access-list in & out

vLan 16: 10.20.16.0/24
vLan 80: 192.168.80.0/24

int vlan 16
ip access-group 116 in
ip access-group 126 out

access-list 116 permit ip 10.20.16.0 0.0.0.255 192.168.80.0 0.0.0.255
access-list 126 permit ip 192.168.80.0 0.0.0.255 10.20.16.0 0.0.0.255

Remark: Source address and then Destination address

cisco renumber stack

sh run to backup all interface settings

interface GigabitEthernet1/0/1
switchport access vlan 13
shutdown
spanning-tree portfast

interface GigabitEthernet1/0/2
switchport access vlan 13
spanning-tree portfast

interface GigabitEthernet3/0/1
switchport access vlan 11
spanning-tree portfast

interface GigabitEthernet3/0/2
switchport access vlan 11
spanning-tree portfast

Switch#sh inv
NAME: “3”, DESCR: “WS-C2960S-24TS-L”
PID: WS-C2960S-24TS-L , VID: V02 , SN: FOC1432W130

NAME: “1”, DESCR: “WS-C2960S-48FPS-L”
PID: WS-C2960S-48FPS-L , VID: V03 , SN: FOC1715Z4Z1

NAME: “2”, DESCR: “WS-C2960S-24PS-L”
PID: WS-C2960S-24PS-L , VID: V04 , SN: FOC1823Z4NF

Switch#sh switch detail
Switch/Stack Mac Address : 58bc.27ff.b500
H/W Current
Switch# Role Mac Address Priority Version State
———————————————————-
1 Member f41f.c294.d080 1 1 Ready
2 Member 0008.2f9b.9680 1 1 Ready
*3 Master 58bc.27ff.b500 15 1 Ready

Switch(config)#switch 1 renumber 3
Switch(config)#switch 3 renumber 1
Switch(config)#reload

Switch(config)#default interface ran g1/0/1-48
Switch(config)#default interface ran g3/0/1-48

replace new interface settinges

interface GigabitEthernet3/0/1
switchport access vlan 13
shutdown
spanning-tree portfast

interface GigabitEthernet3/0/2
switchport access vlan 13
spanning-tree portfast

interface GigabitEthernet1/0/1
switchport access vlan 11
spanning-tree portfast

interface GigabitEthernet1/0/2
switchport access vlan 11
spanning-tree portfast

layer 2 traceroute

2F-ASW-2960S-5#sh mac add | inc 1/0/1
80 fcf1.52ef.aea1 DYNAMIC Gi1/0/1

9F-CSW-3750-1#sh mac add | inc 3/0/43
80 00e0.4c0b.cd09 DYNAMIC Gi3/0/43
80 00e0.4c0b.cd1d DYNAMIC Gi3/0/43
80 00f1.f31b.4f20 DYNAMIC Gi3/0/43
80 00f1.f31b.6151 DYNAMIC Gi3/0/43
80 5404.a691.3baa DYNAMIC Gi3/0/43

2F-ASW-2960S-5#traceroute mac fcf1.52ef.aea1 00e0.4c0b.cd09
Source fcf1.52ef.aea1 found on 2F-ASW-2960S-5
1 2F-ASW-2960S-5 (192.168.81.42) : Gi1/0/1 => Gi1/0/48
2 2F-ASW-2960X-4 (192.168.81.41) : Gi1/0/48 => Gi1/0/49
3 9F-CSW-3750-1 (192.168.1.254) : Gi6/0/3 => Gi3/0/43
Destination 00e0.4c0b.cd09 found on 9F-CSW-3750-1
Layer 2 trace completed

Cisco upgrade stack IOS Automatic (.tar image)

Use Master to do the upgrade, it will be put IOS to others Stack members, and auto run “boot system xxx”

show switch detail

                                               Current
Switch#  Role      Mac Address     Priority     State 
--------------------------------------------------------
 1       Slave     000c.30ae.4f00     9         Ready
*2       Master    000d.bd5c.1680     15        Ready

archive download-sw usbflash02:Data/c3750e-universalk9-tar.122-55.SE10.tar

reload

Cisco 3750 StackPower not work

2

Switch#show stack-power

Power stack name: Powerstack-2
Stack mode: Power sharing
Stack topology: Ring
Switch 2:
Power budget: 223
Low port priority value: 21
High port priority value: 12
Switch priority value: 3
Port 1 status: Not connected
Port 2 status: Connected
Neighbor on port 1: 0000.0000.0000
Neighbor on port 2: e4aa.5d5d.a700

Switch 1:
Power budget: 223
Low port priority value: 22
High port priority value: 13
Switch priority value: 4
Port 1 status: Connected
Port 2 status: Not connected
Neighbor on port 1: e4aa.5d45.6780
Neighbor on port 2: 0000.0000.0000

Power stack name: Powerstack-3
Stack mode: Power sharing
Stack topology: Standalone
Switch 3:
Power budget: 192
Low port priority value: 22
High port priority value: 13
Switch priority value: 4
Port 1 status: Shut
Port 2 status: Shut
Neighbor on port 1: 0000.0000.0000
Neighbor on port 2: 0000.0000.0000

Switch#stack-power switch 3 port 1 enable
Switch#stack-power switch 3 port 2 enable

