Saturday, February 14, 2009

Fiber-Optics cable color-code



Color code, used in fiber optics, resembles that of copper. The major difference is 12-color sequence as oppose to 10-color for copper. The sequence of colors is the same, with addition of two colors - Rose (11-th) and Aqua (12-th).

In the high fiber count cables fibers are grouped in 6 or 12, and then the groups themselves are numbered. Therefore, the individual fiber's number equals the number of the group times 6 or 12 plus the number of the fiber in the group. The group size (6 fibers or 12) depends on the cable design and the total fiber count. Be aware that in cables with fiber count that is not a multiple of 12, especially those with more than 24 fibers, you can encounter both 6- and 12-fiber groups at the same time.

Groups of fibers can be designated in several different ways:
Fibers are housed inside of colored plastic tubes, all under the same outer jacket. In this case, colors of the tubes go in the same sequence as colors of the fibers: tube #1 - blue; tube #2 - orange and so on.
Fibers are helix-wrapped in colored threads or plastic ribbons. Same coloring scheme as above applies to the wraps.
Fibers have black stripes, one, two, three or even four. This is by far the most complicated tecnique. The stripes (or stripes pairs, triples etc.) are usually located about a foot (approx. 30 cm) from each other. So, you can't immediately tell what group the individual fiber belongs to. You would have to find the stripes, count them, and then decide what group number it is. If you can't find ANY stripes, it means that this fiber belongs to group one

There are also colors that designate the type of the optical fibers. It is not always followed by all manufacturers, and also, this code only applies to indoor cables: multimode fiber cables have orange jacket, and singlemode fiber cables have yellow.

Created by : Arun Kaushik at 11:57 PM

Thursday, February 12, 2009

8P8C Wiring


The most talked about EIA/TIA standard in data, voice is structured wiring. Here is the EIA568B standard, an ethernet cabling. The EIA568A standard is obselete.

Created by : Arun Kaushik at 1:20 PM

Wednesday, June 18, 2008

Use of Global Route-maps

Cisco IOS has a special feature called local policy routing, which permits to apply a route-map to local (router-generated) traffic. The first way we can use this feature is to re-circulate local traffic (and force it re-enter the router). Here’s an example. By default, locally-generated packets are not inspected by outgoing access-lists. This may cause issues when local traffic is not being reflected under relfexive access-list entries. Say with configuration like that:

!
! Reflect all "session-oriented" traffic
!
ip access-list extended EGRESS
permit tcp any any reflect MIRROR
permit icmp any any reflect MIRROR
permit udp any any reflect MIRROR
!
! Evalute the reflected entries
!
ip access-list extended INGRESS
evaluate MIRROR
permit ospf any any
!
interface Serial 0/0
ip address 54.1.1.6 255.255.255.0
ip access-group INGRESS in
ip access-group EGRESS out

You would not be able to telnet out of a router to destinations behind the Serial interface, even though TCP sessions are reflected in access-list. To fix the issue, we may use local-policy to force the local traffic re-enter the router and be inspected by outgoing access-list:

!
! Redirect local telnet traffic via the Loopback interface
!
ip access-list extended LOCAL_TRAFFIC
permit tcp any any eq 23
!
route-map LOCAL_POLICY 10
match ip address LOCAL_TRAFFIC
set interface Loopback0
!
! Traffic sent to Loopback interface re-enters the router
!
interface Loopback0
ip address 150.1.6.6 255.255.255.50

!
! Apply the local-policy
!
ip local policy route-map LOCAL_POLICY

With this configuration, local telnet session will re-enter the router and hit the outgoing access-list, thereby triggering a reflected entry. This same idea may be utilized to force CBAC inspection of locally-generated traffic, by since 12.3 there has been a special IOS feature to do this natively.

The other useful application of local policy routing is using it for traffic filtering. For example you may want to prohibit outgoing telnet sessions from local router to a certain destination:

ip access-list extended BLOCK_TELNET
permit tcp any host 150.1.1.1 eq 23
!
route-map LOCAL_POLICY 10
match ip address BLOCK_TELNET
set interface Null 0

!
! Apply the local-policy
!
ip local policy route-map LOCAL_POLICY

The syntax is somewhat similar to the vlan access-maps used on Catalyst switches, and similarly the route-map is applied “globally”, i.e. to all router traffic, going out on any interface. Note that you may use the same idea to block incoming session, simply by reversing entries in access-list. (e.g. “permit tcp any eq 23 host 150.1.1.1″). Best of all, with PBR you may apply additional criteria to incoming traffic, e.g. match packet sizes.

The last example is the use of local PBR to apply special treatment to management/control plane traffic - e.g. use different output interfaces for out-of-band management. With local PBR you may also apply special marking for control traffic, e.g. selectively assign IP precedence values. 

ip access-list extended MANAGEMENT_TRAFFIC
permit tcp any eq 23 any
permit tcp any eq 22 any
!
route-map LOCAL_POLICY 10
match ip address MANAGEMENT_TRAFFIC
set interface Serial 0/1
set ip precedence 7
!
ip local policy route-map LOCAL_POLICY

This exampls are very userful for real-world problems or mug it up at least for CCIE.

Created by : Arun Kaushik at 8:35 PM
Labels:

Sunday, February 3, 2008

OSS / BSS

Operations Support Systems (also called Operational Support Systems or OSS) are computer systems used by telecommunications service providers. The term OSS most frequently describes "network systems" dealing with the telecom network itself, supporting processes such as maintaining network inventory, provisioning services, configuring network components, and managing faults. The complementary term Business Support Systems or BSS is a newer term and typically refers to "business systems" dealing with customers, supporting processes such as taking orders, processing bills, and collecting payments. The two systems together are often abbreviated BSS/OSS or simply B/OSS.

The term OSS was historically used to include both network and business systems. It is still sometimes used in this sense, which can cause some confusion. When used in this way, the term OSS may be seen as inclusive of BSS. For more detail about the use of other terms such as "network management", see the section on architecture below.

OSS architecture

A lot of the work on OSS has been centred on defining its architecture. Put simply, there are four key elements of OSS:

  • Processes
    • the sequence of events
  • Data
    • the information that is acted upon
  • Applications
    • the components that implement processes to manage data
  • Technology
    • how we implement the applications

During the 1990's, new OSS architecture definitions was done by the ITU-T in its TMN model. This established a 4-layer model of TMN applicable within an OSS:

  • Business Management Level (BML)
  • Service Management Level (SML)
  • Network Management Level (NML)
  • Element Management Level (EML)

Business Support Systems (BSS) are the components that a telephone operator or telco uses to run its business operations. The term BSS is no longer limited to telephone operators offering mobile to fixed and cable services but also can apply to service providers in all sectors such as utility providers.

Typical types of activities that count as part of BSS are taking a customer’s order, managing customer data, managing order data, billing, rating, and offering B2B and B2C services. Business Support Systems are linked to Operational Support Systems (OSS) in the enhanced Telecom Operations Map (eTOM) that maps processes into the functional areas of Fulfilment, Assurance and Billing where Assurance is typically covered by OSS platform. BSS and OSS platforms are linked in the need to support various end to end services. Each area has its own data and service responsibilities.

Role of Business Support Systems

The role of Business Support Systems in a service provider is to cover 4 main areas:

  • Product Management
  • Customer Management
  • Revenue Management
  • Fulfillment Management


  • Product Management:

Product management supports the sales and management of products, offers and bundles to businesses and mass-market customers. Product Management regularly includes offering cross-product discounts, appropriate pricing and customer loyalty programmes.

  • Customer Management:

Service Providers require a single view of the customer and regularly need to support complex hierarchies across customer-facing applications. Customer Management also covers requirements for partner management and 24x7 Web-based customer self-service. Customer Management can also be thought of a full-fledge Customer Relationship Management systems implemented to help customer care agents handle the customers in a better and informed manner.

