by Tony Mattke on September 28, 2011
Ever get locked out of a router or switch that is many hours or even days away? Recently, I had the pleasure, again. For some reason, be it the consultant that was turning up our MLPPP session on site, the engineer who was working with the consultant, or a random case of configuration corruption…. a VTY access-class statement got changed to a non-existent ACL. But, at first, I didn’t know this. I didn’t know anything. I assumed the remote office was up, due to the lack of complaints, and the fact that I could get to the server and switch behind the router, but other than that, I had no clue.
[ read more... ]
by Tony Mattke on April 18, 2011
I got asked a rather interested question the other day. An engineer needed to make changes to a remote router, but do the commands he needed to run, he would be disconnected in the middle of his configuration. He asked me if I could write an EEM, or TCL script to make the changes for him. This seemed like a reasonable request, until I thought about it for a bit.
The solution I came up with is much, much simpler than doing any scripting. Create a file with the changes you wish to make, place it within the scope of your TFTP server and once its there, simply issue a copy tftp: running-config making sure to pass the correct IP and file name. Even so the command states its doing a copy, it will not over write your current running configuration. This will simply merge the contents of your file with the current running-config. Tada!
by Tony Mattke on February 21, 2011
Striving to reach that last 9? Looking for a way to increase your uptime while still being able to do maintenance on your network? Wish you could shutdown your OSPF neighbors like your BGP peers? Ok, enough sales talk. Achieving HA uptimes when you need to do maintenance is far from simple, even if you tweak your hello timers, or use some fast detection protocol like BFD it still takes time for your protocols to converge. A much better solution would be gracefully notifying a router’s neighbors of a dramatic cost increase on all of it’s interfaces which would force an SPF calculation while the router is still online forwarding packets.
Welcome RFC 3137 — OSPF Stub Router Advertisement is a feature implemented in Cisco IOS release 12.2(4)T and 12.3. To force our router into stub status we can use the max-metric router-lsa router configuration command which changes the OSPF metric for all non-stub interfaces on the router to 65535.
The new metric in the LSA does not cause the path to be ignored, it just increases the cost. The other routers in the network will select any alternate paths (if available).
[ read more... ]
by Tony Mattke on October 14, 2010
Previous thoughts on load balancing BGP were that it is not a load balancing protocol and in order to achieve any sort of balanced traffic you would have to perform some sort of route balancing. These days with BGP finding its way into our core IGP ( think MPLS VRF WAN ) a number of options for load balancing BGP have shown up.
Multipath BGP
While IGPs tend to manage most load balancing scenarios automagicly, BGPs mechanisms are configured manually. To allow multipath eBGP you configure the maximum number of paths to install using the maximum-paths route configuration command. However, multipath route installation does have to meet a few criteria including matching attributes. These attributes include weight, local preference, AS path, origin code, MED, and IGP metric. The next hop address for each path must also be different in order for that path to be considered.
Although the BGP path selection algorithm only considers the AS path length when comparing paths, the actual values (ASNs) of the path attribute have to match for the two routes to be installed
These stipulations are fine when sharing a load across multiple routes to a single ISP. But what if we had two different ISPs? Our attributes may match in every instance, except for the AS numbers in each path. Fortunately, there is an undocumented Cisco command that allows us to consider those routes, despite the differences in the AS numbers inside the path. Introducing bgp bestpath as-path multipath-relax
[ read more... ]
by Tony Mattke on June 9, 2010
Learning the particulars of Cisco IOS is one of the most valuable things a network engineer can do. These skills will be the basis of everything you do on the lab and on your network. The following is a collection of things that most everyone uses these days.
Prevent timeout on the serial console. You can also apply this to the VTY lines if you ssh / telnet into the router.
Router(config)#line con 0
Router(config-line)#exec-timeout 0 0 ! 0-minutes 0-seconds
The following configuration will allow you to work uninterrupted from system messages.
Router(config)#line con 0
Router(config-line)#logging synchronous
[ read more... ]
by Tony Mattke on November 23, 2009
This is one of those tricks you wish you learned about 10 years ago, but never did. You know how easy it is to mess up a nice looking access list. You get one setup on the router, and then you end up tinkering with it over the next month and the next thing you know you have the ACL that fell out of the ugly tree and hit every branch on the way down. I have the same issue, actually the other day I was working on some ACLs for a clients VPN configuration when I realized I had forgot to include some entries. So after adding what I needed, I ended up with something like this… ( IP address have been obviously changed to protect the innocent. Ok, honestly, the whole example is just hog wash. I’m way too lazy to actually go lookup the ACL I was working on. )
[ read more... ]
by Tony Mattke on July 19, 2009
How many times a day do you issue a show command from configuration mode ? If you’re anything like me, its enough to get annoying. Luckily Cisco has given us the ability to user define aliases, here is a simple solution to this issue.
Router(config)#alias configure show do show
While this fixes part of the issue, you’ll need to configure additional aliases for each configuration mode that you wish to use this in. I would certainly at least setup interface and router. Are there any handy alises you use every day? Comment below to share them with us!
Update: I had to update this article to include another alias I’ve configured recently on our Nexus gear. NX-OS has eliminated the wr command to write memory, forcing you to use copy running-config startup-config or a shortened version like copy run start. Either way, I always forget at least once a day. Using the following alias we can restore that functionality!
N7K(config)#cli alias name wr copy running-config startup-config
by Tony Mattke on May 27, 2009
So, I’m sure these have been posted almost on every networking blog under the sun, but who knows, right? Here are a few tips and tricks to help you move around the IOS a bit faster, find information faster, and locate problems… faster.
[ read more... ]
Recent Comments