Simple TCL Ping Script

Doing ping tests for lots of IP addresses can be tiring since you can't paste all the ping commands at the same time. You have to do it one at a time. All you need is Patience or you can opt for a TCL scripting language which is already available in Cisco IOS 12.2(25). At first, I thought you need to learn TCL scripting to be a CCIE but nah! :) All you need is the basics and if you are interested learning more about TCL you can click here. To access the tcl command line in Cisco router issue the "tclsh" command. For the ping script just modify the ip addresses what is shown below and it should be good.


foreach address {
1.1.1.1
2.2.2.2
3.3.3.3
4.4.4.4
5.5.5.5
6.6.6.6
} { puts [ exec "ping $address" ] }

The word "address" here is just a variable, you can substitute this with anything you want. Now lets try applying this to the Cisco router.


R0#tclsh
R0(tcl)#foreach address {
+>(tcl)#1.1.1.1
+>(tcl)#2.2.2.2
+>(tcl)#3.3.3.3
+>(tcl)#4.4.4.4
+>(tcl)#5.5.5.5
+>(tcl)#6.6.6.6
+>(tcl)#} { puts [ exec "ping $address" ] }

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/44/100 ms

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/27/56 ms

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/26/96 ms

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.4.4.4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/27/52 ms

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 5.5.5.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/27/96 ms

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 6.6.6.6, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/32/84 ms

How cool is that!!! This script can be useful when you are doing your CCIE lab exams as they say, when you want to verify that every subnet in your lab routers are reachable. You can try this in your own Dynamips lab. This should be safe to be done in the production routers but where I work, I doubt if this will be allowed by the company's IT policy. :P

BGP Local-AS

When configuring BGP, we usually use the "remote-as" command to specify the AS of the neighbor specified. The purpose of the "local-as" command is to spoof the neighbor router by advertising a different AS other than the real AS of the originating router. This command is very useful whenever there is an ISP merger, when one ISP purchases another. Let's say ISP1 purchases ISP 2 and wants it to belong to AS 12345. The customers of ISP2's routers should need to configure the new "remote-as" on their end because ISP2 will now be on AS12345. As a temporary solution, "local-as" command can be configured on the ISPs's router and still have a BGP adjancency without any changes on the customer side. To see how local-as functions, let's take the diagram below as an example.



Scenario: R2 used to belong to AS 250 and now is on AS 200.

First, let see what happens in the router is there is a "remote-as" mismatch on the neighbors.


R2#
*May 10 15:33:38.983: %BGP-3-NOTIFICATION: received from neighbor 192.168.12.1 2
/2 (peer in wrong AS) 2 bytes 00C8

This is because R1 is configured as "neighbor 192.168.12.2 remote-as 250" but R2 now belongs to AS 200. Lets configure "local-as" in R2.


R2#config t
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#router bgp 200
R2(config-router)#neighbor 192.168.12.1 local-as 250
*May 10 15:39:02.931: %BGP-5-ADJCHANGE: neighbor 192.168.12.1 Up neighbor 192.168.12.1

Now, adjacency is up! R2 "spoofed" its AS by sending AS 250 instead of AS 200. There is an option you can add to the local-as command. The "no-prepend" command. Before adding the option lets check "show ip bgp" output.


*May 10 16:29:49.119: %BGP-5-ADJCHANGE: neighbor 192.168.12.2 Up
R1#sh ip bgp
BGP table version is 55, local router ID is 11.11.11.11
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.1/32 0.0.0.0 0 32768 i
*> 2.2.2.2/32 192.168.12.2 0 0 250 200 i
*> 3.3.3.3/32 192.168.12.2 0 250 200 300 i
*> 11.11.11.11/32 0.0.0.0 0 32768 i
*> 22.22.22.22/32 192.168.12.2 0 0 250 200 i
*> 33.33.33.33/32 192.168.12.2 0 250 200 300 i

R2#sh ip bgp
BGP table version is 63, local router ID is 22.22.22.22
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.1/32 192.168.12.1 0 0 250 100 i
*> 2.2.2.2/32 0.0.0.0 0 32768 i
*> 3.3.3.3/32 192.168.23.3 0 0 300 i
*> 11.11.11.11/32 192.168.12.1 0 0 250 100 i
*> 22.22.22.22/32 0.0.0.0 0 32768 i
*> 33.33.33.33/32 192.168.23.3 0 0 300 i

R3#sh ip bgp
BGP table version is 35, local router ID is 33.33.33.33
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.1/32 192.168.23.2 0 200 250 100 i
*> 2.2.2.2/32 192.168.23.2 0 0 200 i
*> 3.3.3.3/32 0.0.0.0 0 32768 i
*> 11.11.11.11/32 192.168.23.2 0 200 250 100 i
*> 22.22.22.22/32 192.168.23.2 0 0 200 i
*> 33.33.33.33/32 0.0.0.0 0 32768 i

We notice that in the AS path, we can see AS 250. Lets check the routers after adding the "no-prepend" option.


