winfred.nl – gewoon, mijn archief

NCS – stuff

22 april 2026 moiwinfred

upgrade hw-module location all fpd all

username beheer
group root-lr
group cisco-support
secret
!
hostname C02
!
vrf M2-DLP
address-family ipv4 unicast
!
interface MgmtEth0/RP0/CPU0/0
no shutdown
vrf M2
ipv4 address 10.10.10.10 255.255.255.0
!
router static
vrf M2-DLP
address-family ipv4 unicast
0.0.0.0/0 10.10.10.254
!
!
!
domain name winfred.eu

ssh client source-interface MgmtEth0/RP0/CPU0/0
ssh server enable cipher aes-cbc
ssh server disable hmac hmac-sha1
ssh server v2
ssh server vrf M2-DLP
!
fpd auto-upgrade enable

interface TwentyFiveGigE0/0/0/2
no shutdown
description P01
!
interface TwentyFiveGigE0/0/0/3
no shutdown
description P02

show media
dir disk2:
copy disk2:ncs540l-x64-7.8.1.iso harddisk:
show install upgrade-matrix iso /harddisk:/ncs540l-x64-7.8.1.iso

! RP/0/RP0/CPU0:P01#show install upgrade-matrix iso /harddisk:/ncs540l-x64-7.8.1$
! Fri Jan 6 15:53:47.724 UTC
! ———————————————————–
! Upgrade matrix information for system upgrade: 7.5.2->7.8.1
! ———————————————————–

XR system upgrade is supported with no additional restrictions
install package replace /harddisk:/ncs540l-x64-7.8.1.iso
install replace harddisk:/ncs540l-x64-7.8.1.iso noprompt
! install source harddisk:/ncs540l-x64-7.8.1.iso
! install package upgrade harddisk:/ncs540l-x64-7.8.1.iso
install apply reload
install commit

Cisco

CSR – PPP

22 april 2026 moiwinfred

!
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
platform console virtual
!
hostname CSR
!
boot-start-marker
boot-end-marker
!
!
logging count
logging snmp-authfail
logging userinfo
logging buffered 512000
logging console informational
!
ppp unique address access-accept
aaa new-model
!
!
aaa group server radius Net-Services
server-private 192.168.1.253 auth-port 1812 acct-port 1813 timeout 3 retransmit 3
ip radius source-interface GigabitEthernet1
attribute nas-port format c
!
aaa authentication login default local
aaa authentication ppp default group Net-Services
aaa authorization config-commands
aaa authorization network default group Net-Services
aaa accounting network default
action-type start-stop
group Net-Services
!
!
!
!
!
aaa server radius dynamic-author
client 192.168.1.253
!
aaa session-id common
aaa policy interface-config allow-subinterface
!
!
!
!
!
!
!
no ip domain lookup
ip domain name winfred.eu
!
!
!
login on-success log
!
!
!
!
!
!
!
subscriber templating
!
!
!
!
!
ipv6 unicast-routing
ipv6 dhcp binding track ppp
ipv6 dhcp pool PPP-Radius
prefix-delegation aaa method-list Net-Services lifetime 7200 300
dns-server F00D::1
domain-name winfred.nl
!
multilink bundle-name authenticated
!
spanning-tree extend system-id
!
bba-group pppoe global
virtual-template 10
vendor-tag remote-id service
nas-port-id format c
sessions max limit 10
sessions per-mac limit 5
sessions per-mac iwf limit 5
sessions per-vlan limit 4
sessions auto cleanup
!
!
!
interface Loopback1
ip address 1.1.1.1 255.255.255.255
ipv6 address F00D:FFFF::1/128
!
interface Loopback2
no ip address
!
interface GigabitEthernet1
ip address 192.168.1.247 255.255.255.0
negotiation auto
pppoe enable group global
no mop enabled
no mop sysid
!
interface Virtual-Template5
ip unnumbered Loopback2
ip tcp adjust-mss 1452
load-interval 30
ipv6 unnumbered Loopback1
no snmp trap link-status
keepalive 60
ppp mtu adaptive
ppp mtu pppoe unlimited
ppp authentication pap
ppp ipcp address required
!
interface Virtual-Template10
ip unnumbered Loopback2
no ip split-horizon
ip tcp adjust-mss 1452
load-interval 30
ipv6 unnumbered Loopback1
ipv6 enable
ipv6 nd managed-config-flag
ipv6 nd other-config-flag
no ipv6 nd ra suppress
ipv6 nd ra dns server 2001:4860:4860::4444
ipv6 dhcp server PPP-Radius
no ipv6 redirects
no ipv6 unreachables
no snmp trap link-status
keepalive 60
ppp mtu adaptive
ppp mtu pppoe unlimited
ppp authentication pap
ppp ipcp address required
!
ip forward-protocol nd
!
ip ssh version 2

