Category: Cisco IOS XE
Cisco Catalyst 9600 and fixed wire speeds
If you connect your Cisco Catalyst 9600 to equipment using fixed wire speeds, you may need to issue the speed nonegotiate command on affected switchports.
Read More → Cisco Catalyst 9600 and fixed wire speedsCisco IOS (XE) and OpenSSH 8.x
OpenSSH marches on and disables old and insecure algorithms. Sadly, Cisco IOS (XE) lags behind. Previously, I could do all scp operations from the cli in the switches. Now, I must do everything from the management station. For now, I can get by if I allow some of the older key exchange (key agreement) algorithms. […]
Read More → Cisco IOS (XE) and OpenSSH 8.xUsing QoS for blocking BitTorrent on Catalyst 4500E Sup8E
NBAR2 on Sup8E can assist in blocking BitTorrent. While somewhat useful, BitTorrent is mostly used for downloading pirated movies, and BitTorrent off someone’s ADSL line is usually dead slow. Create a class map and a policy map as shown below, and attach that policy map to your ingress interfaces, and BitTorrent should be blocked. class-map […]
Read More → Using QoS for blocking BitTorrent on Catalyst 4500E Sup8EIPv6 RDNSS and DNSSL on Cisco IOS XE
The official documentation on Cisco IOS XE for Catalyst 4500E claims this is the syntax for specifying IPv6 RDNSS and DNSSL: Switch(config)# interface Te1/1 Switch(config‑if)# ipv6 nd ra dns server 4::4 Switch(config‑if)# ipv6 nd ra dns search list aaa.cc.com Using IOS XE 3.10.0E, the correct syntax for DNSSL is: Switch(config)# interface Te1/1 Switch(config‑if)# ipv6 nd ra dns server 4::4 Switch(config‑if)# ipv6 nd ra dns‑search‑list domain aaa.cc.com Sadly, the quality of Cisco’s documentation isn’t what it was back in 2006.
Read More → IPv6 RDNSS and DNSSL on Cisco IOS XERSA keys in Cisco switches and routers
See also Cisco Bug ID CSCuz72344.
Read More → RSA keys in Cisco switches and routersLessons learned on Cisco Catalyst 4500E
At work we switched from a Cisco Catalyst 3560G to a Catalyst 4500E a few weeks ago. Remember to issue the spanning-tree extend system-id command prior to enabling VTP version 3. During the test period, the Icinga instances logged packet losses of varying degree around the clock when doing ICMPv6 pings.
Read More → Lessons learned on Cisco Catalyst 4500E