Error message:
"startup-config file open failed (Device or resource busy)"
The write to flash processo might have hang or might be in use by another user.
How to fix:
systat -> check which users are logged in
clear line vty X -> clear all the users from the router
write -> now you can write your config to flash
clear all lines. Any of the sessions is running a process that is writing to flash that might have been hang.
Friday, October 9, 2009
Sunday, September 20, 2009
Running SDM 2.4 with Java 1.6.0_16
There is an exception when running SDM with Java version 1.6_16. The Java exception dump in the console is related with the class awt-eventqueue-2.
I was not able to correct the problem in this version. I have unselected the version 1.6_16 on my Java console control panel and I used a previously installed version 1.5 that I had. This corrected my problem.
I was not able to correct the problem in this version. I have unselected the version 1.6_16 on my Java console control panel and I used a previously installed version 1.5 that I had. This corrected my problem.
Monday, June 1, 2009
How to Check a Cisco Interface Last Change
Sometimes, customers ask:
"I would like to know when was the last time this port went down!"
Well, our aswer will always be, "we will investigate and let you know."
The problem is, how can I get this information.
Actually, you will find it, if you have a syslog server, but what if the syslog rotates de logs earlier then your think !
Well, there is another way to get some info. Although Cisco says that it is valid, all my tests have not give me any confidence for this data:
Anyway, here it is how to get it.
Cisco provides a MIB for the last change of an Interface:
snmpwalk -v 1 -c .iso.3.6.1.2.1.2.2.1.9
IF-MIB::ifLastChange.1 = Timeticks: (10995) 0:01:49.95
IF-MIB::ifLastChange.2002 = Timeticks: (14524) 0:02:25.24
IF-MIB::ifLastChange.5001 = Timeticks: (12082) 0:02:00.82
IF-MIB::ifLastChange.5002 = Timeticks: (96967443) 11 days, 5:21:14.43
IF-MIB::ifLastChange.10101 = Timeticks: (97498708) 11 days, 6:49:47.08
IF-MIB::ifLastChange.10102 = Timeticks: (97497760) 11 days, 6:49:37.60
IF-MIB::ifLastChange.10103 = Timeticks: (97497340) 11 days, 6:49:33.40
IF-MIB::ifLastChange.10104 = Timeticks: (97496849) 11 days, 6:49:28.49
IF-MIB::ifLastChange.10105 = Timeticks: (97495422) 11 days, 6:49:14.22
IF-MIB::ifLastChange.10106 = Timeticks: (97494025) 11 days, 6:49:00.25
IF-MIB::ifLastChange.10107 = Timeticks: (97494995) 11 days, 6:49:09.95
IF-MIB::ifLastChange.10108 = Timeticks: (11332) 0:01:53.32
IF-MIB::ifLastChange.10109 = Timeticks: (11332) 0:01:53.32
IF-MIB::ifLastChange.10110 = Timeticks: (11332) 0:01:53.32
IF-MIB::ifLastChange.10111 = Timeticks: (11332) 0:01:53.32
IF-MIB::ifLastChange.10112 = Timeticks: (11332) 0:01:53.32
IF-MIB::ifLastChange.10113 = Timeticks: (11332) 0:01:53.32
IF-MIB::ifLastChange.10114 = Timeticks: (11332) 0:01:53.32
IF-MIB::ifLastChange.10115 = Timeticks: (11332) 0:01:53.32
IF-MIB::ifLastChange.10116 = Timeticks: (97498710) 11 days, 6:49:47.10
IF-MIB::ifLastChange.10117 = Timeticks: (97497765) 11 days, 6:49:37.65
IF-MIB::ifLastChange.10118 = Timeticks: (97497353) 11 days, 6:49:33.53
IF-MIB::ifLastChange.10119 = Timeticks: (97496854) 11 days, 6:49:28.54
IF-MIB::ifLastChange.10120 = Timeticks: (97495448) 11 days, 6:49:14.48
IF-MIB::ifLastChange.10121 = Timeticks: (97494037) 11 days, 6:49:00.37
IF-MIB::ifLastChange.10122 = Timeticks: (97494996) 11 days, 6:49:09.96
IF-MIB::ifLastChange.10123 = Timeticks: (11333) 0:01:53.33
IF-MIB::ifLastChange.10124 = Timeticks: (11333) 0:01:53.33
IF-MIB::ifLastChange.10125 = Timeticks: (11333) 0:01:53.33
Use it in your own risk!
