Awesome Cisco IOS Commands and

Tricks
Helpful Cisco IOS commands to make
your life a breeze
By: Todd Montgomery
Version 1 May 2019
Published by: TipofTheHat
Copyright 2019 by Todd Montgomery
“I learned IOS one weekend and it changed my whole life”
-Some guy losing it late one night in the data center
Rights
All rights reserved. The book or any portion thereof may not be reproduced
or used in any manner whatsoever without the express written permission of
the author except for the use of brief quotations in a book review.
Disclaimer:
The Author is an independent content developer not associated or affiliated
with the vendor mentioned throughout this book. The names and titles
mentioned in this book are the trademarks of Cisco Systems, Inc.
I mention these names and/or the relevant terminologies only for describing
the relevant technology and command line examples. I develop study
material entirely on my own without endorsement from Cisco System. This
material is fully copywrited.
Liability
Although the author has have made every effort to ensure that the
information in this book was accurate at press time, the author does not
assume and hereby disclaims any liability to any party for any loss, damage,
or disruption caused by errors or omissions, whether such errors or omissions
result from negligence, accident, or any other cause.
The Author presents the material in this book “as is” without warranty. All
precautions have been taken to ensure the accuracy of the information given,
neither the Author or TipOfThe Hat shall have any liability to any entity or
individual with respect to any losses or damaged incurred directly or
indirectly by the information contained here or any references to products in
the examples.
Trademarks
All trademarks belong to their respective vendors. The Author is aware of the
trademarks and is not the owner of them. All trademark references are used to
explain the topics covered in this book and there is no intention by the Author
of trademark infringement. The use of any trademark name is intended to be
an endorsement of any affiliation of this document by the trademark owner.
Cisco and IOS are registered trademarks of Cisco Systems, Inc.
Introduction
This books purpose is to present to the reader many unusual or
undocumented Cisco IOS commands. Knowledge of these little known
commands can help you be more productive in your day to day work with
IOS based products. This is not meant to be a “How do I learn IOS” guide,
there are many fine books out there that cover that topic. However, during the
day to day work with Cisco devices, there are many commands that make
configuring and troubleshooting device easier. If you have ever said “Wow, I
didn’t know you could do that!” This is your book.
The material is presented in a condensed “what you need to know” format
that covers the services and topics in many different sections on IOS.
About the Author
Todd Montgomery has over 35 years of networking experience and has held
a number of roles with equipment vendors, large enterprises, systems
integrators, The Department of Defense, and as a published author of Cloud
computing and data center books. He holds many industry certifications
including Cisco CCNP/CCDP.
Currently he is writing books on AWS certifications and is consulting on
network automation, security and analytics. Todd lives in Austin, TX and can
be contacted at toddmont@thegateway.net
Also by Todd Montgomery:
CompTIA Cloud+ Study Guide: Exam CV0-001
CompTIA Cloud+ Study Guide: Exam CV0-002
CCNA Cloud Complete Study Guide: Exam 210-451 and Exam 210-455
CCNA Data Center: Introducing Cisco Data Center Technologies Study
Guide: Exam 640-916
AWS Certified Solutions Architect Associate Certification guide
AWS Certified Cloud Practitioner Certification guide
Description
This book was created to pass along many helpful or obscure Cisco IOS
commands “Stupid IOS Tricks” that has been collected over 30 years of
working with Cisco devices. I have documented many commands that are
undocumented, unusual and just plain helpful.

It is a given that many of these examples may or may not be present on the
different IOS types and versions and some commands may be specific to IOS
trains such as IOS-XR, IOS-XE, and NX-OS. Not all IOS version support
features and examples offered in this book, your mileage will vary based on
the products and versions you are running.

Some of these commands are used by TAC and considered unsupported and
come with no documentation. Many others are seldom used but useful to
know.
This book was created to share that knowledge and make working with IOS
devices easier, save you time and be more efficient.
Contents
Rights
Disclaimer:
Liability
Trademarks
Introduction
About the Author
Description
Show interface command
Show run
CLI Keyboard shortcuts
Show users logged into the Cisco device
Show parser commands
Diff command from running and startup
Viewing text files in flash
Archive config
Terminal commands
Finding a source MAC address
Mac Address Table modifications
Determining a connected device IP address on a switch
Complete investigation of a connected device
Top bandwidth consumers
FIB Forwarding information Base
CDP Neighbor commands
Switchport commands
Alias commands
VLAN Commands
Cable diagnostics
Show Hardware hidden command
Logging commands
Chassis and System commands
Track down ports with interface errors
IP Cache Flow
SSH base config
IP Forwarding commands
OSPF commands
Regular expressions
Cisco debug interpreter
AAA Authentication
Stackwise switch stacking
Beacon LED on NX-OS switches
Catalyst Power supplies
Multicast
Embedded Packet Capture
BGP Public route servers
Service commands
Low-level show commands
Default, Reload, rollback and commit config commands
Interface range command
Transceivers SFPs
IPSec commands
NAT commands
Access-List commands
Miscellaneous IOS commands that are helpful
Escape sequences
Netflow
Show inventory
Interface range command
Redundancy
Communicating with a Standby RP
Reload, Shut Down, or Power Cycle
Show Module command
Show platform command
SNMP Commands
DNS lookup on the Cisco device
Set the Cisco device as a TFTP server
Summaries and filters on the routing table
Telnet / SSH access into privilege mode
Show what IP port numbers are open
DHCP Server Basic Config
DNS Domain Name Server
Setting the date and Time:
NTP Network Time Protocol
Alias commands
VRF Lite
UDLD
IPSLA
Embedded Event Manager EEM
System debugging and dumps:
Show interface command
Switch#show interface gi1/0/1 switchport
Switch#show interface status
Switch#Show interface summary
Switch#Show interface capabilities
Switch#Show interface trunk
Switch#show interface transceiver
Switch#show interface counter errors
Switch#show interface status ?
err-disabled Show interface error disabled state
inactive Show interface inactive state
module Limit display to interfaces on module
Switch#show interfaces counters protocol status

Show interface status

6509#show interface status module 1

Port Name Status Vlan Duplex Speed Type

Gi0/1 connected 28 a-full a-1000 10/100/1000BaseTX
Gi0/2 notconnect 28 auto auto 10/100/1000BaseTX

9300#show interface switchport

Name: Gi0/1
Switchport: Enabled
Administrative Mode: static access
Operational Mode: static access
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: native
Negotiation of Trunking: Off
Access Mode VLAN: 28 (VLAN0028)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk associations: none
Administrative private-vlan trunk mappings: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL

Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none

Router#show interface description | exclude down

Router#show run | inc ^interface|ip address
Show run
Switch#Show run all
Switch#Show run linenum
Switch#Show run section
Switch#Show run brief
Switch#Show run interface Gig1/8

This filters on IP address 10.x and the slash is a regular expression to include
the dot after the 10.
Switch#Show run | include 10/.

This outputs all lines that include 10 OR 255.

Switch#Show run | include 10|255

The forward slash command when viewing the parser output:

--More --
You enter the forward slash “/” and follow that by a filter
--More --
/Interface

And you get the output starting with the first appearance to the text string
“Interface”, it is similar to the begin filter of show run | begin <text> but
allows you to filter inline.
All regular expressions are allowed after the forward to slash to filter show
run output.
The + command after the forward slash will filter all lines with that text in it.
It is similar to the “include” filter but can be done inline when viewing show
run parser output.
--More --
+Interface

You can redirect the show run output to storage, there are many options here
but to send the configuration to flash enter:
Switch#show run | redirect flash:/mybackupconfig.cfg
See the “more” command in this document for information on how to read
the file in flash.

Show ip interface status with multiple filters:

show interface status | exclude not|disabled
CLI Keyboard shortcuts
Ctrl+A Move cursor to the beginning of the line
Ctrl+E Move cursor to the end of the line
Up Retrieve last command from history
Down Retrieve next command from history
Ctrl+W Erase previous word
Ctrl+U Erase the entire line
Ctrl+C Exit configuration mode
Ctrl+Z Apply the current command and exit configuration mode
Show users logged into the Cisco device
CiscoSwitch#who
Line User Host(s) Idle Location
* 2 vty 0 tmontgomery idle 00:00:00 10.168.53.78

CiscoSwitch#show user all

Line User Host(s) Idle Location
0 con 0 00:00:00
1 aux 0 00:00:00
* 2 vty 0 toddmont idle 00:00:00 10.1.1.10
3 vty 1 00:00:00
4 vty 2 00:00:00
<clip vty 3 – 15>

Interface User Mode Idle Peer Address

C9407#who
Line User Host(s) Idle Location
* 2 vty 0 toddmont idle 00:00:00 192.168.1.1

Interface User Mode Idle Peer Address

C9407#systat
C9407#systat all
Show parser commands
Router#show parser stat
Last configuration file parsed: Number of Commands: 151, Time: 615 ms

Parser cache: enabled, 119 hits, 405 misses

Active startup time: 0

Standby startup time: 0
Copy to running-config time: 0
Bulksync time: 0
Top 10 slowest command:
Function Time (ms) Command
0x2F460DC 45225 ssh 10.228.188.100
0x2F460DC 48196 ssh 10.228.188.100
0x2F460DC 58434 ssh 10.228.188.108
0x2F460DC 71943 ssh 10.228.188.100
0x2F460DC 83784 ssh 10.228.188.107
0x3C2936C 92638 show interface switchport
0x2F460DC 138003 ssh 10.228.188.24
0x2F460DC 190635 ssh 10.228.188.108
0x2F460DC 862297 ssh 10.228.188.98
0x2F460DC 8297081 ssh 10.228.188.31
Parser last bootup cache hits:
Bootup hits: 35
Bootup misses: 203
Bootup clear parser cache: 1

Router#show parser links

Current parser link points:
Name ID Addr Type Caller
anonymous 114303752 0x57E2CB8 1
anonymous 114294660 0x57E2CCC 1

Router#show parser modes

Parser modes:
Name Prompt Top Alias Privilege
exec 0x57E2C18 TRUE TRUE
configure config 0x57E2C2C TRUE TRUE
interface config-if 0x57E2C40 TRUE TRUE
subinterface config-subif 0x57E2C40 TRUE FALSE
null-interface config-if 0x57E2C54 TRUE TRUE
line config-line 0x57E2C68 TRUE TRUE
all_mode 0x57D6FA4 FALSE FALSE
filter 0x57D6FB8 FALSE FALSE
view config-view 0x57D6FCC TRUE TRUE
<clip>

Router#show parser unresolved

Unresolved parse chains:
0x6D0177C 7328628
0x6D01A30 7328628
SC-NB-IMMIGRATION-2#show parser unresolved
Unresolved parse chains:
0x6D0177C 7328628
0x6D01A30 7328628show proc all-events
Diff command from running and startup
Cisco#show archive config differences nvram:startup-config system:running-
config | section exclude certificate
!Contextual Config Diffs:
!No changes were found
Viewing text files in flash
Se the “more” command to view text files stored in the filesystem:
Switch#more flash: Router_b--Mar-10-12-31-24.901-4
9400#dir
Directory of bootflash:/
245968 -rw- 78264 Aug 10 2019 12:31:24 -04:00 Router_b--Mar-
10-12-31-24.901-4
Archive config
Router(config)#archive
Router(config-archive)#path usbflash0:backup-config
Cisco#show archive log config all
Terminal commands
Cisco#term no monitor
Stops outputting messages to the screen

Cisco#terminal length 0
Terminal length turns off pagination and the output is given all at once
(instead of hitting Space/Enter to walk through the output. Useful if you're
saving your session to a file.
Any other value controls how many lines are printed before requiring
Space/Enter
No term length reverts to default
Finding a source MAC address
In a traditional network, this is done by a little CLI dance: Resolve the IP
address if need be, log into the default gateway for that subnet, check the
ARP table for the MAC address, and start tracing it.
Router#trace mac 2880.2301.8998 6033.4b8c.5306
Source 2880.2301.8998 found on test-s-02
1 test-s-02 (10.200.8.253) : Gi1/0/8 => Po1
2 test-s-01 (10.200.8.252) : Po1 => Gi1/0/40
Destination 6033.4b8c.5306 found on test-s-01
Layer 2 trace completed

Looking for where a device is plugged in:

ping 10.1.1.1
sh ip arp | include 10.1.1.1
copy the MAC address from the ARP command
sh mac add | include <past mac address>
Mac Address Table modifications
Base config:
mac address-table notification change interval 30
mac address-table notification change history-size 100
mac address-table notification change
mac address-table notification mac-move
mac address-table aging-time 900
Determining a connected device IP address on a switch
Perform a show mac address-table interface <switchport> on the switch that
has the device(s) connected to it.
Then go to the router for the VLAN specified in the previous command and
perform a show ip arp vlan <vlan#> include <mac-address>
That will give you the IP address for the device.
Complete investigation of a connected device
Look at how the interface is configured and make sure it is not in shutdown
Show run interface gigabitethenret7/0/1

Look at overall and rx/tx traffic counters and they should be incrementing
with little or no errors
clear counters interface gi7/0/1 to set everything to zero

Show interface gi7/0/1

Switcha#clear counter gi7/0/21

Clear "show interface" counters on this interface [confirm]y

Reliability/Tx and RX load remember that 255=100% and1=0% reliability

255/255, txload 2/255, rxload 1/255
Router#Show mac address-table interface gi7/0/1

Make sure that the switch is seeing the connected devices MAC address
Show vlan250
Show ip arp vlan 250 (look for arp mapping to the MAC)
Ping vrf <vrf-name> 10.1.1.1
Show ip arp vlan250 (if arp is “incomplete” then it is not responding.
Cat9500#show ip arp vrf DATA
Protocol Address Age (min) Hardware Addr Type Interface
Internet 172.16.121.1 - 00be.758e.4381 ARPA Vlan10
Internet 172.16.121.20 0 Incomplete ARPA

Switch#show vlan name data

VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
100 data active Gi1/0/9, Gi1/0/21, Te1/0/25, Te1/0/48,
Gi7/0/2, Gi7/0/4, Gi7/0/6
Top bandwidth consumers
If you see reports of a saturated circuit, you can do a quick check of the flows
on the border router before going deeper in your troubleshooting. This
requires CEF (Cisco Express forwarding), but that’s the standard
configuration usually.
cisco-router01#sh ip flow top-talkers
SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP Bytes
Gi0/0 10.x.x.177 Gi0/1* 10.x.x.191 06 0050 C860 3368K
Gi0/0 10.x.x.177 Gi0/1 10.x.x.191 06 0050 C860 3368K

FIB Forwarding information Base

show fib drop
show fib interface
show fib interface detail
show fib interface loopback
show fib interface null
show fib interface statistics
show fib interface vlan
show fib linecard
show fib linecard detail
show fib not-cef-switched
show fib not-fib-switched
CDP Neighbor commands
Cat9400#show cdp neighbor Gi2/0/37 detail
Cat9300#Show CDP entry <device-id>
Cat9500#show cdp entry * protocol
Protocol information for Router_a :
IP address: 172.16.1.121
Protocol information for Router_b :
IP address: 172.16.1.122

This command will make it much quicker to find a lot of devices using CDP
at once without the clutter. To output a list of the remote device names,
Cat9500#show cdp neighbor detail | include Dev|IP

Cat9500#show cdp neighbor detail | include Device|IPv4

Switchport commands
Switch(config)#switchport host
switchport mode will be set to access, spanning-tree portfast will be enabled
and channel group negotiation will be disabled
Alias commands
Router#cli alias name wr copy running-config startup-config
VLAN Commands
Switch(config-if)#switchport trunk allowed vlan add <VLAN #>
No seriously, remember the "add"!

Switch(config-if)#no native vlan 123

Native VLAN
The native VLAN is typically untagged on 802.1Q trunk ports.
This can be a security vulnerability for your network. To circumvent this, it’s
a good idea to explicitly tag the native VLAN in order to prevent against
crafted 802.1Q double-tagged packets from traversing VLANs. Use a native
VLAN that goes nowhere, one that is not connected to anything. Typically,
you will see something like VLAN 999 or VLAN 99 used.
Cat9500#show vlan brief
VLAN Name Status Ports
---- -------------------------------- --------- ----------------------
1 default active Gi0/1, Gi0/12
10 VLAN0010 active Gi0/3
28 VLAN0028 active Gi0/4
Cat9500#show vlan summary
Number of existing VLANs : 71
Number of existing VTP VLANs : 68
Number of existing extended VLANS : 3

Cat9500#show vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Te3/0/2, Te3/0/3, Te3/0/4, Te3/0/5,
Te3/0/6, Te3/0/7, Te3/0/8, Fo3/0/9, Fo3/0/10, Te4/0/2
Te4/0/5, Te4/0/6, Te4/0/7, Te4/0/8, Fo4/0/9,
Fo4/0/10, Te6/0/31, Te6/0/32, Te6/0/41
Te6/0/42, Te7/0/29, Te7/0/30, Te7/0/31,
Te7/0/32, Te7/0/41, Te7/0/42
Switch(config-vlan)#VLAN Autostate
No auto state command on the VLAN and the VLAN comes up/up even with
no interfaces up. Ping with nothing plugged into the VLAN. This command
forces the vlan to up/up with nothing plugged in.
Cable diagnostics
Some switch models can test the cabling for you. This allows you to see if
LAN cable pairs are faulty, determine the appx length of the cabling, and if
there's an issue with the local/remote cable pairs. Running this test is
intrusive and the interface will go down. Be careful using it on a live port.
Also, the interface must be up for this to work.
Cat9500#test cable-diagnos tdr int gig0/1
Cat9500#show cable-diagnostics tdr int gi0/14
Cat9500#Test cable tdr interface <interface>

Displays the results of the test:

Cat9500#Show cable-diagnostics tdr interface <interface>

Switch#test cable-diagnostic tdr int te6/0/26

TDR test started on interface Te6/0/26
A TDR test can take a few seconds to run on an interface
Use 'show cable-diagnostics tdr' to read the TDR results.

Switch#show cable-diagnos tdr int te6/0/26

TDR test last run on: May 18 03:47:33

Interface Speed Local pair Pair length Remote pair Pair status
--------- ----- ---------- ------------------ ----------- ------------
Te10/0/46 unkno Pair A 52 +/- 5 meters N/A Impedance Mismatch
Pair B 53 +/- 5 meters N/A Open
Pair C 62 +/- 5 meters N/A Short
Pair D 53 +/- 5 meters N/A Impedance Mismatch
Show Hardware hidden command
Switch#Show hardware
Switch#show hardware led
Logging commands
Switch#show logging onboard RP active voltage detail

service timestamps log datetime msec localtime showtimezone

!
logging buffered 16384
logging 111.11.11.11
logging trap warning
CAT9500#show logging
Syslog logging: enabled (0 messages dropped, 296 messages rate-limited, 0
flushes, 0 overruns, xml disabled, filtering disabled)

No Active Message Discriminator.

No Inactive Message Discriminator.
Console logging: level debugging, 1397 messages logged, xml disabled,
filtering disabled
Monitor logging: level debugging, 0 messages logged, xml disabled,
filtering disabled
Buffer logging: level informational, 1621 messages logged, xml disabled,
filtering disabled
Exception Logging: size (4096 bytes)
Count and timestamp logging messages: disabled
Persistent logging: enabled, url bootflash:/syslog, disk space 1125009817
bytes, file size 262144 bytes, batch size 4096 bytes

No active filter modules.

