Cisco - Geral

Cisco ******************************************************************************* Configurando os CISCOs - Geral Criado por: Alessandro C. M. Kuramoto Data: 19/09/2008 Modificado em: 21/06/2012-20:00 v.20120621-2000 Palavras-chaves/Tags: CISCO, FWSM, ASA, VPN If you want to know something about this file, send an e-mail to me at the sancmk@gmail.com or post a comment here (at the Word Press) moshi kono fairu no koto wo shiteitakatara, boku ni email wo okutte kudasai, matawa kono Word Press ni chuushaku mo shitte ii desu. boku no email wa sancmk@gmail.com desu Por favor, matenham o nome do autor deste arquivo. ******************************************************************************* ## | ## |- Avisos ## |- Importante ## |- Ver Também ## |- Template ## |- Temp ## |- Conceitos ## |- ## |- Configurar ## |- CSS ## |- ## |-  ## |- Dicas ## |- Troubleshooting ## |- FAQ ## |- ## |- ## ## # ↑-- Sumário ↓-- Avisos http://memovirtual.worpress.com |##########^ Avisos!!! #######################################################| ↑-- Avisos ↓-- Importante >Importante Ver Também Template Tags: Template ↑↑-- Template |<<<<<<<<<<<<<< #### Template #### >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> ↓↓ -- Conceitos Temp http://www.cisco.com/en/US/docs/switches/lan/catalyst3550/software/release/12.2_25_see/configuration/guide/swdynarp.html Tabela de comandos JunOS x IOS http://www.ciscoblog.com.br/blog/wordpress/2010/07/19/tabela-de-comandos-junos-x-ios/ http://www.dell.com/us/enterprise/p/powerconnect-8024f/pd http://www.cisco.com/warp/public/cc/pd/si/casi/ca6000/prodlit/vlnwp_wp.htm#wp39009 PFSense Phase 1 proposal (Authentication) IKE Phase 2 proposal PFS key group PFS = Perfect Forward Secret |=============================================================================| =============================================================================== LED 103 LED 106 http://www.pop-rs.rnp.br/~berthold/etcom/teleproc-2000/modemAnalogico/modem_interno.html (Fonte: http://www.pop-ms.rnp.br/pms/operacoes/procedimentos/) Observe a luz do 103 de cada modem (desligue a luz da sala, se tiver dúvida, pois um dos 103s, o led é menos luminoso). Se tiver algum 103 apagado, a porta Serial correspondente do roteador pode não estar funcionando/transmitindo. (Fonte: http://www.dltec.com.br/blog/cisco/dicas-de-troubleshooting-alarmes-em-modems-e-equipamentos-de-telecom/) O led 103 (ou TX ou TD em alguns outros tipos de modems), significa o modem está recebendo sinal através do cabo conectado ao roteador local. Nos casos em que o led 103 está apagado, a porta Serial correspondente do roteador pode não estar funcionando, o cabo DTE do roteador pode estar desconectado ou com problemas, por exemplo, mal encaixado. Além disso, é importante verificar o cabo DCE do modem que está conectado ao cabo do roteador. |=============================================================================| http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/port_sec.html http://support.scansource.com/scripts/sseasyfaqs.cfg/php.exe/enduser/std_adp.php?p_sid=thh14Yrk&p_lva=&p_faqid=3638&p_created=1202318119&p_sp=cF9zcmNoPSZwX2dyaWRzb3J0PSZwX3Jvd19jbnQ9MTAzMCZwX3BhZ2U9MjA*&p_li= ↑↑-- Template |<<<<<<<<<<<<<< #### Temp #### >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> ↓↓ -- Conceitos http://www.firewall.cx/general-topics-reviews/cisco-cracker.html http://www.ifm.net.nz/cookbooks/passwordcracker.html http://haxcess.com/2008/10/21/cisco-password-recovery/ http://www.pateconsulting.com/how-perform-cisco-router-password-recovery-without-losing-your-configuration.htm ↑↑-- Template |<<<<<<<<<<<<<< #### Temp #### >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> ↓↓ -- Conceitos --- ST001EMPRESA056#show running-config interface fastEthernet 2/0/22 Building configuration... Current configuration : 360 bytes ! interface FastEthernet2/0/22 description USUARIO switchport access vlan 3 switchport mode access switchport port-security switchport port-security aging time 2 switchport port-security violation restrict switchport port-security aging type inactivity ip arp inspection trust no mdix auto spanning-tree portfast spanning-tree bpduguard enable end |-| ↑↑-- Template |<<<<<<<<<<<<<< #### Temp #### >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> ↓↓ -- Conceitos http://www.cisco.com/en/US/products/hw/switches/ps708/products_tech_note09186a008015c612.shtml monitor session 2 source interface fastEthernet 1/0/24 both monitor session 2 destination interface fastEthernet 3/0/14 %Secure port can not be dst span port ↑↑-- Template |<<<<<<<<<<<<<< #### Temp #### >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> ↓↓ -- Conceitos Importante!!!! !! Para verificar erros na interface: show controllers ethernet-controller fastEthernet 0/14 show interface fastEthernet 0/14 Para gerar pacotes: tfgen ↑↑-- Template |<<<<<<<<<<<<<< #### Temp #### >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> ↓↓ -- Conceitos ↑↑-- Template |<<<<<<<<<<<<<< #### Temp #### >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> ↓↓ -- Conceitos show interfaces description show clock --- Estudar: interface FastEthernet0/17 switchport access vlan 150 switchport mode access switchport voice vlan 150 srr-queue bandwidth share 10 10 60 20 srr-queue bandwidth shape 10  0  0  0 priority-queue out mls qos trust device cisco-phone mls qos trust cos auto qos voip trust spanning-tree portfast end |-| ↑↑-- Template |<<<<<<<<<<<<<< #### Temp #### >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> ↓↓ -- Conceitos VER: http://fengnet.com/book/VPNconf/ch12lev1sec6.html interface fastEthernet 0/0 ip flow ingress show ip cache flow show ip interface brief show ip arp clear ip flow stats http://www.cisco.com/en/US/docs/ios/12_1/switch/configuration/guide/xcdnfc.html [172.16.32.99]-- 172.200.0.17 - 172.200.0.18-(Router)-10.161.161.254 - 10.161.161.253-(Router)-10.61.5.252 ↑↑-- Template |<<<<<<<<<<<<<< #### Temp #### >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> ↓↓ -- Conceitos http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_white_paper09186a00801a8fd0.shtml http://www.tcpipguide.com/free/t_PPPGeneralFrameFormat.htm http://itknowledgeexchange.techtarget.com/network-technologies/tag/cisco-catalyst-6513-switch/ show monitor session all monitor session 1 destination interface gigabitEthernet 0/10 monitor session 1 source vlan 100 6513A - GigabitEthernet13/11 show running-config interface gigabitEthernet 13/4 show running-config interface gigabitEthernet 13/11 rmon collection stats 7 owner monitor ???? mls qos trust dscp ??? ↑↑-- Template |<<<<<<<<<<<<<< #### Temp #### >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> ↓↓ -- Conceitos router(config)#clock summer-time GMT-2 date Oct 18 2009 0:00 Feb 21 2010 0:00 router#show clock detail *16:45:22.390 BRA Fri Oct 16 2009 Time source is NTP Summer time starts 00:00:00 BRA Sun Oct 18 2009 Summer time ends 00:00:00 GMT-2 Sun Feb 21 2010 VER:!!!!!! http://scc.cisco.com/en/US/docs/security/fwsm/fwsm31/configuration/guide/inspct_f.html show ip cache flow http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094e8a.shtml ↑↑-- Template |<<<<<<<<<<<<<< #### Temp #### >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> ↓↓ -- Conceitos http://www.cisco.com/en/US/tech/tk648/tk361/technologies_q_and_a_item09186a00800e523b.shtml http://blog.ine.com/2008/02/15/the-inside-and-outside-of-nat/ Utilize o comando abaixo para verificar a configuração do NAT: show ip nat statistics show ip nat translations ↑↑-- Template |<<<<<<<<<<<<<< #### Temp #### >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> ↓↓ -- Conceitos Conceitos |<<<<<<<<<<<<<< ### Conceitos ### >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Marcas de Switches: - Enterasys; - Xtreme; =============================================================================== ARP Inspection (DAI) =============================================================================== >ARP Inspection (DAI) http://www.ciscopress.com/articles/article.asp?p=1181682&seqNum=8 ARP Inspection (DAI) (Fonte: http://www.ciscopress.com/articles/article.asp?p=1181682&seqNum=8) Dynamic ARP inspection is a security feature that validates ARP packets in a network. |==========^ ARP Inspection (DAI) ============================================| --- (Fonte: http://pt.scribd.com/doc/97177952/Projeto-de-Redes-Final) Camada Core A camada central é um backbone de comutação de alta velocidade. Essa camada do projetoda rede não deve realizar nenhuma manipulação de pacotes. A manipulação de pacotes, como afiltragem por lista de acesso, retardaria a comutação de pacotes. Uma infra-estrutura centralcom caminhos alternativos redundantes proporciona estabilidade à rede na eventualidade dafalha de um só dispositivo. O núcleo (backbone) pode ser projetado para usar comutação dacamada 2 ou da camada 3. Os seguintes equipamentos farão parte da camada core: • switches de chassis que é o backbone da rede • os servidores da rede (DNS, Proxy, SMTP, WEB, DHCP,STORAGES) • firewalls da rede • appliance antispan • links de internet • links de conexão com as localidades remotas |-| |<<<<<<<<<<<<<< #### Conceitos #### >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> (Fonte: http://interface.netgear-forum.com/FSM7326P/help_stats.html, SITE MUITO BOM) show controllers gigabitEthernet 0/1 !! Resultado do "show controllers" !! Rx FCS Errors - The total number of packets received that had a length (excluding framing bits, but including FCS octets) of between 64 and 1518 octets, inclusive, but had a bad Frame Check Sequence (FCS) with an integral number of octets (Fonte: http://support.verio.com/documents/view_article.cfm?doc_id=482, SITE MUITO BOM) show interfaces gigabitEthernet 0/1 !!! Resultado do "show interfaces" !! Giants - Number of packets that are discarded because they exceed the medium's maximum packet size. !! Interface Resets - Number of times an interface has been completely reset. !! MTU - Maximum Tranmission Unit. By default, this is 1500 bytes, which describes the largest packet that can be sent through the interface before the packet is fragmented. !! Runts - Number of packets discarded because they are smaller than the medium's minimum packet size. |<<<<<<<<<<<<<< ### Conceitos ### >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Conceitos legais: (Fonte: http://support.3com.com/infodeli/tools/netmgt/tncsunix/product/091500/c11ploss.htm, SITE MUITO BOM) !!! A Too Short Error (CISCO Runt Errors), also called a runt, indicates that a packet is fewer than 64 octets long (including FCS octets) but otherwise well formed. (Fonte: http://www.cisco.com/warp/public/cc/pd/si/casi/ca6000/prodlit/vlnwp_wp.htm#wp39009) --- Precautions for the Use of VLAN 1 The reason VLAN 1 became a special VLAN is that L2 devices needed to have a default VLAN to assign to their ports, including their management port(s). In addition to that, many L2 protocols such as CDP, PAgP, and VTP needed to be sent on a specific VLAN on trunk links. For all these purposes VLAN 1 was chosen. As a consequence, VLAN 1 may sometimes end up unwisely spanning the entire network if not appropriately pruned and, if its diameter is large enough, the risk of instability can increase significantly. Besides the practice of using a potentially omnipresent VLAN for management purposes puts trusted devices to higher risk of security attacks from untrusted devices that by misconfiguration or pure accident gain access to VLAN 1 and try to exploit this unexpected security hole. To redeem VLAN 1 from its bad reputation, a simple common-sense security principle can be used: as a generic security rule the network administrator should prune any VLAN, and in particular VLAN 1, from all the ports where that VLAN is not strictly needed. Therefore, with regard to VLAN 1, the above rule simply translates into the recommendations to: •Not use VLAN 1 for inband management traffic and pick a different, specially dedicated VLAN that keeps management traffic separate from user data and protocol traffic. •Prune VLAN 1 from all the trunks and from all the access ports that don't require it (including not connected and shutdown ports). Similarly, the above rule applied to the management VLAN reads: •Don't configure the management VLAN on any trunk or access port that doesn't require it (including not connected and shutdown ports). •For foolproof security, when feasible, prefer out-of-band management to inband management. (Refer to [3] for a more detailed description of a out-of-band management infrastructure.) As a general design rule it is desirable to "prune" unnecessary traffic from particular VLANs. For example, it is often desirable to apply VLAN ACLs and/or IP filters to the traffic carried in the management VLAN to prevent all telnet connections and allow only SSH sessions. Or it may be desirable to apply QoS ACLs to rate limit the maximum amount of ping traffic allowed. If VLANs other than VLAN 1 or the management VLAN represent a security concern, then automatic or manual pruning should be applied as well. In particular, configuring VTP in transparent or off mode and doing manual pruning of VLANs is commonly considered the most effective method to exert a more strict level of control over a VLAN-based network. |-| |<<<<<<<<<<<<<< #### Conceitos #### >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> =============================================================================== DHCP snooping =============================================================================== >DHCP snooping http://en.wikipedia.org/wiki/DHCP_snooping Configurando o DHCP Snooping: http://blog.multihop.com.br/2011/01/13/configurando-o-dhcp-snooping/ 3COM: http://www.comutadores.com.br/switches-3com-4800g-dhcp-snooping-como-proteger-a-rede-de-falsos-servidores-dhcp/ |==========^ DHCP snooping ===================================================| =============================================================================== LACP =============================================================================== >LACP http://itknowledgeexchange.techtarget.com/network-technologies/2008/12/ |==========^ LACP ============================================================| |<<<<<<<<<<<<<< #### Conceitos #### >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> =============================================================================== Padrões =============================================================================== >Padrões 802.1d	-	STP (Spanning Tree Protocol) 802.3ad	-	LACP |==========^ Padrões =========================================================| |<<<<<<<<<<<<<< #### Conceitos #### >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> =============================================================================== Spanning Tree Protocol =============================================================================== >STP >Spanning Tree Protocol Padrão: IEEE 802.1d (Fonte: http://www.cisco.com/en/US/docs/switches/lan/catalyst2900xl_3500xl/release12.0_5_wc3/swg/Swgsyst.html#wp1047851) !!! To enable STP: spanning-tree vlan  !!! To disable STP: no spanning-tree vlan  spanning-tree portfast - Allow port to move to forwarding state quickly (Fonte: https://supportforums.cisco.com/thread/16425) (Fonte: http://pt.wikipedia.org/wiki/Spanning_Tree_Protocol) (Fonte: http://www.cisco.com/en/US/tech/tk389/tk621/technologies_configuration_example09186a008009467c.shtml) (Fonte: http://www.visualland.net/view.php?cid=1357&lang=en) root bridge será o que tiver menor ID (Fonte: http://www.thebryantadvantage.com/CCNPBCMSNSTPTimers.htm) spanning-tree vlan 1-4094 priority 0 (Fonte: http://www.cisco.com/en/US/docs/switches/lan/catalyst2950/software/release/12.1_9_ea1/configuration/guide/swstp.html) spanning-tree vlan 1-4094 root primary show spanning-tree interface gigabitEthernet 0/23 |==========^ Spanning Tree Protocol ==========================================| |<<<<<<<<<<<<<< #### Conceitos #### >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> =============================================================================== VSS =============================================================================== >VSS Veja também: IRF (HP3COM) VSS Virtual Switching System (Fonte: http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps9336/prod_qas0900aecd806ed74b.html) Virtual Switching System (VSS) Q&A http://blog.ioshints.info/2010/10/multi-chassis-link-aggregation-stacking.html http://www.ciscoblog.com.br/blog/wordpress/tag/cisco/page/8/ http://blog.ronanfoucher.fr/?p=334 http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps708/white_paper_c11_589890.html http://www.cisco.com/en/US/docs/switches/datacenter/sw/4_2/nx-os/interfaces/configuration/guide/if_vPC.html#wp1558343 IRF (HP 3COM) vPC	- Nexus 7000 |==========^ VSS =============================================================| Configurações Iniciais configure terminal hostname NOME_DO_DISPOSITIVO service password-encryption enable secret SENHA clock timezone UTC 3 Configurar (Fonte: http://www.cisco.com/en/US/docs/switches/lan/catalyst3550/software/release/12.1_13_ea1/configuration/guide/swethchl.html) EtherChannels |##########^ Configurar ######################################################| ↑-- Configurar ↓-- 6513 >6513 Tags: 6500, 6513, DHCP Mais: http://www.cisco.com/en/US/products/hw/switches/ps708/tsd_products_support_series_home.html !! Para mostrar as pessoas conectadas no 6513: who !! 6500 !! Para ver os MAC Address aprendidos por uma determinada porta: show mac-address-table interface 13/14 show mac-address-table interface port-channel 1 |<<<<<<<<<<<<<< #### 6513 #### !! Para mostrar os POOLs de DHCP (IPs): show ip local pool !! Para criar um POOL de endereços IPs (DHCP) ip local pool POOL_CLIENT_NOME 10.161.150.1 10.161.150.30 clear arp-cache interface vlan 843 clear mac-address-table dynamic vlan 843 =============================================================================== 6513 Routing: =============================================================================== >Roteamento !!!! 6513 !! Para ver a tabela de rotas de uma VRF e filtrar pelo IP 192.168.0.0: show ip route vrf VRF_INTRANET | i 192.168.0.0 !!!! 6513 !! Para ver a tabela ARP de um determinado roteador (router) show ip arp vrf VRF_NOMEVRF |===========^ 6513 Routing ===================================================| =============================================================================== Comando show para o 6513: =============================================================================== Tags: Vários comandos show para o 6513 !!! Para mostrar as imagens que serão usadas para dar boot show running-config | i boot |==========^ Comando show para o 6513 ========================================| |##########^ 6513 ############################################################| ↑-- 6513 ↓-- 6513 - VPN >VPN >IPSec VPN Tags: VPN, IPSec VPN, VPN IPSec =============================================================================== Resumo dos Comando de VPN IPSec: =============================================================================== debug crypto isakmp profile tag VPN_Site-to-Site |===========^ Resumo dos Comando de VPN IPSec ================================| show crypto map |<<<<<<<<<<<<<< #### 6513 - VPN #### --- 6513#show crypto isakmp peers Peer: 83.199.41.117 Port: 34310 Phase1 id: DOMINIO_DEP Peer Index: 663 flags: Configuration: Configured Address: 10.10.148.192, State: in use,  Attributes: RESPOND XAUTH: user charles.caf     FLAGS: (Need xauth on next phase 1) (xauth done) Group Policy : group name    = DOMINIO_DEP pre-shared key = address pool  = default domain = dominio.com.br  idletime       = 0 maxtime       = 0 dns primary   = 10.10.5.8 dns secondary = 10.10.5.13 wins primary  = 0.0.0.0 wins secondary = 0.0.0.0 save password = off pfs           = off local_lan     = off split-dns    = backup-servers = User Config : ip address    = 10.10.148.192 local_lan     = off save password = off ISAKMP AAA Accounting information, struct 0x47764690: Peer Index : 663 Using AAA list VPNCLIENT AAA User is Assigned (uid 1897) Externally Owned no Peer ID:  Unknown  Port: 500 Protocol: 17 VRF ID: 7 Status: ACCT STARTED STATS: Packets In: 45109   Packets Out: 46974 Octets In: 13610168    Octets Out:  14190704 Accounting list: VPNCLIENT --- |<<<<<<<<<<<<<< #### 6513 - VPN #### --- 6513#show crypto isakmp policy Global IKE policy Protection suite of priority 1 encryption algorithm:  AES - Advanced Encryption Standard (256 bit keys). hash algorithm:        Secure Hash Standard authentication method: Pre-Shared Key Diffie-Hellman group:  #5 (1536 bit) lifetime:              86400 seconds, no volume limit |<<<<<<<<<<<<<< #### 6513 - VPN #### =============================================================================== Configurar uma VPN site-to-site: =============================================================================== !!!! Passo 1: !! Definição do trafego que será incluído no tunnel configure terminal ip access-list extended AEO-VPN-S2S-LOCAL permit ip 10.10.10.0 0.255.255.255 192.168.1.0 0.0.0.255 ! ! ! !!!! Passo 2: !! Definição da Chave !! Para configurar uma PSK (Pre-Shared Key): configure terminal crypto keyring KEY_VPN_LOCAL pre-shared-key address 200.198.1.219 key PnCPMqcbd0324555 ! ! ! !!!!!!!!!!!!!!!!!!! Parâmetros da fase 1 !!!!!!!!! !!!! Passo 3: !! Criar as Policy, no caso de estarem criadas, não será necessário, !! executar este procedimento. Exemplo: crypto isakmp policy 3 encr aes 256 authentication pre-share group 2 ! crypto isakmp policy 7 encr aes 256 authentication pre-share group 2 lifetime 28800 ! ! ! !!!! Passo 4: !! Para configurar o Profile: crypto isakmp profile VPN_S2S_LOCALIDADE description PROFILE DA VPN S2S DO TESTE vrf VRF_VPN keyring KEY_VPN_LOCAL match identity address 200.198.1.219 255.255.255.255 ! ! ! !!!!!!!!!!!!!!!!!!! Parâmetros de criptografia da fase 2 !!!!!!!!! !!!! Passo 5: crypto ipsec transform-set TS_VPN_LOCALIDADE esp-aes 256 esp-sha-hmac ! ! ! !!!!!!!!!!!!!!!!!!! Parâmetros negociados na fase 2 !!!!!!!!! !!!! Passo 6: configure termial crypto map MAP-111 2 ipsec-isakmp description CONEXAO IPSEC DE TAL LUGAR set peer 200.198.1.219 set security-association lifetime seconds 28800 match address AEO-VPN-S2S-LOCAL set isakmp-profile VPN_S2S_LOCALIDADE set transform-set TS_VPN_LOCALIDADE !!!|<<<<<<<<<<<<<< #### 6513 - VPN #### !!! Comandos para mostrar as configurações: !! Para mostrar a PSK (Pre-Shared Key) show crypto isakmp key ! ! !! Para mostrar os Profiles: show crypto isakmp profile show crypto isakmp profile tag VPN_S2S_LOCALIDADE ! ! !! Para mostrar os Tranform Sets: show crypto ipsec transform-set show crypto ipsec transform-set TS_VPN_LOCALIDADE ! ! !! Para mostrar os cryptomaps: show crypto map tag MAP-111 !! Para mostrar em quais profiles uma VRF está sendo usada: show crypto isakmp profile vrf VRF_NOME |===========^ Configurar uma VPN site-to-site ================================| |<<<<<<<<<<<<<< #### 6513 - VPN #### - !! Para mostrar a PSK (Pre-Shared Key) show crypto isakmp key | =============================================================================== Verificando Conexões VPN: =============================================================================== show crypto session remote 187.69.1.106 detail Crypto session current status Code: C - IKE Configuration mode, D - Dead Peer Detection K - Keepalives, N - NAT-traversal, X - IKE Extended Authentication Interface: Vlan901 Session status: UP-ACTIVE Peer: 187.69.1.106/61198 fvrf: (none) ivrf: VRF_VPN Phase1_id: GRUPO Desc: (none) IKE SA: local 200.200.200.10/500 remote 187.69.1.106/61198 Active Capabilities:CX connid:7 lifetime:23:07:46 IPSEC FLOW: permit ip 0.0.0.0/0.0.0.0 host 10.10.10.1 Active SAs: 2, origin: dynamic crypto map Inbound: #pkts dec'ed 1508 drop 0 life (KB/Sec) 4409754/3407 Outbound: #pkts enc'ed 1447 drop 0 life (KB/Sec) 4409754/3407 |===========^ Verificando Conexões VPN =======================================| =============================================================================== Troubleshooting de VPN: =============================================================================== 1d00h: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Main Mode failed with peer at 150.150.150.1 (Fonte: http://www.cisco.com/en/US/tech/tk583/tk372/technologies_tech_note09186a00800949c5.shtml) show crypto isakmp sa |===========^ Troubleshooting de VPN =========================================| |#############################################################################| >ACE Tags: ACE !! Para ver os arquivos csr (requisição de certificados) e key (chaves): show crypto files !! Para ver o conteúdo de um arquivo chave: crypto export seguro.key !! Para gerar o arquivo CSR, onde seguro são os parâmetros e SEGURO_09_2011 é a chave: crypto generate csr seguro SEGURO_09_2011 !! Para gerar os parâmetros para um arquivo de CSR: crypto csr-params seguro ACS The user receives the "NAS Port Re-Used" message in the Cisco Secure Access Control Server (ACS) accounting log when Cisco Secure ACS for Windows is used: https://supportforums.cisco.com/docs/DOC-2186;jsessionid=10F5780322277A6FB6B9F30F28E009F5.node0 |<<<<<<<<<<<<<< #### ACS #### Report and Activity > RADIUS Accounting Group Setup > No Grupo: Cisco IOS/PIX 6.x RADIUS Attributes ([009\001] cisco-av-pair): ipsec:key-exchange=ike ipsec:key-exchange=preshared-key ipsec:addr-pool=POOL_CLIENT_NOME ipsec:default-domain=dominio.com.br ipsec:dns-servers=10.161.1.8 10.161.1.9 External User Databases > Database Group Mappings: LDAP LDAP Groups: grupo_no_ldap, * =============================================================================== Opções do ACS para os Usuários: =============================================================================== *Client IP Address Assignment Use group settings *Account Disable Date exceeds: Failed attempts exceed: |==========^ Opções do ACS para os Usuários ==================================| |<<<<<<<<<<<<<< #### ACS #### =============================================================================== Opções do ACS para os Grupos: =============================================================================== Enable Options #### *Callback No callback allowed #### IETF RADIUS Attributes [025] Class: LDAP Max Sessions Sessions available to users of this group TACACS+ Settings PPP IP |==========^ Opções do ACS para os Grupos ====================================| =============================================================================== VPN+ACS =============================================================================== External DB user invalid or bad password Senha inválida. |==========^ VPN+ACS =========================================================| |<<<<<<<<<<<<<< #### ACS #### |##########^ ACS #############################################################| http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00800a5b9a.shtml |##########^ access-list #####################################################| >ASA !! Adicionar usuário: ASDM > Configuration > Device Management > Users/AAA > User Accounts http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/s4.html#wp1486738 http://www.cisco.com/en/US/docs/security/asa/asa70/configuration/guide/ike.html (Fonte: http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/mgaccess.html#wp1042045) !!! Para ver os privilégios do usuário que está logado: show curpriv !!! Para configurar a senha de um usuário: username usuario password SENHA =============================================================================== VPN =============================================================================== >VPN show running-config isakmp show running-config ipsec (Fonte: http://www.cisco.com/en/US/tech/tk583/tk372/technologies_tech_note09186a00800949c5.shtml) show crypto isakmp sa (Fonte: http://www.cisco.com/en/US/tech/tk583/tk372/technologies_tech_note09186a00800949c5.shtml) show crypto ipsec sa peer 189.32.131.221 show debug |<<<<<<<<<<<<<< #### ASA #### ==== VPN ==== >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> show running-config crypto !!! Para mostrar pelo nome da crypto map: show crypto ipsec sa map NOME_TESTE terminal monitor !!! (ASA 5500) terminal no monitor (Fonte: http://www.cisco.com/en/US/docs/ios/12_3t/12_3t2/feature/guide/gt_dbcry.html#wp1042275) show crypto debug-condition debug crypto isakmp 255 debug crypto ipsec 100 (Fonte: http://www.cisco.com/en/US/docs/security/asa/asa84/command/reference/d1.html#wp2106282) debug crypto condition reset debug crypto condition group REDE-VPN debug crypto condition error isakmp debug crypto condition peer 189.32.139.82 VER IKE 2!!!!!!!! https://lists.strongswan.org/pipermail/users/2005-November/001164.html |==========^ VPN =============================================================| --- Apr 20 11:44:23 [IKEv1]: IP = 189.144.199.211, Received isakmp packet with unsupported major version (2) --- http://fengnet.com/book/vpnconf/ch23lev1sec1.html (Fonte: http://serverfault.com/questions/43433/cisco-asa-vpn-where-can-i-find-information-on-what-the-detailed-logs-mean) IKE AM Responder FSM error history (Legal: http://www.watchguard.com/help/docs/edge/10/en-us/content/en-us/bovpn/manual/manual_bovpn_edge_cisco.html) (Legal: Troubleshoting: http://cisconetwork.org.ua/1587051893/ch08lev1sec2.html) Mar 28 12:18:45 [IKEv1 DEBUG]: Group = GW-VPN-TESTE, IP = 189.32.131.221, IKE AM Responder FSM error history (struct &0x2a4241f0), :  AM_DONE, EV_ERROR-->AM_WAIT_MSG3, EV_PROB_AUTH_FAIL-->AM_WAIT_MSG3, EV_TIMEOUT-->AM_WAIT_MSG3, NullEvent-->AM_SND_MSG2, EV_CRYPTO_ACTIVE-->AM_SND_MSG2, EV_SND_MSG-->AM_SND_MSG2, EV_START_TMR-->AM_SND_MSG2, EV_RESEND_MSG Apr 19 18:41:58 [IKEv1]: IP = 189.32.139.82, All IKE SA proposals found unacceptable! Apr 19 18:10:42 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 189.32.139.82, IKE AM Responder FSM error history (struct &0x2a7d9000), :  AM_DONE, EV_ERROR-->AM_SND_MSG2, EV_SND_MSG-->AM_SND_MSG2, EV_START_TMR-->AM_BLD_MSG2, EV_BLD_MSG2_TRL-->AM_BLD_MSG2, EV_SKEYID_OK-->AM_BLD_MSG2, NullEvent-->AM_BLD_MSG2, EV_GEN_SKEYID-->AM_BLD_MSG2, EV_BLD_MSG2_HDR (Fonte: https://supportforums.cisco.com/thread/345460) Apr 19 19:17:25 [IKEv1]: IP = 189.144.199.211, Received ISAKMP Aggressive Mode message 1 with unknown tunnel group name '189.144.199.211' -- Apr 19 19:26:16 [IKEv1 DEBUG]: Group = JPO-FW, IP = 189.144.199.211, constructing VID payload Apr 19 19:26:16 [IKEv1 DEBUG]: Group = JPO-FW, IP = 189.144.199.211, Send Altiga/Cisco VPN3000/Cisco ASA GW VID Apr 19 19:26:16 [IKEv1]: IP = 189.144.199.211, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + SA (1) + KE (4) + NONCE (10) + ID (5) + HASH (8) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 372 %ASA-3-713123: Group = WIN_VISTA_7, Username = zhe8, IP = 187.127.194.158, IKE lost contact with remote peer, deleting connection (keepalive type: DPD) Apr 19 19:26:23 [IKEv1 DEBUG]: Group = JPO-FW, IP = 189.144.199.211, IKE AM Responder FSM error history (struct &0x2beec988), :  AM_DONE, EV_ERROR-->AM_WAIT_MSG3, EV_PROB_AUTH_FAIL-->AM_WAIT_MSG3, EV_TIMEOUT-->AM_WAIT_MSG3, NullEvent-->AM_SND_MSG2, EV_CRYPTO_ACTIVE-->AM_SND_MSG2, EV_SND_MSG-->AM_SND_MSG2, EV_START_TMR-->AM_SND_MSG2, EV_RESEND_MSG Apr 19 19:26:23 [IKEv1 DEBUG]: Group = JPO-FW, IP = 189.144.199.211, IKE SA AM:ec0f8906 terminating: flags 0x01000001, refcnt 0, tuncnt 0 Apr 19 19:26:23 [IKEv1 DEBUG]: Group = JPO-FW, IP = 189.144.199.211, sending delete/delete with reason message Apr 19 19:26:23 [IKEv1 DEBUG]: Group = JPO-FW, IP = 189.144.199.211, constructing blank hash payload Apr 19 19:26:23 [IKEv1 DEBUG]: Group = JPO-FW, IP = 189.144.199.211, constructing IKE delete payload Apr 19 19:26:23 [IKEv1 DEBUG]: Group = JPO-FW, IP = 189.144.199.211, constructing qm hash payload Apr 19 19:26:23 [IKEv1]: IP = 189.144.199.211, IKE_DECODE SENDING Message (msgid=b7ed7b7a) with payloads : HDR + HASH (8) + DELETE (12) + NONE (0) total length : 80 --- --- SENDING PACKET to 189.144.199.211Apr 19 19:48:03 [IKEv1 DEBUG]: Group = JPO-FW, IP = 189.144.199.211, IKE AM Responder FSM error history (struct &0x2aaf51a8), :  AM_DONE, EV_ERROR-->AM_WAIT_MSG3, EV_PROB_AUTH_FAIL-->AM_WAIT_MSG3, EV_TIMEOUT-->AM_WAIT_MSG3, NullEvent-->AM_SND_MSG2, EV_CRYPTO_ACTIVE-->AM_SND_MSG2, EV_SND_MSG-->AM_SND_MSG2, EV_START_TMR-->AM_SND_MSG2, EV_RESEND_MSG Apr 19 19:48:03 [IKEv1 DEBUG]: Group = JPO-FW, IP = 189.144.199.211, IKE SA AM:8ba22ddb terminating: flags 0x01000001, refcnt 0, tuncnt 0 Apr 19 19:48:03 [IKEv1 DEBUG]: Group = JPO-FW, IP = 189.144.199.211, sending delete/delete with reason message ---	 ---	 Apr 19 19:50:07 [IKEv1]: IP = 189.144.199.211, Duplicate first packet detected. Ignoring packet. ---	 ---	 (Fonte: http://serverfault.com/questions/43433/cisco-asa-vpn-where-can-i-find-information-on-what-the-detailed-logs-mean) SENDING PACKET to 189.144.199.211Apr 19 20:01:30 [IKEv1 DEBUG]: Group = JPO-FW, IP = 189.144.199.211, IKE AM Responder FSM error history (struct &0x2a7d9000), :  AM_DONE, EV_ERROR-->AM_WAIT_MSG3, EV_PROB_AUTH_FAIL-->AM_WAIT_MSG3, EV_TIMEOUT-->AM_WAIT_MSG3, NullEvent-->AM_SND_MSG2, EV_CRYPTO_ACTIVE-->AM_SND_MSG2, EV_SND_MSG-->AM_SND_MSG2, EV_START_TMR-->AM_SND_MSG2, EV_RESEND_MSG Apr 19 20:01:30 [IKEv1 DEBUG]: Group = JPO-FW, IP = 189.144.199.211, IKE SA AM:70f581ed terminating: flags 0x01000001, refcnt 0, tuncnt 0 Apr 19 20:01:30 [IKEv1 DEBUG]: Group = JPO-FW, IP = 189.144.199.211, sending delete/delete with reason message Apr 19 20:01:30 [IKEv1 DEBUG]: Group = JPO-FW, IP = 189.144.199.211, constructing blank hash payload Apr 19 20:01:30 [IKEv1 DEBUG]: Group = JPO-FW, IP = 189.144.199.211, constructing IKE delete payload Apr 19 20:01:30 [IKEv1 DEBUG]: Group = JPO-FW, IP = 189.144.199.211, constructing qm hash payload Apr 19 20:01:30 [IKEv1]: IP = 189.144.199.211, IKE_DECODE SENDING Message (msgid=5244b032) with payloads : HDR + HASH (8) + DELETE (12) + NONE (0) total length : 80 ---	 ping 172.30.20.193 Banner http://imasters.com.br/artigo/2425/cisco/personalizando_o_seu_roteador/ Cisco Unified CM Administration Cisco Call Manager Catalyst Express 500 Switch - Catalyst Express 500 Series Device Manager http://www.cisco.com/en/US/products/ps6545/products_configuration_example09186a00806da6c9.shtml http://www.cisco.com/en/US/products/ps6545/products_configuration_example09186a0080706abc.shtml |##########^ Cisco Catalyst Express 500 ######################################| ↑-- Cisco Catalyst Express 50 ↓-- Comandos >Comandos >Todos os comandos =============================================================================== Comandos com a Descrição Resumida: =============================================================================== >Comandos com a Descrição Resumida default interface fastEthernet 2/0/16		- Para voltar a configuraçõa Default da interface service password-encryption			- Para fazer com que a senha fique criptografada (password) show cdp neighbors show clock - Mostra a data e hora do sistema show interfaces description show interfaces status err-disabled show interfaces status module 1 show mac-address-table					- Para ver a tabela de MAC Address show port-security show port-security address show port-security interface ... show running-config interface fastEth...- switchport port-security 		- Enables port security on the interface switchport port-security aging time ... - Tempo em minutos que ficará na lista switchport port-security maximum ... - Quantidade de MAC por porta switchport port-security violation ... - Action to be taken when a security violation is detected |==========^ Comandos com a Descrição Resumida ===============================| |<<<<<<<<<<<<<< #### Comandos #### >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> ========================================================================================= banner Sugestão de banner: ACESSO RESTRITO AS PESSOAS AUTORIZADAS Restricted access only to authorized people ESTE AMBIENTE ESTAH SENDO MONITORADO EMPRESA - LOCAL OPERADORA - NUMERO DO CIRCUITO (Referência: http://imasters.com.br/artigo/2425/redes-e-servidores/personalizando-o-seu-roteador/) (Referência: http://imasters.com.br/artigo/2425/cisco/personalizando_o_seu_roteador/) No que o banner ajuda contra invasões? Response: Ninguém pode alegar que não sabia que estava acessando uma área não autorizada em caso de acessos indevidos. Isto não evita o acesso, mas assegura que a pessoa foi avisada que está fazendo algo ilegal e que sofrerá sansões da lei. Também é interessante colocar na mensagem que “este ambiente é monitorado”, desta forma, pessoas mais temerosas não ficarão fazendo “testes” indevidos em seus equipamento |=======================================================================================| |<<<<<<<<<<<<<< **** Configurando os CISCOs - Geral **** #### Comandos #### ========================================================================================= hostname - para mudar o nome do equipamento (Aplica-se em: router e Switch) Sugestão de nomeclatura: rtspo061543 - rt=roteador, spo= Cidade de São Paulo, 061543=Número do Circuito ou Modelo do roteador swbsbanexoa01001 - sw=switch, bsb=Brasília, anexoa=Anexo A 01=Primeiro Andar, 001=Switch 001 |=======================================================================================| ↑-- hostname ↓-- duplex ========================================================================================= duplex [Na configuração da Interface] - Para mudar o duplex (Auto, Full, Half) da interface; |=======================================================================================| ↑↑-- |<<<<<<<<<<<<<< #### Comandos #### >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> ↓↓ -- --- ip helper-address To enable the forwarding of User Datagram Protocol (UDP) broadcasts, including BOOTP, received on an interface, use the ip helper-address command in interface configuration mode. (Fonte 1: http://www.cisco.com/en/US/docs/ios/12_3t/ip_addr/command/reference/ip1_i1gt.html#wp1169356) (Fonte 2: http://www.cisco.com/univercd/cc/td/doc/product/software/ssr83/rpc_r/48383.htm) (Fonte: http://www.cisco.com/en/US/docs/ios/ipaddr/configuration/guide/iad_dhcp_rly_agt.html) The Cisco IOS DHCP relay agent will be enabled on an interface only when the ip helper-address command is configured. This command enables the DHCP broadcast to be forwarded to the configured DHCP server. (Fonte: http://allaboutmylife.wordpress.com/2007/10/17/ip-helper-addresses-for-dhcp/) no ip forward-protocol udp tftp no ip forward-protocol udp nameserver no ip forward-protocol udp domain no ip forward-protocol udp time no ip forward-protocol udp netbios-ns no ip forward-protocol udp netbios-dgm no ip forward-protocol udp tacacs |-| |<<<<<<<<<<<<<< **** Configurando os CISCOs - Geral **** #### Comandos #### --- mls qos - Para habilitar o QoS (Enable QoS for the entire switch) |-| ↑↑-- |<<<<<<<<<<<<<< #### Comandos #### >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> ↓↓ -- line vty 0 4 ========================================================================================= line vty 0 4 |=======================================================================================| |<<<<<<<<<<<<<< **** Configurando os CISCOs - Geral **** #### Comandos #### --- show ip interface vlan 440 Para saber mais informações de uma interface. |-| --- spanning-tree portfast (Interface Configuration Mode) %Warning: portfast should only be enabled on ports connected to a single host. Connecting hubs, concentrators, switches, bridges, etc... to this interface when portfast is enabled, can cause temporary bridging loops. Use with CAUTION %Portfast has been configured on FastEthernet0/10 but will only have effect when the interface is in a non-trunking mode. |-| |<<<<<<<<<<<<<< **** Configurando os CISCOs - Geral **** #### Comandos #### --- switchport mode trunk - Força a porta a operar no modo trunk Set trunking mode to TRUNK unconditionally |-| =============================================================================== switchport port-security [Na configuração da Interface] configure terminal interface fastEthernet 0/6 (Fonte: http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/port_sec.html) - switchport port-security aging type |==============================================================================| switchport trunk encapsulation dot1q spanning-tree portfast Dicas: - não use spanning-tree portfast entre uplinks (no spanning-tree portfast) --- traceroute >traceroute (Fonte: https://learningnetwork.cisco.com/message/81584) ### Ctrl+Shift+6 |-| write - para salvar as configurações (wr) Comparação http://networking.ringofsaturn.com/Cisco/ciscojuniper.php http://www.ciscoblog.com.br/blog/wordpress/2010/07/19/tabela-de-comandos-junos-x-ios/ CISCO				 JUNIPER enable				- configure			- Modo privilegiado show debugging			-				- Para mostrar os debug que estão rodando show interfaces description	- show interfaces descriptions	- Para ver a descrição das interfaces show ip arp (Fonte: http://pt.scribd.com/doc/50816068/203/ip-arp-inspection-trust) show ip arp inspection