!
radius-server timeout 1
radius-server deadtime 1
!
!
control-plane
!
call admission new-model
call admission limit 6
call admission cpu-limit 65
call admission pppoe 10 1
!
!
!

Cisco

Cisco – VPLS

22 april 2026 moiwinfred

no service slave-log
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime localtime show-timezone
service password-encryption
service counters max age 10
no service dhcp
!
hostname SAS-A
!
boot-start-marker
boot-end-marker
!
!
vrf definition SYNC
description SYNC
rd 64574:1
route-target export 64574:1
route-target import 64574:1
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
vrf definition TEST
description TEST
rd 65001:1
route-target export 65001:1
route-target import 65001:1
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
logging count
logging snmp-authfail
logging userinfo
logging queue-limit 100
logging buffered 512000
logging console informational
!
aaa new-model
!
aaa session-id common
process cpu threshold type total rising 80 interval 5 falling 20 interval 5
platform ip cef load-sharing ip-only
clock timezone CET 1 0
clock summer-time SUM recurring last Sun Mar 2:00 last Sun Oct 3:00
!
!
!
!
!
fhrp version vrrp v3
!
ip vrf management
!
!
no ip bootp server
no ip domain-lookup
ip domain-name migratie.test

ipv6 unicast-routing
vtp mode off
!
flow monitor copp-fnf-cef-receive
record platform-original ipv4 full
!
!
!
mpls label protocol ldp
mpls ldp graceful-restart
mpls ldp session protection for backbone
mpls ldp label
allocate global prefix-list local-label-alloc
no mpls ldp advertise-labels
mpls ldp advertise-labels for backbone
!
!
!
!
!
!
!
!
!
!
!
!
!
!
logging event link-status default
!
!
archive
log config
logging enable
notify syslog contenttype plaintext
hidekeys
file prompt quiet
!
spanning-tree mode rapid-pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
port-channel load-balance src-mixed-ip-port
!
redundancy
main-cpu
auto-sync running-config
mode sso
!

