SD-Access looks great and all, but I'd love to hear from people who have fully deployed SDA for a fairly large campus. Anyone willing to talk about the good and bad, the pretty and the ugly? Specifically, any cities or airports with SDA fully deploye...
I configured policy-based routing for an SVI in a Nexus 9K. The goal was to route internet-destined traffic for this VLAN to a different firewall, allowing normal routing for all internal destinations. Here's what I configured: ip access-list PA_PILO...
I found quite a bit of helpful documentation on creating a CoPP policy for our ASR 1000 series BGP routers. But there are a few questions not answered.
First is how you tune the policing rules to fit different router size and bandwidth constraints....
Trying to figure out how to do ISSU on a Cisco ASR-1002-HX. This model has the single, integrated RP that runs two instances of IOS-XE on it and supports ISSU. When I run the "request platform software package install" command on the router, with the...
Hi Everyone,I have an odd situation where I need to config site to site VPN with a very "tight" VPN ACL that allows access to a specific port and host at each end. I need to tunnel TCP traffic from site A encryption domain address 1.1.1.1 to site B a...
I don't know of a reason you wouldn't do #2 either. We run VPC on all our campus and Data Center (5/7/9K) cores and have plenty of "single-legged," non-VPC connections to them without an additional L2, non-VPC trunk link between the VPC peers. The ke...
Just set up some of the VTY lines to authenticate to local, and some to RADIUS like this. Change the number of VTY connections for each aaa type to fit your needs. aaa authentication login LOCAL_AUTH localaaa authorization exec LOCAL_AUTHOR local aa...
That works. Should be no problem at all. Not sure your physical interfaces will take the "channel-group x mode active" command until you've duplicated the port-channel config on the physical interfaces. They have to be the same when setting up the VP...
If you're talking about access-control policy, NX-OS works just like IOS. *ip access-list MGMT_ACCESSstatistics per-entrypermit tcp 1.1.1.0/24 any eq 22permit ip 2.3.4.5/32 any line vtyip access-class MGMT_ACCESS in* If you're talking about QoS filt...
Overlay Transport Virtualization (OTV) will allow you to stretch L2 between the data centers while maintaining separate failure domains and giving exiting traffic in each VLAN its own, local gateway to leave the data center. You could control the ret...
