Cisco IOS – Random Notes, Commands, and Tricks

Lots of random little things I’ve collected over the years.

Erasing a switch:

Erase the config, vlans, and crypto:

Switch# write erase
Switch# del flash:vlan.dat
Switch# crypto key zeroize rsa

Switch stack commands:

View Switches Currently Connected or Provisioned

Switch# show switch

Renumber a Switch

Switch(config)# switch {CURRENT#} renumber {NEW#}

Prioritize a Switch (15=Master)
(NOTE: Higher priority value = Higher priority)

Switch(config)# switch {SWITCH#} priority {PRIORITY#}

Remove (Deprovision) a Switch

Switch(config)# no switch {CURRENT#} provision {NEW#}

Stack power commands:

Show Environmental Facilities (Power Supplies, etc.)

Switch# show env all

Show Available, Budgeted, and Consumed Power

Switch# show power inline

Configure Power-Stack Switch Power Parameters

Switch# stack-power switch {NUMBER}
Switch# power-priority switch {1-9}
Switch# power-priority high {10-18}
Switch# power-priority low {19-27}

(NOTE: Lower priority value = higher priority)

Set Access Port Power Priority

Switch(config-if)# power inline port priority {High | Low}

Enable/Disable Stack-Power Port

Switch# stack-pow switch 1 port 1 {Enable | Disable}

Find a device by IP:

*** SSH into the gateway IP of the IP address in question ***
EXAMPLE: If the IP = 192.168.78.221  SSH into = 192.168.78.1
1. Search the ARP table for the IP:

Router# show ip arp | i 192.168.78.221

2. Search the MAC address table for the given MAC:

Router# show mac address-table | i 0013.c39d.6bc1

3. View the device/switch on the given port:

Router# show cdp neighbor t3/5 detail

**SSH into the given device**
4. Repeat steps 2 and 3 until you reach an end user switchport.

Access list modification:

Showing an Access List with its sequence numbers

Switch# show ip access-lists

Resequence an Access List

Switch(conf)# ip access-list resequence {ACL} 10 10

Add to an Access List – Add the new line with appropriate sequence number:

Switch# ip access-list {ACL_TYPE} {ACL_NAME}
Switch# {SEQUENCE#} permit {IP_ADDRESS}

Remove from an Access List – Remove a line by using its sequence number:

Switch# ip access-list {ACL_TYPE} {ACL_NAME}
Switch# no {SEQUENCE#}

Find all applied Access Lists

Switch# show ip int | i line protocol|access list

 

DHCP Setup

Exclude any addresses that should not be leased

Switch(config)# ip dhcp exclude {FIRST_IP} {LAST_IP}

Start the DHCP Service

Switch(config)# service dhcp

Create your Pool of addresses

Switch(config)# ip dhcp pool {POOL_NAME}
Switch(dhcp-config)# network {NET_IP} {SUBNET_MASK}

Set a Default Router

Switch(dhcp-config)# ip default-router {IP}

Throughput Test – TTCP

Setup a server to receive

Router# ttcp receive

Setup a server to transmit

   Router# ttcp transmit {RECEIVE_ROUTER_IP}

Generate Some Traffic

Start the “tcp-small-servers” Service

Switch1(config)# service tcp-small-servers

Telnet to port 19

Switch2# telnet {END_DEVICE_IP} 19

SSH Options

Set the Source Interface or VLAN

Switch(config)# ssh source-ip {SOURCE}

Use a Different Username to Login

Switch# ssh –l {USERNAME} {IP}

Reloading Cisco Devices

*** NOTE: These are very useful for making changes to a switch that could potentially block your access. ***
Set a Time for Reload

Switch# reload at {HH:MM}

Set a Delay for Reload

Switch# reload in {NUMBER_OF_MINUTES}

Cancel a Reload

Switch# reload cancel

Cisco VoIP Phones

Automatically Setup QoS for VoIP
***NOTE: This should be entered on the range of interfaces that will have Cisco IP Phones connected.**

Switch(config-if-range)# auto qos voip cisco-phone

Reset a Cisco IP Phone
1. Remove power from the phone and plug it back in.
2. Immediately press and hold #
3. When buttons/lights flash in sequence, Press:
123456789*0#
Lock and Unlock Settings
Press **# to unlock and press it again to lock.

