cisco

Actually, this one is pretty hard to screw up, but if you tried hard enough you’d break something expensive.   Owing to the design of the newer 6500-series chassis, you can’t put the Supervisor blades anywhere, at least not the 720.   If you look at the back of the module, you’ll see why.  The obvious part is that the structure with pins covers nearly the whole back side of the module — if you look in the 6500 chassis, there will only be two slots that match.   The others will have a gap on the left, and the black plastic mating medium start at about 25% of the length and goes close to the end.   The other thing you’ll find, if you look closely, is that there is a crescent-shaped slot on the 720 module, and a matching rod maybe an inch long with a corresponding crescent-shape (half circle, more precisely) in the back of the correct 6500 slot.  The orientation of that little peg is the same for the supervisor (or switch fabric) slots, but reversed from all the others.   Despite the small size, this pin prevents you (in normal circumstances) from pushing the module in the wrong slot far enough to damage it.

I was used to putting the Sup at the top of the slots, or in some cases the bottom.   But in a 6509, for instance, those puppies are going to go in the middle.  If you’ve got redundant supervisors  for the 6509, that would be slots 5 and 6.   Note that this isn’t the same as you would find in the 6513 or 6506, and obviously not the same as the 6503 either.

Here’s the run down:
Occupies the switch fabric slots in the chassis:
3-slot chassis—slots 1 and 2
6-slot chassis—slots 5 and 6
9-slot chassis—slots 5 and 6
13-slot chassis—slots 7 and 8
That info is from a pdf document, CISCO CATALYST 6500 SERIES SWITCH SUPERVISOR ENGINE 720   .

And there you go.

For Cisco IOS vlan interfaces currently, the default interface state is shutdown.

Sure, it may be confusing that all those Gig and FastE ports are up by default on your 3750, while your sixteen vlan interfaces are not, but that’s the breaks.

So, remember, when you do this:

int vlan 76
ip addr 10.555.555.555 255.255.224.0

don’t forget to do this:
no shut

Otherwise, you will probably be featured in some lame IT-themed PSA on late night TV, or stoned to death. YMMV due to geographic particularities and local customs.

From when I first started working with Unix up to the nearly present, I had always used cat /dev/null to empty a file with a minimum of mess, i.e.,:
foozbear% cat /dev/null > big_useless_log

This, of course, made big_useless_log empty, and did so without getting rid of it, in case an a data write was imminent. If memory serves, this was all very consistent with the Unix principle of “First, Do no harm,” or, “Don’t make waves if you don’t have a board,” or whatever it was. (I believe using /dev/null in this way was called data lavage.)

This week I was using a lot of temp files — actually using the same temp file over and over to hold data I’d scraped from Cisco switch output so I could point some ‘awk’ at it for parsing purposes. For some reason, I decided to see what would happen if instead of removing and recreating the file (or more laboriously, typing cat /dev/null > temp), I used a redirection symbol, i.e.,
foozbear% > temp
Well, this worked as well as my previous steps, so I started alternating (using the command line up arrow) between my temp file resetting/editing
foozbear% > temp && vi temp
and my grep/awk line:
foozbear% egrep 'Gig|Fas' temp | awk '{print "interface "$2" "$3"\n description "$1}'

This worked fantastically (note that I was using bash under Ubuntu here), and a good time was had by all (the Cisco switches were particularly pleased, having their cdp output turned into port descriptions so handily — but perhaps I’ll expand on that later).

The redirection symbol also can be used if you are too lazy to create an empty file using ‘touch’. Instead of
foozbear% touch newfile
just type
foozbear% > newfile
and you’re all set.

I thought I’d post the simple filter I use on ’show cdp’ output, which lets me get information quickly.

MalbecMDF#show cdp neighbor detail | include (---|Device ID|IP address|Platform)

In practice, I generally cut the command down to:
sh cdp ne d | inc (blah|blah)
It is probably best to start with obvious match choices, before pairing them down, as you can find yourself surprised with the text that is grabbed from different types of devices if you’re basing your regular expression match on a small sample.

