Tag Archives: Cisco

Cisco vs Huawei Essential Command Mapping

Posted in Networking by

SOURCE: https://forum.huawei.com/carrier/en/thread-82497.html

What I LIKE in Huawei after few weeks using it
-open SFP
that mean you can use any sfp brand, it will not complain, but I don’t know that will void warranty
in Aruba you can use 3rd party sfp but that will void warranty
in Ruckus open SFP as well but won’t void warranty
-1 year warranty
like Cisco
unlike Aruba and Ruckus which is limited lifetime warranty (the best in warranty, you can have 100 years warranty)
-price could be cheaper than anything else
that’s why most countries using it nowadays
-almost all the switches are L3 switch
if you want more feature such as vxlan, just add license
-telco in mind
you can have AC or DC power module in the back. if you want to change AC to DC, just add DC module
if you want more poe power just add two AC power modules
it has anti static port in the back

NEED TO IMPROVE
-save need in User mode
unlike Cisco that you type “do wr me” in config mode
unlike Aruba that you just type “wr me” in any mode
-who answer in forum is not technical enough compare to Cisco and Aruba forum

CiscoHuawei
[no equivalent: shows the files used for startup]display startup (user mode)
??
aaaaaa
bootboot bootrom
clear access-list countersreset acl counter all (user mode)
clear countersreset (user mode)
clear cryptoipsec sa
ike sa
clear interfacereset counters interface
clear ip bgpreset bgp all
clear ip cefreset ip fast-forwarding
clear ip route *reset ip routing-table statistics protocol all
clockclock
conf tsystem-view
copy running-configsave filename
debug / no debugdebugging / undo debugging
debug pvc negodebug atm all (very dangerous – might crash router)
disablesuper 0 (number is privilege level from 0 to 3, where 3 is default and equivalent to “enable” on Cisco)
enablesuper
enable secret (conf mode)super pass cipher (system mode)
endreturn or ctrl+z
exitquit
ip tacacshwtacacs nas-ip (this command doesn’t exist !!!)
mtumtu
noundo
pingping
reloadreboot
router bgpbgp
router riprip
sendsend (user mode)
showdisplay
show atm pvcdisplay atm pvc-info
show clockdisplay clock
show controllerdisplay controller (but not relevant for non-modular chassis)
show crypto isakmp keydisplay ike peer
show crypto isakmp policedisplay ike proposal
show crypto isakmp sadisplay ike sa
show dsl int atm 0display dsl status interface atm 2/0
show flashdir flash: (user mode)
show frame-relay pvcdisplay fr pvc-info
show interfacesdisplay interface
show ip bgpdisplay bgp routing-table
show ip interfacedisplay ip interface
show ip nat translationdisplay nat session
show ip routedisplay routing-table
show loggingdisplay logbuffer
show policy-map interfacedisplay qos policy interface
show portdisplay port-mapping
show snmpdisplay snmp-agent statistics
show startupdisplay saved-configuration
show techdisplay diagnostic-information
show usersdisplay users
show versiondisplay version
shutdownshutdown
snmp-servertftp-server (system mode)
tacacs-serverhwtacacs scheme (system mode)
telnettelnet
terminal lengthscreen-length disable
undo screen-length disable
terminal monitorterminal debugging (user mode)
terminal no monitorundo terminal debugging (user mode)
traceroutetracert
write erasereset saved-configuration
write mem (or wr or copy run start)save
write terminal (sh run)display current-configuration

Enabling Portfast

Posted in Networking by

ARUBANETWORKS:

CISCO

JUNIPER:
SOURCE
https://randymukti.wordpress.com/2015/03/29/configuring-stp-portfast-on-juniper-platform-edge-port-juniper/
https://www.juniper.net/documentation/en_US/junos/topics/example/security-spanning-trees-bpdu-protection-els.html

-to enable
interfaces {
interface-range ACCESS {
member-range ge-0/0/6 to ge-0/0/45;
}
protocols {
rstp {
interface ACCESS {
edge;
}
bpdu-block-on-edge;
}
ethernet-switching-options {
bpdu-block {
disable-timeout 60;
}

