IOS Tips

-Reset port gi1/0/1 to default:
# conf t
(config) # default interface gi1/0/1

-Reset ports 1-48 to default:
# conf t
(config)# default int range gi1/0/1-48

-Edit ports 1-48 at the same time
# conf t
(config)# int range gi1/0/1-48
(config-if)# <enter config change>

-Apply a config change to a non-contiguous range of ports
# conf t
(config) # int range gi1/0/1 – 5 , gi1/0/10 – 15
(config-if)# <enter config change>

-Do multiple steps in a single command when provisioning a port for an end-device
# conf t
(config)# int gi1/0/1
(config-if)# switchport host
   sets switch port mode to access + enables spanning tree Port Fast + disables channel grouping.

-Use macros to run a script by entering a single command AND use variables
 Create the macro
# conf t
(config)# macro name SetTrunk
description TRUNK PORT
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk native vlan $NATIVE
switchport trunk allowed vlan $ALLOWED
mls qos trust dscp
no shut
 Now apply the macro to a port you want to create as a trunk, set the native VLAN to 123 and define all VLANs as being allowed
# conf t
(config)# int gi1/0/1
(config-if)# macro apply SetTrunk $NATIVE 123 $ALLOWED all

-Show all interfaces and the CRC count for each
# show interface | i protocol|CRC
GigabitEthernet1/0/5 is up, line protocol is up (connected)
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored

-Find what ports are not currently connected
# sh int status | i notconnect

-Show what ports are down due to BPDUguard
# sh int status | i err
# show log | i BPDU|bpdu
%SPANTREE-2-BLOCK_BPDUGUARD: Received BPDU on port GigabitEthernet1/0/16 with BPDU Guard enabled. Disabling port.
%PM-4-ERR_DISABLE: bpduguard error detected on Gi1/0/16, putting Gi1/0/16 in err-disable state

-Delete a directory
# del /force /recursive directory_name

-For all switches in a stack, define both a primary AND a secondary boot image
# all flash:c3750-ipbasek9-mz.122-55.SE8.bin;flash:c3750-ipbasek9-mz.122-55.SE7.bin

-Get extended details about the packets crossing an interface
#show interfaces f2/0/17 controller
     Transmit FastEthernet2/0/17              Receive
     18971276 Bytes                         33189871 Bytes
        14754 Unicast frames                   59339 Unicast frames
        43389 Multicast frames                  3440 Multicast frames
        99892 Broadcast frames                 43925 Broadcast frames
            0 Too old frames                29986661 Unicast bytes
            0 Deferred frames                 346082 Multicast bytes
            0 MTU exceeded frames            2855260 Broadcast bytes
            0 1 collision frames                   0 Alignment errors
            0 2 collision frames                   0 FCS errors
            0 3 collision frames                   0 Oversize frames
            0 4 collision frames                  17 Undersize frames
            0 5 collision frames                   0 Collision fragments
            0 6 collision frames
            0 7 collision frames               46501 Minimum size frames
            0 8 collision frames                7813 65 to 127 byte frames
            0 9 collision frames                1613 128 to 255 byte frames
            0 10 collision frames               2114 256 to 511 byte frames
            0 11 collision frames              47218 512 to 1023 byte frames
            0 12 collision frames               1462 1024 to 1518 byte frames
            0 13 collision frames                  0 Overrun frames
            0 14 collision frames                  0 Pause frames
            0 15 collision frames
            0 Excessive collisions                 0 Symbol error frames
            0 Late collisions                      0 Invalid frames, too large
            0 VLAN discard frames                  0 Valid frames, too large
            0 Excess defer frames                  0 Invalid frames, too small
       112850 64 byte frames                       0 Valid frames, too small
         6718 127 byte frames
        20771 255 byte frames                      0 Too old frames
        16109 511 byte frames                      0 Valid oversize frames
         1445 1023 byte frames                     0 System FCS error frames
          142 1518 byte frames                     0 RxPortFifoFull drop frame
            0 Too large frames
            0 Good (1 coll) frames
            0 Good (>1 coll) frames

-Show receive and transmit utilization for all ports
0# sh controllers utilization
Port       Receive Utilization  Transmit Utilization
Fa2/0/1            0                    0
Fa2/0/2            0                    0
Fa2/0/3            0                    0
Fa2/0/4            0                    0
Fa2/0/5            0                    0

