Académique Documents
Professionnel Documents
Culture Documents
cat=6
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------scp Desktop/TCP\ IP\ Ilustrated\ Vol2\ 2012.pdf dragan@dragan.eunet.rs:~/Desktop
R6#show ip int | inc line|list ---> da li je podesena access-list na interface
-ima
show run | i access|inspect|zones ---> da li je podesena access-list na inte
rface-ima
show run | inc password ---> da li je negde podesena auth
------------------------------------------------------------------------------------------------------------------------------ IP SEC ----debug crypto condition peer ipv4 < peer address >
clear crypto sa
> clear PHASE 2
clear crypto isakmp
> clear PHASE 1
na nivou interface obrises pa dodas crypto mapu
no crypto-map <map name >
crypto-map <map name >
-----------------------------------------------------------------------------------------------------------------------------------------------------------------Debug packet drop by CEF
> debug ip cef drop verify
--------------------------------------------------------------------------------------------------------------------------==== IOS XR TSHOOT Comands , source IOS XR Fundamentals ====================
https://supportforums.cisco.com/document/9881576/asr9000xr-monitoring-cpu-and-me
mory
RP/0/RP0/CPU0:host#run top_procs
> with dual-core CPUs the command run top
_procs will display the CPU loading on both CPU cores
The output of the command show watchdog trace | inc hog can be used to see which p
rocesses have been recorded as hogging.
host(admin)#sh critmon statistics all location 0/RP0/CPU0
#sh reboot history location 0/RSP1/CPU0
> vidi se rebbot history za RSP i l
ine card kao i reason
show
show
int
show
show
show
show
show
show rib history > pokazuje import/export truta u routing tabelu za svaki proto
col
show processes cpu
RP/0/RP1/CPU0:CRS1-1#show memory compare report
#sh processes blocked location 0/RP1/CPU0
show process blocked > Indicates the blocked processes. A process blocked state
may be perfectly normal
> Are any dis tribute lists configured to deny entry in the local RIB?
# sh run | i distribute-list
> Is summarization the cause of LSAs not being seen?
# sh run | i area range|summary-add
> Do all the routers in an area have the same number of LSAs?
# sh ip ospf database database-summary
>> I f not, are any interfaces filtering LSAs from being sent out?
# sh run | i database-filter
> Do the checksums for every LSA in the databases match between routers?
# sh ip ospf database
> Do any LSAs have a higher than others sequence number (look at Seq#)?
# sh ip ospf database
>> This could point to an unstable l ink, caused by frequent LSA advertising.
# sh int {int} | i error|drops
>> Mul tiple LSAs wi th high sequence numbers could indicate a neighbor issue.
# sh ip ospf neighbor detail | i Neighbor
> Have there been many SPF calculations? What triggered these events?
# sh ip ospf statistics
> Have you checked the memory-and CPU-util ization on the routers?
# sh process cpu history
# sh process memory sorted
- When troubleshooting authentication issues, consider the following:
> Are all routers wi thin an area configured to use authentication?
# sh ip ospf | i Area
> Is the authentication type the same between neighbor interfaces?
# sh ip ospf int {int} | i auth|line
> Wi th clear - text auth are the passwords the same between neighbor interfaces
?
# sh run | i auth.*key
> Wi th MD5 authentication, are the diges t-keys the same between neighbor inter
faces? # sh run | i digest-key
> Do all the vi rtual links also have authentication configured?
# sh run | i virtual-l ink
> If Area 0 has authentication configured, then vi rtual links require authentic
ation too.
> To see the cause of authentication failures, us e:
# debug ip ospf adj
# sh ip bg
# sh ip ro
# sh ip bg
# sh ip bg
# sh run |
RIB.
http://www.net-gyver.com/?p=1241
Meaning
Maximum Number of Prefixes Reached
Administrative Shutdown
Peer De-configured
Administrative Reset
Connection Rejected
Other Configuration Change
Connection Collision Resolution
Out of Resources
and here comes a deeper explanation (also taken from the RFC):
1.If a BGP speaker decides to terminate its peering with a neighbor because the
number of address prefixes received from the neighbor exceeds a locally configur
ed upper bound, then the speaker MUST send to the neighbor a NOTIFICATION messa
ge with the Error Code Cease and the Error Subcode Maximum Number of Prefixes Re
ached.
2.If a BGP speaker decides to administratively shut down its peering with a neig
hbor, then the speaker SHOULD send a NOTIFICATION message with the Error Code Ce
ase and the Error Subcode Administrative Shutdown.
3.If a BGP speaker decides to de-configure a peer, then the speaker SHOULD send
a NOTIFICATION message with the Error Code Cease and the Error Subcode Peer Deconfigured.
4.If a BGP speaker decides to administratively reset the peering with a neighbor
, then the speaker SHOULD send a NOTIFICATION message with the Error Code Cease
and the Error Subcode Administrative Reset.
5.If a BGP speaker decides to disallow a BGP connection (e.g., the peer is not c
onfigured locally) after the speaker accepts a transport protocol connection, th
en the BGP speaker SHOULD send a NOTIFICATION message with the Error Code Cease
as-path
inating
as-path
AS 1
as-path
AS 2
# sh mpls
# sh cef
# sh mpls
# sh run
# ping {i
# sh mpls
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------L3VPN
show ip vrf detail | include ;
CE1----PE1-------P------PE2----CE2
M
P
R
X
Type
!
!
!
!
!
escape sequence
size 100, reply
size 100, reply
size 100, reply
size 100, reply
size 100, reply
to abort.
addr 20.0.15.5,
addr 20.0.15.5,
addr 20.0.15.5,
addr 20.0.15.5,
addr 20.0.15.5,
return
return
return
return
return
code
code
code
code
code
--------------------------------------------------------------------------------------------------------------------------------------------------------RADIUS
ssh root@radius-lb1
pass : noql/ur.
[root@radius-lb1 ~]# grep adsl.vpn_piramida /var/log/radius/radius.log > vidimo
log za user-a
[root@radius-lb1 ~]# tail -f /var/log/radius/radius.log real time log
[root@radius-lb1 ~]# tail -f /var/log/radius/radius.log | grep adsl.vpn_piramida
> real time log za user-a
L2TP / VPDN
show vpdn history failure
( cpu high )
Protocols
TCP (6) and UDP (17)
IGMP (2)
IPinIP (4), GRE (47), EIGRP (88), OSPF (89), NOS
ICMP (1)
Used for all other IPv4 protocols
TCP (6), UDP (17), and SCTP (132)
TCP (6), UDP (17), SCTP (132), and ICMPv6 (58) w
ICMPv6 (58)
Used for all other IPv6 protocols
http://www.net-gyver.com/?p=1086