my reference at customer sites; for some odd reason, I seem to be recovering IOS images through ROMMON quite a bit lately. These are the minimum fields to get this going through TFTP rather than XModem.
rommon 1 > IP_ADDRESS=192.168.1.100
rommon 2 > IP_SUBNET_MASK=255.255.255.0
rommon 3 > DEFAULT_GATEWAY=192.168.1.1
rommon 4 > TFTP_SERVER=192.168.1.50
rommon 5 > TFTP_FILE=c2600-adventerprisek9-mz.124-5a.bin
rommon 6 > tftpdnld (this command kicks off the tftp download)
Posted by JC at 3:39 PM | Comments (10) | TrackBack
May 13, 2006
Cisco Tips and Tricks paper
I ran across this paper by Global Knowledge. It's good reading for "newbies" to the Cisco realm - it talks about many of the ways to make your router more efficient. I learned a couple new things from it myself.
Click here to check it out (PDF format)
Posted by JC at 9:59 AM | Comments (1) | TrackBack
January 9, 2006
Three handy alias commands
From global config:
alias exec s show ip interface brief (the ol' standby)
alias exec traffic sh ip nbar protocol-discovery stats bit-rate top-n 10 (shows top 10 protocols using your interfaces)
alias exec proc show proc cpu | excl 0.00%__0.00%__0.00% (shows only processes using CPU)
Posted by JC at 3:26 PM | Comments (3) | TrackBack
December 26, 2005
Alias me!
There are quite a few very cool commands in the world of Cisco, but there is one that stands consistently at the top of the heap. It is one I type on every router, first thing. The column-based, concise, cleanly output…the one, the only:
Router#show ip interface brief
Pop! The one firework just went off. Seriously though, that is an awesome command. The only problem is that it takes too long to type. If I want to see the status of all my interfaces quickly, I want the command I type to be quick. That’s where the alias command comes into play. The Cisco IOS allows you to create an alias for any command in any mode – here’s the syntax:
Router(config)#alias <mode> <alias> <real command>
Check out the context sensitive help for the command:
Router(config)#alias ?
RITE-profile
aaa-user
accept-dialin
accept-dialout
address-family
aic
archive
bba-group
call-filter-matchlist
cascustom
cause-code-list
cem
ces-conn
ces-vc
cfg-pt-ruleset
cgma_agent
clid-group
cm-fallback
cns-connect-config
cns-connect-intf-config
cns-tmpl-connect-config
config-l2tp-class
config-rtr-http-rr
config-tgrep
config-tgrep
config-x25-huntgroup
configure
congestion
control-plane
controller
crypto-ca-cert-chain
Wow – that’s just the first page of it. If you ever wanted to know every single mode a Cisco router supports, there’s your list; and that’s just page one of five. Ah, but I digress – lets get back to the point. If you want to make aliases for your show commands, type “alias exec
Router(config)#alias exec s show ip interface brief
Now, every time I type the letter s, I get the instant output. It’s great! I usually paste a standard list of four show commands into every router I configure:
s = show ip int brief
sr = show run
sir = show ip route
sion = show ip ospf neighbors
Have fun aliasing away!
Posted by at 9:38 PM | Comments (3) | TrackBack