November 2018 – Page 2

Just created VLAN but I cannot see it! (CISCO)

09/11/2018 FN Comments 0 Comment

PROBLEM: I created a VLAN on my router, but I cannot see it using ‘show vlan-switch’ or Vlan Status is UP but Protocol is DOWN. SOLUTION: Create L2 SVI. [?] What is SVI? https://en.wikipedia.org/wiki/Switch_virtual_interface //Create L2 SVI over the existing L3 VLAN

Router(config-v)# vlan 10
Router(config-vlan)# exit

1 2	Router(config-v)# vlan 10 Router(config-vlan)# exit

OUTPUT

Router# show vlan-switch


VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa1/0, Fa1/2, Fa1/3, Fa1/4                                                
10   VLAN0010                         active    Fa1/1

Router# show vlan-switch

VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------

1 default active Fa1/0, Fa1/2, Fa1/3, Fa1/4

10 VLAN0010 active Fa1/1

Copy & Paste

conf t
vlan 10
end

conf t

vlan 10

end

Cisco is interrupting my typing (CISCO)

08/11/2018 FN Comments 0 Comment

PROBLEM: I am angry with Cisco IOS messages in the middle of my comands! SOLUTION: Sync input and output. [?] How to connect to Cisco router? https://en.wikipedia.org/wiki/PuTTY //Turn on sync

Router(config)# line vty 0 15
Router(config-line)# logging synchronous
Router(config)# line con 0
Router(config-line)# logging synchronous
Router(config)# line aux 0
Router(config-line)# logging synchronous

Router(config)# line vty 0 15

Router(config-line)# logging synchronous

Router(config)# line con 0

Router(config-line)# logging synchronous

Router(config)# line aux 0

Router(config-line)# logging synchronous

BEFORE

Router# sho
%LINK-5-CHANGED: Interface GigabitEthernet0/0/1, changed state to up w  ip interface

1 2	Router# sho %LINK-5-CHANGED: Interface GigabitEthernet0/0/1, changed state to up w ip interface

AFTER

Router# sho
%LINK-5-CHANGED: Interface GigabitEthernet0/0/1, changed state to up
Router# show ip interface brief

Router# sho

%LINK-5-CHANGED: Interface GigabitEthernet0/0/1, changed state to up

Router# show ip interface brief

Copy & Paste

conf t
line vty 0 15
logging synchronous
exit
line con 0
logging synchronous
exit
line aux 0
logging synchronous
end

conf t

line vty 0 15

logging synchronous

exit

line con 0

logging synchronous

exit

line aux 0

logging synchronous

end

Credit:

Stop translating typo in privileged mode (CISCO)

08/11/2018 FN Comments 0 Comment

PROBLEM: Cisco tries to telnet if you mistype. SOLUTION: Disable domain-lookup. [?] What is DNS? https://www.cloudflare.com/learning/dns/what-is-dns/ //Disable domain-lookup in config terminal mode

Router(config)# no ip domain-lookup

1	Router(config)# no ip domain-lookup

BEFORE

Router# test
Translating "test"...domain server (255.255.255.255)
% Unknown command or computer name, or unable to find computer address

Router# test

Translating "test"...domain server (255.255.255.255)

% Unknown command or computer name, or unable to find computer address

AFTER

Router# test
Translating "test"
% Unknown command or computer name, or unable to find computer address

Router# test

Translating "test"

% Unknown command or computer name, or unable to find computer address

Copy & Paste

conf t
no ip domain-lookup
end

conf t

no ip domain-lookup

end

Monitor device connection to the internet (CISCO)

08/11/2018 FN Comments 0 Comment

PROBLEM: Monitor device access to the internet and create action when connection is not available (e.g. restart device). SOLUTION: Creating IP SLA (monitor) and trigger e.g. ‘reload’ action using event manager (EEM). [?] What is IP SLA? https://learningnetwork.cisco.com/blogs/vip-perspectives/2017/06/13/ip-sla-fundamentals //Create simple IP SLA with google DNS server as the target from interface FastEtheret 0/1

Router(config)# ip sla 1
Router(config-ip-sla)# icmp-echo 8.8.8.8 source-interface FastEthernet 0/1
Router(config-ip-sla)# timeout 5000
Router(config-ip-sla)# frequency 50
<strong>#Config IP sla to start now and live forever</strong>
Router(config)# ip sla schedule 1 start-time now life forever
<strong>#Track IP sla reachability</strong>
track 10 rtr 1 reachability
<strong>#On some other versions you have to use "track 1 ip sla 1 reachability"</strong>

Router(config)# ip sla 1

Router(config-ip-sla)# icmp-echo 8.8.8.8 source-interface FastEthernet 0/1

Router(config-ip-sla)# timeout 5000

Router(config-ip-sla)# frequency 50

#Config IP sla to start now and live forever

Router(config)# ip sla schedule 1 start-time now life forever

#Track IP sla reachability

track 10 rtr 1 reachability

#On some other versions you have to use "track 1 ip sla 1 reachability"