  • Revenue Management:

Revenue Management is a BSS focus on billing, charging and settlement, that can handle any combination of OSS services, products and offers. BSS Revenue Management supports OSS order provisioning and often partner settlement.

  • Fulfillment Management:

Fulfillment Management as part of assurance is normally associated with Operational Support Systems though Business Support Systems are often the business driver for Fulfillment Management and order provisioning.

TeleManagement Forum

Most recently the TM Forum (TMF) has developed a communications domain model that provides the basis for clarifying the distinction between OSS and BSS systems. As shown in the figure the BSS supports the more Customer Facing domains. Whereas the OSS supports the traditional Resource and Resource Facing Service domains.

In NGOSS, applications provide access to system capability, which can generally be categorized as either BSS or OSS. The capability offered by an application through its deployed components can be further categorized as shown in the figure. Business activities such as Fulfillment, Assurance & Billing will necessarily utilize BSS and OSS applications capability from each of the domains to support end-to-end process flows.

For example, problem handling activities (part of Assurance) inside a Service Provider define the interaction between the Customer, Product, Service, Resource and Supplier/Partner entities to resolve the reported incident/problem. As such, problem management applications are required to provide access to Customer, Product, Service, Resource and Supplier/Partner information in support of the problem handling activities that occur throughout the problem management process lifecycle.


Created by : Arun Kaushik at 7:36 PM
Labels:

Sunday, December 2, 2007

Timed Access List

Corp#config t
Corp(config)#time-range no-http
Corp(config-time-range)#periodic we?
Wednesday weekdays weekend
Corp(config-time-range)#periodic weekend ?
hh:mm Starting time
Corp(config-time-range)#periodic weekend 06:00 to 12:00
Corp(config-time-range)#exit
Corp(config)#time-range tcp-yes
Corp(config-time-range)#periodic weekend 06:00 to 12:00
Corp(config-time-range)#exit
Corp(config)#ip access-list extended Time
Corp(config-ext-nacl)#deny tcp any any eq www time-range no-http
Corp(config-ext-nacl)#permit tcp any any time-range tcp-yes
Corp(config-ext-nacl)#interface f0/0
Corp(config-if)#ip access-group Time in
Corp(config-if)#do show time-range
time-range entry: no-http (inactive)
periodic weekdays 8:00 to 15:00
used in: IP ACL entry
time-range entry: tcp-yes (inactive)
periodic weekend 8:00 to 13:00
used in: IP ACL entry
Corp(config-if)#
Created by : Arun Kaushik at 9:16 PM
Labels:

Tuesday, October 30, 2007

NMS

Tools

Various software tools are available to measure network traffic. Some tools measure traffic by sniffing and others use SNMP, WMI or other local agents to measure bandwidth use on individual machines and routers. However, the latter generally do not detect the type of traffic, nor do they work for machines which are not running the necessary agent software, such as rogue machines on the network, or machines for which no compatible agent is available. In the latter case, inline appliances are preferred. These would generally 'sit' between the LAN and the LAN's exit point, generally the WAN or Internet router, and all packets leaving and entering the network would go through them. In most cases the appliance would operate as a bridge on the network so that it is undetectable by users.

Measurement tools generally have these functions and features:

  • user interface (web, graphical, console)
  • real-time traffic graphs
  • network activity is often reported against pre-configured traffic matching rules to show:
    • local IP address
    • remote IP address
    • port number or protocol
    • logged in user name
  • bandwidth quotas
  • support for traffic shaping or rate limiting (overlapping with the network traffic control page)
  • support website blocking and content filtering
  • alarms to notify the administrator of excessive usage (by IP address or in total)

Some of the available tools include:

  • Exbander Precision by DBAM Syetsms
  • FireBeast is a software firewall that offers bandwidth management and traffic shaping.
  • Infosim supports all different network flow technologies such as Netflow, sFlow, jFlow, cFlow or Netstream.
  • PRTG runs on Windows, with graphical and web interfaces. It captures packets using Cisco Netflow or packet sniffing or uses SNMP to monitor bandwidth usages.
  • MRTG
  • Sandvine Intelligent Network Solutions measure and manage network traffic using Policy Traffic Switches
  • Cricket is a tool originally written for WebTV Networks.

The Netflow article also lists devices which generate and applications which analyse Cisco Netflow records.

RRDtool

RRDtool has a graph function, which presents data from an RRD in a graphical format which is customizable.

RRDtool has a graph function, which presents data from an RRD in a graphical format which is customizable

RRDtool is a round-robin database tool. It is designed to handle time series data like network bandwidth, temperatures, CPU load etc. The data is stored in round-robin database so that system storage footprint remains constant over time. It also includes tools to extract RRD data in a graphical format. RRDtool was written by Tobi Oetiker as a replacement for MRTG and it is licensed under the GNU GPL.


Multi Router Traffic Grapher

The Multi Router Traffic Grapher or just simply MRTG is free software for monitoring and measuring the traffic load on network links. It allows the user to see traffic load on a network over time in graphical form. It was originally developed by Tobias Oetiker and Dave Rand to monitor router traffic, but has developed into a tool that can create graphs and statistics for almost anything.
MRTG uses the Simple Network Management Protocol (SNMP) to send requests with two object identifiers (OIDs) to a device. The device, which must be SNMP-enabled, will have a management information base (MIBs) to lookup the OID's specified. After collecting the information it will send back the raw data encapsulated in an SNMP protocol. MRTG records this data in a log on the client along with previously recorded data for the device. The software then creates an HTML document from the logs, containing a list of graphs detailing traffic for the selected device.

Paessler Router Traffic Grapher


With PRTG bandwidth usage of a network can be monitored and classified using the three most common bandwidth data acquisition methods:

  • SNMP: Reads traffic counters of network devices like switches, routers and servers
  • Packet Sniffer: Looks at all data packets traveling through a network using the promiscuous mode and analyzes the network packets to find out the IP addresses, protocols, etc. of the source and target machine
  • Netflow: Analyzes Netflow protocol packets used mostly by Cisco routers

Using SNMP not only bandwidth usage but also many other network readings (e.g. CPU usages, disk usages, temperatures) can be monitored using SNMP OIDs.

The usage data is constantly recorded and the historic data can be analyzed e.g. with data tables for usage billing and graphs for trend analysis via a web server interface and in a Windows GUI.

PRTG was originally developed by Dirk Paessler when he discovered how much effort it is to install and configure MRTG on Microsoft Windows systems. More than 100.000 installations are currently active. A freeware version is available.

Created by : Arun Kaushik at 3:01 PM
Labels:

IPv4 Looking Glass Sites

If you know of a working IPv4 Looking Glass site that isn’t listed below, feel free to add it. Please only add sites that are true BGP looking glasses - pages that only allow ping and/or traceroute should not be included in this list.

Please correct any errors you find in this list. If a site is no longer responding, please change the “OK” in the Notes column to “FAILED” along with the date (mm/dd/yy). If the site becomes operational again, please change the “FAILED” message back to “OK”. If a site has been in “FAILED” status for over a month, it can be removed from the wiki.

Use the http://www.bgp4.net/lg URL if you wish to link to this page.

