Category: <span>Cisco</span>

Resetting Cisco ASR9000 Network Processor(NP)

Resetting Cisco ASR9000 Network Processor(NP) NP or network processor is the component on ASR9000 line cards that handle the feature processing of packets as they go through the system. Sample LC: ASR9K MOD160 RP/0/RSP0/CPU0:ASR9000#  show controller np ports all location 0/1/cpu0 Node: 0/0/CPU0: —————————————————————- NP Bridge Fia                       Ports — —— — ————————————————— 0  —     0   TenGigE0/0/0/0 – TenGigE0/0/0/1, TenGigE0/0/0/4 – TenGigE0/0/0/5 NP1 is down. 2  —     2   TenGigE0/0/1/0 – TenGigE0/0/1/1, TenGigE0/0/1/4 – TenGigE0/0/1/5 3  —     3   TenGigE0/0/1/2 – TenGigE0/0/1/3,…

Read MoreResetting Cisco ASR9000 Network Processor(NP)

Cisco

ASR9000

Leave a Comment

Control Plane Policing (CoPP) Configuration in Cisco IOS

As per Cisco website definition: Control Plane Policing (CoPP) is a Cisco IOS-wide feature designed to allow users to manage the flow of traffic handled by the route processor of their network devices. CoPP is designed to prevent unnecessary traffic from overwhelming the route processor that, if left unabated, could affect system performance. Here’s a sample configuration in applying Control Plane Policing  (CoPP) in Cisco IOS Routers Step1: Create necessary ACLs a. Important services,e.g.NTP,SSH,SNMP   ip access-list extended SSH-ACL  permit…

Read MoreControl Plane Policing (CoPP) Configuration in Cisco IOS

Cisco

Cisco COPP Firewall security

Leave a Comment

Configuring NetFlow in Cisco (IOS-XR and Nexus OS)

Here’s the sample configuration of Netflow in Cisco running IOS and Nexus-OS. Cisco IOS-XR: The NetFlow use these 3 maps to configure Step1. EXPORTER MAP – configure parameters like export destination IP, udp port (only supported transport protocol), source interface IPv4: flow exporter-map NETFLOW-EXPORTER-MAP  version v9   transport udp 9991   source Loopback0   destination 192.168.30.100 IPv6: flow exporter-map IPv6-NETFLOW-EXPORTER-MAP  version v9   transport udp 9991   source Loopback0   destination 192.168.30.100 Note: destination  udp port can be from  <1024-65535>…

Read MoreConfiguring NetFlow in Cisco (IOS-XR and Nexus OS)

Cisco

Cisco Netflow

One Comment

Configuring Banner or Login Message in Cisco

Taking Cisco’s  Sample Legal Banner message from their Network Security Baseline page. Sample Legal Banner Notification Configuration ! Present a legal notification banner approved by company legal counsel banner login # UNAUTHORIZED ACCESS TO THIS DEVICE IS PROHIBITED You must have explicit, authorized permission to access or configure this device. Unauthorized attempts and actions to access or use this system may result in civil and/or criminal penalties. All activities performed on this device are logged and monitored. # ! Here’s how…

Read MoreConfiguring Banner or Login Message in Cisco

Cisco

Banner Cisco Juniper

One Comment

Hidden Command to support 3rd-Party Transceivers for Cisco

Why is considered hidden? Because you won’t see it in the command in Cisco Routers Command Line Interface (CLI). Sample output: RP/0/RSP1/CPU0:CORE1#ser? service RP/0/RSP1/CPU0:CORE1#service ?   redundancy  Service Director related commands. Then what it is? service unsupported-transceiver Configuration: Cisco IOS-XE Router1(config)#service unsupported-transceiver Warning: When Cisco determines that a fault or defect can be traced to the use of third-party transceivers installed by a customer or reseller, then, at Cisco’s discretion, Cisco may withhold support under warranty or a Cisco support…

Read MoreHidden Command to support 3rd-Party Transceivers for Cisco

Cisco

Cisco SFP

Leave a Comment

IP Service Level Agreements (SLA) , Embedded Event Manager (EEM) and Policy-Based Routing (PBR) in Cisco IOS

Objective: The PBR policy will be removed facing Uplink-Router once it detected that the server is unreachable. Policy-based routing (PBR) is a method used to make routing decisions based on policies. Scenario: Server1 providing web caching to customers for faster web page loading. Since there is route-map in place to route their http/https traffic to the next hop which is Server1, what if this server suddenly goes down?, the expected behaviour is  the customer won’t be able to access websites.…

Read MoreIP Service Level Agreements (SLA) , Embedded Event Manager (EEM) and Policy-Based Routing (PBR) in Cisco IOS

Cisco

Cisco EEM PBR SLA

Leave a Comment

Configuring Port-Channel and VLAN in Cisco Nexus

Objective: To configure port-channel and associate it to vlan. Servers will use Cisco-NXOS as their gateway and uplink to Internet. Server-switch have Layer 2 (access mode) connectivity to Cisco-NXOS router. (see Fig.1)  Fig.1 1. Configure the Vlan (interface vlan will be the server’s gateway) Cisco-NXOS# configure vlan 8   name Server-Farm interface Vlan8  description Server Farm Vlan  no shutdown   ip address 192.168.8.1/24 2. Configure port-channel interface port-channel10    description Port-channel to Server-Switch    switchport access vlan 8 3. Configure…

Read MoreConfiguring Port-Channel and VLAN in Cisco Nexus

Cisco

Nexus Vlan

One Comment

Out of Band (OOB) Management Configuration in Cisco IOS-XR (SSH,SNMP,NTP,AAA,Syslog)

Objective: To separate management traffic from data/customer traffic in your Cisco XR routers. Preferably, Data and Management are into 2 separate network domains. Pre-requisite: UTP cables (for each RSP management port in case for switchover) are connected to a network switch to access the OOB management gateway * * Management IP Configuration* *  1. Configure the vrf for management vrf management description VRF for Out-of-Band address-family ipv4 unicast 2. Set the physical IP address on each RSP management port. There are total of…

Read MoreOut of Band (OOB) Management Configuration in Cisco IOS-XR (SSH,SNMP,NTP,AAA,Syslog)

Cisco

AAA Cisco NTP OOB SNMP SSH Syslog

One Comment

Configuring Network Time Protocol (NTP) the Secured way in Cisco Routers and Switches (IOS, IOS-XE, IOS-XR, NX-OS)

Cisco IOS e.g. Vlan10 =  interface management vlan NTP Server = 192.168.10.100 1. Configure ACL to deny NTP requests and query conf t access-list 100 remark to block NTP requests and query access-list 100 deny   any 2. Configure ACL to allow only the NTP servers to peer or synch with access-list 200 remark NTP to peer access-list 200 permit 192.168.10.100 access-list 200 deny  any 3. Configure NTP conf t ntp source Vlan10 ntp access-group peer 200 ntp access-group serve 100 ntp access-group…

Read MoreConfiguring Network Time Protocol (NTP) the Secured way in Cisco Routers and Switches (IOS, IOS-XE, IOS-XR, NX-OS)

Cisco

Cisco NTP

4 Comments

SNMPv2c and SNMPv3 Polling and Traps Configuration in Cisco (IOS-XR)

Here is sample commands in configuring SNMPv2 and SNMPv3 in Cisco IOS-XR devices. It also detailed on how to configure SNMP traps for your Network Monitoring System. SNMPv2c community: snmpcomm123 management IP address: 192.168.10.100 SNMP Polling Server: 192.168.20.199 SNMP Trap Server: 192.168.20.200 SNMPv2c Polling Configuration: ipv4 access-list SNMP-ALLOW  10 permit ipv4 host 192.168.20.199 any snmp-server contact DC-ADMIN snmp-server location Datacentre snmp-server trap-source Loopback0 snmp-server community snmpcomm123 RO SystemOwner IPv4 SNMP-ALLOW   SNMPv2c Traps Configuration: configure snmp-server traps snmp-server host 192.168.20.200 traps snmpcomm123 Verify: /usr/bin/snmpwalk -M /usr/local/snmp/mibs -v2c…

Read MoreSNMPv2c and SNMPv3 Polling and Traps Configuration in Cisco (IOS-XR)

Cisco

Cisco SNMP

5 Comments