Cisco IOS-XR: Difference between revisions

From Dave-Wiki
Jump to navigation Jump to search
No edit summary
 
(8 intermediate revisions by the same user not shown)
Line 2: Line 2:


===Show Pending Commit Changes===
===Show Pending Commit Changes===
   # show commit changes diff
   show commit changes diff


===Show all VLANs in a building===
===Show all VLANs in a building===
''(might not be applicable if you don't work where I work)''
''(might not be applicable if you don't work where I work)''
   # sh run int be 1[BLDG#].*
   show run int be 1[BLDG#].*


===Find MAC Addresses in ARP Table===
===Find MAC Addresses in ARP Table===
''(must know VRF first)''
''(must know VRF first)''
   # sh arp vrf r[0000] | inc [last4MAC]
   show arp vrf r[0000] | inc [last4MAC]


===Show DHCP Helper(s) for a VRF===
===Show DHCP Helper(s) for a VRF===
   # sh run | beg profile r1570 relay
   show run | beg profile r1570 relay


===Show Uptime of a Node/Linecard===
===Show Uptime of a Node/Linecard===
   # admin show logging onboard uptime loc 1/0/CPU0
   admin show logging onboard uptime loc 1/0/CPU0
 
 
=Packet Capture=
1. On A9k:
 
Add monitor-session to the interface on which you wish to perform packet capture. If the monitor session is already on another interface, you may want to remove it from there first.
 
  (config)# conf
  (config)# int be10121.910
  (config-subif)# monitor-session rsb ethernet
 
2. On capture server (i.e., rsb-9k):
 
  sudo tcpdump -ni p2p1 -w cap1.pcap
 
;-n: don't resolve IP addresses
;-i: specifies interfaces to listen on
;-w: output file
 
Show any current monitor-sessions:
 
  show monitor-session rsb status
 


=Routing=
=Routing=


===Edit a Prefix List===
===Edit a Prefix List===
   RP/0/RSP0/CPU0:a9k# edit prefix-list [prefix-list name] vim
   edit prefix-list [prefix-list name] vim


===Clear an ARP Entry===
===Clear an ARP Entry===
   # clear arp-cache bundle-ether 20011.2105 [A.B.C.D] location all
   clear arp-cache bundle-ether 20011.2105 [A.B.C.D] location all




Line 30: Line 53:


===Show Optical Transceiver Info===
===Show Optical Transceiver Info===
   # sh controllers Hu0/0/0/7 phy
   show controllers Hu0/0/0/7 phy





Latest revision as of 01:17, 13 February 2024

General

Show Pending Commit Changes

 show commit changes diff

Show all VLANs in a building

(might not be applicable if you don't work where I work)

 show run int be 1[BLDG#].*

Find MAC Addresses in ARP Table

(must know VRF first)

 show arp vrf r[0000] | inc [last4MAC]

Show DHCP Helper(s) for a VRF

 show run | beg profile r1570 relay

Show Uptime of a Node/Linecard

 admin show logging onboard uptime loc 1/0/CPU0


Packet Capture

1. On A9k:

Add monitor-session to the interface on which you wish to perform packet capture. If the monitor session is already on another interface, you may want to remove it from there first.

 (config)# conf
 (config)# int be10121.910
 (config-subif)# monitor-session rsb ethernet

2. On capture server (i.e., rsb-9k):

 sudo tcpdump -ni p2p1 -w cap1.pcap
-n
don't resolve IP addresses
-i
specifies interfaces to listen on
-w
output file

Show any current monitor-sessions:

 show monitor-session rsb status


Routing

Edit a Prefix List

 edit prefix-list [prefix-list name] vim

Clear an ARP Entry

 clear arp-cache bundle-ether 20011.2105 [A.B.C.D] location all


SFP/Optics

Show Optical Transceiver Info

 show controllers Hu0/0/0/7 phy


Initial Config

OOB Management & SSH Config

 hostname router-1
 
 domain vrf management name davehome.net
 domain vrf management name-server 10.4.4.4
 domain vrf management name-server 10.8.8.8
 
 vrf management
  description OOB Management
  address-family ipv4 unicast
  !
 !
 
 control-plane
  management-plane
   out-of-band
    vrf management
    interface MgmtEth0/RP0/CPU0/0
    root
   !
  !
 !
 
 interface MgmtEth0/RP0/CPU0/0
  vrf management
  ipv4 address 10.16.0.2 255.255.255.0
  no shutdown
 !
 
 router static
  vrf management
   address-family ipv4 unicast
    0.0.0.0/0 10.16.0.1
   !
  !
 !
 
 ssh server v2
 ssh server vrf management

TACACS Config

 tacacs source-interface MgmtEth0/RP0/CPU0/0 vrf management
 
 aaa group server tacacs+ authservers
  vrf management
  server-private 10.9.1.1 port 49
   key 0 <insert key here>
  !
  server-private 10.9.2.2 port 49
   key 0 <insert key here>
  !
 !
 
 aaa accounting exec default start-stop group authservers
 aaa accounting system default start-stop group authservers
 aaa accounting commands default start-stop group authservers
 aaa authorization exec default group authservers local
 aaa authorization commands default group authservers local
 aaa authentication login default group authservers local

Smart Licensing

1. In config mode:

 call-home
  vrf management
  service active
  contact smart-licensing
  source-interface MgmtEth0/RP0/CPU0/0
  profile CiscoTAC-1
   active
   destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
   destination transport-method http
  !
 !
 
 crypto ca trustpoint Trustpool
  vrf management

2. In exec mode:

Our NCS' didn't ship with all the CA's, so we downloaded them:

 crypto ca trustpool import url http://www.cisco.com/security/pki/trs/ios.p7b

3. Check to make sure CA's were installed (should be more than five certs now):

 show crypto ca trustpool

4. Now license the router:

 license smart register idtoken <insert_token_here>
 show license status