July 2nd, 2009 No comments

I use this WordPress installation as a way to post snippets of information and aides memoir, which I use in my work. Sometimes I may add a short piece of information which may be useful to a casual visitor. Hit Ctrl-D to bookmark me or subscribe to my Site RSS Feed – Daren.

Creative Commons License
This work is licensed under:
Creative Commons Attribution-NonCommercial 2.0 Generic License 

Find posts with capture files..


Categories: Diary of Events Tags: , ,

Policy-Based Routing on IOS-XE Causes GRE Tunnel to drop

June 25th, 2018 No comments

I wanted to use PBR on our DMVPN tunnels to set the next-hop address to a Layer 3 switch on the LAN.  We set it up and it seemed to work fine.  Then it was noticed that is a site went down even briefly and the tunnel dropped, the tunnel would never re-establish itself (The tunnel interface remained line up/protocol down).  We recreated the problem in our lab and it consistently failed.  We moved the tunnel to an IOS router and that wasn’t affected.

It was eventually revealed that apparently, PBR is handled differently in IOS-XE and IOS routers.

The problem occurs when a route-map is attached to an interface with only a “set” operation and no “match” (When there is no match specified there is an implicit “match any any”) OR when a match “any any” is used.  Read more…

Categories: CISCO, Network Design Tags:

EEM Script to check log messages and trigger email

June 15th, 2017 No comments

Here’s a tip to become alerted when an interface is down (in this case a VPN tunnel). The script can be adapted to look for any pattern in the syslog and send a triggered email message:

event manager environment _ifDown_rcpt somebody@somewhere.com
event manager session cli username “admin”
event manager applet MailOnIfDown
event syslog occurs 1 pattern “%LINEPROTO-5-UPDOWN.* Tunnel” period 1
action 1.0 mail server “smtp-server@somewhere.com” to “$_ifDown_rcpt” from “router-hostname@somewhere.com” subject “DON’T PANIC – Tunnel Changed State!” body “$_syslog_msg”

Read more…

Categories: CISCO, EEM Scripts Tags:

Archive DHCP Bindings from Cisco Router using EEM

March 24th, 2017 No comments

This recipe describes a simple method to send DHCP bindings from a Cisco router to a remote TFTP server running on Windows.  A batch file renanes and date-stamps the file and another batch file removes the archived files after a retention period:


(Note: the cron entry sends the file every 5 minutes)
event manager session cli username “your_username”  (NOTE: this is required if tacacs+ is running on the router)
event manager applet copy-dhcp-bindings
event timer cron cron-entry “*/5 * * * * ”
action 0.5 cli command “enable”
action 1.0 cli command “show ip dhcp binding | redirect tftp://[ip_address]/bindings.txt”
end Read more…

Categories: CISCO, EEM Scripts Tags:

Monitor QoS Policy on Cisco Router using SNMP

March 23rd, 2017 No comments

This recipe describes how to use SNMP to determine the traffic offered and drop rate for a QoS policy configured on a Cisco router.

The steps here describe which OIDs to interrogate in the CISCO-CLASS-BASED-QOS-MIB


Get the SNMP ifIndex for the interface where the QoS policy is attached:
CiscoRouter#sh snmp mib ifmib ifindex | i GigabitEthernet0/1
GigabitEthernet0/1: Ifindex = 22

(or by using SNMP):
root@Linux# snmpwalk -v2c -c communityname | grep -i GigabitEthernet0/1
RFC1213-MIB::ifDescr.22 = STRING: “GigabitEthernet0/1” Read more…

Categories: CISCO, Network Management, QoS Tags: ,

Troubleshooting VMWare Networking

August 28th, 2015 No comments

To locate a VM Host on a Cisco switch, enable the sending of CDP (Cisco Discovery Protocol) packets on the VMWare host, the syntax is:

# esxcli network vswitch standard set –c both –v vSwitch# (Note: Replace # with the vSwitch number)

In ESXCLI 5.1, you can now retrieve additional network statistics at a physical NIC (vmnic), on a per VLAN (portgroup) which needs to be configured and on a per VM port (vNIC). Here is a quick diagram to help you visualize where you can retrieve network statistics: Read more…

Categories: CISCO Tags:

How to Find SNMP ifIndex on Cisco Devices

July 30th, 2015 2 comments

show snmp mib ifmib ifindex

show snmp interface Read more…

Categories: CISCO Tags:

Secure Hashing Algorithms SHA-1 and SHA-2

May 15th, 2015 No comments

First implemented by the National Security Agency (NSA) in 1993, the Secure Hashing Algorithm (SHA) is used by certification authorities such as Verisign and Thawte to sign certificates and Certificate Revocation Lists. SHA is used to generate unique hash values from files.

This is the SHA-1 hash fingerprint from the bbc.co.uk website:

root@raspberrypi:/# echo | openssl s_client -connect bbc.co.uk:443 2>/dev/null | openssl x509 -fingerprint -noout
SHA1 Fingerprint=EA:D2:F2:79:18:A0:CD:2B:10:3B:12:01:CF:B1:9E:CC:AF:0F:28:0C

SHA versions:

  • SHA0 Obsoleted
  • SHA1 Currently the most widely implemented
  • SHA2 Stronger than SHA-1 due to longer hash (SHA224, SHA256, SHA384 and SHA512)

As part of their SHA-2 migration plan, Microsoft, Google, and Mozilla have announced that they will stop trusting SHA-1 certificates. Google began phasing out trust in SHA-1 certificates in November 2014. Read more…

Categories: Network Design, Security Tags: ,

How to Determine which Process or Application uses a TCP Connection

May 14th, 2015 2 comments

This recipe shows how to determine which process or application uses a TCP connection which you saw listed in your netstat output.  The exampe below is for Linux.  Windows is further down in the post:

In this example, I have a small ARM Linux device being remotely managed via the “Dataplicity” service. To use the service you install a script which runs on startup. It seems that the script sets up an SSH connection from the managed ARM device to the dataplicity server, so that when you login to their Admin portal and choose the “terminal” option, you access the Linux terminal which is already setup.

The netstat output shows a session outbound from the ARM machine ( to the dataplicity server ( on TCP/443 (SSL):

root@raspberrypi:/# netstat -an | grep ‘:443’

the next step is to find which process(es) use the (source) TCP port 46098:

Read more…

Filtering Cisco “show” Output Using Regular Expressions

April 22nd, 2015 No comments

show run | i ^interface|^_ip address
! Gives you the every line in your running config that starts with (that’s what the ^ is all about) “interface” or ” ip address”, essentially giving you all of your interface IP’s in an IOS-pastable format.  The underscore represents a space.  Useful for displaying IP addresses with their associated masks and interfaces. Read more…

Categories: CISCO Tags:

Understanding F5 BIG-IP Memory Usage

March 30th, 2015 No comments

Any non-tmsh command you use in the HMS bash shell (like free) will generally only relate to the HMS. This is why there is an apparent discrepancy between the tmsh “show system memory” command and the Linux “free” command: Read more…

Categories: linux Tags: