Foundry Cisco
common commands that are different between vendors:
**access configuration**
Access-list 10 permit 172.16.0.0 0.0.0.255 Access-list 10 permit 172.16.0.0 0.0.0.255
telnet access-group 10 line vty 0 4
ip access-class 10 in
ip ssh-client 192.168.1.1
snmp-client 192.168.1.1
web-client 192.168.1.1
all-client 192.168.1.1
enable telnet password letmein line vty 0 4
password letmein
enable super-user-password enable enable password enable
enable secret enable
**************** dns ****************
Ip dns domain-name foundry.net ip domain-name foundry.net
Ip dns name-server 4.2.2.2 ip name-server 4.2.2.2
****************interface naming****************
Interface ether 1 interface e 1
Port-name test description test
****************speed-duplex****************
Interface ether 1 interface ether 1
Speed-duplex 100 full speed 100
Duplex full
**************** disabling a port ****************
Int e 1 int e 1
Disable shutdown
**************** range of interfaces ****************
Int Ethernet 1/1 to 1/24 interface range Ethernet 1/1 -24
**************** POE ****************
Int Ethernet 1/1 interface Ethernet 1/1
Inline power power inline
**************** ntp server ****************
Sntp server 3.3.3.3 ntp-server x.x.x.x
****************adding layer-3 interface****************
Interface ve 1 Interface vlan
Ip address x.x.x.x x.x.x.x Ip address x.x.x.x x.x.x.x
vlan 200 name test
tagged ethe 3/22
router-interface ve 1
**Protocol based VLAN**
Ip-subnet 3.3.3.3 255.255.255.0 name subnet-a
No dynamic
Static Ethernet 1 to 9 ethernet 20
****************port based vlans****************
vlan 222 name Test
Vlan 222 name Test
****************adding port to vlan****************
Vlan 222 interface e 1/1
untagged ether 1/1 switchport access vlan 222
Untagged ether 1/1
vlan 222 interface e1/24
taggedd e 1/24 switch mode trunk
****************stp root****************
Spanning-tree priority 0 spanning-tree vlan 100 root primary/secondary
**************** portfast-fastport ****************
Int e 1/3 int e 1/3
Fast port-span spanning-tree portfast
Stp-protect spanning-tree portfast bpduguard
****************802.1q trunk****************
int e 2/2
switchport encapsulation dot1q
Switchport mode trunk
Vlan 222
Tagged ether 2/2
Tagged ether 2/2
****************802.3ad link aggregation****************
inte e1 to e2
link-aggregate
Trunk Ethernet 1 to 4 interface range gigabitethernet2/0/1 -2
channel-group 2 mode active
(trunk specific parameters need to be done from master port, first port)
****************Port Mirroring****************
Mirror-port ether 1 (sniffer port) monitor session 1 source int fast 2
Int ether 2 monitor session 1 destination int fast 1
Monitor port ether 1
**************** Routing protocols *****************
Router rip router rip
Ethernet 1/1 network 172.16.0.0
Ip rip v1-only
Router rip
Permit redistribute 1 static address 172.16.0.0 255.255.255.0 router rip
Redistribution redistribute static
Router ospf router ospf 1
Area 0.0.0.0 network 10.0.0.0 0.0.0.255 area 0.0.0.0
Interface e 1/1
Ip ospf area 0.0.0.0
Router ospf router ospf 1
Redistribution rip redistribute static
Redistribution static redistribute rip
Router bgp router bgp 40
Local-as 40
(neighbor commands identical)
**************** VRRP-HSRP config *****************
VRRP HSRP
Router 1 Router 1
Router vrrp interface e 1/6
Inter e 1/6 ip address 192.168.5.2
Ip address 192.168.5.1 255.255.255.0 standby 1 ip 192.168.5.1
Ip vrrp vrid 1 standby 1 priority 110
Owner standby 1 preempt
Ip address 192.168.53.1
Activate
Router 2 Router 2
Router vrrp interface e 1/5
