Just another Cisco blog
Posts tagged Commands
TCL Ping Script
Dec 29th
TCL is a scripting language built into IOS (since 12.3(2)T according to Cisco.com), it can be very handy. I use this TCL script quite a bit, but it’s always few and far between, so I find myself Googling for it every time. I decided to post it here so I always know where to find it, heh. This TCL script it pretty basic, you just type it out in a text editor and past it in the console.
Here’s a simple example:
foreach address {
192.168.10.1
192.168.15.1
192.168.25.1} { ping $address } |
With that we get this:
EDGE#tclsh
EDGE(tcl)#foreach address {
+> 192.168.10.1
+> 192.168.15.1
+> 192.168.25.1} { ping $address }
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.10.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/4 ms
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.15.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/4 ms
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.25.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/8 ms |
We could get a bit more complex using some extended ping options, like this:
foreach address {
192.168.10.1
192.168.15.1
192.168.25.1} { ping $address source lo254 repeat 3 } |
In this one we are pinging with a source address of Loopback 254, and only sending 3 pings. It looks like this:
EDGE#tclsh
EDGE(tcl)#foreach address {
+> 192.168.10.1
+> 192.168.15.1
+> 192.168.25.1} { ping $address source lo254 repeat 3 }
Type escape sequence to abort.
Sending 3, 100-byte ICMP Echos to 192.168.10.1, timeout is 2 seconds:
Packet sent with a source address of 192.168.254.254
!!!
Success rate is 100 percent (3/3), round-trip min/avg/max = 1/3/4 ms
Type escape sequence to abort.
Sending 3, 100-byte ICMP Echos to 192.168.15.1, timeout is 2 seconds:
Packet sent with a source address of 192.168.254.254
!!!
Success rate is 100 percent (3/3), round-trip min/avg/max = 1/3/8 ms
Type escape sequence to abort.
Sending 3, 100-byte ICMP Echos to 192.168.25.1, timeout is 2 seconds:
Packet sent with a source address of 192.168.254.254
!!!
Success rate is 100 percent (3/3), round-trip min/avg/max = 1/3/4 ms |
Short post, just something I needed a place for. Hope it’s useful to some readers.
Show Run Variations
Nov 28th
A recent thread on TechExams gave me the idea for a post on all the variations of the “show run” command. In this article I’ll go through the variations that I use the most, and some others that I don’t use much, but are pretty helpful.
Let’s take a look:
First we’ll look at all the options provided by IOS help:
EDGE#sh run ? all Configuration with defaults brief configuration without certificate data class-map Show class-map information control-plane Show Control-Plane information flow Global Flow configuration subcommands full full configuration interface Show interface configuration linenum Display line numbers in output map-class Show map class information policy-map Show policy-map information ssid Show Dot11 SSID information view View options vlan Show L2 VLAN information vrf Show VRF aware configuration | Output modifiers |
I’m sure everyone reading this has used good old “sh run” many times. What about the other options? I use “sh run interface” quite a bit:
EDGE#sh run int fa0/0 ... interface FastEthernet0/0 description OUTSIDE ip address xx.xx.xx.xx 255.255.255.248 ip access-group OUTSIDE_IN in no ip redirects no ip unreachables no ip proxy-arp ip accounting access-violations ip nbar protocol-discovery ip nat outside ip virtual-reassembly load-interval 30 duplex auto speed auto no cdp enable service-policy input QoS_IN service-policy output SHAPER end |
That and “sh run | section” are probably the variations I use most:
EDGE#sh run | sec ephone-dn ephone-dn 1 dual-line number 5001 no-reg primary label Colby name Colby ephone-dn 3 number 5003 no-reg primary label Laptop name Colby-Laptop ephone-dn 4 number 5004 no-reg primary name Wireless ephone-dn 5 number 5005 no-reg primary ephone-dn 6 number 5006 no-reg primary name Katie ephone-dn 11 dual-line number 555-555-5555 label 555-555-5555 name Colby |
That one is perfect for times when you are looking for specific parts of the config, without having to wade through everything.
A new one I just learned from Networking-Forum:
EDGE#sh run Building configuration... ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! /ospf <--- I typed this filtering... router ospf 200 router-id 192.168.254.254 log-adjacency-changes network 192.168.5.0 0.0.0.255 area 1 network 192.168.13.0 0.0.0.3 area 0 network 192.168.254.254 0.0.0.0 area 0 |
BGP Backdoor Lab
Nov 12th
In this article we’ll be going over the BGP Backdoor feature. This is used in cases where two systems are connected via an IGP, but also receiving routes to the same system through BGP. I stumbled across this feature while checking out one of the labs on Darren’s Blog. The only way I could think of to complete one of his criteria was changing the Administrative Distance of either BGP or the IGP. That is essentially what this feature does, but on a route-by-route basis instead of changing the AD of an entire protocol. I asked Darren if that was the only solution and he pointed me to “BGP Backdoor”. As usual, I will be including my Dynagen/GNS3 .net file at the end of this post. Here is our topology:
Let’s go through the config:
R1
hostname R1 ! interface Serial0/0 ip address 10.1.1.1 255.255.255.0 ! interface Serial0/1 ip address 10.1.3.1 255.255.255.0 ! router bgp 65000 no synchronization bgp log-neighbor-changes neighbor 10.1.1.2 remote-as 65525 neighbor 10.1.3.2 remote-as 65535 no auto-summary |
NetFlow Top-Talkers
Nov 2nd
This is a short article on the NetFlow “top-talkers” CLI feature, which I didn’t know about before today. NetFlow is a tool for monitoring traffic flows, it’s particulalry handy when you’re trying to find out what host or protocol is saturating a network. Obviously the pretty GUI NetFlow collectors are better for many things, but the CLI method can be really helpful if you’re looking for something quickly. Here’s the config:
Here’s the config from my outside interface.
interface FastEthernet0/0 description OUTSIDE ip address xx.xx.29.218 255.255.255.248 ip flow ingress ip flow egress |
I’ve enabled NetFlow with the “ip flow” commands.
