Cisco IOS-XR: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
|||
| (24 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
=General= | |||
===Show Pending Commit Changes=== | |||
show commit changes diff | |||
===Show all VLANs in a building=== | |||
''(might not be applicable if you don't work where I work)'' | |||
show run int be 1[BLDG#].* | |||
===Find MAC Addresses in ARP Table=== | |||
''(must know VRF first)'' | |||
show arp vrf r[0000] | inc [last4MAC] | |||
===Show DHCP Helper(s) for a VRF=== | |||
show run | beg profile r1570 relay | |||
===Show Uptime of a Node/Linecard=== | |||
admin show logging onboard uptime loc 1/0/CPU0 | |||
=Packet Capture= | |||
1. On A9k: | |||
Add monitor-session to the interface on which you wish to perform packet capture. If the monitor session is already on another interface, you may want to remove it from there first. | |||
(config)# conf | |||
(config)# int be10121.910 | |||
(config-subif)# monitor-session rsb ethernet | |||
2. On capture server (i.e., rsb-9k): | |||
sudo tcpdump -ni p2p1 -w cap1.pcap | |||
;-n: don't resolve IP addresses | |||
;-i: specifies interfaces to listen on | |||
;-w: output file | |||
Show any current monitor-sessions: | |||
show monitor-session rsb status | |||
=Routing= | |||
===Edit a Prefix List=== | |||
edit prefix-list [prefix-list name] vim | |||
===Clear an ARP Entry=== | |||
clear arp-cache bundle-ether 20011.2105 [A.B.C.D] location all | |||
=SFP/Optics= | |||
===Show Optical Transceiver Info=== | |||
show controllers Hu0/0/0/7 phy | |||
=Initial Config= | =Initial Config= | ||
| Line 49: | Line 106: | ||
vrf management | vrf management | ||
server-private 10.9.1.1 port 49 | server-private 10.9.1.1 port 49 | ||
key 0 | key 0 <insert key here> | ||
! | ! | ||
server-private 10.9.2.2 port 49 | server-private 10.9.2.2 port 49 | ||
key 0 | key 0 <insert key here> | ||
! | ! | ||
! | ! | ||
| Line 65: | Line 122: | ||
==Smart Licensing== | ==Smart Licensing== | ||
In config mode: | 1. In config mode: | ||
call-home | call-home | ||
| Line 78: | Line 135: | ||
! | ! | ||
! | ! | ||
crypto ca trustpoint Trustpool | crypto ca trustpoint Trustpool | ||
vrf management | vrf management | ||
In exec mode: | 2. In exec mode: | ||
Our NCS' didn't ship with all the CA's, so we downloaded them: | ''Our NCS' didn't ship with all the CA's, so we downloaded them:'' | ||
crypto ca trustpool import url <nowiki>http://www.cisco.com/security/pki/trs/ios.p7b</nowiki> | crypto ca trustpool import url <nowiki>http://www.cisco.com/security/pki/trs/ios.p7b</nowiki> | ||
Check to make sure CA's were installed (should be more than five certs now): | 3. Check to make sure CA's were installed (should be more than five certs now): | ||
show crypto ca trustpool | show crypto ca trustpool | ||
Now license the router: | 4. Now license the router: | ||
license smart register idtoken | license smart register idtoken <insert_token_here> | ||
show license status | show license status | ||
Latest revision as of 01:17, 13 February 2024
General
Show Pending Commit Changes
show commit changes diff
Show all VLANs in a building
(might not be applicable if you don't work where I work)
show run int be 1[BLDG#].*
Find MAC Addresses in ARP Table
(must know VRF first)
show arp vrf r[0000] | inc [last4MAC]
Show DHCP Helper(s) for a VRF
show run | beg profile r1570 relay
Show Uptime of a Node/Linecard
admin show logging onboard uptime loc 1/0/CPU0
Packet Capture
1. On A9k:
Add monitor-session to the interface on which you wish to perform packet capture. If the monitor session is already on another interface, you may want to remove it from there first.
(config)# conf (config)# int be10121.910 (config-subif)# monitor-session rsb ethernet
2. On capture server (i.e., rsb-9k):
sudo tcpdump -ni p2p1 -w cap1.pcap
- -n
- don't resolve IP addresses
- -i
- specifies interfaces to listen on
- -w
- output file
Show any current monitor-sessions:
show monitor-session rsb status
Routing
Edit a Prefix List
edit prefix-list [prefix-list name] vim
Clear an ARP Entry
clear arp-cache bundle-ether 20011.2105 [A.B.C.D] location all
SFP/Optics
Show Optical Transceiver Info
show controllers Hu0/0/0/7 phy
Initial Config
OOB Management & SSH Config
hostname router-1
domain vrf management name davehome.net
domain vrf management name-server 10.4.4.4
domain vrf management name-server 10.8.8.8
vrf management
description OOB Management
address-family ipv4 unicast
!
!
control-plane
management-plane
out-of-band
vrf management
interface MgmtEth0/RP0/CPU0/0
root
!
!
!
interface MgmtEth0/RP0/CPU0/0
vrf management
ipv4 address 10.16.0.2 255.255.255.0
no shutdown
!
router static
vrf management
address-family ipv4 unicast
0.0.0.0/0 10.16.0.1
!
!
!
ssh server v2
ssh server vrf management
TACACS Config
tacacs source-interface MgmtEth0/RP0/CPU0/0 vrf management aaa group server tacacs+ authservers vrf management server-private 10.9.1.1 port 49 key 0 <insert key here> ! server-private 10.9.2.2 port 49 key 0 <insert key here> ! ! aaa accounting exec default start-stop group authservers aaa accounting system default start-stop group authservers aaa accounting commands default start-stop group authservers aaa authorization exec default group authservers local aaa authorization commands default group authservers local aaa authentication login default group authservers local
Smart Licensing
1. In config mode:
call-home vrf management service active contact smart-licensing source-interface MgmtEth0/RP0/CPU0/0 profile CiscoTAC-1 active destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService destination transport-method http ! ! crypto ca trustpoint Trustpool vrf management
2. In exec mode:
Our NCS' didn't ship with all the CA's, so we downloaded them:
crypto ca trustpool import url http://www.cisco.com/security/pki/trs/ios.p7b
3. Check to make sure CA's were installed (should be more than five certs now):
show crypto ca trustpool
4. Now license the router:
license smart register idtoken <insert_token_here>
show license status