ciscowiebel.orghttp://wiebel.org//cisco/wiebel.orgikiwiki2014-03-10T16:50:48Ztidy-aclhttp://wiebel.org//cisco/tidy-acl/2014-03-10T16:50:48Z2014-03-10T16:50:48Z
<h1 id="tidyaclslistingsonasa">Tidy ACLs listings on ASA</h1>
<p>Normaly a show access-list would bring up something like</p>
<pre><code>access-list OUTSIDE-IN line 1 extended permit ip object-group FOO any (hitcnt=9001)
access-list OUTSIDE-IN line 1 extended permit ip host 10.42.23.1 any (hitcnt=9000)
access-list OUTSIDE-IN line 1 extended permit ip host 10.42.23.2 any (hitcnt=1)
access-list OUTSIDE-IN line 1 extended permit ip host 10.42.23.3 any (hitcnt=0)
access-list OUTSIDE-IN line 1 extended permit ip host 10.42.23.4 any (hitcnt=0)
access-list OUTSIDE-IN line 1 extended permit ip host 10.42.23.5 any (hitcnt=0)
access-list OUTSIDE-IN line 1 extended permit ip host 10.42.23.6 any (hitcnt=0)
access-list OUTSIDE-IN line 1 extended permit ip host 10.42.23.7 any (hitcnt=0)
access-list OUTSIDE-IN line 2 extended permit ip object-group BAR any (hitcnt=9002)
...
</code></pre>
<p>Sometimes you just like to see the leading configuration lines. To get there you can simply exclude a double whitespace like:</p>
<pre><code>show access-list | exclude \ \
access-list OUTSIDE-IN line 1 extended permit ip object-group FOO any (hitcnt=9001)
access-list OUTSIDE-IN line 2 extended permit ip object-group BAR any (hitcnt=9002)
</code></pre>
<div class="social" id="cisco/tidy-acl" title="http://wiebel.org//cisco/tidy-acl/"></div>
port-channelhttp://wiebel.org//cisco/port-channel/2012-05-17T12:47:25Z2012-05-16T10:59:42Z
<h1 id="ieee802.3ad-linkaggregationonaciscoswitch">IEEE 802.3ad - Link aggregation on a CISCO Switch</h1>
<p>In case you are wondering it's a stacked switch so the Gi1/0/* is one switch and Gi2/0/* is the other one, aiming for maximum redundancy.
The interesting part is the <strong>channel-protocol lacp</strong> statement.</p>
<p>This article is the counterpart of <a href="http://wiebel.org//linux/network/bonding/">bonding</a>.</p>
<pre><code>interface Port-channel1
description Po1 (Etherchannel Gi1/0/1, Gi2/0/1)
switchport trunk encapsulation dot1q
switchport mode access
storm-control broadcast level 0.50
storm-control multicast level 0.50
spanning-tree portfast
interface GigabitEthernet1/0/1
description Server - eth0 (Po1 link 1)
switchport access vlan 2
switchport mode access
load-interval 30
storm-control broadcast level 0.50
storm-control multicast level 0.50
channel-protocol lacp
channel-group 1 mode active
spanning-tree portfast
interface GigabitEthernet2/0/1
description Server - eth1 (Po1 link 1)
switchport access vlan 2
switchport mode access
load-interval 30
storm-control broadcast level 0.50
storm-control multicast level 0.50
channel-protocol lacp
channel-group 1 mode active
spanning-tree portfast
</code></pre>
<div class="social" id="cisco/port-channel" title="http://wiebel.org//cisco/port-channel/"></div>