vlan internal allocation policy ascending
vlan access-log ratelimit 2000
!
lldp run
!
ip tcp path-mtu-discovery
!
class-map match-any class-copp-icmp-redirect-unreachable
class-map match-all class-copp-glean
class-map match-all class-copp-receive
class-map match-all class-copp-options
class-map match-all class-copp-broadcast
class-map match-all class-copp-mcast-acl-bridged
class-map match-all class-copp-slb
class-map match-all class-copp-mtu-fail
class-map match-all class-copp-ttl-fail
class-map match-all class-copp-arp-snooping
class-map match-any class-copp-mcast-copy
class-map match-any class-copp-ip-connected
class-map match-any class-copp-match-igmp
match access-group name acl-copp-match-igmp
class-map match-all class-copp-unknown-protocol
class-map match-any class-copp-vacl-log
class-map match-all class-copp-mcast-ipv6-control
class-map match-any class-copp-match-pimv6-data
match access-group name acl-copp-match-pimv6-data
class-map match-any class-copp-mcast-punt
class-map match-all class-copp-unsupp-rewrite
class-map match-all class-copp-ucast-egress-acl-bridged
class-map match-all class-copp-ip-admission
class-map match-any class-copp-dpss-divert
class-map match-all class-copp-service-insertion
class-map match-all class-copp-mac-pbf
class-map match-any class-copp-match-mld
match access-group name acl-copp-match-mld
class-map match-all class-copp-ucast-ingress-acl-bridged
class-map match-all class-copp-dhcp-snooping
class-map match-all class-copp-wccp
class-map match-all class-copp-nd
class-map match-any class-copp-ipv6-connected
class-map match-all class-copp-mcast-rpf-fail
class-map match-any class-copp-match-ndv6hl
match access-group name acl-copp-match-ndv6hl
class-map match-any class-copp-ucast-rpf-fail
class-map match-all class-copp-mcast-ip-control
class-map match-any class-copp-match-pim-data
match access-group name acl-copp-match-pim-data
class-map match-any class-copp-match-ndv6
match access-group name acl-copp-match-ndv6
class-map match-any class-copp-mcast-v4-data-on-routedPort
class-map match-any class-copp-mcast-v6-data-on-routedPort
!
policy-map policy-default-autocopp
class class-copp-mcast-v4-data-on-routedPort
police rate 10 pps burst 1 packets conform-action drop exceed-action drop
class class-copp-mcast-v6-data-on-routedPort
police rate 10 pps burst 1 packets conform-action drop exceed-action drop
class class-copp-dpss-divert
police rate 1000 pps burst 1000 packets conform-action transmit exceed-action drop
class class-copp-match-mld
police rate 5000 pps burst 5000 packets conform-action set-discard-class-transmit 48 exceed-action drop
class class-copp-match-igmp
police rate 5000 pps burst 5000 packets conform-action set-discard-class-transmit 48 exceed-action drop
class class-copp-icmp-redirect-unreachable
police rate 100 pps burst 10 packets conform-action transmit exceed-action drop
class class-copp-ucast-rpf-fail
police rate 100 pps burst 10 packets conform-action transmit exceed-action drop
class class-copp-vacl-log
police rate 2000 pps burst 1 packets conform-action transmit exceed-action drop
class class-copp-mcast-punt
police rate 1000 pps burst 256 packets conform-action transmit exceed-action drop
class class-copp-mcast-copy
police rate 1000 pps burst 256 packets conform-action transmit exceed-action drop
class class-copp-ip-connected
police rate 1000 pps burst 256 packets conform-action transmit exceed-action drop
class class-copp-ipv6-connected
police rate 1000 pps burst 256 packets conform-action transmit exceed-action drop
class class-copp-match-pim-data
police rate 1000 pps burst 1000 packets conform-action transmit exceed-action drop
class class-copp-match-pimv6-data
police rate 1000 pps burst 1000 packets conform-action transmit exceed-action drop
class class-copp-match-ndv6hl
police rate 10 pps burst 1 packets conform-action drop exceed-action drop
class class-copp-match-ndv6
police rate 1000 pps burst 1000 packets conform-action set-discard-class-transmit 48 exceed-action drop
!
pseudowire-class VPLS
encapsulation mpls
load-balance flow
flow-label enable
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Null0
no ip unreachables
!
interface Loopback0
vrf forwarding SYNC
ip address 10.31.160.126 255.255.255.248
!
interface Loopback1
vrf forwarding TEST
ip address 10.1.1.1 255.255.255.255
!
!
interface Port-channel20.53
encapsulation dot1Q 53
vrf forwarding SYNC
ip address 192.0.1.0 255.255.255.254
!
interface Tunnel1
ip address 192.0.2.1 255.255.255.252
no ip redirects
ip ospf authentication message-digest
ip ospf network point-to-point
ip ospf cost 20
mpls ip
tunnel source 192.0.1.0
tunnel destination 192.0.1.1
tunnel vrf SYNC
!
interface Vlan1
no ip address
shutdown
!
interface Vlan3050
no ip address
!
interface Vlan3051
no ip address
!
interface Vlan3052
no ip address
!
interface Vlan3053
no ip address
!
interface Vlan3054
no ip address
!
interface Vlan3055
no ip address
!
interface Vlan3056
no ip address
!
interface Vlan3057
no ip address
!
interface Vlan3058
no ip address
!
interface Vlan3059
no ip address
!
interface Vlan3500
no ip address
!
interface Vlan3501
no ip address
!
interface Vlan3502
no ip address
!
interface Vlan3503
no ip address
!
interface Vlan3504
no ip address
!
interface Vlan3505
no ip address
!
interface Vlan3506
no ip address
!
interface Vlan3507
no ip address
!
interface Vlan3508
no ip address
!
interface Vlan3509
no ip address
!
interface Vlan3510
no ip address
!
interface Vlan3511
no ip address
!
interface Vlan3512
