Cisco iOS

By | 01/04/2014

IOS Images

  • lan lite – Layer 2 entry level switches. 802.1Q, STP, CDP, VTPv2, PAGP/LACP.
  • lan base – [lan lite] + Layer 2 advanced switches. VTPv3. More security and managament functions.
  • ip base – [lan lite] + Very limited routing (static, rip, eigrp stub), ACLs, Private LANs
  • ip voice – [ip base] + VoIP
  • sp services – [ip voice] + SSH/SSL, MPLS + all routing (bgp, ospf, full eigrp)
  • advanced security – [ip base] + Firewall, IDS, NAC, IPSec, SSH/SSL
  • ip services – [ip base] + all routing (bgp, ospf, full eigrp). ospf and eigrp for ipv6, Multicast, VRF-lite, PBR
  • advanced ip services – [ip base + sp services + advanced security] adds ipv6, mpls, advanced ipv6, vpns
  •  universal – based on licenses. includes ip base, ip services and advanced ip services

References:

http://blogs.cisco.com/enterprise/cisco-ios-software-licenses-what%E2%80%99s-what-for-layer-2-and-layer-3-switching-%E2%80%93-part-1/

http://blogs.cisco.com/enterprise/cisco-ios-software-licenses-whats-what-for-layer-2-and-layer-3-switching-part-2/

 

Verify image

verify /md5 flash:imagename.bin MD5hash

 

IOS 12.0 family – M and T trains (separate software development lines)

  • T – Technology – new features, technology and hardware support.
  • M – Mainline – sometimes without the M. receive fixes. it’s more eatable

IOS 15.0 family – M and T releases (same development line)

  • T – standard maintenance release – provides bug fixes for 18 months
  • M – extended maintenance release – provides bug fixes for 44 months

Reference: Software reference guide

 

Choose the image to boot

hostname(config)#boot system flash:filename.bin

 

 

iOS vs iOS XE

Changes on QoS configuration

3850 uses MQC (Modular QoS CLI) instead of MLS (Multi Layer Switching)

Trust behavior is enabled by default acording to the following table

Trust Behavior

 

 

 

 

Priority-queue out configuration is more complex and provides more functionality:

http://mrncciew.com/2013/12/22/3850-qos-part-1/

http://mrncciew.com/2013/12/23/3850-qos-part-2-queuing-models/

http://mrncciew.com/2014/01/06/3850-qos-part-3-port-specific-qos-role/

http://mrncciew.com/2014/01/06/3850-qos-part-4-wireless-qos-mapping/

http://mrncciew.com/2014/01/08/3850-qos-part-5-traffic-classification/

Basic NAT configuration

ip nat inside source list 1 interface fastEthernet0/1 overload
access-list 1 permit any
interface fa0/0
nat inside
interface fa0/1
nat outside

 

SLA and Tracking

SLA – Option to monitor traffic to measure network performance. Send information and collects data. Object Tracking – the process checks the value of the object periodically. Some commands can change the behavior depending on the track.

Configuration example

Set up a SLA monitor to check a destination

ip sla monitor 1
 type echo protocol ipIcmpEcho 192.168.1.2
 timeout 1000
 frequency 1
ip sla monitor schedule 1 life forever start-time now

Set up a Track that checks the SLA monitor object result

track 1 rtr 1 reachability

Static route is configured depending on  the result of the track

ip route 172.16.0.0 255.255.0.0 10.51.223.3 track 1

Resources:

IP SLAs

Object Tracking

 

Other commands

mdix

Default configuration is “auto”. It automatically detects if it’s a straight or a crossover cable and configures it appropriately depending on what’s on the other side.

(config-if)#mdix auto

 

service-module

Provides access to a switch Service Module  from a host Rotuer

#service-module gigabitethernet 0/x/0 session

 

Config Cleanup

write erase – cleans the configuration

delete flash://vlan.dat – removes the vlan configuration

delete /force /recursive flash:directory – removes the directory, subdirectories and files

 

Scheduled reloads

reload at 03:00 20 Apr

reload in minutes

show reload

reload cancel

 

 

Compare startup and running configs

show archive config diff

 

Router bandwidh limit

class-map match-any CLASS_NAME
 match any

policy-map POLICYMAP_NAME
 class CLASS_NAME
 shape average 50000000

int gig 0/1
 service-policy output POLICYMAP_NAME

Manufacture date from serial number

SN format: ‘LLLYYWWSSSS’

Year codes:

01 = 1997
02 = 1998
03 = 1999
04 = 2000
05 = 2001
06 = 2002
07 = 2003
08 = 2004
09 = 2005
10 = 2006
11 = 2007
12 = 2008
13 = 2009
14 = 2010
15 = 2011
16 = 2012
17 = 2013
18 = 2014
19 = 2015
20 = 2016

Week codes:

1-5 : January
6-9 : February
10-14 : March
15-18 : April
19-22 : May
23-27 : June
28-31 : July
32-35 : August
36-40 : September
41-44 : October
45-48 : November
49-52 : December

Reference: https://supportforums.cisco.com/discussion/10832396/cisco-serial-number-lookups


 

Debug and logs

Before starting the debug: Check the CPU status

show processes cpu
show processes cpu history

Setup timestamps bu milliseconds:

service sequence-numbers service timestamps log datetime msec
 service timestamps debug datetime localtime msec

Recomended configuration to get the debug in a log

logging buffered 10000000 debug
no logging console
no logging monitor
default logging rate-limit
default logging queue-limit

ENABLE DEBUGS
ENABLE SESSION CAPTURE

terminal length 0
show logging

Log file

logging buffered

show logging

Console

logging console <0-7>

Aux/VTY

terminal monitor

logging on

Syslog

logging IP

Debugging commands

show debug no debug all undebug all debug condition interface interface debug condition [called number/calling/ip/username/vlan/…] value show debug condition

Useful debugs:

debug ip routing 
debug ip routing-protocol
debug ip packet detail AccessList

logging

Debug Command Reference

How to properly and safely collect debugs on an IOS router

Useful debug examples

Leave a Reply