Search this Blog

Wednesday, May 30, 2012

Cisco 1941 K9 - password recovery steps

What are the steps to recover password in a  Cisco 1941 K9?

Perform these steps in order to recover your password:

1) Attach a terminal or PC with terminal emulation to the console port of the router. Use these terminal settings:
Refer to these documents for information on how to cable and connect a terminal to the console port or the AUX port:
  • Cabling Guide for Console and AUX Ports
  • Connecting a Terminal to the Console Port on Catalyst Switches
  • Connect a Terminal to Catalyst 2948G-L3, 4908G-L3, and 4840G Series Switches
  • 9600 baud rate
  • No parity
  • 8 data bits
  • 1 stop bit
  • No flow control
2) If you can access the router, type show version at the prompt, and record the configuration register setting. See Example of Password Recovery Procedure in order to view the output of a show version command.
Note: The configuration register is typically set to 0x2102 or  0x102. If you can no longer access the router (because of a lost login  or TACACS password), you can safely assume that your configuration  register is set to 0x2102.
 
3) Use the power switch in order to turn off the router, and then turn the router back on.

Note:
In order to simulate this step on a Cisco 6400, pull out and then  plug in the Node Route Processor (NRP) or Node Switch Processor (NSP)  card.
In order to simulate this step on a Cisco 6x00 with NI-2, pull out and then plug in the NI-2 card.
 
4) Press Break on the terminal keyboard a couple of times after you see the message program load complete, entry point: 0x80008000, size: 0x6fdb4c in order to put the router into ROMMON.
Note: The values of entry point and size are subjected to the routers.
If the break sequence does not work, refer to Standard Break Key Sequence Combinations During Password Recovery for other key combinations.
If unable to break into ROMMON mode, perform these steps:
Remove flash.
Reload the router. Router will end up in ROMMON mode.
Insert flash.
Perform standard procedure for password recovery.
 
5) Type confreg 0x2142 at the rommon 1> prompt in order to boot from Flash.
This step bypasses the startup configuration where the passwords are stored.

6) Type reset at the rommon 2> prompt.
The router reboots, but ignores the saved configuration.
 
7) Type no after each setup question, or press Ctrl-C in order to skip the initial setup procedure.
 
8) Type enable at the Router> prompt.
You are in enable mode and should see the Router# prompt.
 
9) Type configure memory or copy startup-config running-config in order to copy the nonvolatile RAM (NVRAM) into memory.
 Warning: Do not enter copy running-config startup-config or write. These commands erase your startup configuration.
 
10) Type show running-config.
The show running-config command shows the configuration of the router. In this configuration, the shutdown command appears under all interfaces, which indicates all interfaces  are currently shut down. In addition, the passwords (enable password,  enable secret, vty, console passwords) are in either an encrypted or  unencrypted format. You can reuse unencrypted passwords. You must change  encrypted passwords to a new password.
 
11) Type configure terminal.
The hostname(config)# prompt appears.
 
12) Type enable secret in order to change the enable secret password. For example:
hostname(config)#enable secret cisco

13) Issue the no shutdown command on every interface that you use.
If you issue a show ip interface brief command, every interface that you want to use should display up up.
 
14) Type config-register . Where configuration_register_setting is either the value you recorded in step 2 or 0x2102 . For example:
hostname(config)#config-register 0x2102

15) Press Ctrl-z or end in order to leave the configuration mode.
The hostname# prompt appears.
 
16) Type write memory or copy running-config startup-config in order to commit the changes.


Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

How do you configure ERSPAN Between Two Routers

We are trying to mirror traffic from one router to another with below config:
 
R1:
 
R1#sh run | sec monitor
monitor session 1 type erspan-source
source interface Gi0/0/3 rx
destination
  erspan-id 100
  ip address 192.168.0.0
  origin ip address 192.168.0.1
 
R11#sh monitor session all
Session 1
---------
Type                   : ERSPAN Source Session
Status                 : Admin Enabled
Source Ports           :
    RX Only            : Gi0/0/3
Destination IP Address : 192.168.0.0
 
Destination ERSPAN ID  : 100
Origin IP Address      : 192.168.0.1
 
R2:
 
R2#sh run | sec monitor
monitor session 1 type erspan-destination
destination interface Gi0/0/4
source
  erspan-id 100
  ip address 192.168.0.1
R2#sh monitor session all
Session 1
---------
Type                   : ERSPAN Destination Session
Status                 : Admin Enabled
Destination Ports      : Gi0/0/4
Source IP Address      : 192.168.0.1
Source ERSPAN ID       : 100
 
R2#sh platform hardware qfp active feature erspan state
ERSPAN State:
  Status    : Active
  Complexes : 1
  CPPs      : 1
Capabilites:
  Max sessions : 1024
  Max outputs  : 128
  Encaps type  : ERSPAN type-II
  GRE protocol : 0x88BE
  MTU          : 1464
  IP TOS       : 0
  IP TTL       : 255
  COS          : 0
System Statistics:
  DROP src session replica  :                  0 /                  0
  DROP term session replica :                  0 /                  0
  DROP receive malformed    :                  0 /                  0
DROP receive invalid ID   :           24321174 /        21427043334
  DROP recycle queue full   :                  0 /                  0
  DROP no GPM memory        :                  0 /                  0
  DROP no channel memory    :                  0 /                  0
Client Debug Config:
  Enabled: Info, Warn
Data Path Debug Config:
  0x00000000
 
Note:  192.168.0.0 is R2's loopback. 192.168.0.1 is R1's loopback.
 
