These commands are for R6 & R7
——- general ———
ip interface vlan223 address 172.22.23.2 mask 255.255.255.0 admin-state enable vlan 223
ip interface vlan333 address 172.23.33.3 mask 255.255.255.0 admin enable vlan 333
vlan 13 members port 1/3 untagged
vlan 2 members port 1/4 tagged
vlan 13 port default 1/3
vlan 2 802.1q 1/4
modify running-directory working
ip route-map local-to-rip sequence-number 10 action permit
ip route-map local-to-rip sequence-number 10 match ip-address 0.0.0.0/0 redist-control all-subnets
ip redist local into rip route-map local-to-rip
— .1x —
vlan port mobile 1/1
vlan port 1/1 802.1x enable
aaa radius-server rad1 host 192.168.100.102 timeout 25 key alcatel-lucent
aaa authentication 802.1x rad1
ip helper … (no need to specify vlan ID)
— UNP —
no aaa user-network-profile name Berlin
no policy list policy-berlin
no policy rule policy-berlin
no policy action policy-berlin
no policy condition policy-berlin
policy condition policy-berlin source ip 192.168.4.0 mask 255.255.255.0 destination ip 192.168.2.0 mask 255.255.255.0
policy action policy-berlin disposition deny
policy rule policy-berlin condition policy-berlin action policy-berlin
policy list policy-berlin type unp enable rules policy-berlin
qos apply
aaa user-network-profile name Berlin vlan 4 policy-list-name policy-berlin
— traffic ACL —
! it’s automaticly applied to all ports !!
policy condition v10 source ip 10.0.10.0 mask 255.255.255.0 destination ip 10.0.30.0 mask 255.255.255.0
policy action v10 disposition drop
policy rule v10 condition v10 action v10
— MSTP —
spantree mode flat
spantree cist protocol mstp
spantree mst region name France
spantree msti 1
spantree msti 1 vlan 31
spantree msti 2
spantree msti 2 vlan 32
bridge mode flat
bridge cist protocol mstp
bridge mst region name France
bridge msti 1
bridge msti 1 vlan 31
bridge msti 2
bridge msti 2 vlan 32
— disable stp for a vlan —
spantree vlan 12 admin-state disable
vlan 12 stp disable
—- LACP —-
interfaces 1/3 admin-state enable
linkagg lacp port 1/3 actor admin-key 3
linkagg lacp agg 3 size 2 actor admin-key 3
vlan 31-32 members linkagg 3 tagged
interfaces 1/4 admin up
lacp linkagg 2 size 8 actor admin key 2
lacp agg 1/4 actor admin key 2
vlan 32 802.1q 2
— OSPF —-
ip load ospf
ip ospf area 0.0.0.13
ip router router-id 1.1.1.1
ip ospf admin-state enable
ip ospf interface vlan13
ip ospf interface vlan13 area 0.0.0.13
ip ospf interface vlan13 admin-state enable
ip ospf interface vlan13 auth-type md5
ip ospf interface vlan13 md5 1
ip ospf interface vlan13 md5 1 key 123456
ip ospf interface vlan13 admin-state enable
ip load ospf
ip ospf area 0.0.0.13
ip router router-id 3.3.3.3
ip ospf status enable
ip ospf interface vlan13
ip ospf interface vlan13 area 0.0.0.13
ip ospf interface vlan13 status enable
ip ospf interface vlan13 auth-type md5
ip ospf interface vlan13 md5 1
ip ospf interface vlan13 md5 1 key 123456
ip ospf interface vlan13 status enable
— ospf virtual link —-
ip ospf virtual-link 0.0.0.13 1.1.1.1
ip ospf virtual-link 0.0.0.13 1.1.1.1 auth-type simple
ip ospf virtual-link 0.0.0.13 1.1.1.1 auth-key 123456
— ospf summery —
ip ospf area 0.0.0.10 range summary 172.21.0.0 255.255.0.0
— ospf aggrigate —
ip access-list local_agg
ip access-list local_agg address 172.31.0.0/16
ip access-list local_agg address 172.31.0.0/16 redist-control agregate
ip route-map local-to-ospf-agg sequence-number 10 action permit
ip route-map local-to-ospf-agg sequence-number 10 match ip-addresss local_agg
ip redist local into ospf route-map local-to-ospf-agg admin-state enable
— IGMP —
ip multicast admin-state enable
ip multicast status enable
for PIM devices:
ip multicast querying enable
for L2 devices:
ip multicast querier-forwarding enable
— PIM —
ip load pim
ip pim sparse admin-state enable
ip pim sparse status enable
ip pim interface Loopback0
ip pim candidate-rp 1.1.1.1 225.2.2.0/24
ip pim cbsr 1.1.1.1 (this is must to advertise the rp address to all other routers)
— VRRP —-
vrrp 10 10
vrrp 10 10 priority 150 preempt interval 1
vrrp 10 10 address 172.25.10.254
— SLB —
ip slb admin enable
ip slb cluster “vip1” vip 172.25.30.100
ip slb server ip 172.25.30.10 cluster “vip1”
ip slb server ip 172.25.30.20 cluster “vip1”
—- snmp —-
user public password alcatel-lucent read-write all
aaa authentication snmp “local”
snmp security no-security
snmp community-map mode enable
snmp community-map “public” user “pablic” enable
snmp station 192.168.100.102 public v2 enable
Dear Sharon, thanks for sharing the knowledge. it really cover my back… God bless you