Category Archives: Cisco

6509 went to ROMMON

A 6509 crashed and it went to ROMMON like this

System Bootstrap, Version 8.5(2)
Copyright (c) 1994-2007 by cisco Systems, Inc.
Cat6k-Sup720/SP processor with 524288 Kbytes of main memory

rommon 1 > boot
Initializing ATA monitor library...
string is bootdisk:s72033-ipservicesk9_wan-mz.122-33.SXH2a.bin
Loading image, please wait ...

Well, IOS and the boot image are there. Yet still no joy.

6509#sh bootv
BOOT variable = sup-bootdisk:,1;
CONFIG_FILE variable = 
BOOTLDR variable = 
Configuration register is 0x2102

Standby is not present.
6509#dir
Directory of sup-bootdisk:/

    1  -rw-    74573284   Aug 6 2008 23:02:28 +10:00  s72033-ipservicesk9_wan-mz.122-33.SXH2a.bin
    2  -rw-    33554432   Aug 7 2008 08:27:28 +10:00  sea_log.dat
    3  -rw-      137219   Oct 9 2008 15:04:02 +11:00  crashinfo_20081009-040403

512106496 bytes total (403832832 bytes free)
6509#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
6509(config)#boot system flash sup-bootflash:s72033-ipservicesk9_wan-mz.122-33.SXH2a.bin
6509(config)#do wr
Building configuration...
[OK]
6509(config)#exit
6509#sh run | i boot
boot-start-marker
boot system flash sup-bootflash:s72033-ipservicesk9_wan-mz.122-33.SXH2a.bin
boot-end-marker
6509(config)#do wr
Building configuration...
[OK]
6509(config)#exit
6509#reload
Proceed with reload? [confirm]
Oct 15 16:28:20.057 AEDT: %SYS-SP-3-LOGGER_FLUSHING: System pausing to ensure console debugging output.
Oct 15 16:28:20.057 AEDT: %OIR-SP-6-CONSOLE: Changing console ownership to switch processor
Oct 15 16:28:23.337 AEDT: %SYS-SP-3-LOGGER_FLUSHING: System pausing to ensure console debugging output.

***
*** --- SHUTDOWN NOW ---
***

Oct 15 16:28:23.337 AEDT: %SYS-SP-5-RELOAD: Reload requested
Oct 15 16:28:23.337 AEDT: %OIR-SP-6-CONSOLE: Changing console ownership to switch processor

System Bootstrap, Version 8.5(2)
Copyright (c) 1994-2007 by cisco Systems, Inc.
Cat6k-Sup720/SP processor with 524288 Kbytes of main memory


rommon 1 > 

Apparently, this is what I needed to do.

rommon 1 > dir bootflash:
Initializing ATA monitor library...
Directory of bootflash:

2      74573284  -rw-     s72033-ipservicesk9_wan-mz.122-33.SXH2a.bin
936    33554432  -rw-     sea_log.dat
13202    137219    -rw-     crashinfo_20081009-040403

rommon 2 > set
PS1=rommon ! > 
LOG_PREFIX_VERSION=1
SLOTCACHE=cards;
SWITCH_NUMBER=0
BOOT=bootflash:,1;bootflash:s72033-ipservicesk9_wan-mz.122-33.SXH2a.bin,1;
RET_2_RTS=16:39:18 AEDT Wed Oct 15 2008
NT_K=0:0:0:0
CV=bootdisk:s72033-ipservicesk9_wan-mz.122-33.SXH2a.bin
BSI=0
RET_2_RCALTS=
PF_REDUN_CRASH_COUNT=0
RANDOM_NUM=655707222
?=0

rommon 3 > BOOT=s72033-ipservicesk9_wan-mz.122-33.SXH2a.bin

rommon 4 > sync

rommon 5 > set
PS1=rommon ! > 
LOG_PREFIX_VERSION=1
SLOTCACHE=cards;
SWITCH_NUMBER=0
RET_2_RTS=16:39:18 AEDT Wed Oct 15 2008
NT_K=0:0:0:0
CV=bootdisk:s72033-ipservicesk9_wan-mz.122-33.SXH2a.bin
BSI=0
RET_2_RCALTS=
PF_REDUN_CRASH_COUNT=0
RANDOM_NUM=655707222
BOOT=s72033-ipservicesk9_wan-mz.122-33.SXH2a.bin
?=0
rommon 6 > confreg 2102
rommon 7 > reset

Documenting a Network with CDP

In this post I will use the information available from CDP to help me create a logical network diagram.

CDP is the Cisco Discovery Protocol and is enabled on all router and switch interfaces by default. The switch or router sends a CDP packet out of each interface every 60 seconds, any connected device records the delivery of these packets into a CDP table for a holdtime period of 180 seconds. If after 180 seconds the device has not received any more CDP packets on that interface it removes the entry from the table. CDP can be disabled entirely or on any individual interface.