interfaces show running config 		- show configuration |##########^ Comparação de Comandos ##########################################| >CSM =============================================================================== Configurando o CSM: =============================================================================== configure terminal - configure terminal module csm 4 serverfarm NOME_DA_FARM real 10.10.10.1 3121 health probe SQUID !! Para colocar o server em operação: inservice - |<<<<<<<<<<<<<< #### CSM #### !!! Adicionar rotas no CSM: !! Adição de rota no CSM: switch(config)#module csm 4 switch(config-module-csm)#vserver VS_DN_DMZ switch(config-slb-vserver)#virtual Digitar_Rede_Destino 255.255.255.0 any switch(config-slb-vserver)#vlan 451 switch(config-slb-vserver)#serverfarm SF_DN_0_0_0_0 switch(config-slb-vserver)# replicate csrp sticky switch(config-slb-vserver)# replicate csrp connection switch(config-slb-vserver)# persistent rebalance switch(config-slb-vserver)# inservice switch(config-slb-vserver)#end !! Para sincronizar com outro módulo: hw-module csm 4 standby config-sync !! Para visualizar a configuração do vserever: show module csm 4 vservers |<<<<<<<<<<<<<< #### CSM #### -- Para sincronizar os módulos: ! IMPORTANTE !!! ! Para CSM usar o comando abaixo!!!!! hw-module csm 4 standby config-sync || =============================================================================== Comando show para o CSM: =============================================================================== show running-config module 4 show module csm 4 serverfarms show module csm 4 serverfarms name FARM detail !! Mostra todos os IPs reais: show module csm 4 reals module csm 4 serverfarm FARM real 10.10.10.1 3121 show module csm 4 conns client 10.10.10.117 show module csm 4 conns vserver PROXY show module csm 4 conns vserver PROXY client 10.10.10.117 CSS Tags: CSS !! Para verificar o tempo que o equipamento está ligado: show uptime show ip interfaces |<<<<<<<<<<<<<< #### CSS #### =============================================================================== Referências: (CSS)) =============================================================================== What to do When Your CSS Reboots Unexpectedly (CRASH, Core Dump) http://www.cisco.com/en/US/products/hw/contnetw/ps792/products_tech_note09186a00802d3891.shtml |==========^ Referências ======================================================| Debug ## show logging ## terminal monitor |##########^ Debug ###########################################################| >FWSM >Firewall (Pesquisa: http://www.cisco.com/en/US/docs/security/asa/asa72/asdm52/user/guide/svcrules.html) !! Mostra todos os Network Objects: show names !! Mostra as access-list: show access-list !! Mostra as configurações correntes: show running-config !! Mostra os Network Objects Group: show running-config object-group !! Mostra um Objects Group específico: show running-config object-group id NOME_OBJECT_GROUP |<<<<<<<<<<<<<< #### FWSM #### show conn =============================================================================== Comando show para o FWSM: =============================================================================== Tags: Vários comandos show para o FWSM !!! Mostra os nomes dos hosts (objetos) criados: show name !!! Mostra os nomes das interfaces: show nameif debug crypto condition group GW-VPN-TESTE |==========^ Comando show para o FWSM ========================================| Porta: Servidor: 1719 exempt - isento, dispensado Na configura de NAT pode isentar alguns IPs de se conversarem sem NAT. =============================================================================== ASDM: =============================================================================== >ASDM Configurar o timeout de uma conexão: Configuration > Properties > Timeouts Configuration > Device Management > Users/AAA > User Accounts Configuration > Device Management > Logging |==========^ ASDM ============================================================| E-mail Proxy: http://www.cisco.com/en/US/docs/security/asa/asa72/asdm52/user/guide/vpn_emai.html#wp1176703 <FWSM |##########^ FWSM ############################################################| ↑-- FWSM ↓-- Geral ## show ip cache flow http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SXF/native/configuration/guide/netflow.html#wp1133621 |<<<<<<<<<<<<<< #### Geral #### show mls netflow ip destination 10.10.10.8 |##########^ Geral ###########################################################| Comandos show: show ip arp vrf vrf_nome show ip cef vrf vrf_nome show ip vrf VRF show monitor session all show processes show standby brief HSRP: http://www.cisco.com/en/US/docs/ios/12_1t/12_1t3/feature/guide/dt_hsmp.html =============================================================================== (Fonte: http://www.itsyourip.com/cisco/how-to-enable-spanning-tree-portfast-in-cisco-catalyst-switch-ios/) STP Portfast is a feature in Cisco IOS which allows a switchport which is participating in STP to directly transition from Blocking mode  to Forwarding mode when a device connects and the link goes up. This can improve the initial connect time and can fix some issues with Windows based devices connecting to the Active Directory domains. STP Portfast is ideal for ports which connects directly attached devices and certainly not for the ports which connects a hub or a switch. Hence, good to set switchports that directly connect end devices on your Access switch. To enable STP Portfast in Cisco Catalyst switches running Cisco IOS Enter Interface Configuration Mode ciscoswitch# conf term ciscoswitch(config)# int gigabitethernet 1/10 ciscoswitch(config-if)# no shut NOTE: If the port was initially shutdown Force the switchport mode to Access ciscoswitch(config-if)# switchport mode access Enabled Portfast ciscoswitch(config-if)# spanning-tree portfast %Warning: portfast should only be enabled on ports connected to a    single host. Connecting hubs, concentrators, switches, bridges, etc… to this interface when portfast is enabled, can cause temporary bridging loops. Use with CAUTION %Portfast has been configured on GigabitEthernet1/10 but will only have effect when the interface is in a non-trunking mode. >Procedimentos Rede lenta: - Verificar volume de tráfego de dados (Cacti) - Verificar topologia - Verificar CRC nas interfaces - Realizar um ping para a localidade --- O Switch da localidade apresentou problemas e somente algumas portas estavam funcionando. O Switch que estava na localidade era um Switch antigo e já não tinha suporte do fabricante. Sol.: Foi necessário enviar um outro Switch para a localidade, apesar de não ter suporte, o Switch enviado é mais novo, mais profissional e tem mais portas funcionando. Foi necessário portar as configurações do Switch antigo para o Switch mais novo antes de enviá-lo. O restante da configuração foi realizado via acesso remoto. |-| --- SINTOMA: Suporte Local: - Não só o Internet Explorer estava travando; - A estação estava sem acesso à rede; - Porta do switch está desativada (constatado pela indicação do LED da porta) REDES: - Verificado que a porta estava desabilitada administrativamente CAUSA: - A estação causou algum erro na porta que a fez ser desabilitada automaticamente pelo Switch RESOLUÇÃO: !!!!! Cisco !!! Entrar no modo de configuração: configure terminal !!! Entrar no modo de configuração da interface interface gigabitEthernet 3/0/26 !!! Desabilitar shutdown !!! Habilitar novamente no shutdown !!! Sair end |-| |##########^ Configurações Iniciais ##########################################| >Saída dos Comandos Tags: interpretando as saídas dos comandos |<<<<<<<< **** Configurando os CISCOs - Geral **** #### Saída dos Comandos #### |##########^ Saída dos Comandos ##############################################| ↑-- Saída dos Comandos ↓-- Softwares da Cisco >Softwares da Cisco Cisco Network Assistant http://www.cisco.com/en/US/docs/switches/lan/catalystexpress500/release_12.2_25_fy/user/guide/intro.html http://www.cisco.com/en/US/products/ps6545/products_configuration_example09186a0080706abc.shtml Switch http://www.cisco.com/en/US/products/hw/switches/ps708/products_tech_note09186a008015c612.shtml SPAN show monitor session all ### show vlan show vlan brief |<<<<<<<<<<<<<< #### Switch #### >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> http://www.cisco.com/en/US/docs/switches/lan/catalyst2950/software/release/12.1_19_ea1/configuration/guide/swmacro.html Creating and Applying SmartPort Macros macro {apply | trace} macro description desktop-config show parser macro name desktop-config show running-config interface gigabitEthernet 13/17 interface gigabitEthernet 13/17 |<<<<<<<<<<<<<< #### Switch #### >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> !!! Put the switch in access mode switchport mode access switchport port-security !!! Restrict the port to one address -- that of desktop switchport port-security maximum 1 switchport port-security violation restrict switchport port-security aging time 2 switchport port-security aging type inactivity !!! Allow port to move to forwarding state quickly spanning-tree portfast !!! BPDUs should not be sent into the network spanning-tree bpduguard enable !!! Put all data traffic in vlan 1 switchport access vlan 1 <Switch |##########^ Switch ##########################################################| ↑-- Switch ↓-- Trunking >Trunking !!! Para visualizar as interfaces que estão no modo trunk: show interfaces trunk |<<<<<<<<<<<<<< **** Configurando os CISCOs - Geral **** #### Trunking #### !!! Criar uma VLAN primeiro para adicionar à interface trunk vlan 440 name VLAN_Rede_LAN !!! Para configurar uma interface para atuar no modo trunk: interface GigabitEthernet0/1 description *** Porta Trunk com SW2960 *** switchport trunk encapsulation dot1q switchport mode trunk switchport trunk native vlan 22 switchport trunk allowed vlan add 440 no ip address no shutdown !!! Configurando uma intefacer Access !!! Configurando uma interface no modo Access interface fastEthernet 0/1 switchport mode access switchport access vlan 440 --- Dicas Importantes: - Make sure the native VLAN for an 802.1Q trunk is the same on both ends of the trunk link. If the native VLAN on one end of the trunk is different from the native VLAN on the other end, spanning-tree loops might result. |-| |##########^ Trunking ########################################################| http://www.ciscoios.biz/en/US/docs/ios/12_1/configfun/command/reference/frd1001.html http://cisco.biz/en/US/docs/wireless/access_point/12.2_13_JA/configuration/guide/s13cli.html http://www.cisco.com/en/US/docs/ios/12_2/termserv/configuration/guide/tcfaapre_ps1835_TSD_Products_Configuration_Guide_Chapter.html http://www.ciscoexpert.info/en/US/docs/switches/lan/catalyst6500/ios/12.1E/native/command/reference/chap1.html show interfaces description | i (PESQUISA1|PESQUISA2) show module show ip arp vrf NOME_VRF show mac-address-table !! 6500 !! Para ver os MAC Address aprendidos por uma determinada porta: show mac-address-table interface 13/14 show mac-address-table interface port-channel 1 show ip arp vrf VRF_NOMEVRF =============================================================================== show para visualizar interfaces: =============================================================================== show running-config interface gigabitEthernet 11/6 !!! Para visualizar informações detalhadas de uma interface !! > show ip interface brief gigabitEthernet 11/6 !!! Para visualizar informações show interfaces switchport brief !!! Para visualizar as interfaces que estão no modo trunk: show interfaces trunk |==========^ show para visualizar interfaces =================================| =============================================================================== show vlan =============================================================================== !!! Para visualizar a quantidade VLANs: show vlan summary show vlan show vlan id 900 |==========^ show vlan =======================================================| ================================ ^Acima: Vários Comandos show |#############################################################################| >VLAN Tags: 802.1Q |<<<<<<<<<<<<<< **** Configurando os CISCOs - Geral **** #### VLAN #### --- Configurando um IP Phone em uma porta de Switch CISCO: (Fonte: http://www.cisco.com/en/US/docs/switches/lan/catalyst3550/software/release/12.1_13_ea1/configuration/guide/swvoip.html#wp1034062) !!! Configuring Ports to Carry Voice Traffic in 802.1Q Frames !!>>>> Step 1 !Enter global configuration mode. configure terminal !>>> Step 2 mls qos Enable QoS for the entire switch. Step 3 interface interface-id Specify the interface connected to the IP phone, and enter interface configuration mode. Step 4 mls qos trust cos Classify ingress traffic packets with packet CoS values. For untagged packets, use the port default CoS value. !!>>>>> Step 5 !Instruct the Cisco IP Phone to forward all voice traffic through the specified VLAN. By default, the Cisco IP Phone forwards the voice traffic with an ! ! !802.1Q priority of 5. !Valid VLAN IDs are from 1 to 4094. switchport voice vlan vlan-id Step 6 end Return to privileged EXEC mode. Step 7 show interfaces interface-id switchport or show running-config interface interface-id Verify your voice VLAN entries. Verify your QoS and voice VLAN entries. Step 8 copy running-config startup-config (Optional) Save your entries in the configuration file. |-| |##########^ VLAN ############################################################| >VoIP >Voz show mls qos show mls qos interface show policy-map interface gigabitEthernet 0/0 output show mls qos maps !! Configuring Class-Based Packet Marking http://www.cisco.com/en/US/docs/ios/12_2/qos/configuration/guide/qcfcbmrk.html http://www.cisco.com/en/US/docs/ios/12_2/qos/configuration/guide/qcfcbmrk.html#wp1005696 203566: .Mar 14 12:37:56.703 GMT-3: %ISDN-6-DISCONNECT: Interface Serial0/1/0:9 disconnected from 9593, call lasted 52 seconds |##########^ VoIP ############################################################| =============================================================================== ACLs: http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00800a5b9a.shtml How to allow https://supportwiki.cisco.com/ViewWiki/index.php?title=Category:Cisco_PIX_500_Series_Security_Appliances&until=How+to+configure+TACACS%2B+and+RADIUS+authentication+on+the+PIX+Firewall Definition of the traceroute: http://en.wikipedia.org/wiki/Traceroute Configuration > User Management > Groups IETF RADIUS Attributes [025] Class |##########^ WebVPN #################################################| ↑-- WebVPN ↓-- Resumo de Todos Comandos !!! Para visualizar a versão do IOS: show version !!! Para visualizar a utilização de CPU: show processes cpu show processes cpu sorted show processes cpu history !!! Para visualizar a data e hora: show clock !!! Para visualizar os Logs: show logging !!! Para visualizar os erros no terminal: terminal monitor |##########^ Resumo de Todos Comandos ########################################| ******************************************************************************* Configurando/Gerenciando o LMS Criado por: Alessandro C. M. Kuramoto Data: 19/09/2008 Modificado em: 01/10/2009-08:44 v.20091001-0844 Palavras-chaves: CISCO, FWSM ******************************************************************************* http://lms.dominio.com.br:1741 RME > Config Management > Archive Management > Compare Configs > Device Troubleshooting > Device Center > Selecionar o dispositivo > 24-hour Syslog Message Summary Device Fault Manager > E-Mail Notification > Seguir as telas... =============================================================================== Troubleshooting: =============================================================================== - http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_device_fault_manager/2.0_IDU_2.0.3/user/guide/Events.html HighQueueDropRate Description: Number of packets discarded due to input or output queue overflow exceeding the Queue drop threshold. The input (or output) queue overflow is derived by dividing the number of packets designated to be sent (or received) that were discarded due to queue overflow, by the total number of packets in the queue. Trigger: Exceeded Queue drop threshold. Severity: Critical. Device Type: All. Event Code: 1012. -| |==========^ Troubleshooting =================================================| <LMS |##########^ LMS #############################################################| ↑-- LMS ↓-- FWSM !! Mostra todos os Network Objects: show names !! Mostra as access-list: show access-list !! Mostra as configurações correntes: show running-config !! Mostra os Network Objects Group: show running-config object-group exempt - isento, dispensado Na configura de NAT pode isentar alguns IPs de se conversarem sem NAT. |=====================================| ^Acima: FWSM |#############################################################################| Comandos show: show ip arp vrf vrf1 show ip cef vrf vrf1 show ip vrf VRF show monitor session all show processes show standby brief HSRP: http://www.cisco.com/en/US/docs/ios/12_1t/12_1t3/feature/guide/dt_hsmp.html =============================================================================== (Fonte: http://www.itsyourip.com/cisco/how-to-enable-spanning-tree-portfast-in-cisco-catalyst-switch-ios/) STP Portfast is a feature in Cisco IOS which allows a switchport which is participating in STP to directly transition from Blocking mode  to Forwarding mode when a device connects and the link goes up. This can improve the initial connect time and can fix some issues with Windows based devices connecting to the Active Directory domains. STP Portfast is ideal for ports which connects directly attached devices and certainly not for the ports which connects a hub or a switch. Hence, good to set switchports that directly connect end devices on your Access switch. To enable STP Portfast in Cisco Catalyst switches running Cisco IOS Enter Interface Configuration Mode ciscoswitch# conf term ciscoswitch(config)# int gigabitethernet 1/10 ciscoswitch(config-if)# no shut NOTE: If the port was initially shutdown Force the switchport mode to Access ciscoswitch(config-if)# switchport mode access Enabled Portfast ciscoswitch(config-if)# spanning-tree portfast %Warning: portfast should only be enabled on ports connected to a    single host. Connecting hubs, concentrators, switches, bridges, etc… to this interface when portfast is enabled, can cause temporary bridging loops. Use with CAUTION %Portfast has been configured on GigabitEthernet1/10 but will only have effect when the interface is in a non-trunking mode. ↑-- ↓-- Cisco Nexus Operating System (NX-OS) >Nexus >NX-OS Tags: Cisco Nexux Cisco Nexus Operating System (NX-OS) http://www.cisco.com/en/US/docs/switches/datacenter/sw/4_0/nx-os/fundamentals/configuration/guide2/fun_2setup.html Ver: http://www.cisco.com/web/techdoc/dc/reference/cli/nxos/commands/l2/switchport_port-security_aging.html Comandos: show environment power detail show hardware fabric-utilization show logging server show processes cpu history - Para ver a utilização de CPU show running-config | include ignore-case VLAN show version			- Para visualizar a versão do equipamento |<<<<<<<<<<<<<< ### Cisco Nexus Operating System (NX-OS) ### >>>>>>>>>>>>>>>>>> dir bootflash: copy running-config startup-config copy startup-config tftp://10.10.10.31/NOMESWITCH-startup-config copy bootflash:tsupport_ROUTER01901.txt tftp://10.10.19.34 (Fonte: https://supportforums.cisco.com/thread/2034566) show tech-support > bootflash:tsupport_file http://www.cisco.com/en/US/docs/solutions/Enterprise/Campus/Borderless_Campus_Network_1.0/BN_Campus_HA.html !!! Para criar um usuário configure terminal username USER password 5SENHA role network-admin show ip arp | include 10.10.10.10 show mac address-table | include 0014.5ee9.f5ff <Nexus |##########^ Cisco Nexus Operating System (NX-OS) ############################| ↑-- Cisco Nexus Operating System (NX-OS) ↓-- Vários Comandos show show ip arp vrf NOME_VRF show mac-address-table !! 6500 !! Para ver os MAC Address aprendidos por uma determinada porta: show mac-address-table interface 13/14 show mac-address-table interface port-channel 1 show ip arp vrf VRF_NOMEVRF ================================ ^Acima: Vários Comandos show |#############################################################################| =============================================================================== ACLs: http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00800a5b9a.shtml How to allow https://supportwiki.cisco.com/ViewWiki/index.php?title=Category:Cisco_PIX_500_Series_Security_Appliances&until=How+to+configure+TACACS%2B+and+RADIUS+authentication+on+the+PIX+Firewall Definition of the traceroute: http://en.wikipedia.org/wiki/Traceroute |*****************************************************************************| >Exemplos de Configurações --- Configuração de Voice VLAN: Tags: QoS, Voice VLAN interface fastEthernet 0/24 description *** Porta Trunk com SW2960 *** switchport trunk encapsulation dot1q switchport mode trunk switchport trunk allowed vlan 22,440 switchport native vlan 22 !--- (Fonte: http://www.cisco.com/en/US/products/hw/switches/ps5023/products_tech_note09186a0080883f9e.shtml) !--- Voice VLAN is only supported on access ports and not on trunk ports, !--- even though the configuration is allowed. !--- Ou seja, a configuracao "switchport voice vlan 25" nao eh necessaria switchport voice vlan 25 mls qos trust cos no shutdown |-| |##########^ Exemplos de Configurações #######################################| ↑-- Exemplos de Configurações ↓-- Inglês Técnico >Inglês >English --- poison veneno |-| --- poisoning envenenamento |-| --- prune - verbo podar aparar suprimir desbastar Prune VLAN 1 from all the trunks and from all the access ports that don't require it (including not connected and shutdown ports) |-| ↑↑-- Exemplos de Configurações |<<<<<<<<<<<<<< #### Temp #### >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> ↓↓ -- Dicas <Inglês |##########^ Inglês Técnico ##################################################| ↑-- Inglês Técnico ↓-- Dicas >Dicas - Houve uma vez que o pino 8 do cabo UTP não estava crimpado corretamente, assim não conseguia-se pingar o host (Relógio de ponto) de forma alguma, assim foi necessário corrigir o cabo; - O status estava UP, mas para que o "protocol" de uma interface VLAN ficasse UP, foi necessário colocar a interface com link UP na VLAN; -- - Aquecimento do roteador pode causar erros na interface do roteador; Switch: --- Em um Switch Cisco quando uma porta trunk não especifica as Allowed VLANs, significa que todas a VLANs são permitidas nesta porta Trunk: interface Ethernet10/26 description MASTER switchport switchport mode trunk switchport trunk native vlan 7 no shutdown |-| |<<<<<<<<<<<<<< #### Dicas #### >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Segurança Básica de Swithes: - Não utilizar a VLAN 1 para o tráfego de gerencimento de redes e de infraestrutura - Manter o tráfego do gerencimento de redes e de infraestrutura separado de tráfego de dados dos usuários - Retirar a VLAN 1 de todas as portas em trunk e de todas as portas de acesso que não necessita dela, incluindo as portas desconectadas e em shutdown - Colocar as portas não utilizadas em shutdown - Don't configure the management VLAN on any trunk or access port that doesn't require it (including not connected and shutdown ports). (Fonte: http://www.cisco.com/warp/public/cc/pd/si/casi/ca6000/prodlit/vlnwp_wp.htm#wp39009) VLAN de quarentena: https://www.consultas.governoeletronico.gov.br/ConsultasPublicas/contribuicao.do;jsessionid=8DFE256F44BDA1F764F3AEB15FEA363C?acao=exibir&id=1236 Voz: - Vários pacotes UDPs (20 Mbps) em um link de 18 Mbps causa "picotes" na voz, pois UDP não tem controle; <Dicas |##########^ Dicas ###########################################################| ↑-- Dicas ↓-- Troubleshooting >Troubleshooting show loggin http://helpdesk.ugent.be/vpn/en/faq_cisco.php?id=56 |<<<<<<<<<<<<<< #### Troubleshooting #### >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> --- 	Erro ao configurar "switchport mode trunk" em um Switch Layer 3. Ao executar o comando: - 	Switch(config-if)#switchport mode trunk - 	Aparece a seguinte mensagem de erro: - 	Command rejected: An interface whose trunk encapsulation is "Auto" can not be configured to "trunk" mode. - 	Antes de configurar o "switchport mode trunk" é necessário configurar o "switchport trunk encapsulation dot1q". Realize a configuração descrita na causa do problema. |-| |<<<<<<<<<<<<<< #### Troubleshooting #### >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> --- 	Mensagens de erros aparecendo no Switch. Aparece a seguinte mensagem de erro no Switch: CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on FastEthernet0/24 (1), with swsp3560 FastEthernet0/24 (22). [Switch A]VLAN Trunk[Switch B] 	A "Native VLAN" está configurada diferente nas duas pontas do Switch e erro foi identificado na porta FastEthernet0/24. Configure a mesma "Native VLAN" nas duas pontas. Veja também: http://www.cisco.com/en/US/docs/switches/lan/catalyst3550/software/release/12.1_13_ea1/configuration/guide/swvlan.html#wp1274626 |-| |<<<<<<<<<<<<<< #### Troubleshooting #### >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> --- 	Na console aparece a seguinte mensagem: %CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on FastEthernet0/24 (22), with sw1 FastEthernet0/24 (1). A configuração de NATIVE VLAN está está diferente nas portas que estão conectadas. Coloque a configuração da porta na mesma NATIVE VLAN: interface fastEthernet 0/24 switchport native vlan 22 |-| |<<<<<<<<<<<<<< #### Troubleshooting #### >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> --- 	(Fonte: http://thwack.solarwinds.com/thread/22394) If the other interfaces that have the errors are ethernet, you may want to check that both sides of that interface are set to the same speed/duplex, if they are not, you will transmit/receive discards and errors. If they are T1s or any other serial interface, make sure that the settings match the circuit, just keep in mind that you will see discards and errors on the serial interfaces, that is normal, as long as they are not that high. You should worry if they are getting 3000 per day on a T1 with 30% utilization. on a cisco switch just do a sho int s0/0/0 to show the stats for the serial interface. How long has the OC12 been running? and what time frame is the 31 million descards for? 31 mil in 1 year? What is the utilization of the OC12? More than likely you either have a high utilization on your OC12 or it is not configured correctly, either on your end or the Bell's side. |-| |<<<<<<<<<<<<<< #### Troubleshooting #### >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> --- SW#show running-config interface gi 6/0/12 Building configuration... Current configuration : 647 bytes ! interface GigabitEthernet6/0/12 description Desktop and Phone switchport access vlan 3 switchport mode access switchport voice vlan 9 switchport port-security maximum 3 switchport port-security switchport port-security aging time 2 switchport port-security violation restrict switchport port-security aging type inactivity ip arp inspection trust srr-queue bandwidth share 10 10 60 20 srr-queue bandwidth shape 10  0  0  0 queue-set 2 mls qos trust device cisco-phone mls qos trust cos macro description Reativ | Desk_Phone auto qos voip cisco-phone no mdix auto spanning-tree portfast SW#show log | include 6/0/12 102540: Apr 23 09:31:55.947 UTC: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet6/0/12, changed state to down 102541: Apr 23 09:31:56.953 UTC: %LINK-3-UPDOWN: Interface GigabitEthernet6/0/12, changed state to down 102542: Apr 23 09:31:56.953 UTC: %SWITCH_QOS_TB-5-TRUST_DEVICE_LOST: cisco-phone no longer detected on port Gi6/0/12, port set to untrusted. Apr 23 09:42:54.041 UTC: %ILPOWER-5-IEEE_DISCONNECT: Interface Gi6/0/12: PD removed (SW01BR21-6) Apr 23 09:42:56.860 UTC: %ILPOWER-7-DETECT: Interface Gi6/0/12: Power Device detected: IEEE PD (SW01BR21-6) Apr 23 09:42:56.860 UTC: %ILPOWER-5-POWER_GRANTED: Interface Gi6/0/12: Power granted (SW01BR21-6) 102611: Apr 23 11:18:14.225 UTC: %LINK-5-CHANGED: Interface GigabitEthernet6/0/12, changed state to administratively down Apr 23 11:18:16.884 UTC: %ILPOWER-7-DETECT: Interface Gi6/0/12: Power Device detected: IEEE PD (SW01BR21-6) 102613: Apr 23 11:18:17.639 UTC: %LINK-3-UPDOWN: Interface GigabitEthernet6/0/12, changed state to down Apr 23 11:18:17.395 UTC: %ILPOWER-5-POWER_GRANTED: Interface Gi6/0/12: Power granted (SW01BR21-6) 102614: Apr 23 11:18:21.632 UTC: %LINK-3-UPDOWN: Interface GigabitEthernet6/0/12, changed state to up 102615: Apr 23 11:18:22.638 UTC: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet6/0/12, changed state to up 102616: Apr 23 11:18:33.174 UTC: %SWITCH_QOS_TB-5-TRUST_DEVICE_DETECTED: cisco-phone detected on port Gi6/0/12, port trust enabled. Mais específico: SWITCH_QOS_TB-5-TRUST_DEVICE_LOST: cisco-phone no longer detected on port Gi6/0/12, port set to untrusted. VER: http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCtn08126 https://puck.nether.net/pipermail/cisco-voip/2011-August/023574.html Causes of Errdisable: http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a00806cd87b.shtml https://supportforums.cisco.com/thread/2013665 --- 	(Fonte: http://www.cisco.com/en/US/docs/switches/lan/catalyst3550/software/release/12.1_22_ea2/release/notes/OL5556.html) Error Message   TB-5-TRUST_DEVICE_LOST: [chars] no longer detected on port [chars], port set to untrusted. Explanation   This message means that trusted boundary lost contact with a trusted device and has set the port trust state to untrusted. The first [chars] is the device, and the second [chars] is the interface. Recommended Action   No action is required. |-| |-| |<<<<<<<<<<<<<< #### Troubleshooting #### >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> --- (Fonte 1: http://www.cisco.com/en/US/products/hw/switches/ps5023/products_configuration_example09186a00807c4101.shtml) (Fonte 2: http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a00806cd87b.shtml) !--- Interface shuts down when a security violation is detected !!! Importante! Pesquisar FastEthernet0/15 is down, line protocol is down (err-disabled) !--- The port is shown error-disabled. This verifies the configuration. !--- Note: When a secure port is in the error-disabled state, !--- you can bring it out of this state by entering !--- the errdisable recovery cause psecure-violation global configuration command, !--- or you can manually re-enable it by entering the !--- shutdown and no shutdown interface configuration commands. show port-security interface fastEthernet show interfaces status err-disabled Verificar: 3d19h: %PM-4-ERR_DISABLE: psecure-violation error detected on Fa0/6, putting Fa0/6 in err-disable state 3d19h: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0000.0000.0008 on port FastEthernet0/6. 3d19h: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/6, changed state to down 3d19h: %LINK-3-UPDOWN: Interface FastEthernet0/6, changed state to down (Ver: http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.1E/native/configuration/guide/port_sec.html) show errdisable detect ErrDisable Reason   Detection status -    udld                 Enabled bpduguard           Enabled security-violatio   Enabled channel-misconfig   Enabled psecure-violation   Enabled vmps                Enabled loopback            Enabled unicast-flood       Enabled pagp-flap           Enabled dtp-flap            Enabled link-flap           Enabled sfp-config-mismat   Enabled gbic-invalid        Enabled dhcp-rate-limit     Enabled storm-control       Enabled community-limit     Enabled invalid-policy      Enabled all                 Enable error detection on all cases dhcp-rate-limit     Enable error detection on dhcp-rate-limit dtp-flap            Enable error detection on dtp-flapping gbic-invalid        Enable error detection on gbic-invalid link-flap           Enable error detection on linkstate-flapping loopback            Enable error detection on loopback pagp-flap           Enable error detection on pagp-flapping sfp-config-mismatch Enable error detection on SFP config mismatch http://www.techrepublic.com/article/get-to-know-the-cisco-ios-show-interfaces-command/6106502 http://packet-lab.com/main/routing-and-switching/ccnp/item/116-cool-cisco-ios-commands-show-interfaces-counters-errors.html http://www.cisco.com/en/US/products/hw/switches/ps708/products_tech_note09186a008015bfd6.shtml Causes of Errdisable: http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a00806cd87b.shtml |-| |<<<<<<<<<<<<<< #### Troubleshooting #### >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> --- 	Equipamento:	ASA 5500 Configuração:	IPSec VPN Apr 25 00:41:27 [IKEv1]: IP = 189.133.129.71, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + SA (1) + KE (4) + NONCE (10) + ID (5) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 387 Apr 25 00:41:27 [IKEv1 DEBUG]: IP = 189.133.129.71, processing SA payload Apr 25 00:41:27 [IKEv1 DEBUG]: IP = 189.133.129.71, processing ke payload Apr 25 00:41:27 [IKEv1 DEBUG]: IP = 189.133.129.71, processing ISA_KE payload Apr 25 00:41:27 [IKEv1 DEBUG]: IP = 189.133.129.71, processing nonce payload Apr 25 00:41:27 [IKEv1 DEBUG]: IP = 189.133.129.71, processing ID payload Apr 25 00:41:27 [IKEv1 DECODE]: IP = 189.133.129.71, ID_FQDN ID received, len 11 0000: 4A504F31 31465730 303031               JPO-FW Apr 25 00:41:27 [IKEv1 DEBUG]: IP = 189.133.129.71, processing VID payload Apr 25 00:41:27 [IKEv1 DEBUG]: IP = 189.133.129.71, processing VID payload Apr 25 00:41:27 [IKEv1 DEBUG]: IP = 189.133.129.71, Received NAT-Traversal ver 02 VID Apr 25 00:41:27 [IKEv1 DEBUG]: IP = 189.133.129.71, processing VID payload Apr 25 00:41:27 [IKEv1 DEBUG]: IP = 189.133.129.71, processing VID payload Apr 25 00:41:27 [IKEv1 DEBUG]: IP = 189.133.129.71, Received DPD VID Apr 25 00:41:27 [IKEv1 DEBUG]: IP = 189.133.129.71, processing VID payload Apr 25 00:41:27 [IKEv1]: IP = 189.133.129.71, Connection landed on tunnel_group JPO-FW Apr 25 00:41:27 [IKEv1 DEBUG]: Group = JPO-FW, IP = 189.133.129.71, processing IKE SA payload Apr 25 00:41:27 [IKEv1 DEBUG]: Group = JPO-FW, IP = 189.133.129.71, IKE SA Proposal # 1, Transform # 1 acceptable Matches global IKE entry # 4 Apr 25 00:41:27 [IKEv1 DEBUG]: Group = JPO-FW, IP = 189.133.129.71, constructing ISAKMP SA payload Apr 25 00:41:27 [IKEv1 DEBUG]: Group = JPO-FW, IP = 189.133.129.71, constructing ke payload Apr 25 00:41:27 [IKEv1 DEBUG]: Group = JPO-FW, IP = 189.133.129.71, constructing nonce payload Apr 25 00:41:27 [IKEv1 DEBUG]: Group = JPO-FW, IP = 189.133.129.71, Generating keys for Responder... Apr 25 00:41:27 [IKEv1 DEBUG]: Group = JPO-FW, IP = 189.133.129.71, constructing ID payload Apr 25 00:41:27 [IKEv1 DEBUG]: Group = JPO-FW, IP = 189.133.129.71, constructing hash payload Apr 25 00:41:27 [IKEv1 DEBUG]: Group = JPO-FW, IP = 189.133.129.71, Computing hash for ISAKMP Apr 25 00:41:27 [IKEv1 DEBUG]: Group = JPO-FW, IP = 189.133.129.71, constructing Cisco Unity VID payload Apr 25 00:41:27 [IKEv1 DEBUG]: Group = JPO-FW, IP = 189.133.129.71, constructing xauth V6 VID payload Apr 25 00:41:27 [IKEv1 DEBUG]: Group = JPO-FW, IP = 189.133.129.71, constructing dpd vid payload Apr 25 00:41:27 [IKEv1 DEBUG]: Group = JPO-FW, IP = 189.133.129.71, constructing NAT-Traversal VID ver 02 payload Apr 25 00:41:27 [IKEv1 DEBUG]: Group = JPO-FW, IP = 189.133.129.71, constructing NAT-Discovery payload Apr 25 00:41:27 [IKEv1 DEBUG]: Group = JPO-FW, IP = 189.133.129.71, computing NAT Discovery hash Apr 25 00:41:27 [IKEv1 DEBUG]: Group = JPO-FW, IP = 189.133.129.71, constructing NAT-Discovery payload Apr 25 00:41:27 [IKEv1 DEBUG]: Group = JPO-FW, IP = 189.133.129.71, computing NAT Discovery hash Apr 25 00:41:27 [IKEv1 DEBUG]: Group = JPO-FW, IP = 189.133.129.71, constructing Fragmentation VID + extended capabilities payload Apr 25 00:41:27 [IKEv1 DEBUG]: Group = JPO-FW, IP = 189.133.129.71, constructing VID payload Apr 25 00:41:27 [IKEv1 DEBUG]: Group = JPO-FW, IP = 189.133.129.71, Send Altiga/Cisco VPN3000/Cisco ASA GW VID Apr 25 00:41:27 [IKEv1]: IP = 189.133.129.71, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + SA (1) + KE (4) + NONCE (10) + ID (5) + HASH (8) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NAT-D (130) + NAT-D (130) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 440 Apr 25 00:41:27 [IKEv1 DECODE]: IP = 189.133.129.71, IKE Responder starting QM: msg id = 71e6044c Apr 25 00:41:27 [IKEv1]: IP = 189.133.129.71, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + HASH (8) + NAT-D (130) + NAT-D (130) + NONE (0) total length : 100 Apr 25 00:41:27 [IKEv1 DEBUG]: Group = JPO-FW, IP = 189.133.129.71, processing hash payload Apr 25 00:41:27 [IKEv1 DEBUG]: Group = JPO-FW, IP = 189.133.129.71, Computing hash for ISAKMP Apr 25 00:41:27 [IKEv1 DEBUG]: Group = JPO-FW, IP = 189.133.129.71, processing NAT-Discovery payload Apr 25 00:41:27 [IKEv1 DEBUG]: Group = JPO-FW, IP = 189.133.129.71, computing NAT Discovery hash Apr 25 00:41:27 [IKEv1 DEBUG]: Group = JPO-FW, IP = 189.133.129.71, processing NAT-Discovery payload Apr 25 00:41:27 [IKEv1 DEBUG]: Group = JPO-FW, IP = 189.133.129.71, computing NAT Discovery hash Apr 25 00:41:27 [IKEv1]: Group = JPO-FW, IP = 189.133.129.71, Automatic NAT Detection Status:    Remote end   IS   behind a NAT device     This   end   IS   behind a NAT device Apr 25 00:41:27 [IKEv1 DEBUG]: Group = JPO-FW, IP = 189.133.129.71, Delay Quick Mode processing, Cert/Trans Exch/RM DSID in progress Apr 25 00:41:27 [IKEv1 DEBUG]: Group = JPO-FW, IP = 189.133.129.71, Resume Quick Mode processing, Cert/Trans Exch/RM DSID completed Apr 25 00:41:27 [IKEv1]: Group = JPO-FW, IP = 189.133.129.71, PHASE 1 COMPLETED Apr 25 00:41:27 [IKEv1]: IP = 189.133.129.71, Keep-alive type for this connection: DPD Apr 25 00:41:27 [IKEv1 DEBUG]: Group = JPO-FW, IP = 189.133.129.71, Starting P1 rekey timer: 21600 seconds. Apr 25 00:41:27 [IKEv1]: IP = 189.133.129.71, IKE_DECODE RECEIVED Message (msgid=71e6044c) with payloads : HDR + HASH (8) + SA (1) + NONCE (10) + ID (5) + ID (5) + NONE (0) total length : 176 Apr 25 00:41:27 [IKEv1 DEBUG]: Group = JPO-FW, IP = 189.133.129.71, processing hash payload Apr 25 00:41:27 [IKEv1 DEBUG]: Group = JPO-FW, IP = 189.133.129.71, processing SA payload Apr 25 00:41:27 [IKEv1 DEBUG]: Group = JPO-FW, IP = 189.133.129.71, processing nonce payload Apr 25 00:41:27 [IKEv1 DEBUG]: Group = JPO-FW, IP = 189.133.129.71, processing ID payload Apr 25 00:41:27 [IKEv1 DECODE]: Group = JPO-FW, IP = 189.133.129.71, ID_IPV4_ADDR_SUBNET ID received--172.29.3.104--255.255.255.248 Apr 25 00:41:27 [IKEv1]: Group = JPO-FW, IP = 189.133.129.71, Received remote IP Proxy Subnet data in ID Payload:  Address 172.29.3.104, Mask 255.255.255.248, Protocol 0, Port 0 Apr 25 00:41:27 [IKEv1 DEBUG]: Group = JPO-FW, IP = 189.133.129.71, processing ID payload Apr 25 00:41:27 [IKEv1 DECODE]: Group = JPO-FW, IP = 189.133.129.71, ID_IPV4_ADDR_SUBNET ID received--172.31.0.0--255.255.0.0 Apr 25 00:41:27 [IKEv1]: Group = JPO-FW, IP = 189.133.129.71, Received local IP Proxy Subnet data in ID Payload:  Address 172.31.0.0, Mask 255.255.0.0, Protocol 0, Port 0 Apr 25 00:41:27 [IKEv1]: Group = JPO-FW, IP = 189.133.129.71, QM IsRekeyed old sa not found by addr Apr 25 00:41:27 [IKEv1 DEBUG]: Group = JPO-FW, IP = 189.133.129.71, Selecting only UDP-Encapsulated-Tunnel and UDP-Encapsulated-Transport modes defined by NAT-Traversal Apr 25 00:41:27 [IKEv1]: Group = JPO-FW, IP = 189.133.129.71, IKE Remote Peer configured for crypto map: JPO-FW Apr 25 00:41:27 [IKEv1 DEBUG]: Group = JPO-FW, IP = 189.133.129.71, processing IPSec SA payload Apr 25 00:41:27 [IKEv1]: Group = JPO-FW, IP = 189.133.129.71, All IPSec SA proposals found unacceptable! Apr 25 00:41:27 [IKEv1 DEBUG]: Group = JPO-FW, IP = 189.133.129.71, sending notify message Apr 25 00:41:27 [IKEv1 DEBUG]: Group = JPO-FW, IP = 189.133.129.71, constructing blank hash payload Apr 25 00:41:27 [IKEv1 DEBUG]: Group = JPO-FW, IP = 189.133.129.71, constructing ipsec notify payload for msg id 71e6044c Apr 25 00:41:27 [IKEv1 DEBUG]: Group = JPO-FW, IP = 189.133.129.71, constructing qm hash payload Apr 25 00:41:27 [IKEv1]: IP = 189.133.129.71, IKE_DECODE SENDING Message (msgid=428bf61) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 84 Apr 25 00:41:27 [IKEv1]: Group = JPO-FW, IP = 189.133.129.71, QM FSM error (P2 struct &0x2aa41730, mess id 0x71e6044c)! Apr 25 00:41:27 [IKEv1 DEBUG]: Group = JPO-FW, IP = 189.133.129.71, IKE QM Responder FSM error history (struct &0x2aa41730), :  QM_DONE, EV_ERROR-->QM_BLD_MSG2, EV_NEGO_SA-->QM_BLD_MSG2, EV_IS_REKEY-->QM_BLD_MSG2, EV_CONFIRM_SA-->QM_BLD_MSG2, EV_PROC_MSG-->QM_BLD_MSG2, EV_HASH_OK-->QM_BLD_MSG2, NullEvent-->QM_BLD_MSG2, EV_COMP_HASH Apr 25 00:41:27 [IKEv1 DEBUG]: Group = JPO-FW, IP = 189.133.129.71, sending