Configuration Cisco Nexus 3064 en switch distribution

2 décembre 202016 décembre 2020
par Nicolas VUILLERMET
Au ResEl, on aime bien avoir plein d’équipements différents. Bon, en vrai on a chopé une superbe occaz d’acheter un (deux) Cisco N3K pour la modique somme de 350€/Cisco. Du coup en ni une ni deux, on les a acheté sans réfléchir.
Un des Cisco a fini en salle serveur pour passer nos serveurs en 10Gbps, l’autre a fini en routeur de coeur sur Rennes.
Bon, dans cet article on parle de la configuration du Cisco N3K se trouvant à Brest, en salle serveur
!Time: Wed Dec  2 13:18:31 2020

version 6.0(2)U6(6)
hostname swbr-stack-i11-11

no feature telnet
feature ospf
feature interface-vlan
feature lacp
feature lldp

logging level aaa 5
no password strength-check
username admin password 51$ENCRYPTED_PASSWORD  role network-admin
username toto password 5 $1$ENCRYPTED_PASSWORD  role network-operator

banner motd ^
          Bienvenue sur $(hostname) :)



    _____           ______ _           .            .
   |  __ \         |  ____| |          |            |
   | |__) |___  ___| |__  | |         |||          |||
   |  _  // _ \/ __|  __| | |       .|||||.      .|||||.
   | | \ \  __/\__ \ |____| |    .:|||||||||:..:|||||||||:.
   |_|  \_\___||___/______|_|     C i s c o  S y s t e m s

Tu reboot, tu repares :)
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
^

ssh key rsa 2048
ip domain-lookup
ip domain-name sw.resel.fr
radius-server key 7 "PASSWORD"
radius-server timeout 2
radius-server host 10.3.12.2 authentication accounting
aaa group server radius reseladmin
    server 10.3.12.2
    source-interface Vlan1101
service unsupported-transceiver
errdisable recovery cause link-flap
errdisable recovery cause udld
errdisable recovery cause bpduguard
errdisable recovery cause loopback
errdisable recovery cause storm-control
errdisable recovery cause psecure-violation
errdisable recovery cause dcbx-error
errdisable recovery cause pause-rate-limit
errdisable recovery cause inline-power
policy-map type network-qos jumbo
  class type network-qos class-default
    mtu 9216
system qos
  service-policy type network-qos jumbo
class-map type control-plane match-any copp-s-arp
class-map type control-plane match-any copp-s-bfd
class-map type control-plane match-any copp-s-bpdu
class-map type control-plane match-any copp-s-dai
class-map type control-plane match-any copp-s-default
class-map type control-plane match-any copp-s-dhcpreq
class-map type control-plane match-any copp-s-dhcpresp
  match access-group name copp-system-dhcp-relay
class-map type control-plane match-any copp-s-dpss
class-map type control-plane match-any copp-s-eigrp
  match access-group name copp-system-acl-eigrp
  match access-group name copp-system-acl-eigrp6
class-map type control-plane match-any copp-s-glean
class-map type control-plane match-any copp-s-igmp
  match access-group name copp-system-acl-igmp
class-map type control-plane match-any copp-s-ipmcmiss
class-map type control-plane match-any copp-s-l2switched
class-map type control-plane match-any copp-s-l3destmiss
class-map type control-plane match-any copp-s-l3mtufail
class-map type control-plane match-any copp-s-l3slowpath
class-map type control-plane match-any copp-s-mpls
class-map type control-plane match-any copp-s-pimautorp
class-map type control-plane match-any copp-s-pimreg
  match access-group name copp-system-acl-pimreg
class-map type control-plane match-any copp-s-ping
  match access-group name copp-system-acl-ping
class-map type control-plane match-any copp-s-ptp
class-map type control-plane match-any copp-s-routingProto1
  match access-group name copp-system-acl-routingproto1
  match access-group name copp-system-acl-v6routingproto1
class-map type control-plane match-any copp-s-routingProto2
  match access-group name copp-system-acl-routingproto2
class-map type control-plane match-any copp-s-selfIp
class-map type control-plane match-any copp-s-ttl1
class-map type control-plane match-any copp-s-v6routingProto2
  match access-group name copp-system-acl-v6routingProto2
class-map type control-plane match-any copp-s-vxlan
policy-map type control-plane copp-system-policy
  class copp-s-selfIp
    police pps 500
  class copp-s-default
    police pps 400
  class copp-s-l2switched
    police pps 200
  class copp-s-ping
    police pps 100
  class copp-s-l3destmiss
    police pps 100
  class copp-s-glean
    police pps 500
  class copp-s-l3mtufail
    police pps 100
  class copp-s-ttl1
    police pps 100
  class copp-s-ipmcmiss
    police pps 400
  class copp-s-l3slowpath
    police pps 100
  class copp-s-dhcpreq
    police pps 300
  class copp-s-dhcpresp
    police pps 300
  class copp-s-dai
    police pps 300
  class copp-s-igmp
    police pps 400
  class copp-s-routingProto2
    police pps 1300
  class copp-s-v6routingProto2
    police pps 1300
  class copp-s-eigrp
    police pps 200
  class copp-s-pimreg
    police pps 200
  class copp-s-pimautorp
    police pps 200
  class copp-s-routingProto1
    police pps 1000
  class copp-s-arp
    police pps 200
  class copp-s-ptp
    police pps 1000
  class copp-s-vxlan
    police pps 1000
  class copp-s-bfd
    police pps 350
  class copp-s-bpdu
    police pps 12000
  class copp-s-dpss
    police pps 1000
  class copp-s-mpls
    police pps 100
control-plane
  service-policy input copp-system-policy
hardware profile portmode 56x10G+2x40G

