Interface Blogs

Clearing out a Cisco switch configuration is always a pain because VLANs are kept in a seperate file from the startup-config (NVRAM). There's two ways to clear a switch back to the factory defaults - the easy way and the REALLY easy way:

The easy way -

Switch# write erase
Switch# delete flash:vlan.dat
Switch# reload

The REALLY easy way -

Hold the "mode" button on the front of the switch for 10 seconds. The lights will blink then go solid - the switch completely wipes all configuration and then reboots. Obviously, this method only works on stackable switches as the chassis based switches do not have mode buttons.

Okay, here's my thought. I've got some links that I have found very handy in the Cisco world over the years...links that I typically forget about, but then someone shows me the same link months later and I get all excited about them again. Rather than continuing the cycle, I was hoping to enlist your help to create a post that has all sorts of great links. Eventually, we can compile a list and put them in some permanent place on the website. These links include cool resources, utilities (cheap or free), and "tips". Please don't include blogs in this list (not that they're not valuable...just a different category). So, here's what I've got so far:

From global config:

alias exec s show ip interface brief (the ol' standby)
alias exec traffic sh ip nbar protocol-discovery stats bit-rate top-n 10 (shows top 10 protocols using your interfaces)
alias exec proc show proc cpu | excl 0.00%__0.00%__0.00% (shows only processes using CPU)

SSL VPNs are the future of VPN technology. While they are still brand new, "bleeding edge" sort of technology, they will eventually be how we run our VPN connections for most organizations. The concept is simple: HTTPS (SSL-based) web pages have used adequate encryption for years...why not harness the technology to create a "client-less VPN system," tunneling applications through the SSL connection.

For a user to connect to a SSL VPN, no client installation is necessary. Rather, they simply access a web page, authenticate, and minimize the web browser window. They're now on the corporate VPN.

There's more to it than this (such as JAVA client downloads may be necessary for full port forwarding capabilities, etc...). Cisco just published an excellent explanation / configuration document for the WebVPN/SSL VPN technology. Get it here.

This information is here primarily for my reference at customer sites; for some odd reason, I seem to be recovering IOS images through ROMMON quite a bit lately. These are the minimum fields to get this going through TFTP rather than XModem. Hopefully you find this beneficial as well!

rommon 1 > IP_ADDRESS=192.168.1.100

rommon 2 > IP_SUBNET_MASK=255.255.255.0

rommon 3 > DEFAULT_GATEWAY=192.168.1.1

rommon 4 > TFTP_SERVER=192.168.1.50

rommon 5 > TFTP_FILE=c2600-adventerprisek9-mz.124-5a.bin

rommon 6 > tftpdnld (this command kicks off the tftp download)

Okay, this may be old news to some of you, but someone showed it to me and it changed my life...or at least seemed like a pretty cool tip. On Cisco devices, you can filter the "show run" output by entering a forward slash (/) at the more prompt and typing in the section you want to move to.

So...

Router# show run
Building configuration...

Current configuration : 12919 bytes
!
! Last configuration change at 17:33:29 ARIZONA Tue Oct 24 2006 by jeremy
! NVRAM config last updated at 14:27:00 ARIZONA Fri Oct 20 2006 by jeremy
!
version 12.4
!
...blah blah other junk goes here
!
--More-- <---- enter the forward slash here followed by a word (such as interface) that you want to jump to.

This is essentially like doing the "show run | begin" syntax, but you can do it on the fly. Okay, maybe not life changing, but sure is handy on those massive config files.

I did it. I finally did it. I've got a Cisco CallManager 4.1(3) server running natively on a Dell Optiplex 270GX. Now, I'm not talking about the old registry hack forcing you to install Windows 2000, hack the registry, and then put the Cisco CallManager software on top of it. Doing this causes a host of problems because the base windows operating system does not have the correct services running and permissions set.

I'm talking about a hack that allows you to install the Cisco CallManager Windows image straight from the CD-ROM, setting all the correct permissions and giving you a working Cisco CallManager on a non-MCS server. Here's what I did:

Step 1: Download a Windows utility called FDIMAGE.EXE. This is typically used to create floppy boot disks from disk images for BSD/Linux. You can get this utility from here.

Step 2: Pop in in the CallManager Hardware Detect CD-ROM (Disk 1) into your PC - sorry, I can't give this one out :o)

Step 3: Put in a blank floppy disk

Step 4: Open a command prompt and type "fdimage d:\bootimg.bin a:" this copies the boot image from the CD-ROM to the floppy disk

Step 5: On the floppy disk, edit the autoexec.bat file (I'm having flashbacks to the MS-DOS days)

Step 6: Find the line in the autoexec.bat file that says "s:\tools\systype s:\tools\sssksys.ini" This line is right before the boot process does the hardware check to see what sort of server you have

Step 7: Hit enter after the above line and add the following two lines:
set XIMAGE=x345
goto IBMx345

Step 8: Save the file

Step 9: Boot off the floppy disk and put the Hardware Detect CD into the drive. Follow the wizard to blow the Windows 2000 image onto the non-MCS machine. It will prompt you for the OS Disk 3 (I'm using DVDs - it's DVD #2 of the OS install for me).

Step 10: After Windows comes online, you'll have to install your platform specific video/netcard/etc... drivers

Step 11: Pop in the Cisco CallManager CDs and proceed as normal! This rocks!

Of course, this is only in a lab environment. The great Cisco powers that be would definitely frown upon a TAC support call from a Cisco CallManager running on a desktop PC.