"I would like to know when was the last time this port went down!"
Well, our aswer will always be, "we will investigate and let you know."
The problem is, how can I get this information.
Actually, you will find it, if you have a syslog server, but what if the syslog rotates de logs earlier then your think !
Well, there is another way to get some info. Although Cisco says that it is valid, all my tests have not give me any confidence for this data:
Anyway, here it is how to get it.
Cisco provides a MIB for the last change of an Interface:
snmpwalk -v 1 -c
IF-MIB::ifLastChange.1 = Timeticks: (10995) 0:01:49.95
IF-MIB::ifLastChange.2002 = Timeticks: (14524) 0:02:25.24
IF-MIB::ifLastChange.5001 = Timeticks: (12082) 0:02:00.82
IF-MIB::ifLastChange.5002 = Timeticks: (96967443) 11 days, 5:21:14.43
IF-MIB::ifLastChange.10101 = Timeticks: (97498708) 11 days, 6:49:47.08
IF-MIB::ifLastChange.10102 = Timeticks: (97497760) 11 days, 6:49:37.60
IF-MIB::ifLastChange.10103 = Timeticks: (97497340) 11 days, 6:49:33.40
IF-MIB::ifLastChange.10104 = Timeticks: (97496849) 11 days, 6:49:28.49
IF-MIB::ifLastChange.10105 = Timeticks: (97495422) 11 days, 6:49:14.22
IF-MIB::ifLastChange.10106 = Timeticks: (97494025) 11 days, 6:49:00.25
IF-MIB::ifLastChange.10107 = Timeticks: (97494995) 11 days, 6:49:09.95
IF-MIB::ifLastChange.10108 = Timeticks: (11332) 0:01:53.32
IF-MIB::ifLastChange.10109 = Timeticks: (11332) 0:01:53.32
IF-MIB::ifLastChange.10110 = Timeticks: (11332) 0:01:53.32
IF-MIB::ifLastChange.10111 = Timeticks: (11332) 0:01:53.32
IF-MIB::ifLastChange.10112 = Timeticks: (11332) 0:01:53.32
IF-MIB::ifLastChange.10113 = Timeticks: (11332) 0:01:53.32
IF-MIB::ifLastChange.10114 = Timeticks: (11332) 0:01:53.32
IF-MIB::ifLastChange.10115 = Timeticks: (11332) 0:01:53.32
IF-MIB::ifLastChange.10116 = Timeticks: (97498710) 11 days, 6:49:47.10
IF-MIB::ifLastChange.10117 = Timeticks: (97497765) 11 days, 6:49:37.65
IF-MIB::ifLastChange.10118 = Timeticks: (97497353) 11 days, 6:49:33.53
IF-MIB::ifLastChange.10119 = Timeticks: (97496854) 11 days, 6:49:28.54
IF-MIB::ifLastChange.10120 = Timeticks: (97495448) 11 days, 6:49:14.48
IF-MIB::ifLastChange.10121 = Timeticks: (97494037) 11 days, 6:49:00.37
IF-MIB::ifLastChange.10122 = Timeticks: (97494996) 11 days, 6:49:09.96
IF-MIB::ifLastChange.10123 = Timeticks: (11333) 0:01:53.33
IF-MIB::ifLastChange.10124 = Timeticks: (11333) 0:01:53.33
IF-MIB::ifLastChange.10125 = Timeticks: (11333) 0:01:53.33
Use it in your own risk!
Serial Interface Sync
There serial interface can be in a state where it is up but looped. This means that the circuit has a loop on the other side, but not connectivity to any other point.