snmp-server user toto network-operator auth md5 HASHED_PASSWORD priv 0x2b8b77240373f2a05bbf73e3ac260d0e localizedkey
snmp-server user admin network-admin auth sha SHAED_PASSWORD priv ANOTHER_KEY localizedkey
snmp-server community public group network-operator
aaa authentication login default group reseladmin
aaa authentication login console local

vlan 1
vlan 1101
  name SYSTEM_Switch
vlan 1102
  name SYSTEM_Storage
vlan 1103
  name SYSTEM_Admin
vlan 1105
  name SYSTEM_Server
vlan 1201
  name AP_Wifi
vlan 1399
  name PUBLIC_Warzone
vlan 1481
  name USER_Bde
vlan 1499
  name USER_Dmz
vlan 1501
  name DMZ_Mixed
vlan 2101
  name system_switch_rennes
vlan 2102
  name system_storage_rennes
vlan 2103
  name system_admin_rennes
vlan 2104
  name system_monitoring_rennes
vlan 2105
  name system_srv_rennes
vrf context management

interface Vlan1

interface Vlan1101
  no shutdown
  ip address 10.0.0.3/17

interface port-channel1
  speed 1000
  description Aggregation LACP I1 <-> I11
  switchport mode trunk

interface Ethernet1/1
  speed 1000
  description Sanizator - Eth1
  switchport access vlan 1102

interface Ethernet1/2
  speed 1000
  description Sanizator - Eth2
  switchport access vlan 1102

interface Ethernet1/3
  speed 1000
  description Sanizator - Eth3
  switchport access vlan 1102

interface Ethernet1/4
  speed 1000
  description Sanizator - Eth4
  switchport access vlan 1102

interface Ethernet1/5
  speed 1000
  no lldp transmit
  description Dellinator - Eth1
  switchport access vlan 1102
  spanning-tree port type edge

interface Ethernet1/6
  speed 1000
  no lldp transmit
  description Dellinator - Eth2
  switchport access vlan 1102
  spanning-tree port type edge

interface Ethernet1/7
  speed 100
  no lldp transmit
  description Dellinator - Mgmt
  switchport access vlan 1105
  spanning-tree port type edge

interface Ethernet1/8
  speed 100
  no lldp transmit
  description Dellinator - Mgmt Secondary
  switchport access vlan 1105
  spanning-tree port type edge

interface Ethernet1/9
  speed 1000
  no lldp transmit
  description Dellinator - Eth1 Secondary
  switchport access vlan 1102
  spanning-tree port type edge

interface Ethernet1/10
  speed 1000
  no lldp transmit
  description Dellinator - Eth2 Secondary
  switchport access vlan 1102
  spanning-tree port type edge

interface Ethernet1/11
  speed 1000
  switchport mode trunk

interface Ethernet1/12
  speed 1000
  switchport mode trunk

interface Ethernet1/13
  speed 1000
  switchport mode trunk

interface Ethernet1/14
  speed 1000
  description TV - iDRAC
  switchport access vlan 1105

interface Ethernet1/15
  speed 1000
  description SRV - Certs
  switchport access vlan 1105

interface Ethernet1/16
  speed 1000
  description Sonde RIPE
  switchport access vlan 1399

interface Ethernet1/17
  speed 1000
  description cmc-c3 : Ronflex
  switchport access vlan 1105

interface Ethernet1/18
  speed 1000
  description SRV-ResElGaming1
  switchport access vlan 1481
  spanning-tree port type edge

interface Ethernet1/19
  speed 1000
  description cmc-c2 : Totoro
  switchport access vlan 1105

interface Ethernet1/20
  speed 1000

interface Ethernet1/21
  speed 1000

interface Ethernet1/22
  speed 1000
  description Rocco
  switchport access vlan 1103

interface Ethernet1/23
  speed 100
  description Onduleur 1 - APC RT3000
  switchport access vlan 1105

interface Ethernet1/24
  speed 100
  description Onduleur 2 - APC RT3000
  switchport access vlan 1105

interface Ethernet1/25
  speed 1000
  switchport access vlan 1105

interface Ethernet1/26
  speed 1000

interface Ethernet1/27
  speed 1000

interface Ethernet1/28
  speed 1000

interface Ethernet1/29
  speed 1000

interface Ethernet1/30
  speed 1000
  switchport mode trunk
  switchport trunk native vlan 1103
  switchport trunk allowed vlan 1103,1105

interface Ethernet1/31
  speed 100
  description nDGSI - Supervision ICU iDRAC
  switchport access vlan 1105

interface Ethernet1/32
  speed 100
  description nDGSI 2 - Supervision ELLIOT iDRAC
  switchport access vlan 1105

interface Ethernet1/33
  description swbr-stack-i11-c1-2
  switchport mode trunk

interface Ethernet1/34
  description swbr-stack-i11-c1-1
  switchport mode trunk

interface Ethernet1/35
  description nDGSI 2 - Supervision ELLIOT
  switchport mode trunk
  switchport trunk native vlan 1103
  switchport trunk allowed vlan 1103,1105

interface Ethernet1/36
  description nDGSI - Supervision ICU
  switchport mode trunk

interface Ethernet1/37
  description swbr-stack-i11-c2-2
  switchport mode trunk

interface Ethernet1/38
  description swbr-stack-i11-c2-1
  switchport mode trunk

interface Ethernet1/39
  description SAN
  switchport access vlan 1102

interface Ethernet1/40
  speed 1000

interface Ethernet1/41
  description swbr-stack-i11-c3-2
  switchport mode trunk

interface Ethernet1/42
  description swbr-stack-i11-c3-1
  switchport mode trunk

interface Ethernet1/43
  speed 1000
  switchport mode trunk
  switchport access vlan 1105
  switchport trunk native vlan 1105

interface Ethernet1/44
  speed 1000
  switchport mode trunk
  switchport access vlan 1105
  switchport trunk native vlan 1105

interface Ethernet1/45
  speed 1000
  switchport mode trunk
  channel-group 1 mode active

interface Ethernet1/46
  speed 1000
  switchport mode trunk
  channel-group 1 mode active

interface Ethernet1/47
  speed 1000
  switchport mode trunk
  channel-group 1 mode active

interface Ethernet1/48
  speed 1000
  switchport mode trunk
  channel-group 1 mode active

interface Ethernet1/49/1

interface Ethernet1/49/2

interface Ethernet1/49/3

interface Ethernet1/49/4

interface Ethernet1/50/1

interface Ethernet1/50/2

interface Ethernet1/50/3

interface Ethernet1/50/4

interface Ethernet1/51

interface Ethernet1/52

interface mgmt0
  vrf member management
line console
line vty
boot kickstart bootflash:/n3000-uk9-kickstart.6.0.2.U6.6.bin
boot system bootflash:/n3000-uk9.6.0.2.U6.6.bin
ip route 0.0.0.0/0 10.0.127.254
Monter un tunnel GRE sous Debian
Configuration Juniper EX4600 en routeur de coeur