ASN

Provider
Link Notes
174

Cogent
http://cogentco.com/htdocs/glass.php OK
209

Qwest
http://stat.qwest.net/looking_glass.html OK
250

as250.net
http://as250.net/lg/ OK
286

KPN Eurorings
http://stats.eurorings.net/performance/lookingglass.html OK
286

KPN IAS
http://netcollect.kpn.net/looking-glass/index.phtml OK
378

ILAN
http://noc.ilan.net.il/LG/ OK
513

CERN
http://dxmon.cern.ch/cgi-bin/lg.cgi FAILED
553

BelWue
http://www.belwue.de/netz/lg.html OK
559

SWITCH
http://lg.lan.switch.ch/lg/lg.cgi OK
680

DFN
http://www.noc.dfn.de/cgi-bin/dfnnoc-lg OK
766

RedIRIS
http://www.rediris.es/red/lg/ OK
852

Telus
http://aurora.on.tac.net/ OK
1120

Vienna Internet eXchange
http://www.vix.at/cgi-bin/lg.cgi OK
1213

HEAnet
http://www.hea.net/cgi-bin/lg.cgi OK
1239

SprintLink
http://oxide.sprintlink.net/cgi-bin/glass.pl OK
1257

Tele2 Denmark
http://looking-glass.tele2access.dk/ OK
1273

Cable & Wireless
https://support.cw.com/?TESTDRIVE=1&LG=1 OK
1299

TeliaSonera
http://lg.telia.net/ OK
1653

SUNET
http://stats.sunet.se/looking-glass/lg.cgi OK
1741

FUNET/CSC
http://www.csc.fi/suomi/funet/noc/looking-glass/lg.cgi OK
1916

RNP
http://www.rnp.br/ip/lg OK
2110

EsatBT
http://lg.as2110.net OK
2128

INEX
https://www.inex.ie/lg/ OK
2493

Rogers Telecom
http://ops.rogerstelecom.net OK
2603

NORDUnet
http://www.nordu.net/connectivity/looking-glass/lg.cgi OK
2607

SIX - Slovak Internet eXchange
http://www.six.sk/lg.html OK
2764

Connect.com/AAPT
http://looking-glass.connect.com.au/ OK
2820

Elvis-Telekom
http://noc.telekom.ru/lg/ OK
2828

XO
http://xostats.xo.com/cgi-bin/xostats/diagtool-pub/bgp OK
3246

Song Networks
http://www.sn.net/lg/ OK
3255

Ukrainian Academic and Research Network UARNet
http://lg.uar.net/ OK
3257

Tiscali
http://www.ip.tiscali.net/lg/ OK
3267

RUNNet
http://noc.runnet.ru/lookingglass/index.htm OK
3277

RUSnet
http://lg.rusnet.ru/ OK
3292

TDC
http://noc.tele.dk/cgi-bin/lg.cgi OK
3303

Swisscom IP-Plus
https://my.ip-plus.net/nav.en.mpl/network/tools/LookingGlass/ OK
3308

Telia Networks (Danish Network)
http://lg.drift.telia.dk/cgi-bin/lg.cgi OK
3320

Deutsche Telekom
https://f-lga1.f.de.net.dtag.de/ OK
3327

Linxtelecom
http://lg.version6.net/ OK
3333

RIPE NCC RIS Project
http://www.ris.ripe.net/cgi-bin/lg/index.cgi OK
3343

RUNNet
http://noc.runnet.ru/lookingglass/index.htm OK
3344

Kewlio.net Ltd
http://www.as3344.net/lg/index.k OK
3356

Level3
http://lg.level3.net/ OK
3462

Taiwan IX
http://www.twix.net/probe/nmsprobe.html OK
3491

Beyond the Networks
http://looking-glass.pccwbtn.net/ OK
3549

Global Crossing
http://www.globalcrossing.com/network/network_looking_glass.aspx OK
3561

Savvis
http://as3561lg.savvis.net/lg.html OK
3602

Rogers Telecom
http://ops.rogerstelecom.net OK
3856

PCH (peering only routes from many exchange points)
http://lg.pch.net OK
4319

Cortland Networks
http://routing.cortland.com/lg OK
4538

CERNET
http://bgpview.6test.edu.cn/cgi-bin/querybgp.pl OK
4589

EasyNet
http://www.noc.easynet.net/network/lg/ OK
4628

Pacific Internet
http://noc.pacific.net.sg/looking-glass/ OK
4635

Hong Kong Internet eXchange
http://www.hkix.net/hkix/hkixlg.html OK
4670

Onse Telecom
http://nms1.shinbiro.com/lg.html OK
4765

PacNet
http://noc.pacific.net.sg/looking-glass/ OK
4766

KORNET
http://looking.kornet.net/looking/lookingView.jsp OK
4821

TerasNet
http://netmon.teras.net.id/cgi-bin/lg.pl OK
4841

Zonasa
http://looking-glass.zonasa.com/cgi-bin/lg.pl OK
5006

Onvoy
http://lg.onvoy.net/cgi-bin/bgplg OK
5056

netINS
http://rr.netins.net/lg/lg.cgi OK
5377

Taide
http://looking-glass.taide.net/ OK
5388

Energis
http://as5388.net/cgi-bin/lg.pl OK
5390

EuroNet
http://lg.euronet.nl/ OK
5400

BT - British Telecom
http://lg.bt.net/ OK
5408

Greek Research & Technology Network
http://netmon.grnet.gr/lg.shtml OK
5409

Toplink Plannet
http://lg.as12419.net/cgi-bin/lg.pl OK
5413

PIPEX
http://bgp.pipex.net/lg OK
5421

University of Sofia (Sofia, Bulgaria)
http://lg.uni-sofia.bg OK
5459

LINX - London InterNet eXchange
https://www.linx.net/www_public/our_network/network_tools/ OK
5511

OpenTransit
http://www.opentransit.net/lg.htm OK
5585

Israeli Internet eXchange
http://www.isoc.org.il/iix/2x_looking.html OK
5617

TPNET
http://lg.tpnet.pl/ OK
5650

Electric Lighwave
http://ptlduh00.eli.net/cgi-bin/spy.cgi OK
6315

XMission
http://stats.xmission.com/lg OK
6373

Opus One
http://www.opus1.com/www/looking.html OK
6395

Broadwing
http://lg.broadwing.net/looking/ OK
6453

Teleglobe
http://lg.teleglobe.net/ OK
6461

AboveNet
http://lg.above.net/ OK
6505

Equant Chile
http://www.equantpit.cl/lg/lg.pl OK
6509

CA*net 4
http://dooka.canet4.net/lg/lg.php OK
6661

P&T Luxembourg
http://www2.pt.lu/lg/ OK
6667

EUnet
http://www.eunetip.net/look.shtml OK
6695

DE-CIX
http://lg.de-cix.net/cgi-bin/index.cgi OK
6730

Sunrise
http://debby.sunrise.ch/lg/lg.cgi.html OK
6731

Comstar
http://noc.comstar.ru/lg/lg.html OK
6762

Seabone
http://etabeta.noc.seabone.net/cgi-bin/lg.pl OK
6772

Improware AG
http://stats.imp.ch/lg/lg.cgi OK
6802

NREN - Bulgaria
http://luna.acad.bg/lg OK
6886

INTS
http://noc.ints.net/trace/ OK
6939

Hurricane Electric
http://lg.he.net/cgi-bin/index.cgi OK
7474

Optus
http://looking-glass.optus.net.au/ OK
7543

Pacific Internet
http://mrtg.zipworld.net/zip-lg.html OK
7718

TransACT
http://looking-glass.transact.net.au OK
8001

Net Access
http://eng.nac.net/lookingglass/lg.html OK
8015

VISI
http://noc.visi.com/lg OK
8190

Viatel
http://lg.viatel.net/lg/lgform.cgi OK
8196

Claranet
http://lg.de.clara.net/ OK
8235

TIX - Zurich
http://looking-glass.tix.ch/cgi-bin/looking-glass.cgi OK
8258

ElVisti
http://www2.visti.net/lg/lg.html OK
8331

RiNet
http://lg.rinet.ru/ OK
8342

RTComm.RU (Rostelecom)
http://lg.rtcomm.ru/ OK
8343

Doris UA
http://noc.skif.net/lg/ OK
8402

Corbina Telecom
http://noc.corbina.net/usr-cgi/lg.pl OK
8422

NetCologne
http://plg.netcologne.de/lg/ OK
8437

United Telekom Austria
http://lg.net.uta.at/ OK
8493

Urbanet
https://noc.urbanet.ch/cgi-bin/lg.pl OK
8508

Silesian University of Technology, Computer Center
http://lg.silweb.pl OK
8515

DataForce
http://lg.df.ru/ OK
8563

DirectNet Telecom
http://isp.dn.ru/cgi-bin/lg.pl OK
8631

MSK-IX
http://www.msk-ix.ru/eng/glass/ OK
8657

Marconi Internet Direct
http://glass.cprm.net/cgi-bin/lg.cgi OK
8664

ICM
http://www.net.icm.edu.pl/lg/ OK
8672

Orbitel (Sofia, Bulgaria)
http://support.orbitel.bg/tech-support/looking-glass.cgi OK
8717

SpectrumNet (Sofia, Bulgaria)
https://spnet.net/admin/lookingglass.phtml OK
8736

Grapes Communications
http://noc.grapesnetservices.it/new_lg_p.html OK
8745

Bulgarian Academy of Sciences
http://www.bas.bg/lg/ OK
8758

Dolphins Network Systems
http://www.dolphins.ch/network/lg.en.php OK
8795

Mobikom (Sofia, Bulgaria)
http://home.mobikom.net/cgi-bin/nlg.pl OK
8851

Inweb Networks
http://lg.inweb.co.uk OK
8866

BTC Net (Sofia, Bulgaria)
http://www.btc-net.bg/lg1/lg.pl OK
8890

ICM
http://www.net.icm.edu.pl/lg/ OK
8903

BT Spain
http://vasili.bt.es/lg.html OK
9019

Datagrama
http://noc.datagrama.net/lg/ OK
9044

SolNet
http://stats.solnet.ch/looking-glass/lg.html OK
9070

ITD Net
http://netguard.itdnet.net/cgi-bin/clg.cgi OK
9120

Cohaesio A/S
http://lg.cohaesio.net/ OK
9127

NetIsSat (Sofia, Bulgaria)
http://www.netissat.bg/cgi-bin/lg.pl OK
9199

Renam
http://lg.renam.md/ OK
9202

ZaporozhSvyazServise
http://www.zssm.zp.ua:8101/cgi-bin/lg/lg.cgi OK
9370

Sakura Internet
http://as9370.bgp4.jp/ OK
9371

Sakura Internet
http://as9371.bgp4.jp/ OK
9443

Primus Telecom Australia
http://looking-glass.iprimus.net.au/lg OK
9607

BroadBand Tower - Japan
http://lg01.colo01.bbtower.ad.jp/ OK
9625

PacNet
http://noc.pacific.net.sg/looking-glass/ OK
9722

PIPE Networks (QLD)
http://www.pipenetworks.com/lg/ OK
9831

Unigate
http://lg.unigate.net.tw/ OK
9894

PIPE Networks (ACT)
http://www.pipenetworks.com/lg/ OK
11260

Eastlink
http://lg.eastlink.ca/ OK
11608

Accretive Networks
http://www.accretive-networks.net/lg.html OK
12294

Technological Systems JV
http://www.tsua.net/stor/lg.html OK
12336

NetBG (Sofia, Bulgaria)
http://www.netbg.com/lg/lg.pl OK
12369

UkrSat
http://support.ukrsat.com/stats/lg.html OK
12381

Widell.Net
http://widell.net/cgi-bin/nph-wlg OK
12412

DTR
http://lg.dtr.fr/ OK
12530

Golden Telecom
http://noc.kiev.sovam.com/lg.dhtml OK
12541

Cable & Wireless
https://support.cw.com/?TESTDRIVE=1&LG=1 OK
12593

UkrHub.net
http://lg.ukrhub.net/lg.html OK
12670

Completel
http://lg.completel.fr/ OK
12713

OTEGLOBE
http://www.nmc.oteglobe.net/cgi-bin/clg/lg.pl OK
12767

PragoNet
http://nms1.prago.net/public-cgi-bin/lg/lg.cgi OK
12859

Business Internet Trends
http://noc.bit.nl/traceroute/ OK
12867

Bulgaria Online (Sofia, Bulgaria)
http://gandalf.online.bg/look/ OK
12883

Ucomline
http://noc.ucomline.net/ OK
12897

HEAG MediaNet
http://lg.heagmedianet.de/ OK
12902

Luna.nl
http://noc.luna.nl/lg/ OK
12956

Telefonica
http://lg.ri.telefonica-data.net/cgi-bin/lg.pl OK
13030

Init Seven AG
http://www.init7.net/looking-glass/ OK
13092

Belgrade University Computer Centre
http://netis.rcub.bg.ac.yu/cgi-bin/LookingGlass/lg.pl OK
13105

LUKOIL-INFORM
http://noc.linia.ru/cgi-bin/lg.pl OK
13115

Home of the Brave
http://home.of.the.brave.de/Internet-Services/Looking_Glass/ OK
13193

Nerim
http://stats.nerim.net/nav/lg/ OK
13194

Bite GSM
http://www.tinklomatas.lt/LookingGlass/ OK
13237

Lambdanet Communications GmbH
http://portal.lambdanet.net:58080/ OK
13249

ITSystems ISP
http://lg.itsinternet.net/ OK
13268

Multicom Ltd
http://proxy.multicom.bg:88/cgi-bin/lg/lg.pl OK
13273

France Teaser
http://looking-glass.teaser.fr/ OK
13284

Brain Technology - Playnet - Italy
http://lg.playnet.it OK
13645

BroadbandONE / Host.net
http://lg.host.net OK
15389

Faroese Telecom
http://netcon.internet.fo/cgi-bin/lg.cgi OK
15396

ICM
http://www.net.icm.edu.pl/lg/ OK
15474

RHnet - Iceland University Research Network
http://www.rhnet.is/cgi-bin/nlg/lg.cgi OK
15497

ColoCall
http://noc.colocall.net/lg.html OK
15605

Lina.Net
http://lg.linanet.is/ OK
15645

Ukrainian Exchange UA-IX
http://lg.ix.net.ua/ OK
15658

INET Communications
http://www.inetcomm.net/lg.shtml OK
15687

Novo Nordisk IT A/S
http://traceroute.nnit.com/cgi-bin/bgp.cgi OK
15703

TrueServer
http://noc.trueserver.nl/cgi-bin/lg.pl OK
15744

Silesian University of Technology, Computer Center
http://lg.silweb.pl OK
15756

Caravan ISP
http://noc.caravan.ru/cgi-bin/lg.cgi OK
15772

WNet
http://support.wnet.ua/lg.php OK
15785

Teleport SV
http://lg.teleportsv.net/ OK
15837

MainzKom Telekommunikation GmbH
http://looking-glass.rhein-main-saar.net/ OK
15968

Netpilot
http://noc.netpilot.net/cgi-bin/lg/lg.pl OK
16215

Genotec Internet Consulting AG
http://lg.as16215.net/ OK
16260

XchangePoint
http://www.xchangepoint.net/tools/looking-glass.php OK
16265

LeaseWeb
http://noc.leaseweb.com/ OK
16397

.comDOMINIO
http://lg.comdominio.com.br OK
16422

NEWskies
http://www.newskies.net/lg/ OK
17175

NEWskies
http://www.newskies.net/lg/ OK
17557

Pakistan Internet Exchange
http://www.pie.net.pk/cgi-bin/lg.pl OK
17801

Pacific Internet (Ausbone)
http://mrtg.zipworld.net/glass.html OK
17999

PIPE Networks (SA)
http://www.pipenetworks.com/lg/ OK
18221

TSN Internet
http://looking-glass.tsn.cc OK
18398

PIPE Networks (NSW)
http://www.pipenetworks.com/lg/ OK
19214

Centauri Communications
http://lg.centauricom.com/lg/lg.cgi OK
20080

AMPATH
http://loadrunner.uits.iu.edu/~routerproxy/ampath/ OK
20485

TransTeleCom
http://lg.transtk.ru/ OK
20555

WSISiZ
http://noc.wsisiz.edu.pl/lg/lg.cgi OK
20657

Atlantis BG Ltd. (Sofia, Bulgaria)
http://www.atlantis.bg/index.php?id=238 OK
20685

