Recently, I have had an issue on a Core Switch. This switch was running at 80% of CPU for 3 days. The CPU was not monitored and we have not received a syslog message on our server.
Also, I have decided to use the following command (on 4k5) in order to trigger a syslog alert in case of High CPU:
process cpu threshold type total rising 60 interval 20
This command trigger a syslog alert if the CPU exceeds 60 percent for a period of 20 seconds.
Thursday, June 20, 2013
Saturday, June 8, 2013
EEM - Generate a customized syslog message
In order to generate a customized syslog message, you can use EEM (Embedded Event Manager). This is a Cisco tool. It helps to monitor events and generates an action when an particular event occur. In my case, I would like generate a customized Cisco log message if my primary WAN link is down. This message will have an 'alerts' level with my own description. By default, if an interface goes down it will only generate a 'informational' message. The policy of my syslog server is to generate an email only if I receive an 'error' level message.
I monitor interface giga1/1. If this this interface goes down (log message), I generate my customized message. You can see below the configuration:
event manager applet WanMonitor
event syslog pattern "Interface GigabitEthernet1/1, changed state to administratively down"
action 1.0 syslog priority alerts msg "PRIMARY WAN LINK is DOWN on Core 1"
Thursday, August 23, 2012
Giant frames on VSL link
I was checking the VSL link on a network and I have found a lot of giant:
show int Te1/5/5TenGigabitEthernet1/5/4 is up, line protocol is up (connected)
8 runts, 1739095 giants, 0 throttles
I have searched on cisco.com and I have found the following:
The VSL carries data traffic and in-band control traffic between the two chassis. All frames forwarded over the VSL link are encapsulated with a special 32-byte header, which provides information for the VSS to forward the packet on the peer chassis.
I guess if a packet close to1500 MTU is received and a 32-byte header is added, we have giant packet. If I'm wrong, don't hesitate to correct me.
show int Te1/5/5TenGigabitEthernet1/5/4 is up, line protocol is up (connected)
8 runts, 1739095 giants, 0 throttles
I have searched on cisco.com and I have found the following:
The VSL carries data traffic and in-band control traffic between the two chassis. All frames forwarded over the VSL link are encapsulated with a special 32-byte header, which provides information for the VSS to forward the packet on the peer chassis.
I guess if a packet close to1500 MTU is received and a 32-byte header is added, we have giant packet. If I'm wrong, don't hesitate to correct me.
Thursday, August 9, 2012
VPN connexion and Internet Access
When you are connected to a VPN session, normally you can access to the corporate LAN.
However, it's also possible to have access (in the same time) to Internet.
To do this on ASA, you have to configure some NAT rule.
All traffic that will go to Internet have to use the Internet facing interface like source IP address.
The configuration below is an example that can be applied:
All traffic with VPN IP Pool source address and with Internet destination will match this NAT rule.
Source address will be modified with the outside interface.
However, it's also possible to have access (in the same time) to Internet.
To do this on ASA, you have to configure some NAT rule.
All traffic that will go to Internet have to use the Internet facing interface like source IP address.
The configuration below is an example that can be applied:
ip local pool Pool_VPN 192.168.40.10-192.168.40.250 mask 255.255.255.0
!
interface GigabitEthernet0/1
description Outside Facing Interface
nameif INTERNET
security-level 0
ip address 199.199.199.199 255.255.255.240
!
object network NAT-VPN-POOL
subnet 192.168.40.0 255.255.255.0
description Pool VPN
!
object network NAT-VPN-POOL
nat (any,INTERNET) dynamic interface
All traffic with VPN IP Pool source address and with Internet destination will match this NAT rule.
Source address will be modified with the outside interface.
Thursday, July 5, 2012
Are you impacted by DNS Changer ?
You can test if you are impacted by the virus DNS changer with the web site below:
http://www.dns-ok.ca/
Wednesday, April 25, 2012
SUP2T and access to CMP
Just a quick post to talk about the SUP2T and the CMP. CMP (Connectivity Management Processor) is an equivalent of the 'aux' port. On our lab we have decided to test this new feature.
But to access to this interface we need an IP address, but which address ? Maybe, there is DHCP server on this interface ?
We have tested and there is nothing. So we have decided looking for on the cisco web site without success. We have just found on a forum someone who has already encountered this issue.
And, the solution to access to the CMP (and configure it) is to use his default IP which is 192.168.1.101/24 (GW 192.168.1.1).
I hope this will help you. And you will not search everywhere on the cisco web site like us.
