Cisco - Port Channels

1^st go into Port-channel

int port-channel 1

Enable switch port

switchport

Move into ports to add

interface gi1/1

Enable as switch port and add to port channel

switchport

channel-group 1 mode ?

  active     Enable LACP unconditionally

  auto       Enable PAgP only if a PAgP device is detected

  desirable  Enable PAgP unconditionally

  on         Enable Etherchannel only

  passive    Enable LACP only if a LACP device is detected

channel-group 1 mode active

interface gi1/2

switchport

channel-group 1 mode active

Move to Port-channel and enable dot1q encapsulation and trunk mode

int port-channel 1

switchport trunk encapsulation dot1q

switchport mode trunk

add vlans to trunk

switchport trunk allowed vlan 1-5

no shutdown ports

Cisco-6503(config)#int port-channel 1

Cisco-6503(config-if)#no shut

Cisco-6503(config-if)#int gi1/1

Cisco-6503(config-if)#no shut

Cisco-6503(config-if)#int gi1/2

Cisco-6503(config-if)#no shut

interface Port-channel1

 switchport

 switchport trunk encapsulation dot1q

 switchport mode trunk

 no ip address

 no shut

interface GigabitEthernet1/1

 switchport

 switchport trunk encapsulation dot1q

 switchport mode trunk

 no ip address

 channel-group 1 mode on

 no shut

interface GigabitEthernet1/2

 switchport

 switchport trunk encapsulation dot1q

 switchport mode trunk

 no ip address

 channel-group 1 mode on

 no shut

Cisco - OSPF

Single Area

interface loopback 0

ip address 1.1.1.1 255.255.255.255 

interface GigabitEthernet1/0/1
ip address 10.1.20.1 255.255.255.0

router ospf 1
log-adjacency-changes
redistribute eigrp 100 subnets
network 1.1.1.1 0.0.0.0 area 0
network 10.1.20.2 0.0.0.0 area 0

General Information - show ip ospf general

Verify if OSPF is enabled, router ID, Distance, LSA import Type packest

Area information - show ip ospf area

Shows information for the specified area. Verify Area ID is correct

External link state information - show ip ospf external-link-state

Verify the Link Stae Id shows correct destination of external route and router ID that originated the external LSA

Interface information - show ip ospf interface

Verify IP Address, Status, Area ID, and State (DR, BDR, etc)

Link state information - show ip ospf link-state

Verifies LSA Type, Link State ID, and Router ID for all Areas

Neighbor information - show ip ospf neighbor

Verify neighbor router ID, IP Address, neighbor interface state (DR, BDR, null), and State (should be FULL)

Route information - show ip ospf

This has a lot of information, most of it already covered in other show commands

Cisco - Port settings

L2 trunk port (802.1q)

interface FastEthernet3/43

 switchport

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 30

 switchport trunk allowed vlan 10,20,30

 switchport mode trunk

 switchport nonegotiate

 no shutdown

L2 Access port (porcurve untagged port)

interface FastEthernet3/43

 no ip address

 duplex full

 speed 100

 switchport

 switchport access vlan 10

 switchport mode access

interface FastEthernet3/48

 no ip address

 switchport

 switchport access vlan 1

 switchport mode access

interface Vlan10

 ip address 10.1.1.1 255.255.255.0

interface Vlan1

 ip address 13.28.236.10 255.255.240.0

switchport host

Normally I would enable spanning-tree portfast on all access ports to ensure they come up quicker, and also set them to access ports.

This command does 3 things!

