chat-script optus “” “ATDT*98#” TIMEOUT 30 “CONNECT”

interface Dialer0
bandwidth 384
ip address negotiated
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer idle-timeout 0
dialer string optus
dialer persistent
fair-queue 64 16 0
ppp authentication chap callin
ppp chap hostname connect
ppp chap password 0 connect
ppp ipcp dns request
ppp ipcp route default
ppp ipcp address accept

interface Cellular0/0/0
no ip address
ip virtual-reassembly
encapsulation ppp
dialer in-band
dialer pool-member 1

line 0/0/0
exec-timeout 0 0
script dialer optus
modem InOut
no exec

!Create the profile, “connect” is the APN check your provider for your plan

cellular 0/0/0 gsm profile create 1 connect


Troubleshooting commands:

Router#show cell 0/0/0 profile !profile should be ACTIVE

Router#show ip int br  !check if Dialer interface have IP address

!Enable debug if needed

#debug ppp negotiation

#debug ppp authentication

#debug chat

Posted by: manilageek | June 3, 2013

Intro to Cisco NX-OS

1.        No more hierarchical command, command can be issued anywhere.

2.        Create user roles and apply it to user accounts.

  • Show role
  • Show role feature
  • Show role feature-group
  • Creating a role
    • Conf t
    • Role name nxos
      • Rule 1 permit read
      • Rule 2 permit read-write feature cdp
      • Rule 3 permit command ping *
      • Rule 4 permit command conf t ; interface *
      • Interface policy deny
      • Permit interface Ethernet 2/1
      • End
    • Username rbac password rbacnxos123 role nxos

3.          Configuration rollback by creating Checkpoint (up to 10 checkpoint per VC)

  • Roolback running-config checkpoint nxos
  • Creating the Checkpoint
    • Checkpoint nxos
      • Processing the Request… Please Wait…..Done
  • Show checkpoint summary
  • Show checkpoint nxos
  • To rollback to a checkpoint
    • Rollback running-config checkpoint nxos

4.        Config session for dry run change before commit the configuration

  • Creating a new session
    • Conf session nxos
      • Ip access-list nxos
      • Permit tcp any
      • Permit tcp any
      • Int e2/3
      • Ip access-group nxos in
    • Verify  – Verification successful
    • Commit
    • Abort
  • Show configuration session        

5.          OSPF configuration – OSPF process is now attached to the interface.

  • It is now interface centric
  • Interface loopback 0
    • Ip add
  • Router ospf 1                     ! command failed because OSPF is not yet enabled
  • feature ospf                       ! to enable OSPF
  • router ospf 1
    • area 0 authentication message-digest
    • auto-cost reference-bandwidth 1000000
  • feature lacp                        !enabling port channel
    • int port-channel  1
      • ip address
      • no shut
    • int e2/1, e2/4-5
      • no shut
      • channel-group 1 mode active
    • show port-channel summary
    • int port-channel 1
      • description To Nexus core
      • ip ospf message-digest-key 1 md5 cisco
      • ip ospf hello-interval 2
      • ip ospf dead-interval 6
      • ip ospf network point-to-point
      • ip router ospf 1 area 0
      • no shut
    • int e2/2
      • description To cat6500
      • ip address
      • ip ospf message-digest-key 1 md5 cisco
      • ip ospf heloo-interval 2
      • ip ospf dead-interval 6
      • ip ospf netork point-to-point
      • ip router ospf 1 area 0
      • no shut
    • sh ip ospf neighbors

6.          State full process restart – it continuously check its software module.

  • Load bootflash:dd.plgin
    • Kill 6255
    • exit
  • sh process | i ospf
  • the neighbours doesn’t even know that the process restarted  

7.          Netflow – scalability, tcp flag

  • Feature netflow
  • Flow  record nxos-rec
    • Match ipv4 destination address
    • Match ipv4 source address
    • Match ip protocol
    • Collect transport tcp flags
    • Collect routing forwarding-status
  • Flow exporter nxos-exp
    • Description To NetFlow Collector X
    • Destination
    • Source loopback 0
    • Transport udp port 12345
    • Version 9
  • Flow monitor nxos-mon
    • Record  nxos-rec
    • Export nxos-exp
  • Interface e2/2
    • Ip flow monitor nxos-mon input
  • Sh system internal flow ip module 2

8.          Wireshark – Only for control plane packets

  • Ethanalyzer local interface mgmt brief limit-capture-frames 5 write bootflash:cap1

