Using 3rd Party SFP Modules On Cisco Catalyst Switch

OPTION1
(config)# service unsupported-transceiver
(config)# no errdisable detect cause gbic-invalid

OPTION2
Using Universal SFP
Advertisements

IOS Tips

-Reset port gi1/0/1 to default:
# conf t
(config) # default interface gi1/0/1

-Reset ports 1-48 to default:
# conf t
(config)# default int range gi1/0/1-48

-Edit ports 1-48 at the same time
# conf t
(config)# int range gi1/0/1-48
(config-if)# <enter config change>

-Apply a config change to a non-contiguous range of ports
# conf t
(config) # int range gi1/0/1 – 5 , gi1/0/10 – 15
(config-if)# <enter config change>

-Do multiple steps in a single command when provisioning a port for an end-device
# conf t
(config)# int gi1/0/1
(config-if)# switchport host
   sets switch port mode to access + enables spanning tree Port Fast + disables channel grouping.

-Use macros to run a script by entering a single command AND use variables
 Create the macro
# conf t
(config)# macro name SetTrunk
shut
description TRUNK PORT
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk native vlan $NATIVE
switchport trunk allowed vlan $ALLOWED
mls qos trust dscp
no shut
@
 Now apply the macro to a port you want to create as a trunk, set the native VLAN to 123 and define all VLANs as being allowed
# conf t
(config)# int gi1/0/1
(config-if)# macro apply SetTrunk $NATIVE 123 $ALLOWED all

-Show all interfaces and the CRC count for each
# show interface | i protocol|CRC
GigabitEthernet1/0/5 is up, line protocol is up (connected)
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored

-Find what ports are not currently connected
# sh int status | i notconnect

-Show what ports are down due to BPDUguard
# sh int status | i err
or
# show log | i BPDU|bpdu
%SPANTREE-2-BLOCK_BPDUGUARD: Received BPDU on port GigabitEthernet1/0/16 with BPDU Guard enabled. Disabling port.
%PM-4-ERR_DISABLE: bpduguard error detected on Gi1/0/16, putting Gi1/0/16 in err-disable state

-Delete a directory
# del /force /recursive directory_name

-For all switches in a stack, define both a primary AND a secondary boot image
# all flash:c3750-ipbasek9-mz.122-55.SE8.bin;flash:c3750-ipbasek9-mz.122-55.SE7.bin

-Get extended details about the packets crossing an interface
#show interfaces f2/0/17 controller
     Transmit FastEthernet2/0/17              Receive
     18971276 Bytes                         33189871 Bytes
        14754 Unicast frames                   59339 Unicast frames
        43389 Multicast frames                  3440 Multicast frames
        99892 Broadcast frames                 43925 Broadcast frames
            0 Too old frames                29986661 Unicast bytes
            0 Deferred frames                 346082 Multicast bytes
            0 MTU exceeded frames            2855260 Broadcast bytes
            0 1 collision frames                   0 Alignment errors
            0 2 collision frames                   0 FCS errors
            0 3 collision frames                   0 Oversize frames
            0 4 collision frames                  17 Undersize frames
            0 5 collision frames                   0 Collision fragments
            0 6 collision frames
            0 7 collision frames               46501 Minimum size frames
            0 8 collision frames                7813 65 to 127 byte frames
            0 9 collision frames                1613 128 to 255 byte frames
            0 10 collision frames               2114 256 to 511 byte frames
            0 11 collision frames              47218 512 to 1023 byte frames
            0 12 collision frames               1462 1024 to 1518 byte frames
            0 13 collision frames                  0 Overrun frames
            0 14 collision frames                  0 Pause frames
            0 15 collision frames
            0 Excessive collisions                 0 Symbol error frames
            0 Late collisions                      0 Invalid frames, too large
            0 VLAN discard frames                  0 Valid frames, too large
            0 Excess defer frames                  0 Invalid frames, too small
       112850 64 byte frames                       0 Valid frames, too small
         6718 127 byte frames
        20771 255 byte frames                      0 Too old frames
        16109 511 byte frames                      0 Valid oversize frames
         1445 1023 byte frames                     0 System FCS error frames
          142 1518 byte frames                     0 RxPortFifoFull drop frame
            0 Too large frames
            0 Good (1 coll) frames
            0 Good (>1 coll) frames

-Show receive and transmit utilization for all ports
0# sh controllers utilization
Port       Receive Utilization  Transmit Utilization
Fa2/0/1            0                    0
Fa2/0/2            0                    0
Fa2/0/3            0                    0
Fa2/0/4            0                    0
Fa2/0/5            0                    0

