suiCCIEde

Ciscoman's notes (Записки цыщика)

пятница, 8 апреля 2016 г.

Tricks: Maximum Recursive Route Lookups IOS vs IOS XR

Just small note, primarily for myself because long time ago I was absolutely sure that maximum recursive route lookup was limited to 3rd level depth (Maybe it was changed?), actually, for IOS 15.4(2)T1 tested that 9th lookup is too many:

Check it your own if you want ;)

192.168.0.0/24 - connected network in my example:

ip route 1.1.1.1 255.255.255.255 1.1.1.2
ip route 1.1.1.2 255.255.255.255 1.1.1.3
ip route 1.1.1.3 255.255.255.255 1.1.1.4
ip route 1.1.1.4 255.255.255.255 1.1.1.5
ip route 1.1.1.5 255.255.255.255 1.1.1.6
ip route 1.1.1.6 255.255.255.255 1.1.1.7
ip route 1.1.1.7 255.255.255.255 192.168.0.2



1.1.1.1/32, epoch 0
  recursive via 1.1.1.2
    recursive via 1.1.1.3
      recursive via 1.1.1.4
        recursive via 1.1.1.5
          recursive via 1.1.1.6
            recursive via 1.1.1.7
              recursive via 192.168.0.2
                recursive via 192.168.0.0/24
                  Too many (9) levels of IP recursion truncating
1.1.1.2/32, epoch 0
  1 RR source [no flags]
  recursive via 1.1.1.3
    recursive via 1.1.1.4
      recursive via 1.1.1.5
        recursive via 1.1.1.6
          recursive via 1.1.1.7
            recursive via 192.168.0.2
              recursive via 192.168.0.0/24
                attached to GigabitEthernet0/0

  
And for IOS XR according to the documentation it limited to 128 and can be configured with recursion-depth-max command in the range of 5 to 16.

вторник, 22 декабря 2015 г.

Radius configuration trick to allow "CLID-like" filtering on ACS for l2tp/pptp

Here is "trcik" to allow l2tp/pptp client access filtering based on their IP-address for ACS 5.X
1) configure NAS with "vpdn aaa attribute nas-ip-address vpdn-tunnel-client"
This command will allow IOS to send client ip address in attribute 4 like this output from debug:
RADIUS:  NAS-IP-Address      [4]   6  1.2.3.4
2) Use "compound condition"  in ACS Access Policies - Authorization rules to match based on this attribute.
Tested on 15.1(4)M6 IOS for 7200 series router.


воскресенье, 20 декабря 2015 г.

CCIE R&S

Finally I nailed it. I passed on the first try after so much time spent since 2013... Just since June 2015 I was at both Cisco360 workshops and spent more than 400 hours labbing (workshops time is not counted) and more than 300 hours VoD from different training vendors...
Now I feel completely drained and squeezed like a lemon, time to make a pause.

воскресенье, 4 октября 2015 г.

Cisco IOS tcl simple script to use instead of interface level configuration

Example:

tclsh
set area 0
ios_config "router os 1" "router-id [ lindex [exec "sh ip int b lo0 | exclude face"] 1 ] "
foreach i {
Lo0
Et0/0
Et0/1
} { ios_config "router os 1" "net [ lindex [exec "sh ip int b $i | exclude face"] 1 ] 0.0.0.0 area $area"
}



четверг, 1 октября 2015 г.

Cisco IOS tclsh oneliner to configure vrf on interface

Example:
ios_config "int Et0/0" "ip vrf for VPNA" [exec "sh run int Et0/0 | i addr"]

More advanced stuff:
foreach i {
Et0/0.10
Et0/0.20
Et0/0.33
Tu1
s1/0
} { ios_config "int $i" "ip vrf for VPNA" [exec "sh run int $i | i addr"] }

четверг, 24 сентября 2015 г.

Useful EEM to remember


event manager applet ERROR_RATE
event interface name FastEthernet0/0 parameter input_errors entry-op gt entry-type value entry-val 100 poll-interval 15
action 10.1 syslog msg "For $_interface_name, $_interface_parameter is $_interface_value."
action 20.1 cli command "enable"
action 20.2 cli command "show interface FastEthernet0/0 | include 5 minute"
action 20.3 syslog msg "$_cli_result "
action 30.1 cli command "clear counters FastEthernet0/0" pattern "confirm"
action 30.2 cli command "y"
action 40.1 mail server "172.16.254.1" to "monitoring@example.com" from "router@example.com" subject "FastEthernet0/0 input errors counter is above 100" body "$_cli_result"

среда, 23 сентября 2015 г.

Simple route-map question for interview

In which range will it match metric?

route-map MATCH_METRIC
 match metric 1 +- 999 1000 500 +- 500 1

Постоянные читатели

Поиск по этому блогу

Загрузка...