In order to correctly read the status of the interface, use the option:
interface Serial0/0
down-when-looped
This will bring the status to:
Serial0/0 is up, line protocol is down (looped)
Hardware is PowerQUICC Serial
When the V.35 Layer 1 connection is actually estabilhed, the HDLC will also sync with the logs:
Serial0: HDLC myseq 3354903, mineseen 3354903*, yourseen 25701, line up
Serial0: HDLC myseq 3354904, mineseen 3354904*, yourseen 25702, line up
Serial0: HDLC myseq 3354905, mineseen 3354905*, yourseen 25703, line up
Serial0: HDLC myseq 3354906, mineseen 3354905, yourseen 25703, line up
May 28 14:12:54: %IP_SNMP-4-NOTRAPIP: SNMP trap source FastEthernet0/0 has no ip address
May 28 14:14:03: %IP_SNMP-4-NOTRAPIP: SNMP trap source FastEthernet0/0 has no ip address
6d03h: Serial0/0: HDLC myseq 53150, mineseen 53149*, yourseen 53150, line up (looped)
6d03h: Serial0/0: HDLC myseq 53151, mineseen 53150*, yourseen 53151, line up (looped)
6d03h: Serial0/0: attempting to restart
6d03h: PowerQUICC(0/0): DCD is up.
After this log, the serial will be in the state:
Serial0/0 is up, line protocol is up
In order to correctly read the status of the interface, use the option:
interface Serial0/0
down-when-looped
This will bring the status to:
Serial0/0 is up, line protocol is down (looped)
Hardware is PowerQUICC Serial
When the V.35 Layer 1 connection is actually estabilhed, the HDLC will also sync with the logs:
Serial0: HDLC myseq 3354903, mineseen 3354903*, yourseen 25701, line up
Serial0: HDLC myseq 3354904, mineseen 3354904*, yourseen 25702, line up
Serial0: HDLC myseq 3354905, mineseen 3354905*, yourseen 25703, line up
Serial0: HDLC myseq 3354906, mineseen 3354905, yourseen 25703, line up
May 28 14:12:54: %IP_SNMP-4-NOTRAPIP: SNMP trap source FastEthernet0/0 has no ip address
May 28 14:14:03: %IP_SNMP-4-NOTRAPIP: SNMP trap source FastEthernet0/0 has no ip address
6d03h: Serial0/0: HDLC myseq 53150, mineseen 53149*, yourseen 53150, line up (looped)
6d03h: Serial0/0: HDLC myseq 53151, mineseen 53150*, yourseen 53151, line up (looped)
6d03h: Serial0/0: attempting to restart
6d03h: PowerQUICC(0/0): DCD is up.
After this log, the serial will be in the state:
Serial0/0 is up, line protocol is up
Tuesday, May 19, 2009
Cisco 3750 Redundancy Test
The Cisco 3750 Catalyst Series offer high class switching functionality such as StackWise support with a 32 Gbit dual ring (16+16G). This means that you have a 32 Gigabit throughtput between Stack Switches.
During some testing with 2 stacked switches, I was able to simulate a failure by issuing the command:
reload slot 2 -> This will reload the module 2 switch.
switch# reload ?
LINE Reason for reload
at Reload at a specific time/date
cancel Cancel pending reload
in Reload after a time interval
slot Slot number card
standby-cpu Standby RP
Switch# sh switch det
Switch/Stack Mac Address : 0021.XXXX.XXXX
H/W Current
Switch# Role Mac Address Priority Version State
----------------------------------------------------------
*1 Master 0021.XXXX.XXXX 15 1 Ready
2 Member 0022.XXXX.XXXX 1 1 Ready
Stack Port Status Neighbors
Switch# Port 1 Port 2 Port 1 Port 2
--------------------------------------------------------
1 Down Down None None
2 Ok Ok 1 1
During some testing with 2 stacked switches, I was able to simulate a failure by issuing the command:
reload slot 2 -> This will reload the module 2 switch.
switch# reload ?
LINE Reason for reload
at Reload at a specific time/date
cancel Cancel pending reload
in Reload after a time interval
slot Slot number card
standby-cpu Standby RP
Switch# sh switch det
Switch/Stack Mac Address : 0021.XXXX.XXXX
H/W Current
Switch# Role Mac Address Priority Version State
----------------------------------------------------------
*1 Master 0021.XXXX.XXXX 15 1 Ready
2 Member 0022.XXXX.XXXX 1 1 Ready
Stack Port Status Neighbors
Switch# Port 1 Port 2 Port 1 Port 2
--------------------------------------------------------
1 Down Down None None
2 Ok Ok 1 1
Saturday, May 9, 2009
How to detect and diagnose cabling problems using Time Domain Reflector (TDR) in Cisco devices
Goal: diagnose and resolve cabling problems
What it does: The device sends a signal through the cable and compares the reflected signal to the initial signal sent.