-Modify an access-list that is referenced with a class-map and policy-map (basically, you need to delete from the top down and rebuild from the bottom up):
Steps explained
# conf t
   remove the policy within the policy map that references the class-map that references the access-list (access-group)
   Remove the class-map that references the access-list (access-group)
   do a no access-list to remove the ACL
   Enter in the ACL statements
   Enter in the class-map statements
   change to policy-map
   Enter in the policy-map statements
Steps performed
   For this setup we’ll use this configuration
# conf t
(config)# policy-map MARK-LAN-DSCP
(config-pmap)# class EF-105-CLASS
(config-pmap-c)# set dscp ef
(config-pmap-c)# class-map match-any EF-105-CLASS
(config-cmap)# match access-group 105
(config-cmap)# exit
(config)# access-list 105 permit ip host any
GOAL: To edit access-list 105 and change one of the source IP’s without the switch choking on itself
# conf t
(config)# policy-map MARK-LAN-DSCP
(config-pmap)# no class EF-105-CLASS
(config-pmap) # exit
(config)# no class-map match-any EF-105-CLASS
(config)# no access-list 105
(config)# access-list 105 permit ip host any
(config)# access-list 105 permit ip host any
(config)# class-map match-any EF-105-CLASS
(config-cmap)# match access-group 105
(config-cmap)# exit
(config)# policy-map MARK-LAN-DSCP
(config-pmap)# class EF-105-CLASS
(config-pmap-c)# set dscp ef
(config-pmap-c)# exit
(config-pmap)# exit
(config)# exit
# wr

IAP Static IP



To verify if the settings are changed, execute the command “printenv”
1. Login to Instant web interface:
2. Select AP and click “edit”
3. Configure IP details and click OK.
Reboot AP from Maintenance menu

kron backup config

NOTE: make sure all devices has the same clock or point to the same NTP server

(config)# clock timezone GMT +7
(config)# archive
(config-archive)# path tftp://IP_of_TFTP_SERVER/$h$t
(config-archive)# write-memory
-kron will run 12AM
(config)# kron occurrence backup-config at 0:0 recurring
-kron will run 1 min later
(config)# kron occurrence backup-config in 1 oneshot

(config-kron-occurrence)# policy-list backup-config
(config)# kron policy-list backup-config
(config-kron-policy)# cli wr me
(config-kron-policy)# end
# wr me
#show kron schedule
backup-config inactive, will run once in 0 days 11:43:14

-to backup to local flash directory
Directory of flash0:/
    1  drw-           0  Jan 30 2013 07:00:00 +07:00  boot
  264  drw-           0  Oct 14 2013 07:00:00 +07:00  config
  267  -rw-   139942304  Mar 25 2015 07:00:00 +07:00  vios-adventerprisek9-m
  270  -rw-      524288  Feb 15 2018 21:55:44 +07:00  nvram
  271  -rw-          79  Feb 19 2018 11:35:08 +07:00  e1000_bia.txt
#cd backup
Directory of flash0:/backup/
No files in directory
2142715904 bytes total (1997635584 bytes free)
(config)# archive
(config-archive)#path flash:/backup/$h$t

How to save running-config to a text file

# copy run flash:STAN.txt
make changes

# configure replace flash:STAN.txt

# copy flash:STAN.txt run
Its actually merge the config but not replace it


enable archive and rollback which will rollback the old configuration if not confirmed (Just like in Junos)
# conf t
# (config) archive
# (config) path flash:STAN
# (config) end
-first archive
# archive config
# show archive
The maximum archive configurations allowed is 10.
There are currently 1 archive configurations saved.
The next archive file will be named flash:STAN-<timestamp>-1
Archive #  Name
   1        flash:STAN-Feb-15-02-28-02.841-0 <- Most Recent
-make changes
-save 2nd archive
# archive config
# show archive
-two archive listed then choose which archive you want to revert to
# configure replace flash:STAN-Feb-15-02-28-02.841-0 revert trigger timer 10
after 10min running-config will be reverted to STAN-Feb-15-02-28-02.841-0
# configure replace flash:STAN-Feb-15-02-28-02.841-0 revert trigger

if you want to immediately revert to target archive

send either the startup or running config to a TFTP, FTP or SCP server
# copy running-config archive:
# copy running-config flash:
# copy running-config flash0:
# copy running-config flash1:
# copy running-config flash2:
# copy running-config flash3:
# copy running-config ftp:
# copy running-config tftp:
# copy running-config scp:
# copy running-config http:

# copy running-config https:

enable session> logging in putty using connection properties
term len 0
sh run
in this way all the file is placed without need to press for next page
then you stop logging and you have your file.
to have again pages type:
term len 25

putty saves an header with date and time at the beginning after that you have clean text file.

go to file then click on log session then save the file with .txt extension

thay way your config file will be saved in text format

using Ansible
SolarWInds NCM

RAP-3WNP Basic Config

To factory reset the RAP-3:
-Remove power to RAP
-Insert a small object into the reset hole and press and hold the button
-Continue holding the button in while powering on the RAP-3.

