tests/syntax_test_cisco_ios.cisco-ios

#
# cisco ios

! https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/mcl/allreleasemcl/all-book/all-01.html

! Testing for RIR Resolving
! google.com 216.58.212.142
! google.com 2a00:1450:400e:800::200e
! europa.eu 147.67.210.45
! europa.eu 2a01:7080:24:100::666:45


write
show running-config | include something ! Inline comment

show running-config | include something ! Inline comment
show run interface | exclude something

enable password secret_password
enable secret 5 $1$SpMm$eALjeyED.WSZs0naLNv22/
enable password 7 0822455D0A16
!

username user password 0 secret_password
username user password secret 5 invalid
username user password secret 5 $1$SpMm$eALjeyED.WSZs0naLNv22/
username user password secret 5 $1$hetw$SaZIk0NtOZFJzduXR1IwX1
username user password secret 5 $1$feb0$a104Qd9UZ./Ak00KTggPD0
username [ACCOUNT] privilege 15 secret [ACCOUNT_PASSWORD]


banner login ^C
******************
LOGIN MESSAGE
******************
^C

! On router01
# device router02


ip classless
copy tftp://192.0.2.1/path startup-config ! Inline comment

show vlan
show vlan id 42
show interface
show interface gigabitethernet 0
show run interface
show run interface tengigabitethernet 0

show ip route vrf NAME 192.0.2.1
show ip route 192.0.2.1
show ip route

show ipv6 route vrf NAME 2a00:1450:400e:800::200e
show ipv6 route 1::1
show ipv6 route
show ip bgp
show ip bgp vpnv4 unicast
show ip bgp vpnv6 unicast
show ip bgp vpnv4 unicast vrf NAME 192.0.2.1
show ip bgp vpnv4 unicast vrf NAME 192.0.2.1/32
show ip bgp vpnv6 unicast vrf NAME ::
show ip bgp vpnv6 unicast vrf NAME ::/64
show ip interface brief vlan 0
show standby vlan1 brief
show running-config
show startup-config

logging 192.0.2.1
logging facility local5
logging source-interface gi1/2
logging host 192.0.2.1
logging host ::1
logging buffered
logging buffered discriminator NAME
logging buffered discriminator NAME
logging buffered discriminator NAME 2147483647
logging buffered discriminator NAME 4096
logging buffered discriminator NAME 4096 0
logging buffered discriminator NAME 4096 7
logging buffered discriminator NAME 4096 emergencies
logging buffered discriminator NAME 4096 alerts
logging buffered discriminator NAME 4096 critical
logging buffered discriminator NAME 4096 errors
logging buffered discriminator NAME 4096 warnings
logging buffered discriminator NAME 4096 notifications
logging buffered discriminator NAME 4096 informational
logging buffered discriminator NAME 4096 debugging
logging buffered emergencies
logging buffered alerts
logging buffered critical
logging buffered errors
logging buffered warnings
logging buffered notifications
logging buffered informational
logging buffered debugging
logging discriminator NAME includes (.*[1-90]+)?  
logging discriminator NAME drops (.*[1-90]+)?
logging discriminator NAME drops (.*[1-90]+)? severity drops 1
logging discriminator NAME drops (.*[1-90]+)? severity includes 7
logging discriminator NAME includes (.*[1-90]+)?   rate-limit 10000
logging discriminator NAME drops (.*[1-90]+)? rate-limit 10000
logging discriminator NAME drops (.*[1-90]+)? severity drops 1 rate-limit 10000
logging discriminator NAME drops (.*[1-90]+)? severity includes 7 rate-limit 10000


conf t
configure terminal

  ! Line comment
  do show ipv6 route vrf NAME 1::1

  tacacs-server host 192.0.2.1
  tacacs-server directed-request
  tacacs-server key ******* 1234567890ABCDEF


  ip prefix-list NAME seq 10 permit 192.0.2.0/24
  ip prefix-list NAME seq 10 permit 192.0.2.0/24 ge 1
  ip prefix-list NAME seq 10 permit 192.0.2.0/24 le 1
  ip prefix-list NAME seq 10 permit 192.0.2.0/24 ge 2 le 1
  ip prefix-list NAME seq 10 deny 0.0.0.0/0
  ipv6 prefix-list NAME seq 10 permit ::/64
  ipv6 route vrf NAME ::/64 vlan1 ::1
  ip route vrf NAME 192.0.2.0 255.255.255.0 vlan1 192.0.2.1 name NAME permanent
  ip route vrf NAME 192.0.2.0 255.255.255.0 vlan1 192.0.2.1 track 2
  ip route vrf NAME 192.0.2.0 255.255.255.0 vlan1 192.0.2.1 tag 2
  ip route 192.0.2.0 255.255.255.0 192.0.2.1 name NAME
  ipv6 unicast-routing