Evrocom
http://www.evrocom.net/bg/support/lg.html OK
20766

Gitoyen
https://www.gitoyen.net/lg/ OK
20773

Hosteurope
http://latency.hosteurope.de/lg/ OK
20932

IP-MAN/SIG
http://lg.ip-man.net/ OK
20965

GEANT
http://stats.geant.net/lg/lgform.cgi OK
21083

N-IX
http://www.n-ix.net/lg.html OK
21131

Sacura Telecom
http://noc.cv.ua/glass.html OK
21142

PragoNet
http://nms1.prago.net/public-cgi-bin/lg/lg.cgi OK
21219

DataGroup (NewLine)
http://lg.newline.net.ua/ OK
21230

Mnet
http://lg.mnet.bg/ OK
21238

LIPEX
http://www.lipex.net/looking_glass/ OK
23504

Speakeasy
http://lg.speakeasy.net/ OK
23649

NEWskies
http://www.newskies.net/lg/ OK
23741

PIPE Networks (TAS)
http://www.pipenetworks.com/lg/ OK
23745

PIPE Networks (VIC)
http://www.pipenetworks.com/lg/ OK
24557

AussieHQ
http://looking-glass.aussiehq.net.au OK
24743

Snerpa
http://network.it.is/cgi-bin/lg.cgi OK
24770

UnixSol (Sofia, Bulgaria)
http://www.unixsol.org/lg OK
24796

NaMeX - Nautilus Mediterranean eXchange
http://www.namex.it/lg.php OK
24912

BiLiM Systems
http://noc.bilim-systems.net/cgi-bin/mrlg.cgi OK
24971

Master Internet
http://www.master.cz/lg OK
25358

NDSoftware
http://www.ip.ndsoftware.net/tools/lg.php OK
25409

Alsys Data SRL
http://cache.alsys.ro/index1.html OK
25462

ReTN
http://lg.retn.net/ OK
25528

Vodatel HR
http://lg.vodatel.hr OK
25560

rh-tec
https://noc.de.rh-tec.net/nmc/ OK
27552

TowardEX
http://www.twdx.net/ OK
27750

RedCLARA
http://www.noc.redclara.net/proxy/rserver.html OK
28681

Khmelnitsk Infocom
http://noc.ic.km.ua/cgi-bin/lg.cgi OK
28788

Unilogic Networks
http://noc.unilogicnetworks.net/lg/ OK
28809

Nauka-Svyaz
http://lg.naukanet.ru/ OK
28909

TV SAT NET (Sofia, Bulgaria)
http://www.tvsatbg.net/lg/ OK
28968

Eurasia Telecom
http://www.eut.ru/client/lg.html OK
29266

Danish Broadcast Corporation
http://lg.dr.dk/ OK
29327

Silvercom
https://noc.silvercom.net/lg/cgi-bin/lg.cgi OK
29329

NODEX
http://noc.nodex.ru/lg/ OK
29527

Othello Technology Systems Ltd.
http://www.as29527.net/lg/ OK
29587

Schedom
http://lg.schedom-europe.net/lg.cgi OK
29632

NetAssist
http://noc.netassist.kiev.ua/lg.php OK
29686

Probe Networks
http://probe-networks.de/lg/ OK
30653

Exobit Networks
http://noc.exobitnetworks.com/lg/lg.cgi OK
30890

Evolva Telecom
http://lg.evolva.ro OK
30975

Telewizja Kablowa Koszalin sp. z o. o.
http://sloniewski.pl/lg/ OK
31069

United Networks of Ukraine - Kharkov
http://www.unu.kharkov.ua/lg/ OK
31138

JSC Proekt
http://lg.iptk.ru/cgi-bin/lg.cgi OK
31203

Sharq Telekom
http://mrlg.st.uz OK
31554

RomNet altFEL
http://lg.romnet.org OK
31661

ComX Networks
http://lg.cxnet.dk/ OK
33843

interscholz Internet Services
http://noc.interscholz.net/lg/ OK
34043

Romania Internet Security Systems
http://lg.riss.ro/ OK
34115

Mapsolute
http://www.mapsolute.com/lg/lg.php OK
34159

Camel Network
http://camel.net.uk/lg/ OK
35320

EuroTransTelecom
http://lg.ett.com.ua/ OK
39180

MWSP Telecom
http://lg.mwsp.fr/ OK
39397

Az.StarNet
http://noc.simsiz.az/lg OK
41095

IPTP Networks
http://www.iptp.net/lg.php OK
41829

RegionSet
http://www.regionset.net/lg/ OK

http://www.bgp4.net/wiki/doku.php?id=tools:ipv6_looking_glasses for IPv6
Created by : Arun Kaushik at 2:17 PM
Labels:

Friday, October 26, 2007

Traceroute mac ip

Use the traceroute mac ip privileged EXEC command to display the Layer 2 path taken by the packets from the specified source IP address or hostname to the specified destination IP address or hostname.

traceroute mac ip {source-ip-address | source-hostname} {destination-ip-address | destination-hostname} [detail]

Syntax Description

source-ip-address

Specify the IP address of the source switch as a 32-bit quantity in dotted-decimal format.

destination-ip-address

Specify the IP address of the destination switch as a 32-bit quantity in dotted-decimal format.

source-hostname

Specify the IP hostname of the source switch.

destination-hostname

Specify the IP hostname of the destination switch.

detail

(Optional) Specify that detailed information appears.


For Layer 2 traceroute to function properly, Cisco Discovery Protocol (CDP) must be enabled on all the switches in the network. Do not disable CDP.

When the switch detects an device in the Layer 2 path that does not support Layer 2 traceroute, the switch continues to send Layer 2 trace queries and lets them time out.

The maximum number of hops identified in the path is ten.

The traceroute mac ip command output shows the Layer 2 path when the specified source and destination IP addresses are in the same subnet. When you specify the IP addresses, the switch uses Address Resolution Protocol (ARP) to associate the IP addresses with the corresponding MAC addresses and the VLAN IDs.

If an ARP entry exists for the specified IP address, the switch uses the associated MAC address and identifies the physical path.

If an ARP entry does not exist, the switch sends an ARP query and tries to resolve the IP address. The IP addresses must be in the same subnet. If the IP address is not resolved, the path is not identified, and an error message appears.

The Layer 2 traceroute feature is not supported when multiple devices are attached to one port through hubs (for example, multiple CDP neighbors are detected on a port). When more than one CDP neighbor is detected on a port, the Layer 2 path is not identified, and an error message appears.

This feature is not supported in Token Ring VLANs.

Examples

This example shows how to display the Layer 2 path by specifying the source and destination IP addresses and by using the detail keyword: 

Switch# traceroute mac ip 2.2.66.66 2.2.22.22 detail
Translating IP to mac .....
2.2.66.66 => 0000.0201.0601
2.2.22.22 => 0000.0201.0201

Source 0000.0201.0601 found on con6[WS-C2950G-24-EI] (2.2.6.6)
con6 / WS-2960-12T / 2.2.6.6 :
        Gi0/1 [auto, auto] => Gi0/3 [auto, auto]
con5 / WS-C2950G-24-EI / 2.2.5.5 :
        Fa0/3 [auto, auto] => Gi0/1 [auto, auto]
con1 / WS-C3550-12G / 2.2.1.1 :
        Gi0/1 [auto, auto] => Gi0/2 [auto, auto]
con2 / WS-C3550-24 / 2.2.2.2 :
        Gi0/2 [auto, auto] => Fa0/1 [auto, auto]
Destination 0000.0201.0201 found on con2[WS-C3550-24] (2.2.2.2)
Layer 2 trace completed.

This example shows how to display the Layer 2 path by specifying the source and destination hostnames: 

Switch# traceroute mac ip con6 con2
Translating IP to mac .....
2.2.66.66 => 0000.0201.0601
2.2.22.22 => 0000.0201.0201

Source 0000.0201.0601 found on con6
con6 (2.2.6.6) :Gi0/1 => Gi0/3
con5                 (2.2.5.5        )  :    Gi0/3 => Gi0/1
con1                 (2.2.1.1        )  :    Gi0/1 => Gi0/2
con2                 (2.2.2.2        )  :    Gi0/2 => Fa0/1
Destination 0000.0201.0201 found on con2
Layer 2 trace completed

This example shows the Layer 2 path when ARP cannot associate the source IP address with the corresponding MAC address: 

Switch# traceroute mac ip 2.2.66.66 2.2.77.77
Arp failed for destination 2.2.77.77.
Layer2 trace aborted.
Created by : Arun Kaushik at 6:45 PM
Labels:

Traceroute MAC

Use the traceroute mac privileged EXEC command to display the Layer 2 path taken by the packets from the specified source MAC address to the specified destination MAC address.

traceroute mac [interface interface-id] {source-mac-address} [interface interface-id] {destination-mac-address} [vlan vlan-id] [detail]

Syntax Description

interface interface-id

(Optional) Specify an interface on the source or destination switch.

source-mac-address

Specify the MAC address of the source switch in hexadecimal format.

destination-mac-address

Specify the MAC address of the destination switch in hexadecimal format.

vlan vlan-id

(Optional) Specify the VLAN on which to trace the Layer 2 path that the packets take from the source switch to the destination switch. Valid VLAN IDs are 1 to 4094.

detail

(Optional) Specify that detailed information appears.


For Layer 2 traceroute to function properly, Cisco Discovery Protocol (CDP) must be enabled on all the switches in the network. Do not disable CDP.

When the switch detects a device in the Layer 2 path that does not support Layer 2 traceroute, the switch continues to send Layer 2 trace queries and lets them time out.

The maximum number of hops identified in the path is ten.

Layer 2 traceroute supports only unicast traffic. If you specify a multicast source or destination MAC address, the physical path is not identified, and an error message appears.

The traceroute mac command output shows the Layer 2 path when the specified source and destination addresses belong to the same VLAN. If you specify source and destination addresses that belong to different VLANs, the Layer 2 path is not identified, and an error message appears.

If the source or destination MAC address belongs to multiple VLANs, you must specify the VLAN to which both the source and destination MAC addresses belong. If the VLAN is not specified, the path is not identified, and an error message appears.

The Layer 2 traceroute feature is not supported when multiple devices are attached to one port through hubs (for example, multiple CDP neighbors are detected on a port). When more than one CDP neighbor is detected on a port, the Layer 2 path is not identified, and an error message appears.

This feature is not supported in Token Ring VLANs.

Examples

This example shows how to display the Layer 2 path by specifying the source and destination MAC addresses: 

Switch# traceroute mac 0000.0201.0601 0000.0201.0201
Source 0000.0201.0601 found on con6[WS-C2960-12T] (2.2.6.6)
con6 (2.2.6.6) :Gi0/1 => Gi0/3
con5                 (2.2.5.5        )  :    Gi0/3 => Gi0/1
con1                 (2.2.1.1        )  :    Gi0/1 => Gi0/2
con2                 (2.2.2.2        )  :    Gi0/2 => Gi0/1
Destination 0000.0201.0201 found on con2[WS-C3550-24] (2.2.2.2)
Layer 2 trace completed

This example shows how to display the Layer 2 path by using the detail keyword: 

Switch# traceroute mac 0000.0201.0601 0000.0201.0201 detail
Source 0000.0201.0601 found on con6[WS-C2960-12T] (2.2.6.6)
C-12T / 2.2.6.6 :
        Gi0/2 [auto, auto] => Gi0/3 [auto, auto]
con5 / WS-C2950G-24-EI / 2.2.5.5 :
        Fa0/3 [auto, auto] => Gi0/1 [auto, auto]
con1 / WS-C3550-12G / 2.2.1.1 :
        Gi0/1 [auto, auto] => Gi0/2 [auto, auto]
con2 / WS-C3550-24 / 2.2.2.2 :
        Gi0/2 [auto, auto] => Fa0/1 [auto, auto]
Destination 0000.0201.0201 found on con2[WS-C3550-24] (2.2.2.2)
Layer 2 trace completed.

This example shows how to display the Layer 2 path by specifying the interfaces on the source and destination switches: 

Switch# traceroute mac interface fastethernet0/1 0000.0201.0601 interface fastethernet0/3
0000.0201.0201
Source 0000.0201.0601 found on con6[WS-C2960-12T] (2.2.6.6)
con6 (2.2.6.6) :Gi0/1 => Gi0/3
con5                 (2.2.5.5        )  :    Gi0/3 => Gi0/1
con1                 (2.2.1.1        )  :    Gi0/1 => Gi0/2
con2                 (2.2.2.2        )  :    Gi0/2 => Gi0/1
Destination 0000.0201.0201 found on con2[WS-C3550-24] (2.2.2.2)
Layer 2 trace completed

This example shows the Layer 2 path when the switch is not connected to the source switch: 

Switch# traceroute mac 0000.0201.0501 0000.0201.0201 detail
Source not directly connected, tracing source .....
Source 0000.0201.0501 found on con5[WS-C2960-12T] (2.2.5.5)
con5 / WS-C2960-12T / 2.2.5.5 :
        Gi0/1 [auto, auto] => Gi0/3 [auto, auto]
con1 / WS-C3550-12G / 2.2.1.1 :
        Gi0/1 [auto, auto] => Gi0/2 [auto, auto]
con2 / WS-C3550-24 / 2.2.2.2 :
        Gi0/2 [auto, auto] => Fa0/1 [auto, auto]
Destination 0000.0201.0201 found on con2[WS-C3550-24] (2.2.2.2)
Layer 2 trace completed.

This example shows the Layer 2 path when the switch cannot find the destination port for the source MAC address: 

Switch# traceroute mac 0000.0011.1111 0000.0201.0201
Error:Source Mac address not found.
Layer2 trace aborted.

This example shows the Layer 2 path when the source and destination devices are in different VLANs: 

Switch# traceroute mac 0000.0201.0601 0000.0301.0201
Error:Source and destination macs are on different vlans.
Layer2 trace aborted.