The configuration seems OK and traffic was mirror from R1 to R2 but it was dropped at R2 with DROP receive invalid ID increasing.


The ERSPAN-Destination session should have the Source IP Address as the IP address (192.168.0.0) and not the Origin IP Address which you have configured.

ip address in destination session and ip address in source session should match. If they don't- that is causing the drops you see.

Please try the following:
- remove both sessions completely
- configure both with new session id - e.g. 101
- configure "ip address" in source and destination sessions to be 192.168.0.0
- have "plim ethernet vlan filter disable"command on outgoing interface

For "plim ethernet vlan filter disable" - it is used to disable filter for packets tagged with VLAN as by default ASR drop them in older versions.


Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

Wednesday, May 23, 2012

GLC-GE-100FX - Connection to 3550 Switch over MMF

We have an OM1 MMF fiber run between two switches, the first being a 3750 and the second being a 3550.

The link currently exceeds the maximum distance for OM1 @ 1000Mb/s (220m) so we would like to downgrade the link to 100FX using the necessary SFP's/GBIC's to extend the maximum distance to 550m and run the link @ 100Mb/s.


We have the part code for the 100FX SFP to install in the 3750 (GLC-GE-100FX) but cant find a 100FX GBIC for the 3550, does anyone know if i can use a 1000SX GBIC (WS-G5484) for the 3550 at one end and the 100FX SFP at the other? Has anyone had success with this configuration over MMF?


No, you can't use 1000Base-X fiber GBIC to implement Fast Ethernet link. The G5484 will NOT negotiate to any speed other than 1 Gbps.You need to use some sort of external FE media converter instead


Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

Thursday, May 17, 2012

C6509-E : EARL L3 ASIC: Non-fatal interrupt Netflow interrupt

 Since a while (we don't know exactly when it started), we can see this log entry on our 6509-E device :
%EARL_L3_ASIC-SW1_DFC3-3-INTR_WARN: EARL L3 ASIC: Non-fatal interrupt Netflow interrupt
 
It appears every second. We are looking for information about that. But we are not able to find anything on the web.
Netflow config is :
ip flow-export source Loopback0
ip flow-export version 9
ip flow-export destination 10.139.16.196 9996
 
Switch config is the same on another device. That one doesn't get this log entry.

We did a "diagnostic level complete"  and then reset the module 3 of the switch 1. But we still get the same error message every  second.
Could the module 3 be defect ?

If the problem is persistent that would indicate bad memory on module 3 used for netflow. It is reporting a sigle bit parity error each time the suspect memory is addressed. ECC on the card is correcting the bit flip and alerting you of the event. We dont see this being a transient issue and we recommend you open a TAC case and have the module replaced.


Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

Wednesday, May 16, 2012

%C4K_SWITCHINGENGINEMAN-3-PPECELLDUPDETECTED: Free cell duplicate(s) detected 46A0. System will be reset


We have encountered this error a year ago with a primary core switch and also a secondary core switch last February. We replaced the Supervisor Module already since from previous post and from another source in Cisco TAC, it seems to be a hardware issue that is something to do with the SUP ENGINE Processor. Is there a fix for this issue or we need to replace the Supervisor Module IV again? Below is the version and logs messages.
 
Cisco IOS Software, Catalyst 4000 L3 Switch Software (cat4000-I9S-M), Version 12.2(25)EWA14, RELEASE SOFTWARE (fc1)
 
%C4K_SWITCHINGENGINEMAN-3-PPECELLDUPDETECTED: Free cell duplicate(s) detected 46A0. System will be reset.

The error message means there was a parity error on the supervisor.  SUP-IV and lower do not have parity correction support. When memory  corruption occurs on the supervisor is can cause corruption for all the  remaining packet buffers. The supervisor is reset to avoid a prolonged  outage. If this has only happened once on this supervisor module I would  monitor status and replace if it happens again. While parity errors are  unavoidable they are rare.

This is not a software issue but we have a defect that provides a bit more detail CSCsg28982.


Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

Sunday, May 13, 2012

Command to verify MDIX on cisco 2960 -S switch

We have configured mdix on port gi1/0/7 as
mdix auto

IT does not show in running config. Is there a command which we can use to verify mdix on port?