no ip address
!
interface Vlan3513
no ip address
!
interface Vlan3514
no ip address
!
interface Vlan3515
no ip address
!
interface Vlan3516
no ip address
!
interface Vlan3517
no ip address
!
interface Vlan3518
no ip address
!
interface Vlan3519
no ip address
!
interface Vlan3520
no ip address
!
interface Vlan3521
no ip address
!
interface Vlan3522
no ip address
!
interface Vlan3523
no ip address
!
interface Vlan3524
no ip address
!
interface Vlan3525
no ip address
!
interface Vlan3526
no ip address
!
interface Vlan3527
no ip address
!
interface Vlan3528
no ip address
!
interface Vlan3529
no ip address
!
interface Vlan3530
no ip address
!
interface Vlan3531
no ip address
!
interface Vlan3532
no ip address
!
interface Vlan3533
no ip address
!
interface Vlan3534
no ip address
!
interface Vlan3535
no ip address
!
interface Vlan3536
no ip address
!
interface Vlan3537
no ip address
!
interface Vlan3538
no ip address
!
interface Vlan3539
no ip address
!
interface Vlan3540
no ip address
!
interface Vlan3541
no ip address
!
interface Vlan3542
no ip address
!
interface Vlan3543
no ip address
!
interface Vlan3544
no ip address
!
interface Vlan3545
no ip address
!
interface Vlan3546
no ip address
!
interface Vlan3547
no ip address
!
interface Vlan3548
no ip address
!
interface Vlan3549
no ip address
!
interface Vlan3550
no ip address
!
interface Vlan3551
no ip address
!
interface Vlan3552
no ip address
!
interface Vlan3553
no ip address
!
interface Vlan3554
no ip address
!
interface Vlan3555
no ip address
!
interface Vlan3556
no ip address
!
interface Vlan3557
no ip address
!
interface Vlan3558
no ip address
!
interface Vlan3559
no ip address
!
interface Vlan3560
no ip address
!
interface Vlan3561
no ip address
!
interface Vlan3562
no ip address
!
interface Vlan3563
no ip address
!
interface Vlan3564
no ip address
!
interface Vlan3565
no ip address
!
interface Vlan3566
no ip address
!
interface Vlan3567
no ip address
!
interface Vlan3568
no ip address
!
interface Vlan3569
no ip address
!
interface Vlan3570
no ip address
!
interface Vlan3571
no ip address
!
interface Vlan3572
no ip address
!
interface Vlan3573
no ip address
!
interface Vlan3574
no ip address
!
interface Vlan3575
no ip address
!
interface Vlan3576
no ip address
!
interface Vlan3577
no ip address
!
interface Vlan3578
no ip address
!
interface Vlan3579
no ip address
!
interface Vlan3580
no ip address
!
interface Vlan3581
no ip address
!
interface Vlan3582
no ip address
!
interface Vlan3583
no ip address
!
interface Vlan3584
no ip address
!
interface Vlan3585
no ip address
!
interface Vlan3586
no ip address
!
interface Vlan3587
no ip address
!
interface Vlan3588
no ip address
!
interface Vlan3589
no ip address
!
interface Vlan3590
no ip address
!
interface Vlan3591
no ip address
!
interface Vlan3592
no ip address
!
interface Vlan3593
no ip address
!
interface Vlan3594
no ip address
!
interface Vlan3595
no ip address
!
interface Vlan3596
no ip address
!
interface Vlan3597
no ip address
!
interface Vlan3598
no ip address
!
interface Vlan3599
no ip address
!
interface Virtual-Ethernet1
switchport
switchport mode trunk
switchport trunk allowed vlan 3050-3059,3500-3599
transport vpls mesh
neighbor 192.0.2.2 pw-class VPLS
!
router ospf 1
router-id 192.0.2.1
auto-cost reference-bandwidth 10000
redistribute connected subnets
passive-interface default
no passive-interface Tunnel1
network 192.0.2.0 0.0.0.255 area 0
!
router bgp 65001
bgp router-id 192.0.0.1
bgp log-neighbor-changes
bgp graceful-restart extended
bgp sso route-refresh-enable
neighbor 192.0.2.2 remote-as 65001
neighbor 192.0.2.2 update-source Tunnel1
!
address-family ipv4
redistribute connected
neighbor 192.0.2.2 activate
exit-address-family
!
address-family vpnv4
neighbor 192.0.2.2 activate
neighbor 192.0.2.2 send-community extended
exit-address-family
!
address-family ipv6
exit-address-family
!
address-family vpnv6
neighbor 192.0.2.2 activate
neighbor 192.0.2.2 send-community extended
exit-address-family
!
address-family ipv4 vrf TEST
redistribute connected
exit-address-family
!
no ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip route vrf SYNC 10.31.160.96 255.255.255.248 192.0.1.1 name FNB-SAS-B
ip ssh time-out 60
ip ssh source-interface mgmt0
ip ssh version 2
ip ssh server algorithm mac hmac-sha1
ip ssh server algorithm encryption aes256-cbc
!
ip access-list standard backbone
permit 192.0.2.0 0.0.0.255
!
ip access-list extended acl-copp-match-igmp
permit igmp any any
ip access-list extended acl-copp-match-pim-data
deny pim any host 224.0.0.13
permit pim any any
!
!
!
!
!
!
ipv6 access-list acl-copp-match-mld
permit icmp any any mld-report
permit icmp any any mld-query
permit icmp any any mld-reduction
permit icmp any any 143
!
ipv6 access-list acl-copp-match-ndv6
permit icmp any any nd-na
permit icmp any any nd-ns
permit icmp any any router-advertisement
permit icmp any any router-solicitation
permit icmp any any redirect
!
ipv6 access-list acl-copp-match-ndv6hl
permit icmp any any nd-na hoplimit
permit icmp any any nd-ns hoplimit
permit icmp any any router-advertisement hoplimit
permit icmp any any router-solicitation hoplimit
permit icmp any any redirect hoplimit
!
ipv6 access-list acl-copp-match-pimv6-data
deny 103 any host FF02::D
permit 103 any any
!
control-plane
service-policy input policy-default-autocopp
!
!
vstack
!
line con 0
media-type rj45
line aux 0
line vty 0 4
transport input ssh
line vty 5 1509
transport input ssh
!
diagnostic bootup level minimal
end