I begin by connecting to my switch and I check the CDP settings.

switch1#sh cdp
Global CDP information:
Sending CDP packets every 60 seconds
Sending a holdtime value of 180 seconds
Sending CDPv2 advertisements is enabled

From the output I can see the CDP time settings and the version. Next I look at the connected devices.

switch1#sh cdp neighbors
Capability Codes: R – Router, T – Trans Bridge, B – Source Route Bridge
S – Switch, H – Host, I – IGMP, r – Repeater

Device ID Local Intrfce Holdtme Capability Platform Port ID
switch2.lab.localFas 0/1 160 S I WS-C2950-2Fas 0/1
switch2.lab.localFas 0/24 160 S I WS-C2950-2Fas 0/24

Here I can see that I have 2 ports (1 & 24) connected to switch2 (also using ports 1 & 24). I can also see that switch2 is a Catalyst 2950.

This is a great summary but for my diagram I could do with knowing the IP address of switch2.

switch1#sh cdp entry *
————————-
Device ID: switch2.lab.local
Entry address(es):
IP address: 10.0.1.211
Platform: cisco WS-C2950-24, Capabilities: Switch IGMP
Interface: FastEthernet0/1, Port ID (outgoing port): FastEthernet0/1
Holdtime : 142 sec

Version :
Cisco Internetwork Operating System Software
IOS ™ C2950 Software (C2950-I6Q4L2-M), Version 12.1(13)EA1, RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2003 by cisco Systems, Inc.
Compiled Tue 04-Mar-03 02:14 by yenanh

advertisement version: 2
Protocol Hello: OUI=0x00000C, Protocol ID=0x0112; payload len=27, value=00000000FFFFFFFF01022505000000000000000CCE3E3EC0FF0000
VTP Management Domain: ‘lab.local’
Native VLAN: 1
Duplex: full

————————-
Device ID: switch2.lab.local
Entry address(es):
IP address: 10.0.1.211
Platform: cisco WS-C2950-24, Capabilities: Switch IGMP
Interface: FastEthernet0/24, Port ID (outgoing port): FastEthernet0/24
Holdtime : 142 sec

Version :
Cisco Internetwork Operating System Software
IOS ™ C2950 Software (C2950-I6Q4L2-M), Version 12.1(13)EA1, RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2003 by cisco Systems, Inc.
Compiled Tue 04-Mar-03 02:14 by yenanh

advertisement version: 2
Protocol Hello: OUI=0x00000C, Protocol ID=0x0112; payload len=27, value=00000000FFFFFFFF01022505000000000000000CCE3E3EC0FF0000
VTP Management Domain: ‘lab.local’
Native VLAN: 1
Duplex: full

This detailed output gives me additional useful information such as the VLAN and the IOS version.

Next I head over to switch2 and look at it’s CDP information.

switch2#sh cdp neighbors
Capability Codes: R – Router, T – Trans Bridge, B – Source Route Bridge
S – Switch, H – Host, I – IGMP, r – Repeater, P – Phone

Device ID Local Intrfce Holdtme Capability Platform Port ID
switch1 Fas 0/24 168 S I WS-C2950-2Fas 0/24
switch1 Fas 0/1 168 S I WS-C2950-2Fas 0/1
router1.lab.localFas 0/2 175 R Cisco C831Eth 0
router1.lab.localFas 0/23 175 R Cisco C831Eth 1

Here I can see the connections to switch1 and additional connections to router1. Again I look at the detailed information to get the IP address of the router.

switch2#sh cdp entry *
————————-
Device ID: switch1
Entry address(es):
IP address: 10.0.1.210
Platform: cisco WS-C2950-24, Capabilities: Switch IGMP
Interface: FastEthernet0/24, Port ID (outgoing port): FastEthernet0/24
Holdtime : 152 sec

Version :
Cisco Internetwork Operating System Software
IOS ™ C2950 Software (C2950-I6Q4L2-M), Version 12.1(12c)EA1, RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2002 by cisco Systems, Inc.
Compiled Sun 24-Nov-02 23:31 by antonino

advertisement version: 2
Protocol Hello: OUI=0x00000C, Protocol ID=0x0112; payload len=27, value=00000000FFFFFFFF01022505000000000000000C8582C600FF0000
VTP Management Domain: ‘lab.local’
Native VLAN: 1
Duplex: full

————————-
Device ID: switch1
Entry address(es):
IP address: 10.0.1.210
Platform: cisco WS-C2950-24, Capabilities: Switch IGMP
Interface: FastEthernet0/1, Port ID (outgoing port): FastEthernet0/1
Holdtime : 152 sec