9.          VDC – Virtual Device Context (support 4 VDC)

  • Show vdc
  • Show vdc membership
  • Creating new VDC
    • Vdc pod2
    • Allocate interface e2/30-40
    • Ha-policy dual-sup restart single-sup restart   !bringdown, restart, switchover
    • Limit-resources vrf minimum 16 maximum 20
    • Limit-resource vlan minimum 16 maximum 32
    • Limit-resource port-channel minimum 0 maximum 0
    • Show vdc pud2 detail
    • Show vdc pod2 membership
    • Show vdc pod2 resource
  • Log-in to the new VDC
    • Switchto vdc pod2


Posted by: manilageek | May 30, 2013

Enable Netflow on 4500 Cisco Switch

#conf t

flow record NETFLOW_RECORD

match ipv4 protocol

match ipv4 source address

match ipv4 destination address

match transport source-port

match transport destination-port

collect interface input

collect interface output

collect counter bytes long

collect counter packets long

collect timestamp sys-uptime first

collect timestamp sys-uptime last


!destination is your SNMP server e.g. Orion

flow exporter NETFLOW_EXPORTER

destination 192.168.YY.XXX

source Vlan256

transport udp 2055

template data timeout 60



flow monitor NETFLOW_MONITOR



cache timeout active 60

cache entries 1000


!For Vlan1

vlan configuration 1

ip flow monitor NETFLOW_MONITOR input


!For Vlan100

Vlan configuration 100

ip flow monitor NETFLOW_MONITOR input

Posted by: manilageek | July 16, 2012

How to check Site to Site VPN on Cisco ASA Firewall

#show run crypto map                                  ! to check vpn crypto on running configuration

crypto map VPNMAP_Outside_1 2 match address XXXXX_IPSEC_ACL

crypto map VPNMAP_Outside_1 2 set peer

crypto map VPNMAP_Outside_1 2 set transform-set ESP-AES-256-MD5

crypto map VPNMAP_Outside_1 2 set security-association lifetime seconds 3600

crypto map VPNMAP_Outside_1 2 set nat-t-disable

crypto map VPNMAP_Outside_1 interface Outside-1

#show run access-list XXXXX_IPSEC_ACL

access-list XXXXX _IPSEC_ACL extended permit ip host object-group XXXXX_S2S_Resource

access-list XXXXX _IPSEC_ACL extended permit ip host object-group XXXXX_S2S_Resource-v02

#show run object-grou id XXXXX_S2S_Resource-v02

object-group network XXXXX_S2S_Resource-v02

 description XXXXX S2S VPN resources

 network-object host xx.xx.xx.190

 network-object host xx.xx.xx.193

 network-object host xx.xx.xx.196

#show vpn-sessiondb l2l             ! to check if VPN tunnel is up. On the output below we can see that tunnel is up but no received packets (Rx=0) from remote end.

Session Type: LAN-to-LAN

Connection         : XX.XX.XX.28

Index                    : 1                                           IP Addr : XX.XX.XX.28

Protocol               : IPSecLAN2LAN                                Encryption          : AES256

Hashing                                : MD5

Bytes Tx               : 200                                       Bytes Rx               : 0

Login Time          : 11:30:16 PHST Fri Jul…

Duration              : 0h:13m:14s

Filter Name        :

#show crypto ipsec sa    ! Encrypt packets are egress traffic and decrypt are ingress traffic. So base on the output below we are transmitting packets but not receiving since decrypt is equal to 0.

Interface: Outside-1

                Crypto map tag: VPNMAP_Outside_1, seq num:2, local addr: YY.YY.YY.8

                Access-list XXXXX_IPSEC_ACL extended permit ip host XX.XX.XX.17 hot CC.CC.CC.11

                Local ident…

                #pkts encap: 189, #pkts encrypt: 189, #pkts digest: 189

                #pkts decaps: 22, #pkts decrypt: 0, #pkts verify: 0

Posted by: manilageek | April 28, 2012

Dual ISP BGP Configuration

router bgp 65500
no synchronization
bgp log-neighbor-changes
network mask
network mask

neighbor remote-as 65500
neighbor version 4
neighbor next-hop-self
neighbor soft-reconfiguration inbound
neighbor filter-list 2 in
neighbor filter-list 1 out

neighbor remote-as 775
neighbor ebgp-multihop 5
neighbor update-source Loopback0
neighbor version 4
neighbor next-hop-self
neighbor soft-reconfiguration inbound
neighbor filter-list 3 out
no auto-summary

router bgp 65500
no synchronization
bgp log-neighbor-changes
network mask
network mask

neighbor remote-as 65500
neighbor version 4
neighbor next-hop-self
neighbor soft-reconfiguration inbound
neighbor filter-list 2 in
neighbor filter-list 1 out

neighbor remote-as 299
neighbor ebgp-multihop 5
neighbor update-source Loopback0
neighbor version 4
neighbor next-hop-self
neighbor soft-reconfiguration inbound
neighbor filter-list 3 out
no auto-summary

Posted by: manilageek | September 14, 2011

Netscreen Firewall High CPU Utilization issue:

(M)-> get perf cpu detail

Average System Utilization:  2%
Last 60 seconds from 09/07/2011 08:56:11:
59:  2    58:  2    57:  2    56:  2    55:  2    54:  2
53:  2    52:  2    51:  2    50:  2    49:  2    48:  2
Last 60 minutes:
59:  2    58:  3    57:  2    56:  2    55:  2    54:  2
53:  3    52:  1    51:  2    50:  2    49:  2    48:  3
Last 24 hours:
23:  2    22:  2    21:  2    20:  2    19:  2    18:  2
17:  2    16:  2    15:  2    14:  2    13:  2    12:  2

(M)->get perf cpu all detail

Average System Utilization: 55% (61  5)
Last 60 seconds:
59: 86(96  2)*** 58: 85(95  0)**  57: 86(96  2)*** 56: 85(95  0)**
55: 85(95  2)**  54: 86(96  0)*** 53: 86(96  2)*** 52: 86(96  0)***
Last 60 minutes:
59: 85(95  1)**  58: 85(95 24)**  57: 84(94  1)**  56: 84(94  1)**
55: 84(94  1)**  54: 84(94  1)**  53: 83(93  1)**  52: 83(93  1)**
Last 24 hours:
23: 44(48 10)    22: 66(74  1)*   21: N/A          20: N/A     
19: N/A          18: N/A          17: N/A          16: N/A     


  • A single asterisk  *  indicates the CPU is nearing a warning threshold.   It is marked when utilization is  ≥ 50%  &  ≤ 70%.
  • Double asterisks  **  indicates to the administrator that CPU is nearing a high level; the administrator should investigate the cause of why CPU is nearing this level.  It is marked when utilization ≥ 70% & ≤ 85%
  • Triple asterisks  ***  indicates the CPU utilization is high; the administrator should investigate the cause of why CPU is high.  It is marked when utilization is ≥ 85%.

Investigate what could be causing the High CPU:

(M)->get task


Task Name





Run Time

Lock Latency


100ms timer

IDLE (Suspend) 


30/ 0





1s timer 

IDLE (Suspend)


30/ 0





10s timer

IDLE (Suspend)


30/ 0





1s stimer 

BLOCK (Semaphore)


30/ 0




Issue the ‘get task’ command twice and take the difference between the run time for each ‘get task’ command to determine the delta Run Time. The task with the largest delta run time indicates the task that is occupying the most CPU cycles.  In the example below,  the task “av worker” has the greatest delta Run Time.

(M)->set fprofile packet enable
(M)->set fprofile packet start

By default, the profiling buffer is set to nowrap (unset fprofile packet wrap), so the packet profiling will auto stop when profiling buffer is full.

If the fprofile is set to wrap, press ESC or set fprofile packet stop (to stop packet profiling)

Display the output:
(M)->get fprofile packet
(M)->get fprofile packet ip
(M)->get fprofile packet none-ip
(M)->get fprofile packet ip proto


(M)-> get fprofile packet

packet buffer size(in kilo-packets): 64
total ip packet: 19089
total ip packet time(us): 1937221
total none-ip packet: 3386
total none-ip packet time(us): 119447
     Id  Type        Protocol    Source            Destination             Sport       Dport        Time  Percentage
      1  ip          0x11          49584         514      394811  19.19%
      2  ip          0x11            514         514       36852   1.79%

 (M)-> get fprofile packet ip

total entries: 3873
total time(usec): 1937221
     Id  Protocol    Source            Destination            Sport       Dport        Time  Percentage
      1  0x11          49584         514      394811  20.38%
      2  0x11            514         514       36852   1.90%

