Category Archives: cisco

Cisco ACE context erasing

One of the most annoying things I found out about the ACE module was that I couldnt just ‘write erase’ a context from within it. For example, lets say I just wanted to erase the current config and paste in a new one because of massive changes or I’ve got a test context that changes a lot etc….well I couldnt find an easy way to do it.

What I do now to overcome this is use checkpoints. When I create a brand new context; the first thing I do is create a checkpoint – a blank one:

checkpoint create blankcontext

Then, paste in your new config and if its stable then create a new checkpoint. Checkpoints are also useful for instant rollbacks of any changes – just create a new checkpoint whenever you are about to make changes.

Having the blank checkpoint has come in handy a few times. Note that checkpoints are only visible within the same context – so you need to create them in multiple contexts as appropriate.

Call Manager 7 – admin password recovery

I had a vm for cucm7.1(3) that I’d had off for a while – and I needed to fire it up again for some lab testing. Of course, my usual set of passwords didnt work to get into the thing. So, at the console of the vm, I did the following:

1. Login at the console using username: pwrecovery  password: pwreset.

2. Edit the vm’s settings to ensure no cdrom images or physical cdroms are connected.

3. Follow the prompts, and re-enable the call manager iso image in the cdrom drive when prompted to ‘insert the cdrom’. Its basically asking for the call manager install media.

This resets the user admin account to ‘admin’ with a new password you specify.

VLAN groups for fwsm and ace on 6513

With the data centre move, I took the opportunity to clean up some of the 6513 config which had got out of control.

The original groupings looked all over the place:

svclc vlan-group 1 27,28,40,76
svclc vlan-group 2 44,45,48
svclc vlan-group 42 42
svclc vlan-group 43 43
svclc vlan-group 400 402
svclc vlan-group 427 427,428
svclc vlan-group 500 527,528,544,545,548
svclc vlan-group 600 612,614,618,620,621,622,623,624,625,626,628,632,636,699
svclc vlan-group 602 602
svclc vlan-group 700 720,721,724,725,732
svclc vlan-group 990 996,997
svclc vlan-group 999 9,999
svclc module 2 vlan-group 2,43,400,427,500,600,602,700,999,
firewall module 1 vlan-group 1,42,427,428,600,990,999,

….YUK. However I decided to break the FWSM and ACE’s visible vlans into groups with more meaning; specifically:

Group 1 = specific to FWSM
Group 2 = common to both
Group 3 = specific to ACE

In the end the config gets cleaned up and looks like:

svclc vlan-group 1 27,28,40,42,76,612,614,618,622,623,626,628,636,699,996,997
svclc vlan-group 2 9,427,428,620,621,624,625,632,999
svclc vlan-group 3 43,44,45,48,402,527,528,544,545,548,602,720,721,724,725,732

firewall module 1 vlan-group 1,2
svclc module 2 vlan-group 2,3

…much better ! A few of the other commands that got me out of a few dramas:

firewall autostate
firewall multiple-vlan-interfaces
svclc autostate
svclc multiple-vlan-interfaces

(The autostate command helps the devices track the loss of an access link).