Archive for juin, 2013

LLDP with CDP between H3C devices and Cisco devices not supporting LLDP


On H3C device, in global mode:

lldp global enable
lldp compliance cdp

And under each interface connected toward a Cisco device without LLDP:

lldp compliance admin-status cdp txrx

lundi, juin 24th, 2013

Policy-based routing on Cisco Catalyst 3560 Series


Small howto for people who are interested in making policy-based routing feature on Catalyst 3560.
For example you need to use 2 different default routes for various VLANs.
Imagine you receive a default route via a dynamic routing protocol (BGP, OSPF, …).
You need for VLAN ID 10 to take another default route for a specific reason.
You create another default route via a static like this:

ip route outside_iface next_hop_ip 254

With that, this second default route will never be used because the first has a better metric.
=> the need to use PBR ;-)

First, you need to activate this feature by changing a setting in the global configuration:

sdm prefer routing

This command allows to use the PBR feature on a Cisco Catalyst 3560 series which is by default not available.
You have 4 modes:

  • routing
  • default
  • vlans
  • access

You can find more information about that via this URL

So … now you can start to configure PBR:

– Define an ACL to match which traffic will be affected by PBR:

access-list 2 permit

– Define a route-map to define a condition for this traffic, for example to specify another next-hop:

route-map PBR_VL10 permit 10
match ip address 2
set ip next-hop x.x.x.x ### where x.x.x.x corresponding to the IP next-hop for the second default route

– Apply PBR to the VLAN interface:

interface vlan 10
ip policy route-map PBR_VL10

That’s all ;-)


lundi, juin 24th, 2013

Nat Statement allowing to simplify the change of networks

Imagine you need to map your local LAN behind another IP range because for example another site uses the same IP addressing.
It exists a great feature on Cisco IOS to allow mapping your range towards another from a simple way (to avoid to define a static NAT for each devices you have). In this case we make a NAT to reach everything:

interface Vlan1
description *** TO LAN CUSTOMER ***
ip address
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
ip nat pool NAT netmask type match-host
ip nat inside source list 111 pool NAT overload
access-list 111 remark NAT_TO_DEFAULT_ROUTE_ONLY
access-list 111 permit ip any

lundi, juin 24th, 2013

Automatic Backup Cisco Configuration file to a TFTP Server

Here is a simple method to automate a backup of a Cisco router via a TFTP Server (for example, every Sunday at 11:00 pm):

Route(config)#kron policy-list Backup

Router(config-kron-policy)#cli show run | redirect tftp://
Router(config)#kron occurrence Backup at 23:00 Sun recurring
Router(config-kron)occurrence)#policy-list Backup

lundi, juin 24th, 2013