Sunday, March 17, 2019

Configure descriptions

Adding a description to an interface on a Cisco device does not provide additional functionality. However, this is useful for administrative purposes because it helps you to better understand the function of the interface. A description of an interface is important locally and can have up to 240 characters. It can be configured with the description command from the interface sub-mode:

DEVICE (Config) Interface Fa0 / 1
DEVICE (config-if) Description WAN to London

Configuration example:

Description of commands

The description appears in the result of the show running-config command:

Show the description of the current configuration.

To delete the description, use the interface mode command "No description" (or the abbreviation "no desc"):

command without description

Friday, March 8, 2019

IEEE 802.1Q

IEEE 802.1Q is one of the VLAN tagging protocols compatible with Cisco Switches. This standard was created by the Institute of Electrical and Electronic Engineers (IEEE). Therefore, it is an open standard that can also be used in switches of other manufacturers.

To determine which VLAN a frame belongs to, a field is inserted in the frame header.

Original frame:

802.1Q frame:

An example will try to clarify the concept. Let's say we have a network of 2 switches and 4 hosts. Hosts A and Host D are in VLAN 2, while hosts B and C are in VLAN 3.

The segment between two switches uses a process called VLAN trunk. Suppose that host A sends a broadcast frame. SW1 "marks" the frame by inserting the VLAN ID in the frame header before sending the frame to SW2. SW2 receives the frame and knows that the frame belongs to VLAN 3. Therefore, it sends the frame to host D only because this host is in VLAN 3.

Thursday, February 14, 2019

Configure ROAS

To allow communication between LANs, you can divide a single physical interface into a router into logical interfaces that will be configured as trunk interfaces. This method of interVLAN communication is called a router in a stick (ROAS) and allows all VLANs to communicate through a single physical interface. The physical interface is divided into logical interfaces (known as subinterfaces), one for each VLAN.

Response of bytes = 32 times <1 ....="" .1="" 0.1="" 0.="""" a="" and="" are="" as="" be.="" br="" bytes="32" can="" command="" communicate="" created="" creates="" different="" even="" example="" for="" generally="" gi0="" hosts="" in="" interface.="" interface="" is="" means="" ms="" number.subinterface="" number="" of="" on="" output="" period="" physical="" port="" previous="" received="" response="" same="" see="" starts="" subinterface="" that="" the="" they="" though="" time="1" times="" ttl="127" type="" under="" vlan="" vlans="" was="" which="" will="" with="" you="">
To configure the link in a router, the following commands are used:

(config) # interface TYPE NUMBER.SUBINTERFACE - creates the subinterface and enters the command mode of the subinterface.
(config-subif) # encapsulation dot1q VLAN_ID: sets the subinterface on the trunk and associates it with a specific VLAN.
(config-subif) # ip address IP_ADDRESS SUBNET_MASK: sets the IP address for the subinterface.

We will use the following network in our example:

Router in a stick example network

We have a network of three hosts, a switch and a router. Each host is in a different VLAN, so we need to divide the physical interface of the Gi0 / 0 router into logical interfaces, one for each VLAN. But first, here is the switch configuration:

SW1 (config) #int fa0 / 3

Access SW1 (config-if) #switchport mode

SW1 (config-if) #switchport access vlan 3

% Access to the VLAN does not exist. Creating vlan 3

SW1 (config-if) #int fa0 / 4

Access SW1 (config-if) #switchport mode

SW1 (config-if) #switchport access vlan 10

% Access to the VLAN does not exist. Creating vlan 10

SW1 (config-if) #int fa0 / 2

Access SW1 (config-if) #switchport mode

SW1 (config-if) #switchport access vlan 5

% Access to the VLAN does not exist. Creating vlan 5

SW1 (config-if) #int fa0 / 1

SW1 (config-if) #switchport trunk mode

Notice how we configure the Fa0 / 1 port on a switch (the port connected to the router's Gi0 / 0 interface) as the trunk port. Other ports were configured as access ports and placed in the respective VLANs since they are connected to the end devices. Now, let's configure the router:

R1 (config) #int Gi0 / 0
R1 (config-if) #no shutdown

R1 (config-if) #
% LINK-5-CHANGED: GigabitEthernet0 / 0 interface, status change to top

% LINEPROTO-5-UPDOWN: Line protocol in GigabitEthernet0 / 0 interface, change status to up

R1 (config-if) #int Gi0 / 0.1
R1 (config-subif) #
% LINK-5-CHANGED: GigabitEthernet0 / 0.1 interface, status change to top

% LINEPROTO-5-UPDOWN: line protocol in GigabitEthernet0 / 0.1 interface, change status to up

R1 (config-subif) # encapsulation dot1q 3
R1 (config-subif) #ip address
R1 (config-subif) #int Gi0 / 0.2
R1 (config-subif) #
% LINK-5-CHANGED: GigabitEthernet0 / 0.2 interface, status change to top

% LINEPROTO-5-UPDOWN: line protocol in GigabitEthernet0 / 0.2 interface, change status to up

R1 (config-subif) # encapsulation dot1q 10
R1 (config-subif) #ip address
R1 (config-subif) #int Gi0 / 0.3
R1 (config-subif) #
% LINK-5-CHANGED: GigabitEthernet0 / 0.3 interface, status change to top

% LINEPROTO-5-UPDOWN: line protocol in GigabitEthernet0 / 0.3 interface, change status to up

R1 (config-subif) # encapsulation dot1q 5
R1 (config-subif) #ip address
In the previous output, you can see that the physical interface Gi0 / 0 of the router was divided into three subinterfaces that were then configured as trunk interfaces and the IP addresses were assigned.

To test if Intervlan communication works, we can try to ping Host C from Host A:

C: \> ping

Pinging with 32 bytes of data:

Response of bytes = 32 times <1 ms TTL = 127
Response of bytes = 32 time = 1 ms TTL = 127
Response of bytes = 32 times <1 ms TTL = 127
Response of bytes = 32 times <1 ms TTL = 127

As you can see in the previous output, the response was received, which means that the hosts can communicate even though they are in different VLANs ....

Friday, February 8, 2019

Missing VLANs

In this article, we will analyze the missing VLANs, we will take a brief discussion about the missing VLANs. The last article addresses the problems of IP addressing with VLANs.

If there is still no connection between the devices in a VLAN but the IP addressing problems have been removed, see the flowchart for troubleshooting:

Step 1. Use the show vlan command to verify that the port belongs to the expected VLAN. If the port is assigned to the wrong VLAN, correct the VLAN membership with the switchport access vlan command. Use the show mac address-table command to verify which addresses have been learned on a particular port on the switch and to which VLAN that port is assigned.

Step 2. If the VLAN to which the port is assigned is deleted, the port is deactivated. The ports of a deleted VLAN are not listed in the output of the show vlan command. Use the showport switchport command to verify that the inactive VLAN is assigned to the port.

The MAC addresses learned at the F0 / 1 interface. You can see that the MAC address 000c.296a.a21c was learned at the F0 / 1 interface on VLAN 10. If this number is not the expected VLAN number, change the VLAN membership of the port with the switchport access vlan command.

Each port on a switch belongs to a VLAN. When the VLAN to which the port belongs is removed, the port becomes inactive. All ports that belong to the deleted VLAN can not communicate with the rest of the network. Use the show interface f0 / 1 switchport command to verify that the port is inactive. If the port is inactive, it will not work until the missing VLAN is created with the global configuration command vlan vlan-id or the VLAN is removed from the port with the no vport-vlan-id switchport access command.

Monday, February 4, 2019

Configure an IP address on a switch

By default, Cisco changes Ethernet frames without any configuration. This means that you can buy a Cisco adapter, connect the correct cables to connect multiple devices to the adapter, turn it on and turn on the adapter correctly.

However, to perform network switching or to use protocols such as SNMP, the adapter must have an IP address. The IP address is configured under a logical interface, known as a management domain or a VLAN. Typically, the default VLAN 1 acts as the adapter's NIC to connect to a LAN to send IP packets. These are the steps to configure an IP address in VLAN 1:

Enter the VLAN configuration mode 1 with the global configuration interface vlan 1.
Set the IP address with the Subnet_MASK IP_ADDRESS sub-command.
Enable the VLAN 1 interface with the subcommand command without the shutdown interface.
(Optional) Use the IP-gateway IP_ADDRESS general configuration command to configure the default gateway.

(Optional) Add IP -ADDRESS to the General Configuration Command IP command to configure the DNS server.

Here's a simple example grid:

We have a simple network of a host and a switch. We can assign an IP address to the switch to enable IP communication between the two devices:

SW1 (config) #int vlan 1
SW1 (config-if) #
SW1 (config-if) #
SW1 (config-if) # IP address
SW1 (config-if) # did not shut down

SW1 (config-if) #
% LINK-5-CHANGED: Vlan1 interface, status change up

% LINEPROTO-5-UPDOWN: Line protocol in the VLAN1 interface, status change to top
To check the IP address configured on a switch, you can use the show int vlan 1 command:

SW1 # show int vlan 1

Vlan1 is active, the line protocol is active.

The hardware is the interface of the CPU, the address is 0030.a3e8.6b3c (bia 0030.a3e8.6b3c)
The Internet address is
We can verify that the host can reach the switch through its IP address by pinging from host A:

C: \> ping

Ping with 32 bytes of data:

Response from Bytes = 32 Time <1 ms TTL = 255
Response from Bytes = 32 Time <1 ms TTL = 255

Saturday, February 2, 2019

show processes command

When a Cisco device suffers from high CPU usage, you can use the show processing command to list all processes that are running and to determine the cause of the problem. Use this command to get a list of active processes together with the corresponding process ID, priority, CPU time, the number of calls and other information used.