Trap logging: level informational, 1625 message lines logged

Logging to 10.1.1.11 (udp port 514, audit disabled,
link up),
1624 message lines logged,
0 message lines rate-limited,
0 message lines dropped-by-MD,
xml disabled, sequence number disabled
filtering disabled
Logging to 10.1.1.12 (udp port 514, audit disabled,
 link up),
1625 message lines logged,
0 message lines rate-limited,
0 message lines dropped-by-MD,
xml disabled, sequence number disabled
filtering disabled
Logging to 10.1.1.13 (udp port 514, audit disabled,
link up),
1625 message lines logged,
0 message lines rate-limited,
0 message lines dropped-by-MD,
xml disabled, sequence number disabled
filtering disabled
Logging Source-Interface: VRF Name:
Loopback19 mng

Log Buffer (128000 bytes):

CAT9500#show logging xml

<syslog-logging status="enabled" msg-dropped="0" msg-rate-limited="296"
flushes="0" overruns="0"><xml>disabled</xml><filter>disabled</filter>
</syslog-logging>

logging source-interface Loopback0 vrf management_network

logging host 10.10.1.10
logging host 10.11.2.11

Cat9300#show logging onboard RP active ?

clilog Show board clilog data
counter Show board counter data
environment Show board environment data
message Show board message data
poe Show board poe data
status Show logging onboard status
temperature Show board temperature data
uptime Show board uptime data
voltage Show board voltage data
Switch#show logging onboard RP active uptime
--------------------------------------------------------------------------------
UPTIME SUMMARY INFORMATION
--------------------------------------------------------------------------------
First customer power on : 04/29/2018 13:26:53
Total uptime : 0 years 12 weeks 4 days 21 hours 9 minutes
Total downtime : 0 years 36 weeks 3 days 19 hours 41 minutes
Number of resets : 19
Number of slot changes : 0
Current reset reason : CP_RESET_CPU_GOT_RESET
Current reset timestamp : 03/31/2019 15:02:36
Current slot :5
Chassis type : 31
Current uptime : 0 years 1 weeks 1 days 15 hours 15 minutes
--------------------------------------------------------------------------------

Switch##show logging onboard RP active status

----------------------------------------------------------------------
OBFL Application Status
----------------------------------------------------------------------
Application Uptime:
Path: /obfl0/
Cli enable status: enabled
Application Message:
Path: /obfl0/
Cli enable status: enabled
Application Voltage:
Path: /obfl0/
Cli enable status: enabled
Application Temperature:
Path: /obfl0/
Cli enable status: enabled
Application POE:
Path: /obfl0/
Cli enable status: enabled
Application Environment:
 Path: /obfl0/
Cli enable status: enabled
Application Counter:
Path: /obfl0/
Cli enable status: enabled
Application Clilog:
Path: /obfl0/
Cli enable status: enabled

Switch#show logging onboard RP active temperature

----------------------------------------------------------------------
TEMPERATURE SUMMARY INFORMATION
----------------------------------------------------------------------
Number of sensors :4
----------------------------------------------------------------------
Sensor ID Normal Range Maximum Sensor Value
--------------------------------------------------------------------------------
SYSTEM INLET 0 56 - 66 43
SYSTEM OUTLET 1 63 - 73 51
CORE TEMP 2 107 - 117 58
DOPPLER TEMP 3 107 - 117 58

----------------------------------------------------------------------
Sensor Value
Total Time of each Sensor
----------------------------------------------------------------------
value: 22
18h, 0s, 0s, 0s,
value: 24
579h, 0s, 0s, 0s,
value: 25

logging event {link-status | subif-link-status}

The no form of the undocumented logging event link-status interface
command is used to turn off sending up, down and change messages for an
interface to the syslog. This is very useful on live systems since these systems
generate so many of these messages that other important messages are often
hard to see. This is a companion command to the documented command no
snmp trap link-status which prevents sending the associated snmp trap.
Chassis and System commands
6800#Show inventory
6800#Show platform
6800#show platform hardware chassis power-supply detail all
show platform hardware chassis fantray detail
hw-module beacon
show beacon all
hw-module subslot 1/0 shutdown unpowered

Swtich_XR#show platform hardware chassis power-supply detail all

Slot Reg Reg Value
Description
--------- --------- --------------- ----------------------------------------------------------
-----------
PS1 0xE7 0x00 0x00 0x00 No
Faults
PS2 0xE7 0x00 0x00 0x00 No
Faults
PS3 0xE7 0x00 0x00 0x00 No
Faults
PS4 0xE7 0x00 0x00 0x00 No
Faults
PS5 0xE7 0x00 0x00 0x00 No
Faults
PS6 0xE7 0x00 0x00 0x00 No
Faults
PS7 0xE7 0x00 0x00 0x00 No
Faults
PS8 0xE7 0x00 0x00 0x00 No Faults

Switch_XR#show platform hardware chassis fantray detail

Fantray speed(RPM)
Row Fan1 | Fan2 | Fan3 | Fan4 | Throttle | Interrupt Source
--- ------ ------ ------ ------ -------- ----------------
1 3540 3480 3510 3540 35% 0x0
2 3510 3510 3480 3510 35% 0x0
3 3510 3510 3510 3480 35% 0x0
4 N/A N/A N/A N/A N/A N/A
Fantray global interrupt source register = 0x8700
Fantray global version: 17050302
Fantray beacon LED status: off
Fantray status LED: green
Track down ports with interface errors
cisco-switch01#show interface | include Ether|Desc|error
Ethernet1/7 is up
Hardware: 40000 Ethernet, address: ccd8.c180.553e (bia ccd8.c180.553e)
Description: switch01
30048282 input error 0 short frame 0 overrun 0 underrun 0 ignored
0 output error 0 collision 0 deferred 0 late collision
IP Cache Flow
Cat9500#show ip cache flow
IP packet size distribution (0 total packets):
1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480
.000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000

512 544 576 1024 1536 2048 2560 3072 3584 4096 4608
.000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000

IP Flow Switching Cache, 0 bytes

0 active, 0 inactive, 0 added
0 ager polls, 0 flow alloc failures
Active flows timeout in 30 minutes
Inactive flows timeout in 15 seconds
last clearing of statistics never
Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec)
-------- Flows /Sec /Flow /Pkt /Sec /Flow /Flow
SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP Pkts

router#show ip traffic
Be careful, there is a lot of output here usually
SSH base config
ip ssh time-out 60
ip ssh version 2
transport input ssh (in Line VTY section to restrict inputs to only SSH this
will exclude telnet access)
ip domain-name mydomain.com (need a domain name defined to create a
crypto key for SSH access)
crypto key generate rsa modulus 2048
Outgoing SSH from an IOS device
Cat9500#ssh -l <username> <host-IP or DNS>
IP Forwarding commands
Router(config)#ip forwarding accounting adjacency-update

Router(config)#ip forwarding accounting non-recursive

Router(config)#ip forwarding accounting per-prefix

Router(config)#ip forwarding accounting prefix-length

Router(config)#ip forwarding switch

Router(config)#ip forwarding traffic-statistics

Router(config)#ip forwarding traffic-statistics load-interval

Router(config)#ip forwarding traffic-statistics update-rate

OSPF commands
Cat9300#Ip OSPF domain-lookup
Easier to make sense of IOS outputs using domain names instead of the
interface name

Cat9300#show ip ospf rib

It lists any tags that have been applied to an OSPF route and if that route has
been installed in the routing table or not
Regular expressions
Regular expressions are case-sensitive
Characters with Special Meaning:
. Matches any single character, including white space.
* Matchers 0 or more sequences of the pattern.
+ Matches 1 or more sequences of the pattern.
? Matches 0 or 1 occurrences of the pattern.
^ Matches the beginning of the string.
$ Matches the end of the string.
_ (underscore) Matches a comma (,), left brace ({), right brace (}), left
parenthesis ( ( ), right parenthesis ( ) ), the beginning of the string, the end of
the string, or a space.
Cisco debug interpreter
https://www.cisco.com/cgi-bin/Support/OutputInterpreter/home.pl
AAA Authentication

If there are capitals. Username then the switch is communicating with the
ACS switch, if it is lowercase “username” then you need to log in with the
local credentials.

aaa group server {radius | tacacs+} server-group-name server (ip-address-1)

[auth-port (port-number)] [acct-port (port-number)] server (ip-address-2)
[auth-port (port-number)] [acct-port port-number] deadtime (minutes) pick-
method [next | load-balanced | round-robin]
Stackwise switch stacking

In global configuration mode:

Switch_stack(config)#switch 1 provision ws-c3850-48t
Switch_stack(config)#switch 2 provision ws-c3850-48t

Enable mode commands:

Switch_stack#switch 2 renumber 1
Is a show switch determines the ordering is wrong, then use the above
command and reload

Switch_stack##switch 1 priority 15
A higher priority value for a stack member increases has priority
The priority value can be 1 to 15. The default priority is 1. Do a reload.

Switch_stack##show switch
Switch/Stack Mac Address : 00aa.6e03.8700 - Local Mac Address
Mac persistency wait time: Indefinite
H/W Current
Switch# Role Mac Address Priority Version State
------------------------------------------------------------
*1 Active 00aa.6623.fc48 15 V07 Ready
2 Standby 00aa.6e69.ac36 1 V07 Ready

Reset a specific switch in the stack:

Switch_stack#reload <slot number> current stack number
Switch_stack#reload slot 1

Gives the following for each switch in the stack and is platform dependent:
Switch_stack#show environment stack
SWITCH: 1
Switch 1 FAN 1 is OK
Switch 1 FAN 2 is OK
Switch 1 FAN 3 is OK
FAN PS-1 is OK
FAN PS-2 is OK
Switch 1: SYSTEM TEMPERATURE is OK
Inlet Temperature Value: 30 Degree Celsius
Temperature State: GREEN
Yellow Threshold : 46 Degree Celsius
Red Threshold : 56 Degree Celsius

Hotspot Temperature Value: 44 Degree Celsius

Temperature State: GREEN
Yellow Threshold : 105 Degree Celsius
Red Threshold : 125 Degree Celsius

Switch_stack#show switch detail

Switch/Stack Mac Address : 00aa.6e39.0a80 - Local Mac Address
Mac persistency wait time: Indefinite
H/W Current
Switch# Role Mac Address Priority Version State
------------------------------------------------------------
*1 Active 00aa.6e39.f8c2 1 V07 Ready
2 Standby 700b.4fc8.f9fa 1 V07 Ready

Stack Port Status Neighbors

Switch# Port 1 Port 2 Port 1 Port 2
--------------------------------------------------------
1 OK OK 2 2
2 OK OK 1 1

Switch_stack#show switch stack-ring speed

Stack Ring Speed : 480G
Stack Ring Configuration: Full
Stack Ring Protocol : StackWise

400iL2-IPTV_RACK_1_2#show switch stack-bandwidth

Stack Current
Switch# Role Bandwidth State
------------------------------------------------------------
*1 Active 480G Ready
2 Member 480G Ready
3 Member 480G Ready
4 Standby 480G Ready

Switch_stack2#show switch neighbors

Switch # Port 1 Port 2
-------- ------ ------
1 4 2
2 1 3
3 2 4
4 3 1

To find the physical master switch, log into the device and do a show switch
to get the masters MAC address, then do a show version to see what the base
MAC address is for the switch, if they match, it is the master. Unfortunately,
Cisco did not add a beacon LED on most of their products, so there may be
easy way to do this. Another method is to pop a cable or shut/no shut a port
and look in the log file to the port number, the first digit is the switch
number.