delete/delete with reason message Apr 25 00:41:27 [IKEv1]: Group = JPO-FW, IP = 189.133.129.71, Removing peer from correlator table failed, no match! Apr 25 00:41:27 [IKEv1]: Group = JPO-FW, IP = 189.133.129.71, Deleting static route for L2L peer that came in on a dynamic map. address: 172.29.3.104, mask: 255.255.255.248 Apr 25 00:41:27 [IKEv1 DEBUG]: Group = JPO-FW, IP = 189.133.129.71, IKE SA AM:a553259c rcv'd Terminate: state AM_ACTIVE flags 0x00000041, refcnt 1, tuncnt 0 Apr 25 00:41:27 [IKEv1 DEBUG]: Group = JPO-FW, IP = 189.133.129.71, IKE SA AM:a553259c terminating: flags 0x01000001, refcnt 0, tuncnt 0 Apr 25 00:41:27 [IKEv1 DEBUG]: Group = JPO-FW, IP = 189.133.129.71, sending delete/delete with reason message Apr 25 00:41:27 [IKEv1 DEBUG]: Group = JPO-FW, IP = 189.133.129.71, constructing blank hash payload Apr 25 00:41:27 [IKEv1 DEBUG]: Group = JPO-FW, IP = 189.133.129.71, constructing IKE delete payload Apr 25 00:41:27 [IKEv1 DEBUG]: Group = JPO-FW, IP = 189.133.129.71, constructing qm hash payload Apr 25 00:41:27 [IKEv1]: IP = 189.133.129.71, IKE_DECODE SENDING Message (msgid=9d45457e) with payloads : HDR + HASH (8) + DELETE (12) + NONE (0) total length : 80 Apr 25 00:41:27 [IKEv1]: Group = JPO-FW, IP = 189.133.129.71, Session is being torn down. Reason: Phase 2 Mismatch O PFS (PFS - Perfect Forward Secret) estava errado. |-| |<<<<<<<<<<<<<< #### Troubleshooting #### >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> --- 	Equipamento: ASA 5500 ### Log retirado do ASA - Erro aconteceu com a versão IKEv2 no site remoto: Apr 20 11:44:23 [IKEv1]: IP = 189.144.199.211, Received isakmp packet with unsupported major version (2) A versão do ASA utilizada suporta IKEv1. |-| |<<<<<<<<<<<<<< #### Troubleshooting #### >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> --- 	Equipamento: Cisco 2960 Ao tentar executar: wr Aparece o erro: --- 	startup-config file open failed (Device or resource busy) ---	 	Na seção pela console o comando "show configuration" estava em aberto. |-| |<<<<<<<<<<<<<< #### Troubleshooting #### >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Equipamento: |-| |<<<<<<<<<<<<<< #### Troubleshooting #### >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Equipamento: |-| |<<<<<<<<<<<<<< #### Troubleshooting #### >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Equipamento: |-| |<<<<<<<<<<<<<< #### Troubleshooting #### >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> 023654: Mar 12 20:44:41.529 GMT-3: %IPPHONE-6-UNREGISTER_NORMAL: ephone-111:SEPA8B1D41F242E IP:10.1.6.84 Socket:44 DeviceType:Phone has unregistered normally. <Troubleshooting |##########^ Troubleshooting #################################################| ↑-- Troubleshooting ↓-- FAQ >FAQ --- Q.) Como colocar senha nos switches e roteadores? A.) [No modo de configuração] enable secret SENHA http://www.cisco.com/en/US/products/hw/switches/ps628/products_password_recovery09186a0080094184.shtml |-| |<<<<<<<<<<<<<< #### FAQ #### >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> --- Q.) Como configurar uma Voice VLAN? (How can I configure Voice VLAN?) A.) https://learningnetwork.cisco.com/message/75599 Cisco Catalyst 3750 QoS Configuration Examples: http://www.cisco.com/en/US/products/hw/switches/ps5023/products_tech_note09186a0080883f9e.shtml !--- Voice VLAN is only supported on access ports and not on trunk ports, !--- even though the configuration is allowed. show mls qos interface fastEthernet 0/10 |-| |<<<<<<<<<<<<<< #### FAQ #### >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> --- Q.) Como configurar um servidor de DHCP para uma rede Voice VLAN? A.) http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080114aee.shtml |-| |<<<<<<<<<<<<<< #### FAQ #### >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> --- Q.) Como ver as rotas específica? A.) (Nexus OS) show ip route 10.10.10.32/29 |-| |<<<<<<<<<<<<<< #### FAQ #### >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> --- Q.) Como ver os usuários criados? A.) (Nexus OS) show user-account |-| |<<<<<<<<<<<<<< #### FAQ #### >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> --- Q.) Does anyone have an application that takes advantage of NATIVE VLAN? A.) The basic application of that is simply the collection of protocols that run on a trunk untagged: VTP, CDP... (Fonte: http://www.velocityreviews.com/forums/t30335-native-vlan.html) |-| |<<<<<<<<<<<<<< #### FAQ #### >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> --- Q.) Por quê usar uma rede separada os telefones IPs? A.) http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080114aee.shtml |-| |<<<<<<<<<<<<<< #### FAQ #### >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> --- Q.) What is the Native VLAN? A.) See: http://en.wikipedia.org/wiki/IEEE_802.1Q#Trunk_ports_and_the_native_VLAN http://www.velocityreviews.com/forums/t30335-native-vlan.html https://learningnetwork.cisco.com/message/122540 |-| |<<<<<<<<<<<<<< #### FAQ #### >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> --- Q.) Como habilitar o roteamento? Como habilitar o roteamento no Switch? Tags: habilitar roteamento Configurando Roteamento entre VLANs em um Switch Layer 3 Cisco A.) Para habilitar o roteamento no Switch: ip routing ip routing –> comando que ativou o protocolo IP |-| |<<<<<<<<<<<<<< #### FAQ #### >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> --- Para adicionar rota para o próprio Switch utilizar: ip default-gateway 10.10.10.1 http://www.dltec.com.br/blog/cisco/ccna/configurando-roteamento-entre-vlans-em-um-switch-layer-3-cisco/ Cuidado: Esse comando é diferente do: ip route 0.0.0.0 0.0.0.0 10.10.10.1 |-| |<<<<<<<<<<<<<< #### FAQ #### >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> --- http://www.dltec.com.br/blog/cisco/ccna/configurando-roteamento-entre-vlans-em-um-switch-layer-3-cisco/ ip subnet-zero –> para aceitar todas as subredes |-| |<<<<<<<<<<<<<< #### FAQ #### >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> --- |-| |<<<<<<<<<<<<<< #### FAQ #### >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> --- |-| |<<<<<<<<<<<<<< #### FAQ #### >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> --- |-| |<<<<<<<<<<<<<< #### FAQ #### >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> <FAQ |##########^ FAQ #############################################################| ↑-- FAQ ↓-- Glossário >Glossário >Termos --- 10GBASE-SR (10-gigabit Ethernet) http://en.wikipedia.org/wiki/10-gigabit_Ethernet |-| RME - Resource Manager Essentials |<<<<<<<<<<<<<< **** Configurando os CISCOs - Geral **** #### Glossário #### --- CDP - Cisco Discovery Protocol (Fonte 1: http://www.juliobattisti.com.br/tutoriais/luisepedroso/discoveryprotocol001.asp) (Fonte 2: http://www.cisco.com/en/US/docs/ios/12_1/configfun/configuration/guide/fcd301c.html) !! Para visualizar as interfaces que o CDP está habilitado: show cdp interface !!Para visuzalizar os visinhos: show cdp neighbors !! Para visualizar detalhes dos vizinhos: show cdp neighbors detail |-| --- FCoE: http://thenetguy.wordpress.com/2011/08/06/fcoe/ |-| --- HSRP: Standby Router Protocol (HSRP) |-| |<<<<<<<<<<<<<< **** Configurando os CISCOs - Geral **** #### Glossário #### --- GLBP Gateway Load Balancing Protocol (GLBP) |-| --- lookup table - ARP cache (Fonte:http://www.ciscopress.com/articles/article.asp?p=1181682&seqNum=8) |-| --- Native VLAN VLAN that is not associated explicitly to any tag on an 802.1Q link. http://www.cisco.com/en/US/products/hw/switches/ps708/products_white_paper09186a008013159f.shtml |-| --- PFS - Perfect Forward Secret |-| --- QoS Entendendo: http://echoreplypackets.net/2011/02/12/ip-telephony-voice-vlans/ |-| |<<<<<<<<<<<<<< **** Configurando os CISCOs - Geral **** #### Glossário #### --- Relay Agent A router that forwards DHCP and BOOTP messages between a server and a client on different subnets. (Fonte: http://www.cisco.com/en/US/docs/ios/12_1t/12_1t2/feature/guide/dt_dhcpu.html#wp1022548) |-| --- SFP (Small form-factor pluggable) (Fonte: http://en.wikipedia.org/wiki/Small_form-factor_pluggable_transceiver) SFP+ (enhanced small form-factor pluggable) |-| |<<<<<<<<<<<<<< **** Configurando os CISCOs - Geral **** #### Glossário #### >> --- Switched Port Analyzer (SPAN) (Fonte: http://www.gns3.net/gns3-switching-simulation/) |-| |<<<<<<<<<<<<<< **** Configurando os CISCOs - Geral **** #### Glossário #### >> --- Throughput Outros termos utilizados no caso de Switching: - Forwarding performance - Switch Fabric Capacity |-| |<<<<<<<<<<<<<< **** Configurando os CISCOs - Geral **** #### Glossário #### >> --- Throughput http://en.wikipedia.org/wiki/Twinaxial_cabling |-| |<<<<<<<<<<<<<< **** Configurando os CISCOs - Geral **** #### Glossário #### >> --- Voice VLAN A voice VLAN port is an access port attached to a Cisco IP Phone, configured to use one VLAN for voice traffic and another VLAN for data traffic from a device attached to the phone. For more information about voice VLAN ports (Fonte: http://www.cisco.com/en/US/docs/switches/lan/catalyst3550/software/release/12.1_13_ea1/configuration/guide/swvlan.html#wp1274626) (Fonte: http://echoreplypackets.net/2011/02/12/ip-telephony-voice-vlans/) - Particularly when implementing video conferencing, make sure your total overall traffic doesn’t exceed 75% of the overall available bandwidth. That includes video, voice, and data! Cisco also recommends that voice and video combined not exceed 33% of a link’s bandwidth. This allows for network control traffic to flow through the network and helps to prevent jitter as well (Fonte: http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.1E/native/configuration/guide/voip.html) - The Cisco IP Phone transmits voice traffic with Layer 3 IP precedence and Layer 2 CoS values, which are both set to 5 by default. (Fonte: http://www.cisco.com/en/US/products/hw/switches/ps5023/products_tech_note09186a0080883f9e.shtml#concept22) - If the port is an access port or Layer 3 port, you need to configure the mls qos trust dscp command. You cannot use the mls qos trust cos command because the frame from the access port or Layer 3 port does not contain dot1q or ISL tag. CoS bits are present in the dot1q or ISL frame only. http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_35_se/configuration/guide/swqos.html#wp1032169 |-| |<<<<<<<<<<<<<< **** Configurando os CISCOs - Geral **** #### Glossário #### >> --- VRRP Virtual Router Redundancy Protocol (VRRP) (Fonte: http://en.wikipedia.org/wiki/Virtual_Router_Redundancy_Protocol) |-| |<<<<<<<<<<<<<< **** Configurando os CISCOs - Geral **** #### Glossário #### >> --- |-| |<<<<<<<<<<<<<< **** Configurando os CISCOs - Geral **** #### Glossário #### <Glossário |##########^ Glossário #######################################################| ↑-- Glossário ↓-- Referências >Referências Summarize IOS printouts (example: Frame Relay DLCIs): http://blog.ioshints.info/2007/04/summarize-ios-printouts-example-frame.html |<<<<<<<<<<<<<< **** Configurando os CISCOs - Geral **** #### Referências #### http://pinouts.ru/NetworkCables/rj45_rollover_pinout.shtml http://www.cisco.com/en/US/docs/switches/lan/catalyst3550/software/release/12.1_13_ea1/configuration/guide/swvlan.html#wp1274626 http://www.cisco.com/en/US/tech/tk389/tk815/technologies_configuration_example09186a008015f17a.shtml http://www.brainwork.com.br/blog/2010/05/27/polticas-de-controle-de-banda-catalyst-3750/ http://procedimentosemti.com.br/blog/blog1.php/2010/04/27/procedimentos-de-padronizacao-de-nomes?page=5 http://cisco.forumeiros.com/t463-trunk-de-vlan-entre-cisco-e-d-link <Referências |##########^ Referências #####################################################| ↑-- Referências ↓-- Tarefas >Tarefas Tags: Perguntas de certificações -- (Fonte: http://www.flashcardmachine.com/ccnp-switch-642813campusnetworkdesign.html) Title:		CCNP SWITCH 642-813 - Campus Network Design Description:	Campus Network Design Term: What are the three layers of the Cisco three-layer Heirarchal model? Definition: Access, DIstribution, Core. |—————————————————————————————————————————————————————————————————————————————| |<<<<<<<<<<<<<< ==== Tarefas ==== >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -- (Fonte: http://www.flashcardmachine.com/ccnp-switch-642813campusnetworkdesign.html) Title:		CCNP SWITCH 642-813 - Campus Network Design Description:	Campus Network Design Term: What are some characteristics of the Access layer of the C3LHM? Definition: -Provides end user access to the network -Provides QoS and Multicast support options. -Security through Dynamic Arp Inspection, DHCP snooping, BPDU Guard, port-security, and IP Source Guard. |—————————————————————————————————————————————————————————————————————————————| |<<<<<<<<<<<<<< ==== Tarefas ==== >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -- (Fonte: http://www.flashcardmachine.com/ccnp-switch-642813campusnetworkdesign.html) Title:		CCNP SWITCH 642-813 - Campus Network Design Description:	Campus Network Design Term: What are some characteristics of the Distribution layer of the C3LHM? Definition: -Is the aggregation point for access switches. -Uses routing policies. -Segments workgroups and thier problems from the Core. -Provides availability, QoS, fast path srecovery, and load balancing. |—————————————————————————————————————————————————————————————————————————————| |<<<<<<<<<<<<<< ==== Tarefas ==== >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -- (Fonte: http://www.flashcardmachine.com/ccnp-switch-642813campusnetworkdesign.html) Title:		CCNP SWITCH 642-813 - Campus Network Design Description:	Campus Network Design Term: What are some characteristics of the Core layer of the C3LHM? Definition: -Backbone that provides high-speed layer 3 links between Distribution layers and other network segments. -no other policies, like ACLs or filters, should be used that will slow traffic down. |—————————————————————————————————————————————————————————————————————————————| |<<<<<<<<<<<<<< ==== Tarefas ==== >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -- (Fonte: http://www.flashcardmachine.com/ccnp-switch-642813campusnetworkdesign.html) Title:		CCNP SWITCH 642-813 - Campus Network Design Description:	Campus Network Design Term: What are the three layers of the Data Center Model? Definition: Core, Aggregation, Access. |—————————————————————————————————————————————————————————————————————————————| |<<<<<<<<<<<<<< ==== Tarefas ==== >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -- (Fonte: http://www.flashcardmachine.com/ccnp-switch-642813campusnetworkdesign.html) Title:		CCNP SWITCH 642-813 - Campus Network Design Description:	Campus Network Design Term: While the Core and Access layers of the Data Center Model are very similar to the C3LHM, what Characterises the Aggregation layer? Definition: -Server load balancing. -content switching -SSL off-load -and security through firewalls and IPS. |—————————————————————————————————————————————————————————————————————————————| |<<<<<<<<<<<<<< ==== Tarefas ==== >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -- |—————————————————————————————————————————————————————————————————————————————| |<<<<<<<<<<<<<< ==== Tarefas ==== >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> <Tarefas |##########^ Tarefas #########################################################| >Equipamentos Tags: Equipamentos |<<<<<<<<<<<<<< ==== Equipamentos ==== >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> http://www.costcentral.com/proddetail/Cisco_Nexus_5596UP/N5KC5596UPFA/11316583/ <Equipamentos |##########^ Equipamentos ####################################################| Pino oito Problema no Core Nexus ROUTER01901# show logging | include "2012 Apr 13" 2012 Apr 13 17:18:09 ROUTER01901 %ETHPORT-5-IF_DOWN_LINK_FAILURE: Interface Ethernet2/9 is down (Link failure) 2012 Apr 13 17:18:15 ROUTER01901 %ETHPORT-5-SPEED: Interface Ethernet2/9, operational speed changed to 1 Gbps 2012 Apr 13 17:18:15 ROUTER01901 %ETHPORT-5-IF_DUPLEX: Interface Ethernet2/9, operational duplex mode changed to Full 2012 Apr 13 17:18:15 ROUTER01901 %ETHPORT-5-IF_RX_FLOW_CONTROL: Interface Ethernet2/9, operational Receive Flow Control s tate changed to off 2012 Apr 13 17:18:15 ROUTER01901 %ETHPORT-5-IF_TX_FLOW_CONTROL: Interface Ethernet2/9, operational Transmit Flow Control state changed to off 2012 Apr 13 17:18:15 ROUTER01901 %ETHPORT-5-IF_UP: Interface Ethernet2/9 is up in mode monitor 2012 Apr 13 17:18:24 ROUTER01901 %ETHPORT-5-IF_DOWN_LINK_FAILURE: Interface Ethernet2/9 is down (Link failure) 2012 Apr 13 17:18:27 ROUTER01901 %ETHPORT-5-SPEED: Interface Ethernet2/9, operational speed changed to 1 Gbps 2012 Apr 13 17:18:27 ROUTER01901 %ETHPORT-5-IF_DUPLEX: Interface Ethernet2/9, operational duplex mode changed to Full 2012 Apr 13 17:18:27 ROUTER01901 %ETHPORT-5-IF_RX_FLOW_CONTROL: Interface Ethernet2/9, operational Receive Flow Control s tate changed to off 2012 Apr 13 17:18:27 ROUTER01901 %ETHPORT-5-IF_TX_FLOW_CONTROL: Interface Ethernet2/9, operational Transmit Flow Control state changed to off 2012 Apr 13 17:18:27 ROUTER01901 %ETHPORT-5-IF_UP: Interface Ethernet2/9 is up in mode monitor 2012 Apr 13 17:19:24 ROUTER01901 %ETHPORT-5-IF_DOWN_LINK_FAILURE: Interface Ethernet8/42 is down (Link failure) 2012 Apr 13 17:19:45 ROUTER01901 %ETHPORT-5-SPEED: Interface Ethernet8/42, operational speed changed to 1 Gbps 2012 Apr 13 17:19:45 ROUTER01901 %ETHPORT-5-IF_DUPLEX: Interface Ethernet8/42, operational duplex mode changed to Full 2012 Apr 13 17:19:45 ROUTER01901 %ETHPORT-5-IF_RX_FLOW_CONTROL: Interface Ethernet8/42, operational Receive Flow Control state changed to off 2012 Apr 13 17:19:45 ROUTER01901 %ETHPORT-5-IF_TX_FLOW_CONTROL: Interface Ethernet8/42, operational Transmit Flow Control state changed to off 2012 Apr 13 17:19:45 ROUTER01901 %ETHPORT-5-IF_UP: Interface Ethernet8/42 is up in mode monitor 2012 Apr 13 23:57:40 ROUTER01901 %ETHPORT-5-IF_DOWN_LINK_FAILURE: Interface Ethernet1/3 is down (Link failure) 2012 Apr 13 23:57:40 ROUTER01901 %ETHPORT-5-IF_DOWN_LINK_FAILURE: Interface Ethernet1/5 is down (Link failure) 2012 Apr 13 23:57:40 ROUTER01901 %ETHPORT-5-IF_DOWN_LINK_FAILURE: Interface Ethernet1/7 is down (Link failure) 2012 Apr 13 23:57:41 ROUTER01901 %ETHPORT-5-IF_DOWN_LINK_FAILURE: Interface Ethernet1/12 is down (Link failure) 2012 Apr 13 23:57:41 ROUTER01901 %ETHPORT-5-IF_DOWN_LINK_FAILURE: Interface Ethernet1/19 is down (Link failure) 2012 Apr 13 23:57:41 ROUTER01901 %ETHPORT-5-IF_DOWN_LINK_FAILURE: Interface Ethernet1/6 is down (Link failure) 2012 Apr 13 23:57:41 ROUTER01901 %ETHPORT-5-IF_DOWN_LINK_FAILURE: Interface Ethernet1/8 is down (Link failure) 2012 Apr 13 23:57:41 ROUTER01901 %ETHPORT-5-IF_DOWN_LINK_FAILURE: Interface Ethernet1/4 is down (Link failure) 2012 Apr 13 23:57:41 ROUTER01901 %ETHPORT-5-IF_DOWN_LINK_FAILURE: Interface Ethernet1/10 is down (Link failure) 2012 Apr 13 23:57:41 ROUTER01901 %ETHPORT-5-IF_DOWN_LINK_FAILURE: Interface Ethernet1/11 is down (Link failure) 2012 Apr 13 23:57:41 ROUTER01901 %ETHPORT-5-IF_DOWN_LINK_FAILURE: Interface Ethernet1/20 is down (Link failure) 2012 Apr 13 23:57:41 ROUTER01901 %ETHPORT-5-IF_DOWN_LINK_FAILURE: Interface Ethernet1/9 is down (Link failure) 2012 Apr 13 23:57:41 ROUTER01901 %ETHPORT-5-IF_DOWN_LINK_FAILURE: Interface Ethernet1/14 is down (Link failure) 2012 Apr 13 23:57:41 ROUTER01901 %ETHPORT-5-IF_DOWN_LINK_FAILURE: Interface Ethernet1/17 is down (Link failure) ROUTER01901# show logging | include "2012 Apr 14" 2012 Apr 14 00:48:01 ROUTER01901 %PLATFORM-3-EJECTOR_STAT_CHANGED: Ejectors' status in slot 1 has changed, Bottom Ejector is OPEN, Top Ejector is CLOSE 2012 Apr 14 00:48:03 ROUTER01901 %PLATFORM-3-EJECTOR_STAT_CHANGED: Ejectors' status in slot 1 has changed, Bottom Ejector is CLOSE, Top Ejector is CLOSE 2012 Apr 14 00:53:54 ROUTER01901 %ETHPORT-5-IF_DOWN_LINK_FAILURE: Interface Ethernet7/8 is down (Link failure) 2012 Apr 14 00:53:56 ROUTER01901 %ETHPORT-5-SPEED: Interface Ethernet7/8, operational speed changed to 100 Mbps 2012 Apr 14 00:53:56 ROUTER01901 %ETHPORT-5-IF_DUPLEX: Interface Ethernet7/8, operational duplex mode changed to Full 2012 Apr 14 00:53:56 ROUTER01901 %ETHPORT-5-IF_RX_FLOW_CONTROL: Interface Ethernet7/8, operational Receive Flow Control s tate changed to off 2012 Apr 14 00:53:56 ROUTER01901 %ETHPORT-5-IF_TX_FLOW_CONTROL: Interface Ethernet7/8, operational Transmit Flow Control state changed to off 2012 Apr 14 00:53:56 ROUTER01901 %ETHPORT-5-IF_UP: Interface Ethernet7/8 is up in mode access 2012 Apr 14 00:56:00 ROUTER01901 %ETHPORT-5-IF_DOWN_LINK_FAILURE: Interface Ethernet7/9 is down (Link failure) 2012 Apr 14 00:56:02 ROUTER01901 %ETHPORT-5-SPEED: Interface Ethernet7/9, operational speed changed to 100 Mbps 2012 Apr 14 00:56:02 ROUTER01901 %ETHPORT-5-IF_DUPLEX: Interface Ethernet7/9, operational duplex mode changed to Full 2012 Apr 14 00:56:02 ROUTER01901 %ETHPORT-5-IF_RX_FLOW_CONTROL: Interface Ethernet7/9, operational Receive Flow Control s tate changed to off 2012 Apr 14 00:56:02 ROUTER01901 %ETHPORT-5-IF_TX_FLOW_CONTROL: Interface Ethernet7/9, operational Transmit Flow Control state changed to off 2012 Apr 14 00:56:02 ROUTER01901 %ETHPORT-5-IF_UP: Interface Ethernet7/9 is up in mode access 2012 Apr 14 01:00:28 ROUTER01901 %PLATFORM-3-EJECTOR_STAT_CHANGED: Ejectors' status in slot 1 has changed, Bottom Ejector is CLOSE, Top Ejector is OPEN 2012 Apr 14 01:00:30 ROUTER01901 %PLATFORM-3-EJECTOR_STAT_CHANGED: Ejectors' status in slot 1 has changed, Bottom Ejector is CLOSE, Top Ejector is CLOSE 2012 Apr 14 01:04:13 ROUTER01901 %PLATFORM-3-EJECTOR_STAT_CHANGED: Ejectors' status in slot 1 has changed, Bottom Ejector is CLOSE, Top Ejector is OPEN 2012 Apr 14 01:04:15 ROUTER01901 %MODULE-4-MOD_WARNING: Module 1 (serial: JAF1437BQBD) reported warning due to X-bar Inte rface ASIC Error in device 70 (device error 0xc4600248) 2012 Apr 14 01:04:16 ROUTER01901 last message repeated 5 times 2012 Apr 14 01:04:16 ROUTER01901 %CALLHOME-2-EVENT: HARDWARE_REMOVAL 2012 Apr 14 01:04:16 ROUTER01901 %ETHPORT-5-IF_DOWN_INITIALIZING: Interface port-channel101 is down (Initializing) 2012 Apr 14 01:04:16 ROUTER01901 %ETHPORT-5-IF_DOWN_INITIALIZING: Interface port-channel100 is down (Initializing) 2012 Apr 14 01:04:16 ROUTER01901 %ETHPORT-5-IF_DOWN_MODULE_REMOVED: Interface Ethernet1/1 is down (module removed) 2012 Apr 14 01:04:16 ROUTER01901 %ETHPORT-5-IF_DOWN_MODULE_REMOVED: Interface Ethernet1/2 is down (module removed) 2012 Apr 14 01:04:16 ROUTER01901 %ETHPORT-5-IF_DOWN_MODULE_REMOVED: Interface Ethernet1/13 is down (module removed) 2012 Apr 14 01:04:16 ROUTER01901 %ETHPORT-5-IF_DOWN_MODULE_REMOVED: Interface Ethernet1/15 is down (module removed) 2012 Apr 14 01:04:16 ROUTER01901 %ETHPORT-5-IF_DOWN_MODULE_REMOVED: Interface Ethernet1/18 is down (module removed) 2012 Apr 14 01:04:16 ROUTER01901 %ETHPORT-5-IF_DOWN_MODULE_REMOVED: Interface Ethernet1/27 is down (module removed) 2012 Apr 14 01:04:16 ROUTER01901 %ETHPORT-5-IF_DOWN_MODULE_REMOVED: Interface Ethernet1/28 is down (module removed) 2012 Apr 14 01:04:16 ROUTER01901 %PLATFORM-2-MOD_REMOVE: Module 1 removed (Serial number JAF1437BQBD) 2012 Apr 14 01:04:16 ROUTER01901 %ETHPORT-5-IF_DOWN_INTERFACE_REMOVED: Interface Ethernet1/16 is down (Interface removed) 2012 Apr 14 01:04:16 ROUTER01901 %ETHPORT-5-IF_DOWN_INTERFACE_REMOVED: Interface Ethernet1/25 is down (Interface removed) 2012 Apr 14 01:04:16 ROUTER01901 %ETHPORT-5-IF_DOWN_INTERFACE_REMOVED: Interface Ethernet1/26 is down (Interface removed) 2012 Apr 14 01:04:16 ROUTER01901 %ETHPORT-5-IF_DOWN_INTERFACE_REMOVED: Interface Ethernet1/29 is down (Interface removed) 2012 Apr 14 01:04:16 ROUTER01901 %ETHPORT-5-IF_DOWN_INTERFACE_REMOVED: Interface Ethernet1/30 is down (Interface removed) 2012 Apr 14 01:04:16 ROUTER01901 %ETHPORT-5-IF_DOWN_INTERFACE_REMOVED: Interface Ethernet1/31 is down (Interface removed) 2012 Apr 14 01:04:16 ROUTER01901 %ETHPORT-5-IF_DOWN_INTERFACE_REMOVED: Interface Ethernet1/32 is down (Interface removed) 2012 Apr 14 01:04:16 ROUTER01901 %ETHPORT-5-IF_DOWN_INTERFACE_REMOVED: Interface Ethernet1/33 is down (Interface removed) 2012 Apr 14 01:04:16 ROUTER01901 %ETHPORT-5-IF_DOWN_INTERFACE_REMOVED: Interface Ethernet1/34 is down (Interface removed) 2012 Apr 14 01:04:16 ROUTER01901 %ETHPORT-5-IF_DOWN_INTERFACE_REMOVED: Interface Ethernet1/35 is down (Interface removed) 2012 Apr 14 01:04:16 ROUTER01901 %ETHPORT-5-IF_DOWN_INTERFACE_REMOVED: Interface Ethernet1/36 is down (Interface removed) 2012 Apr 14 01:04:16 ROUTER01901 %ETHPORT-5-IF_DOWN_INTERFACE_REMOVED: Interface Ethernet1/37 is down (Interface removed) 2012 Apr 14 01:04:16 ROUTER01901 %ETHPORT-5-IF_DOWN_INTERFACE_REMOVED: Interface Ethernet1/38 is down (Interface removed) 2012 Apr 14 01:04:16 ROUTER01901 %ETHPORT-5-IF_DOWN_INTERFACE_REMOVED: Interface Ethernet1/39 is down (Interface removed) 2012 Apr 14 01:04:16 ROUTER01901 %ETHPORT-5-IF_DOWN_INTERFACE_REMOVED: Interface Ethernet1/40 is down (Interface removed) 2012 Apr 14 01:04:16 ROUTER01901 %ETHPORT-5-IF_DOWN_INTERFACE_REMOVED: Interface Ethernet1/41 is down (Interface removed) 2012 Apr 14 01:04:16 ROUTER01901 %ETHPORT-5-IF_DOWN_INTERFACE_REMOVED: Interface Ethernet1/42 is down (Interface removed) 2012 Apr 14 01:04:16 ROUTER01901 %ETHPORT-5-IF_DOWN_INTERFACE_REMOVED: Interface Ethernet1/43 is down (Interface removed) 2012 Apr 14 01:04:16 ROUTER01901 %ETHPORT-5-IF_DOWN_INTERFACE_REMOVED: Interface Ethernet1/44 is down (Interface removed) 2012 Apr 14 01:04:16 ROUTER01901 %ETHPORT-5-IF_DOWN_INTERFACE_REMOVED: Interface Ethernet1/45 is down (Interface removed) 2012 Apr 14 01:04:16 ROUTER01901 %ETHPORT-5-IF_DOWN_INTERFACE_REMOVED: Interface Ethernet1/46 is down (Interface removed) 2012 Apr 14 01:04:16 ROUTER01901 %ETHPORT-5-IF_DOWN_INTERFACE_REMOVED: Interface Ethernet1/47 is down (Interface removed) 2012 Apr 14 01:04:16 ROUTER01901 %PLATFORM-3-EJECTOR_STAT_CHANGED: Ejectors' status in slot 1 has changed, Top Ejector is OPEN, Bottom Ejector is OPEN 2012 Apr 14 01:04:16 ROUTER01901 %ETHPORT-5-IF_DOWN_INTERFACE_REMOVED: Interface Ethernet1/48 is down (Interface removed) 2012 Apr 14 01:04:16 ROUTER01901 %ETH_PORT_CHANNEL-5-PORT_DOWN: port-channel101: Ethernet1/22 is down 2012 Apr 14 01:04:16 ROUTER01901 %ETH_PORT_CHANNEL-5-PORT_DOWN: port-channel101: Ethernet1/24 is down 2012 Apr 14 01:04:16 ROUTER01901 %ETH_PORT_CHANNEL-5-FOP_CHANGED: port-channel101: first operational port changed from Et hernet1/22 to none 2012 Apr 14 01:04:16 ROUTER01901 %ETH_PORT_CHANNEL-5-PORT_DOWN: port-channel100: Ethernet1/21 is down 2012 Apr 14 01:04:16 ROUTER01901 %ETH_PORT_CHANNEL-5-PORT_DOWN: port-channel100: Ethernet1/23 is down 2012 Apr 14 01:04:16 ROUTER01901 %ETH_PORT_CHANNEL-5-FOP_CHANGED: port-channel100: first operational port changed from Et hernet1/21 to none 2012 Apr 14 01:04:17 ROUTER01901 %ETHPORT-5-IF_DOWN_INTERFACE_REMOVED: Interface Ethernet1/3 is down (Interface removed) 2012 Apr 14 01:04:17 ROUTER01901 %ETHPORT-5-IF_DOWN_INTERFACE_REMOVED: Interface Ethernet1/4 is down (Interface removed) 2012 Apr 14 01:04:17 ROUTER01901 %ETHPORT-5-IF_DOWN_INTERFACE_REMOVED: Interface Ethernet1/5 is down (Interface removed) 2012 Apr 14 01:04:17 ROUTER01901 %ETHPORT-5-IF_DOWN_INTERFACE_REMOVED: Interface Ethernet1/6 is down (Interface removed) 2012 Apr 14 01:04:17 ROUTER01901 %ETHPORT-5-IF_DOWN_INTERFACE_REMOVED: Interface Ethernet1/7 is down (Interface removed) 2012 Apr 14 01:04:17 ROUTER01901 %ETHPORT-5-IF_DOWN_INTERFACE_REMOVED: Interface Ethernet1/8 is down (Interface removed) 2012 Apr 14 01:04:17 ROUTER01901 %ETHPORT-5-IF_DOWN_INTERFACE_REMOVED: Interface Ethernet1/9 is down (Interface removed) 2012 Apr 14 01:04:17 ROUTER01901 %ETHPORT-5-IF_DOWN_INTERFACE_REMOVED: Interface Ethernet1/10 is down (Interface removed) 2012 Apr 14 01:04:17 ROUTER01901 %ETHPORT-5-IF_DOWN_INTERFACE_REMOVED: Interface Ethernet1/11 is down (Interface removed) 2012 Apr 14 01:04:17 ROUTER01901 %ETHPORT-5-IF_DOWN_INTERFACE_REMOVED: Interface Ethernet1/12 is down (Interface removed) 2012 Apr 14 01:04:17 ROUTER01901 %ETHPORT-5-IF_DOWN_INTERFACE_REMOVED: Interface Ethernet1/14 is down (Interface removed) 2012 Apr 14 01:04:17 ROUTER01901 %ETHPORT-5-IF_DOWN_INTERFACE_REMOVED: Interface Ethernet1/17 is down (Interface removed) 2012 Apr 14 01:04:17 ROUTER01901 %ETHPORT-5-IF_DOWN_INTERFACE_REMOVED: Interface Ethernet1/19 is down (Interface removed) 2012 Apr 14 01:04:17 ROUTER01901 %ETHPORT-5-IF_DOWN_INTERFACE_REMOVED: Interface Ethernet1/20 is down (Interface removed) 2012 Apr 14 01:04:17 ROUTER01901 %ETHPORT-5-IF_DOWN_PORT_CHANNEL_MEMBERS_DOWN: Interface port-channel101 is down (No oper ational members) 2012 Apr 14 01:04:17 ROUTER01901 last message repeated 2 times 2012 Apr 14 01:04:17 ROUTER01901 %ETHPORT-5-IF_DOWN_PORT_CHANNEL_MEMBERS_DOWN: Interface port-channel100 is down (No oper ational members) 2012 Apr 14 01:04:17 ROUTER01901 last message repeated 2 times 2012 Apr 14 01:04:17 ROUTER01901 %ETHPORT-5-IF_DOWN_INTERFACE_REMOVED: Interface Ethernet1/2 is down (Interface removed) 2012 Apr 14 01:04:17 ROUTER01901 %ETHPORT-5-IF_DOWN_INTERFACE_REMOVED: Interface Ethernet1/1 is down (Interface removed) 2012 Apr 14 01:04:17 ROUTER01901 %ETHPORT-5-IF_DOWN_INTERFACE_REMOVED: Interface Ethernet1/18 is down (Interface removed) 2012 Apr 14 01:04:17 ROUTER01901 %ETHPORT-5-IF_DOWN_INTERFACE_REMOVED: Interface Ethernet1/13 is down (Interface removed) 2012 Apr 14 01:04:17 ROUTER01901 %ETHPORT-5-IF_DOWN_INTERFACE_REMOVED: Interface Ethernet1/15 is down (Interface removed) 2012 Apr 14 01:04:17 ROUTER01901 %ETHPORT-5-IF_DOWN_INITIALIZING: Interface Ethernet1/22 is down (Initializing) 2012 Apr 14 01:04:17 ROUTER01901 %ETHPORT-5-IF_DOWN_PORT_CHANNEL_MEMBERS_DOWN: Interface port-channel101 is down (No oper ational members) 2012 Apr 14 01:04:17 ROUTER01901 %ETHPORT-5-IF_DOWN_PORT_CHANNEL_MEMBERS_DOWN: Interface port-channel101 is down (No oper ational members) 2012 Apr 14 01:04:17 ROUTER01901 %ETHPORT-5-IF_DOWN_INTERFACE_REMOVED: Interface Ethernet1/27 is down (Interface removed) 2012 Apr 14 01:04:17 ROUTER01901 %ETHPORT-5-IF_DOWN_INITIALIZING: Interface Ethernet1/21 is down (Initializing) 2012 Apr 14 01:04:17 ROUTER01901 %ETHPORT-5-IF_DOWN_PORT_CHANNEL_MEMBERS_DOWN: Interface port-channel100 is down (No oper ational members) 2012 Apr 14 01:04:17 ROUTER01901 %ETHPORT-5-IF_DOWN_PORT_CHANNEL_MEMBERS_DOWN: Interface port-channel100 is down (No oper ational members) 2012 Apr 14 01:04:17 ROUTER01901 %ETHPORT-5-IF_DOWN_INTERFACE_REMOVED: Interface Ethernet1/28 is down (Interface removed) 2012 Apr 14 01:04:17 ROUTER01901 %ETHPORT-5-IF_DOWN_INITIALIZING: Interface Ethernet1/24 is down (Initializing) 2012 Apr 14 01:04:17 ROUTER01901 %ETHPORT-5-IF_DOWN_PORT_CHANNEL_MEMBERS_DOWN: Interface port-channel101 is down (No oper ational members) 2012 Apr 14 01:04:17 ROUTER01901 %ETHPORT-5-IF_DOWN_INITIALIZING: Interface Ethernet1/23 is down (Initializing) 2012 Apr 14 01:04:17 ROUTER01901 %ETHPORT-5-IF_DOWN_PORT_CHANNEL_MEMBERS_DOWN: Interface port-channel100 is down (No oper ational members) 2012 Apr 14 01:04:17 ROUTER01901 %ETHPORT-5-IF_DOWN_INTERFACE_REMOVED: Interface Ethernet1/21 is down (Interface removed) 2012 Apr 14 01:04:17 ROUTER01901 %ETHPORT-5-IF_DOWN_INTERFACE_REMOVED: Interface Ethernet1/22 is down (Interface removed) 2012 Apr 14 01:04:17 ROUTER01901 %ETHPORT-5-IF_DOWN_INTERFACE_REMOVED: Interface Ethernet1/23 is down (Interface removed) 2012 Apr 14 01:04:17 ROUTER01901 %ETHPORT-5-IF_DOWN_INTERFACE_REMOVED: Interface Ethernet1/24 is down (Interface removed) 2012 Apr 14 01:04:19 ROUTER01901 %PLATFORM-3-EJECTOR_STAT_CHANGED: Ejectors' status in slot 1 has changed, Top Ejector is CLOSE, Bottom Ejector is CLOSE 2012 Apr 14 01:04:19 ROUTER01901 %PLATFORM-2-MOD_DETECT: Module 1 detected (Serial number JAF1437BQBD) Module-Type 1000 M bps Optical Ethernet XL Module Model N7K-M148GS-11L 2012 Apr 14 01:04:19 ROUTER01901 %PLATFORM-2-MOD_PWRUP: Module 1 powered up (Serial number JAF1437BQBD) 2012 Apr 14 01:04:19 ROUTER01901 %PLATFORM-5-MOD_STATUS: Module 1 current-status is MOD_STATUS_POWERED_UP 2012 Apr 14 01:06:18 ROUTER01901 %ETHPORT-5-IF_DOWN_NONE: Interface Ethernet1/1 is down (None) 2012 Apr 14 01:06:18 ROUTER01901 %ETHPORT-5-IF_DOWN_NONE: Interface Ethernet1/2 is down (None) 2012 Apr 14 01:06:18 ROUTER01901 %ETHPORT-5-IF_DOWN_NONE: Interface Ethernet1/3 is down (None) 2012 Apr 14 01:06:18 ROUTER01901 %ETHPORT-5-IF_DOWN_NONE: Interface Ethernet1/4 is down (None) 2012 Apr 14 01:06:18 ROUTER01901 %ETHPORT-5-IF_DOWN_NONE: Interface Ethernet1/5 is down (None) 2012 Apr 14 01:06:18 ROUTER01901 %ETHPORT-5-IF_DOWN_NONE: Interface Ethernet1/6 is down (None) 2012 Apr 14 01:06:18 ROUTER01901 %ETHPORT-5-IF_DOWN_NONE: Interface Ethernet1/7 is down (None) 2012 Apr 14 01:06:18 ROUTER01901 %ETHPORT-5-IF_DOWN_NONE: Interface Ethernet1/8 is down (None) 2012 Apr 14 01:06:18 ROUTER01901 %ETHPORT-5-IF_DOWN_NONE: Interface Ethernet1/9 is down (None) 2012 Apr 14 01:06:18 ROUTER01901 %ETHPORT-5-IF_DOWN_NONE: Interface Ethernet1/10 is down (None) 2012 Apr 14 01:06:18 ROUTER01901 %ETHPORT-5-IF_DOWN_NONE: Interface Ethernet1/11 is down (None) 2012 Apr 14 01:06:18 ROUTER01901 %ETHPORT-5-IF_DOWN_NONE: Interface Ethernet1/12 is down (None) 2012 Apr 14 01:06:18 ROUTER01901 %ETHPORT-5-IF_DOWN_NONE: Interface Ethernet1/13 is down (None) 2012 Apr 14 01:06:18 ROUTER01901 %ETHPORT-5-IF_DOWN_NONE: Interface Ethernet1/14 is down (None) 2012 Apr 14 01:06:18 ROUTER01901 %ETHPORT-5-IF_DOWN_NONE: Interface Ethernet1/15 is down (None) 2012 Apr 14 01:06:18 ROUTER01901 %ETHPORT-5-IF_DOWN_NONE: Interface Ethernet1/16 is down (None) 2012 Apr 14 01:06:18 ROUTER01901 %ETHPORT-5-IF_DOWN_NONE: Interface Ethernet1/17 is down (None) 2012 Apr 14 01:06:18 ROUTER01901 %ETHPORT-5-IF_DOWN_NONE: Interface Ethernet1/18 is down (None) 2012 Apr 14 01:06:18 ROUTER01901 %ETHPORT-5-IF_DOWN_NONE: Interface Ethernet1/19 is down (None) 2012 Apr 14 01:06:18 ROUTER01901 %ETHPORT-5-IF_DOWN_NONE: Interface Ethernet1/20 is down (None) 2012 Apr 14 01:06:18 ROUTER01901 %ETHPORT-5-IF_DOWN_NONE: Interface Ethernet1/21 is down (None) 2012 Apr 14 01:06:18 ROUTER01901 %ETHPORT-5-IF_DOWN_NONE: Interface Ethernet1/22 is down (None) 2012 Apr 14 01:06:18 ROUTER01901 %ETHPORT-5-IF_DOWN_NONE: Interface Ethernet1/23 is down (None) 2012 Apr 14 01:06:18 ROUTER01901 %ETHPORT-5-IF_DOWN_NONE: Interface Ethernet1/24 is down (None) 2012 Apr 14 01:06:18 ROUTER01901 %ETHPORT-5-IF_DOWN_NONE: Interface Ethernet1/25 is down (None) 2012 Apr 14 01:06:18 ROUTER01901 %ETHPORT-5-IF_DOWN_NONE: Interface Ethernet1/26 is down (None) 2012 Apr 14 01:06:18 ROUTER01901 %ETHPORT-5-IF_DOWN_NONE: Interface Ethernet1/27 is down (None) 2012 Apr 14 01:06:18 ROUTER01901 %ETHPORT-5-IF_DOWN_NONE: Interface Ethernet1/28 is down (None) 2012 Apr 14 01:06:18 ROUTER01901 %ETHPORT-5-IF_DOWN_NONE: Interface Ethernet1/29 is down (None) 2012 Apr 14 01:06:18 ROUTER01901 %ETHPORT-5-IF_DOWN_NONE: Interface Ethernet1/30 is down (None) 2012 Apr 14 01:06:18 ROUTER01901 %ETHPORT-5-IF_DOWN_NONE: Interface Ethernet1/31 is down (None) 2012 Apr 14 01:06:18 ROUTER01901 %ETHPORT-5-IF_DOWN_NONE: Interface Ethernet1/32 is down (None) 2012 Apr 14 01:06:18 ROUTER01901 %ETHPORT-5-IF_DOWN_NONE: Interface Ethernet1/33 is down (None) 2012 Apr 14 01:06:18 ROUTER01901 %ETHPORT-5-IF_DOWN_NONE: Interface Ethernet1/34 is down (None) 2012 Apr 14 01:06:18 ROUTER01901 %ETHPORT-5-IF_DOWN_NONE: Interface Ethernet1/35 is down (None) 2012 Apr 14 01:06:18 ROUTER01901 %ETHPORT-5-IF_DOWN_NONE: Interface Ethernet1/36 is down (None) 2012 Apr 14 01:06:18 ROUTER01901 %ETHPORT-5-IF_DOWN_NONE: Interface Ethernet1/37 is down (None) 2012 Apr 14 01:06:18 ROUTER01901 %ETHPORT-5-IF_DOWN_NONE: Interface Ethernet1/38 is down (None) 2012 Apr 14 01:06:18 ROUTER01901 %ETHPORT-5-IF_DOWN_NONE: Interface Ethernet1/39 is down (None) 2012 Apr 14 01:06:18 ROUTER01901 %ETHPORT-5-IF_DOWN_NONE: Interface Ethernet1/40 is down (None) 2012 Apr 14 01:06:18 ROUTER01901 %ETHPORT-5-IF_DOWN_NONE: Interface Ethernet1/41 is down (None) 2012 Apr 14 01:06:18 ROUTER01901 %ETHPORT-5-IF_DOWN_NONE: Interface Ethernet1/42 is down (None) 2012 Apr 14 01:06:18 ROUTER01901 %ETHPORT-5-IF_DOWN_NONE: Interface Ethernet1/43 is down (None) 2012 Apr 14 01:06:18 ROUTER01901 %ETHPORT-5-IF_DOWN_NONE: Interface Ethernet1/44 is down (None) 2012 Apr 14 01:06:18 ROUTER01901 %ETHPORT-5-IF_DOWN_NONE: Interface Ethernet1/45 is down (None) 2012 Apr 14 01:06:18 ROUTER01901 %ETHPORT-5-IF_DOWN_NONE: Interface Ethernet1/46 is down (None) 2012 Apr 14 01:06:18 ROUTER01901 %ETHPORT-5-IF_DOWN_NONE: Interface Ethernet1/47 is down (None) 2012 Apr 14 01:06:18 ROUTER01901 %ETHPORT-5-IF_DOWN_NONE: Interface Ethernet1/48 is down (None) 2012 Apr 14 01:06:22 ROUTER01901 %MODULE-5-MOD_OK: Module 1 is online (serial: JAF1437BQBD) 2012 Apr 14 01:06:22 ROUTER01901 %PLATFORM-5-MOD_STATUS: Module 1 current-status is MOD_STATUS_ONLINE/OK 2012 Apr 14 01:06:22 ROUTER01901 %ETHPORT-5-IF_HARDWARE: Interface Ethernet1/1, hardware type changed to 1G 2012 Apr 14 01:06:22 ROUTER01901 %ETHPORT-5-IF_HARDWARE: Interface Ethernet1/2, hardware type changed to 1G 2012 Apr 14 01:06:22 ROUTER01901 %SYSMGR-SLOT1-5-MODULE_ONLINE: System Manager has received notification of local module becoming online. 2012 Apr 14 01:06:22 ROUTER01901 %ETHPORT-5-IF_HARDWARE: Interface Ethernet1/3, hardware type changed to 1G 2012 Apr 14 01:06:22 ROUTER01901 %ETHPORT-5-IF_HARDWARE: Interface Ethernet1/4, hardware type changed to 1G 2012 Apr 14 01:06:22 ROUTER01901 %ETHPORT-5-IF_HARDWARE: Interface Ethernet1/5, hardware type changed to 1G 2012 Apr 14 01:06:22 ROUTER01901 %ETHPORT-5-IF_HARDWARE: Interface Ethernet1/6, hardware type changed to 1G 2012 Apr 14 01:06:22 ROUTER01901 %ETHPORT-5-IF_HARDWARE: Interface Ethernet1/7, hardware type changed to 1G 2012 Apr 14 01:06:22 ROUTER01901 %ETHPORT-5-IF_HARDWARE: Interface Ethernet1/8, hardware type changed to 1G 2012 Apr 14 01:06:22 ROUTER01901 %ETHPORT-5-IF_HARDWARE: Interface Ethernet1/9, hardware type changed to 1G 2012 Apr 14 01:06:23 ROUTER01901 %ETHPORT-5-IF_HARDWARE: Interface Ethernet1/10, hardware type changed to 1G 2012 Apr 14 01:06:23 ROUTER01901 %ETHPORT-5-IF_HARDWARE: Interface Ethernet1/11, hardware type changed to 1G 2012 Apr 14 01:06:23 ROUTER01901 %ETHPORT-5-IF_HARDWARE: Interface Ethernet1/12, hardware type changed to 1G 2012 Apr 14 01:06:23 ROUTER01901 %ETHPORT-5-IF_HARDWARE: Interface Ethernet1/13, hardware type changed to 1G 2012 Apr 14 01:06:23 ROUTER01901 %ETHPORT-5-IF_HARDWARE: Interface Ethernet1/14, hardware type changed to 1G 2012 Apr 14 01:06:23 ROUTER01901 %ETHPORT-5-IF_HARDWARE: Interface Ethernet1/15, hardware type changed to 1G 2012 Apr 14 01:06:23 ROUTER01901 %ETHPORT-5-IF_HARDWARE: Interface Ethernet1/16, hardware type changed to 1G 2012 Apr 14 01:06:23 ROUTER01901 %ETHPORT-5-IF_DOWN_ADMIN_DOWN: Interface Ethernet1/16 is down (Administratively down) 2012 Apr 14 01:06:23 ROUTER01901 %ETHPORT-5-IF_HARDWARE: Interface Ethernet1/17, hardware type changed to 1G 2012 Apr 14 01:06:23 ROUTER01901 %ETHPORT-5-IF_HARDWARE: Interface Ethernet1/18, hardware type changed to 1G 2012 Apr 14 01:06:23 ROUTER01901 %ETHPORT-5-IF_HARDWARE: Interface Ethernet1/19, hardware type changed to 1G 2012 Apr 14 01:06:23 ROUTER01901 %ETHPORT-5-IF_HARDWARE: Interface Ethernet1/20, hardware type changed to 1G 2012 Apr 14 01:06:23 ROUTER01901 %ETHPORT-5-IF_HARDWARE: Interface Ethernet1/21, hardware type changed to 1G 2012 Apr 14 01:06:23 ROUTER01901 %ETHPORT-5-IF_HARDWARE: Interface Ethernet1/22, hardware type changed to 1G 2012 Apr 14 01:06:23 ROUTER01901 %ETHPORT-5-IF_HARDWARE: Interface Ethernet1/23, hardware type changed to 1G 2012 Apr 14 01:06:23 ROUTER01901 %ETHPORT-5-IF_HARDWARE: Interface Ethernet1/24, hardware type changed to 1G 2012 Apr 14 01:06:23 ROUTER01901 %ETHPORT-5-IF_HARDWARE: Interface Ethernet1/25, hardware type changed to 1G 2012 Apr 14 01:06:23 ROUTER01901 %ETHPORT-5-IF_DOWN_ADMIN_DOWN: Interface Ethernet1/25 is down (Administratively down) 2012 Apr 14 01:06:23 ROUTER01901 %ETHPORT-5-IF_HARDWARE: Interface Ethernet1/26, hardware type changed to 1G 2012 Apr 14 01:06:23 ROUTER01901 %ETHPORT-5-IF_DOWN_ADMIN_DOWN: Interface Ethernet1/26 is down (Administratively down) 2012 Apr 14 01:06:23 ROUTER01901 %ETHPORT-5-IF_HARDWARE: Interface Ethernet1/27, hardware type changed to 1G 2012 Apr 14 01:06:23 ROUTER01901 %ETHPORT-5-IF_HARDWARE: Interface Ethernet1/28, hardware type changed to 1G 2012 Apr 14 01:06:23 ROUTER01901 %ETHPORT-5-IF_HARDWARE: Interface Ethernet1/29, hardware type changed to 1G 2012 Apr 14 01:06:23 ROUTER01901 %ETHPORT-5-IF_DOWN_ADMIN_DOWN: Interface Ethernet1/29 is down (Administratively down) 2012 Apr 14 01:06:23 ROUTER01901 %ETHPORT-5-IF_HARDWARE: Interface Ethernet1/30, hardware type changed to 1G 2012 Apr 14 01:06:23 ROUTER01901 %ETHPORT-5-IF_DOWN_ADMIN_DOWN: Interface Ethernet1/30 is down (Administratively down) 2012 Apr 14 01:06:23 ROUTER01901 %ETHPORT-5-IF_HARDWARE: Interface Ethernet1/31, hardware type changed to 1G 2012 Apr 14 01:06:23 ROUTER01901 %ETHPORT-5-IF_DOWN_ADMIN_DOWN: Interface Ethernet1/31 is down (Administratively down) 2012 Apr 14 01:06:23 ROUTER01901 %ETHPORT-5-IF_HARDWARE: Interface Ethernet1/32, hardware type changed to 1G 2012 Apr 14 01:06:23 ROUTER01901 %ETHPORT-5-IF_DOWN_ADMIN_DOWN: Interface Ethernet1/32 is down (Administratively down) 2012 Apr 14 01:06:23 ROUTER01901 %ETHPORT-5-IF_HARDWARE: Interface Ethernet1/33, hardware type changed to 1G 2012 Apr 14 01:06:23 ROUTER01901 %ETHPORT-5-IF_DOWN_ADMIN_DOWN: Interface Ethernet1/33 is down (Administratively down) 2012 Apr 14 01:06:23 ROUTER01901 %ETHPORT-5-IF_HARDWARE: Interface Ethernet1/34, hardware type changed to 1G 2012 Apr 14 01:06:23 ROUTER01901 %ETHPORT-5-IF_DOWN_ADMIN_DOWN: Interface Ethernet1/34 is down (Administratively down) 2012 Apr 14 01:06:23 ROUTER01901 %ETHPORT-5-IF_HARDWARE: Interface Ethernet1/35, hardware type changed to 1G 2012 Apr 14 01:06:23 ROUTER01901 %ETHPORT-5-IF_DOWN_ADMIN_DOWN: Interface Ethernet1/35 is down (Administratively down) 2012 Apr 14 01:06:23 ROUTER01901 %ETHPORT-5-IF_HARDWARE: Interface Ethernet1/36, hardware type changed to 1G 2012 Apr 14 01:06:23 ROUTER01901 %ETHPORT-5-IF_DOWN_ADMIN_DOWN: Interface Ethernet1/36 is down (Administratively down) 2012 Apr 14 01:06:23 ROUTER01901 %ETHPORT-5-IF_HARDWARE: Interface Ethernet1/37, hardware type changed to 1G 2012 Apr 14 01:06:23 ROUTER01901 %ETHPORT-5-IF_DOWN_ADMIN_DOWN: Interface Ethernet1/37 is down (Administratively down) 2012 Apr 14 01:06:23 ROUTER01901 %ETHPORT-5-IF_HARDWARE: Interface Ethernet1/38, hardware type changed to 1G 2012 Apr 14 01:06:23 ROUTER01901 %ETHPORT-5-IF_DOWN_ADMIN_DOWN: Interface Ethernet1/38 is down (Administratively down) 2012 Apr 14 01:06:23 ROUTER01901 %ETHPORT-5-IF_HARDWARE: Interface Ethernet1/39, hardware type changed to 1G 2012 Apr 14 01:06:23 ROUTER01901 %ETHPORT-5-IF_DOWN_ADMIN_DOWN: Interface Ethernet1/39 is down (Administratively down) 2012 Apr 14 01:06:24 ROUTER01901 %ETHPORT-5-IF_HARDWARE: Interface Ethernet1/40, hardware type changed to 1G 2012 Apr 14 01:06:24 ROUTER01901 %ETHPORT-5-IF_DOWN_ADMIN_DOWN: Interface Ethernet1/40 is down (Administratively down) 2012 Apr 14 01:06:24 ROUTER01901 %ETHPORT-5-IF_HARDWARE: Interface Ethernet1/41, hardware type changed to 1G 2012 Apr 14 01:06:24 ROUTER01901 %ETHPORT-5-IF_DOWN_ADMIN_DOWN: Interface Ethernet1/41 is down (Administratively down) 2012 Apr 14 01:06:24 ROUTER01901 %ETHPORT-5-IF_HARDWARE: Interface Ethernet1/42, hardware type changed to 1G 2012 Apr 14 01:06:24 ROUTER01901 %ETHPORT-5-IF_DOWN_ADMIN_DOWN: Interface Ethernet1/42 is down (Administratively down) 2012 Apr 14 01:06:24 ROUTER01901 %ETHPORT-5-IF_HARDWARE: Interface Ethernet1/43, hardware type changed to 1G 2012 Apr 14 01:06:24 ROUTER01901 %ETHPORT-5-IF_DOWN_ADMIN_DOWN: Interface Ethernet1/43 is down (Administratively down) 2012 Apr 14 01:06:24 ROUTER01901 %ETHPORT-5-IF_HARDWARE: Interface Ethernet1/44, hardware type changed to 1G 2012 Apr 14 01:06:24 ROUTER01901 %ETHPORT-5-IF_DOWN_ADMIN_DOWN: Interface Ethernet1/44 is down (Administratively down) 2012 Apr 14 01:06:24 ROUTER01901 %ETHPORT-5-IF_HARDWARE: Interface Ethernet1/45, hardware type changed to 1G 2012 Apr 14 01:06:24 ROUTER01901 %ETHPORT-5-IF_DOWN_ADMIN_DOWN: Interface Ethernet1/45 is down (Administratively down) 2012 Apr 14 01:06:24 ROUTER01901 %ETHPORT-5-IF_HARDWARE: Interface Ethernet1/46, hardware type changed to 1G 2012 Apr 14 01:06:24 ROUTER01901 %ETHPORT-5-IF_DOWN_ADMIN_DOWN: Interface Ethernet1/46 is down (Administratively down) 2012 Apr 14 01:06:24 ROUTER01901 %ETHPORT-5-IF_HARDWARE: Interface Ethernet1/47, hardware type changed to 1G 2012 Apr 14 01:06:24 ROUTER01901 %ETHPORT-5-IF_DOWN_ADMIN_DOWN: Interface Ethernet1/47 is down (Administratively down) 2012 Apr 14 01:06:24 ROUTER01901 %ETHPORT-5-IF_HARDWARE: Interface Ethernet1/48, hardware type changed to 1G 2012 Apr 14 01:06:24 ROUTER01901 %ETHPORT-5-IF_DOWN_ADMIN_DOWN: Interface Ethernet1/48 is down (Administratively down) 2012 Apr 14 01:06:24 ROUTER01901 %ETHPORT-5-SPEED: Interface Ethernet1/1, operational speed changed to 1 Gbps 2012 Apr 14 01:06:24 ROUTER01901 %ETHPORT-5-IF_DUPLEX: Interface Ethernet1/1, operational duplex mode changed to Full 2012 Apr 14 01:06:24 ROUTER01901 %ETHPORT-5-IF_RX_FLOW_CONTROL: Interface Ethernet1/1, operational Receive Flow Control s tate changed to off 2012 Apr 14 01:06:24 ROUTER01901 %ETHPORT-5-IF_TX_FLOW_CONTROL: Interface Ethernet1/1, operational Transmit Flow Control state changed to off 2012 Apr 14 01:06:24 ROUTER01901 %ETHPORT-5-IF_UP: Interface Ethernet1/1 is up in mode access 2012 Apr 14 01:06:24 ROUTER01901 %ETHPORT-5-SPEED: Interface Ethernet1/2, operational speed changed to 1 Gbps 2012 Apr 14 01:06:24 ROUTER01901 %ETHPORT-5-IF_DUPLEX: Interface Ethernet1/2, operational duplex mode changed to Full 2012 Apr 14 01:06:24 ROUTER01901 %ETHPORT-5-IF_RX_FLOW_CONTROL: Interface Ethernet1/2, operational Receive Flow Control s tate changed to off 2012 Apr 14 01:06:24 ROUTER01901 %ETHPORT-5-IF_TX_FLOW_CONTROL: Interface Ethernet1/2, operational Transmit Flow Control state changed to off 2012 Apr 14 01:06:24 ROUTER01901 %ETHPORT-5-IF_UP: Interface Ethernet1/2 is up in mode trunk 2012 Apr 14 01:06:24 ROUTER01901 %ETHPORT-5-SPEED: Interface Ethernet1/13, operational speed changed to 1 Gbps 2012 Apr 14 01:06:24 ROUTER01901 %ETHPORT-5-IF_DUPLEX: Interface Ethernet1/13, operational duplex mode changed to Full 2012 Apr 14 01:06:24 ROUTER01901 %ETHPORT-5-IF_RX_FLOW_CONTROL: Interface Ethernet1/13, operational Receive Flow Control state changed to off 2012 Apr 14 01:06:24 ROUTER01901 %ETHPORT-5-IF_TX_FLOW_CONTROL: Interface Ethernet1/13, operational Transmit Flow Control state changed to off 2012 Apr 14 01:06:24 ROUTER01901 %ETHPORT-5-IF_UP: Interface Ethernet1/13 is up in mode trunk 2012 Apr 14 01:06:25 ROUTER01901 %ETHPORT-5-SPEED: Interface Ethernet1/15, operational speed changed to 1 Gbps 2012 Apr 14 01:06:25 ROUTER01901 %ETHPORT-5-IF_DUPLEX: Interface Ethernet1/15, operational duplex mode changed to Full 2012 Apr 14 01:06:25 ROUTER01901 %ETHPORT-5-IF_RX_FLOW_CONTROL: Interface Ethernet1/15, operational Receive Flow Control state changed to off 2012 Apr 14 01:06:25 ROUTER01901 %ETHPORT-5-IF_TX_FLOW_CONTROL: Interface Ethernet1/15, operational Transmit Flow Control state changed to off 2012 Apr 14 01:06:25 ROUTER01901 %ETHPORT-5-IF_UP: Interface Ethernet1/15 is up in mode trunk 2012 Apr 14 01:06:25 ROUTER01901 %ETHPORT-5-SPEED: Interface Ethernet1/18, operational speed changed to 1 Gbps 2012 Apr 14 01:06:25 ROUTER01901 %ETHPORT-5-IF_DUPLEX: Interface Ethernet1/18, operational duplex mode changed to Full 2012 Apr 14 01:06:25 ROUTER01901 %ETHPORT-5-IF_RX_FLOW_CONTROL: Interface Ethernet1/18, operational Receive Flow Control state changed to off 2012 Apr 14 01:06:25 ROUTER01901 %ETHPORT-5-IF_TX_FLOW_CONTROL: Interface Ethernet1/18, operational Transmit Flow Control state changed to off 2012 Apr 14 01:06:25 ROUTER01901 %ETHPORT-5-IF_UP: Interface Ethernet1/18 is up in mode access 2012 Apr 14 01:06:25 ROUTER01901 %ETHPORT-5-SPEED: Interface Ethernet1/21, operational speed changed to 1 Gbps 2012 Apr 14 01:06:25 ROUTER01901 %ETHPORT-5-IF_DUPLEX: Interface Ethernet1/21, operational duplex mode changed to Full 2012 Apr 14 01:06:25 ROUTER01901 %ETHPORT-5-IF_RX_FLOW_CONTROL: Interface Ethernet1/21, operational Receive Flow Control state changed to off 2012 Apr 14 01:06:25 ROUTER01901 %ETHPORT-5-IF_TX_FLOW_CONTROL: Interface Ethernet1/21, operational Transmit Flow Control state changed to off 2012 Apr 14 01:06:25 ROUTER01901 %ETHPORT-5-SPEED: Interface port-channel100, operational speed changed to 1 Gbps 2012 Apr 14 01:06:25 ROUTER01901 %ETHPORT-5-IF_DUPLEX: Interface port-channel100, operational duplex mode changed to Full 2012 Apr 14 01:06:25 ROUTER01901 %ETHPORT-5-IF_RX_FLOW_CONTROL: Interface port-channel100, operational Receive Flow Contr ol state changed to off 2012 Apr 14 01:06:25 ROUTER01901 %ETHPORT-5-IF_TX_FLOW_CONTROL: Interface port-channel100, operational Transmit Flow Cont rol state changed to off 2012 Apr 14 01:06:25 ROUTER01901 %ETHPORT-5-SPEED: Interface Ethernet1/22, operational speed changed to 1 Gbps 2012 Apr 14 01:06:25 ROUTER01901 %ETHPORT-5-IF_DUPLEX: Interface Ethernet1/22, operational duplex mode changed to Full 2012 Apr 14 01:06:25 ROUTER01901 %ETHPORT-5-IF_RX_FLOW_CONTROL: Interface Ethernet1/22, operational Receive Flow Control state changed to off 2012 Apr 14 01:06:25 ROUTER01901 %ETHPORT-5-IF_TX_FLOW_CONTROL: Interface Ethernet1/22, operational Transmit Flow Control state changed to off 2012 Apr 14 01:06:25 ROUTER01901 %ETHPORT-5-SPEED: Interface port-channel101, operational speed changed to 1 Gbps 2012 Apr 14 01:06:25 ROUTER01901 %ETHPORT-5-IF_DUPLEX: Interface port-channel101, operational duplex mode changed to Full 2012 Apr 14 01:06:25 ROUTER01901 %ETHPORT-5-IF_RX_FLOW_CONTROL: Interface port-channel101, operational Receive Flow Contr ol state changed to off 2012 Apr 14 01:06:25 ROUTER01901 %ETHPORT-5-IF_TX_FLOW_CONTROL: Interface port-channel101, operational Transmit Flow Cont rol state changed to off 2012 Apr 14 01:06:25 ROUTER01901 %ETHPORT-5-SPEED: Interface Ethernet1/23, operational speed changed to 1 Gbps 2012 Apr 14 01:06:25 ROUTER01901 %ETHPORT-5-IF_DUPLEX: Interface Ethernet1/23, operational duplex mode changed to Full 2012 Apr 14 01:06:25 ROUTER01901 %ETHPORT-5-IF_RX_FLOW_CONTROL: Interface Ethernet1/23, operational Receive Flow Control state changed to off 2012 Apr 14 01:06:25 ROUTER01901 %ETHPORT-5-IF_TX_FLOW_CONTROL: Interface Ethernet1/23, operational Transmit Flow Control state changed to off 2012 Apr 14 01:06:25 ROUTER01901 %ETHPORT-5-SPEED: Interface port-channel100, operational speed changed to 1 Gbps 2012 Apr 14 01:06:25 ROUTER01901 %ETHPORT-5-IF_DUPLEX: Interface port-channel100, operational duplex mode changed to Full 2012 Apr 14 01:06:25 ROUTER01901 %ETHPORT-5-IF_RX_FLOW_CONTROL: Interface port-channel100, operational Receive Flow Contr ol state changed to off 2012 Apr 14 01:06:25 ROUTER01901 %ETHPORT-5-IF_TX_FLOW_CONTROL: Interface port-channel100, operational Transmit Flow Cont rol state changed to off 2012 Apr 14 01:06:25 ROUTER01901 %ETHPORT-5-SPEED: Interface Ethernet1/24, operational speed changed to 1 Gbps 2012 Apr 14 01:06:25 ROUTER01901 %ETHPORT-5-IF_DUPLEX: Interface Ethernet1/24, operational duplex mode changed to Full 2012 Apr 14 01:06:25 ROUTER01901 %ETHPORT-5-IF_RX_FLOW_CONTROL: Interface Ethernet1/24, operational Receive Flow Control state changed to off 2012 Apr 14 01:06:25 ROUTER01901 %ETHPORT-5-IF_TX_FLOW_CONTROL: Interface Ethernet1/24, operational Transmit Flow Control state changed to off 2012 Apr 14 01:06:25 ROUTER01901 %ETHPORT-5-SPEED: Interface Ethernet1/27, operational speed changed to 1 Gbps 2012 Apr 14 01:06:25 ROUTER01901 %ETHPORT-5-IF_DUPLEX: Interface Ethernet1/27, operational duplex mode changed to Full 2012 Apr 14 01:06:25 ROUTER01901 %ETHPORT-5-IF_RX_FLOW_CONTROL: Interface Ethernet1/27, operational Receive Flow Control state changed to off 2012 Apr 14 01:06:25 ROUTER01901 %ETHPORT-5-IF_TX_FLOW_CONTROL: Interface Ethernet1/27, operational Transmit Flow Control state changed to off 2012 Apr 14 01:06:25 ROUTER01901 %ETHPORT-5-SPEED: Interface port-channel101, operational speed changed to 1 Gbps 2012 Apr 14 01:06:25 ROUTER01901 %ETHPORT-5-IF_DUPLEX: Interface port-channel101, operational duplex mode changed to Full 2012 Apr 14 01:06:25 ROUTER01901 %ETHPORT-5-IF_RX_FLOW_CONTROL: Interface port-channel101, operational Receive Flow Contr ol state changed to off 2012 Apr 14 01:06:25 ROUTER01901 %ETHPORT-5-IF_TX_FLOW_CONTROL: Interface port-channel101, operational Transmit Flow Cont rol state changed to off 2012 Apr 14 01:06:25 ROUTER01901 %ETHPORT-5-SPEED: Interface Ethernet1/28, operational speed changed to 1 Gbps 2012 Apr 14 01:06:25 ROUTER01901 %ETHPORT-5-IF_DUPLEX: Interface Ethernet1/28, operational duplex mode changed to Full 2012 Apr 14 01:06:25 ROUTER01901 %ETHPORT-5-IF_RX_FLOW_CONTROL: Interface Ethernet1/28, operational Receive Flow Control state changed to off 2012 Apr 14 01:06:25 ROUTER01901 %ETHPORT-5-IF_TX_FLOW_CONTROL: Interface Ethernet1/28, operational Transmit Flow Control state changed to off 2012 Apr 14 01:06:25 ROUTER01901 %ETH_PORT_CHANNEL-5-PORT_UP: port-channel100: Ethernet1/21 is up 2012 Apr 14 01:06:25 ROUTER01901 %ETH_PORT_CHANNEL-5-FOP_CHANGED: port-channel100: first operational port changed from no ne to Ethernet1/21 2012 Apr 14 01:06:26 ROUTER01901 %ETH_PORT_CHANNEL-5-PORT_UP: port-channel101: Ethernet1/22 is up 2012 Apr 14 01:06:26 ROUTER01901 %ETH_PORT_CHANNEL-5-FOP_CHANGED: port-channel101: first operational port changed from no ne to Ethernet1/22 2012 Apr 14 01:06:27 ROUTER01901 %ETH_PORT_CHANNEL-5-PORT_UP: port-channel100: Ethernet1/23 is up 2012 Apr 14 01:06:27 ROUTER01901 %ETHPORT-5-IF_UP: Interface Ethernet1/21 is up in mode access 2012 Apr 14 01:06:27 ROUTER01901 %ETHPORT-5-IF_UP: Interface port-channel100 is up in mode access 2012 Apr 14 01:06:27 ROUTER01901 %ETHPORT-5-IF_UP: Interface Ethernet1/23 is up in mode access 2012 Apr 14 01:06:27 ROUTER01901 %ETHPORT-5-IF_UP: Interface Ethernet1/27 is up in mode trunk 2012 Apr 14 01:06:27 ROUTER01901 %ETHPORT-5-IF_UP: Interface Ethernet1/28 is up in mode trunk 2012 Apr 14 01:06:27 ROUTER01901 %ETH_PORT_CHANNEL-5-PORT_UP: port-channel101: Ethernet1/24 is up 2012 Apr 14 01:06:27 ROUTER01901 %ETHPORT-5-IF_UP: Interface Ethernet1/22 is up in mode access 2012 Apr 14 01:06:27 ROUTER01901 %ETHPORT-5-IF_UP: Interface port-channel101 is up in mode access 2012 Apr 14 01:06:27 ROUTER01901 %ETHPORT-5-IF_UP: Interface Ethernet1/24 is up in mode access 2012 Apr 14 01:08:10 ROUTER01901 %BIOS_DAEMON-SLOT1-5-BIOS_DAEMON_LC_PRI_BOOT: System booted from Primary BIOS Flash 2012 Apr 14 01:33:32 ROUTER01901 %ETHPORT-5-SPEED: Interface Ethernet1/17, operational speed changed to 1 Gbps 2012 Apr 14 01:33:32 ROUTER01901 %ETHPORT-5-IF_DUPLEX: Interface Ethernet1/17, operational duplex mode changed to Full 2012 Apr 14 01:33:32 ROUTER01901 %ETHPORT-5-IF_RX_FLOW_CONTROL: Interface Ethernet1/17, operational Receive Flow Control state changed to off 2012 Apr 14 01:33:32 ROUTER01901 %ETHPORT-5-IF_TX_FLOW_CONTROL: Interface Ethernet1/17, operational Transmit Flow Control state changed to off 2012 Apr 14 01:33:33 ROUTER01901 %ETHPORT-5-IF_UP: Interface Ethernet1/17 is up in mode trunk 2012 Apr 14 01:33:37 ROUTER01901 %ETHPORT-5-IF_DOWN_LINK_FAILURE: Interface Ethernet1/17 is down (Link failure) 2012 Apr 14 01:33:56 ROUTER01901 %ETHPORT-5-SPEED: Interface Ethernet1/17, operational speed changed to 1 Gbps 2012 Apr 14 01:33:56 ROUTER01901 %ETHPORT-5-IF_DUPLEX: Interface Ethernet1/17, operational duplex mode changed to Full 2012 Apr 14 01:33:56 ROUTER01901 %ETHPORT-5-IF_RX_FLOW_CONTROL: Interface Ethernet1/17, operational Receive Flow Control state changed to off 2012 Apr 14 01:33:56 ROUTER01901 %ETHPORT-5-IF_TX_FLOW_CONTROL: Interface Ethernet1/17, operational Transmit Flow Control state changed to off 2012 Apr 14 01:33:57 ROUTER01901 %ETHPORT-5-IF_UP: Interface Ethernet1/17 is up in mode trunk 2012 Apr 14 01:33:57 ROUTER01901 %ETHPORT-5-IF_DOWN_LINK_FAILURE: Interface Ethernet1/17 is down (Link failure) 2012 Apr 14 01:33:58 ROUTER01901 %ETHPORT-5-SPEED: Interface Ethernet1/17, operational speed changed to 1 Gbps 2012 Apr 14 01:33:58 ROUTER01901 %ETHPORT-5-IF_DUPLEX: Interface Ethernet1/17, operational duplex mode changed to Full 2012 Apr 14 01:33:58 ROUTER01901 %ETHPORT-5-IF_RX_FLOW_CONTROL: Interface Ethernet1/17, operational Receive Flow Control state changed to off 2012 Apr 14 01:33:58 ROUTER01901 %ETHPORT-5-IF_TX_FLOW_CONTROL: Interface Ethernet1/17, operational Transmit Flow Control state changed to off 2012 Apr 14 01:33:59 ROUTER01901 %ETHPORT-5-IF_UP: Interface Ethernet1/17 is up in mode trunk 2012 Apr 14 01:34:03 ROUTER01901 %ETHPORT-5-IF_DOWN_LINK_FAILURE: Interface Ethernet1/17 is down (Link failure) 2012 Apr 14 01:34:23 ROUTER01901 %ETHPORT-5-SPEED: Interface Ethernet1/17, operational speed changed to 1 Gbps 2012 Apr 14 01:34:23 ROUTER01901 %ETHPORT-5-IF_DUPLEX: Interface Ethernet1/17, operational duplex mode changed to Full 2012 Apr 14 01:34:23 ROUTER01901 %ETHPORT-5-IF_RX_FLOW_CONTROL: Interface Ethernet1/17, operational Receive Flow Control state changed to off 2012 Apr 14 01:34:23 ROUTER01901 %ETHPORT-5-IF_TX_FLOW_CONTROL: Interface Ethernet1/17, operational Transmit Flow Control state changed to off 2012 Apr 14 01:34:23 ROUTER01901 %ETHPORT-5-IF_UP: Interface Ethernet1/17 is up in mode trunk 2012 Apr 14 01:37:48 ROUTER01901 %ETHPORT-5-SPEED: Interface Ethernet1/3, operational speed changed to 1 Gbps 2012 Apr 14 01:37:48 ROUTER01901 %ETHPORT-5-IF_DUPLEX: Interface Ethernet1/3, operational duplex mode changed to Full 2012 Apr 14 01:37:48 ROUTER01901 %ETHPORT-5-IF_RX_FLOW_CONTROL: Interface Ethernet1/3, operational Receive Flow Control s tate changed to off 2012 Apr 14 01:37:48 ROUTER01901 %ETHPORT-5-IF_TX_FLOW_CONTROL: Interface Ethernet1/3, operational Transmit Flow Control state changed to off 2012 Apr 14 01:37:48 ROUTER01901 %ETHPORT-5-IF_UP: Interface Ethernet1/3 is up in mode trunk 2012 Apr 14 01:37:52 ROUTER01901 %ETHPORT-5-SPEED: Interface Ethernet1/20, operational speed changed to 1 Gbps 2012 Apr 14 01:37:52 ROUTER01901 %ETHPORT-5-IF_DUPLEX: Interface Ethernet1/20, operational duplex mode changed to Full 2012 Apr 14 01:37:52 ROUTER01901 %ETHPORT-5-IF_RX_FLOW_CONTROL: Interface Ethernet1/20, operational Receive Flow Control state changed to off 2012 Apr 14 01:37:52 ROUTER01901 %ETHPORT-5-IF_TX_FLOW_CONTROL: Interface Ethernet1/20, operational Transmit Flow Control state changed to off 2012 Apr 14 01:37:52 ROUTER01901 %ETHPORT-5-IF_UP: Interface Ethernet1/20 is up in mode trunk 2012 Apr 14 01:37:54 ROUTER01901 %ETHPORT-5-SPEED: Interface Ethernet1/11, operational speed changed to 1 Gbps 2012 Apr 14 01:37:54 ROUTER01901 %ETHPORT-5-IF_DUPLEX: Interface Ethernet1/11, operational duplex mode changed to Full 2012 Apr 14 01:37:54 ROUTER01901 %ETHPORT-5-IF_RX_FLOW_CONTROL: Interface Ethernet1/11, operational Receive Flow Control state changed to off 2012 Apr 14 01:37:54 ROUTER01901 %ETHPORT-5-IF_TX_FLOW_CONTROL: Interface Ethernet1/11, operational Transmit Flow Control state changed to off 2012 Apr 14 01:37:54 ROUTER01901 %ETHPORT-5-SPEED: Interface Ethernet1/8, operational speed changed to 1 Gbps 2012 Apr 14 01:37:54 ROUTER01901 %ETHPORT-5-IF_DUPLEX: Interface Ethernet1/8, operational duplex mode changed to Full 2012 Apr 14 01:37:54 ROUTER01901 %ETHPORT-5-IF_RX_FLOW_CONTROL: Interface Ethernet1/8, operational Receive Flow Control s tate changed to off 2012 Apr 14 01:37:54 ROUTER01901 %ETHPORT-5-IF_TX_FLOW_CONTROL: Interface Ethernet1/8, operational Transmit Flow Control state changed to off 2012 Apr 14 01:37:54 ROUTER01901 %ETHPORT-5-IF_UP: Interface Ethernet1/11 is up in mode trunk 2012 Apr 14 01:37:54 ROUTER01901 %ETHPORT-5-IF_UP: Interface Ethernet1/8 is up in mode trunk 2012 Apr 14 01:37:56 ROUTER01901 %ETHPORT-5-SPEED: Interface Ethernet1/12, operational speed changed to 1 Gbps 2012 Apr 14 01:37:56 ROUTER01901 %ETHPORT-5-IF_DUPLEX: Interface Ethernet1/12, operational duplex mode changed to Full 2012 Apr 14 01:37:56 ROUTER01901 %ETHPORT-5-IF_RX_FLOW_CONTROL: Interface Ethernet1/12, operational Receive Flow Control state changed to off 2012 Apr 14 01:37:56 ROUTER01901 %ETHPORT-5-IF_TX_FLOW_CONTROL: Interface Ethernet1/12, operational Transmit Flow Control state changed to off 2012 Apr 14 01:37:56 ROUTER01901 %ETHPORT-5-IF_UP: Interface Ethernet1/12 is up in mode trunk 2012 Apr 14 01:38:01 ROUTER01901 %ETHPORT-5-SPEED: Interface Ethernet1/10, operational speed changed to 1 Gbps 2012 Apr 14 01:38:01 ROUTER01901 %ETHPORT-5-IF_DUPLEX: Interface Ethernet1/10, operational duplex mode changed to Full 2012 Apr 14 01:38:01 ROUTER01901 %ETHPORT-5-IF_RX_FLOW_CONTROL: Interface Ethernet1/10, operational Receive Flow Control state changed to off 2012 Apr 14 01:38:01 ROUTER01901 %ETHPORT-5-IF_TX_FLOW_CONTROL: Interface Ethernet1/10, operational Transmit Flow Control state changed to off 2012 Apr 14 01:38:02 ROUTER01901 %ETHPORT-5-IF_UP: Interface Ethernet1/10 is up in mode trunk 2012 Apr 14 01:38:03 ROUTER01901 %ETHPORT-5-SPEED: Interface Ethernet1/19, operational speed changed to 1 Gbps 2012 Apr 14 01:38:03 ROUTER01901 %ETHPORT-5-IF_DUPLEX: Interface Ethernet1/19, operational duplex mode changed to Full 2012 Apr 14 01:38:03 ROUTER01901 %ETHPORT-5-IF_RX_FLOW_CONTROL: Interface Ethernet1/19, operational Receive Flow Control state changed to off 2012 Apr 14 01:38:03 ROUTER01901 %ETHPORT-5-IF_TX_FLOW_CONTROL: Interface Ethernet1/19, operational Transmit Flow Control state changed to off 2012 Apr 14 01:38:03 ROUTER01901 %ETHPORT-5-IF_UP: Interface Ethernet1/19 is up in mode trunk 2012 Apr 14 01:38:06 ROUTER01901 %ETHPORT-5-SPEED: Interface