no logging console to disable logging to the console.

This will prevent your router/switch from generating an interrupt for each single character, that is put to the console interface.

failover key *****

tunnel-group clients ipsec-attributes
pre-shared-key *****


simply use the more system:running-config-command to show all your keys uncrypted.

Of course RANCID combined with a graphical CVS-viewer would be a very good solution. But you can achieve this task with less effort directly on your router too. Therefor you need the archive-feature.

With the archive commands you can automatically write your configs to flash: – or some other destinations (ftp:, http:, https:, pram:, rcp:, scp:, tftp:)

You have many features with archive – but today let’s focus only on automatically archiving the current configuration when doing a copy running-config startup-config (or the more or less obsolete write mem)

mkdir flash:/configs
configure terminal
archive
path flash:configs/archive
maximum 14
write-memory

Command explanation:

• mkdir flash:/configs creates a new directory on flash:
• path flash:configs/archive defines the path and filenamesuffix of the files
• maximum 14 defines the maximum number of configs held on the flash: (currently 1-14)
• write-memory will save a new version of the running-config into the archive-folder (flash:configs in our example) each time you do a copy running-config startup-config or write mem

with show archive you can review all existing configs in flash:

Router#sh archive
The maximum archive configurations allowed is 14.
There are currently 3 archive configurations saved.
The next archive file will be named flash:configs/archive-3
Archive # Name
1 flash:configs/archive-0
2 flash:configs/archive-1
3 flash:configs/archive-2 <- Most Recent
4
5
6
7
8
9
10
11
12
13
14
Router#

to view differences between 2 configs use show archive config differences <file1> <file2>
For demonstration I created a new Loopback Interface, added an EIGRP-routing-process and wrote the new configuration to NVRAM (write mem)

show archive config differences flash:configs/archive-2 flash:configs/archive-3

Contextual Config Diffs:
+interface Loopback1
+ip address 192.168.1.1 255.255.255.255
+router eigrp 1
+network 192.168.1.1 0.0.0.0
+no auto-summary
+eigrp stub connected summary

Router#

You also can write a new version of your current configuration into the archive without touching the startup-config with the archive config command.

It is also possible to write a new configuration on a interval-basis. But I don’t recommend this on a flash-device, because if you don’t change your config for a longer time (“long” depends on your backup-interval) you have a maximum of 14 same configurations – and of course lost the configs with real changes.

%C4K_TRANSCEIVERMAN-3-SEEPROMREADFAILED: Failed to read transceiver serial eeprom on port Te5/3, try reinserting

This is really not a serious problem although it looks like one. You just have to configure your TenGigE-Port to GigE. On a 6Port 10GE-Linecard (WS-X4606-X2-E) it is important, that you can only put 3 ports in 1GigE-Mode at once. Each 3 Ports are grouped together to one Port-Group. If this is a problem you can deal with the TenGigE-Ports on your Sup (depending on the Sup you are using…)

You can have the following configurations on a WS-X4606-X2-E:

• 6 TenGigE
• 3 TenGigE, 6 GigE
• 6GigE, 3 TenGigE
• 12 GigE

To switch a Port-Group over to 1 GigE use the following command:

hw-module module 5 port-group 1 select gigabitethernet

This will put your 1st three ports on the Module in Slot 5 into Gigabit-Mode and voila – your TwinGigConverterModule will no longer be rejected with this crazy errormessage. ]]> http://www.router-secrets.net/switching/configuring-a-twingig-converter-module-cvr-x2-sfp-in-a-catalyst-4500/feed/ 0 http://www.router-secrets.net/cli/qt-get-rid-of-the-ctrl-shift-6-escape-character/ http://www.router-secrets.net/cli/qt-get-rid-of-the-ctrl-shift-6-escape-character/#comments Wed, 24 Feb 2010 20:57:48 +0000 admin http://www.router-secrets.net/?p=296 Do you sometimes have the problem, that CTRL-SHIFT-6 (CTRL-^) won’t work to cancel a traceroute or other commands? Especially on foreign keymaps? Than simply change the escape-sequence for your VTYs or CONsole:

