Cisco Routers - Use Local Timezone for Log Timestamps

Router log timestamp entries are different from the system clock when the NTP is configured

VERSION 2 

Core Issue

If a router is configured to get the time from a Network Time Protocol (NTP) server, the times in the router's log entries may be different from the time on the system clock if the [localtime] option is not in the service timestamps log command. In the example below, the router gets its time from an NTP server and theservice timestamps log datetime command is issued. The show clockcommand displays a time of 14:12:26, yet when a configuration change is made immediately after the show clock command, the log message shows a time of 21:12:28, as shown in this example:

clock timezone PST -8
clock summer-time PDT recurring
service timestamps debug datetime
service timestamps log datetime
logging buffered 16000 debugging
ntp clock-period 17179272
ntp server 161.181.92.152

router#show clock
14:12:26.312 PDT Thu Apr 27 2000
router#config t
Enter configuration commands, one per line. End with CNTL/Z.
router(config)#exit
router#
Apr 27 21:12:28: %SYS-5-CONFIG_I: Configured from console by vty0

Resolution

Add the [localtime] option to the service timestamps log command. For example, if the current configuration is service timestamps log datetime, issue this global configuration command:

router(config)#service timestamps log datetime localtime
router(config)#^Z (ctrl z to exit)
router#write mem

The times should now be synchronized between the system clock and the log message timestamps.

https://supportforums.cisco.com/docs/DOC-4687

Cisco - ISDN Plan Map

Apparently Cisco CME creates its own ISDN call plan rule set automagically. With some vendors, when you send across a number which begins with 011 and plan type international their switches freak out. You can override this treatment by applying an ISDN MAP to the serial interface of the PRI.

interface Serial0/2/0:23
isdn map address 011.* plan isdn type unknown

Reference:
http://www.cisco.com/en/US/docs/ios/dial/command/reference/dia_i2.html

isdn map

To override the default ISDN type and plan generated by the router with custom values, use the isdn map command in interface configuration mode. To revert to the default ISDN type and plan, use the no form of this command.

isdn map address {{address | reg-exp} plan plan type type | transparent}

no isdn map address {{address | reg-exp} plan plan type type | transparent}

Syntax Description

address	Specifies that the default ISDN type and plan will be overridden.
address	Address map, which can be to either the calling number or the called number. This argument specifies the address for which the ISDN type and plan will be overridden.
reg-exp	Regular expression for pattern matching. This argument specifies that the ISDN type and plan will be overridden for addresses that match the regular expression.
plan plan	ISDN numbering plan. Valid values for the plan argument are as follows: •any—Any type of dialed number. •data—X.121 data numbering plan. •ermes—European Radio Message System numbering plan. •isdn—E.164 ISDN/Telephony numbering plan. •national—Number called to reach a subscriber in the same country, but outside the local network. •private—Private numbering plan. •reserved—Reserved for extension. •telex—F.69 telex numbering plan. •unknown—Number of a type that is unknown by the network.
type type	ISDN number type. Valid values for the type argument are as follows: •abbreviated—Abbreviated representation of the complete number as supported by this network. •any—Any type of called number. •international—Number called to reach a subscriber in another country. •national—Number called to reach a subscriber in the same country, but outside the local network. •network—Administrative or service number specific to the serving network. •reserved—Reserved for extension. •subscriber—Number called to reach a subscriber in the same local network. •unknown—Number of a type that is unknown by the network.
transparent	Specifies that the ISDN type and plan values received in raw messages from the ISDN originating gateway will take priority over the ISDN type and plan values received in the H.225 SETUP messages.

Command Default

The default is the ISDN type and plan generated by the router.

Command Modes

Interface configuration

Command History

Release	Modification
12.0(6)T	This command was introduced.
12.3(7)T	The transparent keyword was added.

Usage Guidelines

The default ISDN type and plan can be overridden with custom values on a per-number basis or for numbers that match regular expression patterns.

If you use the isdn map command to configure custom values for the ISDN type and plan, these values take priority over any other ISDN type and plan values. The order of precedence for ISDN type and plan values is as follows, beginning with the highest precedence:

•Type and plan values configured with the isdn map command.

•Type and plan values from voice translation rules specified with the rule (voice translation-rule) command.

•Values received in the H.225 SETUP messages.

•Values received from the ISDN originating gateway in raw messages.