Important:
- Only works with 10/100/1000 copper
- SFP and copper 10/100 not supported
- Run it with the IOS Command:
test cable-diagnostics tdr interface <..>
show cable-diagnostics tdr interface
TDR will detect these cabling problems:
- Open, broken, or cut twisted-pair wires. The wires are not connected to the wires from the remote device.
- Shorted twisted-pair wires. The wires are touching each other or the wires from the remote device.
Example:
SWITCH# test cable-diagnostics tdr interface GigabitEthernet 1/0/47
TDR test started on interface Gi1/0/47
A TDR test can take a few seconds to run on an interface
Use 'show cable-diagnostics tdr' to read the TDR results.
SWITCH#show cable-diagnostics tdr interface GigabitEthernet 1/0/47
TDR test last run on: March 04 19:37:15
Interface Speed Local pair Pair length Remote pair Pair status
--------- ----- ---------- ------------------ ----------- --------------------
Gi1/0/47 1000M Pair A 0 +/- 10 meters Pair B Normal
Pair B 0 +/- 10 meters Pair A Normal
Pair C 0 +/- 10 meters Pair D Normal
Pair D 0 +/- 10 meters Pair C Normal
The PRBS test can only be executed for TenG interfaces:
SWITCH# test cable-diagnostics prbs start interface TenGigabitEthernet ?
<1-9> TenGigabitEthernet interface number
What it does: The device sends a signal through the cable and compares the reflected signal to the initial signal sent.
Important:
- Only works with 10/100/1000 copper
- SFP and copper 10/100 not supported
- Run it with the IOS Command:
test cable-diagnostics tdr interface <..>
show cable-diagnostics tdr interface
TDR will detect these cabling problems:
- Open, broken, or cut twisted-pair wires. The wires are not connected to the wires from the remote device.
- Shorted twisted-pair wires. The wires are touching each other or the wires from the remote device.
Example:
SWITCH# test cable-diagnostics tdr interface GigabitEthernet 1/0/47
TDR test started on interface Gi1/0/47
A TDR test can take a few seconds to run on an interface
Use 'show cable-diagnostics tdr' to read the TDR results.
SWITCH#show cable-diagnostics tdr interface GigabitEthernet 1/0/47
TDR test last run on: March 04 19:37:15
Interface Speed Local pair Pair length Remote pair Pair status
--------- ----- ---------- ------------------ ----------- --------------------
Gi1/0/47 1000M Pair A 0 +/- 10 meters Pair B Normal
Pair B 0 +/- 10 meters Pair A Normal
Pair C 0 +/- 10 meters Pair D Normal
Pair D 0 +/- 10 meters Pair C Normal
The PRBS test can only be executed for TenG interfaces:
SWITCH# test cable-diagnostics prbs start interface TenGigabitEthernet ?
<1-9> TenGigabitEthernet interface number
Friday, May 8, 2009
line protocol is down (err-disabled)
SWITCH#sh int G0/18
GigabitEthernet0/18 is down, line protocol is down (err-disabled)
Hardware is Gigabit Ethernet, address is 001f.7777.7777 (bia 7777.7777.7777)
Description SWITCH-A
MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,
reliability 255255, txload 1255, rxload 1255
Encapsulation ARPA, loopback not set
Keepalive not set
Auto-duplex, Auto-speed, link type is auto, media type is unknown
input flow-control is off, output flow-control is unsupported
ARP type ARPA, ARP Timeout 040000
Last input never, output never, output hang never
Last clearing of show interface counters never
Input queue 07500 (sizemaxdropsflushes); Total output drops 0
Queueing strategy fifo
Output queue 040 (sizemax)
5 minute input rate 0 bitssec, 0 packetssec
5 minute output rate 0 bitssec, 0 packetssec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts (0 multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 0 multicast, 0 pause input
0 input packets with dribble condition detected
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 3 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 PAUSE output
0 output buffer failures, 0 output buffers swapped out
Produced logs:
%LINK-5-CHANGED: Interface GigabitEthernet0/18, changed state to administratively down
%GBIC_SECURITY_CRYPT-4-VN_DATA_CRC_ERROR: GBIC in port Gi0/18 has bad crc
%PM-4-ERR_DISABLE: gbic-invalid error detected on Gi0/18, putting Gi0/18 in err-disable state
%LINK-3-UPDOWN: Interface GigabitEthernet0/18, changed state to down
This could be associated with a problem in SFP.