change escape-character to CTRL-C on VTYs (telnet and/or ssh-access):

line vty 0 15
escape-character 3
end

change escape-character to ESC on CONsole (serial-access on console port):

line con 0
escape-character 27
end

CTRL-C is a good choice – it’s a well known keystroke to cancel processes on CLIs.
ESC is nice because it uses the very less used ESC key – but the usage of the esc-code has one drawback: If you telnet to a further router from the commandline of your current router, than the command history will not be accessible via your curser up-/down-keys any longer because they are sending keycodes beginning with ESC – this breakes the Cursor-keycodes. Also the 1st CTRL-C will be eaten by router 1 – the next one is passed to router2.

So I recommend to use CTRL-C but of course you can configure any other ASCII-code as the escape-character.

If you tag your external EIGRP routes (that ones you already redistributed from another routing protocol or from static) with a routemap you can choose your TAG-value from 0-4294967295.

But if you try to tag internal EIGRP routes, you can only use the range 0-255. Currently I wasn’t able to find any documentation about this – but thats the thing I had to learn while trying to use greater values.

Let’s do an example:

2 Routers connected via Eth 1/0, Transfernet 192.168.12.0/29, Lo 0 on both routers, EIGRP 1

router eigrp 1
network 10.0.0.0
network 192.168.0.0 0.0.255.255
distribute-list route-map settag out
no auto-summary
!
route-map settag permit 10
set tag 199

The topology-table on Router2 for the Loopback-IP of Router1 shows this:

R2#sh ip eig top 10.1.1.1/32
IP-EIGRP (AS 1): Topology entry for 10.1.1.1/32
State is Passive, Query origin flag is 1, 1 Successor(s), FD is 409600
Routing Descriptor Blocks:
192.168.12.1 (Ethernet1/0), from 192.168.12.1, Send flag is 0×0
Composite metric is (409600/128256), Route is Internal
Vector metric:
Minimum bandwidth is 10000 Kbit
Total delay is 6000 microseconds
Reliability is 255/255
Load is 1/255
Minimum MTU is 1500
Hop count is 1
Internal tag is 199
R2#

Now Let’s try it with tag-value 256

route-map settag permit 10
set tag 256

Topology-table of Router2:

R2#sh ip eig top 10.1.1.1/32
IP-EIGRP (AS 1): Topology entry for 10.1.1.1/32
State is Passive, Query origin flag is 1, 1 Successor(s), FD is 409600
Routing Descriptor Blocks:
192.168.12.1 (Ethernet1/0), from 192.168.12.1, Send flag is 0×0
Composite metric is (409600/128256), Route is Internal
Vector metric:
Minimum bandwidth is 10000 Kbit
Total delay is 6000 microseconds
Reliability is 255/255
Load is 1/255
Minimum MTU is 1500
Hop count is 1
R2#

As we can see, internal TAG-values greater than 255 are ignored.
If you tag an external Route, you can use the whole range suggested from the set tag command (0-4294967295). This limitation applies only to internal routes.

All tests were made with 12.4(24)T2

You will need:

• EL Foil 112x87mm (blue one looks very cool)
• EL-Power Supply
• 2 LEDs – 3mm – blue
• some wires
• and of course some tools for soldering and dis-/reassembling the phone

In Germany you can get the EL-parts at Conrad Electronic – but you should be able to get these stuff in all big electronic stores or even at ebay. Don’t worry if you couldn’t get the EL-Foil in the right dimensions – you can cut these foils with a pair of scissors. YES, the foil won’t be destroyed (but DON’T cut the connectors )

The powersupply for the EL-foil (the EL-converter) is a very big problem. These converters work with a frequence of about 400Hz to 900Hz for genereating the supply voltage of abt. 110 Volt. If you place this converter inside your phone (there is enough room for it inside) and even try to supply some power of your phone to the converter, you will hear a very annoying noise in your handset and even in the loudspeaker of your phone. This is absolutly inacceptable – so I’m currently searching for a good solution to power the EL-foil quietly.