R2(config-router)#neighbor 192.168.12.1 local-as 250 no-prepend
R1#sh ip bgp
BGP table version is 63, local router ID is 11.11.11.11
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.1/32 0.0.0.0 0 32768 i
*> 2.2.2.2/32 192.168.12.2 0 0 250 200 i
*> 3.3.3.3/32 192.168.12.2 0 250 200 300 i
*> 11.11.11.11/32 0.0.0.0 0 32768 i
*> 22.22.22.22/32 192.168.12.2 0 0 250 200 i
*> 33.33.33.33/32 192.168.12.2 0 250 200 300 i

R2#sh ip bgp
BGP table version is 79, local router ID is 22.22.22.22
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.1/32 192.168.12.1 0 0 100 i
*> 2.2.2.2/32 0.0.0.0 0 32768 i
*> 3.3.3.3/32 192.168.23.3 0 0 300 i
*> 11.11.11.11/32 192.168.12.1 0 0 100 i
*> 22.22.22.22/32 0.0.0.0 0 32768 i
*> 33.33.33.33/32 192.168.23.3 0 0 300 i

R3#sh ip bgp
BGP table version is 39, local router ID is 33.33.33.33
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.1/32 192.168.23.2 0 200 100 i
*> 2.2.2.2/32 192.168.23.2 0 0 200 i
*> 3.3.3.3/32 0.0.0.0 0 32768 i
*> 11.11.11.11/32 192.168.23.2 0 200 100 i
*> 22.22.22.22/32 192.168.23.2 0 0 200 i
*> 33.33.33.33/32 0.0.0.0 0 32768 i

R1 is not affected by the command, but R2 and R3 are. We can now see, that the AS 250 path is no longer included in the AS path. That's the purpose of the "no-prepend" command option, to hide that local-as configured from the other ebgp peers/ There is a "sub-option" however, for the "no-prepend" commands and that is the "replace-as" command. Lets see what it does.


R2(config-router)#neighbor 192.168.12.1 local-as 250 no-prepend replace-as

R1#sh ip bgp
BGP table version is 47, local router ID is 11.11.11.11
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.1/32 0.0.0.0 0 32768 i
*> 2.2.2.2/32 192.168.12.2 0 0 250 i
*> 3.3.3.3/32 192.168.12.2 0 250 300 i
*> 11.11.11.11/32 0.0.0.0 0 32768 i
*> 22.22.22.22/32 192.168.12.2 0 0 250 i
*> 33.33.33.33/32 192.168.12.2 0 250 300 i

R2#sh ip bgp
BGP table version is 71, local router ID is 22.22.22.22
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.1/32 192.168.12.1 0 0 100 i
*> 2.2.2.2/32 0.0.0.0 0 32768 i
*> 3.3.3.3/32 192.168.23.3 0 0 300 i
*> 11.11.11.11/32 192.168.12.1 0 0 100 i
*> 22.22.22.22/32 0.0.0.0 0 32768 i
*> 33.33.33.33/32 192.168.23.3 0 0 300 i

R3#sh ip bgp
BGP table version is 31, local router ID is 33.33.33.33
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.1/32 192.168.23.2 0 200 100 i
*> 2.2.2.2/32 192.168.23.2 0 0 200 i
*> 3.3.3.3/32 0.0.0.0 0 32768 i
*> 11.11.11.11/32 192.168.23.2 f0 200 100 i
*> 22.22.22.22/32 192.168.23.2 0 0 200 i
*> 33.33.33.33/32 0.0.0.0 0 32768 i

This command somehow affects R1 only, and what it does is it replaces AS 200 with AS 250 on the AS path.

Cisco Router as a DNS server

Not exactly like a DNS server that is hosted from a server and so on and so forth, the Cisco Router can act like a DNS server without the service stated above. It can even act as a proxy dns server, meaning forwarding the request to the upstream DNS server and cache the replies from the DNS server, so it can use the cache entries for other requesting hosts. We will only focus on the simple and practical configuration. I don't even know if this feature can be called a "DNS server" feature. :P If you have your own Dynamips Lab and has fixed ip addresses, it would be easier though to use hostnames when trying to ping devices. This can be achieved by the "ip host" command. It can be configured as the example below.


Router(config)#ip host R1 1.1.1.1
Router(config)#ip host R2 2.2.2.2
Router(config)#ip host R3 3.3.3.3
Router(config)#ip host R4 4.4.4.4

Let's do a ping test.



Router#ping R1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
...


Well, R1 now resolves to 1.1.1.1. There you have it, makes life easier! :P

Using Aliases in Cisco Routers

Cisco has long, frequently used commands like our favorites "show ip interface brief", "show ip route" and the annoying "do show" commands while in the global configuration mode. If you want the easy way, the good news is there is an easy way. Using aliases will save you some keystrokes. Here's the way to configure aliases. We will create aliases for the commands above and also be able to use the "show" command on the global configuration mode. "show ip interface brief" will be assigned with the alias "sib", "show ip route" will be "sir" and "do show" will be "show".


Router(config)#alias exec sib show ip interface brief
Router(config)#alias exec sir show ip route
Router(config)#alias configure show do show


Let's test if the alias commands really work.


Router#sib
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 unassigned YES unset administratively down down

Router#sir
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#show ip int brief
Interface IP-Address OK? Method Status Protocol

FastEthernet0/0 unassigned YES unset administratively down down

Well it did! Lets check what we will see in IOS help.


Router#s?
*s=show *sib="show ip interface brief" *sir="show ip route" sdlc
send set setup show
slip snasw squeeze ssh
start-chat systat

Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#s?
*show="do show" sap-priority-list scheduler scripting
secure security service sgbp
signaling-class sip-ua sna snasw
snmp snmp-server source-bridge srcp
standby state-machine stun su-mac
su-tag subscriber subscriber-policy subscription

Now we see the aliases we made and they have the preceeding asterisk before them. *s=show is the default alias in the router. Cool! Try other aliases in different modes, make your own aliases and just be creative!


Using Parser View In Cisco Routers

What exactly is a parser view? In simple terms, its like creating user accounts with certain filtering of commands. Parser views can be used to customize which command are allowed for a certain user depending on their privileges. Its simple to create parser views but doing the command filtering takes a while to learn.

Let's make a parser view called "user". One requirement needed is to enable first the "root" view. The hierarchy is similar to Unix/Linux wherein there should be a root. Secondly AAA must be enabled and thirdly, there should be an enable secret configured on the router.


Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#aaa new
Router(config)#aaa new-model
Router(config)#enable view root
Routerconfig)#enable secret cisco

It would need to be in the privilege exec mode to access the root view.


Router#sh parser view
No view is active ! Currently in Privilege Level Context
Router#enable view root
Password:
*May 2 00:50:51.283: %PARSER-6-VIEW_SWITCH: successfully set to view 'root'.

Router#show parser view
Current view is 'root'

Now from the root view, this is where we create all other views and define the commands that can be included or excluded per view.


Router(config)#parser view user
Router(config-view)#
*May 2 00:52:54.999: %PARSER-6-VIEW_CREATED: view 'user' successfully created.

We can set a password for the parser view "user".


Router(config-view)#secret cisco

Great! Our parser view is done. Lets say, we exclude the reload command for this view. Pretty dangerous if someone not authorize will reload the router!


Router(config-view)#commands exec exclude reload

Lets dissect what the command above does. The word command is literally for the commands allowed. "Exec" is for the privilege exec mode since reload is done on the mode and "reload" is basically the command itself. We can see its the same hierarchy as configuration.

For testing, we will go to parser view and try reloading the router.


Router#enable view user
Password:
Router#reload
^
% Invalid input detected at '^' marker.

Cool! Now reload command doesn't work on that mode anymore. I have my online hopping server which I configured with parser view so my friends won't do any cpu or performance intensive commands in the routers.


commands configure exclude aaa
commands exec include all telnet
commands exec include all write
commands exec include all traceroute
commands exec include all ping
commands exec include all enable
commands exec include all configure
commands exec include all send
commands exec exclude reload
commands exec exclude undebug ip packet
commands exec include undebug ip
commands exec exclude undebug all
commands exec include all undebug
commands exec include all show
commands exec include all set
commands exec exclude debug ip packet
commands exec include debug ip
commands exec exclude debug all
commands exec include all debug
commands configure exclude interface FastEthernet0/0

The router's behavior regarding parser view is that it adds command opposite to the one you excluded. Lets say for example "commands exec exclude debug ip packet". Since this command is excluded the undebug part also should be excluded. The router automatically generated this command "commands exec exclude undebug ip packet".

There you have it. Enjoy and try configuring some parser views.

Certifications

Certifications

The Dreamer

A fun loving person who enjoys learning new things. Currently working as a Network Engineer supporting the global network of a Fortune 500 company. This blog serves as my notes for the labs I created for my CCIE journey. I can guarantee there are errors in my posts. If you spot them, please let me know.

Join my Facebook Page I WANT TO BE A CCIE

Donate to the Cause

My aim is to create materials for free and possibly a free lab. If you wish to help out, please send any amount. Thanks.

Join my Bandwagon

Blogs that I Read