badly connected



ASR1002 Build

By default the Cisco ASR1002 Chassis contains the following:

  • Cisco ASR1002 Route Processor
  • Cisco ASR 1002 SIP
  • Cisco ASR SPA


The Embedded Services Processor (ESP) and power supplies are not contained in the Chassis, it can be installed as you can see the above picture.

The flash + nvram is in the Route Processor, so replacing the ESP will not make the router lose it’s IOS / startup configuration.


Interfaces – physical

Identify hardware

You can see the actual hardware element in:

show inventory
(also show module in switches)

Router1#sho inv
PID: CISCO3925-CHASSIS , VID: V02, SN: *********

NAME: "Cisco Services Performance Engine 200 for Cisco 3900 ISR on Slot 0", DESCR: "Cisco Services Performance Engine 200 for Cisco 3900 ISR"
PID: C3900-SPE200/K9 , VID: V05 , SN: *********

NAME: "C3900 AC Power Supply 1", DESCR: "C3900 AC Power Supply 1"
PID: PWR-3900-AC , VID: V04 , SN: *********

But in cases like above you can be deceived. This router uses a Service Performance Engine and have an additional port. If you check show version you can see the difference:

Router1#sho ver
Cisco IOS Software, C3900e Software (C3900e-UNIVERSALK9-M), Version 15.3(3)M4, RELEASE SOFTWARE (fc2)
Technical Support:
Copyright (c) 1986-2014 by Cisco Systems, Inc.
Compiled Wed 24-Sep-14 04:05 by prod_rel_team

Be aware!

Good to know: Combo ports

In the previous case we have a Cisco 3925 which has combo ports (copper/sfp).
In case the fiber is in use an SFP module is going to be visible in the “show inventory” section! If you use copper the SFP module will “hide”.

Base SX: Multimode fiber which uses a longer wavelength of light and can be used on shorter distances (100 to 500 meters). Cheaper than LX.

Base LX: Singlemode fiber which uses a narrower wavelength and able to transmit on much longer distances ( 2km, 10km, 40km, 60km, 80km, 120km).


GBIC is a hot-swappable Gigabit Interface optical module. SFP is the newer version of GBIC which was necessary because GBIC was too big in physical size.

GBIC uses SC connector while SFP uses LC connector. (Details)
The same kind of GBIC is equal in performance with SFP.

The chase determines which one you have to use. (ie.: 3500 GBIC; 3560 SFP)

SFP vs SFP+ vs XFP


FastEthernet SFP modules

Cisco 100M Ethernet SFP Part Number Description
Cisco 100BASE-FX SFP GLC-FE-100FX Operates on ordinary multimode fiber-optic (MMF) link spans up to 2 kilometers long. For 100Mbps Ethernet ports
GLC-GE-100FX Operates on ordinary multimode fiber-optic (MMF) link spans up to 2 kilometers long. For Gigabit Ethernet ports
Cisco 100BASE-LX10 SFP GLC-FE-100LX Operates on ordinary single-mode fiber-optic (SMF) link spans up to 10 kilometers long.
Cisco 100BASE-BX10 SFP GLC-FE-100BX-D GLC-FE-100BX-U Operates on ordinary SMF single-strand link spans up to 10 kilometers long.
Cisco 100BASE-EX SFP GLC-FE-100EX Operates on ordinary single-mode fiber-optic (SMF) link spans up to 40 kilometers long.
Cisco 100BASE-ZX SFP GLC-FE-100ZX Operates on ordinary single-mode fiber-optic (SMF) link spans up to 80 kilometers long.

GigabitEthernet SFP modules

Cisco Gigabit Ethernet SFP Part Number Description
Cisco 1000BASE-SX SFP GLC-SX-MM1 SFP-GE-S2 Operates on 50 μm multimode fiber links up to 550 m and on 62.5 μm FDDI-grade multimode fibers up to 220 m.
Cisco 1000BASE-LX/LH SFP GLC-LH-SM1 SFP-GE-L2 Operates on standard single-mode fiber-optic link spans of up to 10 km and up to 550 m on any multimode fibers.
Cisco 1000BASE-ZX SFP GLC-ZX-SM1 SFP-GE-Z2 Operates on standard single-mode fiber-optic link spans of up to approximately 70 km in length.
Cisco 1000BASE-BX10-D & 1000BASE-BX10-U SFP GLC-BX-D2 GLC-BX-U2 Operates on a single strand of standard single-mode fiber. A 1000BASE-BX10-D device is always connected to a 1000BASE-BX10-U device with a single strand of standard single-mode fiber with an operating transmission range up to 10 km.
Cisco 1000BASE-T SFP GLC-T SFP-GE-T3 1000BASE-T SFP Transceiver Module for Category 5 copper wire.

Cisco Expansion Modules

Inteface Cards

Aggregation Services Router (ASR)

Shared Port Adapters (SPA) provide the physical interfaces for router connectivity ranging from copper, Channelized, Packet over SONET/SDH (PoS), ATM, and Ethernet.


SPA Interface Processor (SIP) provides the physical termination for the SPAs and accepts up to four half-height and two full-height Cisco SPAs.



1: SPA subslot 0
2: SPA subslot 1
3: SPA subslot 2
6: SPA subslot 3

More details >> here <<.

An example sho inv output:

NAME: "Chassis", DESCR: "Cisco ASR1004 Chassis"
PID: ASR1004 , VID: V03, SN: **********

NAME: "module 0", DESCR: "Cisco ASR1000 SPA Interface Processor 40" 
PID: ASR1000-SIP40 , VID: V02, SN: **********   <<< SIP

NAME: "SPA subslot 0/0", DESCR: "1-port 10 Gigabit Ethernet Shared Port Adapter XFP based"
PID: SPA-1X10GE-L-V2 , VID: V04, SN: ********** <<< SPA

NAME: "subslot 0/0 transceiver 0", DESCR: "10GBASE-SR/SW"
PID: XFP-10G-MM-SR , VID: 15 , SN: ********** <<< XFP

NAME: "SPA subslot 0/1", DESCR: "1-port 10 Gigabit Ethernet Shared Port Adapter XFP based"
PID: SPA-1X10GE-L-V2 , VID: V04, SN: **********

NAME: "subslot 0/1 transceiver 0", DESCR: "OC192 + 10GBASE-L"
PID: XFP-10GLR-OC192SR , VID: 00 , SN: **********



Note that the Transceiver numbering starts from the first physical interface!


File transfer on Cisco devices


Configuring FTP server

In this example the FTP server is operated by FileZilla.

Edit –> Users: Create a user with a password


Add a directory that you would like to use for file share:


Configuring Cisco device:

ip ftp source-interface Fa0/0
ip ftp username cisco
ip ftp password cisco

After these preparations you can start downloading:

copy flash:

You can verify the transfer by using hashing:

verity /md5 flash:file.bin




Configuration of IPsec – CISCO

Ways of using IPsec

  • Crypto ACL
    The traffic that match the ACL will be secured by IPsec.
  • Virtual Tunnel Interface (VTI)
    The traffic routed through the VTI will be secured by IPsec.


Main configuration steps


  • IKE Phase 1 policy
    • authentication (pre-shared)
    • encryption (des, 3des, aes)
    • hash (md5, sha)
    • lifetime
  • Transform Set
    • ah ( md5/sha, hmac)
    • esp (3des/aes/des/md5-hmac/sha-hmac)
  • IPsec Profile
    • set transform set

Tunnel Interface

  • IPv4 IPsec mode
  • IP or Unnembered
  • Source / Destination
  • Apply IPsec Profile (above)


R1(config)#crypto keyring MYRING
R1(conf-keyring)#pre-shared-key address key cisco
R1(config)#crypto ipsec transform-set P2P-SET esp-aes 256 esp-sha-hmac
R1(config)#crypto ipsec profile P2P-PROFILE
R1(ipsec-profile)#set transform-set P2P-SET
R1(config)#int tunnel 1
R1(config-if)#tunnel mode ipsec ipv4
R1(config-if)#ip unnumbered loopback 0
R1(config-if)#tunnel source fa0/0
R1(config-if)#tunnel destination
R1(config-if)#tunnel protection ipsec profile P2P-PROFILE

crypto keyring MYRING
   pre-shared-key address key cisco

You must choose how should IKE Phase 1 authenticate: pre-shared key / certificate

crypto ipsec transform-set P2P-SET esp-aes 256 esp-sha-hmac

The transform set named P2P-SET is using ESP protocol for ecapsulation and AES for encryption. This tranform set also using ESP protocol and SHA for authentication.
AH and ESP could be used within one tranform set.
After this command you arrive into (cfg-crypto-trans) config mode where you could specify whether you want to use transport or tunnel mode for AH/ESP.

crypto ipsec profile P2P-PROFILE
   set transform-set P2P-SET

When this profile is applied to an interface, the interface will use that tranform-set.

