Router Commands

 * To jump User mode to privilage mode  :-  Router>enable

 *To jump privilage mode to globel config mode :- Router#configure terminel OR conf t

 *To show ios version :- Router#show version

 *To show flash memory :- Router#Show flash

 *To show startup configuration :-Router#show startup-config

 *To show running configuration :- Router#show running-config

 *To copy running config to startup config :- Router#wr OR copy running-config startup-config

 *To set hostname :-Router(config)#hostname <name>

 *To set enable password :- Router(config)#enable password <word>

To set console password 

Router(config)#line console 0
 Router(config-line)#password <word>
Router(config-line)#login

To erase startup configuration :- write erase OR erase startup-config

To set auxilary password
Router(config)#line aux 0
Router(config-line)#password <word>
Router(config-line)#login

To set an ip address to an interface

Router(config)#interface  <interface name & no.>
Router(config-if)#ip address <ip address> <subnet mask>


ROUTING

 * Static routing

Router(config)#ip route <network addr.> <subnet mask> <nexthop ip addr or exit interface name>

 * Default routing

       Router(config)#ip route 0.0.0.0  0.0.0.0  <nexthop ip addr or exit interface name>

 * Dynamic routing (in the basis of routing protocols)

To configure telnet service
Router(config)#line vty 0 4
Router(config-line)#password <word>
Router(config-line)#login
Router(config-line)#exit
Router(config)#enable password <word>

ACCESS CONTROL LISTS

Standard ACL
         
creating std ACL  :- Router(config)#access-list <listno> <permit/deny> <source ip> <source wildcard mask>
   
apply ACL  :- Router(config)#interface <name & no>
                       Router(config-if)#ip access-group <listno> <in/out>
 
To avoid implicit deny statement :-  Router(config)#access-list <list no>  permit any

Extented ACL
 
creating extd acl :-
         Router(config)#access-list <listno> <permit/deny> <protocol> <sou.ip> <sou. WCM>  <dest ip ><dest WCM>  logic

apply an acl :- Router(config)#interface <interface name & no>
                            Router(config-if)#ip access-group <listno>  in/out

To avoid implict deny statement :- Router(config)#access-list <listno> permit ip any any

Named ACL
Router(config)#ip access-list standard/extented <name/list no.>
Router(config) #permit/deny <protocol> <source ip> <sou WCM> <dest ip> <dest WCM> logic
Router(config) #permit ip any any
Router(config) #ip access-group in/out

NAT

Static NAT
Router(config)#ip nat inside source static <private ip> <public ip>

Dynamic NAT
 Create a pool and assign no of public ip to pool :-                
                                     
Router(config)#ip nat pool <poolname> <start blockip> <end ip> netmask <subnetmask>
                                   
Assign pool to acl

 Router(config)#ip ant inside source list <listno> pool <pool name>

Assign customer and conditions to acl's

Router(config)#access-lists <listno> permit/deny <source ip> <source WCM>


EIGRP

Creating Eigrp :-

Router(config)#router eigrp <AS no>
Router(config-router)#network <connected network address>

To show neighbour table :- Router#show ip eigrp neighbours

To show topology table :- Router#show ip eigrp topology

To show eigrp routing table :- Router#show ip route eigrp

OSPF

Create ospf :- Router(config)#Router ospf <process id>
                        Router(config-router)#network <network addr> <wild cardmask>area <area id>

To show ospf n/w time hello time dead and wait timer ;- Router#show ip ospf  interface <interface name & no.>

To show database table :- Router#show ip ospf database

Read More...

