Cisco NXOS | OTV
TACACS+
--------------------------
-----------APs-------------
--------------------------
-----------APs-------------
feature tacacs+
tacacs-server key 7 "angkasapura@123"
tacacs-server host 10.1.50.40
aaa group server tacacs+ PUSAT
server 10.1.50.40
user-vrf management
source-interface mgmt0
tacacs+ commit
aaa authentication login default group PUSAT
aaa authorization commands default group PUSAT local
aaa accounting default group PUSAT
login on-success log
aaa authentication login error-enable
tacacs-server key 7 "angkasapura@123"
tacacs-server host 10.1.50.40
aaa group server tacacs+ PUSAT
server 10.1.50.40
user-vrf management
source-interface mgmt0
tacacs+ commit
aaa authentication login default group PUSAT
aaa authorization commands default group PUSAT local
aaa accounting default group PUSAT
login on-success log
aaa authentication login error-enable
-----------PB------------------
SWITCH NXOS-CS
feature tacacs+
ip tacacs source-interface loopback0
tacacs-server host 10.89.2.88
tacacs-server host 10.87.2.17
tacacs-server host 10.186.200.15 key 7 "s3vr4t4"
tacacs-server host 10.89.244.28 key 7 "s3vr4t4"
aaa group server tacacs+ GERMATA_ACS
server 10.186.200.15
server 10.89.244.28
!
aaa authentication login default group GERMATA_ACS
aaa authorization config-commands default group GERMATA_ACS local
aaa authorization commands default group GERMATA_ACS local
aaa accounting default group GERMATA_ACS
feature tacacs+
ip tacacs source-interface loopback0
tacacs-server host 10.89.2.88
tacacs-server host 10.87.2.17
tacacs-server host 10.186.200.15 key 7 "s3vr4t4"
tacacs-server host 10.89.244.28 key 7 "s3vr4t4"
aaa group server tacacs+ GERMATA_ACS
server 10.186.200.15
server 10.89.244.28
!
aaa authentication login default group GERMATA_ACS
aaa authorization config-commands default group GERMATA_ACS local
aaa authorization commands default group GERMATA_ACS local
aaa accounting default group GERMATA_ACS
SWITCH NX0S-SF
feature tacacs+
ip tacacs source-interface loopback0
tacacs-server host 10.186.200.15 key 7 "s3vr4t4"
tacacs-server host 10.89.224.28 key 7 "s3vr4t4"
aaa group server tacacs+ GERMATA_ACS
server 10.186.200.15
server 10.89.224.28
aaa authentication login default group GERMATA_ACS
aaa authorization config-commands default group GERMATA_ACS
aaa authorization commands default group GERMATA_ACS local
aaa accounting default group GERMATA_ACS
tacacs-server directed-request
aaa authorization config-commands default group GERMATA_ACS
aaa authorization commands default group GERMATA_ACS local
aaa accounting default group GERMATA_ACS
tacacs-server directed-request
SWITCH CATALYST
!
tacacs-server host 10.89.224.28 key 7 031408190B5B3518
tacacs-server host 10.186.200.15 key 7 044B58140275581A
tacacs-server directed-request
!
aaa group server tacacs+ ACS
server 10.186.200.15
server 10.89.224.28
!
!
tacacs-server host 10.89.224.28 key 7 031408190B5B3518
tacacs-server host 10.186.200.15 key 7 044B58140275581A
tacacs-server directed-request
!
aaa group server tacacs+ ACS
server 10.186.200.15
server 10.89.224.28
!
aaa authentication login GERMATA_ACS group tacacs+ enable
aaa authentication login CONSOLE local-case
aaa authentication login VTY group tacacs+ local-case
aaa authentication enable default enable
aaa authorization exec default group tacacs+ if-authenticated
aaa authorization exec VTY group tacacs+ if-authenticated
aaa accounting exec default start-stop group tacacs+
aaa accounting exec GERMATA_ACS start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting commands 15 GERMATA_ACS start-stop group tacacs+
aaa accounting network default start-stop group tacacs+
aaa accounting connection default start-stop group tacacs+
aaa accounting system default start-stop group tacacs+
!
ip tacacs source-interface Vlan1
aaa authentication login CONSOLE local-case
aaa authentication login VTY group tacacs+ local-case
aaa authentication enable default enable
aaa authorization exec default group tacacs+ if-authenticated
aaa authorization exec VTY group tacacs+ if-authenticated
aaa accounting exec default start-stop group tacacs+
aaa accounting exec GERMATA_ACS start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting commands 15 GERMATA_ACS start-stop group tacacs+
aaa accounting network default start-stop group tacacs+
aaa accounting connection default start-stop group tacacs+
aaa accounting system default start-stop group tacacs+
!
ip tacacs source-interface Vlan1
ROUTER ASR
tacacs server WTC_ACS
address ipv4 10.186.200.15
key 7 120956051F5F1850
!
