Tag: <span>Cisco</span>

In routing world, Administrative Distance refers to the reliability of the routing protocol. It is equivalent to Juniper’s Route Preference and Huawei’s Preference. It is important to consider these values as in the scenario that there are multiple routes to a destination (with same prefix length), the route (learned via the routing protocol) with the lowest value is preferred. Table below will show the values for respective platform.   Routing Protocol Cisco(AD) Juniper (RP) Huawei(P) Connected Interface 0 0 0…

Networking

Here’s the Cisco IOS-XR commands vs Huawei OS commands Cisco IOS-XR Huawei BASIC show display     | include | include ..formal |   configure system-view shutdown shutdown  no shutdown undo shutdown     no undo  clear  reset show running-config display current-configuration show version display version    show tech-support display diagnostic-information show configuration (after change)   clear counters <interface> reset counters <int> clear line <line><line number>       terminal length <num>   screen-length disable terminal width <num>   terminal…

Networking

1.Remote access should be via SSH and telnet is disabled IOS-XR: no telnet ipv4 server Nexus OS: no feature telnet feature ssh feature tacacs+ 2. SSH should be version 2 or higher. Do not run v1. IOS-XR: ssh server v2 ssh server vrf management Nexus OS: ssh server v2 ssh server vrf management ssh timeout 60 3. Configure SSH logging IOS-XR: ssh server logging 4. Configure Login Banner IOS-XR: banner login ^C *************************************************************************         UNAUTHORIZED ACCESS TO…

Cisco

Fig.1   IOS-XR Configure Loopback interface Loopback0 ipv4 address 172.16.2.1 255.255.255.255 ipv6 address fdfe:abcd:ef12:0:172:16:2:1/128 ipv6 enable Configure P2P IP interface Gi0/0/0/0 description Connection to IOS Fa0/0 ipv4 address 172.17.0.1 255.255.255.252 ipv4 verify unicast source reachable-via any ipv4 unreachables disable ipv6 nd suppress-ra ipv6 verify unicast source reachable-via any ipv6 address fdfe:ab12:cd34:a00:1::/127 ipv6 enable ipv6 unreachables disable load-interval 30 dampening interface Gi0/0/0/1 description Connection to NX-OS E1/1 ipv4 address 172.18.0.1 255.255.255.252 ipv4 verify unicast source reachable-via any ipv4 unreachables disable ipv6…

Cisco

100G transceivers have been around for few years already and it is getting affordable since 2016 I guess, and it is now practical to shift to 100G instead of burning N x 10GEs.  To see more info about 100G transmission principles, I find this link very informative -> https://community.fs.com/blog/understand-100g-transceivers-transmission-principles.html Here are sample 100G transceivers we deployed in our datacenters, it really depends on what type of vendor or hardware you have, but the most popular now is the QSFPs Juniper QSFP-100GBASE-LR4…

Networking

As per Cisco website definition: Control Plane Policing (CoPP) is a Cisco IOS-wide feature designed to allow users to manage the flow of traffic handled by the route processor of their network devices. CoPP is designed to prevent unnecessary traffic from overwhelming the route processor that, if left unabated, could affect system performance. Here’s a sample configuration in applying CoPP. Step1: Create necessary ACLs a. Important services,e.g.NTP,SSH,SNMP   ip access-list extended SSH-ACL  permit tcp host 192.168.10.10 any eq 22  permit…

Cisco

Cisco IOS-XR: The NetFlow use these 3 maps to configure Step1. EXPORTER MAP – configure parameters like export destination IP, udp port (only supported transport protocol), source interface IPv4: flow exporter-map NETFLOW-EXPORTER-MAP  version v9   transport udp 9991   source Loopback0   destination 192.168.30.100 IPv6: flow exporter-map IPv6-NETFLOW-EXPORTER-MAP  version v9   transport udp 9991   source Loopback0   destination 192.168.30.100 Note: destination  udp port can be from  <1024-65535> (this is where Netflow is listening) Step2. MONITOR MAP includes flow record map…

Cisco

Taking Cisco’s  Sample Legal Banner message from their Network Security Baseline page. Sample Legal Banner Notification Configuration ! Present a legal notification banner approved by company legal counsel banner login # UNAUTHORIZED ACCESS TO THIS DEVICE IS PROHIBITED You must have explicit, authorized permission to access or configure this device. Unauthorized attempts and actions to access or use this system may result in civil and/or criminal penalties. All activities performed on this device are logged and monitored. # ! Here’s how…

Cisco

service unsupported-transceiver Why considered hidden? Because you won’t see it in the command. Sample output: RP/0/RSP1/CPU0:CORE1#ser? service RP/0/RSP1/CPU0:CORE1#service ?   redundancy  Service Director related commands. Applying: Cisco IOS-XE Router1(config)#service unsupported-transceiver Warning: When Cisco determines that a fault or defect can be traced to the use of third-party transceivers installed by a customer or reseller, then, at Cisco’s discretion, Cisco may withhold support under warranty or a Cisco support program. In the course of providing support for a Cisco networking product…

Cisco

Objective: The PBR policy will be removed facing Uplink-Router once it detected that the server is unreachable. Policy-based routing (PBR) is a method used to make routing decisions based on policies. Scenario: Server1 providing web caching to customers for faster web page loading. Since there is route-map in place to route their http/https traffic to the next hop which is Server1, what if this server suddenly goes down?, the expected behaviour is  the customer won’t be able to access websites.…

Cisco