Nexus 7700 License Installation

Below is the steps to install the license

1. Get license file from cisco
2. Copy license file to USB
3. Connect USB to N7K
4. Confirm the license file is issued to correct host-id.
5 .Copy lic file from usb to bootflash
6. Install the file

NOTE : Make sure that the host-id in N7K and license file is same or get new license file from cisco.License only install if they both are same

User Access Verification
SW1-AdminVDC login: admin
Password: *******

Check the current license
SW1-Admin-VDC# show license usage
Feature                      Ins  Lic   Status Expiry Date Comments
                                 Count
--------------------------------------------------------------------------------
MPLS_PKG                      No    -   Unused             -
STORAGE-ENT                   No    -   Unused             -
VDC_LICENSES                  No    0   Unused             Grace expired
FCOE-N7K-F248XP               No    0   Unused             -
ENHANCED_LAYER2_PKG           No    -   Unused             -
TRANSPORT_SERVICES_PKG        No    -   Unused             -
LAN_ENTERPRISE_SERVICES_PKG   Yes   -   Unused Never       -
--------------------------------------------------------------------------------
SW1-AdminVDC# dir usb1:
        393    Jan 08 11:56:54 2018  N770020180108XXXXXXX.zip
        298    Jan 08 04:08:32 2018  N7700201801080XXXXXXX.lic
       4096    Dec 31 11:20:48 2017  N7k run/

SW1-AdminVDC# sh file usb1:N7700201801080XXXXXXX.lic

SERVER this_host ANY
VENDOR cisco
INCREMENT VDC_LICENSES cisco 1.0 permanent 4 \
        VENDOR_STRING=<LIC_SOURCE>MDS_SWIFT</LIC_SOURCE><SKU>N77-VDC1K9=</SKU> \
        HOSTID=VDH=N77-C7710:JPGXXXXXXX \
        NOTICE="<LicFileID>2018010804083XXX</LicFileID><LicLineID>1</LicLineID> \
        <PAK></PAK>" SIGN=DE7FC25XXXX8

SW1-AdminVDC# sh license host-id
License hostid: VDH=N77-C7710:JPGXXXXXXX

SW1-AdminVDC# copy usb1:N7700201801080XXXXXXX.lic bootflash://
Copy progress 100% 298B
Copy complete, now saving to disk (please wait)...

SW1-AdminVDC# install license bootflash:N7700201801080XXXXXXX.lic
Installing license ..............done

SW1-AdminVDC# sh license usage
Feature                      Ins  Lic   Status Expiry Date Comments
                                 Count
--------------------------------------------------------------------------------
MPLS_PKG                      No    -   Unused             -
STORAGE-ENT                   No    -   Unused             -
VDC_LICENSES                  Yes   4   Unused Never       -
FCOE-N7K-F248XP               No    0   Unused             -
ENHANCED_LAYER2_PKG           No    -   Unused             -
TRANSPORT_SERVICES_PKG        No    -   Unused             -
LAN_ENTERPRISE_SERVICES_PKG   Yes   -   Unused Never       -
--------------------------------------------------------------------------------

Read More...

How to Remote port monitoring using Wireshark

Remote port monitoring using Wireshark
Step 1: Need to create RSPAN VLAN

SW1(config)# vlan 900
SW1(config-vlan)# remote span
SW1(config-vlan)# end
SW3(config)# vlan 900
SW3(config-vlan)# remote span
SW3(config-vlan)# end

NOTE:
-          The RSPAN Vlan needs to exist in the Vlan database of the source switch, the destination switch and all switches in the transit path between them. It also needs to be allowed on all Trunk ports between the source and destination switches.
-          The RSPAN VLAN cannot be VLAN 1 (the default VLAN) or VLAN IDs 1002 through 1005 (reserved for Token Ring and FDDI VLANs).

Need to configure the following commands on the switch which has the Internet port:

#no monitor session 1
#monitor session 1 source interface fastethernet 0/1
#monitor session 1 destination remote vlan 900

The source interface above will be your Internet port that you need to monitor and the Vlan ID for the remote VLAN will be your newly created RSPAN Vlan.

Then on the destination switch, i.e. the one you have the host who needs to see the packets:

#no monitor session 1
#monitor session 1 source remote vlan 900
#monitor session 1 destination interface fastethernet 0/10

The source Vlan will be the RSPAN Vlan and the destination interface will be the port that you want to output your packets to.

