Home Explore Help
Register Sign In
jeremy
/
HON95-wiki
mirror of https://github.com/HON95/wiki
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

Network stuff

Håvard O. Nordstrand 4 years ago
parent
3d68bf763f
commit
643870c7df
3 changed files with 69 additions and 32 deletions
Split View Show Diff Stats
  1. 6 0
      config/network/brocade-fastiron-switches.md
  2. 58 29
      config/network/cisco-ios-general.md
  3. 5 3
      config/network/cisco-ios-routers.md

+ 6 - 0
config/network/brocade-fastiron-switches.md
View File 

@@ -111,6 +111,7 @@ Security features like port security, dynamic ARP inspection, DHCP snooping, IP
 
     1. Add a default IPv4 route: `ip route 0.0.0.0/0 <gateway>`
 
     1. Add a default IPv6 route: `ipv6 route ::/0 <gateway>`
 
     1. Disable sending IPv6 RAs: `ipv6 nd suppress-ra`
 
+1. Enable LLDP: `lldp run`
 
 1. Configure spanning tree (802-1w):
 
     1. Enable globally: `spanning-tree single 802-1w`
 
     1. Set priority: `spanning-tree single 802-1w priority 0` (0 for root)
 
@@ -154,6 +155,11 @@ Security features like port security, dynamic ARP inspection, DHCP snooping, IP
 
     - Restore the startup config: `reload`
 
 - Transceivers:
 
     - Show transceivers: `show media validation`
 
+- LLDP:
 
+    - Enable (config): `lldp run`
 
+    - Show status: `show lldp`
 
+    - Show neighbors overview: `show lldp neigh`
 
+    - Show neighbor details: `show lldp neigh ports <port>`
 
 
 ### Ports

+ 58 - 29
config/network/cisco-ios-general.md
View File 

@@ -38,6 +38,8 @@ Software configuration for Cisco switches and routers running IOS or derivatives
 
 - Save/load config:
 
     - Save running config: `copy run start` or `write mem`
 
     - Restore startup config: `copy start run`
 
+- System status:
 
+    - Show alarms: `show facility-alarm status`
 
 - Interface status:
 
     - L2/L3 oiverview: `sh ip int br`
 
 - Optics:
 
@@ -72,40 +74,32 @@ Software configuration for Cisco switches and routers running IOS or derivatives
 
     1. Enable login: `login`
 
     1. Set to use the local database: `login authentication default`
 
 
-## Features
 
+## Tasks
 
 
-### Port Aggregation Protocol (PAgP)
 
+### Reset Password
 
 
-- Cisco-proprietary protocol for link aggregation.
 
-- Use LACP instead.
 
-
 
-### Link Aggregation Control Protocol (LACP)
 
-
 
-- An IEEE protocol (aka 802.3ad) for link aggregation.
 
-
 
-### UniDirectional Link Detection (UDLD)
 
-
 
-- A Cisco-proprietary protocol for detecting unidirectional links.
 
-- Disabled by default.
 
-- This can happen when one fiber strand has been damaged but the other one works, which would make it hard to know that the link is down and it could cause STP loops.
 
-- It's mostly used for fiber ports, but can also be used for copper ports.
 
-- Use aggressive mode to err-disable the port when it stops receiving periodic UDLD messages.
 
-- A partial alternative is to use single member LACP.
 
-- Configuration:
 
-    - Set message interval: `udld message time <seconds>`
 
-    - Enable in normal og aggressive mode globally on all fiber ports: `udld <enable|aggressive>`
 
-    - Enable per-interface: `udld port <enable|aggressive>`
 
+1. Power off the device.
 
+1. Connect using serial.
 
+1. Power on the device and immediately prepare for the next step.
 
+1. Press Ctrl+Break to enter ROMMON.
 
+1. Type `confreg 0x2142` to make it ignore the startup config.
 
+1. (Required?) Type `sync` to save the environment.
 
+1. Type `boot` to start booting the IOS image. Wait for it to boot.
 
+1. Log in using default (no) credentials and make the necessary changes.
 
+    - To reset the startup config, run `erase startup-config`.
 
+1. Enter config mode and run `config-register 0x2102` to re-enable loading the startup config.
 
+1. Reboot: `reload`
 
 
-### Cisco Discovery Protocol (CDP)
 
+### Copy Config to Device Using SCP
 
 
-- A Cisco-proprietary protocol for interchanging device information to neighbor devices.
 
-- Use LLDP instead.
 
-- Disable globally: `no cdp run`
 
+Note: Copying to the running config will merge it into it instead of overwriting it. Copying it to the startup config instead and restarting is one way around that.
 
 
-### Link Layer Discovery Protocol (LLDP)
 
-
 
-- An IEEE protocol (defined in IEEE 802.1AB) for interchanging device information to neighbor devices.
 
-- **TODO** LLDP and LLDP-MED
 
+1. Enable SSH.
 
+1. Enable local authentication and authorization.
 
+1. Copy from PC to device: `scp new-config.txt admin@10.10.10.10:flash:/new-config` (example)
 
+1. (Optional) Backup the old startup config: `copy startup-config flash:startup-config.backup`
 
+1. Copy new config to running config: `copy flash:new-config nvram:startup-config`
 
+1. Reload: `reload`
 
 
 ## Information
 
 
@@ -139,6 +133,41 @@ Software configuration for Cisco switches and routers running IOS or derivatives
 
     - Completely useless, never use it.
 
 - ROM monitor mode (aka ROMMON).
 
 
+### Features
 
+
 
+#### Port Aggregation Protocol (PAgP)
 
+
 
+- Cisco-proprietary protocol for link aggregation.
 
+- Use LACP instead.
 
+
 
+#### Link Aggregation Control Protocol (LACP)
 
+
 
+- An IEEE protocol (aka 802.3ad) for link aggregation.
 
+
 
+#### UniDirectional Link Detection (UDLD)
 
+
 
+- A Cisco-proprietary protocol for detecting unidirectional links.
 
+- Disabled by default.
 
+- This can happen when one fiber strand has been damaged but the other one works, which would make it hard to know that the link is down and it could cause STP loops.
 
+- It's mostly used for fiber ports, but can also be used for copper ports.
 
+- Use aggressive mode to err-disable the port when it stops receiving periodic UDLD messages.
 
+- A partial alternative is to use single member LACP.
 
+- Configuration:
 
+    - Set message interval: `udld message time <seconds>`
 
+    - Enable in normal og aggressive mode globally on all fiber ports: `udld <enable|aggressive>`
 
+    - Enable per-interface: `udld port <enable|aggressive>`
 
+
 
+#### Cisco Discovery Protocol (CDP)
 
+
 
+- A Cisco-proprietary protocol for interchanging device information to neighbor devices.
 
+- Use LLDP instead.
 
+- Disable globally: `no cdp run`
 
+
 
+#### Link Layer Discovery Protocol (LLDP)
 
+
 
+- An IEEE protocol (defined in IEEE 802.1AB) for interchanging device information to neighbor devices.
 
+- **TODO** LLDP and LLDP-MED
 
+
 
 ### Version and Image String Notations
 
 
 - Version 12 notation (e.g. `12.4(24a)T1`):

+ 5 - 3
config/network/cisco-ios-routers.md
View File 

@@ -28,13 +28,15 @@ An example of a full configuration.
 
 1. Don't enter initial configuration (it's useless).
 
 1. Enter privileged exec mode: `enable`
 
 1. Enter configuration mode: `conf t`
 
+1. Disable zero touch provisioning (ZTP): `ztp disable`
 
 1. Disable unused features/services:
 
     1. `no service config`
 
     1. `no service pad`
 
     1. `no service password-encryption`
 
     1. `no cdp run`
 
     1. `no ip source-route`
 
-    1. `no ip domain-lookup`
 
+    1. `no ipv6 source-route`
 
+    1. `no ip domain-lookup` (optional)
 
     1. `no ip http server`
 
     1. `no ip http secure-server`
 
 1. Set the hostname and domain name:
 
@@ -62,12 +64,12 @@ An example of a full configuration.
 
         1. `login authentication default`
 
 1. Configure SSH:
 
     1. Set hostname and domain name (see above).
 
-    1. Generate SSH server cert: `crypto key generate rsa modulus 2048`
 
+    1. Generate SSH server cert: `crypto key generate rsa modulus <2048|4096>`
 
     1. Set version: `ip ssh version 2`
 
     1. Set VTY lines to use SSH:
 
         1. Enter line config: `line vty 0 15`
 
         1. Set to use SSH: `transport input ssh`
 
-        1. Set the timeout: `exec-timeout <minutes> <seconds>` (e.g. 15 minutes)
 
+        1. Set the timeout: `exec-timeout <minutes> <seconds>` (e.g. 60 minutes)
 
         1. Enter priv exec mode after login: `privilege level 15`
 
 1. Configure DNS: `ip name-server <addr1> <addr2> [...]`
 
 1. Enable IPv6 forwarding: `ipv6 unicast-routing`