29 December 2009

Multicasting IGMP and PIM

IGMP = Layer 2 protocol for devices in the same subnet to JOIN to a multicast
PIM = Layer 3 protocol to join subnets to the common multicast

IGMP version 1 sends messages to 224.0.0.1 (all hosts multicast group)
IGMP version 2 sends messages to 224.0.0.2 (all routers multicast group)

All routers will ignore the JOIN message, except the Designated Router (DR).

For routers to forward multicast use:
    ip multicast-routing

For router interface to listen for IGMP (which joins election for DR)
    interface XXX
      ip pim (sparse-mode | dense-mode | sparse-dense-mode)

Sparse Mode = Uses rendezvous  point to reduce bandwidth usage.
Dense Mode = Multicast packets from a source are flooded to all areas of a PIM-DM network.

INTERFACE MULTICAST SUBSCRIPTION

interface XXX
 ip igmp join-group
  or
  ip igmp static-group  

join-group = The router will join the multicast IP, and therefore "process switches" the data.
static-group = The router "fast switches" the multicast data to the interace. Saves CPU

SHOW COMMANDS

sh ip igmp interface - Shows interface's IGMP settings, IGMP joins, and the IGMP designated router (DR)
sh ip igmp membership (or groups) - Shows multicast groups, the router is routing for (ie propagating)


sh ip pim rp - Shows rendezvous point for PIM in sparse (or sparse-dense) mode
sh ip pim neighbor - Shows neighbours also running IGMP/PIM
sh ip pim interface - Show interfaces running IGMP/PIM


sh ip rpf x.x.x.x - Shows return parth to get the to the source of the multicast

sh ip mroute - Show sources of mutlicast
sh ip mroute counter - Shows multicast traffic stats (packets received and forwarded)
sh ip mroute active - Shows throughput of all active multicasts

More Reference
Cisco Multicast Troubleshooting Guide
Posted by at No comments:
Labels: , , , , , , ,

17 December 2009

Cisco Command Cheat Sheet


TERMINAL CONTROLS:
· Config# terminal editing - allows for enhanced editing commands
· Config# terminal monitor - shows output on telnet session
· Config# terminal ip netmask-format hexadecimal|bit-count|decimal - changes the format of subnet masks
Read more »
Posted by at No comments:
Labels: , , ,

15 December 2009

Cisco IP Phone Shortcuts

**# = Unlock settings
**#** = Restart
double '?'= Show codec details
Posted by at No comments:
Labels: , , , , ,

20 November 2009

Dot1q Tunneling on IOS Switch




Vlans 1-3 are encapsulated into VLAN 10 between Switch A to Switch C.

Read more »
Posted by at 3 comments:
Labels: , , ,

02 November 2009

ASA Connection Flags

Flags from
#sh conn

Read more »
Posted by at No comments:
Labels: , , ,

07 October 2009

ASA Teardown TCP Connection Log Message #302013

Conn-timeout
Connection ended because it was idle longer than the configured idle timeout.

Deny Terminate
Flow was terminated by application inspection.

FIN Timeout
Force termination after 10 minutes awaiting the last ACK or after half-closed timeout.

Flow closed by inspection
Flow was terminated by inspection feature.

Flow terminated by IPS
Flow was terminated by IPS.

Flow reset by IPS
Flow was reset by IPS.

Invalid SYN
SYN packet not valid.

Idle Timeout
Connection timed out because it was idle longer than timeout value.

IPS fail-close
Flow was terminated due to IPS card down.

SYN Control
Back channel initiation from wrong side.

SYN Timeout
Force termination after two minutes awaiting three-way handshake completion.

TCP bad retransmission
Connection terminated because of bad TCP retransmission.

TCP FINs
Normal close down sequence.

TCP Invalid SYN
Invalid TCP SYN packet.

TCP Reset-I
Reset was from the inside (high security).

TCP Reset-O
Reset was from the outside (low security).

TCP segment partial overlap
Detected a partially overlapping segment.

TCP unexpected window size variation
Connection terminated due to variation in the TCP window size.

Tunnel has been torn down
Flow terminated because tunnel is down.