·         Configures the switchport for access mode

·         Enables portfast

·         Disables Etherchannel

Switch1(config)# interface range fa0/1 – 48
Switch(config-if-range)# switchport host

switchport mode will be set to access
spanning-tree portfast will be enabled
channel group will be disabled

switchport voice vlan

Syntax: switchport voice vlan {dot1p | none | untagged | vlan-id}

The options used with the switchport voice vlan command are as follows:

Option	Description
dot1p	It sends CDP packets that configure the IP phone to transmit voice traffic in the default VLAN in 802.1p frames that are tagged with a Layer 2 CoS value.
none	It allows the IP phone to use its own configuration and transmit untagged voice traffic in the default VLAN.
untagged	It sends CDP packets that configure the IP phone to transmit untagged voice traffic in the default VLAN.
vlan-id	It sends CDP packets that configure the IP phone to transmit voice traffic in the voice VLAN in 802.1Q frames that are tagged with a Layer 2 CoS value.

auto qos voip cisco-phone

AutoQoS supports Cisco IP phones with the auto qos voip cisco-phone interface configuration command. When you enter the auto qos voip cisco-phone interface configuration command on a port that is configured to support an IP phone and to which an IP phone is connected, the autoQoS feature does the following:

• If QoS was not already enabled, enables QoS globally.

• If VLAN-based QoS was configured for the port, reverts to the default port-based QoS (done for all ports on switching modules with 1p1q0t/1p3q1t ports).

• Sets the port trust state to trust CoS.

• Creates and applies a trust-CoS QoS policy to ports on switching modules with non-Gigabit Ethernet 1q4t/2q2t ports, which do not support port trust.

aaa authentication login default local

·         This means router will use local username & password to authenticate.

Cisco - Basic Settings

Save configuration as filename.cfg

Cisco-A# write memory

Cisco-A# copy running flash:filename.cfg

Cisco-A# dir flash:

Make the new config you’re the startup for next boot

Cisco-A(config)#boot config flash:interop-3a.cfg

Cisco-A# show boot

Cisco-A# more flash:filename.cfg

Cisco-A# reload

Say “No” if it asks to save the config file

To set to factory

Cisco# erase startup-config

Cisco# reload

Say “No” if it asks to save the config file

General Commands

  #(config) hostname Lab_A

  #(config) no logging console

  #(config) ip subnet-zero

  #(config) no ip domain-lookup

  #(config) no service config <-- %Error opening tftp://... (Timed out)

  The ping and traceroute escape sequence: CTRL-SHIFT-6 twice

    Set console mode password

  (config) line con 0

  (config-line)#password 123

 

  Allow ssh/telnet enable mode access

  (config)#line vty 0 4

  (config-line)#password 123

  (config)#enable password 123

 

  Show all ip's configured on box

  (config)# show ip int brief

Router interfaces

interface FastEthernet0/1

 ip address 192.168.1.3 255.255.255.0

 duplex auto

 speed auto

Cisco - Setup MSTP

Cisco(config)#spanning-tree mode mst

Cisco(config)#spanning-tree mst configuration

Cisco(config-mst)#name migration

Cisco(config-mst)#revision 1

Cisco(config-mst)# instance 1 vlan 10 20

Cisco(config-mst)# instance 2 vlan 11, 12

Cisco(config)#spanning-tree mst 0 priority 36864

Cisco(config)#spanning-tree mst 1 priority 8192

Cisco(config)#interface gi1/0/1

Cisco(config-if)#spanningtree cost 10000

Cisco(config-if)#spanningtree port-priority 6

Cisco(config-if)#spanningtree mst 1 cost 10000

Cisco(config-if)#spanningtree mst 1 port-priority 6

Cisco#show spanning-tree  mst

Cisco#show spanning-tree  mst conf

Cisco#show spanning-tree  mst 0

Cisco#show spanning-tree  mst 1

Cisco#show spanning-tree  mst 2

Comware - Route Aggregation

Route-Aggregate is referred to as a RAGG in documentation

# ON the CORE

interface Route-Aggregation 2
 description TO_ENGINEERING
 ip address 10.100.100.17 30
 link-aggregation mode dynamic (Makes LACP RAGG. No entry for static RAGG) 

int Ten-GigabitEthernet1/0/1
 port link-mode route
 description “LINK_TO_ENGINEERING”
 port link-aggregation group 2

int Ten-GigabitEthernet1/0/2
 port link-mode route
 description LINK_TO_ENGINEERING
 port link-aggregation group 2