Check if the SFP is correctly connected, and if it is a Cisco SFP!
GigabitEthernet0/18 is down, line protocol is down (err-disabled)
Hardware is Gigabit Ethernet, address is 001f.7777.7777 (bia 7777.7777.7777)
Description SWITCH-A
MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,
reliability 255255, txload 1255, rxload 1255
Encapsulation ARPA, loopback not set
Keepalive not set
Auto-duplex, Auto-speed, link type is auto, media type is unknown
input flow-control is off, output flow-control is unsupported
ARP type ARPA, ARP Timeout 040000
Last input never, output never, output hang never
Last clearing of show interface counters never
Input queue 07500 (sizemaxdropsflushes); Total output drops 0
Queueing strategy fifo
Output queue 040 (sizemax)
5 minute input rate 0 bitssec, 0 packetssec
5 minute output rate 0 bitssec, 0 packetssec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts (0 multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 0 multicast, 0 pause input
0 input packets with dribble condition detected
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 3 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 PAUSE output
0 output buffer failures, 0 output buffers swapped out
Produced logs:
%LINK-5-CHANGED: Interface GigabitEthernet0/18, changed state to administratively down
%GBIC_SECURITY_CRYPT-4-VN_DATA_CRC_ERROR: GBIC in port Gi0/18 has bad crc
%PM-4-ERR_DISABLE: gbic-invalid error detected on Gi0/18, putting Gi0/18 in err-disable state
%LINK-3-UPDOWN: Interface GigabitEthernet0/18, changed state to down
This could be associated with a problem in SFP.
Check if the SFP is correctly connected, and if it is a Cisco SFP!
Sunday, March 29, 2009
Persistency of SNMP Ifindex
Some snmp monitoring tools grab the snmp index directly to monitor your interfaces. This causes no problem until you reload your router/switch.
The problem is that when you reload it, the ifindex are recalculated and might not be in the same order.
To avoid this problem, use:
snmp-server ifindex persist
The problem is that when you reload it, the ifindex are recalculated and might not be in the same order.
To avoid this problem, use:
snmp-server ifindex persist
Saturday, February 28, 2009
6500 command logging in CLI
Question: Can I monitorir which commands have been applied in a switch/router?
Answer is yes, always have been possible with logging commands. The problem is that you always needed a syslog server otherwise the buffer logging would be overriden.
Now, you can do this is another way:
archive
log config
logging enable
logging size 200
notify syslog
hidekeys
Check the commands by typing:
show archive log config all
Answer is yes, always have been possible with logging commands. The problem is that you always needed a syslog server otherwise the buffer logging would be overriden.
Now, you can do this is another way:
archive
log config
logging enable
logging size 200
notify syslog
hidekeys
Check the commands by typing:
show archive log config all
ASA Transparent Firewall Sample
: Saved
:
PIX Version 8.0(3)
!
firewall transparent
hostname pix-transp
enable password 2KFQnbNIdI.2KYOU encrypted
names
!
interface Ethernet0
nameif outside
security-level 0
!
interface Ethernet1
nameif inside
security-level 100
!
interface Ethernet2
shutdown
no nameif
no security-level
!
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
access-list outside ethertype permit any
access-list inside ethertype permit any
access-list aclin_inside extended permit ip any any
access-list aclin_inside extended permit icmp any any
access-list aclin_outside extended permit ip any any
access-list aclin_outside extended permit icmp any any
pager lines 24
logging enable
logging buffered debugging
mtu inside 1500
mtu outside 1500
ip address 10.2.0.250 255.255.255.0
no failover
icmp unreachable rate-limit 1 burst-size 1
icmp permit any inside
asdm image flash:/asdm
no asdm history enable
arp timeout 14400
access-group inside in interface inside
access-group aclin_inside in interface inside
access-group outside in interface outside
access-group aclin_outside in interface outside
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 10.2.0.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
no crypto isakmp nat-traversal
telnet timeout 5
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics
username cisco password 3USUcOPFUiMCO4Jk encrypted privilege 15
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:32b608ef458b708a14ea2858b1df25a2
: end
asdm image flash:/asdm
no asdm history enable
:
PIX Version 8.0(3)
!
firewall transparent
hostname pix-transp
enable password 2KFQnbNIdI.2KYOU encrypted
names
!
interface Ethernet0
nameif outside
security-level 0
!
interface Ethernet1
nameif inside
security-level 100
!
interface Ethernet2
shutdown
no nameif
no security-level
!
