My Network Engineer

Tuesday, June 28, 2016

ASA CAPTURE USER TRAFFIC FROM FIREWAL

===================================================================================================================================

Collect captures on the ASA for further analysis for the specific user IP following the below procedure

1. Apply captures

#cap capout interface outside buffer 33554432 circular-buffer match tcp host A.B.C.D host 12.182.253.167

#cap capdmz interface dmz buffer 33554432 circular-buffer match tcp host A.B.C.D host 192.168.200.167

#cap asp type asp-drop all circular-buffer buffer 33554432

2. Clear the captures

Clear cap /all

3. Wait when the user gets disconnected and stop the captures

no cap capout interface outside

no cap capdmz interface dmz

no cap asp type asp-drop all

Note the timestamp when the user got disconnected and provide me with the exact time

4. Collect the captures via TFTP or FTP

copy /pcap capture:capout ftp://anonymous:cisco@173.37.146.14/TAC--636095055-capout.pcap

copy /pcap capture:capdmz ftp://anonymous:cisco@173.37.146.14/TAC--636095055-capdmz.pcap

copy /pcap capture:asp ftp://anonymous:cisco@173.37.146.14/TAC--636095055-asp.pcap

5. Collect asp captures in text format

Sh cap asp | i 12.182.253.167

Sh cap asp | i 192.168.200.167

Sh cap asp | i A.B.C.D

6. It would be great if you also collect the syslogs from the ASA at the time when the issue happen

===================================================================================================================

Disclaimer: This communication is for the exclusive use of the intended recipient(s) and shall not attach any liability on the originator or ITC Infotech India Ltd./its Holding company/ its Subsidiaries/ its Group Companies. If you are the addressee, the contents of this e-mail are intended for your use only and it shall not be forwarded to any third party, without first obtaining written authorization from the originator or ITC Infotech India Ltd./ its Holding company/its Subsidiaries/ its Group Companies. It may contain information which is confidential and legally privileged and the same shall not be used or dealt with by any third party in any manner whatsoever without the specific consent of ITC Infotech India Ltd./ its Holding company/ its Subsidiaries/ its Group Companies.

ASA capture

cap asp type asp-drop all circular-buffer

Friday, October 16, 2015

Nexus Port-channel - path command

Nexus Port-channel - path command

Syntax : show port-channel load-balance forwarding-path interface port-channel <portchanne number> dst-ip <X.X.X.X> src-ip <X.X.X.X> dst-mac <XXXX.XXXX.XXXx> src-mac <XXXX.XXXX.XXXX> module <ingress module number>

Sample : show port-channel load-balance forwarding-path interface port-channel 112 dst-ip 10.20.207.175 src-ip 10.20.50.91 dst-mac 0015.17b8.453a src-mac 0026.9815.8041 module 7

Wednesday, August 5, 2015

IOS Upgrade to Stack Switch.

Please follow the next steps to upgrade the entire stack:

--------------------------------------------------------------------------

If master switch flash (flash 1) is master here with updated IOS 15.0 Version.

1- Delete the old IOS from switches 2,3 & 4

switch#delete flash2:<old_image>

switch#delete flash3:<old_image>

switch#delete flash4:<old_image>

2- Now we have enough space to upload the new code for the two members. So please upload the image into the flash

3- Verify the integrity of the new image

switch#verify flash:/<new_image>

4- Change the boot variable for the entire stack

switch(config)#boot system switch all flash:<new_image>

Note: If the above is not supported we may need to do it manually for each member as like below

switch(config)#boot system switch 2 flash:<new_image>

switch(config)#boot system switch 3 flash:<new_image>

switch(config)#boot system switch 4 flash:<new_image>

5- For both cases we need to save the changes

switch#wr

6- Need to check that we have the correct boot statement on each switch

switch#show bootvar

7-We can reload the entire stack, after deleted old image, uploaded new one, verified the integrity of the IOS, corrected boot statement.

Switch#reload slot 3

Just for theory --> Copying the IOS from TFTP server instead from inside the switch.

IOS File will be --> 16 to 17 Mb

check the space by the command --> dir flash1:

If full then delete the IOS --> Switch#delete flash1: flash:c3750-i5-mz.XXX.bin

If space exist in Flash then copy IOS --> copy tftp: flash1: Address or name of remote host [172.22.1.165]?

Source filename [c3750−advipservicesk9−mz.122−25.SEE2]? c3750−advipservicesk9−.122−25.SEE2.bin

Set the IOS and reload --> Switch#boot system switch 1 flash:/c3750−advipservicesk9−mz.122−25.SEE2.bin

To Make the Switch as Master :

Switch(config)# switch 3 priority 15

Priority can be range from 1 to 15

Switch#write memory

Switch#reload slot 3

Monday, July 13, 2015

QOS flow in router

Please consider the environment before printing this e-mail

Disclaimer: This communication is for the exclusive use of the intended recipient(s) and shall not attach any liability on the originator or ITC Infotech India Ltd./its Holding company/ its Subsidiaries/ its Group Companies. If you are the addressee, the contents of this e-mail are intended for your use only and it shall not be forwarded to any third party, without first obtaining written authorization from the originator or ITC Infotech India Ltd./ its Holding company/its Subsidiaries/ its Group Companies. It may contain information which is confidential and legally privileged and the same shall not be used or dealt with by any third party in any manner whatsoever without the specific consent of ITC Infotech India Ltd./ its Holding company/ its Subsidiaries/ its Group Companies.

Wednesday, June 24, 2015

VPN best practices

1. Phase 1 life time [ 86400] should be greater than Phase 2 Life time [ 28800].

2. It is better to disable keep alive if other end is non Cisco device.

Thursday, May 28, 2015

Extended ping ToS Value voice

Here's the mapping you will need. "=" means something like "maps to" or "is equivelent to".

ef = dscp 46 = 101110 = tos 0xb8 (184) = ip prec 5

af31 = dscp 26 = 011010 = tos 0x68 (104) = ip prec 3

af32 = dscp 28 = 011100 = tos 0x70 (112) = ip prec 3

cs3 = dscp 24 = 011000 = tos 0x60 (96) = ip prec 3

You'll want to use the decimal tos values (in parenthesis) for your e-pings.