In any case, the output should come out something like this:

MalbecMDF#sh cdp ne d | inc (---|e ID|IP add|Plat)
-------------------------
Device ID: SummaC-6509
IP address: 10.77.234.131
Platform: cisco WS-C6509-E, Capabilities: Router Switch IGMP
-------------------------
Device ID: Malbec-AP10
IP address: 10.88.129.22
Platform: cisco AIR-AP1231G-A-K9 , Capabilities: Trans-Bridge
-------------------------
Device ID: Malbec-AP11
IP address: 10.88.129.29
Platform: cisco AIR-AP1231G-A-K9 , Capabilities: Trans-Bridge
-------------------------

OSPF determines router id in one of three ways. The following list shows the determination mechanism:

• If an ID has been specified with the router-id command, use it.
• If there is no router-id command, use the highest numbered loopback interface, regardless of the physical interface numbers.
• If there is no router-id set, and there are no loopback interfaces, use the highest numbered physical interface as the OSPF router id.

So, what happens if none of these conditions are met? (A better question might be, “Why would you run OSPF on a router with no IP addresses set on it?” I’ll work an answer to that one into my in-progress treatise, 501 Dumb Thing To Do with your Network Lab.)

Read the rest of this entry »

In an earlier post, I talked about Cisco command line regular expressions, and held off on giving any good examples of using the CLI regexp tools to get ‘AND’ functionality. ( I pointed out there that the ‘|’ (pipe symbol) could be used as a simple ‘OR’ function.)
Here are some easy regexp’s that function (more as less) as simple Boolean ‘AND’s.

Here’s a scenario: you’re auditing one of your routers, checking to make sure privilege levels are what they should be for individual users, and that commands that have been moved into non-default privilege levels that appear to be correctly defined.
Read the rest of this entry »

When I first took the CCNA, I used a shortcut to get subnet masks worked out correctly. This was important, since I didn’t know cold what a /14 was, a /22 was, and so on. I got away by knowing only the classful subnet breaks (/8, /16, /24, /32 — hereafter referred to without the slashes) along with the knowledge that subnets all work (in binary) from left to right with the progression 128, 192, 224, 240, 248, 252, 254, then 255. Rather, I knew those pieces, and I knew what came in the middle, and that was enough to get me through the binary and decimal conversions. Let me explain.

Read the rest of this entry »

I’ll go ahead and note that to actually get a search result that has to do with ’session 15′ in the Cisco sense, “session 15 cisco” returns exactly what you’d expect (per google.com). If things haven’t changed, that search should give you a top result related to the Cisco 6500 series MSFC. The ’session 15′ (or 16) comes into play when you’ve got such a card in your Catalyst 6000 and you want access to it from the switch’s brain, the supervisor engine (SE).

I’m not normally fixated on ’session 15′ or sessions numbered 15, but as long as I’ve gone this far, I might as well give a little more explanation for why I care what google says about it, and why I chose it for the blog title. The story, in which the completely unexpected, eldritch power of ’session 15′ was revealed to me, is from early in my networking life.

It was early afternoon at Brabanx Inc. , and we had recently received a new 6506 switch. Working with another admin, I had unboxed and powered on the switch in the lab. The two power supplies came up, the switch booted, and the fans shot air through the idle system, as frantic as if the switch was pushing out of hurricane of packets. The fans, though, were all right. I was goofily excited myself, eager to get the switch online and working. I’d never started an installation from scratch with one of these 6500s, and I planned to get it squared away in an hour or two, report to the upperlings, and pat myself on the back the rest of the day. The only problem was, we couldn’t find a way to console into the router card. Vlans were great and nifty, shiny new switchports were wonderful, but we also needed the 6500 to do some serious routing, and without getting into the router card, we weren’t getting anywhere.

Read the rest of this entry »

Here’s something very useful if you do config changes and maintenance on routers that are farther than are farther away from you than a door or two down.  (Especially if you’ve got fast routers with quick reload times.)  This is something I use a lot when I’m working on routers at other sites or datacenters, when I’m doing something potentially dangerous on that device like making ACL or routing changes.   If you don’t have out-of-band access (e.g., a modem attached to your router with a dial-in line actually plugged in)  or an immediate contact at the location where your router is, you can kill your connection with one typo or badly planned line. And then your communication is going to be down until you figure out a way to get into the router or have it rebooted.  That’s where the reload commands come in.   If I’m about to do something potentially disruptive (something that might lead to a dropped circuit or customers waiting for data to get through, what management might call ‘catastrophic failure’) I frequently write mem (or copy run start) before making any changes, then type in ‘reload in 5′.  Or maybe reload in 10, or 15.   No ‘conf t’ necessary in any case.   It depends on how long your change is going to take (before you get to the point where you break things), and how long the connection can hang out, dead, waiting for revival.    What this does, in case it isn’t immediately clear, is it tells your router to reboot itself in X minutes, unless you intervene and countermand that order.   In this case, you stop the countdown by using the ‘reload cancel’ command.  Shortenable to ‘relo c’, if you’re barely getting there in time.