(M)-> get fprofile packet none-ip

total entries: 300
total time(usec): 119447
     Id  Protocol    Source                      Destination                       Time  Percentage
      1  0x0032      d0:d0:fd:d8:82:8a           00:0c:cc:cc:cd                   34803  29.13%
      2  0x8133      00:10:db:bc:ce:23           10:db:f0:f0:f0                   25664  21.48%
 (M)-> get fprofile packet ip proto
total entries: 6
total time(usec): 1937221
     Id  Protocol            Time  Percentage
      1  0x11              988848  51.04%
      2  0x06              812335  41.93%

Capture debugs:
Capture flow and tag debugs until the dbuffer fills up to 4Mb (normally it takes only a few seconds under heavy traffic to fill up the buffer).
Note:  Both the ‘debug tag info’ and ‘debug flow basic’ debug (run together) are most beneficial for analysis.

set db size 4096         ##set debug buffer to 4 meg
debug tag info           ##enter this if ISG or NS5000 device
debug flow basic      ##use with CAUTION; may cause higher CPU, so run only a few seconds during the high CPU
clear db                      ##clear debug buffer
                                    <wait a few seconds for buffer to fill up>
undebug all                ##to stop all debugs
get db stream > tftp   or get db stream     ##to view the debug output
unset db size                           ##to return the debug buffer to default size

Also Perform the following:

Session Table –  Check session table information to see the total number of sustained sessions and whether there are any session allocation failures. 

(M)-> get session info


Attacks – Check if the network is under any kind of attack or if there are a high number of packets getting processed by the screen options

(M)-> get counter screen zone
(M)-> get alarm event
(M)-> get log event


Posted by: manilageek | September 10, 2011

ASA Firewall High CPU Utilization Issue:

The firewall will start to experience problems if the CPU begins to reach 85%.
Possible Reason:
• High CPU utilization
• Poor system or throughput performance
• OSPF adjacencies or BGP peering is failing
• Device management is slower than normal
• Ping to the management interface times out
• Firewall is not passing traffic
• Packet drops
• The ‘in overrun’ counter (get counter stat) could increment.

# sh cpu usage
          CPU utilization for 5 seconds = 19%; 1 minute: 15%; 5 minutes: 13%

This is used to determine the traffic load placed on the PIX CPU. During peak traffic times, network surges, or attacks, the CPU usage can spike.

# sh xlate count
          6890 in use, 13009 most used

The show xlate count command displays the current and maximum number of translations through the PIX. A translation is a mapping of an internal address to an external address and can be a one-to-one mapping, such as Network Address Translation (NAT), or a many-to-one mapping, such as Port Address Translation (PAT). This command is a subset of the show xlate command, which outputs each translation through the PIX. Command output shows translations “in use,” which refers to the number of active translations in the PIX when the command is issued; “most used” refers to the maximum translations that have ever been seen on the PIX since it was powered on.

# sh processes cpu-usage
               PC Thread 5Sec 1Min 5Min Process
               00cf6d84 0166a258 0.0% 0.0% 0.0% emweb/cifs
               0010720c 0166a048 0.0% 0.0% 0.0% block_diag
               0022a147 01669c28 9.8% 9.2% 8.6% Dispatch Unit

The show processes command on the PIX displays all the active processes that run on the PIX at the time the command is executed. This information is useful in order to determine which processes receive too much CPU time and which processes do not receive any CPU time.

# sh traffic
               received (in 100786.464 secs):
               98694 packets 4539918 bytes
               0 pkts/sec 2 bytes/sec
               transmitted (in 100786.464 secs):
               5 packets 140 bytes
               0 pkts/sec 0 bytes/sec

The show traffic command shows how much traffic that passes through the PIX over a given period of time. The results are based on the time interval since the command was last issued. For accurate results, issue the clear traffic command first and then wait 1-10 minutes before you issue the show traffic command. You could also issue the show traffic command and wait 1-10 minutes before you issue the command again, but only the output from the second instance is valid.
You can use the show traffic command in order to determine how much traffic passes through your PIX. If you have multiple interfaces, the command can help you determine which interfaces send and receive the most data. For PIX appliances with two interfaces, the sum of the inbound and outbound traffic on the outside interface should equal the sum of the inbound and outbound traffic on the inside interface.

