Category Archives: IOS

Everything that is Cisco IOS specific is covered under this section. In particular, IOS bugs, workarounds, IOS behavior with regards to different Cisco proprietary and standardized technologies.

CDP entry wildcard match

Message of the Day: Every day is a lesson!

I just found that show cdp entry command supports wildcard search. I am a frequent user of this command, and it usually happens when I first execute show cdp neighbors to find a neighbor of interest, followed by a show cdp entry <name> to find its management IP address. I usually copy/paste the full name of the neighbor, until just now. A short example will tell you the rest…

SWITCH#sh cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
 S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,
 D - Remote, C - CVTA, M - Two-port Mac Relay

Device ID Local Intrfce Holdtme Capability Platform Port ID
SWITCH1 Gig 1/0/27 157 S I WS-C3750- Gig 2/0/1
SWITCH1 Gig 2/0/27 172 S I WS-C3750- Gig 1/0/1
SWITCH#show cdp entry SWI*
Device ID: SWITCH1
Entry address(es):
 IP address:
Platform: cisco WS-C3750-48P, Capabilities: Switch IGMP
Interface: GigabitEthernet1/0/27, Port ID (outgoing port): GigabitEthernet2/0/1
Holdtime : 155 sec

Version :
Cisco IOS Software, C3750 Software (C3750-IPSERVICES-M), Version 12.2(50)SE2, RELEASE SOFTWARE...
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Fri 15-May-09 19:41 by nachen

advertisement version: 2
Protocol Hello: OUI=0x00000C, Protocol ID=0x0112; payload len=27, value=00000000FFFFFFFF01...
VTP Management Domain: 'null'
Native VLAN: 10
Duplex: full
Management address(es):
 IP address:

Well, if you know that… ignore me, if not – welcome to the club of those who like to find about tiny and nice IOS features 🙂

Cisco IOS archive feature path variables

There’s something you might like.

Cisco IOS archive feature supports two variables that can be used to define path property. Those are $t for date/time and $h for hostname. Date/time format can be adjusted with service timestamps log command. Also, don’t forget to configure an appropriate timezone name and offset. Here’s an example.

service timestamps log datetime localtime show-timezone year
clock timezone EET 2
clock summer-time EEST recurring last Sun Mar 3:00 last Sun Oct 4:00
 log config
  logging enable
 path tftp://$h-$t

Read more …

Cisco IOS Management Plane Default QoS

Just an observation.

Cisco IOS routers and switches mark locally originated SSH and Telnet traffic with 802.1p = 6, DSCP = CS6 (48). That is, if you initiate an SSH session to the router, the returning traffic will have DSCP set to CS6. It’s a bit weird because Cisco IOS CLI states that default DSCP value for locally originated SSH packets is 0. Read more …

RSPAN and 802.1q Tags Limitation

I had to do a lot of traffic captures recently. Being a lazy guy and to avoid floor walking, I decided to use RSPAN on my Catalyst 3750 switches. I was able to collect a lot of useful data from the remote ports with except to one particular case – it’s when remote port was in a trunking mode configured to trust CoS. Although, I have changed Windows 7 registry settings to support Monitor Mode on Intel 82577LM Gigabit NIC, Wireshark was not able to see 802.1q headers of the remote frames captured from the trunk port. That driven me nuts before I understood the cause (tried to re-install NIC drivers, read Wireshark FAQ, tampered with Windows Registry).

It turned out to be a limitation of the RSPAN feature. Just quoting Cisco website:

For RSPAN, the original VLAN ID is lost because it is overwritten by the RSPAN VLAN identification. Therefore, all packets appear on the destination port as untagged.

Reasonable. You cannot use RSPAN to capture original Layer 2 headers. RSPAN forwards Layer 2 traffic to the remote switch via a trunk port and that requires to strip off the original Layer 2 headers, including 802.1q.

For more information refer to Cisco guides, i.e. Configure SPAN and RSPAN on Catalyst 3560.

Warning – MODE button!

You all know that fancy Mode button located on every single non-modular Catalyst switch (Cisco 3750/3560). It gives you a way to visualize switchports information – like duplex mode, speed, stack member, master switch, PoE status and so on. This magic button also provides you with the only available method to enter a recovery mode (if enable password had been lost). All these features are well known to any Cisco engineer – this is the basis of CCNA course that relates to L2/switches subject. Now, imagine another not-so-well-known feature which can put you in the middle of the nightmare… Read more …

CBAC and HTTP inspection IOS bug

I was doing some work for my friend recently. One of the requirements was to provide a local Internet breakout to the office. I ended up using Dynamic PAT, Static ACL (Inbound) and Content-Based Access Control or CBAC (Outbound). CBAC was configured to support Generic UDP and TCP protocols as well as HTTP, HTTPS, IMAP, POP3, SMTP, DNS, FTP and few others. Everything was working in line with the design with one strange exception. Read more …