-Modify an access-list that is referenced with a class-map and policy-map (basically, you need to delete from the top down and rebuild from the bottom up):
Steps explained
# conf t
   remove the policy within the policy map that references the class-map that references the access-list (access-group)
   Remove the class-map that references the access-list (access-group)
   do a no access-list to remove the ACL
   Enter in the ACL statements
   Enter in the class-map statements
   change to policy-map
   Enter in the policy-map statements
Steps performed
   For this setup we’ll use this configuration
# conf t
(config)# policy-map MARK-LAN-DSCP
(config-pmap)# class EF-105-CLASS
(config-pmap-c)# set dscp ef
(config-pmap-c)# class-map match-any EF-105-CLASS
(config-cmap)# match access-group 105
(config-cmap)# exit
(config)# access-list 105 permit ip host 192.168.2.1 any
GOAL: To edit access-list 105 and change one of the source IP’s without the switch choking on itself
# conf t
(config)# policy-map MARK-LAN-DSCP
(config-pmap)# no class EF-105-CLASS
(config-pmap) # exit
(config)# no class-map match-any EF-105-CLASS
(config)# no access-list 105
(config)# access-list 105 permit ip host 10.0.0.1 any
(config)# access-list 105 permit ip host 192.168.2.1 any
(config)# class-map match-any EF-105-CLASS
(config-cmap)# match access-group 105
(config-cmap)# exit
(config)# policy-map MARK-LAN-DSCP
(config-pmap)# class EF-105-CLASS
(config-pmap-c)# set dscp ef
(config-pmap-c)# exit
(config-pmap)# exit
(config)# exit
# wr

kron backup config

NOTE: make sure all devices has the same clock or point to the same NTP server

(config)# clock timezone GMT +7
(config)# archive
(config-archive)# path tftp://IP_of_TFTP_SERVER/$h$t
(config-archive)# write-memory
-kron will run 12AM
(config)# kron occurrence backup-config at 0:0 recurring
or
-kron will run 1 min later
(config)# kron occurrence backup-config in 1 oneshot

(config-kron-occurrence)# policy-list backup-config
(config)# kron policy-list backup-config
(config-kron-policy)# cli wr me
(config-kron-policy)# end
# wr me
#show kron schedule
backup-config inactive, will run once in 0 days 11:43:14

-to backup to local flash directory
#dir
Directory of flash0:/
    1  drw-           0  Jan 30 2013 07:00:00 +07:00  boot
  264  drw-           0  Oct 14 2013 07:00:00 +07:00  config
  267  -rw-   139942304  Mar 25 2015 07:00:00 +07:00  vios-adventerprisek9-m
  270  -rw-      524288  Feb 15 2018 21:55:44 +07:00  nvram
  271  -rw-          79  Feb 19 2018 11:35:08 +07:00  e1000_bia.txt
#cd backup
R1#dir
Directory of flash0:/backup/
No files in directory
2142715904 bytes total (1997635584 bytes free)
(config)# archive
(config-archive)#path flash:/backup/$h$t

How to save running-config to a text file

OPTION1:
# copy run flash:STAN.txt
make changes

# configure replace flash:STAN.txt

NOTE:
# copy flash:STAN.txt run
Its actually merge the config but not replace it

 

OPTION2:
enable archive and rollback which will rollback the old configuration if not confirmed (Just like in Junos)
# conf t
# (config) archive
# (config) path flash:STAN
# (config) end
-first archive
# archive config
# show archive
The maximum archive configurations allowed is 10.
There are currently 1 archive configurations saved.
The next archive file will be named flash:STAN-<timestamp>-1
Archive #  Name
   1        flash:STAN-Feb-15-02-28-02.841-0 <- Most Recent
   2
   3
   4
   5
   6
   7
   8
   9
   10
-make changes
-save 2nd archive
# archive config
# show archive
-two archive listed then choose which archive you want to revert to
# configure replace flash:STAN-Feb-15-02-28-02.841-0 revert trigger timer 10
after 10min running-config will be reverted to STAN-Feb-15-02-28-02.841-0
or
# configure replace flash:STAN-Feb-15-02-28-02.841-0 revert trigger

if you want to immediately revert to target archive

OPTION3:
send either the startup or running config to a TFTP, FTP or SCP server
# copy running-config archive:
# copy running-config flash:
# copy running-config flash0:
# copy running-config flash1:
# copy running-config flash2:
# copy running-config flash3:
# copy running-config ftp:
# copy running-config tftp:
# copy running-config scp:
# copy running-config http:

# copy running-config https:

OPTION4:
Putty
enable session> logging in putty using connection properties
then
term len 0
sh run
in this way all the file is placed without need to press for next page
then you stop logging and you have your file.
to have again pages type:
term len 25

putty saves an header with date and time at the beginning after that you have clean text file.