Cisco

Cisco – DHCP vrf

21 april 2026 moiwinfred

ip dhcp excluded-address vrf 3958 10.15.0.252 10.15.0.254
ip dhcp excluded-address vrf 3958 10.15.0.0 10.15.0.100
ip dhcp excluded-address vrf 3958 10.15.0.150 10.15.0.163
!
ip dhcp pool MERAKI-beheer
vrf 3958
network 10.15.0.0 255.255.255.0
domain-name routit.com
default-router 10.15.0.254
dns-server 213.144.235.1 213.144.235
!
interface GigabitEthernet4/1.1200
description Meraki – Management
encapsulation dot1Q 1200 native
vrf forwarding 3958
ip address 10.15.0.252 255.255.255.0
no ip redirects
no ip proxy-arp
vrrp 101 ip 10.15.0.254
vrrp 101 priority 99

Cisco

SRv6 – EVPN

21 april 2026 moiwinfred

net 31.0000.0000.%IPv6_location + IPv6_nodeID%.00
net 31.0000.0000.0001.0005.00

router isis 1
is-type level-2-only
net 31.0000.0000.0002.0006.00
nsr
nsf ietf
nsf lifetime 20
nsf interface-timer 15
nsf interface-expires 1
log adjacency changes
!
int Te0/0/0/8
address-family ipv6 unicast
fast-reroute per-prefix
fast-reroute per-prefix tiebreaker srlg-disjoint index 100
fast-reroute per-prefix ti-lfa
int Te0/0/0/35
address-family ipv6 unicast
fast-reroute per-prefix
fast-reroute per-prefix tiebreaker srlg-disjoint index 100
fast-reroute per-prefix ti-lfa

%IPv6_locator%

segment-routing
srv6
logging locator status
encapsulation
source-address 1::1
!
locators
locator S2
prefix fc00:700d:0:105::/64
!
!
!
!