Unauth Deny
Denied by URL filter.

Unknown
Catch-all error.

Xlate Clear
Command-line removal
Posted by at No comments:
Labels: , , , , , , ,

06 October 2009

Spanning Tree Status

Role:
Desg = Designated port
Root = Root port
Blocking = Blocking
Learn = Learning
List = Listening
Alt = Alternate port (Rapid Spanning Tree only)
Backup = Backup port (Rapid Spanning Tree only)
Discard = Discarding (Rapid Spanning Tree only)

Read more »
Posted by at No comments:
Labels: , , , , ,

03 September 2009

Setup DHCP Server

Quick example for setting up DHCP on a IOS router. Note: need to make sure the router have an L3 interface in the matching DHCP scope/subnet. Otherwise you'll need to use "ip name-helper " to direct DHCP requests to this router.

ip dhcp excluded-address START_IP END_IP
ip dhcp pool DHCP_POOL_NAME
network DHCP_NETWORK_SCOPE NETWORK_MASK
default-router DEFAULT_ROUTE
domain-name DOMAIN_NAME
dns-server DNS_SERVER_1 DNS_SERVER_2
Posted by at No comments:
Labels:

31 May 2009

Cisco Dial Peers

Understanding inbound outbound dial peers
Posted by at No comments:
Labels: ,

29 May 2009

CME Local Directory

To enable local-directory on the CME router, you need to make sure that IP HTTP server is running. Example below

ip http server

telephony-service
! Display format of directory service
directory {first-name-first | last-name-first}
! url of local-directory
url directories http:///localdirectory
! Called number display to use directory for look ups
service dnis overlay
service dnis dir-lookup
Posted by at No comments:
Labels: , , ,

28 May 2009

CME Corlist

COR = Class of Restriction is the CME take on Calling Search Space and Partitions (in Call Manager)

One major caveat is that you need to make sure the incoming "corlist" need to be a superset (larger number of members) of the corresponding outgoing "corlist"

ie. looking at the config below the outcome is;
  • DN60 can NOT call DN70 (because incoming corlist of INTERNAL is not a superset of UNRESTRICTED)
  • DN60 can NOT calloutside (because INTERNAL and EXTERNAL does not overlap)
  • DN60 can call DN80 (because INTERNAL and no corlist = call allowed)

dial-peer cor custom
name INTERNAL_CALLS
name EXTERNAL_CALLS

!
dial-peer cor list INTERNAL
member INTERNAL_CALLS
!

dial-peer cor list EXTERNAL
member EXTERNAL_CALLS
!

dial-peer cor list UNRESTRICTED
member INTERNAL_CALLS
member EXTERNAL_CALLS
!

dial-peer voice 9000 pots
corlist outgoing EXTERNAL

!
ephone-dn 60
corlist incoming INTERNAL
corlist outgoing INTERNAL
!
!
ephone-dn 70
 corlist incoming UNRESTRICTED
 corlist outgoing UNRESTRICTED
!
!
ephone-dn 80
corlist incoming UNRESTRICTED

!


Cisco refrence link HERE
Posted by at No comments:
Labels: , , ,

27 May 2009

Regular Expression

^ : Start of line
$ : End of line
[list] : Match a single character in a list.
[^list] : Do not match a single character in a list
. : Any single character
* : Repeat previous regex zero or more times
+ : Repeat previous regex one or more times
? : Repeat previous regex zero or one time
() : Group multiple characters into one regex (normal each character is one regex)

Note: in Cisco regex, grouping is done with \(\)

Example using grouped regex

String = abcdefghi
Match = abc\(...\) .*
Replace = \1
Result = def
Comment: \1.. \9 are all references to the nth grouped regex

Cisco Reference
Posted by at No comments:
Labels: ,

CCME TFTP

use: tftp-server flash:/CCME/ alias so that files are avaliable at root level

show telephony-service tftp-binding

debug tftp events
Posted by at No comments:
Labels: , ,

03 May 2009

The Beginning

This will be the home for many of things that my brain fails to remember. I'm expecting this to grow fairly quickly. Unless I get too lazy :-/
Posted by at No comments:
Subscribe to: Posts (Atom)