OPTION5:
SecureCRT
go to file then click on log session then save the file with .txt extension

thay way your config file will be saved in text format

OPTION6:
using Ansible
OPTION7:
SolarWInds NCM

Console Cisco causing BSOD with EventViewer Error 10016

SW INFO:
-Putty 0.7
-Windows 10 Pro

HW INFO:
-Aten USB to RS-232 Adapter UC232A

PROBLEMS:
1. every time I console to Cisco switch through COM port.
It will crash BSOD after some time

Error 10016 in EventViewer:
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NBCTCP\nbctcp SID (S-1-5-21-2067972773-1120365315-274810299-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

SOLUTION:
-download and install latest ATEN UC232A WIN10 driver from
NOTE:
The solution seems odd because Win10 already has Aten driver as shown below.
But if I didn’t install latest WIN10 driver, it will causing BSOD
aten

Error “The first key-exchange algorithm supported by the server is diffie-hellman-group1-sha1”

2018-01-31 21_43_01-Windows 10 Event 10016 Fix_ The application-specific permission settings do not

Above error happen every time I ssh to my 3750 using Putty 0.7

SW INFO
CAT3750#sh ver

Cisco IOS Software, C3750 Software (C3750-IPSERVICESK9-M), Version 12.2(55)SE12

SOLUTION1:

-using latest TeraTerm. It seems TeraTerm using relaxed Key Exchange

SOLUTION2:

-modify Putty as shown below (I am not prefer this method)
2018-02-01 09_22_37-PuTTY Configuration

SOLUTION3:
-harden IOS by upgrading to version 15 and follow this

Killing stuck process

Arista:
# bash
$ ps –ef | grep -i Stp
$ sudo kill PID

CheckPoint:
ps -auxww  Report all active processes in the kernel we can see zombi process with this command  (z)
You must first identify the parent process of these zombies;
ps -l -p <pid of zombie>
pidof fwd (splat)
pgrep -l sshd   Find the PIDs of processes by (part of) name
ps axjf              See in tree format also i can see parent pid )
pmap PID       Memory map of process (good for hunting memory leaks)

Displaying the top 10 CPU-consuming processes (% of total usage)
ps aux | head -1; ps aux | sort -rn +2 | head -10
Displaying the processes in order of real memory use
ps vx | head -1 ; ps vx | grep -v PID | sort -rn +6 | head -10

Displaying the processes using whatchdog (CPWD) for  (CDP,FWM,FWD)
cpwd_admin list
more explanation on  this post
******************************************************
Kill a Firewall process
kill -9 (pid of process)
fw kill [-t sig] proc_name
Example:
fw kill -t 9 fwm
Also process can be kill with top command and just press -k follow by process PID