This example shows the Layer 2 path when the destination MAC address is a multicast address: 

Switch# traceroute mac 0000.0201.0601 0100.0201.0201
Invalid destination mac address

This example shows the Layer 2 path when source and destination switches belong to multiple VLANs: 

Switch# traceroute mac 0000.0201.0601 0000.0201.0201
Error:Mac found on multiple vlans.
Layer2 trace aborted.
Created by : Arun Kaushik at 6:43 PM
Labels:

Catalyst IOS Commands

snmp-server enable traps

Use the snmp-server enable traps global configuration command to enable the switch to send Simple Network Management Protocol (SNMP) notifications for various traps or inform requests to the network management system (NMS). Use the no form of this command to return to the default setting.

snmp-server enable traps [bridge [newroot] [topologychange] | cluster | config | copy-config | entity | envmon [fan | shutdown | status | supply | temperature] | flash | hsrp | ipmulticast | mac-notification | msdp | ospf [cisco-specific | errors | lsa | rate-limit | retransmit | state-change] | pim [invalid-pim-message | neighbor-change | rp-mapping-change] | port-security [trap-rate value] | rtr | snmp [authentication | coldstart | linkdown | linkup | warmstart] | storm-control trap-rate value | stpx [inconsistency] [root-inconsistency] [loop-inconsistency] | syslog | tty | vlan-membership | vlancreate | vlandelete | vtp]

no snmp-server enable traps [bridge [newroot] [topologychange] | cluster | config | copy-config | entity | envmon [fan | shutdown | status | supply | temperature] | flash | hsrp | ipmulticast | mac-notification | msdp | ospf [cisco-specific | errors | lsa | rate-limit | retransmit | state-change] | pim [invalid-pim-message | neighbor-change | rp-mapping-change] | port-security [trap-rate] | rtr | snmp [authentication | coldstart | linkdown | linkup | warmstart] | storm-control trap-rate | stpx [inconsistency] [root-inconsistency] [loop-inconsistency] | syslog | tty | vlan-membership | vlancreate | vlandelete | vtp]

Syntax Description

bridge [newroot] [topologychange]

(Optional) Generate STP bridge MIB traps. The keywords have these meanings:

newroot—(Optional) Enable SNMP STP Bridge MIB new root traps.

topologychange—(Optional) Enable SNMP STP Bridge MIB topology change traps.

cluster

(Optional) Enable cluster traps.

config

(Optional) Enable SNMP configuration traps.

copy-config

(Optional) Enable SNMP copy-configuration traps.

entity

(Optional) Enable SNMP entity traps.

envmon [fan | shutdown | status | supply | temperature]

Optional) Enable SNMP environmental traps. The keywords have these meanings:

fan—(Optional) Enable fan traps.

shutdown(Optional) Enable environmental monitor shutdown traps.

status—(Optional) Enable SNMP environmental status-change traps.

supply(Optional) Enable environmental monitor power-supply traps.

temperature(Optional) Enable environmental monitor temperature traps.

flash

(Optional) Enable SNMP FLASH notifications.

hsrp

(Optional) Enable Hot Standby Router Protocol (HSRP) traps.

ipmulticast

(Optional) Enable IP multicast routing traps.

mac-notification

(Optional) Enable MAC address notification traps.

msdp

(Optional) Enable Multicast Source Discovery Protocol (MSDP) traps.

ospf [cisco-specific | errors | lsa | rate-limit | retransmit | state-change]

(Optional) Enable Open Shortest Path First (OSPF) traps. The keywords have these meanings:

cisco-specific(Optional) Enable Cisco-specific traps.

errors(Optional) Enable error traps.

lsa(Optional) Enable link-state advertisement (LSA) traps.

rate-limit(Optional) Enable rate-limit traps.

retransmit(Optional) Enable packet-retransmit traps.

state-change(Optional) Enable state-change traps.

pim [invalid-pim-message | neighbor-change | rp-mapping-change]

(Optional) Enable Protocol-Independent Multicast (PIM) traps. The keywords have these meanings:

invalid-pim-message(Optional) Enable invalid PIM message traps.

neighbor-change(Optional) Enable PIM neighbor-change traps.

rp-mapping-change(Optional) Enable rendezvous point (RP)-mapping change traps.

port-security
[trap-rate value]

(Optional) Enable port security traps. Use the trap-rate keyword to set the maximum number of port-security traps sent per second. The range is from 0 to 1000; the default is 0 (no limit imposed; a trap is sent at every occurrence).

rtr

(Optional) Enable SNMP Response Time Reporter traps.

snmp [authentication | coldstart | linkdown | linkup | warmstart]

(Optional) Enable SNMP traps. The keywords have these meanings:

authentication(Optional) Enable authentication trap.

coldstart(Optional) Enable cold start trap.

linkdown(Optional) Enable linkdown trap.

linkup(Optional) Enable linkup trap.

warmstart(Optional) Enable warmstart trap.

storm-control trap-rate value

(Optional) Enable storm-control traps. Use the trap-rate keyword to set the maximum number of storm-control traps sent per second. The range is 0 to 1000; the default is 0 (no limit is imposed; a trap is sent at every occurrence).

stpx

(Optional) Enable SNMP STPX MIB traps. The keywords have these meanings:

inconsistency(Optional) Enable SNMP STPX MIB Inconsistency Update traps.

root-inconsistency(Optional) Enable SNMP STPX MIB Root Inconsistency Update traps.

loop-inconsistency(Optional) Enable SNMP STPX MIB Loop Inconsistency Update traps.

syslog

(Optional) Enable SNMP syslog traps.

tty

(Optional) Send TCP connection traps. This is enabled by default.

vlan-membership

(Optional) Enable SNMP VLAN membership traps.

vlancreate

(Optional) Enable SNMP VLAN-created traps.

vlandelete

(Optional) Enable SNMP VLAN-deleted traps.

vtp

(Optional) Enable VLAN Trunking Protocol (VTP) traps.


Defaults

The sending of SNMP traps is disabled.

Command Modes

Global configuration

snmp-server host

Use the snmp-server host global configuration command to specify the recipient (host) of a Simple Network Management Protocol (SNMP) notification operation. Use the no form of this command to remove the specified host.

snmp-server host host-addr [informs | traps] [version {1 | 2c | 3 {auth | noauth| priv}] [vrf vrf-instance] {community-string [notification-type]}

no snmp-server host host-addr [informs | traps] [version {1 | 2c | 3 {auth | noauth | priv}] [vrf vrf-instance] community-string

Syntax Description

host-addr

Name or Internet address of the host (the targeted recipient).

udp-port port

(Optional) Configure the User Datagram Protocol (UDP) port number of the host to receive the traps. The range is 0 to 65535.

informs | traps

(Optional) Send SNMP traps or informs to this host.

version 1 | 2c | 3

(Optional) Version of the SNMP used to send the traps.

These keywords are supported:

1—SNMPv1. This option is not available with informs.

2c—SNMPv2C.

3—SNMPv3. These optional keywords can follow the Version 3 keyword:

auth (Optional). Enables Message Digest 5 (MD5) and Secure Hash Algorithm (SHA) packet authentication.

noauth (Default). The noAuthNoPriv security level. This is the default if the [auth | noauth | priv] keyword choice is not specified.

priv (Optional). Enables Data Encryption Standard (DES) packet encryption (also called privacy).

Note The priv keyword is available only when the cryptographic (encrypted) software image is installed.

vrf vrf-instance

(Optional) Virtual private network (VPN) routing instance and name for this host.

community-string

Password-like community string sent with the notification operation. Though you can set this string by using the snmp-server host command, we recommend that you define this string by using the snmp-server community global configuration command before using the snmp-server host command.

notification-type

(Optional) Type of notification to be sent to the host. If no type is specified, all notifications are sent. The notification type can be one or more of the these keywords:

bridgeSend SNMP Spanning Tree Protocol (STP) bridge MIB traps.

clusterSend cluster member status traps.

config—Send SNMP configuration traps.

copy-configSend SNMP copy configuration traps.

entity Send SNMP entity traps.

envmonSend environmental monitor traps.

flashSend SNMP FLASH notifications.

hsrp—Send SNMP Hot Standby Router Protocol (HSRP) traps.

ipmulticast—Send SNMP IP multicast routing traps.

mac-notification—Send SNMP MAC notification traps.

msdp—Send SNMP Multicast Source Discovery Protocol (MSDP) traps.

ospf—Send Open Shortest Path First (OSPF) traps.

pim—Send SNMP Protocol-Independent Multicast (PIM) traps.

port-security—Send SNMP port-security traps.

rtr—Send SNMP Response Time Reporter traps.

snmp—Send SNMP-type traps.

storm-control—Send SNMP storm-control traps.

stpx—Send SNMP STP extended MIB traps.

syslog—Send SNMP syslog traps.

tty—Send TCP connection traps.

udp-port port—Configure the User Datagram Protocol (UDP) port number of the host to receive the traps. The range is from 0 to 65535.

vlan-membership— Send SNMP VLAN membership traps.

vlancreate—Send SNMP VLAN-created traps.

vlandelete—Send SNMP VLAN-deleted traps.

vtp—Send SNMP VLAN Trunking Protocol (VTP) traps.