But to access to this interface we need an IP address, but which address ? Maybe, there is DHCP server on this interface ?
We have tested and there is nothing. So we have decided looking for on the cisco web site without success. We have just found on a forum someone who has already encountered this issue.
And, the solution to access to the CMP (and configure it) is to use his default IP which is 192.168.1.101/24 (GW 192.168.1.1).
I hope this will help you. And you will not search everywhere on the cisco web site like us.
Tuesday, March 13, 2012
Good bye ARP, welcome ICMPv6
Today I was working on an IPv6 lab. I wanted discover the relation between an address MAC and an IP address. So, on the windows machine I execute the command 'arp -a'. It's a bad reflex, why ? ARP no longer exists in IPv6. The equivalent is now realized with ICMPv6. So to discover the correlation between MAC and IP address we have to use these commands:
Interface 14: LAB
Internet Address Physical Address Type
-------------------------------------------- ----------------- -----------
fe80::2 00-14-1c-c9-d9-a8 Stale (Router)
fe80::214:1cff:fec9:d9a8 00-14-1c-c9-d9-a8 Stale (Router)
ff02::2 33-33-00-00-00-02 Permanent
ff02::5 33-33-00-00-00-05 Permanent
ff02::c 33-33-00-00-00-0c Permanent
ff02::16 33-33-00-00-00-16 Permanent
ff02::1:2 33-33-00-01-00-02 Permanent
ff02::1:3 33-33-00-01-00-03 Permanent
ff02::1:ff00:2 33-33-ff-00-00-02 Permanent
ff02::1:ff00:d 33-33-ff-00-00-0d Permanent
ff02::1:ff00:f 33-33-ff-00-00-0f Permanent
ff02::1:ff08:c77 33-33-ff-08-0c-77 Permanent
ff02::1:ffae:564d 33-33-ff-ae-56-4d Permanent
ff02::1:ffc9:d9a8 33-33-ff-c9-d9-a8 Permanent
- On a windows laptop:
Interface 14: LAB
Internet Address Physical Address Type
-------------------------------------------- ----------------- -----------
fe80::2 00-14-1c-c9-d9-a8 Stale (Router)
fe80::214:1cff:fec9:d9a8 00-14-1c-c9-d9-a8 Stale (Router)
ff02::2 33-33-00-00-00-02 Permanent
ff02::5 33-33-00-00-00-05 Permanent
ff02::c 33-33-00-00-00-0c Permanent
ff02::16 33-33-00-00-00-16 Permanent
ff02::1:2 33-33-00-01-00-02 Permanent
ff02::1:3 33-33-00-01-00-03 Permanent
ff02::1:ff00:2 33-33-ff-00-00-02 Permanent
ff02::1:ff00:d 33-33-ff-00-00-0d Permanent
ff02::1:ff00:f 33-33-ff-00-00-0f Permanent
ff02::1:ff08:c77 33-33-ff-08-0c-77 Permanent
ff02::1:ffae:564d 33-33-ff-ae-56-4d Permanent
ff02::1:ffc9:d9a8 33-33-ff-c9-d9-a8 Permanent
- On a Linux laptop (has to be validated):
- On a Cisco router:
R2#show ipv6 neighbors
IPv6 Address Age Link-layer Addr State Interface
FE80::4491:69A9:39F3:7344 5 000c.2928.4c53 STALE Fa0/0
2001:DB9:1:1:DD52:657C:D340:F2FF 19 000c.2980.fc6c STALE Fa0/0
2001:DB9:1:1:B140:2298:3E92:A99B 6 000c.2928.4c53 STALE Fa0/0
FE80::1 4 0016.479a.f630 STALE Fa0/0
FE80::20C:29FF:FE80:FC6C 19 000c.2980.fc6c STALE Fa0/0
2001:DB9:1:1::1 22 0016.479a.f630 STALE Fa0/0
IPv6 Address Age Link-layer Addr State Interface
FE80::4491:69A9:39F3:7344 5 000c.2928.4c53 STALE Fa0/0
2001:DB9:1:1:DD52:657C:D340:F2FF 19 000c.2980.fc6c STALE Fa0/0
2001:DB9:1:1:B140:2298:3E92:A99B 6 000c.2928.4c53 STALE Fa0/0
FE80::1 4 0016.479a.f630 STALE Fa0/0
FE80::20C:29FF:FE80:FC6C 19 000c.2980.fc6c STALE Fa0/0
2001:DB9:1:1::1 22 0016.479a.f630 STALE Fa0/0
Subscribe to:
Posts (Atom)