-Hold this for up to 10 seconds.  The lights on the RAP will flash

-You must connect WAN ethernet cable to E0.
Otherwise you won’t get instant open ssid
-turn on its power and wait 4min
-connect your pc wifi to “instant” open ssid
you will get ip
on the LAN, you will get ip after configuration if DHCP Server is not configured
Username: admin

Password: admin

-click System/General
NTP server:
Timezone: Jakarta UTC+07
-click System/Admin
change password
-click 1 Network/New
WLAN Settings
   Name: aruba
   Privacy usage: Employee
   Client IP assignment: Network assigned
   lient VLAN assignment: Default

   click Finish

Set DHCP Server
-click More/DHCP Server
Domain name:

DNS Server(s):,

Allow all to wired-instant
-click Security/Roles/wired-instant

   set to Allow any to all destinations

To remove Network
-click unwanted Network

   on the right, you will see x, click that

To set Internal user for authentication

-click Security/Users for Internal Server

To set AD for authentication
-click Security/Authentication Servers
-click New
Name: AD1
IP address:
Auth port: 389
Admin-DN: aruba
Admin password:
Retype password:
Base-DN: cn=Users,dc=ngtrain,dc=com
Filter: (objectclass=*)

Key attribute: sAMAccountName

To set Captive portal for Guest users
-click Networks/New
WLAN Settings
  Name: Guest
   Primary usage: Guest
Client IP & VLAN Assignment
   click Network assigned
   click Default
Security Level
   Splash page type: Internal – Authenticated
   Auth server 1: here choose InternalServer or AD1 (can’t choose both)
click Finish

-user need to connect to Guest SSID then authenticate either using InternalServer or AD user first

To convert from IAP to RAP or CAP
-click Maintenance/Convert
Convert one or more Access Points to:
Remote APs managed by a Mobility Controller
Campus APs managed by a Mobility Controller

Standalone AP

To get Tech Support dump

-click More/Support/Run

To backup configuration
-click Maintenance/Configuration tab

-click Backup Configuration

To upgrade firmware
-every time you doing upgrade. You must back up the configuration first, otherwise it will gone after upgrading firmware
-download Conservative firmware from
-click Maintenance/About tab
noted down current firmware version
-click Firmware tab
click Browse and point to the downloaded firmware
click Upgrade Now
Conservative vs Standard difference
Over the years there has been a lot of confusion around the “Early Deployment (ED)” and “General Availability (GA)” tags.  These tags implied incorrect classifications and did not do an effective job indicating which release a customer should choose.  Any customer with a valid support account could download all releases with either tag.  The GA tag implied only the GA code could be freely downloaded and the ED tag gave the perception the releases were Beta code, not fully tested and not supported.
We are updating the names to clarify the differences between the releases and make it easier to know which release to run.  GA is renamed the Conservative release.  Conservative releases are for customers who prioritize stability over new features.  Customers who only run code that has soaked in the field at hundreds of customer sites should run the Conservative release.  Releases will typically take ~3-6 months to earn the Conservative tag.  ED is renamed the Standard release with no tag associated with it.  These releases have gone through full Aruba QA testing including system, scale and regression testing and they are fully supported by Aruba TAC.

Console Cisco causing BSOD with EventViewer Error 10016

-Putty 0.7
-Windows 10 Pro

-Aten USB to RS-232 Adapter UC232A

1. every time I console to Cisco switch through COM port.
It will crash BSOD after some time

Error 10016 in EventViewer:
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
 and APPID
 to the user NBCTCP\nbctcp SID (S-1-5-21-2067972773-1120365315-274810299-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

-download and install latest ATEN UC232A WIN10 driver from
The solution seems odd because Win10 already has Aten driver as shown below.
But if I didn’t install latest WIN10 driver, it will causing BSOD

Error “The first key-exchange algorithm supported by the server is diffie-hellman-group1-sha1”

2018-01-31 21_43_01-Windows 10 Event 10016 Fix_ The application-specific permission settings do not

Above error happen every time I ssh to my 3750 using Putty 0.7

CAT3750#sh ver

Cisco IOS Software, C3750 Software (C3750-IPSERVICESK9-M), Version 12.2(55)SE12


-using latest TeraTerm. It seems TeraTerm using relaxed Key Exchange


-modify Putty as shown below (I am not prefer this method)
2018-02-01 09_22_37-PuTTY Configuration

-harden IOS by upgrading to version 15 and follow this