IOS: Setting the TCP Timeout on IOS

One of my favourite default commands on IOS is “ip tcp synwait 5″. Lets look into this command and why you might like to use it as well.

Read more

IOS: Enable and …. Disable ?

All these years, and I didn’t realise the opposite of the enable, was disable.

Read more

IOS: ROMMON on the C6500/Sup720 - Lesson Learned

Recently, one of my Supervisor 720 goes into a permanent reboot cycle. I was able to break it into ROMMON mode, but I couldn’t get it to ’stick’ the boot settings.

Finally….

Read more

IOS: Reverse SSH Console Access - Part 2

Following my original post about configuring Reverse SSH on a Cisco console server, I wanted to make some followup to extend the usage. Read more

Configuring Windows 2003 / XP SP2 to Use IOS NTP Server

In certain networks, it is difficult to get the time on your servers to be exactly the same as the NTP time on your network equipment. In this case, you want to force the Windows servers to use the same NTP Network time source as your routers and switches. But Microsoft Windows doesn’t understand NTP by default, it has its own ‘way’ of setting up NTP so you need a little tweak to make it compatible.
Read more

IOS:Open Source Lab DNS and IP Addressing

A number of Cisco Bloggers have talked about making labs available for others to use. However, part of what will be needed is some conventions to make these labs work for the largest number of people.

Following Ivan Pepelnjak posting on Private Domain Names, and an earlier posting that I made on Reserved IP Address for Testing I believe we have perfect combination for DNS and IP addresses for building live test environments, that will work for Open Source lab scenarios.

Read more

IOS: Reverse SSH Console Access

I recently needed to secure the reverse console access using Cisco IOS router. Now for many years, we have been doing this over telnet and the configuration has been straightforward. But configuring it to support SSH instead of telnet is a little bit different, awkward in fact. Read more

Ip Tcp Timestamp

ip tcp timestamp

I have seen this command a few times, today I am going to look into it and see what it does. Also, this is probably a classic CCIE lab gotcha.

Read more

IOS CLI: Show Run Linenum

You probably know this one already, but I have been typing “wr t” for a long time and never stopped to look. Puts a line number at the side of the config so you can say to the person on the other end of the phone, see line 10……….

r2#sh run linenum
Building configuration…

Current configuration : 3057 bytes
1 : !
2 : upgrade fpd auto
3 : version 12.4
4 : service nagle
5 : no service pad
6 : service tcp-keepalives-in
7 : service tcp-keepalives-out
8 : service timestamps debug datetime msec localtime show-timezone
9 : service timestamps log datetime msec localtime show-timezone
10 : service password-encryption
11 : service sequence-numbers
12 : !
13 : hostname r2
14 : !
15 : boot-start-marker
16 : boot-end-marker
17 : !

They think of everything these days. I suspect that cheap and large flash in your routers means that useful commands are now possible. I must start looking for them more often.

Bidirectional Forwarding Detection  [Cisco IOS Software] - Cisco Systems

BFD is a most useful feature of IOS, and IMHO, a much unloved feature. I notice that latest releases of IOS now have BFD for static routing, but more importantly now supports HSRP

standby bfd
Example:
Router(config-if)# standby bfd
(Optional) Enables HSRP support for BFD on the interface
standby bfd all-interfaces

Example:
Router(config)# standby bfd all-interfaces
(Optional) Enables HSRP support for BFD on all interfaces.

Bidirectional Forwarding Detection  [Cisco IOS Software] - Cisco Systems: “”

On the Death and Rebirth of IOS - Why Did It Take So Long ?

The market has been commenting on the rise of Juniper for some years and the fact that Cisco has not been able to stop them growing. Well, we can now see that Cisco was listening to the stock market by spending a lot of time and money developing a new operating system. Oh yeah, and some new hardware to run it on. Read all about the Cisco ASR 1000 here.

IOS performance limits

Its been clear for a long time that the conventional IOS had hit a wall in performance. The monolithic kernel has been subjected to any number of hacks to improve performance (fast switching, CEF) but ultimately, it obviously had to be discarded and a new approach built that supported modularity, improved upgrade, and other serviceability features. This has seen the release of NXOS (Nexus 7000), IOS XR (CRS-1) and now IOS XE for the ASR1000. You can probably also include IOS SX as used in C6500 and other switches as another.

Read more

Single Internet Connection but HA Infrastructure - Using Bridging Instead of Routing

Introduction - The Design Constraint

The customer had decided to build a hosting platform, but could only arrange for a single internet connection to that site due to location. However, all other hardware was duplicated for high availability. After considering the options the following diagram was prepared showing the first pass at the design. This was the Internet Connection (100Mb Ethernet) connected to the router, then connected to a switch, which was interconnected by trunk to a second switch. The first layer of firewalls is then connected.

In this design, the router and the first switch are single points of failure as shown on the diagram

Read more

Cisco ASA and IOS Command Tip - Test Aaa-Server

I have been working on a VPN setup that loads the Group Policy from a CiscoSecure ACS server. During the process I discovered the test aaa-server command. Its very handy tool when you are doing this kind of stuff.

Read on…..

Read more

The Poor Man’s IOS Traffic Generator

This is a feature that I used to use years ago, but had forgotten about. For some reason, I remembered it today and it is still as useful as it ever was. Read on…
Read more