# ON the Engineering Router
interface Route-Aggregation 2
 description TO_CORE
 ip address 10.100.100.18 30
  link-aggregation mode dynamic (Makes LACP RAGG. No entry for static RAGG) 

interface Ten-GigabitEthernet1/0/1
 port link-mode route
 description LINK_TO_CORE
 port link-aggregation group 2

interface Ten-GigabitEthernet1/0/2
 port link-mode route
 description LINK_TO_CORE
 port link-aggregation group 2

ProCurve - MDI and MDIX

MDI  MDIX

Copper ports on the switch can automatically detect the type of cable configuration (MDI or MDI-X) on a connected device and adjust to operate appropriately.   This means you can use a “straight-through” twisted-pair cable or a “crossover” twisted-pair cable for any of the connections—the port makes the necessary adjustments to accommodate either one for correct operation. The 10/100/1000Base-T port types on your switch support the IEEE 802.3ab standard, which includes the “Auto MDI/MDI-X” feature:  

Auto-MDIX (default): Senses speed and negotiates with the port at the other end of the link for port  operation (MDI-X or MDI). To see what the switch negotiates for the Auto setting, use the CLI show interfaces brief command or the “3. Port Status” option under “1. Status and Counters” in the menu interface.

MDI: Sets the port to connect with a PC using a crossover cable (Manual mode—applies only to copper port switches using twisted-pair copper Ethernet cables)

MDIX: Sets the port to connect with a PC using a straight-through cable (Manual mode—applies only to copper port switches using twisted-pair copper Ethernet cables)

Additionally, ProCurve Auto-MDIX supports operation in forced speed and duplex modes.  This means if you hard-code both sides to 100FD, then the MDI/MDIX negotiation will still take place.  Refer to the IEEE 802.3ab Standard Reference for further information.

Straight through Ethernet Cables

Now this is all fine and good when you actually are using a cross-over cable, or connecting to an archaic device that doesn’t understand Auto MDI/MDI-X, ,but what if a straight through cable is used where both link partners are set to Auto-MDI/MDI-X?

When a link establishes between two link partners, the auto-negotiation signaling between two devices is a “coin toss”.   There is really no telling which side will come up MDI and which will be MDIX.  MDI is considered the “master” and MDIX is considered the “slave”.    This signaling happens automatically on link establishment with auto-negotiation set.

If you set the switch to be MDI then it saves a bit of overhead between the switch port and the server NIC bouncing back and forth between who is master and who is slave before settling.  If the switch says “I am MDI” then things settle faster.  Some NIC vendors have the ability to set hard code the MDI status for the NIC as well.  Same logic holds true for the NIC.  

On the switch 

5406(config)# int a1 mdix-mode

 mdi                   Configures port for connecting a PC with a crossover cable

 mdix                  Configures port for connecting a PC with a straight-through cable

 automdix           Configures port for automatic detection of the cable

In other cases, some improvements have been seen when you tell either the client or the switch to be the MDI always.

Cisco, ProCurve, Comware - Classifier based QoS

 In all cases below, the voice vlan is 610

Cisco

qos
qos dbl
qos map dscp 24 25 26 27 28 29 30 31 to tx-queue 4
qos map dscp 32 33 34 35 36 37 38 39 to tx-queue 4
qos map cos 5 to dscp 46
!
class-map match-all AutoQoS-VoIP-RTP-Trust
match ip dscp ef
!
class-map match-all AutoQoS-VoIP-Control-Trust
match ip dscp cs3 af31
!
policy-map AutoQoS-Police-CiscoPhone
class AutoQoS-VoIP-RTP-Trust
set dscp ef
police 320000 8000 exceed-action policed-dscp-transmit
class AutoQoS-VoIP-Control-Trust
set dscp cs3
police 32000 8000 exceed-action policed-dscp-transmit
!
interface range GigabitEthernet4/13 - 48
des MDF_DATA
switchport host
switchport access vlan 178
switchport voice vlan 610
auto qos voip cisco-phone