Usage Guidelines

SNMP notifications can be sent as traps or inform requests. Traps are unreliable because the receiver does not send acknowledgments when it receives traps. The sender cannot determine if the traps were received. However, an SNMP entity that receives an inform request acknowledges the message with an SNMP response PDU. If the sender never receives the response, the inform request can be sent again. Thus, informs are more likely to reach their intended destinations.

However, informs consume more resources in the agent and in the network. Unlike a trap, which is discarded as soon as it is sent, an inform request must be held in memory until a response is received or the request times out. Traps are also sent only once, but an inform might be retried several times. The retries increase traffic and contribute to a higher overhead on the network.

If you do not enter an snmp-server host command, no notifications are sent. To configure the switch to send SNMP notifications, you must enter at least one snmp-server host command. If you enter the command with no keywords, all trap types are enabled for the host. To enable multiple hosts, you must enter a separate snmp-server host command for each host. You can specify multiple notification types in the command for each host.

If a local user is not associated with a remote host, the switch does not send informs for the auth (authNoPriv) and the priv (authPriv) authentication levels.

When multiple snmp-server host commands are given for the same host and kind of notification (trap or inform), each succeeding command overwrites the previous command. Only the last snmp-server host command is in effect. For example, if you enter an snmp-server host inform command for a host and then enter another snmp-server host inform command for the same host, the second command replaces the first.

The snmp-server host command is used with the snmp-server enable traps global configuration command. Use the snmp-server enable traps command to specify which SNMP notifications are sent globally. For a host to receive most notifications, at least one snmp-server enable traps command and the snmp-server host command for that host must be enabled. Some notification types cannot be controlled with the snmp-server enable traps command. For example, some notification types are always enabled. Other notification types are enabled by a different command.

The no snmp-server host command with no keywords disables traps, but not informs, to the host. To disable informs, use the no snmp-server host informs command.

Examples

This example shows how to configure a unique SNMP community string named comaccess for traps and prevent SNMP polling access with this string through access-list 10: 

Switch(config)# snmp-server community comaccess ro 10
Switch(config)# snmp-server host 172.20.2.160 comaccess
Switch(config)# access-list 10 deny any

This example shows how to send the SNMP traps to the host specified by the name myhost.cisco.com. The community string is defined as comaccess: 

Switch(config)# snmp-server enable traps
Switch(config)# snmp-server host myhost.cisco.com comaccess snmp

This example shows how to enable the switch to send all traps to the host myhost.cisco.com by using the community string public: 

Switch(config)# snmp-server enable traps
Switch(config)# snmp-server host myhost.cisco.com public
DefaultsThe default is to disable port security.

switchport port-security

Use the switchport port-security interface
configuration command without keywords to enable port security on the
interface. Use the keywords to configure secure MAC addresses, sticky
MAC address learning, a maximum number of secure MAC addresses, or the
violation mode. Use the no form of this command to disable port security or to set the parameters to their default states.

switchport port-security [mac-address mac-address [vlan {vlan-id | {access | voice}}] |
mac-address sticky [mac-address | vlan {vlan-id | {access | voice}}]] [maximum value [vlan
{vlan-list | {access | voice}}]]
no switchport port-security [mac-address mac-address [vlan {vlan-id | {access | voice}}] |
mac-address sticky [mac-address | vlan {vlan-id | {access | voice}}]] [maximum value [vlan

{vlan-list | {access | voice}}]]
switchport port-security [aging] [violation {protect | restrict | shutdown}]
no switchport port-security [aging] [violation {protect | restrict | shutdown}]

Syntax Description

aging 
 		 
 (Optional) See the switchport port-security aging command. 
 		 
   
 mac-address mac-address 
 		 
 (Optional) Specify a secure MAC address for the interface by entering a 48-bit MAC address. You can add additional secure MAC addresses up to the maximum value configured. 
 		 
   
 vlan vlan-id 
 		 
 (Optional) On a trunk port only, specify the VLAN ID and the MAC address. If no VLAN ID is specified, the native VLAN is used. 
 		 
   
 vlan access 
 		 
 (Optional) On an access port only, specify the VLAN as an access VLAN.  
 		 
   
 vlan voice 
 		 
 (Optional) On an access port only, specify the VLAN as a voice VLAN.  
 
 Note The voice keyword is available only if voice VLAN is configured on a port and if that port is not the access VLAN.  
 		 
   
 mac-address sticky [mac-address] 
 		 
 (Optional) Enable the interface for sticky learning by entering only the mac-address sticky keywords. When sticky learning is enabled, the interface adds all secure MAC addresses that are dynamically learned to the running configuration and converts these addresses to sticky secure MAC addresses. 
 
 (Optional) Enter a mac-address to specify a sticky secure MAC address.  
 		 
   
 maximum value 
 		 
(Optional) Set the maximum number of secure MAC addresses for the interface.The maximum number of secure MAC addresses that you can configure on a switch is set by the maximum number of available MAC addresses allowed in the system. For more information, see the sdm prefer global configuration command. This number represents the total of available MAC addresses, including those used for other Layer 2 functions and any other secure MAC addresses configured on interfaces. 
 
 The default setting is 1. 
 		 
   
 vlan [vlan-list] 
 		 
 (Optional) For trunk ports, you can set the maximum number of secure MAC addresses on a VLAN. If the vlan keyword is not entered, the default value is used. 
 
vlan—set a per-VLAN maximum value. 
 
vlan vlan-list—set a per-VLAN maximum value on a range of VLANs separated by a hyphen or a series of VLANs separated by commas. For nonspecified VLANs, the per-VLAN maximum value is used. 
 		 
   
 violation 
 		 
 (Optional) Set the security violation mode or the action to be taken if port security is violated. The default is shutdown. 
 		 
   
 protect 
 		 
 Set the security violation protect mode. In this mode, when the number of port secure MAC addresses reaches the maximum limit allowed on the port, packets with unknown source addresses are dropped until you remove a sufficient number of secure MAC addresses to drop below the maximum value or increase the number of maximum allowable addresses. You are not notified that a security violation has occurred. 
 
 Note We do not recommend configuring the protect mode on a trunk port. The protect mode disables learning when any VLAN reaches its maximum limit, even if the port has not reached its maximum limit. 
 		 
   
 restrict 
 		 
Set the security violation restrict mode. In this mode, when the number of secure MAC addresses reaches the limit allowed on the port, packets with unknown source addresses are dropped until you remove a sufficient number of secure MAC addresses or increase the number of maximum allowable addresses. An SNMP trap is sent, a syslog message is logged, and the violation counter increments. 
 		 
   
 shutdown 
 		 
Set the security violation shutdown mode. In this mode, the interface is error-disabled when a violation occurs and the port LED turns off. An SNMP trap is sent, a syslog message is logged, and the violation counter increments. When a secure port is in the error-disabled state, you can bring it out of this state by entering the errdisable recovery cause psecure-violation global configuration command, or you can manually re-enable it by entering the shutdown and no shut down interface configuration commands.

Created by : Arun Kaushik at 6:26 PM
Labels:
Subscribe to: Posts (Atom)