Radius configuration trick to allow "CLID-like" filtering on ACS for l2tp/pptp

Here is "trcik" to allow l2tp/pptp client access filtering based on their IP-address for ACS 5.X
1) configure NAS with "vpdn aaa attribute nas-ip-address vpdn-tunnel-client"
This command will allow IOS to send client ip address in attribute 4 like this output from debug:
RADIUS:  NAS-IP-Address      [4]   6  1.2.3.4
2) Use "compound condition"  in ACS Access Policies - Authorization rules to match based on this attribute.
Tested on 15.1(4)M6 IOS for 7200 series router.

CCIE R&S

Finally I nailed it. I passed on the first try after so much time spent since 2013... Just since June 2015 I was at both Cisco360 workshops and spent more than 400 hours labbing (workshops time is not counted) and more than 300 hours VoD from different training vendors...
Now I feel completely drained and squeezed like a lemon, time to make a pause.

Cisco IOS tcl simple script to use instead of interface level configuration

Example:

tclsh
set area 0
ios_config "router os 1" "router-id [ lindex [exec "sh ip int b lo0 | exclude face"] 1 ] "
foreach i {
Lo0
Et0/0
Et0/1
} { ios_config "router os 1" "net [ lindex [exec "sh ip int b $i | exclude face"] 1 ] 0.0.0.0 area $area"
}

Cisco IOS tclsh oneliner to configure vrf on interface

Example:
ios_config "int Et0/0" "ip vrf for VPNA" [exec "sh run int Et0/0 | i addr"]

More advanced stuff:
foreach i {
Et0/0.10
Et0/0.20
Et0/0.33
Tu1
s1/0
} { ios_config "int $i" "ip vrf for VPNA" [exec "sh run int $i | i addr"] }

Useful EEM to remember

event manager applet ERROR_RATE
event interface name FastEthernet0/0 parameter input_errors entry-op gt entry-type value entry-val 100 poll-interval 15
action 10.1 syslog msg "For $_interface_name, $_interface_parameter is $_interface_value."
action 20.1 cli command "enable"
action 20.2 cli command "show interface FastEthernet0/0 | include 5 minute"
action 20.3 syslog msg "$_cli_result "
action 30.1 cli command "clear counters FastEthernet0/0" pattern "confirm"
action 30.2 cli command "y"
action 40.1 mail server "172.16.254.1" to "monitoring@example.com" from "router@example.com" subject "FastEthernet0/0 input errors counter is above 100" body "$_cli_result"

Simple route-map question for interview

In which range will it match metric?

route-map MATCH_METRIC
 match metric 1 +- 999 1000 500 +- 500 1

quick note: ninja command to use during the lab

sh run | i ospf|eigrp|int|band|delay|access-gr|policy|arp|mac