Version :
Cisco Internetwork Operating System Software
IOS ™ C2950 Software (C2950-I6Q4L2-M), Version 12.1(12c)EA1, RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2002 by cisco Systems, Inc.
Compiled Sun 24-Nov-02 23:31 by antonino

advertisement version: 2
Protocol Hello: OUI=0x00000C, Protocol ID=0x0112; payload len=27, value=00000000FFFFFFFF01022505000000000000000C8582C600FF0000
VTP Management Domain: ‘lab.local’
Native VLAN: 1
Duplex: full

————————-
Device ID: router1.lab.local
Entry address(es):
IP address: 10.0.2.254
Platform: Cisco C831, Capabilities: Router
Interface: FastEthernet0/23, Port ID (outgoing port): Ethernet1
Holdtime : 176 sec

Version :
Cisco IOS Software, C831 Software (C831-K9O3Y6-M), Version 12.4(4)T1, RELEASE SOFTWARE (fc4)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2005 by Cisco Systems, Inc.
Compiled Thu 22-Dec-05 01:39 by ccai

advertisement version: 2
Duplex: half

————————-
Device ID: router1.lab.local
Entry address(es):
IP address: 10.0.1.254
Platform: Cisco C831, Capabilities: Router
Interface: FastEthernet0/2, Port ID (outgoing port): Ethernet0
Holdtime : 176 sec

Version :
Cisco IOS Software, C831 Software (C831-K9O3Y6-M), Version 12.4(4)T1, RELEASE SOFTWARE (fc4)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2005 by Cisco Systems, Inc.
Compiled Thu 22-Dec-05 01:39 by ccai

advertisement version: 2
Duplex: full

From the output I am able to determine the IP addresses of the connected router interfaces and I can also see that one interface is configured to half duplex. Now I have some good information to begin populating my diagram with.

From here I would probably move to the router and look at the CDP table. But supposing I want to prevent CDP packets from leaving an interface? After all, quite detailed information is included in CDP that you might not want everyone to view.

I connect to the device that I want to stop sending CDP packets and turn CDP off on that particular interface. In my case I would like to stop router1 from sending CDP packets on interface ethernet 1.

router1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
router1(config)#int ethernet 1
router1(config-if)#no cdp enable
router1(config-if)#end

Now when I check the switch that router1 is connected to I see that the holdtime decreases as the switch receives no CDP packet on the interface until after 180 seconds it reaches 0 and the entry is removed from the table.

switch2#sh cdp neighbors
Capability Codes: R – Router, T – Trans Bridge, B – Source Route Bridge
S – Switch, H – Host, I – IGMP, r – Repeater, P – Phone

Device ID Local Intrfce Holdtme Capability Platform Port ID
switch1 Fas 0/24 159 S I WS-C2950-2Fas 0/24
switch1 Fas 0/1 159 S I WS-C2950-2Fas 0/1
router1.lab.localFas 0/23 6 R Cisco C831Eth 1
router1.lab.localFas 0/2 126 R Cisco C831Eth 0

switch2#sh cdp neighbors
Capability Codes: R – Router, T – Trans Bridge, B – Source Route Bridge
S – Switch, H – Host, I – IGMP, r – Repeater, P – Phone

Device ID Local Intrfce Holdtme Capability Platform Port ID
switch1 Fas 0/24 153 S I WS-C2950-2Fas 0/24
switch1 Fas 0/1 152 S I WS-C2950-2Fas 0/1
router1.lab.localFas 0/23 0 R Cisco C831Eth 1
router1.lab.localFas 0/2 179 R Cisco C831Eth 0

switch2#sh cdp neighbors
Capability Codes: R – Router, T – Trans Bridge, B – Source Route Bridge
S – Switch, H – Host, I – IGMP, r – Repeater, P – Phone

Device ID Local Intrfce Holdtme Capability Platform Port ID
switch1 Fas 0/24 147 S I WS-C2950-2Fas 0/24
switch1 Fas 0/1 147 S I WS-C2950-2Fas 0/1
router1.lab.localFas 0/2 174 R Cisco C831Eth 0

VLAN Difference between Juniper and Cisco Switches

A VLAN (Virtual Local Area Network) is a logical LAN segment which have unique broadcast domain. Basically, VLAN divides one physical switch to multiple logical switch. You can configure hundreds of VLANs in one EX series switch. No matter if its EX4200, EX3200 or EX2200. Today I will show you VLAN difference between Juniper and Cisco switches.

VLAN Difference between Juniper and Cisco Switches

There are two port modes in Juniper switch i.e. access mode or trunk mode. The interface in access mode connects to a network device, such as laptop or an IP phone. The interface in trunk mode connects to other switches in the network. There are many differences between Juniper and Cisco switches.

  1. In Cisco switches the default port mode is dynamic desirable auto but in Juniper switch the default port mode is access mode.
  2. In Cisco switches the default VLAN is untagged and is the native VLAN i.e. VLAN 1 but in Juniper there is no default native VLAN. You must configure it manually.
  3. In Cisco switches the trunk ports accept all VLANs in the range of 1 to 4095 by default but in Juniper, trunk ports do not support any VLANs. You have to make it support manually.
  4. In Juniper switches, VLAN named Default is present by default and all the interfaces are under this default VLAN.
  5. Unlike Cisco switches Juniper switches doesn’t support VTP (VLAN Trunking Protocol) or DTP (Dynamic Trunking Protocol). Juniper switches support GVRP (Generic Attribute Registration Protocol) though.
  6. Juniper switches has two port modes i.e. access and trunk mode. Cisco switches have five port modes i.e. dynamic auto, dynamic desirable, access, trunk and nonegotiate mode.
  7. Juniper switches support 802.1Q protocol for trunk ports. Cisco switches support both 802.1Q and ISL (Inter Switched Link) protocols.

Policy Based Routing on Cisco Catalyst 3750

I want to share how I configured basic configuration Policy Based Routing (PBR) on Cisco.

To give you an idea here is a sample diagram how the PBR works.

PBR

This is a setup of network with 2 ISP, if you want to separate the users for using different ISP.

You can use Router as your PBR, in my case I used Cisco Catalyst 3750 as my PBR to decide where the packet will pass thru.

Config on cataly 3750

STEP 1. First set your Vlan SVI’s
!

interface Vlan2
ip address 10.2.0.1 255.255.0.0
!
interface Vlan4
ip address 10.4.0.1 255.255.0.0
!
interface Vlan3
ip address 10.5.0.1 255.255.0.0
!
interface Vlan5
ip address 10.5.0.1 255.255.0.0
!

STEP 2. Create Access-list, for filtering
access-list 10 permit 10.2.0.0 0.0.255.255
access-list 10 permit 10.4.0.0 0.0.255.255
access-list 20 permit 10.3.0.0 0.0.255.255
access-list 20 permit 10.5.0.0 0.0.255.255

STEP 3. Now create Route-map;

route-map routetoISP1 permit 10
match ip address 10
set ip next-hop 10.0.0.1
!
route-map routetoISP2 permit 20
match ip address 20
set ip next-hop 10.0.0.2
!

and now for here put the MAGIC!

!
interface Vlan2
ip address 10.2.0.1 255.255.0.0
 ip policy route-map routetoISP1
!
interface Vlan4
ip address 10.4.0.1 255.255.0.0
 ip policy route-map routetoISP1
!
interface Vlan3
ip address 10.5.0.1 255.255.0.0
ip helper-address 10.0.0.4
 ip policy route-map routetoISP2
!
interface Vlan5
ip address 10.5.0.1 255.255.0.0
 ip policy route-map routetoISP2
!

Here is the final config.

!
interface Vlan2
ip address 10.2.0.1 255.255.0.0
ip policy route-map routetoISP1
!
interface Vlan4
ip address 10.4.0.1 255.255.0.0
ip policy route-map routetoISP1
!
interface Vlan3
ip address 10.5.0.1 255.255.0.0
ip helper-address 10.0.0.4
ip policy route-map routetoISP2
!
interface Vlan5
ip address 10.5.0.1 255.255.0.0
ip policy route-map routetoISP2
!
ip route 0.0.0.0 0.0.0.0 10.0.0.1
!
access-list 10 permit 10.2.0.0 0.0.255.255
access-list 10 permit 10.4.0.0 0.0.255.255
access-list 20 permit 10.3.0.0 0.0.255.255
access-list 20 permit 10.5.0.0 0.0.255.255
route-map routetoISP1 permit 10
match ip address 10
set ip next-hop 10.0.0.1
!
route-map routetoISP2 permit 20
match ip address 20
set ip next-hop 10.0.0.2
!

Cấu hình DHCP trên Cisco

I : Cấu Hình DHCP Server

Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#service dhcp
Router1(config)#ip dhcp pool 192.168.6.128/25
Router1(dhcp-config)#network 192.168.6.128 255.255.255.128
Router1(dhcp-config)#default-router 192.168.6.200
Router1(dhcp-config)#dns-server 210.245.31.130
Router1(dhcp-config)#lease 2
Router1(dhcp-config)#exit
Router1(config)#ip dhcp excluded-address 192.168.6.129 192.168.6.140
Router1(config)#ip dhcp excluded-address 192.168.6.200 192.168.6.254
Router1(config)#end
Router1#

Continue reading