Cisco IOS shell

Enable shell

Enable shell linux 

router(config)#shell processing full

show shell environment

router#sh shell environment
# Environment Variables:
# User Environment Variables:
?=1
# Global Environment Variables:
# Builtin Environment Variables:
PATH=CLI%Userfunctions%Builtins%SYSTEM
# Environment Functions:

# User Environment Functions:

# Global Environment Functions:

# Builtin Environment Functions:

Function namespace: DEFAULT
((              evaluate a numeric test expression


Function namespace: DEFAULT
[[              evaluate a logical test expression


Function namespace: DEFAULT
cat             output data from a pipe or file to the terminal


Function namespace: DEFAULT
cut             edit piped output


Function namespace: DEFAULT
echo            echo arguments to the terminal


Function namespace: DEFAULT
false           return false in while or if expressions, and set the result


Function namespace: DEFAULT
fetch           return values from the configuration database


Function namespace: DEFAULT
grep            search for regular expressions in piped output or files


Function namespace: DEFAULT
head            print the first lines in the input


Function namespace: DEFAULT
interface       print interfaces that match the argument


Function namespace: DEFAULT
let             evaluate a numeric expression, and set the result


Function namespace: DEFAULT
man             print information for builtins


Function namespace: DEFAULT
more            page piped output to the terminal


Function namespace: DEFAULT
nl              number the lines in the input


Function namespace: DEFAULT
null            ignore the input


Function namespace: DEFAULT
printf          output formatted data to the terminal


Function namespace: DEFAULT
read            read input into variables


Function namespace: DEFAULT
set_oper        set operational values


Function namespace: DEFAULT
sleep           pause execution of the terminal


Function namespace: DEFAULT
sort            sort the input


Function namespace: DEFAULT
tail            print the tail of the input


Function namespace: DEFAULT
true            return true in while or if expressions, and set the result


Function namespace: DEFAULT
uname           print system information


Function namespace: DEFAULT
wc              count lines, words, and chars

Example

router#sh int desc | grep up
Et0/0                          up             up
Et0/1                          up             up
Lo0                            up             up
NV0                            up             up
Tu0                            up             up

router#sh int desc | grep up | wc -l
4

 

 

 

Configure Route Leaking Between Global and VRF Routing with PBR

Diagram

Interface to Internet

interface Ethernet0/0
description Outside
ip vrf forwarding INTERNET
ip address 192.0.0.1 255.255.255.252

Interface Inside in the GRT (Global Routing Table)

interface Ethernet0/1
description Inside
ip address 192.168.1.254 255.255.255.0

Leaking default route to internet

ip route 0.0.0.0 0.0.0.0 Ethernet0/0 192.0.0.2

NAT configuration

ip nat inside source list NAT interface Ethernet0/0 overload
access-list NAT permit 192.168.1.0 0.0.0.255

PBR configuration

ip prefix-list PREF seq 5 permit 192.168.1.0/24
!
route-map PBR permit 10
  match ip address 101
  set global
!
access-list 101 permit ip any 192.168.1.0 0.0.0.255

interface Ethernet0/0
 ip policy route-map PBR

Verification

Router#sh ip nat translations
Pro Inside global Inside local Outside local Outside global
icmp 192.0.0.1:7 192.168.1.1:7 8.8.8.8:7 8.8.8.8:7

Router#sh ip policy
Interface      Route map
Ethernet0/0    PBR

Router#sh route-map
route-map PBR, permit, sequence 10
  Match clauses:
    ip address (access-lists): 101
  Set clauses:
    global
  Policy routing matches: 25 packets, 2850 bytes

 

 

 

BGP multipath with RR

The idea is to receive more than one path – i.e the best path calculate by the RR)

All routers are connected to the RR.

Extract of the configuration on the RR

router bgp 65000
bgp router-id 10.1.1.1
bgp log-neighbor-changes
bgp additional-paths select best 2
bgp additional-paths send
neighbor IBGP peer-group
neighbor IBGP remote-as 65000
neighbor IBGP update-source Loopback0
neighbor IBGP route-reflector-client
neighbor IBGP advertise additional-paths best 2
maximum-paths ibgp 2

The RR accepts two paths, and advertise additional paths on the same session.

Extract on one bgp client

router bgp 65000
bgp router-id 10.1.1.2
bgp log-neighbor-changes
neighbor 10.1.1.1 remote-as 65000
neighbor 10.1.1.1 update-source Loopback0
neighbor 10.1.1.1 next-hop-self
neighbor 10.1.1.1 additional-paths receive
maximum-paths ibgp 2

The client supports two paths and could receive more than one path from the same neighbor.

More information:

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_bgp/configuration/xe-16/irg-xe-16-book/bgp-additional-paths.html

OSPF Router-ID lookup

By default ospf display Router-ID like IP address.

It’s possible to change this behavior and replace by a name.

Before:

R1#sh ip ospf neighbor

Neighbor ID Pri State Dead Time Address Interface
10.0.31.31 0 FULL/ - 00:00:39 10.0.99.2 Ethernet0/1
10.0.130.130 0 FULL/ - 00:00:36 10.0.10.2 Ethernet0/2

After:

ip host R3 10.0.130.130
ip host R2 10.0.31.31


ip ospf name-lookup

R1#sh ip ospf neighbor

Neighbor ID Pri State Dead Time Address Interface
R2 0 FULL/ - 00:00:38 10.0.99.2 Ethernet0/1
R3 0 FULL/ - 00:00:36 10.0.10.2 Ethernet0/2

Of course, fix the router-id.

 

 

 

 

Cisco ASA ssh issue

Tested in version 9.6(1)

~# ssh admin@x.x.x.x
Unable to negotiate with x.x.x.x port 22: no matching key exchange method fouer: diffie-hellman-group1-sha1

First method:

 # ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 admin@x.x.x.x
admin@x.x.x.x's password:
Type help or '?' for a list of available commands.
ASA1/act/pri>

Second method:

ASA1/act/pri(config)# ssh key-exchange group ?

configure mode commands/options:
 dh-group1-sha1 Diffie-Hellman group 2
 dh-group14-sha1 Diffie-Hellman group 14

ASA1/act/pri(config)# ssh key-exchange group dh-group14

ASA1/act/pri(config)# wr

Disconnect and reconnect:

# ssh admin@x.x.x.x
admin@x.x.x.x's password:
Type help or '?' for a list of available commands.
ASA1/act/pri> en