You can also use a time-scheduled reload by using ‘reload at’ instead of ‘reload in,’ and the details there are much as you would expect.   If this suits your purpose or your style better, go with that.

The biggest word of caution is, don’t pat yourself on the back and start doing something else when your configuration change goes without a problem.   Your router is going to reboot unless you tell it not to, so remember to cancel it if your perfect config has already been put in place, and things are better instead of worse.

These notes were written to focus on the Cisco implementation of QoS, but I’ll eventually cover enough generic QoS components to make looking at this worthwhile for non-proprietary QoS review. Unless a tile falls from the roof and kills me, etc.. (For Kierkegaard — wiki. )

I recently took the Cisco 642-642 quality of service certification, and the notes are from that study. The 642-642 cert works for the CCVP or the CCIP, but I was more interested in it from the perspective of getting a grip on the subject for the purpose of the routing and switching CCIE.

My original notes were more or less cram notes — I’ll try to put together something more intelligible here.

1. Classification and marking
2. Queuing / Congestion Management
3. Shaping and policing
4. Congestion avoidance
5. Link efficiency
6. Call admission control

1. Classification and marking

Pure marking tools –

• Class-based marking — CBM [including Network-based application recognition -- NBAR (Cisco only)]

Marking plus other functionality –

• policy based routing — PBR
• QOS policy propagation through BGP — QPPB
• Committed Access Rate — CAR

Available markers for QoS sorting (classification):

• IP precedence bits cisco site (from the traditional TOS field, compare with DSCP)
• QoS group [0 to 99; 0 is default, 0=unassigned] — requires CEF (and Cisco)
• DCSP bits wikipedia (replacing, but backward-compatible with, the traditional TOS field)
• 802.1Q / ISL CoS (class of service) aka priority tag — trunking layer-2 link required
• Frame relay DE (discard eligible) bit — if you’ve got frame-relay involved
• ATM CLP bit cisco1 cisco2 — if you have ATM, otherwise not damned likely
  
• MPLS experimental bits ipinfusion wikipedia — if you have MPLS, otherwise not damned likely
  

Read the rest of this entry »

Yesterday, I was trying to find a good way to use an ‘AND’ function in Cisco IOS pipes, to complement the ‘OR’ function available through the ‘|’ symbol (which is to say, the same symbol as the pipe).

For example, if you wanted to show the running config, and filter out lines that contained either ‘foo’ or ‘bar’, you could type

show run | include foo|bar

Read the rest of this entry »

Today I was dinking around on the switch portion of a 6500 switch, and decided I wanted to jump into the router part (technically speaking, the MSFC — the multi-layer switch feature card). [Note: this is only going to make sense if you're running a hybrid 6500 (catOS + IOS on the RP).] This is easily done by using the session 15 (or session 16, if you’re trying to go to your redundant supervisor) command.

Switch> (enable) sess?
session Tunnel to ATM or Router module

My attempt, however, was swatted down. In consolation, I was given a cryptic error message:

Switch> (enable) session 15
Trying Router-15...
session: Unable to tunnel to Router-15 (57)

Read the rest of this entry »

As a followup to the previous post on power calculation and estimation, I should add a couple of points — one on published Cisco reference material, the other on a handy command to run on your devices themselves once they’re already live in your datacenter/garage/office .

Read the rest of this entry »

Cisco has a nice tool on their customer pages they call the Cisco Power Calculator. The calculator will let you specify a (supported) chassis, loaded modules, cards, attached PoE devices, input voltage (e.g., 110 or 220 Volts), and come up with estimated figures for power consumption (Watts), output current (Amps), heat dissipation (BTU/Hr). It tcomes up with a list of recommended power supplies, and give you a quick graphical representation of the power usage based on the installed supply (presumably, orange is not good):

Read the rest of this entry »

Summary:

For my own rerence and your delectation, I’m going to talk about the Cisco IOS “show history” command use and defaults, with a brief comparison to Unix-type “history” plus grep. Following that, I’ll discuss changing the history buffer size for a single session, writing the buffer size change to config, and how to display the currently configured history buffer size. Commands used:

Read the rest of this entry »