Posted by: manilageek | September 9, 2011

Netscreen Firewall Synchronization issue

To check issue command below:

#exec nsrp sync global-config check-sum
#get db str
               Warning: configuration out of sync
#get log sys reversely

Reasons for NSRP configuration to be out-of-sync:
1. Device configurations are not identical
         a. Making changes on the primary firewall and save while the backup is in reboot process
         b. NTP monitoring is configured on only one firewall
         c. Firewall has double quote “” on object definition
2. Root password is not identical
3. Each device in the cluster is using a different ScreenOS version
4. Interface configuration is not identical
         a. “Get interface” and “get system”
         b. To resolve “Add or remove extra cards”
5. ISG has IDP
To make the backup as the Master:
1. Adjust the NSRP priority
         a. set nsrp vsd-group id 0 priority 5 (master)
         b. set nsrp vsd-group id 0 priority 10 (backup)
2. Configure the preempt on the device to become master
         a. set nsrp vsd-group id 0 preempt
         b. set nsrp vsd-group id 0 preempt hold-down 10

How to Resolved sync issue:
1. #exec nsrp sync global-config save
             “Configuration modified, save?[y]/n”
             Press “N”
              “System reset, are you sure? y/[n]”
             Press “Y”
             The system will reboot

#unset all
             “Erase all system config, are you sure y / [n]?”
             Press the Y key.
             (The system configuration is returned to the factory default settings.)
             “Configuration modified, save? [y] / n”
             Press the N key.
             “System reset, are you sure? y / [n] n”
             Press the Y key.
The system reboots.
#set hostname NETFW01
Add HA link config:
#set interface “eth3/7” zone “HA”
#set interface “eth3/8” zone “HA”
#set nsrp cluster id 1
#set nsrp cluster name NetscreenFirewall
#set nsrp rto-mirror sync
#set nsrp vsd-group id 0
#set nsrp vsd-group id 0 priority 10

Note: if the interface doesnt goes up you need to manually set the interface duplex and speed by running the ff. command.
#set interface eth1/1 phy manual
#set interface eth2/2 phy manual
#exec nsrp sync global-config save (pause for a while)
             “Configuration modified, save? [y] / n”
             Press the N key.
             The following prompt appears: “System reset, are you sure? y / [n] n”
             Press the Y key.
             The system reboots.
Then, login to the Device on the root vsys:
#set interface ethernet2/2.1 manage-ip
#set interface ethernet2/2.1 manage ssh
#set interface ethernet2/2.1 manage snmp
#set interface ethernet2/2.1 manage ssl
#set interface ethernet2/2.1 manage ping
#exec nsrp sync global-config check-sum

Posted by: manilageek | August 10, 2011

Best totally free hard disk recovery software

I busted by external USB hard drive few weeks ago and thanks to “testdisk” a totally free open source disk recovery program; I was able to recover important files stored in it.

It’s not that user friendly because its doesn’t have a windows GUI interface but the DOS like is quite easy to follow and understand especially if you are exposed with linux systems.

I highly recommend this software for HDD recovery and corrupted files/disk issues.

Posted by: manilageek | August 9, 2011

How to check Site to Site VPN tunnel on Cisco ASA firewall

VPN1#sh vpn-sessiondb detail l2l filter ipaddress 144.X.X.X

Session Type: LAN-to-LAN Detailed

Connection : 144.X.X.X
Index : 86 IP Addr : 144.X.X.X
Protocol : IPSecLAN2LAN Encryption : 3DES
Hashing : MD5
Bytes Tx : 81737101 Bytes Rx : 20614625
Login Time : 17:25:05 CST Sun Aug 7 2011
Duration : 12h:34m:02s
Filter Name :

IKE Sessions: 1
IPSec Sessions: 1

Session ID : 1
UDP Src Port : 500 UDP Dst Port : 500
IKE Neg Mode : Main Auth Mode : preSharedKeys
Encryption : 3DES Hashing : SHA1
Rekey Int (T): 86400 Seconds Rekey Left(T): 41159 Seconds
D/H Group : 2

Session ID : 2
Local Addr : 165.Y.Y.Y/
Remote Addr :
Encryption : 3DES Hashing : MD5
Encapsulation: Tunnel
Rekey Int (T): 28800 Seconds Rekey Left(T): 8039 Seconds
Rekey Int (D): 4608000 K-Bytes Rekey Left(D): 4569887 K-Bytes
Bytes Tx : 81737101 Bytes Rx : 20614625
Pkts Tx : 80681 Pkts Rx : 69776

Note: check if you have “Bytes Tx and Rx” this means your tunnel is active and data packets are passing into it. You can also check the “Duration” this is the tunnel uptime.

Older Posts »