Cisco:
# show processes cpu sorted
# clear sockets PID

F5
# ps ax | grep -i sshd
# kill -9 PID

Fortinet:
-check version
# fnsysctl cat /proc/version
Linux version 2.4.37 (root@build) #1 Mon Dec  4 20:51:05 UTC 2017
-check running daemon
# fnsysctl ls /var/run
alertmail.pid       authd.pid           bgpd.pid
cmdbsvr.pid         cw_acd.pid          daemon.pid
dhcpd.pid           dnsproxy.pid        eap_proxy.pid
fclicense.pid       fcnacd.pid          fgfmd.pid
fnbamd.pid          foauthd.pid         forticldd.pid
forticron.pid       fsvrd.pid           httpclid.pid
httpd.pid           iked.pid            imi.pid
init.pid            ipsengine.pid       ipsmonitor.pid
isisd.pid           kmiglogd.pid        merged_daemons.pid
miglogd000.pid      miglogd001.pid      nsm.pid
ntpd.pid            ospf6d.pid          ospfd.pid
pdmd.pid            pim6d.pid           pimd.pid
pyfcgid.pid         ripd.pid            ripngd.pid
snmpd.pid           sshd.pid            stpd.pid
telnetd.pid         updated.pid         uploadd.pid
wpad.pid            zebos_launcher.pid
-check running PID
# fnsysctl ps
PID       UID     GID     STATE   CMD
1         0       0       S       /bin/initXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
2         0       0       S       [keventd]
3         0       0       S       [ksoftirqd_CPU0]
4         0       0       S       [kswapd]
5         0       0       S       [bdflush]
6         0       0       S       [kupdated]
7         0       0       S       [memoryd]
8         0       0       S       [khubd]
12        0       0       S       [usb-storage-0]
13        0       0       S       [scsi_eh_0]
31        0       0       S       [mvl_link]
32        0       0       S       /bin/cmdbsvr
38        0       0       S       /bin/zebos_launcher
39        0       0       S       /bin/nsm -L 2
40        0       0       S       /bin/ripd -L 2
41        0       0       S       /bin/ripngd -L 2
42        0       0       S       /bin/ospfd -L 3
43        0       0       S       /bin/ospf6d -L 2
44        0       0       S       /bin/bgpd -L 3
45        0       0       S       /bin/isisd -L 2
46        0       0       S       /bin/pimd -L 2
47        0       0       S       /bin/pim6d -L 2
48        0       0       S       /bin/pdmd -L 2
49        0       0       S       /bin/imi -L 2
50        0       0       S       /bin/uploadd
51        0       0       S       /bin/miglogd
52        0       0       S       /bin/kmiglogd
53        0       0       S       /bin/httpsd
55        0       0       S       /bin/getty
56        0       0       S       /bin/ipsmonitor
59        0       0       S       /bin/merged_daemons
60        0       0       S       /bin/fnbamd
61        0       0       S       /bin/fclicense
62        0       0       S       /bin/ipshelper
63        0       0       S       /bin/forticron
64        0       0       S       /bin/forticldd
65        0       0       S       /bin/authd
66        0       0       S       /bin/foauthd
67        0       0       S       /bin/httpclid
68        0       0       S       /bin/iked
69        0       0       S       /bin/updated
70        0       0       S       /bin/snmpd
71        0       0       S       /bin/dhcpd
72        0       0       S       /bin/miglogd 1
73        0       0       S       /bin/ntpd
74        0       0       S       /bin/sshd
75        0       0       S       /bin/telnetd
78        0       0       S       /bin/alertmail
79        0       0       S       /bin/dnsproxy
80        0       0       S       /bin/eap_proxy
81        0       0       S       /bin/fgfmd
82        0       0       S       /bin/cw_acd
83        0       0       S       /bin/wpad_ac
84        0       0       S       /bin/stpd
85        0       0       S       /bin/fsvrd
87        0       0       S       /bin/fcnacd
92        0       0       S       /bin/httpsd
93        0       0       S       /bin/httpsd
94        0       0       S       /bin/httpsd
510       0       0       S       /bin/pyfcgid
512       0       0       S       /bin/pyfcgid
513       0       0       S       /bin/pyfcgid
514       0       0       S       /bin/pyfcgid
553       0       0       S       /bin/sshd
554       0       0       S       /bin/newcli
556       0       0       R       ps

-you can use diag to check 100 the most 100 top resources with 25s delay, but the list not as comprehensive as “fnsysctl ps” above
# diag sys top 25 100
Run Time:  0 days, 8 hours and 15 minutes
0U, 0N, 0S, 100I; 499T, 253F
         pyfcgid      510      S       0.0     5.1
         pyfcgid      512      S       0.0     5.0
         pyfcgid      513      S       0.0     5.0
         pyfcgid      514      S       0.0     5.0
         cmdbsvr       32      S       0.0     5.0
          httpsd       94      S       0.0     4.7
          httpsd       93      S       0.0     4.7
          httpsd       53      S       0.0     4.1
          cw_acd       82      S       0.0     4.0
          httpsd       92      S       0.0     3.9
       forticron       63      S       0.0     3.3
         miglogd       51      S       0.0     3.3
          newcli      560      R       0.0     3.1
          newcli      554      S       0.0     3.1
           fgfmd       81      S       0.0     3.0
       ipshelper       62      S <     0.0     2.5
          fcnacd       87      S       0.0     2.4
           authd       65      S       0.0     2.3
            iked       68      S       0.0     2.2
       eap_proxy       80      S       0.0     2.2

-for example we want to check dhcp PID
# fnsysctl more /var/run/dhcpd.pid
71
-to kill dhcpd
# diag sys kill 9 71
or
# fnsysctl kill -9 71
-to disable dhcpd service
# config sys dhcp server
# edit 1
# set status dis
-to enable back
# set status ena

HP:

Juniper:
> show system processes extensive
last pid: 16727; load averages: 22.24, 22.19, 22.15 up 0+17:39:34 01:26:10
265 processes: 28 running, 215 sleeping, 1 zombie, 21 waiting
Mem: 970M Active, 128M Inact, 147M Wired, 230M Cache, 112M Buf, 386M Free
> start shell
% top
   last pid: 37244; load averages: 0.04, 0.03, 0.00 up 16+16:18:49 09:19:44 52 processes:    1 running, 51 sleeping, , 1 zombie, 21 waiting
   CPU states: 2.5% user, 0.0% nice, 0.6% system, 0.3% interrupt, 96.6% idle Mem: 429M     Active, 69M Inact, 59M Wired, 165M Cache, 110M Buf, 258M Free
If the PID is identified from CLI, or the top command
% ps aux | grep –Wz
Pid=16396
Pid=13256
-to kill target PID
# kill -9 16396

Mikrotik:

PaloAlto:
Sangfor:

SonicWall:

Sophos: