Category: <span>Cisco</span>

Here are sample configuration on resequencing access lists in Cisco Routers for IOS, IOS-XE, IOS-XR and Nexus OS Cisco IOS/IOS-XE a. Show the existing access-list IOS#show access-lists acl_123 Extended IP access list acl_123 10 permit tcp 192.168.10.8 255.255.255.255 192.168.20.5 255.255.255.255 eq 22 20 permit tcp 172.16.0.10.8 255.255.255.255 192.168.20.5 255.255.255.255 eq 22 30 deny ip any any b. Add the new access list before the last deny rule IOS(config)#ip access-list extended acl_123 IOS(config-ext-nacl)#21 permit tcp host 192.168.11.8 host 192.168.20.5 eq 22…

Cisco

  Cisco uses RPL (Route Policy Language) while Huawei uses XPL (Extended Route Policy language). Basically they are the same concept but of course the commands are slightly different, though editing the policy or prefix-set requires vi/vim knowlege. Cisco IOS-XR RPL Huawei NE40E XPL Adding Prefix-Set:prefix-set FNT-Prefixes  192.168.0.0/24,  172.16.0.0/23end-set Adding Prefix-Set:xpl ip-prefix-list FNT-Prefixes192.168.0.0 24,172.16.0.0 23end-list Creating Route Policy:route-policy FNT-EXPORT  if (destination in FNT-Prefixes) then    prepend as-path 65555 2  endifend-policy Creating Route Policy:xpl route-filter FNT-EXPORT  if ip route-destination in FNT-Prefixes then  …

Cisco Huawei

Here are common and useful Cisco IOS-XR commands to check any hardware-related information. General/Overall: admin show inventory chassis admin show inventory all admin show inventory rack admin show environment all admin show environment alarms admin show diag admin show diag chassis admin show hw-module fpd location all admin show environment trace admin show platform admin show platform summary location all show pfm location all show inventory trace error show shelfmgr trace show controllers i2c server trace Power Supply: admin show…

Cisco

Here’s the sample configuration for setting up the management port for different router platforms using static route. Assuming we have this IP configuration:RSP0/RE0 Physical IP : 10.10.10.98/24RSP1/RE1 Physical IP: 10.10.10.99/24 Virtual IP: 10.10.10.100/24 Gateway: 10.10.10.1/24 Note: It is advisable to connect the management plane connectivity to another network separate from data/voice network. Steps Cisco IOS-XR Cisco NX-OS Juniper OS Huawei Create VRF #vrf management#vrf management description MNGMT#vrf management address-family ipv4 unicast N/A #set system management-instance#set routing-instances mgmt_junos description MNGMT #ip…

Cisco Huawei Juniper

Scenario:2 physical interfaces bundled together (port-channel) and associated in the same vlan. Tested in:Cisco NexusJuniper EX Series Steps Cisco Juniper Configure 2 physical interfaces interface Ethernet1/1description Server Link#1switchportswitchport access vlan 888channel-group 99 mode activeno shutdown interface Ethernet2/1description Server Link#2switchportswitchport access vlan 888channel-group 99 mode activeno shutdown #set interfaces xe-0/0/0 description ” Server Link#1 “#set interfaces xe-0/0/0 gigether-options 802.3ad ae99 #set interfaces xe-1/0/0 description ” Server Link#2 “#set interfaces xe-1/0/0 gigether-options 802.3ad ae99 Configure the port-channel interface port-channel99description Server Port-channelswitchportswitchport access…

Cisco Juniper

uRPF or Unicast Reverse Path Forwarding is a security feature/tool that help verifies reachability of source address in packets being forwarded. It can prevents malicious and spoofing attacks as it will perform forwarding table lookup on the source IP address. – it as defined in RFC3704 – it follows RFC2827 for ingress filtering. –  it relies on the CEF (Cisco Express Forwarding) or FIB table to perform lookups. – preferably implemented at the network edge facing internet, customers and servers…

Cisco

Here’s the Cisco IOS commands vs Huawei OS commands Cisco IOS Huawei BASIC show display     | include | include exit quit end return configure terminal system-view shutdown shutdown  no shutdown undo shutdown     no undo  clear  reset debug debugging show running-config display current-configuration show startup-config display saved-configuration show version display version    show tech-support display diagnostic-information clear counters <interface> reset counters <int> clear line <line><line number>       terminal length <num>   screen-length disable terminal width…

Cisco

As per Cisco documentation, Smart Call Home offers proactive diagnostics and real-time alerts on select Cisco devices, which provides higher network availability and increased operational efficiency. There are few ways on sending these alerts, it can be either by email or http. Sample Configuration using Email Method: callhome contract-id [value] switch-priority 7 email-contact [email-address] phone-contact [phone number] streetaddress [address] distribute destination-profile [PROFILENAME] destination-profile [PROFILENAME] format XML destination-profile [PROFILENAME] message-size [value] destination-profile [PROFILENAME] message-level 2 destination-profile [PROFILENAME] email-addr callhome@cisco.com destination-profile [PROFILENAME]…

Cisco

As per Cisco documentation: A virtual PortChannel (vPC) allows links that are physically connected to two different Cisco Nexus devices to appear as a single Port Channel to a third device. The third device can be a Cisco Nexus 2000 Series Fabric Extender or a switch, server, or any other networking device. A vPC can provide Layer 2 multipathing, which allows you to create redundancy by increasing bandwidth, enabling multiple parallel paths between nodes and load-balancing traffic where alternative paths…

Cisco

Here’s Best Security Practice Template Configuration for Cisco IOS-XR for different services like AAA, SSH , NTP , SNMP and Syslog. AAA(TACACS) aaa accounting exec default start-stop group <GROUPNAME> group tacacs+aaa accounting commands default start-stop group <GROUPNAME> group tacacs+aaa group server tacacs+ <GROUPNAME>  vrf management server-private <ISE/TACACS IP#1> port 49  key 7 <TACACS KEY> ! server-private <ISE/TACACS IP#2> port 49  key 7 <TACACS KEY>  !aaa authorization exec default group <GROUPNAME> group tacacs+ noneaaa authorization commands default group <GROUPNAME> group tacacs+ noneaaa authorization eventmanager…

Cisco