tacacs server HYW_ACS
address ipv4 10.89.224.28
key 7 1407411901503E7F
!
aaa group server tacacs+ ACS
server name WTC_ACS
server name HYW_ACS
!
aaa authentication login default group tacacs+ local-case
aaa authentication login VTY group ACS local-case
aaa authentication login CONSOLE local-case
aaa authentication enable default enable
aaa authorization config-commands
aaa authorization exec default group tacacs+ local
aaa authorization exec VTY group tacacs+ if-authenticated
aaa authorization commands 15 default group tacacs+ local if-authenticated
aaa authorization commands 15 VTY group tacacs+ if-authenticated
aaa accounting exec default start-stop group ACS
aaa accounting commands 15 default start-stop group ACS
aaa accounting network default start-stop group ACS
aaa accounting connection default start-stop group ACS
aaa accounting system default start-stop group ACS
!
ip tacacs source-interface GigabitEthernet0/2/0
!
line vty 0 4
access-class LOGIN in
access-class 50 out
password 7 000A4012130B190D57
login authentication VTY
transport input ssh
transport output none
!
line vty 5 15
access-class LOGIN in
password 7 000A4012130B190D57
login authentication VTY
transport input ssh
transport output none
!
address ipv4 10.186.200.15
key 7 120956051F5F1850
!
tacacs server HYW_ACS
address ipv4 10.89.224.28
key 7 1407411901503E7F
!
aaa group server tacacs+ ACS
server name WTC_ACS
server name HYW_ACS
!
aaa authentication login default group tacacs+ local-case
aaa authentication login VTY group ACS local-case
aaa authentication login CONSOLE local-case
aaa authentication enable default enable
aaa authorization config-commands
aaa authorization exec default group tacacs+ local
aaa authorization exec VTY group tacacs+ if-authenticated
aaa authorization commands 15 default group tacacs+ local if-authenticated
aaa authorization commands 15 VTY group tacacs+ if-authenticated
aaa accounting exec default start-stop group ACS
aaa accounting commands 15 default start-stop group ACS
aaa accounting network default start-stop group ACS
aaa accounting connection default start-stop group ACS
aaa accounting system default start-stop group ACS
!
ip tacacs source-interface GigabitEthernet0/2/0
!
line vty 0 4
access-class LOGIN in
access-class 50 out
password 7 000A4012130B190D57
login authentication VTY
transport input ssh
transport output none
!
line vty 5 15
access-class LOGIN in
password 7 000A4012130B190D57
login authentication VTY
transport input ssh
transport output none
!
!
ip access-list standard LOGIN
permit 10.87.240.141
permit 10.89.1.23
permit 10.87.244.59
permit 10.87.244.27
permit 10.87.244.26
permit 10.89.242.29
!
ip access-list standard LOGIN
permit 10.87.240.141
permit 10.89.1.23
permit 10.87.244.59
permit 10.87.244.27
permit 10.87.244.26
permit 10.89.242.29
!
===============
SNMP
Catalisyt
snmp-server community master611 RW 10
snmp-server community Diamond RO 91
snmp-server trap-source Vlan1
snmp-server location Bintaro T1F9 Access Switch 1
snmp-server contact IT Division
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps tty
snmp-server enable traps cluster
snmp-server enable traps entity
snmp-server enable traps vtp
snmp-server enable traps vlancreate
snmp-server enable traps vlandelete
snmp-server enable traps flash insertion removal
snmp-server enable traps port-security
snmp-server enable traps envmon fan shutdown supply temperature status
snmp-server enable traps config-copy
snmp-server enable traps config
snmp-server enable traps bridge newroot topologychange
snmp-server enable traps stpx inconsistency root-inconsistency loop-inconsistency
snmp-server enable traps syslog
snmp-server enable traps mac-notification change move threshold
snmp-server enable traps vlan-membership
snmp-server host 10.89.1.25 Diamond snmp
snmp-server host 10.89.225.154 Diamond snmp
snmp-server community master611 RW 10
snmp-server community Diamond RO 91
snmp-server trap-source Vlan1
snmp-server location Bintaro T1F9 Access Switch 1
snmp-server contact IT Division
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps tty
snmp-server enable traps cluster
snmp-server enable traps entity
snmp-server enable traps vtp
snmp-server enable traps vlancreate
snmp-server enable traps vlandelete
snmp-server enable traps flash insertion removal
snmp-server enable traps port-security
snmp-server enable traps envmon fan shutdown supply temperature status
snmp-server enable traps config-copy
snmp-server enable traps config
snmp-server enable traps bridge newroot topologychange
snmp-server enable traps stpx inconsistency root-inconsistency loop-inconsistency
snmp-server enable traps syslog
snmp-server enable traps mac-notification change move threshold
snmp-server enable traps vlan-membership
snmp-server host 10.89.1.25 Diamond snmp
snmp-server host 10.89.225.154 Diamond snmp
N7K-CS
snmp-server location Hayam_Wuruk
snmp-server user 3Diamond vdc-admin auth md5 518190c04 priv 0x9c04 localizedkey
snmp-server host 10.87.17.7 traps version 1 Diamond
snmp-server host 10.87.17.77 traps version 1 Diamond
snmp-server host 10.89.1.10 traps version 1 Diamond
snmp-server host 10.89.1.23 traps version 1 Diamond
snmp-server host 10.89.1.24 traps version 1 Diamond
snmp-server host 10.89.1.25 traps version 1 Diamond
snmp-server host 10.89.225.154 traps version 1 Diamond
rmon event 1 log trap public description FATAL(1) owner PMON@FATAL
rmon event 2 log trap public description CRITICAL(2) owner PMON@CRITICAL
rmon event 3 log trap public description ERROR(3) owner PMON@ERROR
rmon event 4 log trap public description WARNING(4) owner PMON@WARNING
rmon event 5 log trap public description INFORMATION(5) owner PMON@INFO
snmp-server enable traps config ccmCLIRunningConfigChanged
snmp-server enable traps snmp authentication
snmp-server enable traps vtp notifs
snmp-server enable traps vtp vlancreate
snmp-server enable traps vtp vlandelete
snmp-server enable traps bridge newroot
snmp-server community Diamond group vdc-operator
snmp-server community Diamond use-acl snmp-acl
!
ip access-list snmp-acl
20 permit udp any 10.89.1.25/32 log
30 permit udp any 10.89.1.24/32 log
40 permit udp any 10.89.1.23/32 log
50 permit udp any 10.89.1.10/32 log
60 permit udp any 10.87.17.17/32 log
70 permit udp any 10.87.17.77/32 log
80 permit udp any 10.89.225.154/32 log
90 permit udp any any eq snmp log
snmp-server location Hayam_Wuruk
snmp-server user 3Diamond vdc-admin auth md5 518190c04 priv 0x9c04 localizedkey
snmp-server host 10.87.17.7 traps version 1 Diamond
snmp-server host 10.87.17.77 traps version 1 Diamond
snmp-server host 10.89.1.10 traps version 1 Diamond
snmp-server host 10.89.1.23 traps version 1 Diamond
snmp-server host 10.89.1.24 traps version 1 Diamond
snmp-server host 10.89.1.25 traps version 1 Diamond
snmp-server host 10.89.225.154 traps version 1 Diamond
rmon event 1 log trap public description FATAL(1) owner PMON@FATAL
rmon event 2 log trap public description CRITICAL(2) owner PMON@CRITICAL
rmon event 3 log trap public description ERROR(3) owner PMON@ERROR
rmon event 4 log trap public description WARNING(4) owner PMON@WARNING
rmon event 5 log trap public description INFORMATION(5) owner PMON@INFO
snmp-server enable traps config ccmCLIRunningConfigChanged
snmp-server enable traps snmp authentication
snmp-server enable traps vtp notifs
snmp-server enable traps vtp vlancreate
snmp-server enable traps vtp vlandelete
snmp-server enable traps bridge newroot
snmp-server community Diamond group vdc-operator
snmp-server community Diamond use-acl snmp-acl
!
ip access-list snmp-acl
20 permit udp any 10.89.1.25/32 log
30 permit udp any 10.89.1.24/32 log
40 permit udp any 10.89.1.23/32 log
50 permit udp any 10.89.1.10/32 log
60 permit udp any 10.87.17.17/32 log
70 permit udp any 10.87.17.77/32 log
80 permit udp any 10.89.225.154/32 log
90 permit udp any any eq snmp log
================
FEX
Example 3-18 FEX Confi guration
N9k-1(config)# install feature-set fex
N9k-1(config)# feature-set fex
N9k-1(config)# interface Eth3/41-44
N9k-1(config-if)# channel-group 1
N9k-1(config-if)# no shutdown
N9k-1(config-if)# exit
N9k-1(config)# interface port-channel1
N9k-1(config-if)# switchport
N9k-1(config-if)# switchport mode fex-fabric
N9k-1(config-if)# fex associate 101
N9k-1(config-if)# no shutdown
FEX
Example 3-18 FEX Confi guration
N9k-1(config)# install feature-set fex
N9k-1(config)# feature-set fex
N9k-1(config)# interface Eth3/41-44
N9k-1(config-if)# channel-group 1
N9k-1(config-if)# no shutdown
N9k-1(config-if)# exit
N9k-1(config)# interface port-channel1
N9k-1(config-if)# switchport
N9k-1(config-if)# switchport mode fex-fabric
N9k-1(config-if)# fex associate 101
N9k-1(config-if)# no shutdown
Verification
show interface port-channel 1 fex-intf
show fex
show fex 101 detail
show interface port-channel 1 fex-intf
show fex
show fex 101 detail
tacacs
tacas
tacas
tacacs+
tacas
tacas
tacacs+
Posting Komentar untuk "Cisco NXOS | OTV"