After this the IKE Phase 1 is configured. Note that the IKE Phase 1 policy need to match with the other side !!

ip unnumbered loopback 0

The tunnel interface is “borrowing” the IP address of Loopback 0.

tunnel protection ipsec profile P2P-PROFILE

Implementing the IPsec configurations on the tunnel.




Protected: IPSec (Internet Protocol Security)

This content is password protected. To view it please enter your password below:


To get more information on a module you can find documentations on the internet but python can also help you:

tamvarga@DHUB4432 ~/python-study
$ python
Python 2.7.12 (default, Oct 10 2016, 12:56:26)
[GCC 5.4.0] on cygwin
Type "help", "copyright", "credits" or "license" for more information.
>>> import pexpect
>>> help(pexpect)
Help on package pexpect:



 Pexpect is a Python module for spawning child applications and controlling
 them automatically. Pexpect can be used for automating interactive applications
 such as ssh, ftp, passwd, telnet, etc. It can be used to a automate setup
 scripts for duplicating software package installations on different servers. It
 can be used for automated software testing. Pexpect is in the spirit of Don
 Libes' Expect, but Pexpect is pure Python. Other Expect-like modules for Python
 require TCL and Expect or require C extensions to be compiled. Pexpect does not
 use C, Expect, or TCL extensions. It should work on any platform that supports
 the standard Python pty module. The Pexpect interface focuses on ease of use so
 that simple tasks are easy.

There are two main interfaces to the Pexpect system; these are the function,
 run() and the class, spawn. The spawn class is more powerful. The run()
 function is simpler than spawn, and is good for quickly calling program. When
 you call the run() function it executes a given program and then returns the
 output. This is a handy replacement for os.system().


You can also check the available functions of a specific (already imported) module:

>>> dir(pexpect)
['EOF', 'ExceptionPexpect', 'PY3', 'TIMEOUT', '__all__', '__builtins__',
 '__doc__', '__file__', '__name__', '__package__', '__path__', 
'__version__', '_cast_bytes', '_cast_unicode', 'errno', 'fcntl', 
'os', 'pty', 're', 're_type', 'resource', 'run', 'searcher_re', 
'searcher_string', 'select', 'signal', 'spawn', 'spawnb', 
'split_command_line', 'struct', 'sys', 'termios', 'time', 
'traceback', 'tty', 'types', 'version', 'version_info', 'which']


Regular Expressions

The module for regular expressions is call “re”.
Regexp in Pyhton is very similar to the one in Perl.

Simple example:

import re'hello','hello world')

--- Output ---
<_sre.SRE_Match object at 0x0000000001CFC510>

The search() method has 2 arguments. First is the pattern and the second is the text where you want to search the pattern.

import  re

myPatterns = ['term1','term2']
text = 'This is a string with term1, but not the other term'

for pattern in myPatterns:
    print("Searching for %s" %(pattern))
    if, text):
        print('Not found\n')

--- Output ---
Searching for term1

Searching for term2
Not found

The returned value of search() is an object and you can use other methods on it too:

import re

myPatterns = ['term1','term2']
text = 'This is a string with term1, but not the other term'

match =[0],text)


split_pattern = '@'
phrase = 'What is your mail? Is it'

match = re.split(split_pattern, phrase)

--- Output ---
<type '_sre.SRE_Match'>


What is your mail? Is it hello
import re

myPattern = 'color'
text = 'There is a color called blue and there is a color called green.'

print(re.findall(myPattern, text))

--- Output ---
['color', 'color']

Repetition syntax

test_phrase = 'sdsd..sssddd...sdddsddd...dsds...dsssss...sdddd'

test_patterns = [ 'sd*',        # s followed by zero or more d's
                  'sd+',        # s followed by one or more d's
                  'sd?',        # s followed by zero or one d's
                  'sd{3}',      # s followed by three d's
                  'sd{2,3}',    # s followed by two to three d's

match = re.findall(test_patterns[0], test_phrase)
print (match)

--- Output ---
['sd', 'sd', 's', 's', 'sddd', 'sddd', 'sddd', 'sd', 's', 's', 's', 's', 's', 's', 'sdddd']

1.) A pattern followed by the meta-character * is repeated zero or more times.
2.) Replace the * with + and the pattern must appear at least once.
3.) Using ? means the pattern appears zero or one time.
4.) For a specific number of occurrences, use {m} after the pattern, where m is replaced with the number of times the pattern should repeat.
5.) Use {m,n} where m is the minimum number of repetitions and n is the maximum. Leaving out n ({m,}) means the value appears at least m times, with no maximum.

Character sets

import  re

test_phrase = 'sdsd..sssddd...sdddsddd...dsds...dsssss...sdddd'

test_patterns = [ '[sd]',       # either s or d
                  's[sd]+'      # s followed by one or more s or d

match = re.findall(test_patterns[0], test_phrase)

This [] means that match to either of the characters within the brackets.


We can use the ^ symbol to exclude terms.

Character Ranges

test_phrase = 'This is an example sentence. Lets see if we can find some letters.'

test_patterns=[ '[a-z]+',      # sequences of lower case letters
                '[A-Z]+',      # sequences of upper case letters
                '[a-zA-Z]+',   # sequences of lower or upper case letters
                '[A-Z][a-z]+'] # one upper case letter followed by lower case letters
match = re.findall(test_patterns[3], test_phrase)

--- Output ---
['This', 'Lets']

Escape Codes

You can use special escape codes to find specific types of patterns in your data, such as digits, non-digits,whitespace, and more. For example:

Code Meaning
\d a digit
\D a non-digit
\s whitespace (tab, space, newline, etc.)
\S non-whitespace
\w alphanumeric
\W non-alphanumeric

import re

arp = "      0      b4:09:5a:ff:c8:45  VLAN#222     L"
a ="(.+?) +(\d) +(.+?)\s{2,}(\w)*",arp)

--- Output ---

Group 0: 0 b4:09:5a:ff:c8:45 VLAN
Group 1:
Group 2: 0
Group 3: b4:09:5a:ff:c8:45
Group 4: N
The groups are created via ( ) .

(.+?) ” – Find any characters until space.
” +” – multiple spaces
“(\d)” – Find a digit (0-9)
(.+?)\s{2,}” – Two of any characters until a white space character. {2,} says: 2 repetitions of the previous expression.

Regexp syntax:

  • . – represents any character, except the new line character
  • + – Previous expression may repeat one or more time
    ie.: “a+” This matches “a” or “aaaaa” or “aaa” …
  • \d – A digit (0-9)
  • \s – Any white space characters
  • \S – Any non-white space characters
  • \w – Non-alphanumeric character. This is equivalent of [^a-zA-Z0-9_]
  • {m,n} – Causes the resulting RE to match from m to n repetitions of the preceding RE, attempting to match as many repetitions as possible. For example, a{3,5} will match from 3 to 5 ‘a’ characters. Omitting m specifies a lower bound of zero, and omitting n specifies an infinite upper bound. As an example, a{4,}b will match aaaab or a thousand ‘a’ characters followed by a b, but not aaab. The comma may not be omitted or the modifier would be confused with the previously described form.


  • findall(pattern,string,flags=0)
    Return a list of string on match.
    Returns a list of tuples if the pattern has more than 1 group.
    Empty matches are included in the result.
  • match(pattern,string)
    Return None if no match.
    Returns the location of match in memory when match found.
    Match searches the “pattern” in the beginning of the string.
    pattern: test string: This is a test
    No match
    pattern: This string: This is a test
    pattern ‘.*test’ string: This is a test
  • search(pattern, string)
    Return None if no match.
    Returns the location of match in memory when match found.
    Unlike match() this will look for the pattern in the whole string, not just in the
  • beginning.




Input / Output

Passing arguments

A simple example:

import sys

arguments = sys.argv

--- Run ---
python test

--- Output ---
['', 'test']

Using the list:
The first element of the list (0) is the name of the file !!!

import sys

arguments = sys.argv

--- Run ---
python test

--- Output ---


User input

A simple example:

myInput = raw_input("Please enter something: ")

--- Output ---
Please enter something: something




Create a free website or blog at

Up ↑