As per Cisco documentation: A virtual PortChannel (vPC) allows links that are physically connected to two different Cisco Nexus devices to appear as a single Port Channel to a third device. The third device can be a Cisco Nexus 2000 Series Fabric Extender or a switch, server, or any other networking device. A vPC can provide Layer 2 multipathing, which allows you to create redundancy by increasing bandwidth, enabling multiple parallel paths between nodes and load-balancing traffic where alternative paths…
Category: <span>Cisco</span>
Here’s Best Security Practice Template Configuration for Cisco IOS-XR for different services like AAA, SSH , NTP , SNMP and Syslog. AAA(TACACS) aaa accounting exec default start-stop group <GROUPNAME> group tacacs+aaa accounting commands default start-stop group <GROUPNAME> group tacacs+aaa group server tacacs+ <GROUPNAME> vrf management server-private <ISE/TACACS IP#1> port 49 key 7 <TACACS KEY> ! server-private <ISE/TACACS IP#2> port 49 key 7 <TACACS KEY> !aaa authorization exec default group <GROUPNAME> group tacacs+ noneaaa authorization commands default group <GROUPNAME> group tacacs+ noneaaa authorization eventmanager…
Link Aggregation Control Protocol or IEEE 802.3ad (LACP) is an open standard of Ethernet link aggregation protocol. It is a method used by routers/switches to automatically establish link aggregation groups or LAG ( sometimes called as channel groups, bundle or port-channels). Here’s LACP configuration examples for different Cisco platforms using LACP active mode, where it places a port into an active negotiating state and sending LACPDU (Data units) at regular intervals to seek out partners IOS (Catalyst 4500) Configuration: interface…
As per Cisco definition: Hot Standby Router Protocol (HSRP) provides redundancy for IP networks, ensuring that user traffic immediately and transparently recovers from first hop router failures. HSRP allows multiple routers on a single LAN to share a virtual IP and MAC address which is configured as the default gateway on the hosts. From the group of routers configured in an HSRP group, there is one router elected as the active router and another as a standby router. The active…
As per Cisco documentation, Smart Call Home offers proactive diagnostics and real-time alerts on select Cisco devices, which provides higher network availability and increased operational efficiency. There are few ways on sending these alerts, it can be either by email or http. Sample Configuration using Email Method call-home service active sender reply-to <sender-email-address> sender from <sender-email-address> mail-server <SMTP Server IP> priority <1-100> phone-number <+contact person phone number> contact-email-addr <contact-person-email-add> street-address “<street add,city,state,zipcode> profile <profilename> active destination address email <dest-email-address> destination…
Assuming you have this type of card on your Cisco ASR9000 Series Router and inserted on Slot 0 A9K-MOD80-SE –> 80G Modular Linecard, Service Edge Optimized A9K-MPA-4X10GE –> ASR 9000 4-port 10GE Modular Port Adapter Here’s the following commands that can be used: show pfm location all show asic-errors all location 0/0/cpu0 show controllers fabric fia stats location 0/0/cpu0 show controllers np counters all location 0/0/cpu0 show controllers fabric fia stats location 0/0/cpu0 show controllers fabric crossbar statistics instance 0…
We are going to configure VRRP between the 2 pairs of routers and the expected behavior, setup as per below: Setup: 1. Routers PE1,PE2,FW1 and FW2 are connected to the same Layer 2 Switch and belongs to the same VLAN. 2. L2-Switch will just function as Layer 2 switch (subnet 192.168.2.240/29) 3. VRRP is configured between PE1 & PE2 3. VRRP is configured between FW1 & FW2 Fig.1 IP & VRRP Configuration: L2-SWITCH L2-SWITCH#conf t a. Setup access VLAN…
Here are sample static route configuration on Cisco IOS-XR routers such as CRS and ASR9000. 1.Configure IPv4 default route to next hop 192.168.10.3 (via Bundle-Ether1) router static address-family ipv4 unicast 0.0.0.0/0 Bundle-Ether1 192.168.10.3 2.Configure IPv4 default route to next hop 192.168.10.3 (via Bundle-Ether1) underr vrf management router static vrf management address-family ipv4 unicast 0.0.0.0/0 Bundle-Ether1 192.168.10.3 3. Configure IPv4 for 192.168.0.0/16 range to Null interface (e.g. for BGP advertisement) with 100 distance metric router static address-family ipv4 unicast…
It is recommended to implement the separation of management and data/customer traffic in your Datacenter switches like Cisco IOS and IOS-XE (e.g. ASR1000). Traffic passing through the management plane should be exclusively for management or administrative access purposes only like SSH, SNMP, NTP and AAA. Here’s the recommended configuration or practices for these management services. Configure Authentication, Authorization and Accounting (AAA) -preferably to setup centralized TACACS+ to manage all your devices, some uses Cisco® Identity Services Engine (ISE) for central…
It is recommended to implement the separation of management and data/customer traffic in your Datacenter switches like Cisco IOS-XR devices (e.g. ASR 9000, CRS). Traffic passing through the management plane should be exclusively for management or administrative access purposes only like SSH, SNMP, NTP and AAA. Here’s the recommended configuration or practices for these management services. Configure Authentication, Authorization and Accounting (AAA) -preferably to setup centralized TACACS+ to manage all your devices, some uses Cisco® Identity Services Engine (ISE) for…
Leave a Comment