https://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect43/administration/guide/b_AnyConnect_Administrator_Guide_4-3/troubleshoot-anyconnect.pdf
Friday, 11 October 2019
Wednesday, 9 October 2019
anyconnect syslog ids for logon logoff
When user logs on: syslog# 716001
When user logs off: syslog# 716002
Wednesday, 14 August 2019
Thursday, 11 July 2019
web pages are slow to load
Had an issue where web pages were slow to load.
Couldn't see any issues on the network.
Had to look on the client to see the issue present itself.
We could see source and destination server were communicating in good time but the web page was taking a long time to display.
I compared our site load time with https://tools.pingdom.com/ (or any external connection)
In chrome go into developer tools and look on the network tab for the load time
I found the site was trying to load google analytics waiting 20 seconds sometimes.
I needed to allow the following URLs on port 443 to fix the issue
ssl.google-analytics.com
www.google.com
www.google-analytics.com
Couldn't see any issues on the network.
Had to look on the client to see the issue present itself.
We could see source and destination server were communicating in good time but the web page was taking a long time to display.
I compared our site load time with https://tools.pingdom.com/ (or any external connection)
In chrome go into developer tools and look on the network tab for the load time
I found the site was trying to load google analytics waiting 20 seconds sometimes.
I needed to allow the following URLs on port 443 to fix the issue
ssl.google-analytics.com
www.google.com
www.google-analytics.com
Thursday, 4 July 2019
ping response meanings from cisco devices
| ! | Each exclamation point indicates receipt of a reply. |
| . | Each period indicates the network server timed out while waiting for a reply. |
| U | A destination unreachable error PDU was received. |
| Q | Source quench (destination too busy). |
| M | Could not fragment. |
| ? | Unknown packet type. |
| & | Packet lifetime exceeded. |
Tuesday, 18 June 2019
copy file to switch with xmodem
un plug the switch
power it back on
hold the mode button in when you see xmodem is "available"
hold for about 3 seconds, and release, boot process should be interrupted. Its a bit different for each switch so google the model.
connect the console with minicom
set BAUD 115200
screen will freeze, close minicom
connect back like so
power it back on
hold the mode button in when you see xmodem is "available"
hold for about 3 seconds, and release, boot process should be interrupted. Its a bit different for each switch so google the model.
connect the console with minicom
set BAUD 115200
screen will freeze, close minicom
connect back like so
screen /dev/ttyUSB0 115200
copy xmodem: flash:/filename.bin
now press ctrl +a and then :
exec !! sx filename.bin
my file was located in /home/myuser
Some rommons can use TFTP which would be faster, you plug your
laptop lan -> mgmt port on sw set static IP on laptop (10.10.10.1) run tftpd server and drop ios in there set IP_ADDR 10.10.10.2/255.255.255.0 ping to verify emergency-install tftp://10.10.10.1/filename.bin
or
copy tftp:/filename.bin flash:
Thursday, 30 May 2019
PM-4-ERR_DISABLE link flap error detected when plugging in fibre on cisco switch
I was trying to connect two switches on different floors
lvl1 sw -> lvl2 sw
When I plugged in the fibre I could see the light was making it to the upstairs but when plugging the fibre cable into the switch on lvl2 the port was going into err-disable with the reason as link flap.
The cause of the issue was the wrong type of fibre cable was used in the fibre patch. Single mode cable was used. When my switch transceiver (10Gig-SR multimode) and fibre patches leads were OM3 multimode.
The core of single mode fibre is much narrower than multimode so they can't work together too much light (signal) is lost.
There are two fixes and both will probably cost you:
1 - re-run the fibre patch cables with multimode cable (OM3 or higher). Range is 300m so this is what is used inside most buildings. If you need a cable run longer then you have to use single mode.
2 - Buy single mode transceivers LRM and single mode patch cables. The single mode transceivers and cables are more expensive.
https://en.wikipedia.org/wiki/Single-mode_optical_fiber
lvl1 sw -> lvl2 sw
When I plugged in the fibre I could see the light was making it to the upstairs but when plugging the fibre cable into the switch on lvl2 the port was going into err-disable with the reason as link flap.
The cause of the issue was the wrong type of fibre cable was used in the fibre patch. Single mode cable was used. When my switch transceiver (10Gig-SR multimode) and fibre patches leads were OM3 multimode.
The core of single mode fibre is much narrower than multimode so they can't work together too much light (signal) is lost.
There are two fixes and both will probably cost you:
1 - re-run the fibre patch cables with multimode cable (OM3 or higher). Range is 300m so this is what is used inside most buildings. If you need a cable run longer then you have to use single mode.
2 - Buy single mode transceivers LRM and single mode patch cables. The single mode transceivers and cables are more expensive.
https://en.wikipedia.org/wiki/Single-mode_optical_fiber
Subscribe to:
Posts (Atom)