Here are the commands to enable the “top-talkers” feature at the CLI.
EDGE(config)#ip flow-top-talkers EDGE(config-flow-top-talkers)# top 25 EDGE(config-flow-top-talkers)# sort-by bytes EDGE(config-flow-top-talkers)# cache-timeout 5000 EDGE(config-flow-top-talkers)#^Z |
Pretty simple, we’ve set how many conversations to show, then we can sort by bytes or packets, finally we set our timeout (in milliseconds).
Now we’ll look at the show command:
EDGE#sh ip flow top-talkers SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP Bytes Fa0/1 xx.xx.29.221 Fa0/0* 212.84.105.94 06 F6B9 9C40 77K Fa0/1 xx.xx.29.218 Fa0/0* 66.194.235.133 06 01BB EF24 12K Fa0/1 xx.xx.29.221 Fa0/0* 85.24.163.125 06 7F23 EC43 10K Fa0/1 xx.xx.29.221 Fa0/0* 114.89.235.172 06 7F23 0CB7 9216 Fa0/0 72.211.212.180 Fa0/1 xx.xx.29.221 06 EC74 7F23 5088 Fa0/0 66.194.235.133 Fa0/1 xx.xx.29.218 06 EF24 01BB 2680 Fa0/0 121.127.209.73 Fa0/1 xx.xx.29.221 06 0E20 7F23 2297 Fa0/1 xx.xx.29.221 Fa0/0* 121.127.209.73 06 7F23 0E20 2162 Fa0/0 87.194.215.124 Fa0/1 xx.xx.29.221 06 C220 7F23 2100 Fa0/1 xx.xx.29.221 Fa0/0* 87.194.215.124 06 7F23 C220 2072 Local xx.xx.29.218 Fa0/0* 70.71.239.87 32 033B B7EC 2000 Fa0/0 88.193.80.142 Fa0/1 xx.xx.29.221 06 D788 7F23 1838 Fa0/1 xx.xx.29.221 Fa0/0* 88.193.80.142 06 7F23 D788 1832 Fa0/1 xx.xx.29.221 Fa0/0* 70.64.13.242 06 7F23 F5BC 1717 Fa0/0 212.84.105.94 Fa0/1 xx.xx.29.221 06 9C40 F6B9 1276 Fa0/0 70.64.13.242 Fa0/1 xx.xx.29.221 06 F5BC 7F23 1067 Fa0/1 xx.xx.29.218 Fa0/0* 74.125.67.149 06 1853 0050 872 Fa0/1 xx.xx.29.221 Fa0/0* 217.145.245.245 06 7F23 8736 868 Fa0/0 70.177.163.148 Local xx.xx.29.218 2F 0000 0000 816 Fa0/0 24.11.68.215 Fa0/1 xx.xx.29.221 06 DABF 7F23 767 Fa0/0 81.234.172.49 Fa0/1 xx.xx.29.221 06 08A8 7F23 617 Tu103 xx.xx.29.218 Fa0/0* 65.120.117.126 32 0CED D9C9 616 Fa0/0 74.125.67.149 Fa0/1 xx.xx.29.218 06 0050 1853 594 Fa0/1 xx.xx.29.221 Fa0/0* 81.234.172.49 06 7F23 08A8 499 Fa0/0 85.68.237.69 Fa0/1 xx.xx.29.221 06 1F37 C0E5 372 |
JUNOS As A Second Language
Oct 27th
So I’ve been realizing how lost I am in JUNOS and it bugs me. I’ve been going through the JSL course that a friend linked me to me awhile back. Juniper offers this course for free (very smart, IMO) and you can view it online or download it. Here’s a blurb from their site:
About This Course
For those of you who are familiar with Cisco's IOS, learning Juniper Networks JUNOS operating system is now made easy with JUNOS as a Second Language. Using an advanced graphical display, this course compares the similarities and the differences between both operating systems and shows the benefits of using JUNOS software. This 90-minute program is designed for network engineers who are already well-versed in Cisco's IOS software but who might not be as familiar with Juniper Networks JUNOS software.
Building on existing IOS configuration knowledge to provide a high-level overview of the JUNOS software, how it works, and how it compares with IOS, this course covers the following:
* JUNOS Software Fundamentals
* The CLI
* Configuration Fundamentals
* Interface Configuration
* Ethernet Interfaces
* Serial Interfaces
* Interface Monitoring
* Firewall Filters
* Routing Protocol Fundamentals
* OSPF
* BGP
Upon completing this program, users who were new to the JUNOS software will now have a good familiarity with it and be a step closer to qualifying to attain the JNCIA-ER certification.
Recent Comments