How to find a hardware mismatch or software mismatch:

show switch
will show you the hardware versions

show flash-1: and sh flash-2:

Shows the IOS version for each switch in a stack

switch_stack#show flash-1:
-#- --length-- ---------date/time--------- path
2 2097152 May 09 2019 12:26:18.0000000000 +00:00 nvram_config
3 15950464 Aug 29 2018 01:29:21.0000000000 +00:00 cat3k_caa-
guestshell.16.03.06.SPA.pkg
4 22302593 Aug 29 2018 01:29:18.0000000000 +00:00 cat3k_caa-
rpbase.16.03.06.SPA.pkg
5 265124472 Aug 29 2018 01:29:21.0000000000 +00:00 cat3k_caa-
rpcore.16.03.06.SPA.pkg

show version switch 1 and 2 will show what IOS version each switch is
running
<clip>

Switch#show version
<clip>
Switch Ports Model SW Version SW Image Mode
------ ----- ----- ---------- ----------
* 1 56 WS-C3850-48T 16.3.6 CAT3K_CAA-UNIVERSALK9
INSTALL
2 56 WS-C3850-48T 16.3.6 CAT3K_CAA-UNIVERSALK9
INSTALL
Switch 02
---------
Switch uptime : 25 minutes
Base Ethernet MAC Address : 00:aa:6e:03:84:00
Motherboard Assembly Number : 73-16296-08
Motherboard Serial Number : FOC222849UJ
Model Revision Number : AB0
Motherboard Revision Number : B0
Model Number : WS-C3850-48T
System Serial Number : FOC2229L3N9

Remote command on a stack (limited platform support):

Switch_stack#remote command{all |stack-member-number} privileged
EXEC

Limited platform support:

Switch_stack#show platform switch stack compatibility
Switch_stack#show platform switch stack manager all
Beacon LED on NX-OS switches
Don’t exist it on Catalyst platforms
(Only on Nexus via CLI) in Nexus port config enter “beacon” and that ports
LED will flash.
hw-module beacon on switch 1
hw-module beacon off switch 1
Nexus(config-if)#beacon
Nexus(config-if)#no beacon
Catalyst Power supplies
Switch#Show environment power
Multicast
Router#show ip multicast
Multicast Routing: enabled
Multicast Multipath: disabled
Multicast Route limit: No limit
Multicast Fallback group mode: Sparse
Number of multicast boundaries configured with filter-autorp option:0
MoFRR: Disabled

Switch#Show ip multicast longest-match

Router#show ip pim neighbor

PIM Neighbor Table
Mode: B - Bidir Capable, DR - Designated Router, N - Default DR Priority,
P - Proxy Capable, S - State Refresh Capable, G - GenID Capable,
L - DR Load-balancing Capable
Neighbor Interface Uptime/Expires Ver DR
Address Prio/Mode
10.168.130.61 TenGigabitEthernet5/0/1 2d15h/00:01:26 v2 1 / S P G
10.168.131.61 TenGigabitEthernet6/0/1 2d15h/00:01:39 v2 1 / S P G

Router#show ip pim interface

Address Interface Ver/ Nbr Query DR DR
Mode Count Intvl Prior
10.168.128.38 Loopback0 v2/S 0 30 1 10.168.128.38
10.168.130.62 TenGigabitEthernet5/0/1 v2/S 1 30 1
10.168.130.62
10.168.131.62 TenGigabitEthernet6/0/1 v2/S 1 30 1
10.168.131.62

Router#show ip pim all-vrfs tunnel

Tunnel0
Type : PIM Encap
RP : 172.29.128.254
Source : -
State : DOWN
Last event : Created (2d22h)
 VRF : CCTV
Tunnel1
Type : PIM Encap
RP : 172.25.0.254
Source : 172.25.0.38
State : UP
Last event : RP address reachable (2d15h)
VRF : iptv
Tunnel2
Type : PIM Encap
RP : 172.26.0.254
Source : 172.26.0.38
State : UP
Last event : RP address reachable (2d15h)
VRF : voice

Router#show ip multicast vrf video

Multicast Routing: enabled
Multicast Multipath: disabled
Multicast Route limit: No limit
Multicast Fallback group mode: Sparse
Number of multicast boundaries configured with filter-autorp option: 0
MoFRR: Disabled

Router#show run | section multicast

ip multicast-routing
ip multicast-routing vrf CCTV
ip multicast-routing vrf iptv
ip multicast-routing vrf vide
class-map type multicast-flows CLASS_IPTV_STATIC_GROUP
group 239.192.168.192 to 239.192.168.227
class-map match-any system-cpp-police-multicast-end-station
description MCAST END STATION
class-map match-any system-cpp-police-multicast
description Transit Traffic and MCAST Data
class system-cpp-police-multicast
police rate 500 pps
class system-cpp-police-multicast-end-station
police rate 2000 pps

remark Video applications multicast

remark permit H-Browser TV to join multicast video streams.
remark permit H-Browser TV to send a IGMP LEAVE to all multicast
routers to the network

Router#show logging | incl PIM

000227: *May 16 23:15:50.187: %PIM-5-NBRCHG: VRF voice: neighbor
10.168.128.38 UP on interface Tunnel5
000228: *May 16 23:15:51.838: %PIM-5-DRCHG: VRF iptv: DR change
from neighbor 0.0.0.0 to 10.168.128.55 on interface Tunnel4
000322: May 16 23:19:07.502: %PIM-5-DRCHG: VRF voice: DR change
from neighbor 0.0.0.0 to 172.26.171.1 on interface Vlan267

Enable multicast on an interface:

Interface gi1/0/1
Ip-pim sparse-mode
Show ip igmp interface gi1/0/1l
Show ip pim interface gi1/0/11
Show ip igmp

show ip multicast vrf video

show ip mroute
show ip rpf 10.1.1.20
show ip pim neighbor
show ip pim VRF neighbor
show ip mroute vrf one 232.1.1.1 count
show ip mroute vrf one 232.1.1.1
show ip pim rp
show ip pim rp 225.1.1.1
show ip pim rp mapping
debu ip pim auto-rp ( on last hop router, look for joins) (go upstream towards
RP looking for RP mappings)
Show logging | include %PIM
Show ip route multicast
Show ip route multicast 10.1.1.1 (IP of RP)
Show bgp ipv4 multicast 10.1.1.25
Show ip traffic | begin PIM
Show ip cache flow | include 225.1.1.1 (shows interfaces transmitting and if
there is more than one flow)
On IOS-XR: show running-config multicast-routing
show mfib route statistics 232.1.1.1 10.1.1.1 (SG IP addresses)
show mfib route rate 232.1.1.1 10.1.1.1
show mfib hardware route statistics 232.1.1.1 10.1.1.1 location 0/0/CPU0

For testing, statically join a group with the following INTERFACE

command:
Ip igmp static-group 225.1.1.1
Show ip mroute 225.1.1.1

Switch#show ip mroute
IP Multicast Routing Table
Flags: D - Dense, S - Sparse, B - Bidir Group, s - SSM Group, C -
Connected,
L - Local, P - Pruned, R - RP-bit set, F - Register flag,
T - SPT-bit set, J - Join SPT, M - MSDP created entry, E - Extranet,
X - Proxy Join Timer Running, A - Candidate for MSDP Advertisement,
U - URD, I - Received Source Specific Host Report,
Z - Multicast Tunnel, z - MDT-data group sender,
Y - Joined MDT-data group, y - Sending to MDT-data group,
G - Received BGP C-Mroute, g - Sent BGP C-Mroute,
N - Received BGP Shared-Tree Prune, n - BGP C-Mroute suppressed,
Q - Received BGP S-A Route, q - Sent BGP S-A Route,
V - RD & Vector, v - Vector, p - PIM Joins on route,
x - VxLAN group, c - PFP-SA cache created entry
Outgoing interface flags: H - Hardware switched, A - Assert winner, p - PIM
Join
Timers: Uptime/Expires
Interface state: Interface, Next-Hop or VCD, State/Mode

(10.10.10.55, 232.192.10.1), 13:51:01/stopped, flags: sTIZ

Incoming interface: TenGigabitEthernet3/0/1, RPF nbr 10.168.130.69
 Outgoing interface list:
MVRF iptv, Forward/Sparse, 13:51:01/00:02:58

(10.10.10.45, 232.192.10.1), 20:14:30/stopped, flags: sTIZ

Incoming interface: TenGigabitEthernet4/0/1, RPF nbr 10.168.131.69
Outgoing interface list:
MVRF iptv, Forward/Sparse, 20:14:30/00:00:29

(10.10.10.14, 232.192.10.1), 21:00:47/stopped, flags: sTIZ

Incoming interface: TenGigabitEthernet3/0/1, RPF nbr 10.168.130.69
Outgoing interface list:

Cat9500#show ip mfib ?
A.B.C.D/nn Group IP address/prefix length
Hostname or A.B.C.D Source or group IP address
active Active multicast sources
all Display link scope and non link scope routes
count Route and packet count data
global global/default table override for routing context
instance Select table instance
interface Interface settings and status
linkscope Display link scope routes
route Display routes
status General settings and status
summary Summary statistics
update-sets Bundle update sets
verbose Verbose
vrf Select VPN Routing/Forwarding instance
| Output modifiers
<cr>

Cat9500#show ip mfib
Entry Flags: C - Directly Connected, S - Signal, IA - Inherit A flag,
ET - Data Rate Exceeds Threshold, K - Keepalive
DDE - Data Driven Event, HW - Hardware Installed
ME - MoFRR ECMP entry, MNE - MoFRR Non-ECMP entry, MP
- MFIB
 MoFRR Primary, RP - MRIB MoFRR Primary, P - MoFRR
Primary
MS - MoFRR Entry in Sync, MC - MoFRR entry in MoFRR
Client.
I/O Item Flags: IC - Internal Copy, NP - Not platform switched,
NS - Negate Signalling, SP - Signal Present,
A - Accept, F - Forward, RA - MRIB Accept, RF - MRIB Forward,
MA - MFIB Accept, A2 - Accept backup,
RA2 - MRIB Accept backup, MA2 - MFIB Accept backup

Forwarding Counts: Pkt Count/Pkts per second/Avg Pkt Size/Kbits per

second
Other counts: Total/RPF failed/Other drops
I/O Item Counts: FS Pkt Count/PS Pkt Count
Default
(*,224.0.0.0/4) Flags: HW
SW Forwarding: 0/0/0/0, Other: 0/0/0
HW Forwarding: 0/0/0/0, Other: 0/0/0
(*,224.0.1.40) Flags: C HW
SW Forwarding: 0/0/0/0, Other: 0/0/0
HW Forwarding: 0/0/0/0, Other: 0/0/0
Loopback0 Flags: F IC NS
Pkts: 0/0
(*,232.0.0.0/8) Flags: HW
SW Forwarding: 0/0/0/0, Other: 7/7/0
HW Forwarding: 0/0/0/0, Other: 0/0/0
(10.168.128.3,232.192.10.1) Flags: HW
SW Forwarding: 0/0/0/0, Other: 0/0/0
HW Forwarding: 56726/0/91/0, Other: 0/0/0
TenGigabitEthernet4/0/1 Flags: A
Tunnel4, MDT Decap Flags: F NS
Pkts: 0/0
(10.168.128.4,232.192.10.1) Flags: HW
SW Forwarding: 0/0/0/0, Other: 0/0/0
HW Forwarding: 56729/0/91/0, Other: 0/0/0
TenGigabitEthernet4/0/1 Flags: A
Tunnel4, MDT Decap Flags: F NS
 Pkts: 0/0

RP#mtrace 10.10.10.7 10.10.50.28 225.1.1.1

Type escape sequence to abort.
Mtrace from 10.10.10.7 to 10.10.50.28 via group 225.1.1.1
From source (?) to destination (?)
Querying full reverse path...
0 10.10.50.28
-1 10.10.90.4 PIM [10.10.40.0/24]
-2 10.10.60.11 PIM/Static [10.1.4.7/32]
-3 10.10.80.3 PIM [10.10.40.0/24]
-4 10.10.10.1 PIM [10.10.40.0/24]
-5 10.10.40.7

Troubleshooting multicast receiver joins

In the last hop router closest to the receiver:
Switch#Show ip mroute 225.1.1.1
Empty: PIM is not enabled on the receiver interface (this will also enable
IGMP)

Router#Show ip interface gi0/0/1 | include reserved

Shows which groups are joined

224.0.0.0 224.0.0.255 Reserved for special “well-known” multicast

addresses
224.0.1.0 238.255.255.255 Globally-scoped (Internet-wide) multicast
addresses
239.0.0.0 239.255.255.255 Administratively-scoped (local) multicast
addresses

Switch#Show ip igmp groups 225.1.1.1

Switch#Show ip igmp interface Te10/0/41
Switch#Debug ip igmp 225.1.1.1
Switch#Show ip interface Te10/0/41

6800#show monitor event-trace mfib all detail

6800#show monitor event-trace multicast topology
6800#monitor event-trace mfib events dump
6800#monitor event-trace multicast topology

Multicast Troubleshooting tips:

Work backwards from the client toward the RP
Know what the topology should look like
Remember that multicast is traffic driven
Soft state time outs can take some time to complete and clearing the mroutes
might speed up things
Make sure the underlay unicast routing is ok
“ debug ip pim group ” and “debug ip mrouting group” leads to solving >
80% of the issues
Look at event-history
Packet captures can glean a great deal of information
Netflow data is valuable
Embedded Packet Capture
Nexus, ASR, and ISR IOS trains
Cat9500#monitor capture {buffer | point}
Cat9500#show monitor capture {buffer | point}

ISR_1#access-list 150 permit pim any any

ISR_1#monitor capture buffer buffer-1 max-size 1500
ISR_1#monitor capture buffer buffer-1 filter access-list 150
Filter Association succeeded
ISR_1#monitor capture point ip process-switched buffer-point-1 in
%BUFCAP-6-CREATE: Capture Point buffer-point-1 created.
ISR_1#monitor capture point associate buffer-point-1 buffer-1
ISR_1#monitor capture point start buffer-point-1
%BUFCAP-6-ENABLE: Capture Point buffer-point-1 enabled.

ISR_1#show monitor capture buffer buffer-1 dump

08:15:54.483 PST Nov 22 2012 : IPv4 Process : Et1/0 None
2B8F01DAF610: 01005E00 000DAABB ..^...*;
2B8F01DAF620: CC000201 080045C0 003A63BF 00000167
L.....E@.:c?...g
2B8F01DAF630: 67CE0A01 0302E000 000D2000 96250001 gN....`... ..%..
2B8F01DAF640: 00020069 00140004 2AB11F87 00130004 ...i....*1......
2B8F01DAF650: 00000001 00150004 01000000 FDEC0000 ............}l..
2B8F01DAF660: 00
BGP Public route servers
To practice regular-expressions for BGP is to use one of the public route-
servers.
You can telnet to one of the route-servers and login via guest/anonymous
account. Then you can use some basic show commands.
Source information on Public BGP routing table access:
http://www.cymru.com/Documents/secure-bgp-template.html
route-views.oregon-ix.net
ner-routes.bbnplanet.net
route-server.cerf.net
route-server.ip.att.net
route-server.east.attcanada.com
route-server.west.attcanada.com
route-server.cbbtier3.att.net
route-server.gblx.net
route-server.as5388.net
route-server.savvis.net
route-server.colt.net
route-server.opentransit.net
route-server.gt.ca
public-route-server.is.co.za (South African routes only)
route-server.belwue.de
route-views.on.bb.telus.com
route-views.ab.bb.telus.com
route-server.ip.tiscali.net
route-server.wcg.net
route-server.manilaix.net.ph
route-server.ip.ndsoftware.net
route-server.utah.rep.net
route-server.he.net
zebra.swinog.ch
Service commands
Switch#service ?
alignment Control alignment correction and logging
compress-config Compress the nvram configuration file
config TFTP load config files
dhcp Enable DHCP server and relay agent
disable-ip-fast-frag Disable IP particle-based fast fragmentation
exec-callback Enable exec callback
exec-wait Delay EXEC startup on noisy lines
finger Allow responses to finger requests
hide-telnet-addresses Hide destination addresses in telnet command
linenumber enable line number banner for each exec
nagle Enable Nagle's congestion control algorithm
old-slip-prompts Allow old scripts to operate with slip/ppp
pad Enable PAD commands
password-encryption Encrypt system passwords
prompt Enable mode specific prompt
pt-vty-logging Log significant VTY-Async events
sequence-numbers Stamp logger messages with a sequence number
slave-log Enable log capability of slave IPs
tcp-keepalives-in Generate keepalives on idle incoming network
connections
tcp-keepalives-out Generate keepalives on idle outgoing network
connections
tcp-small-servers Enable small TCP servers (e.g., ECHO)
telnet-zeroidle Set TCP window 0 when connection is idle
timestamps Timestamp debug/log messages
udp-small-servers Enable small UDP servers (e.g., ECHO)-
Low-level show commands
Switch#show control-plane host open-ports
Shows what ports your device is listening on and what connections are open,
not available on many platforms

Switch#sh platform pm if-numbers (or) sh platform pm platform-block

Shows what ASIC your ports map to, helpful if you have a requirement for
ASIC redundancy for ether-channels

Switch#sh buffers input-interface Te3/0/2

Shows what is on the input buffer for an interface, very useful for
troubleshooting high CPU on L3 switches that have many interrupts, will
show you what is being queued on the interface

Switch#show platform tcam utilization asic all

Shows the TCAM utilization per each allocation [IPv4 IGMP, IPv6 QoS
ACEs, etc.], don't forget the "asic all" since it only shows asic 0 whithout it,
alot of the times with TCAM exhaustion due to extensive QoS configuration
the issue is on only one ASIC
Default, Reload, rollback and commit config commands

Router(config)#default interface gi2/3

Removes existing configuration and reverts to the default configuration. This
is helpful when you need to clear out a configuration.

Router(config)#clear interface
Bounces (stop/restart) an interface. Same as shut/no shut

Router#conf t revert timer 1

Turn config archive on before using Rollback Confirmed Change

Router#reload in X
If you lock yourself out, the device will reload and as long as you didn't write
the config, you can get back in. If the change worked, " reload cancel " so
you don't reboot the device and wipe your working change.

Router# configure replace bootflash:myconfig-1 list time 30

This command replaces the current running configuration file with a saved
configuration file.

target-url—Specifies a URL (accessible by the Cisco file system) of the

saved configuration file that is to replace the current running configuration,
such as the configuration file created by using the archive config command.
Depending on your hardware platform, the name of your file system might be
different than shown in the example.

nolock—Disables the locking of the running configuration file that prevents

other users from changing the running configuration during a configuration
replace operation.

list—Displays a list of the command lines applied by the Cisco software

parser during each pass of the configuration replace operation. The total
number of passes performed is also displayed.

force—Replaces the current running configuration file with the specified

saved configuration file without prompting you for confirmation.

ignorecase—Allows the configuration to ignore the case of the confirmation

command.

time minutes—Specifies the time (in minutes) within which you must enter
the configure confirm command to confirm replacement of the current
running configuration file. If the configure confirm command is not entered
within the specified time limit, the configuration replace operation is
automatically reversed (in other words, the current running configuration file
is restored to the configuration state that existed prior to entering the
configure replace command).

revert trigger—Sets the following triggers for reverting to the original

configuration:

error—Reverts to the original configuration upon error.

timer minutes—Reverts to the original configuration if the specified time

elapses.

Switch# configure revert now

Cancels the timed rollback and triggers the rollback immediately or resets
parameters for the timed rollback.
now—Triggers the rollback immediately.
timer—Resets the configuration revert timer
Use the minutes argument with the timer keyword to specify a new revert
time in minutes.
Use the idle keyword along with a time in minutes to set the maximum
allowable time period of no activity before reverting to the saved
configuration.
Switch# configure replace nvram:startup-config time 120
This will apply all necessary additions and deletions to replace the current
running configuration with the contents of the specified configuration file,
which is assumed to be a complete configuration, not a partial configuration.
Enter Y if you are sure you want to proceed. ? [no]: Y
Total number of passes: 1 Rollback Done
Device# configure confirm
Use configure revert command with the timer keyword. Enter configure
reve rt command to cancel the timed rollback and trigger the rollback
immediately, or to reset parameters for the timed rollback.

Switch# configure revert timer 100

Interface range command
Cat3850(config)#interface range gi1/0/47 - 48
Cat3850(config-if-range)#description HOST DEVICES
Transceivers SFPs
Cisco(config)# service unsupported-transceiver
Cisco(config)# no errdisable detect cause gbic-invalid
Cisco(config)#service unsupported-transceiver
Cisco(config)#no errdisable detect gbic-invalid
IPSec commands
Cisco#show crypto isakmp sa | incl <remote peer IP address>
Cisco#show crypto ipsec sa | incl <host ip or subnet in crypto ACL>
NAT commands
Cisco#show ip nat translations | incl <source or destination>
Access-List commands
Cisco#show access-lists
Outputs the ACL counters, to make sure the ACL is getting hits on the
intended ACL line entries
Miscellaneous IOS commands that are helpful
Switch#snmp get & snmp set
Good for running snmp tools directly on the box

Switch#Show history all

Shows all commands that have been entered since reboot

Switch#tclsh
Enters the tcl shell (Product dependent IOS-XR)

Switch#ttcp
Built in throughput tester, similar to IPERF

Switch#configure replace
Replaces current config with new one (no merge)

Switch#ping
(no options) - extended ping, can set QoS etc.

Switch#traceroute (no options)

Extended trace allows you to specify options

Switch#show ip traffic
Show summary of router traffic

Switch#ip route profile & show ip route profile

Enables and shows the change in the routing table

Switch#debug ip routing
Shows the detailed change in the routing table

Switch#show protocols
Shows all the IP and mask information on the box

Switch#transport prefer none

Under the lines, stops the router from trying to telnet mistyped commands
Switch#test aaa group
Tests user authentication to a radius/tacacas server
Escape sequences
Switch#line vty 0 - x escape-character 3
Changes the escape sequence to Ctrl-C and always work no matter how many
tunnels there are

Cntrl – shift 6 + x
The base Cisco escape sequence, usually works, sometime does not.
Netflow
Global configuration mode:
ip flow-export destination {ip-address | hostname} udp-port
Repeat above step to configure a second NetFlow export destination if
desired
ip flow-export version 9
interface interface-type interface-number
ip flow {ingress | egress}
Repeat Steps to enable NetFlow on other interfaces

interface GigabitEthernet2/0/0.10
encapsulation dot1Q 10
ip route-cache flow
ip flow egress
ip flow-export destination 10.10.1.2 9996
ip flow-export source loopback0
ip flow-cache timeout active 1
ip flow-cache timeout inactive 15

Switch#show ip flow interface

Shows if the interface is configured for ingress or egress

Switch#show ip cache flow

Verifies that NetFlow is operational and to display a summary of the
NetFlow statistics.

Switch#show ip cache verbose flow

Verifies that NetFlow is operational and to display a detailed summary of the
NetFlow statistics.

Switch#show ip flow export

Displays the statistics for the NetFlow data export, including statistics for the
main cache and for all other enabled caches.
Flexible NetFlow limitations:
NetFlow is hardware and software version dependent
You cannot configure NetFlow export using the Ethernet Management port
(GigabitEthernet0/0).
You cannot configure a flow monitor on logical interfaces, such as switched
virtual interfaces (SVIs), port-channel, loopback, tunnels.
You cannot configure multiple flow monitors of same type (ipv4, ipv6 or
datalink) on the same interface for same direction.

Catalyst 9400 Netflow configuration:

flow record NOC_Netflow
match ipv4 tos
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
collect transport tcp flags
collect interface input
collect counter bytes long
collect counter packets long
!
!
flow exporter NOC_Netflow
destination 10.250.1.11
source Loopback1
transport udp 2055
template data timeout 60
option application-table timeout 60
option application-attributes timeout 300
!
!
flow monitor NOC_Netflow
exporter NOC_Netflow
cache timeout active 60
record NOC_Netflow
Show inventory
C3850#show inventory
NAME: "c38xx Stack", DESCR: "c38xx Stack"
PID: WS-C3850-48T-S , VID: V07 , SN: FOCxxxxxxxxxx

NAME: "Switch 1", DESCR: "WS-C3850-48T-S"

PID: WS-C3850-48T-S , VID: V07 , SN: FOCxxxxxxxxxx

NAME: "Switch 1 - Power Supply A", DESCR: "Switch 1 - Power Supply

A"
PID: PWR-C1-350WAC , VID: V02 , SN: FOCxxxxxxxxxx

NAME: "Switch 1 - Power Supply B", DESCR: "Switch 1 - Power Supply B"
PID: PWR-C1-350WAC , VID: V02 , SN: FOCxxxxxxxxxx

NAME: "Switch 1 FRU Uplink Module 1", DESCR: "2x1G 2x10G Uplink
Module"
PID: C3850-NM-2-10G , VID: V01 , SN: FOCxxxxxxxxxx

NAME: "Te1/1/4", DESCR: "SFP-10GBase-LRM"

PID: SFP-10G-LRM , VID: V03 , SN: FOCxxxxxxxxxx

NAME: "Switch 2", DESCR: "WS-C3850-48T - Provisioned"

PID: WS-C3850-48T , VID: , SN: FOCxxxxxxxxxx
Interface range command
Cat3850(config)#interface range gi1/0/47 - 48
Cat3850(config-if-range)#description HOST DEVICES
Redundancy
Cat9500#redundancy ?
Redundancy exec commands:
config-sync Redundancy config sync commands
force-switchover Force a switchover
reload Redundancy Facility (RF) reload

Cat9500#show redundancy ?
clients Redundancy Facility (RF) client list
config-sync Show Redundancy Config Sync status
counters Redundancy Facility (RF) operational counters
domain Specify the RF domain
history Redundancy Facility (RF) history
idb-sync-history Redundancy Facility (RF) IDB sync history
states Redundancy Facility (RF) states
switchover Redundancy Facility (RF) switchover
trace Redundancy Facility (RF) trace
| Output modifiers
<cr>

Cat9500#show redundancy states

my state = 13 -ACTIVE
peer state = 8 -STANDBY HOT
Mode = Duplex
Unit = Primary
Unit ID = 5

Redundancy Mode (Operational) = sso

Redundancy Mode (Configured) = sso
Redundancy State = sso
Maintenance Mode = Disabled
Manual Swact = enabled
Communications = Up

client count = 103

client_notification_TMR = 30000 milliseconds
RF debug mask = 0x0
Cat9500#show redundancy
Redundant System Information :
------------------------------
Available system uptime = 1 week, 2 days, 4 hours, 39 minutes
Switchovers system experienced = 0
Standby failures = 0
Last switchover reason = none

Hardware Mode = Duplex

Configured Redundancy Mode = sso
Operating Redundancy Mode = sso
Maintenance Mode = Disabled
Communications = Up

Current Processor Information :

-------------------------------
Active Location = slot 5
Current Software state = ACTIVE
Uptime in current state = 1 week, 2 days, 4 hours, 39 minutes
Image Version = Cisco IOS Software [Everest], Catalyst L3
Switch Software (CAT9K_IOSXE), Version 16.6.3, RELEASE SOFTWARE
(fc8)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2018 by Cisco Systems, Inc.
Compiled Wed 28-Feb-18 23:34 by mcpre
BOOT = bootflash:packages.conf;
Configuration register = 0x102

Peer Processor Information :

----------------------------
Standby Location = slot 6
Current Software state = STANDBY HOT
Uptime in current state = 1 week, 2 days, 4 hours, 34 minutes
Image Version = Cisco IOS Software [Everest], Catalyst L3
Switch Software (CAT9K_IOSXE), Version 16.6.3, RELEASE SOFTWARE
(fc8)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2018 by Cisco Systems, Inc.
Compiled Wed 28-Feb-18 23:34 by mcpre
BOOT = bootflash:packages.conf;
CONFIG_FILE =
Configuration register = 0x102

Cat9500#show redundancy counters

Redundancy Facility OMs
comm link up = 0
comm link down = 0

invalid client tx = 0
null tx by client = 0
tx failures = 0
tx msg length invalid = 0

client not rxing msgs = 0

rx peer msg routing errors = 0
null peer msg rx = 0
errored peer msg rx = 0

buffers tx = 200032
tx buffers unavailable = 0
buffers rx = 199308
buffer release errors = 0

duplicate client registers = 0

failed to register client = 0
Invalid client syncs = 0

Router#show redundancy
Displays the redundancy status of the RPs. This command also displays the
boot and switch-over history for the RPs.
Router#redundancy switchover
Forces a manual switchover to the standby RP. This command works only if
the standby RP is installed and in the “ready” state.

Router#show platform
Displays the status for node, including the redundancy status of the RP cards.
In EXEC mode, this command displays status for the nodes assigned to the
SDR. In administration EXEC mode, this command displays status for all
nodes in the system.

RP/0/RP0/CPU0:router# redundancy switchover

Updating Commit Database. Please wait...[OK]
Proceed with switchover 0/RP0/CPU0 -> 0/RP1/CPU0? [confirm]
Initiating switch-over.
RP/0/RP0/CPU0:router#
Communicating with a Standby RP
The active RP automatically synchronizes the base IOS code, settings, and
configurations with the standby route processor (RP).
Access the standby RP through the console port and view the status messages
for the standby RP. The standby RP does not display a CLI prompt, the
standby cannot be managed via the CLI.
When you connect to the standby RP through the management Ethernet port,
the prompt that appears is for the active RP, and you can manage the router
the same as if you had connected through the management Ethernet port on
the active RP.
Reload, Shut Down, or Power Cycle

6809#hw-module location node-id power disable

This command administratively turns the power off for a node. It is entered in
administrative configuration mode. The changes do not take effect until you
enter the commit command.

To power on a node, use the no form of this command.

6809#no hw-module location node-id power disable

This command cannot be used to disable power on the Supervisor module

(RP) from which the command is entered. It only resets the line cards.
9400#hw-module location node-id reload

This command works in EXEC mode and reloads the Cisco IOS XR software
on a specific node or all nodes.
To specify all nodes in the stack, enter the “all” keyword in place of the node-
id argument. The node reloads with the current running configuration and
active software set for that node.
9400#hw-module shutdown location node-id

This command is run from admin (#) mode and administratively shuts down
the specified node. Nodes that are shut down still have power but cannot load
or operate Cisco IOS XR software.

To return a node to the up state, use the no form of this command:

9400#no hw-module shutdown location node-id

This command cannot be used to shut down the RP from which the command
is entered, it only works for line cards.
Show Module command
C9407#show module
Chassis Type: C9407R

Mod Ports Card Type Model Serial No.