Misc Cisco Commands

Interrupt an output or process
[Ctrl]+[Shift]+[6] or [Ctrl]-[Z]
Suspend a connection (SSH, Telnet, etc.)
[Ctrl]+[Shift]+[6] [X]
Disconnect active connections

Switch# disconnect

Turn On/Off Log Messages for Current Session

Switch# terminal monitor
Switch# terminal no monitor

Temperature Status and Threshold Values

Switch# show env temperature status
Switch# show env alarm thresholds

Restore an interface to default configuration

Switch(config)# default interface {INTERFACE}

View the contents of a Text File

Switch# more {TEXT_FILE_NAME}

Apply an IP to a switchport

Switch(config)# no switchport

Replace the device’s entire configuration

Switch# configure replace {FILE_LOCATION}

Test a Port to See if it is Open

Switch(config)# telnet {IP_ADDRESS} {PORT_NUMBER}

View only active processes on a device (good alias)

Switch# show processes cpu | excl 0.00%__0.00%__0.00%

View transmit/receive rates for all interfaces

Switch(config)# show interfaces summary

Command Prompt and Powershell Stuff

View all MAC address on the local machine

C:\> getmac

Search DNS for IP or HOSTNAME

C:\> nslookup {COMPUTER_NAME | IP_ADDRESS}

Find MAC and NetBIOS Name by IP

C:\> nbtstat –A {IP_ADDRESS}

Find MAC and IP by NetBIOS Name

C:\> nbtstat –a {COMPUTER_NAME}

Clear ARP on the local machine

C:\> arp –d *

Clear DNS on the local machine

C:\> ipconfig /flushdns

Clear NetBIOS name cache

C:\> nbtstat –R

Display all connections and listening ports

C:\> netstat -an

802.1x (dot1x)

Set a port to Monitor Mode (remove Enforcement)

Switch(config-if)# authentication open
Switch(config-if)#

View a lot of awesome dot1x information

Switch# show dot1x {all | interface} summary

Display information about current auth sessions

Switch# show authentication sessions {INTERFACE}

Clear current auth sessions

Switch# clear authentication sessions {INTERFACE}

NOTE: shut then no shut the interface after this!!!
Display IP and MAC info for connected devices

Switch# show ip device tracking {all | interface}

Find Port of failing device by MAC

Switch# show log | i MAC_ADDRESS

In cmd.exe or PowerShell: View interface auth state

C:\> netsh lan show interfaces

Port Monitoring – SPAN

**NOTE: SPAN and RSPAN are for setting up a sniffer and should only be used when you have proof of granted permission by a very high authority (a letter).
1. Clear any existing monitor sessions

Switch(config)# no monitor session all

2. Specify the Session and Source Port (repeat for each)

Switch(config)# monitor session 1 source {INTERFACE}

Or monitor an entire VLAN (careful with this!)

Switch(config)# monitor session 1 source vlan {ID}

3. Specify the Destination Port

Switch(config)# monitor session 1 dest {INTERFACE}

4. Confirm the monitoring session

Switch(config)# show monitor session 1

Port Monitoring – RSPAN

**NOTE: RSPAN is for monitoring ports on a distant switch, for monitoring on the same switch, use SPAN.
1. Create an RSPAN VLAN

Switch(config)# vlan {VLAN-ID}
Switch(config)# remote-span

2. Clear any existing monitor sessions

Switch(config)# no monitor session all

3. Specify the Session and Source Port (repeat for each)

Switch(config)# monitor session 1 source {INTERFACE}

4. Specify the Session and Source Port (repeat for each)

Switch(config)# monitor session 1 source {INTERFACE}

5. Specify the Destination

Switch(config)# monitor session 1 dest {INTERFACE}

6. Confirm the monitoring session

Switch(config)# monitor session 1 source {INTERFACE}

 

Leave a Reply

Your email address will not be published. Required fields are marked *