Configuring the isdn map command with the transparent keyword results in raw messages received from the ISDN originating gateway receiving priority over H.225 SETUP messages. When the isdn map command is configured with thetransparent keyword, the order of precedence for ISDN type and plan values is as follows:

•Type and plan values configured with the isdn map command.

•Type and plan values from voice translation rules specified with the rule (voice translation-rule) command.

•Values received from the ISDN originating gateway in raw messages.

•Values received in the H.225 SETUP messages.

Examples

The following example overrides any plan and type used for any ISDN calls with a called or calling number that exactly matches 123:

interface serial1:23

 isdn map address 123 plan isdn type unknown 

The following example overrides any plan and type used for ISDN calls with a called or calling number that begins with the numerals 12:

interface serial1:23

 isdn map address 12.* plan data type subscriber

The following example matches any number that ends with the number 7:

interface serial1:23

 isdn map address .*7 plan data type subscriber

The following example reverses the precedence of ISDN type and plan values received from the ISDN originating gateway and from the H.225 SETUP message:

interface serial1:23

 isdn map address transparent

Related Commands

Command	Description
rule (voice translation-rule)	Defines a translation rule.

Cisco CME GUI Access

Post 8.0.2 you can no longer access the CME GUI through the CUE GUI. The workaround is to access this directly by going to:


http:///telephony_service.html

References:

http://uc500.com/en/cue-802-not-able-acces-cme
http://www.ciscosystems.com/en/US/docs/voice_ip_comm/unity_exp/rel8_0/rel_notes/rel_notes.html#wp339722 

CURL Notes

curl -a -o curltest.txt http://10.10.30.[1-30]

Cisco NTP Setup

NTP Setup Misc Notes
NTP Server to Use: time-a.nist.gov - 129.6.15.28
Other NTP Servers

http://www.cisco.com/en/US/docs/ios/12_1/configfun/configuration/guide/fcd303.html#wp1001151



http://www.cisco.com/en/US/tech/tk648/tk362/technologies_tech_note09186a00807ca437.shtml#configs

Cisco IOS Shortcuts - Moving Around

Moving the Cursor on the Command Line

Table 2 shows the key combinations or sequences you can use to move the cursor on the command line to make corrections or changes. Ctrl indicates the Control key, which must be pressed simultaneously with its associated letter key. Esc indicates the Escape key, which must be pressed first, followed by its associated letter key. Keys are not case sensitive. Many letters used for CLI navigation and editing were chosen to provide an easy way of remembering their functions. In Table 2characters are bolded in the "Function Summary" column to indicate the relation between the letter used and the function.

Table 2 Key Combinations Used to Move the Cursor 

Keystrokes	Function Summary	Function Details
Left Arrow orCtrl-B	Back character	Moves the cursor one character to the left. When you enter a command that extends beyond a single line, you can press the Left Arrow or Ctrl-B keys repeatedly to scroll back toward the system prompt and verify the beginning of the command entry, or you can press the Ctrl-A key combination.
Right Arrowor Ctrl-F	Forward character	Moves the cursor one character to the right.
Esc, B	Back word	Moves the cursor back one word.
Esc, F	Forward word	Moves the cursor forward one word.
Ctrl-A	Beginning of line	Moves the cursor to the beginning of the line.
Ctrl-E	End of line	Moves the cursor to the end of the command line.

From http://www.cisco.com/en/US/docs/ios/fundamentals/configuration/guide/cf_cli-basics.html

Cisco Single Number Reach (SNR)

Cisco Single Number Reach is a pretty neat feature. However, apparently you can't have the box pull calls back for delivery into the local VMB if you are using POTS connections. 

Here is the lab on SNR on the UC500 platform.

I ran into an unexpected issue with SNR that it would be great to see explained in the lab. If you are using POTS lines into FXO ports on your UC box and using an external number for the mobility destination (e.g. a cellphone), then the system will NOT be able to pull the call back in and send it to the CUE voicemail. On a cellphone, the call will end up in the remote voicemail if unanswered.

Reference post here and document here.

Relevant section from document:

Call forwarding of unanswered calls, configured with the cfwd-noan keyword in the snr command, is not supported for PSTN calls from FXO trunks because the calls connect immediately.

Notes and Reminders - Stuff to Look Into

Look into a Cisco config interpreter e.g. a language plugin file for Notepad ++


http://opensource-archive.org/showthread.php?t=91758
http://opensource-archive.org/showthread.php?t=116776


*Look into - Cisco Event Manager Commands
-Maybe use to log utilization locally.


process cpu threshold type total rising 70 interval 5 falling 40 interval 5

event manager applet capture_cpu_spike
 event snmp oid 1.3.6.1.4.1.9.2.1.56.0 get-type next entry-op ge entry-val "80" exit-time 10 poll-interval 1
 action 1.0  syslog msg "CPU Utilization is high"
 action 10.0 cli command "show ip traffic | append flash:cpuinfo2"
 action 2.0  cli command "en"
 action 2.1  cli command "terminal exec prompt timestamp2"
 action 3.0  cli command "show proc cpu sort | append flash:cpuinfo2"
 action 4.0  cli command "show proc cpu history | append flash:cpuinfo2"
 action 5.0  cli command "show proc cpu extended | append flash:cpuinfo2"
 action 6.0  cli command "show interfaces | append flash:cpuinfo2"
 action 7.0  cli command "show buffers input-interface FastEthernet0/0.1  packet | append flash:cpuinfo2"
 action 8.0  cli command "show buffers input-interface FastEthernet0/1 packet | append flash:cpuinfo2"
 action 9.0  cli command "show ip cef switch statistics feature | append flash:cpuinfo2"

Cisco IP Communicator

Hitting / on the number pad on your keyboard translates into a # in Cisco IP communicator. If you spend a lot of time working with Cisco phone systems and CIPC, you know how much time this will save you. If not, this is pretty useless info.

Now if I can just find a way to create profile files/shortcuts so I don't need to keep reconfiguring CIPC for every customer/site.

PS, doesn't seem to work in eyeBeam/X-Lite.

Cisco Regex and CLI Filters Misc

Not a fully formed note/post yet. Just some notes and links.

http://www.cisco.com/en/US/docs/ios/12_0t/12_0t1/feature/guide/cliparse.html#wp5286
http://hackathology.blogspot.com/2007/04/cisco-ios-cli-regular-expressions-part.html

http://hackathology.blogspot.com/2007/02/basic-cisco-ios-router-management-to.html
http://www.handsomeplanet.com/archives/7

Cisco VPN PSK Decryption

Had a customer today who needed their Cisco IPSec VPN pre-shared key. The problem is we didn't keep that information for their VPN account (only for our own) and the password is stored encrypted on the ASA.

I can reset their PSK easily, but then the other computers that are already deployed with the existing PSK will need to be reconfigured.

The Group Name, IP and PSK are all stored in a profile file (.pcf) on computers that are already configured. The PSK is encrypted. However, the encryption used for the PSK is very easily crackable.

Here's How:
1) Locate the profile (.pcf) file for your connection entry. This should be located at C:\Program Files\Cisco Systems\VPN Client\Profiles\ENTRYNAME.pcf.
2) Open the profile with a text editor.
3) Look for the line that begins with enc_GroupPwd=
4) Grab the string of characters that follow the = sign.
5) Input the characters into the Encrypted User/Group Password: field on this website.
6) Hit decode. Use the retrieved password to setup the remaining machines.

Here is an example of the encrypted password:
enc_GroupPwd=B54080BC72B142E7F537A9A2080C940D4B953BA6AE47C952C42C60C4C0EF69D6D8FA1E3E76038450E27724D29D851301CE97DF962667FD7A

Links:
http://coreygilmore.com/projects/decrypt-cisco-vpn-password/

Cisco CLI - Show Command Section Filter and Other CLI Shortcuts

One of the most useful Cisco show filters ever is the new(ish) section filter. This lets you view information from the section you specify. For example, show run | section include ephone  12 will return all the config lines in the running config which pertain to your ephone 12. The section command (like all Cisco show command filters) is case sensitive and doesn't allow tab completions or etc - you need to type exactly what you're looking for (or at least the beginning of what you're looking for).Note that per one site: "Cisco considers a section to be a line with no leading blank and includes all lines following it until the start of the next section."

! awesome. Now I don't have to filter through the config looking for the ephone  12 config.
2821#sh run | s i ephone  12
ephone  12
 device-security-mode none
 description Ryan IP Communicator
 video
 mac-address 0023.AE7F.0000
 type CIPC
 button  1:2 2:10
2821#

When I first start working on a router, I'll usually grab a copy of the running config and throw it into a txt file. Then I search through it for whatever I want. Once I find the relevant pieces, I'll copy them over to a new text file and prep the changes I want to make. Then I'll apply the changes to the router.

! term len 0 sets the terminal length to no pauses so you can get the complete config at once.
Rtr#term len 0
Rtr#sh run
! now do a copy all to clipboard from putty and paste into a text document. 

Verifying the changes is where the section filter can really be helpful. Rather than getting a complete new copy of the config and sifting through it, just do a sh run | s i whatever I'm looking for

. On major changes, I will always save the starting configs and the ending configs and compare them with WinMerge. However, the section command works very well to make sure everything is going well as I make each change.
 

So overall, the section command filter is a great shortcut. However, if you are looking for data on an interface, you should use show run interface . This method will allow for tabbed completions, abbreviations and isn't case sensitive so it is faster and better for this type of work than the section filter. It won't work with the variety of items that the section command will though. 

! annoying because I had to type this all the way out and even capitalize it correctly
2821#sh run | s i interface GigabitEthernet0/0
interface GigabitEthernet0/0
 no ip address
 duplex auto
 speed auto
 bridge-group 1

! less annoying - just do sh run int and use tab completion or abbreviations like you normally would.
2821#sh run int gigabitEthernet 0/0
Building configuration...

Current configuration : 92 bytes
!
interface GigabitEthernet0/0
 no ip address
 duplex auto
 speed auto
 bridge-group 1
end

2821#

Show Section Command Filter Links
http://www.cisco.com/en/US/docs/ios/12_3t/12_3t2/feature/guide/gtshfltr.html
http://www.techexams.net/forums/ccna-ccent/37408-show-run-section.html
http://cciepursuit.wordpress.com/2007/07/17/must-use-command-filtering-output-with-the-section-command/
http://www.nil.com/C1256F0A00429755/html/EnhanceIOSUI/
Cisco Documentation:

Command Reference

This section documents new commands. All other commands used with this feature are documented in the Cisco IOS Release 12.3 T command reference publications.

•show section

show section

To filter the output of a show command to match a given expression as well as any lines associated with that expression, use the show command section command in privileged EXEC mode.

show command | section [include | exclude] regular-expression

Syntax Description

command	Any Cisco IOS show command.
include	(Optional) Includes only the lines that contain a particular regular expression. This is the default keyword when none is specified.
exclude	(Optional) Excludes any lines that contain a particular regular expression.
regular-expression	Any regular-expression (text string) found in show command output.

Command Modes

Privileged EXEC

Command History

Release	Modification
12.3(2)T	This command was introduced.

Usage Guidelines

In many cases, it is useful to filter the output of a show command to match a specific expression. Filtering provides some control over the type and amount of information displayed by the system. The show section command provides enhanced filtering capabilities by matching lines in the show command output containing specific expressions as well as matching any entries associated with those expressions. Filtering is especially useful, for example, when displaying large configuration files using the show running-configuration command or the show interfaces command.

If the include or exclude keyword is not specified, include is the default.

If there are no associated entries for an expression, then only the line matching the expression is displayed.

Examples

The following examples compare the filtering characteristics of the show running-config | include command with the show running-config | section command. The first example gathers just the lines from the configuration file with "interface" in them.

Router# show running-config | include interface

interface Ethernet0/0 
interface Ethernet1/0 
interface Serial2/0 
interface Serial3/0

The next example uses the show command section command to gather the lines in the configuration file with "interface" in them as well as any lines associated with those entries. In this example, interface configuration information is captured.

Router# show running-config | section include interface

interface Ethernet0/0 
 shutdown 
 no cdp enable

interface Ethernet1/0 
 shutdown 
 no cdp enable 
interface Serial2/0 
 shutdown 
 no cdp enable 
interface Serial3/0 
 shutdown 
 no cdp enable

Related Commands

Command	Description
show append	Redirects the output of any show command and adds it to the end of an existing file.
show exclude	Filters show command output so that it excludes lines that contain a particular regular expression.
show include	Filters show command output so that it displays only lines that contain a particular regular expression.
show redirect	Redirects the output of any show command to a specified file.

Information About the Show Command Section Filter

The Show Command Section Filter feature enhances the functionality of the Cisco IOS CLI by filtering show command output matching a regular expression (text string) as well as filtering output associated with that expression. Prior to this enhancement, the level of filtering offered by the show command was limited to the individual lines of the output.

In many cases, it is useful to filter the output of a show command to match a specific expression. Filtering provides some control over the type and amount of information displayed by the system. With section filtering, show command output not only displays the individual entries matching the expression in the command output but also displays the section of entries associated with that expression.

Filtering is especially useful, for example, when displaying a large configuration file. In this case, it is helpful to display sections of the configuration file without having to enter multiple commands to gather the related configuration information.