Ciscoman's notes (Записки цыщика)

пятница, 8 апреля 2016 г.

Tricks: Maximum Recursive Route Lookups IOS vs IOS XR

Just small note, primarily for myself because long time ago I was absolutely sure that maximum recursive route lookup was limited to 3rd level depth (Maybe it was changed?), actually, for IOS 15.4(2)T1 tested that 9th lookup is too many:

Check it your own if you want ;) - connected network in my example:

ip route
ip route
ip route
ip route
ip route
ip route
ip route, epoch 0
  recursive via
    recursive via
      recursive via
        recursive via
          recursive via
            recursive via
              recursive via
                recursive via
                  Too many (9) levels of IP recursion truncating, epoch 0
  1 RR source [no flags]
  recursive via
    recursive via
      recursive via
        recursive via
          recursive via
            recursive via
              recursive via
                attached to GigabitEthernet0/0

And for IOS XR according to the documentation it limited to 128 and can be configured with recursion-depth-max command in the range of 5 to 16.

вторник, 22 декабря 2015 г.

Radius configuration trick to allow "CLID-like" filtering on ACS for l2tp/pptp

Here is "trcik" to allow l2tp/pptp client access filtering based on their IP-address for ACS 5.X
1) configure NAS with "vpdn aaa attribute nas-ip-address vpdn-tunnel-client"
This command will allow IOS to send client ip address in attribute 4 like this output from debug:
RADIUS:  NAS-IP-Address      [4]   6
2) Use "compound condition"  in ACS Access Policies - Authorization rules to match based on this attribute.
Tested on 15.1(4)M6 IOS for 7200 series router.

воскресенье, 20 декабря 2015 г.


Finally I nailed it. I passed on the first try after so much time spent since 2013... Just since June 2015 I was at both Cisco360 workshops and spent more than 400 hours labbing (workshops time is not counted) and more than 300 hours VoD from different training vendors...
Now I feel completely drained and squeezed like a lemon, time to make a pause.

воскресенье, 4 октября 2015 г.

Cisco IOS tcl simple script to use instead of interface level configuration


set area 0
ios_config "router os 1" "router-id [ lindex [exec "sh ip int b lo0 | exclude face"] 1 ] "
foreach i {
} { ios_config "router os 1" "net [ lindex [exec "sh ip int b $i | exclude face"] 1 ] area $area"

четверг, 1 октября 2015 г.

Cisco IOS tclsh oneliner to configure vrf on interface

ios_config "int Et0/0" "ip vrf for VPNA" [exec "sh run int Et0/0 | i addr"]

More advanced stuff:
foreach i {
} { ios_config "int $i" "ip vrf for VPNA" [exec "sh run int $i | i addr"] }

четверг, 24 сентября 2015 г.

Useful EEM to remember

event manager applet ERROR_RATE
event interface name FastEthernet0/0 parameter input_errors entry-op gt entry-type value entry-val 100 poll-interval 15
action 10.1 syslog msg "For $_interface_name, $_interface_parameter is $_interface_value."
action 20.1 cli command "enable"
action 20.2 cli command "show interface FastEthernet0/0 | include 5 minute"
action 20.3 syslog msg "$_cli_result "
action 30.1 cli command "clear counters FastEthernet0/0" pattern "confirm"
action 30.2 cli command "y"
action 40.1 mail server "" to "" from "" subject "FastEthernet0/0 input errors counter is above 100" body "$_cli_result"

среда, 23 сентября 2015 г.

Simple route-map question for interview

In which range will it match metric?

route-map MATCH_METRIC
 match metric 1 +- 999 1000 500 +- 500 1

Постоянные читатели

Поиск по этому блогу