fc00:700d:0:105::1
fc00:700d:0:206::1

router bgp 64574
nsr
bgp router-id 198.51.100.20
bgp graceful-restart
segment-routing srv6
locator S2
!
address-family vpnv4 unicast
segment-routing srv6
locator S2
!
!
address-family vpnv6 unicast
segment-routing srv6
locator S2
!
!
address-family l2vpn evpn
!
neighbor fc00:700d:0:105:1
remote-as 64574
update-source Loopback0
address-family vpnv4 unicast
!
address-family vpnv6 unicast
!
address-family l2vpn evpn
!
!
vrf A
rd 1:1
address-family ipv4 unicast
segment-routing srv6
alloc mode per-vrf
!
redistribute connected
!
!
vrf 200
rd 1:200
address-family ipv4 unicast
segment-routing srv6
alloc mode per-vrf
!
redistribute connected
!
!
!

vrf TEST
address-family ipv4 unicast
import route-target
64574:777
!
export route-target
64574:777
!
router bgp 64574
!
vrf TEST
rd 64574:777
address-family ipv4 unicast
segment-routing srv6
alloc mode per-vrf
!
redistribute connected
!
address-family ipv6 unicast
segment-routing srv6
alloc mode per-vrf
!
redistribute connected

neighbor fc00:700d:0:105:1
remote-as 64574
update-source Loopback0
address-family vpnv4 unicast
!
address-family vpnv6 unicast
!
address-family l2vpn evpn
!
interface Loopback0
address-family ipv6 unicast

call-home
service active
contact smart-licensing
profile CiscoTAC-1
active
destination transport-method email disable
destination transport-method http
!
!
interface Bundle-Ether50
description sr06
mtu 9000
lacp period short
lldp
!
load-interval 30
!
interface Bundle-Ether200
description – po200
mtu 9000
lacp period short
lldp
enable
!
load-interval 30
!
interface Bundle-Ether300
description – po300
mtu 9000
lacp period short
lldp
enable
!
load-interval 30
!

!
interface TenGigE0/0/0/11
description 2 – te1/4
bundle id 50 mode active
lldp
!
!
interface TenGigE0/0/0/12
description a5a – te
mtu 9000
lldp
enable
!
!
interface TenGigE0/0/0/31
description a5b – te
mtu 9000
lldp
enable
!
!
interface TenGigE0/0/0/32
description a- te1/17
bundle id 50 mode active
lldp
!
!

!
interface TwentyFiveGigE0/0/0/4
shutdown
!
interface TwentyFiveGigE0/0/0/5
shutdown
!
interface TwentyFiveGigE0/0/0/6
description ah2-prod-fg-le02 – p25
bundle id 200 mode active
!
interface TwentyFiveGigE0/0/0/7
shutdown
!
interface TwentyFiveGigE0/0/0/9
description ah2-prod-fg-le02 – ha1
mtu 9000
lldp
enable
!

evpn
segment-routing srv6
locator S2
!
!
!
l2vpn
xconnect group 2002
p2p 2002
interface TwentyFiveGigE0/0/0/34
neighbor evpn evi 2002 service 2002 segment-routing srv6
locator S2
!
!
!
!

EVPN based point-to-point (E-Line)
evpn
evi 2002 segment-routing srv6
advertise-mac
!
locator S2
!
interface TwentyFiveGigE0/0/0/34
!
segment-routing srv6
!
!

evpn
segment-routing srv6
locator S2

l2vpn
xconnect group 2002
p2p 2002
interface TwentyFiveGigE0/0/0/34
neighbor evpn evi 2002 service 2002 segment-routing srv6 locator S2

interface TwentyFiveGigE0/0/0/15
shutdown
!
interface TwentyFiveGigE0/0/0/16
shutdown
!
interface TwentyFiveGigE0/0/0/17
shutdown
!
interface TwentyFiveGigE0/0/0/18
shutdown
!
interface TwentyFiveGigE0/0/0/19
shutdown
!
interface TwentyFiveGigE0/0/0/20
shutdown
!
interface TwentyFiveGigE0/0/0/21
shutdown
!
interface TwentyFiveGigE0/0/0/22
shutdown
!
interface TwentyFiveGigE0/0/0/23
shutdown
!
interface HundredGigE0/0/0/24
shutdown
!
interface HundredGigE0/0/0/25
shutdown
!
interface HundredGigE0/0/0/26
shutdown
!
interface HundredGigE0/0/0/27
shutdown
!
interface TwentyFiveGigE0/0/0/28
shutdown
!
interface TwentyFiveGigE0/0/0/29
shutdown
!