---+-----+--------------------------------------+--------------+--------------
1 48 48-Port UPOE w/ 24p mGig 24p RJ-45 C9400-LC-48UX
JAExxxxxxxxx
2 48 48-Port UPOE w/ 24p mGig 24p RJ-45 C9400-LC-48UX
JAExxxxxxxxx
3 10 Supervisor 1 Module C9400-SUP-1 JAExxxxxxxxx
4 10 Supervisor 1 Module C9400-SUP-1 JAExxxxxxxxx
6 48 48-Port UPOE w/ 24p mGig 24p RJ-45 C9400-LC-48UX
JAExxxxxxxxx
7 48 48-Port UPOE w/ 24p mGig 24p RJ-45 C9400-LC-48UX
JAExxxxxxxxx

Mod MAC addresses Hw Fw Sw Status

---+--------------------------------+----+------------+------------------+--------
1 A093.5165.1204 to A093.5165.1233 1.0 16.6.2r[FC1] 16.06.03
ok
2 A093.5165.65F8 to A093.5165.6627 1.0 16.6.2r[FC1] 16.06.03
ok
3 00FC.BA9D.B36C to 00FC.BA9D.B375 1.0 16.6.2r[FC1]
16.06.03 ok
4 00FC.BA9D.B376 to 00FC.BA9D.B37F 1.0 16.6.2r[FC1]
16.06.03 ok
6 A093.51B5.E0BC to A093.51B5.E0EB 1.0 16.6.2r[FC1] 16.06.03
ok
7 7079.B33A.0950 to 7079.B33A.097F 1.0 16.6.2r[FC1] 16.06.03
ok

Mod Redundancy Role Operating Redundancy Mode Configured

Redundancy Mode
---+-------------------+-------------------------+---------------------------
3 Active active sso
4 Standby standby hot sso
Show platform command
Cat9407#show platform
Chassis type: C9407R

Slot Type State Insert time (ago)

--------- ------------------- --------------------- -----------------
1 C9400-LC-48UX ok 2w3d
1/0 C9400-LC-48UX ok 2w3d
2 C9400-LC-48UX ok 2w3d
2/0 C9400-LC-48UX ok 2w3d
3 C9400-SUP-1 ok 2w3d
3/0 C9400-SUP-1 ok 2w3d
4 C9400-SUP-1 ok 2w3d
4/0 C9400-SUP-1 ok 2w3d
6 C9400-LC-48UX ok 2w3d
6/0 C9400-LC-48UX ok 2w3d
7 C9400-LC-48UX ok 2w3d
7/0 C9400-LC-48UX ok 2w3d
R0 C9400-SUP-1 ok, active 2w3d
R1 C9400-SUP-1 ok, standby 2w3d
P1 C9400-PWR-3200AC ok 2w3d
P2 C9400-PWR-3200AC ok 2w3d
P3 C9400-PWR-3200AC ok 2w3d
P4 C9400-PWR-3200AC ok 2w3d
P5 C9400-PWR-3200AC ok 2w3d
P6 C9400-PWR-3200AC ok 2w3d
P7 C9400-PWR-3200AC ok 2w3d
P8 C9400-PWR-3200AC ok 2w3d
P17 C9407-FAN ok 2w3d

Slot CPLD Version Firmware Version

--------- ------------------- ---------------------------------------
1 17101705 16.6.2r[FC1]
2 17101705 16.6.2r[FC1]
3 17101705 16.6.2r[FC1]
4 17101705 16.6.2r[FC1]
6 17101705 16.6.2r[FC1]
7 17101705 16.6.2r[FC1]
SNMP Commands
ip access-list standard SNMP-ACL-RO
remark SNMP RO ACL
permit 10.10.25.38
permit 10.20.0.0 0.0.255.255
permit 10.40.0.0 0.0.255.255
deny any log
ip access-list standard SNMP-ACL-RW
remark SNMP RW ACL
permit 10.20.20.100
permit 10.650.0.0 0.0.255.255
permit 10.75.0.0 0.0.255.255
deny any log
ip access-list standard SNMP-V3
remark SNMP v3 ACL
permit 10.20.20.100
permit 10.250.0.0 0.0.255.255
permit 10.251.0.0 0.0.255.255
deny any log
!
logging host 10.250.1.238
!
snmp-server group GRP-NCS v3 priv read MGMTView access SNMP-V3
snmp-server group GRP-NPM v3 priv write MGMTView access SNMP-V3
snmp-server view MGMTView internet included
snmp-server view MGMTView mib-2 included
snmp-server view MGMTView system included
snmp-server view MGMTView interfaces included
snmp-server view MGMTView chassis included
snmp-server community TJJD694CO RO SNMP-ACL-RO
snmp-server trap-source Loopback1
snmp-server source-interface informs Loopback1
snmp-server location NOC_2
snmp-server enable traps eigrp
snmp-server enable traps license
snmp-server enable traps config
snmp-server host 10.8.36.211 version 3 priv USR-NPM
snmp ifmib ifindex persist

show snmp chassis

show snmp contact
show snmp community
show snmp location
show snmp mib [detailed | dll]
show snmp newcom
show snmp view

Router(config)#snmp-server priority {low | normal | high}

Global configuration command can be used to change the priority of SNMP
processes. To avoid extensive polling, use the priority should be set to low .
All SNMP queries sent to a router are prioritized as either low or medium
priority, depending on the version of code run by the route processor. This
means that processes with a higher priority than the SNMP process will be
serviced before SNMP. So, regardless of SNMP polling intensity, routing
processes will generally be processed before SNMP requests because route
processes are "high" priority. You can view the priorities of each of the
router's processes by doing a show process and looking in the Q column (L
== Low, M == Medium, H == High). This command has no impact on the
priority of the snmp trap process.

Router(config)#[no] snmp-server sparse-tables

Get the complete SNMP MIB table. On controller interface you get without
this command e.g. no out bytes counter. With these commands you get every
object with SNMP get-next.
DNS lookup on the Cisco device

ip host cat_3850 172.20.1.250

ip host cat_core 172.20.1.246
ip host router_b 2002 172.21.2.1
ip host router_c 2003 172.21.2.1
ip host CAT_9300 2005 172.21.2.1
ip host router_a 2001 172.21.2.1
ip name-server 192.168.66.250
Set the Cisco device as a TFTP server
Set Router as a TFTP Server:
file gs7-k.9.17 is loaded in flash memory
Only allow routers from 172.16.101.x subnet to access the TFTP server
tftp-server flash gs7-k.9.17 1

access-list 1 permit 172.16.101.0 0.0.0.255

Summaries and filters on the routing table
access-list 30 permit 172.16.1.0 0.0.0.127
!
show ip route list 30
C 172.16.1.32/28 is directly connected, Loopback3
C 172.16.1.16/28 is directly connected, Loopback2
O 172.16.1.0/25 is a summary, 2d13h, Null0
C 172.16.1.0/28 is directly connected, Loopback1
C 172.16.1.64/28 is directly connected, Loopback4
!
access-list 55 permit 150.50.1.0 0.0.254.0
!
show ip route list 55
C 150.50.201.0/24 is directly connected, Ethernet0
O E1 150.50.125.0/26 [110/1064] via 150.50.100.4, 1d12h, Serial0
Telnet / SSH access into privilege mode
Telnet immediately placed in privilege mode for 1 user:
aaa new-model
aaa authen login default local
aaa authen enable default enable
user JOE privilege 15 password
Telnet immediately placed in privilege mode for everybody:
line vty 0 4
privilege 15
Show what IP port numbers are open
CAT9500#show ip nbar protocol-id
Protocol Name id type
----------------------------------------------------------------------
3com-amp3 629 L4 IANA
3com-tsmux 106 L4 IANA
3pc 34 L3 IANA
4chan 763 L7 STANDARD
58-city 704 L7 STANDARD
914c/g 211 L4 IANA
9pfs 564 L4 IANA
<clip> HUGE List
DHCP Server Basic Config
ip dhcp excluded-address 192.168.100.0 192.168.100.100
ip dhcp excluded-address 192.168.100.127
ip dhcp excluded-address 192.168.100.254
!
no ip dhcp conflict logging
!
ip dhcp pool address-pool
network 10.1.1.0 255.255.255.0
default-router 192.168.100.1 192.168.100.254
dns-server 172.16.15.112 172.16.16.222
lease 0 0 15
Router#show ip dhcp binding [IP address]
Router#show ip dhcp conflict [ IP address]
Router#show ip dhcp server statistics
Router#clear ip dhcp binding {IP address ! * }
Router#clear ip dhcp conflict {IP address ! * }
If there is an access-list on interface,you will need to add:
Router(config)#Permit udp host 0.0.0.0 eq 68 host 255.255.255.255 eq 67
Router#ip dhcp excluded-address
Range that should not be assigned to clients
Must be exact addresses or ranges, including the HSRP/VRRP virtual address

DHCP Relay Agent

Will assign IP address based on the ports numbers connected
Will carry the port information to a DHCP server on another router/switch

service dhcp
ip dhcp relay information option
!
interface vlan 10
ip address 10.0.0.1 255.0.0.0
ip helper-address 30.0.0.2

Do not forward unwanted protocols to DHCP Server:

no ip forward-protocol nd
no ip forward-protocol udp nameserver
no ip forward-protocol udp domain
no ip forward-protocol udp netbios-ns
no ip forward-protocol udp netbios-dgm
no ip forward-protocol udp tacacs
DNS Domain Name Server
Router#ip domain-lookup
Enables DNS on the Cisco device

Router#ip name-server 131.108.1.111 131.108.1.2

131.108.1.111 is the primary DNS server & 131.108.1.2 is the secondary
DNS server

ip domain-name cisco.com
Defines cisco.com as the Default Domain Name

ip ospf name-lookup
Makes it easier to identify a router because the router is displayed by name
rather than by its router ID or neighbor ID
Setting the date and Time:
CAT9300#clock set 09:30:00 12 september 2019
Cat9300#show clock
13:15:39.008 EDT Sun Apr 7 2019
NTP Network Time Protocol
NTP master
clock timezone PST -8
clock summer-time PDT recurring
clock set 13:00:00 20 apr 2007

Switch(config)#clock set 13:00:00 20 may 2019

Switch(config)#ntp master 3
Switch(config)#ntp authentication-key 1 md5 cisco
Switch(config)#ntp source lo0
Switch(config)#ntp access-group serve-only 1
To only allow specific clients
Switch(config)#access-list 1 permit 133.6.2.2

NTP client
clock timezone PST -8
clock summer-time PDT recurring
ntp server 192.168.1.2

Switch(config)#ntp authentication-key 1 md5 cisco

Switch(config)#ntp authenticate
Switch(config)#ntp trusted-key 1
Switch(config)#ntp server x.x.x.x key 1 [address of server's lo0]

Optional configuration objects:

ntp source Loopback0
ntp server vrf managment 10.1.1.50
ntp server vrf managment 10.1.1.51

On the client, before entering the ntp server IP address, do a ping to the NTP
servers IP address to verify that it's a valid IP address, or it will take a long,
long time to synchronize.
NTP Authentication:
Switch(config)# ntp authentication-key 1 md5 MySecretKey
Switch(config)# ntp trusted-key 1
 Switch(config)# ntp authenticate

Switch#show ntp association detail

Will show if Network time Protocol is in sync.
The encrypted authentication scheme uses authentication keys and an
authentication process to determine if NTP synchronization packets sent by
designated peers or servers on a local network are deemed as trusted before
the time information that it carries along with it, is accepted.
It must done in that order for NTP to work within a reasonable period of
time.

Switch#show ntp associations

address ref clock st when poll reach delay offset disp

*~192.168.1.220 10.10.10.23 2 36 64 377 0.845 35.845 2.440
+~10.220.30.58 10.210.10.73 2 10 64 377 0.805 35.950 2.814
* sys.peer, # selected, + candidate, - outlyer, x falseticker, ~ configured

Switch#show ntp information

Ntp Software Name : Cisco-ntpv4
Ntp Software Version : Cisco-ntpv4-1.0
Ntp Software Vendor : CISCO
Ntp System Type : Cisco IOS / APM86XXX

Switch#show ntp status

Clock is synchronized, stratum 3, reference is 192.168.1.220
nominal freq is 286.1023 Hz, actual freq is 286.0950 Hz, precision is 2**21
ntp uptime is 986900 (1/100 of seconds), resolution is 3496
reference time is E0583309.50B3F4F8 (05:16:57.315 EDT Wed Apr 10
2019)
clock offset is 35.8450 msec, root delay is 666.98 msec
root dispersion is 78.88 msec, peer dispersion is 3.17 msec
loopfilter state is 'CTRL' (Normal Controlled Loop), drift is 0.000025514 s/s
system poll interval is 64, last update was 302 sec ago.

Switch#show ntp packets

Ntp In packets : 309
Ntp Out packets : 311
Ntp bad version packets : 0
Ntp protocol error packets : 0
Alias commands
To set an alias to make repetitive commands easy:
router_a(config)#alias exec in show ip interface brief
“in” is the alias command that will kick this off:
router_a:10#in
Interface IP-Address OK? Method Status Protocol
Ethernet0 192.168.66.254 YES NVRAM up up
Loopback0 172.21.1.1 YES NVRAM up up
VRF Lite
Globally define the VRFs (Virtual Routing and Forwarding):
Router(config)#Ip vrf DATA
Router(config)#Ip vrf VOICE
Router(config)#Ip vrf VIDEO
!
Router(config)#interface FastEthernet 0/0
Router(config)#no ip address
Router(config)#interface FastEthernet 0/0.2
Router(config-if)#ip address 192.168.2.1 255.255.255.252
Router(config-if)#ip vrf forwarding VOICE
!
Router(config-if)#interface FastEthernet 0/0.3
Router(config-if)#encapsulation dot1q 3
Router(config-if)#ip address 192.168.100.1 255.255.255.252
Router(config-if)#ip vrf forwarding DATA
!
Router(config-if)#interface FastEthernet 0/0.4
Router(config-if)#encapsulation dot1q 4
Router(config-if)#ip address 192.168.113.1 255.255.255.252
Router(config-if)#ip vrf forwarding VIDEO
!
!IP addresses get deleted from the interfaces and need to be added back
Router(config-if)#interface FastEthernet 0/0.2
Router(config-if)#ip address 192.168.2.1 255.255.255.252
!
Router(config-if)#interface FastEthernet 0/0.3
Router(config-if)#ip address 192.168.100.1 255.255.255.252
!
Router(config-if)#interface FastEthernet 0/0.4
Router(config-if#ip address 192.168.113.1 255.255.255.252
!
!
Assign a routing process with each VRF
Router(config-router)#Router ospf 1 vrf VOICE
Router(config-router)#0.0.0.0 255.255.255.255 area 0
!
Router(config-router)#Router ospf 2 vrf DATA
Router(config-router)#Network 0.0.0.0 255.255.255.255 area 0
!
Router(config-router)#Router ospf 3 vrf VIDEO
Router(config-router)#Network 0.0.0.0 255.255.255.255 area 0
!
Router(config-router)#Router eigrp 1
Router(config-router)#Address-family ipv4 vrf VOICE
Router(config-router)#Network 0.0.0.0
Router(config-router)#No auto-summary
Router(config-router)#Autonomous-system 1
!
Router(config-router)#Router eigrp 2
Router(config-router)#Address-family ipv4 vrf DATA
Router(config-router)#Network 0.0.0.0
Router(config-router)#No auto-summary
Router(config-router)#Autonomous-system 2
!
Router(config-router)#Router eigrp 3
Router(config-router)#Address-family ipv4 vrf VIDEO
Router(config-router)#Network 0.0.0.0
Router(config-router)#No auto-summary
Router(config-router)#Autonomous-system 3

VRF Validation:
Show ip vrf DATA
Show ip route vrf <NAME>
Ping vrf <NAME> 10.1.1.1
There are no routes in the main routing table, they are all in the individual vrf
tables
UDLD
Regular may not disable a port, it is best to go with aggressive
Global:
Router(config)#Udld aggressive | enable message time <1-90 default is 15
seconds>
Interface normal mode:
(Interface)#Udld port

Interface aggressive mode:

(Interface)#Udld port aggressive

Monitoring
Switch#show udld [interface-id | neighbors]

Recovering:
(config-if)#Shut / no shut
(config-if)#No udld port / udld port
(config-if)#udld reset
(config)#errdisable recovery cause udld
IPSLA
Measures network performance and service level agreement validations
This is Cisco proprietary and can only be implemented with Cisco devices as
the originator and responder
The originator and responder are imbedded in IOS on the device.
Measurement capabilities:
Connectivity (directional)
Delay (round-trip and per direction)
Jitter (per direction)
Packet loss (per direction)
Packet sequencing (in order)
Path (per hop)
Server download time

Results can be read from SNMP for external management applications, can
read for the MIB or the Cisco device can send traps.

Cat9300# show ip sla application

Cat9300(config)# ip sla responder {tcp-connect | udp-echo} ipaddress ip-

address port port-number

Cat9300 (config)# ip sla 1

Cat9300(config-ip-sla)# udp-jitter 172.16.1.20 5000
Cat9300 (config-ip-sla-jitter)# frequency 15 (This is in seconds)
Cat9300 (config-ip-sla-jitter)# exit
Cat9300 (config)# ip sla schedule 5 start-time now life forever

Cat9300# show ip sla configuration 1

Another example using IPSLA ping:

Cat9300(config)# ip sla 100
Cat9300(config-ip-sla)# icmp-echo 172.16.1.25
Cat9300(config-ip-sla-echo)# frequency 20
Cat9300(config-ip-sla-echo)# exit
Cat9300(config)# ip sla schedule 100 start-time now life forever

To view results:
Cat9300#show ip sla application
Embedded Event Manager EEM
Using the Embedded Event Manager you can trigger off of complex network
events and the run scripts and programs programs directly on the IOS box.
EEM is partitioned into of three sections;
Event Detectors,
Policies and
Programming languages.

Event Detectors
The core to using EEM involved the event detectors. Event detectors are
built-in capabilities to watch for specific situations or conditions. IOS adds
event detectors over time with new releases of code.
EEM Event Detectors:
SNMP
OIR (Online Insertion and Removal)
CLI Command Line Interface
Syslog
XML-RPC
IP SLAs
NetFlow
Application specific event
Config change
Interface counters
Redundancy framework
SNMP notification (i.e. when the device receives a trap)
Resource
Timer
Timer subscriber
IOS Process
Counter
GOLD (Generic OnLine Diagnostics)
 Environmental
Routing
Enhanced Object Tracking (EOT)
None (launch the event manually)
Policies determine what process is run when an event is detected. Policies
save you from having to to manually deal with every possible event, It
automates the process.
EEM supports three methods of programmability and scripting.
1. Applets – enables the CLI to be run when a set of conditions is
triggered
2. Tcl - (Tool Command Language)
3. IOS.sh - newer versions of IOS support IOS.sh (IOS shell) macros
similar to Linux bash shell
EEM Actions supported:
Sending a email messages
Executing a cisco command.
Generating SNMP traps
Reloading the router
Generating prioritized syslog messages
Switching to a secondary processor in a redundant platform
requesting system information when an event occurs (like show tech, show
proccess cpu history).
Here is an example EEM configuration that monitors an interface for being
shutdown and re-enables it:

event manager applet interface_Shutdown

event syslog pattern "Interface Ten10/0/45, changed state to administratively
down"
action 1.0 cli command "enable"
action 1.5 cli command "config t"
action 2.0 cli command "interface fa1/0"
action 2.5 cli command "no shutdown"
action 3.0 cli command "end"
action 3.5 cli command "who"
action 4.0 mail server "192.168.1.1" to ".engineer@cisco.com." from
".EEM@cisco.com." subject ".ISP1_Interface_fa1/0_SHUT." body "Current
users $_cli_result"

EEM testing:
Router#debug event manager action cli
Example rollback event:
switch# config t
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)#
switch(config)# event manager applet rollbackTrigger
switch(config-applet)#
switch(config-applet)# description “Rollback trigger.”
switch(config-applet)# event cli match “rollback *”
switch(config-applet)# action 1.0 cli copy running-config
bootflash:last_config
switch(config)# copy running-config startup-config

System debugging and dumps:

Router#copy core
Does a full core dump, as write core but with more options.

Router#test crash
Makes the router crash any way you want.
Router#debug buffer
Additional buffer debugging.
debug crypto isakmp detail
Crypto ISAKMP internals debugging.

debug crypto isakmp packet

Crypto ISAKMP packet debugging.
debug ip packet ... dump
Outputs a hex and ASCII dump of the packet's contents.

Router#debug oir
Debug online insertion and removal

Router#debug parser mode

Router#debug sanity

Router#debug subsys
Debug discrete subsystems.
Router#exception-slave dump X.X.X.X

Router#exception-slave protocol tftp

Router#exception-slave corefile

Router#execption memory fragment (amount)

Will reload router when no more fragment mem is available.
test interfaces

Router#test leds

Router#test memory

Router#test transmit

Router#timeout absolute (minutes) (seconds)

Enforces timeouts on an interface.

Router#write core
Does a full core dump, reboots router