Cisco: Useful Cisco commands

There are a ton of useful Cisco commands that I do not use everyday but I still use often. This post is probably going to be one that gets updated frequently with new commands that I come across that I want to hold on to. So I am apologizing in advance in case this one gets a little messy. The actual Cisco command will be in bold lettering and in quotations.



Display Cisco stateful packet inspection session created becasue a policy map is applied on a specified zone pair - "show policy-map type inspect zone-pair sessions"


To show AnyConnect connected VPN users and their session info - "show vpn-sessiondb anyconnect"


To show that detailed status for active crypto sessions (i.e. VPN) - "show crypto session detail"

To delete a router config enter in the following command and reboot the router with out saving - "delete nvram:startup-config"


Here is how to create a LACP trunk on a Cisco switch:
"interface GigabitEthernet1/0/48
 switchport mode trunk
 channel-protocol lacp
 channel-group 2 mode active"


Cisco 4K routers NAT ACL's can not use a Permit IP  any any for the NAT overload statement. It has some issues with it, so you need to be more specific with the networks that it will be NAT'ing. For security reasons you should be specific anyways. By using a Permit IP any any NAT statement it will cause irregular behavior on the router, it very well may work but it also may just stop working.

"ip nat inside source list NAT interface GigabitEthernet0/0/0 overload
IP access-list extended NAT
 10 permit ip 10.1.1.0 0.0.0.255 any
 20 permit ip 10.1.2.0 0.0.0.255 any"

ShoreTel: Recording Audio from a Physical ShoreTel Voice Switch Port

You can capture audio output from a ShoreTel Voice Switch physical port using VxWorks commands. The audio output is save the the HQ or DVS server that controls the switch. This is great when you are trying to trouble shoot voice corruption or audio issues

1. From the Start menu, navigate to the Control Panel-->Administrative Tools and locate the IIS Manager
2. Right click on the IIS Manage and select Properties. Then enable the ability to write to the FTP server by selecting the Write checkbox and clicking OK
1. This enables the ability to write to the following director C:/inetpub/ftproot
2. You may also need to edit the permission fo the C:/inetpub/ftproot directory and give the users group write access
3. At the command prompt on the voice switch you would like to record from enter
1. Record2file2 (23, 45, "test") i.e I want to record a call on a T1 on port 23 for 45 seconds and save the file with the name of test.
2. The moment you press enter is when the recording will start
4. Go the the C:/inetpub/ftproot directory and pull the two files <NAME>rx.pcm and <NAME>tx.pcm to your desktop.
5. Using an audio editor (like Audacity or Cooledit) you will be able to listen and analyze the call
1. Import the PCM file to Audacity using the following options
1. File -> Import -> Raw Data
2. Signed 16-bit PCM
3. Big-endian
4. 1 Channel (Mono)
5. Sample Rate 8000 (8k)

Cisco: Copy a routers running config to a text file or flash drive

A lot of customers ask how they can pull a back up running configuration of their Cisco router. So here are the steps to do so.

1. Open Putty
2. On the left side select Logging under Session
3. Select the ratio button next to All Session Output
4. Press the Browse button and navigate to the location you wish to save the file and enter a file name in the file name field and click Save
   
5. Click on Session
6. In the Host name box enter the IP address of the device you want to connect to
7. Select Telnet, SSH or Serial ratio button under the Connection type
8. Click Open
   
9. If you are using SSH and this is the first time you are connecting to this device on this computer you maybe asked to save the RSA key. Click Yes
10. Enter your log in info to log into the router
11. Depending on your privilege level you may need to type in Enable to get into enable mode
12. Type Show run and press enter
13. Some of the configuration will be shown, press the Space bar to show more
    
14. Once all the configuration has been displayed type Exit and press enter
15. The Putty session should close
16. Browse to the location where you saved your file and change the extension to .txt
17. Open the file and verify that you see the device configuration.

To copy config to a flash drive

1. Insert flash drive into the router
2. At an enable prompt (shown by a # instead of a >)
3. enter the following command copy running-config usb0:running-config
4. remove the flash drive and close the putty session

Cisco: How to install Cisco AnyConnect

Here are some instructions on how to download and install the Cisco AnyConnect client to a PC.

1. Open a web browser and go to the IP address or URL for your VPN and make sure you use https to access it (i.e. https://vpn.anycompany.com)
2. If the ASA is using a self-signed certificate you will see a page that says this site is not secure. This is OK, just click on the Details link if your are using Edge or IE and if you are using Chrome click the advance button
   
3. Then click on the Go on to the webpage link if you are using Edge or IE and if you are using Chrome click on Proceed to
   
4. Select the correct group you belong to from the drop down (if there is one)
5. Enter the Username and Password that you should use to connect to the VPN
6. Click Login
   
7. Click the blue download bar for your OS version
   
8. Click on the Details link if your are using Edge or IE and if you are using chrome click the advance button
   
9. Click on the Go on to the webpage link if you are using Edge or IE and if you are using Chrome click on Proceed to
   
10. A download box will appear at the bottom of your screen and you can run the file or save it to your computer. I usually tell end users just to run it, so click Run
    
11. When prompted, install the AnyConnect Application
    
    
    
    
    
    
    
    
    
    
12. Start the Cisco AnyConnect client
1. Start=>All Programs=>Cisco=>Cisco AnyConnect Secure Mobile Client=>Cisco AnyConnect Secure Mobile Client
13. The AnyConnect connection box will appear
    
14. If on step 1 when you entered the URL in the web browser you saw that this is not a secure site please skip the section labeled Untrusted Servers
15. In the AnyConnect connection box enter in the IP address or URL that you typed into your browser in step one and Click Connect 
1. If you skipped down to the Untrusted server section you will see a security warning box once you click Connect that says this is an Untrusted server Click Connect Anyway
   
16. A box will appear; select the group that you belong to from the drop down if there is one
17. Enter in your username and password and click OK
    
18. When it is finished, you will see a box in the bottom right corner of your screen saying Connected
19. You can now close the web page as you have installed the AnyConnect VPN client and you are connected to the VPN
20. To disconnect from the VPN, right click on the AnyConnect icon that is in your system tray and choose VPN disconnect
    

Untrusted servers

1. Click the Gear in the bottom left corner
2. Click on the Preferences tab
3. Uncheck Block connections to untrusted servers
   
4. Click the X in the top right corner to close the window
5. Go back to step 15

Cisco: Right to use Licensing

Cisco Right to use licensing allows you activate a specific license type and level for cretin types of equipment. A lot of times when we order a Cisco AppX or SecK9 license for a router or do a RMA on a piece of equipment I do not always need to activate a license and just configure the license as Right to use. Here are some of the commands to configure a right to use license

Conf t
License accept end user agreement
Yes
License boot level <License_Level> (Enter in the license name, appx, securityk9, ect)
Write memory
License right-to-use move <License_Level>

Other useful licenses commands:

To see a list of licenses and to see what is currently in use you can use the "Show License" command
To disable the license from a device you can use the "No license feature <License_Level>" command

Polycom: Locate a Polycom phone's IP address (5000, 6000, 7000)

I work with Polycom phones on a regular basis but not regular enough to always remember how to find the IP address of the phone from the display. So here are the steps to find it.

1. From the Home/Menu, select Settings
2. Select Status
3. Select Network
4. Select TCP/IP Parameters

The screen should now show you the phones IP address, in addition to other info like the subnet mask and gateway.

ShoreTel: Configure Valcom PagePro VIP-201A with ShoreTel

So there is no documentation from ShoreTel that says the Valcom PagePro IP VIP-201A is supported. But I was able to get it to work by playing around with the settings. The VIP-201A is really just acting as a SIP extension. Now I do not have the exact steps to do this as I kinda lost track of them when I was working on this but here is a general outline of what I did.

1. Install the VIP-102B setup tool to access the device
2. You must first scan and find the device  (You should probably be on the same network as the device)
3. Statically assign an IP address to the device
4. Reboot the device
5.  Go to System -> Audio groups
6. Create the Audio Group you need and click OK
7. Go To System -> Audio Group Membership
8. Select the Audio Group in the Drop down that you want to use, Select what port it should be available to
9. Click Close
10. Go to the Channels tab
11. Select 1 through 4 and put in the dial code you want to use for it (leave the rest default)
12. Go to the SIP tab
13. Select you paging zones and fill out the info
1. Phone number - After you dial the ShoreTel SIP extension to access the Valcom box, you will hear a tone in the handset, Then dial this "Phone number" to select the paging zone you want to access.
14. Description
1. Authentication Name: Used for authentication with the ShoreTel SIP extension, you should use the ShoreTel extension Clientname
2. Secret: This is the SIP password on the SIP extension you are trying to use
3. SIP Server: Enter in the IP address of the ShoreTel switch that hosts the SIP proxy (this is not the ShoreWare Director Server)
15. Pre-Announce Tone: use this to know when to press the code for the paging zone
16. Audio Groups: Select the Audio Groups you want this dial code to access for paging
17. Configure each SIP tab as you need to, the authentication will be the same for each one
18. To save this config, go to File --> Save (This will save it to your PC)
19. Reboot the device
20. Check ShoreTel ShoreWare Director Telephones to see if the Valcom device is registered

Hopeful this will help you in your configuration!