interface preconfigure TenGigE0/0/0/36
shutdown
!
interface preconfigure TwentyFiveGigE0/0/0/8
shutdown
!
interface preconfigure TwentyFiveGigE0/0/0/11
shutdown
!
interface preconfigure TwentyFiveGigE0/0/0/12
shutdown
!
interface preconfigure TwentyFiveGigE0/0/0/31
shutdown
!
interface preconfigure TwentyFiveGigE0/0/0/32
shutdown
!
interface preconfigure TwentyFiveGigE0/0/0/35
shutdown
!

RP/0/RP0/CPU0:ah2-prod-sr-06#sh int BE200.1
Tue Apr 23 14:39:36.986 CEST
Bundle-Ether200.1 is up, line protocol is up
Interface state transitions: 1
Hardware is VLAN sub-interface(s), address is 9433.d801.05d3
Internet address is /31
MTU 9004 bytes, BW 50000000 Kbit (Max: 50000000 Kbit)
reliability 255/255, txload 0/255, rxload 0/255
Encapsulation 802.1Q Virtual LAN, VLAN Id 2000, loopback not set,
Last link flapped 5d23h
ARP type ARPA, ARP timeout 04:00:00
Last input 00:00:00, output 00:00:00
Last clearing of “show interface” counters never
5 minute input rate 5000 bits/sec, 8 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
4021515 packets input, 329455046 bytes, 0 total input drops
0 drops for unrecognized upper-level protocol
Received 36 broadcast packets, 0 multicast packets
15311 packets output, 704306 bytes, 0 total output drops
Output 0 broadcast packets, 0 multicast packets

 RP/0/RP0/CPU0:ah2-prod-sr-06#sh run int BE200.1

Tue Apr 23 14:40:06.202 CEST
no int BE200.1

interface Bundle-Ether200.2000

vrf 10
ipv4 address 10.10.10.1 255.255.255.0
encapsulation dot1q 2000
!

no interface Bundle-Ether200.2000
interface BVI 2000
host-routing
vrf 10
ipv4 address 10.20.10.2 255.255.255.0
mac-address 64.574.2000
!
interface Bundle-Ether200.2000 l2transport
encapsulation dot1q 2000
rewrite ingress tag pop 1 symmetric
!
l2vpn
bridge group bg-2000
bridge-domain bd-2000
interface Bundle-Ether200.2000
!
routed interface BVI2000
!
evi 200
!
!
!
!

Cisco, SRv6

FG – IPv6 PD

21 april 2026 moiwinfred

Fortinet, IPv6

SSH server – alg

20 april 2026 moiwinfred

ssh server algorithms cipher aes128-gcm@openssh.com aes256-gcm@openssh.com aes256-cbc
ssh server algorithms cipher aes128-gcm@openssh.com aes256-gcm@openssh.com

ssh server algorithms host-key ecdsa-nistp256 ecdsa-nistp384 ecdsa-nistp521 ed25519
ssh server algorithms key-exchange ecdh-sha2-nistp521 ecdh-sha2-nistp384 ecdh-sha2-nistp256

ssh server algorithms cipher aes128-gcm@openssh.com aes256-gcm@openssh.com aes256-cbc
ssh server algorithms host-key ecdsa-nistp256 ecdsa-nistp384 ecdsa-nistp521 ed25519
ssh server algorithms key-exchange ecdh-sha2-nistp521 ecdh-sha2-nistp384 ecdh-sha2-nistp256

ssh server algorithms cipher aes128-gcm@openssh.com aes256-gcm@openssh.com
ssh server algorithms host-key ecdsa-nistp256 ecdsa-nistp384 ecdsa-nistp521
ssh server algorithms key-exchange ecdh-sha2-nistp521 ecdh-sha2-nistp384 ecdh-sha2-nistp256
ssh server v2

ssh server algorithms cipher aes256-gcm@openssh.com

Cisco, Security

SRv6 –

20 april 2026 moiwinfred

Router(config-evpn)# segment-routing srv6
Router(config-evpn-srv6)# locator sample
Router(config-evpn-srv6)# exit
Associate an EVI-specific locator (sample_evi_loc) with EVI 1.

Router(config-evpn)# evi 1 segment-routing srv6
Router(config-evpn-instance)# locator sample_evi_loc
Router(config-evpn-instance)# commit
Associate SRv6 with L2VPN

Associate the sub-interface to the bridge domain:

Router(config)# l2vpn
Router(config-l2vpn)# bridge group bg1
Router(config-l2vpn-bg)# bridge-domain bd1
Router(config-l2vpn-bg-bd)# interface Hu0/0/0/0.1
Router(config-l2vpn-bg-bd-ac)# exit
Enable the evi 1 segment-routing srv6 command under L2VPN bridge domain bd1.

Router(config-l2vpn-bg-bd)# evi 1 segment-routing srv6
Router(config-l2vpn-bg-bd-evi-srv6)# commit

Cisco, SRv6

PiHole

20 april 2026 moiwinfred

sudo podman run -d –name=pihole -e TZ=Europe/Amsterdam -e WEBPASSWORD=%password% -e SERVERIP=127.0.0.1 -v pihole:/etc/pihole -v dnsmasq:/etc/dnsmasq.d -p 80:50080 -p 53:54/tcp -p 53:53/udp –restart=unless-stopped pihole/pihole

Containers

FG – BGP toggle

20 april 2026 moiwinfred

execute router clear bgp ip 203.0.113.241 soft

01_asd (aspath-list) # show
config router aspath-list
edit “AS-Azure”
config rule
edit 1
set action permit
set regexp “_12076$”
next
end
next
edit “AS-AWS”
config rule
edit 1
set action permit
set regexp “_9059$”
next
end
next
end

01_asd (aspath-list) # end

01_asd (CF) # config router route-map

01_asd (route-map) # show
config router route-map
edit “RM-To-VPN1”
config rule
edit 1
set match-ip-address “To_VPN1”
next
end
next
edit “RM-To-EIC”
config rule
edit 1
set action deny
set match-ip-address “RFC1918”
next
edit 2
set action deny
set match-ip-address “DEFAULT-GATEWAY”
next
edit 3
set match-as-path “AS-AWS”
set set-aspath-action replace
set set-aspath “9059”
next
edit 4
next
end
next
edit “RM-From-EIC”
config rule
edit 1
set match-as-path “AS-Azure”
set set-aspath-action replace
set set-aspath “12076”
next
end
next
edit “RM_From_EIC”
config rule
edit 1
set action deny
set match-ip-address “RFC1918”
next
edit 2
set action deny
set match-ip-address “DEFAULT-GATEWAY”
next
edit 3
next
end
next
end

4200064574

router bgp 64574
!
address-family ipv4 vrf ABC
neighbor 203.0.113.254 remote-as 4200064574

!
address-family ipv4 vrf ABC
neighbor 203.0.113.246 remote-as 4200064574

get router info bgp neighbors 203.0.113.241 advertised-routes

execute router clear bgp all soft (in/out)

clear bgp vrf 29595 ipv4 unicast 203.0.113.246

sh bgp vpnv4 unicast vrf ABC| inc 10.5
sh bgp vpnv4 unicast vrf ABC neighbors 203.0.113.246 advertised-routes

config router route-map
edit “EIC_Blue”
config rule
edit 1
set match-as-path “Azure”
set set-aspath “12076”
next
end
next
end

config router aspath-list
edit “From-Azure”
config rule
edit 1
set action permit
set regexp “_12076$”
next
end
next
end

config router route-map
edit “EIC_Blue”
config rule
edit 1
set match-as-path “Azure”
set set-aspath “12076”
next
end
next
end

onfig router route-map
edit “EIC-Blue”
config rule
edit 1
set match-as-path “From-Azure”
set set-aspath-action replace
set set-aspath “12076”
next
end
next
end

Fortinet

1 2 3 … 22 »