Here is an example of the output of this command called a Cisco router:

R1 # shows processes
CPU usage for five seconds: 0% / 0%; one minute: 0%; five minutes: 0%
PID NUMBER PC Runtime (ms) called usecs stacks TTY Process
1 Csp 602F3AF0 0 1627 0 2600/3000 0 Cargo meter
2 Lwe 60C5BE00 4 136 29 5572/6000 0 CEF scanner
3 Lst 602D90F8 1676 837 2002 5740/6000 0 Check the pile
4 Cwe 602D08F8 0 1 0 5568/6000 0 Chunk Manager
5 Cwe 602DF0E8 0 1 0 5592/6000 0 Pool Manager
6 Mst 60251E38 0 2 0 5560/6000 0 Hours
7 Mwe 600D4940 0 2 0 5568/6000 0 Serial Backgrou
8 Mwe 6034B718 0 1 0 2584/3000 0 OIR trades
9 Mwe 603FA3C8 0 1 0 5612/6000 0 IPC zone management
10 Mwe 603FA1A0 0 8124 0 5488/6000 0 IPC Periodic Ti
11 Mwe 603FA220 0 9 0 4884/6000 0 IPC Seat Management
12 Lwe 60406818 124 2003 61 5300/6000 0 ARP input
13 Mwe 60581638 0 1 0 5760/6000 0 HC aging time

The first line of output shows CPU usage over the last 5 seconds, 1 minute and 5 minutes. Here is a description of other fields in the output:

PID process ID.

Q - prioritization of the process queue. Possible values ​​are: C (critical), H (high), M (medium) and L (low).

For scheduler test (status). Possible values ​​are: * E said (sleeping (running) (waiting for an event), S (clear voluntarily terminated processor), rd (completed awakening conditions have occurred), we (waiting for an event), up to an absolute time) , say (sleep during a time interval), sp (sleep during a time interval (alternatively call), st (sleep until a timer expires), ed (locks, the process is never running again) xx (dead: the process was finished but not yet erased).

PC - current program counter.

Runtime - CPU time the process used.

Called - how often was the process called.

microSecs - CPU time for each process call.

Stack - low water level or total available stack space, in exchange.

TTY terminal that controls the process.

Process - the name of the process.

Monday, January 28, 2019

Debug command

The troubleshooting command displays information about the Cisco device's operations, generated or received traffic, and any error messages. The information is provided in real time until the user disables debugging or restarts the device.

The debugging operation consumes a lot of CPU resources and should not be used frequently in production environments. It is only a short time that is a debugging tool. You can choose to debug only certain events, such as: EIGRP information, received ICMP messages, etc.

Consider the following example:

R1 # debug ip icmp
ICMP packet debugging is enabled
R1 #
R1 #
ICMP: echo response sent, source, dst

ICMP: echo response sent, source, dst

In the above example, you can see that I only enabled debugging for ICMP events (such as pings). At the output you can see that R1 responded with two IP response packets to the unit with the IP address

To disable ICMP event debugging, type the command with the no keyword:

R1 # no debug ip ipmp
ICMP packet debugging is disabled

To troubleshoot only RIP messages, run the following command:

R1 # debug ip rip
Troubleshooting the RIP protocol is enabled
R1 #
R1 # RIP: Update version 2 from to GigabitEthernet0 / 0 received over in 2 jumps over in 1 jump

RIP: Version 2 update from to GigabitEthernet0 / 0 over in 16 jumps over in 16 jumps

You can enable debugging of all operations on your device by issuing the debug all command (do not use the command on production units, as it may result in significant output and crash the device!)

Debug command

Sunday, January 20, 2019

Traceroute command

The traceroute command on a Cisco device can be used to identify the path through which a packet reaches its destination. It identifies all routers in the path from the source host to the destination host and can be helpful in troubleshooting network problems. Use this command to find out which router in the path to an unreachable destination should be examined in more detail than the probable cause of the network outage.

In the picture above we can see that we have a network of four routers. The network is working properly. Consider what happens if we issue the traceroute command to R1 to the IP address of the router's R4 Gi0 / 0 interface (
Rl # traceroute
Enter the escape sequence to cancel the operation.

Follow the route to
1 0 ms 0 ms 0 ms
2 0 ms 0 ms 0 ms
3 0 ms 0 ms 0 ms
You can see that the Traceroute command listed the IP addresses of all routers in the path to the destination. Now suppose that the router R3 fails. Now think about the command set:
Rl # traceroute
Enter the escape sequence to cancel the operation.

Follow the route to
1 0 ms 0 ms 0 ms
2! H *! H
3 * *
Note that there is no response from R3 ( With the help of this information we can assume that there is a problem with R3 and investigate the problem. H! The output indicates that the values ​​can not be accessed. Another character that can be displayed in the output command of traceroute is:
Number of milliseconds - round trip time in milliseconds.
* - The probe has taken out
A - Forbidden under administrative law (eg with an access list).
Q Source off (target is too busy).
The user has interrupted the test.
The U-port is not accessible.
The N network is unreachable.

The P-protocol is not reachable.
T -timeout.

 Unknown package type.