H3C

traffic classifier AutoQoS-VoIP-Control-Trust operator or
 if-match dscp 24 26
#
traffic classifier AutoQoS-VoIP-RTP-Trust
 if-match dscp 46
#
traffic behavior remark_to_ef
 remark dscp 46
#
traffic behavior remark_to_cs3
 remark dscp 26
#
qos policy AutoQoS-Police-CiscoPhone
 classifier AutoQoS-VoIP-Control-Trust behavior remark_to_cs3
 classifier AutoQoS-VoIP-RTP-Trust behavior remark_to_ef

Set on vlan from gloabal context
 qos vlan-policy AutoQoS-Police-CiscoPhone vlan 610 inbound

Set on bridge interface
interface GigabitEthernet1/0/17
 qos apply policy AutoQoS-Police-CiscoPhone inbound

Set on routed interface
interface Ethernet0/2
 port link-mode route
 qos apply policy AutoQoS-Police-CiscoPhone inbound
 qos apply policy AutoQoS-Police-CiscoPhone outbound

Procurve

qos type-of-service diff-services

class ipv4 "AutoQoS-VoIP-Control-Trust"
10 match ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 ip-dscp cs3
20 match ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 ip-dscp af31
exit

class ipv4 "AutoQoS-VoIP-RTP-Trust"
10 match ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 ip-dscp ef
exit

policy qos "AutoQoS-Police-CiscoPhone"
10 class ipv4 "AutoQoS-VoIP-RTP-Trust" action dscp ef
20 class ipv4 "AutoQoS-VoIP-Control-Trust" action dscp cs3
exit

vlan 610
service-policy "AutoQoS-Police-CiscoPhone" in
exit

Can also be set on interface(s)

Procurve - Configuring BGP all 0's route selection

AS-65008	SPH	AS-65009
hostname "AS-65008"	hostname "SPH"	hostname "AS-65009"
ip route 0.0.0.0 0.0.0.0 blackhole	ip route 90.1.1.0 255.255.255.0 blackhole	ip route 0.0.0.0 0.0.0.0 blackhole
ip route 5.1.1.0 255.255.255.0 blackhole	ip routing	ip route 40.1.1.0 255.255.255.0 blackhole
ip route 10.1.1.0 255.255.255.0 blackhole		ip route 50.1.1.0 255.255.255.0 blackhole
ip routing	ip prefix-list "FROM_AS-65008" seq 5 permit 0.0.0.0 255.255.255.255	ip routing
	ip prefix-list "FROM_AS-65008" seq 10 permit 5.1.1.0 255.255.255.0
interface loopback 0	ip prefix-list "TO_AS-65008" seq 10 permit 90.1.1.0 255.255.255.0	interface loopback 0
ip address 1.1.1.1		ip address 3.3.3.3
exit		exit
	ip prefix-list "FROM_AS-65009" seq 5 permit 0.0.0.0 255.255.255.255
router bgp 65008	ip prefix-list "FROM_AS-65009" seq 10 permit 50.1.1.0 255.255.255.0	router bgp 65009
enable	ip prefix-list "TO_AS-65009" seq 10 permit 90.1.1.0 255.255.255.0	enable
bgp router-id 20.1.1.2		bgp router-id 30.1.1.2
bgp log-neighbor-changes	interface loopback 0	bgp log-neighbor-changes
network 0.0.0.0 0.0.0.0	ip address 2.2.2.2	network 0.0.0.0 0.0.0.0
network 5.1.1.0 255.255.255.0	exit	network 40.1.1.0 255.255.255.0
network 10.1.1.0 255.255.255.0		network 50.1.1.0 255.255.255.0
neighbor 20.1.1.1 remote-as 65009	router bgp 65009	neighbor 30.1.1.1 remote-as 65009
exit	enable	exit
	bgp router-id 30.1.1.1
vlan 200	bgp log-neighbor-changes	vlan 300
name "VLAN200"	bgp maximum-prefix 20	name "VLAN300"
untagged 2	network 20.1.1.0 255.255.255.0	untagged 1
ip address 20.1.1.2 255.255.255.0	network 30.1.1.0 255.255.255.0	ip address 30.1.1.2 255.255.255.0
exit	network 90.1.1.0 255.255.255.0	exit
	neighbor 20.1.1.2 remote-as 65008
	neighbor 20.1.1.2 route-map "FROM_AS-65008" in
	neighbor 20.1.1.2 route-map "TO_AS-65008" out
	neighbor 30.1.1.2 remote-as 65009
	neighbor 30.1.1.2 route-map "FROM_AS-65009" in
	neighbor 30.1.1.2 route-map "TO_AS-65009" out
	exit
	exit
	vlan 200
	name "VLAN200"
	untagged 2
	ip address 20.1.1.1 255.255.255.0
	exit
	vlan 300
	name "VLAN300"
	untagged 1
	ip address 30.1.1.1 255.255.255.0
	exit
	route-map "FROM_AS-65008" permit seq 10
	set local-preference 50
	match ip address prefix-list "FROM_AS-65008"
	exit
	route-map "TO_AS-65008" permit seq 10
	match ip address prefix-list "TO_AS-65008"
	exit
	route-map "FROM_AS-65009" permit seq 10
	set local-preference 100
	match ip address prefix-list "FROM_AS-65009"
	exit
	route-map "TO_AS-65009" permit seq 10
	match ip address prefix-list "TO_AS-65009"
	exit