OUTPUT

*Sep 15 13:37:00 %TRACK-6-STATE: 10 ip sla 1 srate Up -> Down

1	*Sep 15 13:37:00 %TRACK-6-STATE: 10 ip sla 1 srate Up -> Down

Copy & Paste

conf t
ip sla 1
icmp-echo 8.8.8.8 source-interface FastEthernet 0/1
timeout 5000
frequency 50
exit
ip sla schedule 1 start-time now life forever
track 10 rtr 1 reachability
exit

conf t

ip sla 1

icmp-echo 8.8.8.8 source-interface FastEthernet 0/1

timeout 5000

frequency 50

exit

ip sla schedule 1 start-time now life forever

track 10 rtr 1 reachability

exit

Credit: https://www.experts-exchange.com/questions/21986774/IP-addresses-may-not-be-configured-on-L2-links-on-Cisco-1801.html

% IP addresses may not be configured on L2 links (CISCO)

08/11/2018 FN Comments 0 Comment

PROBLEM: Unable to configure IP on the specific interface. SOLUTION: Creating VLAN with IP and assign VLAN to the physical interface. [?] What is VLAN? https://www.lifewire.com/virtual-local-area-network-817357 //create VLAN and assign IP to it

Router(config)# interface Vlan 10
Router(config-if)# ip address 172.16.0.1 255.255.255.0

1 2	Router(config)# interface Vlan 10 Router(config-if)# ip address 172.16.0.1 255.255.255.0

//assign VLAN to interface

Router(config)# interface FastEthernet0/1
Router(config-if)# switchport mode access
Router(config-if)# switchport access Vlan 10

Router(config)# interface FastEthernet0/1

Router(config-if)# switchport mode access

Router(config-if)# switchport access Vlan 10

OUTPUT

Router(config)#sh ip int br
Vlan10 10.0.0.1 YES manual up down

1 2	Router(config)#sh ip int br Vlan10 10.0.0.1 YES manual up down

Copy & Paste

conf t
interface Vlan 10
ip address 172.16.0.1 255.255.255.0
exit
interface FastEthernet0/1
switchport mode access
switchport access Vlan 10
end

conf t

interface Vlan 10

ip address 172.16.0.1 255.255.255.0

exit

interface FastEthernet0/1

switchport mode access

switchport access Vlan 10

end

Credit: https://www.experts-exchange.com/questions/21986774/IP-addresses-may-not-be-configured-on-L2-links-on-Cisco-1801.html

Block incoming ping (CISCO)

08/11/2018 FN Comments 0 Comment

PROBLEM: I would like to block all incoming ping requests. SOLUTION: Block incoming ICMP traffic using access-list. [?] Why you should not block ICMP traffic! https://neilalexander.eu/articles/2017/4/16/understanding-icmp http://shouldiblockicmp.com/ //create deny rule to drop all ICMP requests //enable other traffic (bcs of implicit deny by ACL)

Router(config)# access-list 101 deny icmp any any
Router(config)# access-list 101 permit ip any any

1 2	Router(config)# access-list 101 deny icmp any any Router(config)# access-list 101 permit ip any any

//assign the rule to the interface

Router(config)# int FastEthernet 0/1 
Router(config-if)# ip access-group 101 in

1 2	Router(config)# int FastEthernet 0/1 Router(config-if)# ip access-group 101 in

OUTPUT

Router# ping 172.16.0.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.0.2, timeout is 2 seconds:
UUUUU
Success rate is 0 percent (0/5)

Router# ping 172.16.0.2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.16.0.2, timeout is 2 seconds:

UUUUU

Success rate is 0 percent (0/5)

Copy & Paste

conf t
access-list 101 deny icmp any any
access-list 101 permit ip any any
int FastEthernet 0/1 
ip access-group 101 in 
end

conf t

access-list 101 deny icmp any any

access-list 101 permit ip any any

int FastEthernet 0/1

ip access-group 101 in

end

Source: https://community.cisco.com/t5/routing/block-icmp/td-p/2419132

FN

My 'wiki'

Browsed by
Month: November 2018

Just created VLAN but I cannot see it! (CISCO)

09/11/2018 FN Comments 0 Comment

Cisco is interrupting my typing (CISCO)

08/11/2018 FN Comments 0 Comment

Stop translating typo in privileged mode (CISCO)

08/11/2018 FN Comments 0 Comment

Monitor device connection to the internet (CISCO)

08/11/2018 FN Comments 0 Comment

% IP addresses may not be configured on L2 links (CISCO)

08/11/2018 FN Comments 0 Comment

Block incoming ping (CISCO)

08/11/2018 FN Comments 0 Comment