Skip to content

Instantly share code, notes, and snippets.

Avatar

Erick Paquin erickpaquin

View GitHub Profile
View GLBP.txt
R1
----
int fa0/0
glbp 1 ip 10.1.1.1
glbp 1 priority 110
glbp 1 preempt
glbp 1 authentication md5 key-string my_key
R2
----
View vacl.txt
! Define normal "permit" ACL to attach to the VACL as the source to permit or deny on
ip access-list extended temp-host
permit ip host 172.16.100.150 172.16.100.0 0.0.0.255
! Next, define the actual VACL
vlan access-map block-temp 10
match ip address temp-host
action drop
@erickpaquin
erickpaquin / pvlan.txt
Last active Apr 9, 2019
Private-Vlans
View pvlan.txt
! First create primary vlan as a normal vlan
vlan 150
name SERVERS
! Next make sure your switches are in VTP transparent mode because
! Private VLANs are configured in the context of a single switch and cannot have members on other switches.
vtp mode transparent
View AAA-dot1x-radius.txt
aaa new-model
radius-server host 192.168.55.12 auth-port 1812 key S3CR3TKEY
aaa authentication dot1x default group radius
dot1x system-auth-control
! apply to interfaces
interface f0/1
! for IOS versions below 12.2(50)SE use the next line
dot1x port-control auto
! for IOS versions above 12.2(50)SE use the next 2 lines instead
@erickpaquin
erickpaquin / AAA-radius-VTY.txt
Last active Apr 5, 2019
AAA Radius VTY lines
View AAA-radius-VTY.txt
OLD Method
-----------
aaa new-model
radius-server host 192.168.1.120 auth-port 1812 acct-port 1813 key S3CR3TKEY
aaa authentication login default group radius local line
! then apply on the vty lines or switchports
line vty 0 4
login authentication default
@erickpaquin
erickpaquin / AAA-dot1x-local.txt
Last active Apr 5, 2019
AAA dot1x with local accounts
View AAA-dot1x-local.txt
! configure local users first
username janedoe password 0 cisco
username johndoe password 0 cisco
username joesmith password 0 cisco
! setup AAA auth and enable on a port
aaa new-model
aaa authentication dot1x default local
dot1x system-auth-control
int range f0/1 - 15
View dhcp-snooping.txt
! Unconditionally trust relay information from switches connected to you
ip dhcp relay information trust-all
! Turn snooping ON globally on access switch
ip dhcp snooping
! configure trusted trunk interfaces
interface range e0/1 - 3
ip dhcp snooping trust
View ip-sla.txt
IP SLA Configuration & verification on Cisco Devices
-----------------------------------------------------
! enable ip sla responder on client devices
ip sla responder
! configure responder for udp-echo sla. Ip address is the address of the destination of the reflected UDP traffic.
ip sla responder udp-echo ipaddress 172.16.1.1 port 5000
! configure ip sla sources. Each sla operation has its own number.
View TCL-ping.txt
Simple TCL script to ping multiple addresses from a core switch or similar :
S1# tclsh
foreach address {
172.16.1.1
172.16.1.101
172.16.1.102
172.16.100.1
172.16.200.1
172.16.100.101
@erickpaquin
erickpaquin / lab-setups.txt
Last active Apr 4, 2019
Useful for lab setups
View lab-setups.txt
logging synchronous + no domain
--------------------------------
conf t
no ip domain-lookup
line vty 0 4
logging sync
end
basic 4 switch etherchannel trunks
------------------------------------