Inter e 1/5 ip address 192.168.5.3 255.255.255.0
Ip address 192.168.5.3 standy 1 ip 192.168.5.1
Ip vrrp vrid 1
backup
Ip address 192.168.53.1
Activate
**VRRPE**
(highest priority is the master)
Router vrrp-extended
Inter e 1/5
Ip address 192.168.5.2
Ip vrrp-extended vrid 1
Backup
Ip address 192.168.5.1
activate
Router vrrp-extended
Inter e 1/3
Ip address 192.168.5.3
Ip vrrp-extended vrid 1
Backup
Backup priority 50 track-priority 10 (track priority decrements priority upon failure of interface being tracked)
Ip address 192.168.5.1
activate
**********************Other commands*************************
**sflow**
-Sflow
Sflow destination x.x.x.x
Sflow enable
Int e 1/1
Sflow forwarding
**dot1x**
Aaa authentication dot1x default radius
radius-server host 10.10.10.10 auth-port 1812 acct-port 1813 default key mykey dot1x
dot1x-enable
enable all
enable ether 2/1
inter ether 2/1
dot1x port-control auto
re-authentication (global default 3600 seconds)
Dot1x initialize e 3/1 (from # prompt (not config)
dot1x multiple-hosts
auth-fail-vlanid 300 (unsuccessful auth places client in vlan 300)
**rate limiting**
---fixed rate---
int e 1/1
rate limit fixed 500000 payload-only
show rate-limit fixed
traffic-policy tpd rate-limit fixed 100 exceed-action drop
access-list 101 permit ip any any traffic-policy tpd
int e 1/1
ip access-group 101 in
---Adaptive rate---
Cir: committed info rate (rate bps)
Cbs: commited burst size (packets)
Pir: peek information rate (rate bps)
Pbs: peer burst size (packets)
traffic-policy tpdadapt rate-limit adaptive cir 10000 cbs 16000 pir 20000 pbs 40000 exceed-action drop
access-list 101 permit ip any any traffic-policy tpdadapt
int e 1/1
ip access-group 101 in
***UDLD***
Link-keepalive Ethernet 1/1
Link-keepalive Ethernet 1/1 to ¼
Link-keepalive retries (default 5)
Link-keepalive interval (default 5)
***Radius***
Username tborst password mypassword (optional local database user)
Radius-server host 3.3.3.3
Radius-server key mykey
Radius-server retransmit 5 (default 3)
Radius-server timeout 5 (default 3 sec)
Enable telnet authentication
Aaa authentication login default radius local
Aaa authentication enable default radius local
Aaa authentication login privilege-mode (goes to enable mode after successful logon)
Aaa authentication enable implicit-user (when entering enable mode, prompts for just password –no userid)
***Security commands***
---RPF---
Int e 1/1
Ip verify unicast reverse-path external
---DHCP snooping---
Ip dhcp snooping vlan x
Interface Ethernet 1/1 (trusted ports..router, switches, dhcp server)
Dhcp snooping trust
---ip source guard---
Enable acl-per-port-per-vlan (global config)
Interface e 1/1
Source-guard enable
---arp inspection---
Ip arp inspection vlan 2 (globa)
Interface ether 1/1
Arp inspection trust
***source interface admin***
Ip telnet source-interface loop 0
Ip tftp source-interface loop 0
***mdi/mdx***
Interface e 1/1
mdi-mdx mdi (connects to end device)
mdi-mdx mdx (connects to switch-hub xover)
***VSRP***
(enabled by default, to run vrrp/vrrpe disable vsrp first)
No router vsrp
Vlan 200
Tag Ethernet 1/1 to 1/8
Vsrp vid 1
Backup
Activate
Scale-timer 2 (divides times by 2)
Ip vsrp auth-type simple-text-auth passwd (hello packets)
No include-port ether 1/1
Backup priority 75
Backup track-priority 1
Track-port e 1/1
Non-preempt-mode
Vlan 200 (vsrp-aware device)
Vsrp-aware vrid 1 auth simple-text-auth passwd
____________________________Software Naming conventions FastIron________________________________
SxSxxxxxx.bin (layer 2)
SxLxxxxxx.bin (Base Layer 3)
SxRxxxxxx.bin (Full Layer 3)
菊�硐忝笔�
http://jajamaozi.taobao.com