Jan 142013

How to see which VLANs are currently used on a trunkport on a switch?

Easy Answer:
Do a show mac address-table interface <interface>

and you will get a list of VLANs with MAC addresses used. Of course, any VLAN that have MAC-addresses associated, is in use.

That’s an easy way to find out which VLAN-tags are currently running over a trunk. (keep MAC-address aging timer in mind)

 Posted by at 12:23
Nov 042010

Have you ever killed your router/switch by enabling “some” debugging output?
You can easily reduce the impact of debug-logging on cisco devices by disabling logging to the console port. Under normal circumstances you don’t need the logging output on the console port.
In global configuration mode type:

no logging console to disable logging to the console.

This will prevent your router/switch from generating an interrupt for each single character, that is put to the console interface.

 Posted by at 14:59
Nov 032010

show running won’t show you any pre-shared-keys for tunnels, aaa-server keys and failover keys in cleartext. You will only see things like:

failover key *****

aaa-server authserver (inside) host
key *****

tunnel-group clients ipsec-attributes
pre-shared-key *****

simply use the more system:running-config-command to show all your keys uncrypted.

 Posted by at 11:22
Jul 082010

You want to keep older configurations of your router? Maybe to switch back to the last known good config? Or just for documentation? Or to verify the last changes in your config? Or review changes made by your collegue?

Of course RANCID combined with a graphical CVS-viewer would be a very good solution. But you can achieve this task with less effort directly on your router too. Therefor you need the archive-feature.

With the archive commands you can automatically write your configs to flash: – or some other destinations (ftp:, http:, https:, pram:, rcp:, scp:, tftp:)

You have many features with archive – but today let’s focus only on automatically archiving the current configuration when doing a copy running-config startup-config (or the more or less obsolete write mem)

mkdir flash:/configs
configure terminal
path flash:configs/archive
maximum 14

Command explanation:

  • mkdir flash:/configs creates a new directory on flash:
  • path flash:configs/archive defines the path and filenamesuffix of the files
  • maximum 14 defines the maximum number of configs held on the flash: (currently 1-14)
  • write-memory will save a new version of the running-config into the archive-folder (flash:configs in our example) each time you do a copy running-config startup-config or write mem

with show archive you can review all existing configs in flash:

Router#sh archive
The maximum archive configurations allowed is 14.
There are currently 3 archive configurations saved.
The next archive file will be named flash:configs/archive-3
Archive # Name
1 flash:configs/archive-0
2 flash:configs/archive-1
3 flash:configs/archive-2 <- Most Recent

to view differences between 2 configs use show archive config differences <file1> <file2>
For demonstration I created a new Loopback Interface, added an EIGRP-routing-process and wrote the new configuration to NVRAM (write mem)

show archive config differences flash:configs/archive-2 flash:configs/archive-3

Contextual Config Diffs:
+interface Loopback1
+ip address
+router eigrp 1
+no auto-summary
+eigrp stub connected summary


You also can write a new version of your current configuration into the archive without touching the startup-config with the archive config command.

It is also possible to write a new configuration on a interval-basis. But I don’t recommend this on a flash-device, because if you don’t change your config for a longer time (“long” depends on your backup-interval) you have a maximum of 14 same configurations – and of course lost the configs with real changes.

 Posted by at 14:41
Feb 242010

Do you sometimes have the problem, that CTRL-SHIFT-6 (CTRL-^) won’t work to cancel a traceroute or other commands? Especially on foreign keymaps? Than simply change the escape-sequence for your VTYs or CONsole:

change escape-character to CTRL-C on VTYs (telnet and/or ssh-access):

line vty 0 15
escape-character 3

change escape-character to ESC on CONsole (serial-access on console port):

line con 0
escape-character 27

CTRL-C is a good choice – it’s a well known keystroke to cancel processes on CLIs.
ESC is nice because it uses the very less used ESC key – but the usage of the esc-code has one drawback: If you telnet to a further router from the commandline of your current router, than the command history will not be accessible via your curser up-/down-keys any longer because they are sending keycodes beginning with ESC – this breakes the Cursor-keycodes. Also the 1st CTRL-C will be eaten by router 1 – the next one is passed to router2.

So I recommend to use CTRL-C but of course you can configure any other ASCII-code as the escape-character.

 Posted by at 21:57