SPH# show ip bgp route community

  Local AS            : 65009         Local Router-id  : 30.1.1.1
  BGP Table Version   : 2

  Status codes: * - valid, > - best, i - internal, e - external, s - stale
  Origin codes: i - IGP, e - EGP, ? - incomplete

     Network            Nexthop         Community
     ------------------ --------------- --------------------------------------
* e  0.0.0.0/0          20.1.1.2                                              ?
*>i  0.0.0.0/0          30.1.1.2                                              ?
*>e  5.1.1.0/24         20.1.1.2                                              ?
* e  10.1.1.0/24        20.1.1.2                                              ?
*>   20.1.1.0/24                                                              i
*>   30.1.1.0/24                                                              i
* i  40.1.1.0/24        30.1.1.2                                              ?
*>i  50.1.1.0/24        30.1.1.2                                              ?
*>   90.1.1.0/24                                                              ?

SPH# show ip route

                                        IP Route Entries

  Destination        Gateway         VLAN Type      Sub-Type   Metric     Dist.
  ------------------ --------------- ---- --------- ---------- ---------- -----
  0.0.0.0/0          20.1.1.2        200  bgp                  0          20
  2.2.2.2/32         lo0                  connected            1          0
  5.1.1.0/24         20.1.1.2        200  bgp                  0          20
  20.1.1.0/24        VLAN200         200  connected            1          0
  30.1.1.0/24        VLAN300         300  connected            1          0
  50.1.1.0/24        30.1.1.2        300  bgp                  0          200
  90.1.1.0/24        blackhole            static               1          1
  127.0.0.0/8        reject               static               0          0
  127.0.0.1/32       lo0                  connected            1          0


NOTE: The local prefernce shows in the bgp route table to prefer the route set with a local-pref of 100 (higher pref wins) but yet the ip route table shows the lower pref route.  The  LOCAL_PREF is a well know discretionary setting but only shared by  iBGP peers.  So even though the bgp table likes the route to the remote AS (65008) it is the ibgp route that makes it into the routing table (i'm not sure why this is) but is easily fixed by prepending or some other discretionary bgp setting

Using loop-back interfaces

A BGP Interface Cannot Communicate with a Neighbor. Unlike other routing protocols, BGP interfaces do not automatically search for and exchange routes with connected routers. You must manually configure authorized neighbors.

View the BGP neighbor and double-check its IP address:

ProCurve# show ip bgp neighbors

Ping the neighbor to check connectivity.
If the ping is successful, but the router does not seem to be exchanging BGP messages, you might need to configure eBGP multihop. External neighbors are supposed to be directly connected to the BGP interface. If they are not, you must specify the number of hops it is to the neighbor. For example:

ProCurve(config-bgp-neighbor)# ebgp-multihop 4

Remember that a loopback interface adds a hop to the route. Even if the external neighbor is directly connected, you must enable eBGP multihop if you are using the loopback interface as the source BGP interface.