To verify the settings on port 23

switch# sh controllers ethernet-controller g0/23 phy detail | in MD
Auto-MDIX                             :  On   [AdminState=1   Flags=0x00052248]


Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

Friday, May 11, 2012

Facing issue with POE for WS-X4648-RJ45V+E module on 4500

The POE module  WS-X4648-RJ45V+E i on 4506 is getting faulty i.e  the desktops are getting connected but the module is not able to deliver power to the ip phone.
I tried and replaced the module  but it worked for  some time and again got faulty.This way my three modules have gone faulty even I tried and changed the slot but no results.
I am not able to trace out whether this issue is with some phones connected on the moudle.
thing is the show power commands o/p seems to be normal, once the power over limit logs are getting generated prior to the failure of POE on the module.

Almost about 40 avaya Ip phones are connected on the module. The following errors are generated for the module
INLINEPOWEROVERWARNING: Module 2 inline power exceeds threshold: status changed to 'Pwr Over'
INLINEPOWEROK: Module 2 inline power within limits: status changed to 'Ok'


This problem could be related to a known bug, if you are using 1400W power supplies.

%C4K_IOSMODPORTMAN-4-INLINEPOWEROVERWARNING:

Inline power exceeds threshold:Module status changed to 'Pwr Over'
This message indicates that the measured PoE is higher than the  configured value. The switch has either mis-configured PoE or an  unauthorized powered device that is connected to the switch and is drawing a  lot of PoE. In installations with a 1400 W DC power supply, this warning can  be a false positive.
 
Recommended Action:
You can use the show power detail command and  keyword or the show module command to compare the administrative  (configured) power (measured) consumption to the operating power  consumption. Verify that PoE is set correctly and that no unauthorized  powered devices are connected to the switch. For more information, refer to  bug ID CSCef49715.

bugID - CSCef49715;

Symptom
:
Catalyst 4500 with 1400 DC power supply may report "Pwr Over" or "Pwr Fault"
status for the following modules

- WS-X4248-RJ45V
- WS-X4248-RJ21V
- WS-X4548-GB-RJ45V

The following logging messages may also be generated

%C4K_IOSMODPORTMAN-4-INLINEPOWEROVERWARNING: Measured inline power higher than
configured value

%C4K_IOSMODPORTMAN-2-INLINEPOWEROVERCRITICAL: Measured inline power exceeds
module limit

Condition:
The above symptoms are typically generated if one of the PoE devices connected
to the module is drawing more power than it should. Make sure the connected
devices are not drawing more power than expected. However, in systems using
1400W DC power supplies, it is also possible that due to an anomaly in the
measuring mechanism in these linecards, the messages and associated status are
erroneously displayed. There is NO functionality/performance impact due to this
condition. The modules are safe and would have no impact to the operation of the
switch or the connected PoE devices.

Troubleshooting steps:
This situation may be caused by a device that is using more inline power than
allocated. Please make sure that the right amount of inline power has been
allocated to each device. If the inline power allocation is correct, start
pulling out one device at a time and see if the power usage decreases as
expected. (You can use the command, "#show power detail" to see the inline
power allocated to the module (admin) and the inline power used (operating).)
If the "inline power used" decreases sharply when a device is disconnected,
chances are that this device is using more inline power than allocated.
Avoiding using this device should solve your problem.

If after disconnecting all the devices on the module, the inline power usage
is still high, and the system does not use 1400W DC power, call TAC.

Workaround

On 1400W DC powered systems, this is a cosmetic problem but here are the
workarounds

- If this happens with PWR-C45-1400DC-P (DC power supply), using
other type of power supplies (e.g. AC power supply) would avoid this problem

- To prevent this from happening with this combination of Power Supply and
Linecards, make sure to insert the modules atleast after about 1 second after
the 12v (data) and 48v (inline power) power supply switches has been turned
on. In other words, power cycle the switch without these linecards in the
chassis and insert them once the switch is powered up.

If this message is seen on a system with 1400W DC power, please refer to the
steps mentioned in "Recommended Action".

Recommended action:
1. Collect the output of "show power detail".
2. Contact TAC to open case and attach the above output.
3. In agreement with TAC, please raise an RMA from Mfg-new and EFA the board.
 

Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

Wednesday, May 9, 2012

Cisco vss - connect from access switch with no etherchannel

Can we dual connect my access switch to my 6509s running vss. Will the spanning tree still block one of the ports if we don't set up an ethernet channel?

Assuming a basic topology where there is no VLAN trunking etc going on then yes, STP will block one of the links as you have created a layer 2 loop.

If the links were VLAN trunks and carrying all VLAN's on both links, the above blocking scenario would also apply.

If the links were VLAN trunks and only carrying a subset of VLANs on link #1 and another subet on link #2 (e.g. VLAN's 100 and 110 on link 1 and VLAN's 200 and 210 on link 2) then no blocking would occur as there would be no layer 2 loop.

That should cover off pretty much all the scenarios you could use.


Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.
 
/* Google Analytics begin ----------------------------------------------- */ /* Google Analytics end ----------------------------------------------- */