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
access-list outside ethertype permit any
access-list inside ethertype permit any
access-list aclin_inside extended permit ip any any
access-list aclin_inside extended permit icmp any any
access-list aclin_outside extended permit ip any any
access-list aclin_outside extended permit icmp any any
pager lines 24
logging enable
logging buffered debugging
mtu inside 1500
mtu outside 1500
ip address 10.2.0.250 255.255.255.0
no failover
icmp unreachable rate-limit 1 burst-size 1
icmp permit any inside
asdm image flash:/asdm
no asdm history enable
arp timeout 14400
access-group inside in interface inside
access-group aclin_inside in interface inside
access-group outside in interface outside
access-group aclin_outside in interface outside
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 10.2.0.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
no crypto isakmp nat-traversal
telnet timeout 5
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics
username cisco password 3USUcOPFUiMCO4Jk encrypted privilege 15
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:32b608ef458b708a14ea2858b1df25a2
: end
asdm image flash:/asdm
no asdm history enable
Format an IOS Flash
router1#
dir%Error opening disk0:/ (Invalid DOS media or no media in slot)
router1#show disk0:
Unformatted Partition, please format it.
router1#format disk0:
Format operation may take a while. Continue? [confirm]
Format operation will destroy all data in "disk0:". Continue? [confirm]
Primary Partition created...Size 64 MB
Drive communication & 1st Sector Write OK...
Writing Monlib sectors....
Monlib write complete
Format: All system sectors written. OK...
Format: Total sectors in formatted partition: 131040
Format: Total bytes in formatted partition: 67092480Format: Operation completed successfully.
Format of disk0: complete
router1#
dir%Error opening disk0:/ (Invalid DOS media or no media in slot)
router1#show disk0:
Unformatted Partition, please format it.
router1#format disk0:
Format operation may take a while. Continue? [confirm]
Format operation will destroy all data in "disk0:". Continue? [confirm]
Primary Partition created...Size 64 MB
Drive communication & 1st Sector Write OK...
Writing Monlib sectors....
Monlib write complete
Format: All system sectors written. OK...
Format: Total sectors in formatted partition: 131040
Format: Total bytes in formatted partition: 67092480Format: Operation completed successfully.
Format of disk0: complete
router1#
Get Vlan Interface Index
sh vlan ifindex
will give you the relation between the mib ifindex and the interface itself.
will give you the relation between the mib ifindex and the interface itself.
Tuesday, February 10, 2009
Check FWSM Resources
show resource allocation detail
show resource allo
sh resource usage
sh resource usage all
show np pc
show np block
show np all status
show resource allo
sh resource usage
sh resource usage all
show np pc
show np block
show np all status
Format IOS Flash
router1#dir
%Error opening disk0:/ (Invalid DOS media or no media in slot)router1#show disk0:Unformatted Partition, please format it.
router1#format disk0:
Format operation may take a while. Continue? [confirm]
Format operation will destroy all data in "disk0:". Continue? [confirm]
Primary Partition created...Size 64 MB
Drive communication & 1st Sector Write OK...
Writing Monlib sectors....
Monlib write complete
Format: All system sectors written. OK...
Format: Total sectors in formatted partition: 131040
Format: Total bytes in formatted partition: 67092480
Format: Operation completed successfully.
Format of disk0: complete
router1#
%Error opening disk0:/ (Invalid DOS media or no media in slot)router1#show disk0:Unformatted Partition, please format it.
router1#format disk0:
Format operation may take a while. Continue? [confirm]
Format operation will destroy all data in "disk0:". Continue? [confirm]
Primary Partition created...Size 64 MB
Drive communication & 1st Sector Write OK...
Writing Monlib sectors....
Monlib write complete
Format: All system sectors written. OK...
Format: Total sectors in formatted partition: 131040
Format: Total bytes in formatted partition: 67092480
Format: Operation completed successfully.
Format of disk0: complete
router1#
Subscribe to:
Posts (Atom)