Ethernet1/4, operational speed changed to 1 Gbps 2012 Apr 14 01:38:06 ROUTER01901 %ETHPORT-5-IF_DUPLEX: Interface Ethernet1/4, operational duplex mode changed to Full 2012 Apr 14 01:38:06 ROUTER01901 %ETHPORT-5-IF_RX_FLOW_CONTROL: Interface Ethernet1/4, operational Receive Flow Control s tate changed to off 2012 Apr 14 01:38:06 ROUTER01901 %ETHPORT-5-IF_TX_FLOW_CONTROL: Interface Ethernet1/4, operational Transmit Flow Control state changed to off 2012 Apr 14 01:38:06 ROUTER01901 %ETHPORT-5-IF_UP: Interface Ethernet1/4 is up in mode trunk 2012 Apr 14 01:38:06 ROUTER01901 %ETHPORT-5-SPEED: Interface Ethernet1/14, operational speed changed to 1 Gbps 2012 Apr 14 01:38:06 ROUTER01901 %ETHPORT-5-IF_DUPLEX: Interface Ethernet1/14, operational duplex mode changed to Full 2012 Apr 14 01:38:06 ROUTER01901 %ETHPORT-5-IF_RX_FLOW_CONTROL: Interface Ethernet1/14, operational Receive Flow Control state changed to off 2012 Apr 14 01:38:06 ROUTER01901 %ETHPORT-5-IF_TX_FLOW_CONTROL: Interface Ethernet1/14, operational Transmit Flow Control state changed to off 2012 Apr 14 01:38:07 ROUTER01901 %ETHPORT-5-IF_UP: Interface Ethernet1/14 is up in mode trunk 2012 Apr 14 01:38:09 ROUTER01901 %ETHPORT-5-SPEED: Interface Ethernet1/7, operational speed changed to 1 Gbps 2012 Apr 14 01:38:09 ROUTER01901 %ETHPORT-5-IF_DUPLEX: Interface Ethernet1/7, operational duplex mode changed to Full 2012 Apr 14 01:38:09 ROUTER01901 %ETHPORT-5-IF_RX_FLOW_CONTROL: Interface Ethernet1/7, operational Receive Flow Control s tate changed to off 2012 Apr 14 01:38:09 ROUTER01901 %ETHPORT-5-IF_TX_FLOW_CONTROL: Interface Ethernet1/7, operational Transmit Flow Control state changed to off 2012 Apr 14 01:38:09 ROUTER01901 %ETHPORT-5-IF_UP: Interface Ethernet1/7 is up in mode trunk 2012 Apr 14 01:38:15 ROUTER01901 %ETHPORT-5-SPEED: Interface Ethernet1/6, operational speed changed to 1 Gbps 2012 Apr 14 01:38:15 ROUTER01901 %ETHPORT-5-IF_DUPLEX: Interface Ethernet1/6, operational duplex mode changed to Full 2012 Apr 14 01:38:15 ROUTER01901 %ETHPORT-5-IF_RX_FLOW_CONTROL: Interface Ethernet1/6, operational Receive Flow Control s tate changed to off 2012 Apr 14 01:38:15 ROUTER01901 %ETHPORT-5-IF_TX_FLOW_CONTROL: Interface Ethernet1/6, operational Transmit Flow Control state changed to off 2012 Apr 14 01:38:15 ROUTER01901 %ETHPORT-5-IF_UP: Interface Ethernet1/6 is up in mode trunk 2012 Apr 14 01:38:23 ROUTER01901 %ETHPORT-5-SPEED: Interface Ethernet1/9, operational speed changed to 1 Gbps 2012 Apr 14 01:38:23 ROUTER01901 %ETHPORT-5-IF_DUPLEX: Interface Ethernet1/9, operational duplex mode changed to Full 2012 Apr 14 01:38:23 ROUTER01901 %ETHPORT-5-IF_RX_FLOW_CONTROL: Interface Ethernet1/9, operational Receive Flow Control s tate changed to off 2012 Apr 14 01:38:23 ROUTER01901 %ETHPORT-5-IF_TX_FLOW_CONTROL: Interface Ethernet1/9, operational Transmit Flow Control state changed to off 2012 Apr 14 01:38:23 ROUTER01901 %ETHPORT-5-IF_UP: Interface Ethernet1/9 is up in mode trunk 2012 Apr 14 01:38:32 ROUTER01901 %ETHPORT-5-SPEED: Interface Ethernet1/5, operational speed changed to 1 Gbps 2012 Apr 14 01:38:32 ROUTER01901 %ETHPORT-5-IF_DUPLEX: Interface Ethernet1/5, operational duplex mode changed to Full 2012 Apr 14 01:38:32 ROUTER01901 %ETHPORT-5-IF_RX_FLOW_CONTROL: Interface Ethernet1/5, operational Receive Flow Control s tate changed to off 2012 Apr 14 01:38:32 ROUTER01901 %ETHPORT-5-IF_TX_FLOW_CONTROL: Interface Ethernet1/5, operational Transmit Flow Control state changed to off 2012 Apr 14 01:38:32 ROUTER01901 %ETHPORT-5-IF_UP: Interface Ethernet1/5 is up in mode trunk 2012 Apr 14 02:05:09 ROUTER01901 %AUTHPRIV-3-SYSTEM_MSG: pam_aaa:Authentication failed for user admin from 10.10.27.222 - sshd[13983] 2012 Apr 14 02:05:09 ROUTER01901 %DAEMON-3-SYSTEM_MSG: error: PAM: Authentication failure for admin from 10.10.27.222 - sshd[13982] 2012 Apr 14 02:08:57 ROUTER01901 %AUTHPRIV-3-SYSTEM_MSG: pam_aaa:Authentication failed for user admin from 10.10.19.34 - sshd[14175] 2012 Apr 14 02:08:57 ROUTER01901 %DAEMON-3-SYSTEM_MSG: error: PAM: Authentication failure for admin from 10.10.19.34 - s shd[14173] ASA: %ASA-1-106021: Deny protocol reverse path check from source_address to dest_address on interface interface_name An attack is in progress. Someone is attempting to spoof an IP address on an inbound connection. Unicast RPF, also known as reverse route lookup, detected a packet that does not have a source address represented by a route and assumes that it is part of an attack on your adaptive security appliance. This message appears when you have enabled Unicast RPF with the ip verify reverse-path command. This feature works on packets input to an interface; if it is configured on the outside, then the adaptive security appliance checks packets arriving from the outside. The adaptive security appliance looks up a route based on the source_address. If an entry is not found and a route is not defined, then this syslog message appears and the connection is dropped. If there is a route, the adaptive security appliance checks which interface it corresponds to. If the packet arrived on another interface, it is either a spoof or there is an asymmetric routing environment that has more than one path to a destination. The adaptive security appliance does not support asymmetric routing. If the adaptive security appliance is configured on an internal interface, it checks static route command statements or RIP, and if the source_address is not found, then an internal user is spoofing their address. +++++++++++++++ I/f Serial0/0/0 class BE requested bandwidth 30%, available only 15% ↑-- ↓-- Rascunho >Rascunho |<<<<<<<<<<<<<< ### Rascunho ### >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> --- |-| |<<<<<<<<<<<<<< ### Rascunho ### >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> --- http://www.cisco.com/en/US/products/hw/routers/ps259/products_tech_note09186a008009433b.shtml Setting the Console Speed (baud) Router(config)#line con 0 Router(config-line)#speed 115200 |-| |<<<<<<<<<<<<<< ### Rascunho ### >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> --- enable ssh on 3560 http://certhacker.com/cisco/how-to-enable-ssh-in-cisco-ios/ |-| |<<<<<<<<<<<<<< ### Rascunho ### >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> --- NTP: show ntp associations ntp peer 10.0.20.2 prefer ntp peer 10.0.20.5 (http://oreilly.com/catalog/hardcisco/chapter/ch10.html) (http://www.cisco.com/en/US/docs/ios/12_2/configfun/command/reference/frf012.html#wp1123701) |-| |<<<<<<<<<<<<<< ### Rascunho ### >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> --- Data e hora: !!! Austando o TIMEZONE: clock timezone BRT -3 (Fonte: http://www.cisco.com/en/US/docs/ios/12_3/configfun/command/reference/cfr_1g01.html#wp1033494) !!! Acertando a data e hora: clock set 09:41:00 27 NOV 2012 (Fonte: http://www.cisco.com/en/US/docs/ios/12_3/configfun/command/reference/cfr_1g01.html#wp1033256) |-| |<<<<<<<<<<<<<< ### Rascunho ### >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> --- default interface range gigabitEthernet 0/2-8 |-| |<<<<<<<<<<<<<< ### Rascunho ### >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> --- DNS: !!! Configurando os servidores de DNS: ip name-server 192.168.1.100 (http://www.cisco.com/en/US/tech/tk648/tk362/technologies_tech_note09186a00800c525f.shtml) |-| |<<<<<<<<<<<<<< ### Rascunho ### >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> --- SNMP: snmp-server community coc@algar ro snmp-server group coc@algar v1 snmp-server host 10.0.20.20 coc@algar snmp-server contact Dud - 713-2754 snmp-server location Core da Nobel (http://www.cisco.com/en/US/docs/ios/12_2/configfun/configuration/guide/fcf014.html) |-| |<<<<<<<<<<<<<< ### Rascunho ### >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> --- Modem: >104 >109  103- TX ou transmissão dos dados locais, ou seja, do equipamento que está conectado ao modem (Exemplo: Roteador) 104- RX ou recepção dos dados do equipamentos remoto (Roteador remotamente) 106 – CTS ou pronto para transmitir 109 – DCD ou portadora detectada http://www.dltec.com.br/blog/cisco/dicas-de-troubleshooting-alarmes-em-modems-e-equipamentos-de-telecom/ |-| |<<<<<<<<<<<<<< ### Rascunho ### >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> --- Password Recovery: Tags: recuperar a senha quebrar a senha 1) Hold down the mode button located on the left side of the front panel, while you reconnect the power cable to the switch 2) Digitar: flash_init 3) Digitar: dir flash: 4) Digitar: rename flash:config.text flash:config.old 5) Digitar: boot 6) Selecionar: no 7) Digitar: enable 8) Digitar: rename flash:config.old flash:config.text 9) Executar: copy flash:config.text system:running-config (Fonte: http://www.cisco.com/en/US/products/hw/switches/ps628/products_password_recovery09186a0080094184.shtml) |-| |<<<<<<<<<<<<<< ### Rascunho ### >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> --- cisco 2960 reset to factory default 1) Executar: write erase 2) Executar: reload show vlan dir flash: delete flash:vlan.dat (Fonte: http://www.cisco.com/en/US/products/hw/switches/ps607/products_tech_note09186a00800c4546.shtml) |-| |<<<<<<<<<<<<<< ### Rascunho ### >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> --- Erro: %VTP VLAN configuration not allowed when device is in CLIENT mode. Executar: vtp mode transparent  (https://learningnetwork.cisco.com/thread/15990) |-| |<<<<<<<<<<<<<< ### Rascunho ### >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> --- 802.1x http://blogs.technet.com/b/fcima/archive/2006/10/30/o-que-voc-precisa-saber-antes-de-implementar-802-1x-em-redes-com-fio.aspx |-| |<<<<<<<<<<<<<< ### Rascunho ### >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> --- http://www.cisco.com/en/US/docs/switches/datacenter/nexus1000/sw/4_0_4_s_v_1_3/troubleshooting/configuration/guide/n1000v_trouble_7channels.html switchport trunk allowed vlan add vlan-id |-| |<<<<<<<<<<<<<< ### Rascunho ### >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> --- |-| |<<<<<<<<<<<<<< ### Rascunho ### >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> --- |-| |<<<<<<<<<<<<<< ### Rascunho ### >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> --- |-| |<<<<<<<<<<<<<< ### Rascunho ### >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> <Rascunho |##########^ Rascunho ########################################################| ↑-- Rascunho ↓-- Atividades >Atividades |<<<<<<<<<<<<<< ### Atividades ### >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> ESTUDAR A SOLUÇÃO - Estudar o ambiente						- 16h - Verificar a compatibilidade dos equipamentos			- 3h/equipamento - Estudo da possibilidade de migração				- 8h -- Estudo da solução - Parte de migração		- 16h - Instalar o Zimbra no ambiente de teste			- 16h - Criar ambiente de teste e homologação			- 40h EXECUTAR: - Habilitar a solução 802.1x --- Atividade de Configurar Switch: - Encontrar a documentação - Encontrar informações de acesso (Usuário e senha) - Acessar o Switch |-| Testar o acesso via login |<<<<<<<<<<<<<< ### Atividades ### >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> =============================================================================== Configurar o 802.1x: - Estudar a solução							- 20h - Baixar o Windows Server 2008						- 5h - Instalar o Windows Server 2008					- 5h - Configurar a senha - Instalar o AD DS							- 2h - Instalar o IAS (Network Policy Server) 				- 1h |=============================================================================| <Atividades |##########^ Atividades ######################################################| ↑-- Atividades ↓-- Melhorias >Melhorias - Atualizar/validar os desenhos das topologias; - Verificar a estado das portas de Uplinks (verificação de erros) - Configurar o STP ou RSTP ou o PVSTP nos switches; - Configurar o HSRP (VRRP) nos switches cores; - Configurar as conexões dos switches de acessos nos dois cores; - Configurar a monitoração dos Uplinks com a ferramenta weathermap; - Configurar os ativos de redes para utilizarem a autenticação centralizada; <Banner |##########^ Melhorias #######################################################| ↑-- Banner ↓-- Cisco Unified CM Administration - Verificar a compatibilidade dos equipamentos - Estações com o Windows XP tem
 * 1) Avisos!!!
 * 1) Avisos!!!
 * 1) Atenção no site memovirtual:
 * 2) As opções passadas com - - (menos,menos) no site podem ter ficado
 * 3) com um — (travessão), assim use o "man" ou o interroga para confirmar
 * 4) a opção utilizada
 * 1) Desculpem-me pelos erros de português, mas vocês sabem...
 * 2) nossa lingua é fácil ;) ... e às vezes ao escrever o pensamento está
 * 3) lá na frente, enquanto que a digitação...
 * 1) /!\ Importante!!!
 * 1) /!\ Importante!!!
 * 1) Ver Também:
 * 1) Ver Também:
 * 1) MemoVirtual:
 * 1) Template:
 * 1) Template:
 * 1) Temp:
 * 1) Temp:
 * 1) Não usar a VLAN 1:
 * 1) IMPORTANTE: LDL e LDR
 * 1) Pesquisa:
 * 1) Ver sem falta: NAR
 * 1) Ver sem falta:
 * 1) Conceitos:
 * 1) Conceitos:
 * 1) Multi-chassis Link Aggregation: Stacking on Steroids (VSS e IRF):
 * 1) O VSS é composto pelas seguintes partes:
 * 1) Nexu vPC
 * 1) Nexus 7000 - Configuring vPCs
 * 1) Veja Também: (See Also)
 * 1) Configurações Iniciais:
 * 1) Configurações Iniciais:
 * 1) Configurar:
 * 1) Configurar:
 * 1) 6513:
 * 1) 6513:
 * 1) 6513 - VPN:
 * 1) 6513 - VPN:
 * 1) Para debugar uma profile:
 * 1) Para visualizar detalhes de uma conexão VPN:
 * 1) ACE:
 * 1) ACE:
 * 1) ACS:
 * 1) ACS:
 * 1) Para ver qual IP o cliente de VPN pegou:
 * 1) Para distribuir IPs de um POOL do 6500 pelo ACS aos cliente de VPN:
 * 1) Para permitir que usuários usem o comando "enable" e definir o nível
 * 2) do privilégio:
 * 1) Número Máximo de Sessões:
 * 1) Erro:
 * 1) Causa:
 * 1) access-list:
 * 1) access-list:
 * 1) ASA:
 * 1) ASA:
 * 1) Log retirado do ASA - Erro aconteceu com a versão IKEv2 no site remoto:
 * 1) Este erro aconteceu porque o LocalID do Juniper não estava setado:
 * 2) Para ver o erro abaixo é necessário habilitar o debug
 * 3) debug crypto isakmp 100
 * 1) Este é interessante, acontece somente quando a entrada estava sendo por um dos links (Interlig)
 * 1) Banner:
 * 1) Banner:
 * 1) Cisco Unified CM Administration:
 * 1) Cisco Unified CM Administration:
 * 1) Para ver os telefones IPs:
 * 2) >>>> Device > Phone > Selecionar: Directory Number e colocar a pesquisa
 * 1) Cisco Catalyst Express 500:
 * 1) Cisco Catalyst Express 500:
 * 1) Comandos:
 * 1) Comandos:
 * 1) Descrição: (Description)
 * 1) Limiting the Impact of IP Helper Addresses
 * 1) Descrição: (Description)
 * 1) Comparação de Comandos:
 * 1) Comparação de Comandos:
 * 1) CSM:
 * 1) CSM:
 * 1) EXEMPLO:
 * 2) Adicionar um servidor no NOME_DA_FARM
 * 3) No modo de configuração global
 * 1) Mostra detalhes da FARM:
 * 1) CSS:
 * 1) CSS:
 * 1) Debug:
 * 1) Debug:
 * 1) FWSM:
 * 1) FWSM:
 * 1) Criar um usuário:
 * 1) Configurando o Logging (Geral):
 * 1) Geral:
 * 1) Geral:
 * 1) Para mostrar as Interfaces de uma VRF
 * 1) Para mostrar as sessões configuradas para SPAN (mirror)
 * 1) Para verificar os processos abertos e consumo de CPU
 * 1) Para ver os endereços virtuais:
 * 1) Procedimentos:
 * 1) Procedimentos:
 * 1) Saída dos Comandos:
 * 1) Saída dos Comandos:
 * 1) Comando: show interface
 * 2) Access Mode VLAN
 * 3) Informa em que VLAN a porta está.
 * 1) Administrative Mode
 * 2) Mostra em modo a interface foi configurada manualmente.
 * 1) Trunking VLANs Enabled
 * 2) VLANs que "estão" permitidas no Trunk.
 * 1) Softwares da Cisco:
 * 1) Softwares da Cisco:
 * 1) Switch:
 * 1) Switch:
 * 1) Para mostrar as sessões configuradas para SPAN (mirror)
 * 1) Ensure port-security age is greater than one minute
 * 2) and use inactivity timer
 * 1) Trunking:
 * 1) Trunking:
 * 1) Vários Comandos show:
 * 1) Vários Comandos show:
 * 1) Usando a opção OU (|)
 * 1) Para visualizar os módulos:
 * 1) Para ver a tabela ARP de um roteador virtual (VRF)
 * 1) Para ver a tabela de MAC address:
 * 1) Para visualizar as VLANs em um Switch:
 * 1) Para visualizar o status de uma VLAN:
 * 1) VLAN:
 * 1) VLAN:
 * 1) VoIP:
 * 1) VoIP:
 * 1) Dicas:
 * 2) Vários pacotes UDPs (20 Mbps) em um link de 18 Mbps causa "picotes" na voz, pois UDP não tem controle;
 * 1) Para ver o mapeamento de COS e DSCP:
 * 1) Mensagem informando que a pessoa desligou:
 * 1) WebVPN:
 * 1) WebVPN:
 * 1) No acesso para referenciar um grupo do ACS ao grupo do servidor VPN3000:
 * 2) Em: IETF RADIUS Attributes, marcar a classe [025] Class
 * 3) e digitar o nome do grupo no VPN3000:
 * 1) >>>> Digitar o nome do grupo.
 * 1) Resumo de Todos Comandos:
 * 1) Resumo de Todos Comandos:
 * 1) LMS:
 * 1) LMS:
 * 1) LMS: para visualizar os logs:
 * 1) Para o envio de mensagens de problemas com ativos no LMS:
 * 1) FWSM:
 * 1) FWSM:
 * 1) Para mostrar as Interfaces de uma VRF
 * 1) Para mostrar as sessões configuradas para SPAN
 * 1) Para verificar os processos abertos e consumo de CPU
 * 1) Para ver os endereços virtuais:
 * 1) Cisco Nexus Operating System (NX-OS):
 * 1) Cisco Nexus Operating System (NX-OS):
 * 1) Para ver o espaço utilizado da bootflash:
 * 1) http://www.cisco.com/en/US/docs/switches/datacenter/sw/4_2/nx-os/fundamentals/configuration/guide/Cisco_Nexus_7000_Series_NX-OS_Fundamentals_Configuration_Guide__Release_4.2_chapter8.html#task_1234363
 * 1) Para copiar um arquivo do Switch para um servidor TFTP:
 * 1) Para copiar um arquivo da bootflash para um servidor de TFTP:
 * 1) Para encontrar na tabela ARP o MAC de um determinado IP:
 * 1) Para encontrar a porta que está conectado cada host:
 * 1) Vários Comandos show:
 * 1) Vários Comandos show:
 * 1) Para ver a tabela ARP de um roteador virtual (VRF)
 * 1) Para ver a tabela de MAC address:
 * 1) Exemplos de Configurações:
 * 1) Exemplos de Configurações:
 * 1) Inglês Técnico
 * 1) Inglês Técnico
 * 1) Dicas:
 * 1) Dicas:
 * 1) Troubleshooting:
 * 1) Troubleshooting:
 * 1) Comandos para resolver problemas:
 * 1) Troubleshooting do VPN Client:
 * 1) Erros conhecidos: (Known Errors)
 * 2) Questão/Problema: (Question/Issue)
 * 1) Sintomas: (Symptoms)
 * 1) Causa: (Cause)
 * 1) Solução: (Solution)
 * 1) Erros conhecidos: (Known Errors)
 * 2) Questão/Problema: (Question/Issue)
 * 1) Sintomas: (Symptoms)
 * 1) Causa: (Cause)
 * 1) Solução: (Solution)
 * 1) Erros conhecidos: (Known Errors) [Resolvido] [Solved]
 * 2) Questão/Problema: (Question/Issue)
 * 1) Sintoma: (Symptoms)
 * 1) Causa: (Cause)
 * 1) Solução: (Solution)
 * 1) Erros conhecidos: (Known Errors) [Resolvido] [Solved]
 * 2) Questão/Problema: (Question/Issue)
 * 1) Sintoma: (Symptoms)
 * 1) Causa: (Cause)
 * 1) Solução: (Solution)
 * 1) Erros conhecidos: (Known Errors) [Resolvido] [Solved]
 * 2) Questão/Problema: (Question/Issue)
 * 1) Sintoma: (Symptoms)
 * 1) Causa: (Cause)
 * 1) Solução: (Solution)
 * 1) Erros conhecidos: (Known Errors) [Resolvido] [Solved]
 * 2) Questão/Problema: (Question/Issue)
 * 1) Sintoma: (Symptoms)
 * 1) Causa: (Cause)
 * 1) Solução: (Solution)
 * 1) Erros conhecidos: (Known Errors) [Resolvido] [Solved]
 * 2) Questão/Problema: (Question/Issue)
 * 1) Sintoma: (Symptoms)
 * 1) Causa: (Cause)
 * 1) Solução: (Solution)
 * 1) Erros conhecidos: (Known Errors) [Resolvido] [Solved]
 * 2) Questão/Problema: (Question/Issue)
 * 1) Sintoma: (Symptoms)
 * 1) Causa: (Cause)
 * 1) Solução: (Solution)
 * 1) Erros conhecidos: (Known Errors) [Resolvido] [Solved]
 * 2) Questão/Problema: (Question/Issue)
 * 1) Sintoma: (Symptoms)
 * 1) Causa: (Cause)
 * 1) Solução: (Solution)
 * 1) Erros conhecidos: (Known Errors) [Resolvido] [Solved]
 * 2) Questão/Problema: (Question/Issue)
 * 1) Sintoma: (Symptoms)
 * 1) Causa: (Cause)
 * 1) Solução: (Solution)
 * 1) Erros conhecidos: (Known Errors) [Resolvido] [Solved]
 * 2) Questão/Problema: (Question/Issue)
 * 1) Sintoma: (Symptoms)
 * 1) Causa: (Cause)
 * 1) Solução: (Solution)
 * 1) Erros conhecidos: (Known Errors) [Resolvido] [Solved]
 * 2) Questão/Problema: (Question/Issue)
 * 1) Sintoma: (Symptoms)
 * 1) Causa: (Cause)
 * 1) Solução: (Solution)
 * 1) FAQ:
 * 1) FAQ:
 * 1) Glossário:
 * 1) Glossário:
 * 1) Referências:
 * 1) Referências:
 * 1) Cisco RJ45 RollOver cable pinout:
 * 1) Configuring VLANs:
 * 1) Configuring InterVLAN Routing with Catalyst 3750/3560/3550 Series Switch:
 * 1) Políticas de controle de banda – Catalyst 3750:
 * 1) Procedimentos de Padronização de Nomes:
 * 1) Trunk de vlan entre cisco e d-link:
 * 1) Tarefas:
 * 1) Tarefas:
 * 1) Equipamentos:
 * 1) Equipamentos:
 * 1) Rascunho:
 * 1) Rascunho:
 * 1) Atividades:
 * 1) Atividades:
 * 1) Melhorias:
 * 1) Melhorias: