This blog is designed to provide information about Routing, switching, Security, Data Center technologies for CCNA /CCNP/CCIE aspirants. Every effort has been made to make this blog as complete and as accurate as possible, but no warranty or fitness is implied
This works exactly the same way as static, except it bypasses NAT. It does not require the connection to be initiated from the higher security interface before the host on the lower security interface can create a connection to the host on the higher security level interface.
nat (inside_interface_name) 0 0.0.0.0 0.0.0.0
This bypasses NAT, but requires the host on the higher security interface to first initiate a connection to the host on the lower security interface before the host on the lower security interface can initiate a connection.
The Command Scheduler (KRON) Policy for System Startup features enables support for Command Scheduler upon system startup.
Command Scheduler allows customers to schedule fully-qualified EXEC mode CLI commands to run once, at specified intervals, at specified calendar dates and times, or upon system startup. Originally designed to work with CNS commands, Command Scheduler has a broader application. Using the CNS image agent feature, remote routers residing outside a firewall or using Network Address Translation (NAT) addresses can use Command Scheduler to launch CLI at intervals to update the image running in the router.
Command Scheduler has two basic processes. A policy list is configured containing lines of fully-qualified EXEC CLI commands to be run at the same time or interval. One or more policy lists are then scheduled to run after a specified interval of time, at a specified calendar date and time, or upon system startup. Each scheduled occurrence can be set to run once only or on a recurring basis.
Commands
RX2(config)# kron policy-list netx
RX2(config-kron-policy)# cli sh running-config | redirect tftp://172.16.1.150/backup-cfg
RX2(config-kron-policy)# exit
RX2(config)# kron occurrence netx-kron at 10:00 recurring
RX2(config-kron-occurrence)# policy-list netx
RX2(config-kron-occurrence)# exit
Verification:
RX2#sh kron schedule
Kron Occurrence Schedule
netx-kron inactive, will run again in 0 days 21:03:06 at 10:00 on
The above configuration can be used to schedule automatic backup of Cisco Router Configuration. As per the configuration given, Router is scheduled to take backup at 10:00AM everyday to TFTP Server specified.
The above configuration can be used to schedule automatic backup of Cisco Router Configuration. As per the configuration given, Router is scheduled to take backup every 24hrs as well as when ever user saves the changes using write-memory command to TFTP Server specified in path command.
The Configuration Change Notification and Logging feature tracks changes made to the Cisco IOS software running configuration by maintaining a configuration log. This configuration log tracks changes initiated only through the command-line interface (CLI) or HTTP. Only complete commands that result in the invocation of action routines are logged. The following types of entries are not logged:
•Commands that result in a syntax error message
•Partial commands that invoke the router help system
For each configuration command that is executed, the following information is logged:
•The command that was executed
•The configuration mode in which the command was executed
•The name of the user that executed the command
•The time at which the command was executed
•A configuration change sequence number
•Parser return codes for the command
You can display information from the configuration log through the use of the show archive log config command, with the exception of the parser return codes, which are for use by internal Cisco IOS applications only.
About Configuration Change Notifications and Config Change Logging
You can configure the Configuration Change and Notification Logging feature to send notification of configuration changes to the Cisco IOS software system logging (syslog) process. Syslog notifications allow monitoring of the configuration log information without performing polling and information gathering tasks.
The Configuration Change Notification and Logging feature allows the tracking of configuration changes entered by users on a per-session and per-user basis. This tool allows administrators to track any configuration change made to the Cisco IOS software running configuration, and identify the user that made that change.
Commands
RX2(config)#archive
RX2(config-archive)# log config
RX2(config-archive-log-cfg)# hidekeys
RX2(config-archive-log-cfg)# logging enable
RX2(config-archive-log-cfg)# notify syslog
RX2(config-archive-log-cfg)# exit
Keyword “hidekeys” suppresses output of password while logging.
Troubleshooting OSPF Commands -----------------------------------------
Show IP OSPF
Show IP OSPF Database
Show IP OSPF Database Database-Summary
show ip ospf neighbor
show ip ospf neighbor detail
show ip ospf interface
show ip ospf virtual-links
sh ip ospf stat
show ip ospf borders-routers
show ip ospf database self-originate
show ip ospf database adv-router x.x.x.x Adjacency Is Not Coming Up ---------------------------------
Layer 2 is down
OSPF not enabled on the interface
Mismatched subnet mask
Mismatched authentication key
Mismatched area ID
Mismatched transit/stub/NSSA option
Useful Commands for This Problem:
Show IP OSPF neighbor
Show IP OSPF interface
Debug IP OSPF adjacency
Neighbor Stuck in ATTEMPT state -----------------------------------------
Our hellos are getting lost in NBMA cloud
Neighbor hellos are getting lost in NBMA cloud
We received neighbor’s hello but rejects it for some reason
Misconfigured neighbor statement
Broken Unicast Neighbor Stuck in INIT state ----------------------------------
One side is blocking the hello packet with access-list
One side is translating (NAT) OSPF hello
One side multicast capabilities is broken (Layer 2)
Dialer map or Frame Relay map is missing keyword ‘broadcast’ Neighbor Stuck in 2-WAY state -------------------------------------
This is normal in broadcast network types
This is to reduce the amount of flooding on the wire
Problem can happen if all the router are configured with priority equal to ‘0’
Take care which routers are configured with priority 0 so they don’t participate in DR election Neighbor Stuck in EXSTART/EXCHANGE -------------------------------------------------
MTU mismatch—EXCHANGE
Note: If Cisco IOS is < 12.0.3 neighbor will show stuck in EXCHANGE
Neighbor RID is same as ours—EXSTART
Note: If Cisco IOS is > 12.0.7, it displays msg: %OSPF-3-DUP_RTRID & OSPF neighbor list will be empty
Unicast is broken—EXCHANGE
a. Wrong VC/DLCi mapping in frame/ATM environment in highly redundant network
b. MTU problem, can’t ping across with more than certain length packet
c. Access-list blocking unicast; after two-way OSPF send unicast packet except p2p links
d. NAT is translating unicast packet
Between PRI and BRI/dialer and network type is p2p—EXCHANGE Neighbor Stuck in LOADING state ----------------------------------------
LS request is being made and neighbor is sending bad packet or mem corrupt
a. Do show IP OSPF bad to see bad LSA
b. Show log will show OSPF-4-BADLSATYPE msg
LS request is being made and neighbor is ignoring the request
MTU mismatch problem (RFC 1583 and 2178 compatibility issue) . OSPF should detect if the neighbor MTU is smaller than ours. Currently available in latest 12.3 and 12.0S.
Information is in the Database, but Not in the Routing Table -----------------------------------------------------------------------
Generally caused due to any filtering options enabled
Mismatched Network Types
Point-to-Point Numbered and Unnumbered Links
Different Mask or IP Subnet on P2P Links
Address Flipped on Dual Links
Forwarding Address Problem
Discontigous Backbone
