Archive

Posts Tagged ‘err’

RANCID for interfaces err-disable

December 30, 2016 Leave a comment

*This script is for RANCID only.

  1. Edit the file /usr/local/rancid/bin/rancid
  2. Add the following line
     	{'show variables boot'		=> 'ShowBoot'},
     	{'show flash'			=> 'ShowFlash'},
     	{'show cdp neighbors detail'	=> 'ShowCDPNeighborsDetail'},
    +	{'show interfaces status err-disabled'	=> 'ShowStatErrDis'},
     	{'dir /all nvram:'		=> 'DirSlotN'},
     	{'dir /all bootflash:'		=> 'DirSlotN'},
     	{'dir /all slot0:'		=> 'DirSlotN'},
  3. Add the sub routine
    # A test routine for parsing the output of "show interfaces status err-disabled"
    +sub ShowStatErrDis {
    +    print STDERR "    In ShowStatErrDis: $_" if ($debug);	
    +
    +    while (<INPUT>) {
    +        tr/\015//d;
    +        last if (/^$prompt/);
    +        next if (/^(\s*|\s*$cmd\s*)$/);
    +        return(1) if /^\s*\^\s*$/;
    +        return(1) if /Line has invalid autocommand /;
    +        return(1) if /(Invalid input detected|Type help or )/;
    +        return(-1) if (/command authorization failed/i);
    +        # the pager can not be disabled per-session on the PIX
    +        if (/^(<-+ More -+>)/) {
    +            my($len) = length($1);
    +            s/^$1\s{$len}//;
    +        }
    +        ProcessHistory("COMMENTS","keysort","IO","!SISED: $_");
    +    }
    +    ProcessHistory("COMMENTS","keysort","IO","!\n");
    +    return(0);
    +}

Cisco: Detect rogue switches, block and auto recovery

December 7, 2011 Leave a comment

Detect rogue switches connected to Cisco switch:

cisco#configure terminal
cisco(config)#interface fastEthernet 0/1
cisco(config-if)# switchport port-security                                                    //enable port-security
cisco(config-if)#switchport port-security maxium 2                               //detect more than 1 MAC address
cisco(config-if)#switchport port-security violation shutdown            //shutdown the port
cisco(config-if)#switchport port-security aging time 1
cisco(config-if)#switchport port-security aging type inactivity
cisco#show port-security                                                                                     //show interfaces that has port-security enabled

 Port Auto recovery:

cisco#configure terminal
cisco(config)#errdisable recovery cause psecure-violation                 //enable auto recovery
cisco#show errdisable recovery | begin Interface                                    //show recovery status

Categories: Cisco, Switch Tags: , , , ,