If you have a good idea or even a ready solution – please let me know. It must be possible to build a cheap EL-converter with a working frequency outside the hearable soundspectrum. Someone told me that there are ICs from MAXIM which are working at about 1MHz – but I couldn’t find a suitable chip yet.

Ok, let’s begin with the Phone-mod.

Have a look at the following pictures for disassembling the phone:

Now let’s continue with the more tricky part:

You need to remove the LCDisplay from the frame. It is glued with double-faced adhesive tape. Be VERY CAREFUL not to break the GlasDisplay! You can gently bend the frame very slowly away from the LCD. This works better if you get  your display including the frame to a temperature of about 40 or 50 degrees.

Removing the reflective foil:

Pay attention that you only remove the thin, reflective foil. There is another, thicker foil for polarization. If you remove this one you will not be able to see anything on your Display. At last use isopropanol to remove the glue from the polarization foil.

Place EL-Foil and Converter:

Insert the EL-Foil between plastic frame and display. There is no need to glue this parts together – just be careful while reassembling the phone. If you decide to use the “noisy solution” here is a good position for placing the EL-converter. In this case it is highly reccomended that you power your converter from an external source outside the phone. This will keep the noises very low – and nearly unhearable. If you like a clean, blue optic change the 2 LEDs on the little PCB near the handset cradle. Connect all parts with the correct wires and reassemble the phone – and you are done.

Enjoy your 7940/7960 at night

If you have a good solution for a silent EL-Converter, I would appreciate if you contact me or write a comment here. It doesn’t matter if it is a ready made converter or just an application note, design guide or partnumber of the right chip. Thank you.

Check your VLAN-config!

If your switchport is configured to a VLAN thet doesn’t exists on your switch – then the switch won’t learn anything on this port. This could only happen if your switch is in VTP mode “client”.
Otherwise the VLAN will be created automatically.

PIX with IOS 6.x even is not capable of handling ESMTP. The only way to enable TLS/ESMTP on an old PIX is to disable the smtp-fixup:

no fixup smtp

On ASA55x0 Systems things are looking better. If you run 7.2(3) or higher you can enable the 250-STARTTLS ESMTP-Command by adding the following policy-map:

policy-map type inspect esmtp esmtp_pmap
parameters
allow-tls [action log]

action log enables the logging of TLS events.

Don’t forget to activate this policy. If you want to enable it on the default global policy type:

policy-map global_policy
class inspection_default
no inspect esmtp
inspect esmtp esmtp_pmap
exit

ASA‘s below 7.2(3) have only the option to disable esmtp inspection like this:

policy-map global_policy
class inspection_default
no inspect esmtp
exit

Why is TLS disabled per default?
TLS is an end to end encryption between two MTA’s. The Firewall is not able to inspect any payload of encrypted traffic – so for security reasons TLS will be denied by default.

So be careful with copy&paste things like

tacacs-server key 7 120B0A02060E1E49392E273A3621315D091317

You have to enter your tacacs-server key in cleartext for a working tacacs setup.

tacacs-server key router-secrets.net

Erroneous configuration may result in the following output of debug tacacs:

TPLUS: Queuing AAA Authentication request 199 for processing
TPLUS: processing authentication start request id 199
TPLUS: Authentication start packet created for 199()
TPLUS: Using server 192.168.1.1
TPLUS(000000C7): connected to server 192.168.1.1
TPLUS: response received for AAA request 199
TPLUS: received bad AUTHEN packet: length = 6, expected 66016
TPLUS: Invalid AUTHEN packet (check keys)

The 0 string and 7 string keyword and argument pairs were added in 12.3(2)T