-to check EDGE on/off
# run show spanning-tree interface detail | match “Link type”
Link type : Pt-Pt/NONEDGE
Link type : Pt-Pt/NONEDGE
Link type : Pt-Pt/NONEDGE
Link type : Pt-Pt/NONEDGE
Link type : Pt-Pt/NONEDGE
Link type : Pt-Pt/EDGE

RESULT:
EDGE ON
Mac 26s
Win 5s

EDGE OFF
Mac 28s
Win 9s


Automatically backup config to scp or tftp when “write mem”

Posted in Networking by

In Cisco, I can automatically backup config using scp or tftp to other location every time I issue “wr me”

How to achieve the same in other brand?

CISCO:
archive
path scp://root:eve@10.0.10.70/$h
write-memory

 

FORTIGATE:

 

HP:

 

JUNIPER:
https://forum.ivorde.com/junos-system-configuration-archival-is-not-working-over-scp-t19351.html

 

RUCKUS:

 

IOS Tips

Posted in Networking by
-Reset port gi1/0/1 to default:
# conf t
(config) # default interface gi1/0/1

-Reset ports 1-48 to default:
# conf t
(config)# default int range gi1/0/1-48

-Edit ports 1-48 at the same time
# conf t
(config)# int range gi1/0/1-48
(config-if)# <enter config change>

-Apply a config change to a non-contiguous range of ports
# conf t
(config) # int range gi1/0/1 – 5 , gi1/0/10 – 15
(config-if)# <enter config change>

-Do multiple steps in a single command when provisioning a port for an end-device
# conf t
(config)# int gi1/0/1
(config-if)# switchport host
   sets switch port mode to access + enables spanning tree Port Fast + disables channel grouping.

-Use macros to run a script by entering a single command AND use variables
 Create the macro
# conf t
(config)# macro name SetTrunk
shut
description TRUNK PORT
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk native vlan $NATIVE
switchport trunk allowed vlan $ALLOWED
mls qos trust dscp
no shut
@
 Now apply the macro to a port you want to create as a trunk, set the native VLAN to 123 and define all VLANs as being allowed
# conf t
(config)# int gi1/0/1
(config-if)# macro apply SetTrunk $NATIVE 123 $ALLOWED all

-Show all interfaces and the CRC count for each
# show interface | i protocol|CRC
GigabitEthernet1/0/5 is up, line protocol is up (connected)
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored

-Find what ports are not currently connected
# sh int status | i notconnect

-Show what ports are down due to BPDUguard
# sh int status | i err
or
# show log | i BPDU|bpdu
%SPANTREE-2-BLOCK_BPDUGUARD: Received BPDU on port GigabitEthernet1/0/16 with BPDU Guard enabled. Disabling port.
%PM-4-ERR_DISABLE: bpduguard error detected on Gi1/0/16, putting Gi1/0/16 in err-disable state

-Delete a directory
# del /force /recursive directory_name

-For all switches in a stack, define both a primary AND a secondary boot image
# all flash:c3750-ipbasek9-mz.122-55.SE8.bin;flash:c3750-ipbasek9-mz.122-55.SE7.bin

