Here are sample static route configuration on Cisco IOS-XR routers such as CRS and ASR9000. 1.Configure IPv4 default route to next hop 192.168.10.3 (via Bundle-Ether1) router static address-family ipv4 unicast 0.0.0.0/0 Bundle-Ether1 192.168.10.3 2.Configure IPv4 default route to next hop 192.168.10.3 (via Bundle-Ether1) underr vrf management router static vrf management address-family ipv4 unicast 0.0.0.0/0 Bundle-Ether1 192.168.10.3 3. Configure IPv4 for 192.168.0.0/16 range to Null interface (e.g. for BGP advertisement) with 100 distance metric router static address-family ipv4 unicast…
Category: <span>Cisco</span>
It is recommended to implement the separation of management and data/customer traffic in your Datacenter switches like Cisco IOS and IOS-XE (e.g. ASR1000). Traffic passing through the management plane should be exclusively for management or administrative access purposes only like SSH, SNMP, NTP and AAA. Here’s the recommended configuration or practices for these management services. Configure Authentication, Authorization and Accounting (AAA) -preferably to setup centralized TACACS+ to manage all your devices, some uses Cisco® Identity Services Engine (ISE) for central…
It is recommended to implement the separation of management and data/customer traffic in your Datacenter switches like Cisco IOS-XR devices (e.g. ASR 9000, CRS). Traffic passing through the management plane should be exclusively for management or administrative access purposes only like SSH, SNMP, NTP and AAA. Here’s the recommended configuration or practices for these management services. Configure Authentication, Authorization and Accounting (AAA) -preferably to setup centralized TACACS+ to manage all your devices, some uses Cisco® Identity Services Engine (ISE) for…
As mentioned from the previous post, Bogon prefixes or routes should never appear in the Internet routing table. Network Engineers should implement “Best Practices” in their network, that includes filtering of bogons as it maybe used in DDoS attacks or Spams. Refer to https://freenetworktutorials.com/ipv4-and-ipv6-bogon-address-list for more info. “Martians” bogons may changed occasionally so at least make sure private address mentioned in https://freenetworktutorials.com/ipv4-classful-and-reserved-addresses are filtered so it wont leak out into the Internet. Here is sample steps and configuration. 1. Create the Ingress…
Dynamic Host Configuration Protocol, or DHCP, is a network protocol used (via DHCP server) to dynamically or automatically assign IP address and other info (e.g.Gateway,DNS) to each hosts in the network. Here’s a sample configuration of running DHCP server in a Layer 3 switch. Host Setup: Gateway: 192.168.10.1 Netmask: 255.255.255.0 DNS Server: 192.168.20.254, 8.8.8.8 Layer 3 Switch(tested in Cisco 49xx) VLAN ID: 888 IP Block: 192.168.10.0/24 Fig.A. Hosts connected to switch Configure respective interfaces for access vlan L3-Switch#conf t…
For number of addresses, I always used this formula:32 – (cidr) = Xthen 2^x = number of addressesTo get the number of hosts, subtract with 2 (network and subnet mask) Example: (to get # of addresses and hosts of /24)32 – 24 = 82^8 = 256 (total number of addresses)256 -2 = 254 (total number of hosts) CIDR Addresses Netmask Wildcard /32 1 255.255.255.255 0.0.0.0 /31 2 255.255.255.254 0.0.0.1 /30 4 255.255.255.252 0.0.0.3 /29 8 255.255.255.248 0.0.0.7 /28 16 255.255.255.240…
Here’s the Cisco IOS-XR commands vs Juniper OS commands Cisco IOS-XR Juniper OS BASIC show show | include | match ..formal | display set configure configure/edit shutdown disable no shutdown delete interface <interface> disable no delete clear clear show running-config show configuration show version show version show tech-support request support information show configuration (after change) show | compare (after change) clear counters <interface> clear interface…
An Access List or ACL is set of rules to filter network traffic that can be applied to router or switches. In some large networks where it requires like hundreds of lines, it’s a bit a pain in the ass to manage and configure this. Another thing if user keeps on requesting for changes like adding and removing rules, then using object-group can be the answer. Object-groupgs can be implemented in extended ACLs, both numbered and named, and can be…
1.Remote access should be via SSH and telnet is disabled IOS-XR: no telnet ipv4 server Nexus OS: no feature telnet feature ssh feature tacacs+ 2. SSH should be version 2 or higher. Do not run v1. IOS-XR: ssh server v2 ssh server vrf management Nexus OS: ssh server v2 ssh server vrf management ssh timeout 60 3. Configure SSH logging IOS-XR: ssh server logging 4. Configure Login Banner IOS-XR: banner login ^C ************************************************************************* UNAUTHORIZED ACCESS TO…
Leave a Comment