ASR 1001-X Show Transceiver

On our new ASR I was looking for a command similar to “show interface XXX transceiver”, but that didn’t exist.  Here is the command for the ASR:

To show transceiver hardware details:
#show hw-module interface g0/0/1 transceiver idprom

To show transceiver temp and light levels:
#show hw-module interface g0/0/1 transceiver status

Duo Security – HA Radius Servers

If you are using Duo Security MFA (great solution btw), you may want high-availability for your Duo Radius servers.  Duo doesn’t currently have a “supported” solution for this, but keepalived worked great after a quick call to support.  This is also assuming you have followed Duo’s instructions to install their radius server (found HERE)

Using Ubuntu 14.04, install keepalived (basic instructions: https://raymii.org/s/tutorials/Keepalived-Simple-IP-failover-on-Ubuntu.html)

Radius server #1 config:

vrrp_instance VIP_1 {
 state MASTER
 interface eth0
 virtual_router_id 100
 priority 101
 preempt_delay 30
 advert_int 1
authentication {
 auth_type PASS
  auth_pass password
  }
virtual_ipaddress  {
10.0.0.1 dev eth0
 }
}

Radius server #2 config:

vrrp_instance VIP_1 {
 state BACKUP
 interface eth0
 virtual_router_id 100
 priority 100
 preempt_delay 30
 advert_int 1
authentication {
 auth_type PASS
  auth_pass password
  }
virtual_ipaddress  {
10.0.0.1 dev eth0
 }
}

After this was completed, keepalived was up and running, and I could ping/ssh to the VIP. BUT, Duo was not responding to radius requests on the VIP!?  After trying several different options, I called into Duo Support to see if anything could be done.  The support engineer and I discovered that the “interface=” command in authproxy.cfg could be used to bind to an IP address other than the default eth0 address.  This is what I added to the top of the authproxy.cfg:

[main]
interface=10.0.0.1

[ad_client]
...etc

After I restarted the duoauthproxy service, radius requests completed successfully using the VIP and my HA solution is complete!  Testing shows 1-second failover times between both servers with keepalived.

View the VIP assigned to eth0:

ip addr show eth0

Active Directory Health Check

Migrated a DC and wanted to do some basic AD health checks.

From the cmd prompt (domain joined pc with sufficient privileges or on the DC):

Replication Info:

repadmin /replsummary
repadmin /showrepl

Query FSMO role holders, which should confirm that they are online:

netdom query fsmo

General Server Diagnosis:

dcdiag /a /s:<DC server name>

If you want the DC’s to force sync and see if there are any issues:

repadmin /syncall

Cisco Router Packet Capture and Export

I’ve recently had to troubleshoot some SIP calls going through a Cisco router (CUBE) and needed a way to capture the stream and view it easily.

To do this, you will need:

  1. CLI access to the router
  2. Wireshark installed on your PC
  3. tftp server installed on your PC (I used tftpd found here: LINK)

Here are the steps required:

Log into your router and create the capture policy:

ip traffic-export profile <name> mode capture
bidirectional

Assign the capture profile to the interface:

interface <interface>
ip traffic-export apply <name> size 20000000

Clear any data and start the export:

traffic-export interface <interface> clear
traffic-export interface <interface> start

Test your application (or in my case, a SIP call)

Once the test is complete, stop the export:

traffic-export interface <interface> stop

Export the captured traffic to your PC via tftp:

traffic-export interface <interface> copy tftp:

Use Wireshark to open the file, then click “Telephony” at the top and then “VoIP Calls” to analyze the SIP traffic

Also, if you want to send your logs (in case of a debug) to your PC via tftp, the command is:

show logging | redirect tftp://tftpserver/destinationfilename

Source: https://thevoiceman.wordpress.com/2014/11/28/ip-traffic-exporting-cube/

Cisco CUCM/CUBE SIP Troubleshooting

Some quick notes on troubleshooting tools in a Cisco SIP Call Manager environment:

Commands on the CUBE router:
show call active voice compact
debug ccsip messages
debug voip ccapi inout

Article on understanding SIP traces:
https://supportforums.cisco.com/document/113271/understanding-sip-traces

SIP call flows and troubleshooting:
https://supportforums.cisco.com/document/71131/basic-sip-call-flows-troubleshooting-commands

Using CUCM RTMT Session Trace:
http://www.ucguerrilla.com/2012/03/cisco-cucm-rtmt-session-trace.html

Using TranslaterX as an additional tool to Session Trace:
https://wiklunds.wordpress.com/2013/06/09/sip-traces-from-cucm-in-transla/

2 Hour Cisco Live breakout on SIP troubleshooting with CUCM and CUBE:
https://www.ciscolive.com/online/connect/sessionDetail.ww?SESSION_ID=6098&tclass=popup

Nexus C9372PX NX-OS Upgrade

Recently upgraded a pair of C9372PX switches with the following commands:

  1. Copy new .bin file over to switch
    copy scp://username@scpserverIPaddress//n9000-dk9.7.0.3.I1.2.bin bootflash:n9000-dk9.7.0.3.I1.2.bin
  2. Show the impact of installing the new version
    show install all impact nxos bootflash:n9000-dk9.7.0.3.I1.2.bin
  3. Install the new version
    install all nxos bootflash:n9000-dk9.7.0.3.I1.2.bin
  4. After you run the install, it will do the impact evaluation again and ask you to confirm installation
  5. Install took less than 5 minutes and then rebooted

The official Cisco install guide can be found HERE

Singlewire Informacast Upgrade

Upgraded from Informacast 9.0.2 to 9.1.1.  Upgrade was very simple and went smoothly following these instructions:

https://www.singlewire.com/help/advanced/cucm/Administer_the_Virtual_Appliance/Virtual_Appliance_Upgrade_Process/Install_New_Software_Package(s).htm

Observations:

  1. If you are doing this upgrade from a Windows client, download Putty PSCP and put it in the same directory as your .deb file you are copying over for step 2.
  2. During step 8, the web portal will be “blank”, but its working behind the scenes.  My install took approximately 5 minutes before showing the install package list