Arnaud Fenioux 's Personal Home Page

Disclaimer

The opinions expressed here are my personal opinions. My current or past employers are not responsible for what I write here or the comments left by site visitors.

Limit user access (cisco view)

March 11, 2014 - Arnaud
Categorie: Technical
Tags: cisco

limit commands to admin 15 :

privilege exec level 15 ssh
privilege exec level 15 telnet

Create a view for a user :

enable view
conf t
  parser view readonly
    secret 5 ???
    commands exec include show vlan
    commands exec include show
    exit
  username test view readonly password 0 ????

 

Configuring Netflow

January 8, 2014 - Arnaud
Categorie: Technical
Tags: cisco

Old style :

Cisco logging

November 26, 2013 - Arnaud
Categorie: Technical
Tags: cisco

you can check your log in buffer :

#show logging

By default the buffer is 4k (aprox 60 lines), you can change it with :

(config)#logging buffered 23456

Remove logging to console :

(config)#no logging console

Disable specific logging in the buffer :

SPAN / Port Mirroring

November 19, 2013 - Arnaud
Categorie: Technical
Tags: cisco

To monitor one Vlan, on a specific switch (here vlan 622 goes on port gi1/0/22):

(config)#monitor session 1 source vlan 622
(config)#monitor session 1 destination interface Gi1/0/22

To check if it's OK :

#show monitor session 1
Session 1
---------
Type                   : Local Session
Source VLANs           :
    Both               : 622
Destination Ports      : Gi1/0/22
    Encapsulation      : Native
          Ingress      : Disabled

To monitor one port (here port gi1/0/11 goes on port gi1/0/22):

QinQ & Vlan mapping / translation

October 3, 2013 - Arnaud
Categorie: Technical
Tags: cisco

VLAN MAPPING

You have a custommer using the same vlan as you? In the example we want to map his vlan 21 to our 117.

This is not working on all cisco switches (6500 are ok)

interface GigabitEthernet2/25
 switchport mode trunk
 switchport trunk allowed vlan 117,500
 switchport vlan mapping enable
 switchport vlan mapping 21 117

to check if it's ok :

How to use VRF

August 27, 2013 - Arnaud
Categorie: Technical
Tags: cisco

This Example is only working for IPv4 (see the "vrf definition" command below for IPv6) :

First create your VRF and define an RD (Route Distinguisher) which is 16bits:16bits (can also be 32b:16b if you use doted IP notation)

(config)# ip vrf my_vrf_1
(config-vrf)# rd 500:1

Add you interface into the VRF (remeber to set the IP address *after*)

Cisco security & misc

August 12, 2013 - Arnaud
Categorie: Technical
Tags: cisco

Some basic tips, things to remove from IOS default configuration!

Prevent from source routing (ie the souce can specify the path the packet should take)

(config)#no ip source-route

 

Dont make your router a default gw for bad configured hosts

(config)#int gi0/0
(config-if)#no ip proxy-arp

 

suppress Router Advertisement messages on an interface:
(config-if)# ipv6 nd suppress-ra
! OR
(config-if)# ipv6 nd ra suppress

Use you own timeout (in minutes) for your enable session

Private VLAN

June 16, 2013 - Arnaud
Categorie: Technical
Tags: cisco

Drupal tips

February 19, 2012 - Arnaud
Categorie: Technical
Tags: Web

You have to use Taxonomy (Admin menu, structure) to group you articles, 

1/ it's better to create a new vocabulary, each word will be a link of your menu (remember to set the alias URL for each word).
2/ add a new field text in the article (Admin, Structure, content type, edit on Article, manage fields) choose the name of you new field (eg category), select "Term reference" in the fiel column
3/Edit your main menu (Admin, Structure, Menus, "list links" on main menu) then add new links with path set to your Taxonomy word URL alias
4/And voila!

Pages

Subscribe to afenioux.fr RSS RSS Feed