Here are sample configuration on resequencing access lists in Cisco Routers for IOS, IOS-XE, IOS-XR and Nexus OS Cisco IOS/IOS-XE a. Show the existing access-list IOS#show access-lists acl_123 Extended IP access list acl_123 10 permit tcp 192.168.10.8 255.255.255.255 192.168.20.5 255.255.255.255 eq 22 20 permit tcp 172.16.0.10.8 255.255.255.255 192.168.20.5 255.255.255.255 eq 22 30 deny ip any any b. Add the new access list before the last deny rule IOS(config)#ip access-list extended acl_123 IOS(config-ext-nacl)#21 permit tcp host 192.168.11.8 host 192.168.20.5 eq 22…
Category: <span>Cisco</span>
Cisco uses RPL (Route Policy Language) while Huawei uses XPL (Extended Route Policy language). Basically they are the same concept but of course the commands are slightly different, though editing the policy or prefix-set requires vi/vim knowlege. Cisco IOS-XR RPL Huawei NE40E XPL Adding Prefix-Set:prefix-set FNT-Prefixes 192.168.0.0/24, 172.16.0.0/23end-set Adding Prefix-Set:xpl ip-prefix-list FNT-Prefixes192.168.0.0 24,172.16.0.0 23end-list Creating Route Policy:route-policy FNT-EXPORT if (destination in FNT-Prefixes) then prepend as-path 65555 2 endifend-policy Creating Route Policy:xpl route-filter FNT-EXPORT if ip route-destination in FNT-Prefixes then …
General/Overall: admin show inventory chassis admin show inventory all admin show inventory rack admin show environment all admin show environment alarms admin show diag admin show diag chassis admin show hw-module fpd location all admin show environment trace admin show platform admin show platform summary location all show pfm location all show inventory trace error show shelfmgr trace show controllers i2c server trace Power Supply: admin show inventory power-supply admin show power history rack <0-1> admin show diag power-supply…
uRPF or Unicast Reverse Path Forwarding is a security feature/tool that help verifies reachability of source address in packets being forwarded. It can prevents malicious and spoofing attacks as it will perform forwarding table lookup on the source IP address. – it as defined in RFC3704 – it follows RFC2827 for ingress filtering. – it relies on the CEF (Cisco Express Forwarding) or FIB table to perform lookups. – preferably implemented at the network edge facing internet, customers and servers…
Here’s the Cisco IOS commands vs Huawei OS commands Cisco IOS Huawei BASIC show display | include | include exit quit end return configure terminal system-view shutdown shutdown no shutdown undo shutdown no undo clear reset debug debugging show running-config display current-configuration show startup-config display saved-configuration show version display version show tech-support display diagnostic-information clear counters <interface> reset counters <int> clear line <line><line number> terminal length <num> screen-length disable terminal width <num>…
As per Cisco documentation, Smart Call Home offers proactive diagnostics and real-time alerts on select Cisco devices, which provides higher network availability and increased operational efficiency. There are few ways on sending these alerts, it can be either by email or http. Sample Configuration using Email Method: callhome contract-id [value] switch-priority 7 email-contact [email-address] phone-contact [phone number] streetaddress [address] distribute destination-profile [PROFILENAME] destination-profile [PROFILENAME] format XML destination-profile [PROFILENAME] message-size [value] destination-profile [PROFILENAME] message-level 2 destination-profile [PROFILENAME] email-addr callhome@cisco.com destination-profile [PROFILENAME]…
As per Cisco documentation: A virtual PortChannel (vPC) allows links that are physically connected to two different Cisco Nexus devices to appear as a single Port Channel to a third device. The third device can be a Cisco Nexus 2000 Series Fabric Extender or a switch, server, or any other networking device. A vPC can provide Layer 2 multipathing, which allows you to create redundancy by increasing bandwidth, enabling multiple parallel paths between nodes and load-balancing traffic where alternative paths…
AAA(TACACS) aaa accounting exec default start-stop group <GROUPNAME> group tacacs+aaa accounting commands default start-stop group <GROUPNAME> group tacacs+aaa group server tacacs+ <GROUPNAME> vrf management server-private <ISE/TACACS IP#1> port 49 key 7 <TACACS KEY> ! server-private <ISE/TACACS IP#2> port 49 key 7 <TACACS KEY> !aaa authorization exec default group <GROUPNAME> group tacacs+ noneaaa authorization commands default group <GROUPNAME> group tacacs+ noneaaa authorization eventmanager default group tacacs+aaa authentication login default group <GROUPNAME> group tacacs+ localaaa default-taskgroup netadmin SSHv2 ssh server v2ssh server vrf defaultssh server…
Leave a Comment