Verify
#Show monitor 1


Read More...

Cisco Anyconnect Error : “The AnyConnect package on the secure gateway could not be located.“

Error: Cisco AnyConnect VPN Client The AnyConnect package on the secure gateway could not be located. You may be experiencing network connectivity issues. Please try connecting again.


Solution :

You have to upload or locate Anyconnect .pkg file on the ASA.

1. Login to ASA via CLI and in config mode give below commands

webvpn
 enable outside
 anyconnect image disk0:/anyconnect-win-4.2.00096-k9.pkg 

Note : You need to upload the appropriate .pkg file to ASA before giving above command .You can also check the anyconnect pkg file in ASA using #show disk0: command

 asa1/act/pri# show disk0:
--#--  --length--  -----date/time------  path
   175  6487517     May 22 2014 12:49:30  anyconnect-macosx-i386-2.5.2014-k9.pkg
  176  6689498     May 22 2014 12:49:30  anyconnect-linux-2.5.2014-k9.pkg
  177  4678691     May 22 2014 12:49:32  anyconnect-win-2.5.2014-k9.pkg
   179  38191104    Feb 03 2016 16:34:36  asa912-smp-k8.bin
   184  23374256    Feb 21 2016 10:42:28  asdm-716.bin
  191  69285888    May 19 2016 13:29:32  asa942-smp-k8.bin
  192  18989375    May 22 2016 10:49:54  anyconnect-win-4.2.00096-k9.pkg <-- This file is used in this example
  193  25819140    May 23 2016 12:23:32  asdm-761.bin
  196  84805632    Aug 17 2017 10:49:16  asa963-1-smp-k8.bin
  197  26916144    Aug 17 2017 10:50:26  asdm-781-150.bin

2. To verify
Do a "show run webvpn" on your ASA to check the above.

asa1/act/pri# sh run webvpn
webvpn
 enable outside
 anyconnect image disk0:/anyconnect-win-4.2.00096-k9.pkg 1
 anyconnect enable

Save the configuration and try to login again using the anyconnect
Read More...

Upgrade OS in Palo alto

STEP 1 Take Backup 

1. Select Device > Setup > Operations and Export "Export named configuration snapshot."
2. Select the XML file that contains your running configuration (for example, running-config.xml) and click OK to export the configuration file.
3. Save the exported file to a location external to the firewall. You can use this backup to restore the configuration if you have problems with the upgrade.

STEP 2 : Make sure the firewall is running content release needed for the installation of required OS 

1.Select Device > Dynamic Updates.
2.If the firewall is not running the minimum required update, Check Now to retrieve a list of available updates.
4.Locate and Download the appropriate update.
5.After the download completes, Install the update.

STEP 3: Determine the upgrade path.

1.Select Device > Software > Check now for the latest update
2.Locate and Download the version to which you intend to upgrade.
3.After the download completes, Install the update.
4.After the installation successfully completes, reboot using one of the following methods:
If you are prompted to reboot, click Yes.
If you are not prompted to reboot, select Device > Setup > Operations and Reboot Device (Device Operations section).

NOTE : You cannot skip installation of any major releases in the path to your target PAN-OS version. Therefore, if you intend to upgrade to a version that is more than one major release away, you must still download, install, and reboot the firewall for each intermediate major release along the upgrade path.

For example, if you want to upgrade from PAN-OS 6.0.11 to PAN-OS 7.1.5, you must:

Download and install PAN-OS 6.1.0 and reboot.
Download and install PAN-OS 7.0.1 and reboot (7.0.1 is the base image for the 7.0 release, not 7.0.0).
Download PAN-OS 7.1.0 (you do not need to install it).
Download and install PAN-OS 7.1.5 and reboot.

STEP 4: Verify that the firewall is passing traffic. Select Monitor > Session Browser.
Read More...