Cisco upgrade stack IOS Manual (.bin Image)

show boot

BOOT path-list : flash:/c3750e-universalk9-mz.122-55.SE8/c3750e-universalk9-mz.122-55.SE8.bin
Config file : flash:/config.text
Private Config file : flash:/private-config.text
Enable Break : no
Manual Boot : no
HELPER path-list :
Auto upgrade : yes
Auto upgrade path :
NVRAM/Config file
buffer size: 524288
Timeout for Config
Download: 0 seconds
Config Download
via DHCP: disabled (next boot: disabled)
——————-
Switch 1
——————-
BOOT path-list : flash:/c3750e-universalk9-mz.122-55.SE8/c3750e-universalk9-mz.122-55.SE8.bin
Config file : flash:/config.text
Private Config file : flash:/private-config.text
Enable Break : no
Manual Boot : no
HELPER path-list :

Auto upgrade : no

Auto upgrade path :
——————-
Switch 3
——————-
BOOT path-list : flash:/c3750e-universalk9-mz.122-55.SE8.bin
Config file : flash:/config.text
Private Config file : flash:/private-config.text
Enable Break : no
Manual Boot : no
HELPER path-list :

Auto upgrade : no

Auto upgrade path :

delete flash1:/c3750e-universalk9-mz.122-55.SE8/c3750e-universalk9-mz.122-55.SE8.bin
delete flash2:/c3750e-universalk9-mz.122-55.SE8/c3750e-universalk9-mz.122-55.SE8.bin
delete flash3:/c3750e-universalk9-mz.122-55.SE8.bin

copy usbflash03:/Data/c3750e-universalk9-mz.122-58.SE2.bin flash1:
copy usbflash03:/Data/c3750e-universalk9-mz.122-58.SE2.bin flash2:
copy usbflash03:/Data/c3750e-universalk9-mz.122-58.SE2.bin flash3:

boot system switch 1 flash:c3750e-universalk9-mz.122-58.SE2.bin
boot system switch 2 flash:c3750e-universalk9-mz.122-58.SE2.bin
boot system switch 3 flash:c3750e-universalk9-mz.122-58.SE2.bin

reload

Cisco change IOS

Switch#show boot
BOOT path-list : flash:/c3750e-universalk9-mz.122-58.SE2/c3750e-universalk9-mz.122-58.SE2.bin
Config file : flash:/config.text
Private Config file : flash:/private-config.text
Enable Break : no
Manual Boot : no
HELPER path-list :
Auto upgrade : yes
Auto upgrade path :
NVRAM/Config file
buffer size: 524288
Timeout for Config
Download: 0 seconds
Config Download
via DHCP: disabled (next boot: disabled)

copy usbflash03:/Data/c3750e-universalk9-mz.122-55.SE8.bin flash:

boot system flash:/c3750e-universalk9-mz.122-55.SE8.bin

CCNP 以Packet Size決定不同Gateway out

 matchlength

Goal:
HK network(R5) connect to China network(R4) via ISP MPLS for smaller packet, and the bigger packet via own VPN

R4
interface FastEthernet0/0
ip address 172.20.20.3 255.255.255.0

ip route 0.0.0.0 0.0.0.0 172.20.20.1
ip route 0.0.0.0 0.0.0.0 172.20.20.2

R1
interface FastEthernet0/0
ip address 192.168.0.252 255.255.255.0
interface FastEthernet0/1
ip address 172.20.20.1 255.255.255.0

ip route 10.0.0.0 255.255.255.0 192.168.0.254

R2
interface FastEthernet0/0
ip address 192.168.0.253 255.255.255.0
interface FastEthernet0/1
ip address 172.20.20.2 255.255.255.0

ip route 10.0.0.0 255.255.255.0 192.168.0.254

R6
interface FastEthernet0/0
ip address 8.8.8.8 255.255.255.0

ip route 10.0.0.0 255.255.255.0 8.8.8.9

R3
interface FastEthernet0/0
ip address 192.168.0.254 255.255.255.0
interface FastEthernet0/1
ip address 10.0.0.2 255.255.255.0
interface FastEthernet1/0
ip address 8.8.8.9 255.255.255.0

ip route 172.20.20.0 255.255.255.0 192.168.0.252
ip route 172.20.20.0 255.255.255.0 192.168.0.253

access-list 101 permit ip any 172.20.20.0 0.0.0.255

route-map lab1 permit 10
match ip address 101
match length 0 100
set ip next-hop 192.168.0.252

route-map lab1 permit 20
match ip address 101
match length 101 2147483647
set ip next-hop 192.168.0.253

R5
interface FastEthernet0/0
ip address 10.0.0.1 255.255.255.0

ip route 0.0.0.0 0.0.0.0 10.0.0.2

Verify:

R3
debug ip policy

R5
Ping
Protocol [ip]:
Target IP address: 172.20.20.3
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]:
Sweep range of sizes [n]:

matchlength2

Ping
Protocol [ip]:
Target IP address: 172.20.20.3
Repeat count [5]:
Datagram size [100]: 101
Timeout in seconds [2]:
Extended commands [n]:
Sweep range of sizes [n]:

matchlength3