-Get extended details about the packets crossing an interface
#show interfaces f2/0/17 controller
     Transmit FastEthernet2/0/17              Receive
     18971276 Bytes                         33189871 Bytes
        14754 Unicast frames                   59339 Unicast frames
        43389 Multicast frames                  3440 Multicast frames
        99892 Broadcast frames                 43925 Broadcast frames
            0 Too old frames                29986661 Unicast bytes
            0 Deferred frames                 346082 Multicast bytes
            0 MTU exceeded frames            2855260 Broadcast bytes
            0 1 collision frames                   0 Alignment errors
            0 2 collision frames                   0 FCS errors
            0 3 collision frames                   0 Oversize frames
            0 4 collision frames                  17 Undersize frames
            0 5 collision frames                   0 Collision fragments
            0 6 collision frames
            0 7 collision frames               46501 Minimum size frames
            0 8 collision frames                7813 65 to 127 byte frames
            0 9 collision frames                1613 128 to 255 byte frames
            0 10 collision frames               2114 256 to 511 byte frames
            0 11 collision frames              47218 512 to 1023 byte frames
            0 12 collision frames               1462 1024 to 1518 byte frames
            0 13 collision frames                  0 Overrun frames
            0 14 collision frames                  0 Pause frames
            0 15 collision frames
            0 Excessive collisions                 0 Symbol error frames
            0 Late collisions                      0 Invalid frames, too large
            0 VLAN discard frames                  0 Valid frames, too large
            0 Excess defer frames                  0 Invalid frames, too small
       112850 64 byte frames                       0 Valid frames, too small
         6718 127 byte frames
        20771 255 byte frames                      0 Too old frames
        16109 511 byte frames                      0 Valid oversize frames
         1445 1023 byte frames                     0 System FCS error frames
          142 1518 byte frames                     0 RxPortFifoFull drop frame
            0 Too large frames
            0 Good (1 coll) frames
            0 Good (>1 coll) frames

-Show receive and transmit utilization for all ports
0# sh controllers utilization
Port       Receive Utilization  Transmit Utilization
Fa2/0/1            0                    0
Fa2/0/2            0                    0
Fa2/0/3            0                    0
Fa2/0/4            0                    0
Fa2/0/5            0                    0

-Modify an access-list that is referenced with a class-map and policy-map (basically, you need to delete from the top down and rebuild from the bottom up):
Steps explained
# conf t
   remove the policy within the policy map that references the class-map that references the access-list (access-group)
   Remove the class-map that references the access-list (access-group)
   do a no access-list to remove the ACL
   Enter in the ACL statements
   Enter in the class-map statements
   change to policy-map
   Enter in the policy-map statements
Steps performed
   For this setup we’ll use this configuration
# conf t
(config)# policy-map MARK-LAN-DSCP
(config-pmap)# class EF-105-CLASS
(config-pmap-c)# set dscp ef
(config-pmap-c)# class-map match-any EF-105-CLASS
(config-cmap)# match access-group 105
(config-cmap)# exit
(config)# access-list 105 permit ip host 192.168.2.1 any
GOAL: To edit access-list 105 and change one of the source IP’s without the switch choking on itself
# conf t
(config)# policy-map MARK-LAN-DSCP
(config-pmap)# no class EF-105-CLASS
(config-pmap) # exit
(config)# no class-map match-any EF-105-CLASS
(config)# no access-list 105
(config)# access-list 105 permit ip host 10.0.0.1 any
(config)# access-list 105 permit ip host 192.168.2.1 any
(config)# class-map match-any EF-105-CLASS
(config-cmap)# match access-group 105
(config-cmap)# exit
(config)# policy-map MARK-LAN-DSCP
(config-pmap)# class EF-105-CLASS
(config-pmap-c)# set dscp ef
(config-pmap-c)# exit
(config-pmap)# exit
(config)# exit
# wr

kron backup config

Posted in Networking by
NOTE: make sure all devices has the same clock or point to the same NTP server

(config)# clock timezone GMT +7
(config)# archive
(config-archive)# path tftp://IP_of_TFTP_SERVER/$h$t
(config-archive)# write-memory
-kron will run 12AM
(config)# kron occurrence backup-config at 0:0 recurring
or
-kron will run 1 min later
(config)# kron occurrence backup-config in 1 oneshot

(config-kron-occurrence)# policy-list backup-config
(config)# kron policy-list backup-config
(config-kron-policy)# cli wr me
(config-kron-policy)# end
# wr me
#show kron schedule
backup-config inactive, will run once in 0 days 11:43:14

-to backup to local flash directory
#dir
Directory of flash0:/
    1  drw-           0  Jan 30 2013 07:00:00 +07:00  boot
  264  drw-           0  Oct 14 2013 07:00:00 +07:00  config
  267  -rw-   139942304  Mar 25 2015 07:00:00 +07:00  vios-adventerprisek9-m
  270  -rw-      524288  Feb 15 2018 21:55:44 +07:00  nvram
  271  -rw-          79  Feb 19 2018 11:35:08 +07:00  e1000_bia.txt
#cd backup
R1#dir
Directory of flash0:/backup/
No files in directory
2142715904 bytes total (1997635584 bytes free)
(config)# archive
(config-archive)#path flash:/backup/$h$t

How to save running-config to a text file

Posted in Networking by
OPTION1:
# copy run flash:STAN.txt
make changes

# configure replace flash:STAN.txt

NOTE:
# copy flash:STAN.txt run
Its actually merge the config but not replace it

 

OPTION2:
enable archive and rollback which will rollback the old configuration if not confirmed (Just like in Junos)
# conf t
# (config) archive
# (config) path flash:STAN
# (config) end
-first archive
# archive config
# show archive
The maximum archive configurations allowed is 10.
There are currently 1 archive configurations saved.
The next archive file will be named flash:STAN-<timestamp>-1
Archive #  Name
   1        flash:STAN-Feb-15-02-28-02.841-0 <- Most Recent
   2
   3
   4
   5
   6
   7
   8
   9
   10
-make changes
-save 2nd archive
# archive config
# show archive
-two archive listed then choose which archive you want to revert to
# configure replace flash:STAN-Feb-15-02-28-02.841-0 revert trigger timer 10
after 10min running-config will be reverted to STAN-Feb-15-02-28-02.841-0
or
# configure replace flash:STAN-Feb-15-02-28-02.841-0 revert trigger

if you want to immediately revert to target archive

OPTION3:
send either the startup or running config to a TFTP, FTP or SCP server
# copy running-config archive:
# copy running-config flash:
# copy running-config flash0:
# copy running-config flash1:
# copy running-config flash2:
# copy running-config flash3:
# copy running-config ftp:
# copy running-config tftp:
# copy running-config scp:
# copy running-config http:

# copy running-config https:

OPTION4:
Putty
enable session> logging in putty using connection properties
then
term len 0
sh run
in this way all the file is placed without need to press for next page
then you stop logging and you have your file.
to have again pages type:
term len 25

putty saves an header with date and time at the beginning after that you have clean text file.

OPTION5:
SecureCRT
go to file then click on log session then save the file with .txt extension

thay way your config file will be saved in text format

OPTION6:
using Ansible
OPTION7:
SolarWInds NCM

Console Cisco causing BSOD with EventViewer Error 10016

Posted in Networking by
SW INFO:
-Putty 0.7
-Windows 10 Pro

HW INFO:
-Aten USB to RS-232 Adapter UC232A

PROBLEMS:
1. every time I console to Cisco switch through COM port.
It will crash BSOD after some time

Error 10016 in EventViewer:
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NBCTCP\nbctcp SID (S-1-5-21-2067972773-1120365315-274810299-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

SOLUTION:
-download and install latest ATEN UC232A WIN10 driver from
NOTE:
The solution seems odd because Win10 already has Aten driver as shown below.
But if I didn’t install latest WIN10 driver, it will causing BSOD
aten

Error “The first key-exchange algorithm supported by the server is diffie-hellman-group1-sha1”

Posted in Networking by
2018-01-31 21_43_01-Windows 10 Event 10016 Fix_ The application-specific permission settings do not

Above error happen every time I ssh to my 3750 using Putty 0.7

SW INFO
CAT3750#sh ver

Cisco IOS Software, C3750 Software (C3750-IPSERVICESK9-M), Version 12.2(55)SE12

SOLUTION1:

-using latest TeraTerm. It seems TeraTerm using relaxed Key Exchange

SOLUTION2:

-modify Putty as shown below (I am not prefer this method)
2018-02-01 09_22_37-PuTTY Configuration

SOLUTION3:
-harden IOS by upgrading to version 15 and follow this