  default interface Vlan0

  vlan 1
    name VLAN-1
  vlan 2
    name VLAN-1
  exit

  hostname example
  vrf upgrade-cli multi-af-mode common-policies vrf NAME
  vrf upgrade-cli multi-af-mode non-common-policies force
  vrf upgrade-cli multi-af-mode common-policies force
  vrf upgrade-cli multi-af-mode common-policies


  errdisable detect cause all
  errdisable detect cause arp-inspection
  errdisable detect cause bpduguard shutdown vlan
  errdisable detect cause dhcp-rate-limit
  errdisable detect cause dtp-flap
  errdisable detect cause gbic-invalid
  errdisable detect cause inline-power
  errdisable detect cause link-flap
  errdisable detect cause loopback
  errdisable detect cause pagp-flap
  errdisable detect cause pppoe-ia-rate-limit
  errdisable detect cause psp shutdown vlan
  errdisable detect cause security-violation shutdown vlan
  errdisable detect cause sfp-config-mismatch

  errdisable recovery cause all
  errdisable recovery cause arp-inspection
  errdisable recovery cause bpduguard
  errdisable recovery cause channel-misconfig
  errdisable recovery cause dhcp-rate-limit
  errdisable recovery cause dtp-flap
  errdisable recovery cause gbic-invalid
  errdisable recovery cause inline-power
  errdisable recovery cause link-flap
  errdisable recovery cause loopback
  errdisable recovery cause mac-limit
  errdisable recovery cause pagp-flap
  errdisable recovery cause port-mode-failure
  errdisable recovery cause pppoe-ia-rate-limit
  errdisable recovery cause psecure-violation
  errdisable recovery cause psp
  errdisable recovery cause security-violation
  errdisable recovery cause sfp-config-mismatch
  errdisable recovery cause storm-control
  errdisable recovery cause udld
  errdisable recovery cause vmp

  ipv6 general-prefix WHATEVER ::/0

  ! Line comment

  ! https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/security/m1/sec-m1-cr-book/sec-cr-m2.html#wp4104485390
  object-group network my-network-object-group
    description test
    host sjc.eng.ftp
    host 192.0.2.1
    192.0.2.0 255.255.0.0
    group-object sjc-eng-ftp-servers
    any


  ! https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/security/a1/sec-a1-cr-book/sec-cr-a2.html#wp1330542825
  access-list compiled

  ! https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/security/m1/sec-m1-cr-book/sec-cr-m2.html#wp3228486646
  object-group security name 
    description test
    security-group tag-id 1


  ! https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/security/m1/sec-m1-cr-book/sec-cr-m2.html#wp2628981827
  object-group service name 
    description test
    group-object serv-object1
    tcp 200
    ip

  ! OGACL
  ip access-list extended OGACL ! This is a comment
    ! https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/security/m1/sec-m1-cr-book/sec-cr-p1.html#wp1459792010
    permit tcp 192.0.2.0 0.0.0.255 192.0.2.0 0.0.0.255
    permit udp 192.0.2.0 0.0.0.255 192.0.2.0 0.0.0.255
    permit ip 192.0.2.0 0.0.0.255 192.0.2.0 0.0.0.255
    permit ip 192.0.2.0 0.0.0.255 any
    permit ip any 192.0.2.0 0.0.0.255
    permit ip host 192.0.2.0 host 192.0.2.0
    permit ip host abc host a.b.c 
    permit ip object-group abc object-group a.b.c 
    permit ip 192.0.2.0 0.0.0.255 192.0.2.0 0.0.0.255 dscp 0
    permit ip 192.0.2.0 0.0.0.255 192.0.2.0 0.0.0.255 dscp default
    permit ip 192.0.2.0 0.0.0.255 192.0.2.0 0.0.0.255 dscp 63
    permit ip 192.0.2.0 0.0.0.255 192.0.2.0 0.0.0.255 dscp af11
    permit ip 192.0.2.0 0.0.0.255 192.0.2.0 0.0.0.255 dscp af12
    permit ip 192.0.2.0 0.0.0.255 192.0.2.0 0.0.0.255 dscp af13
    permit ip 192.0.2.0 0.0.0.255 192.0.2.0 0.0.0.255 dscp af21
    permit ip 192.0.2.0 0.0.0.255 192.0.2.0 0.0.0.255 dscp af22
    permit ip 192.0.2.0 0.0.0.255 192.0.2.0 0.0.0.255 dscp af23
    permit ip 192.0.2.0 0.0.0.255 192.0.2.0 0.0.0.255 dscp af31
    permit ip 192.0.2.0 0.0.0.255 192.0.2.0 0.0.0.255 dscp af32
    permit ip 192.0.2.0 0.0.0.255 192.0.2.0 0.0.0.255 dscp af33
    permit ip 192.0.2.0 0.0.0.255 192.0.2.0 0.0.0.255 dscp af41
    permit ip 192.0.2.0 0.0.0.255 192.0.2.0 0.0.0.255 dscp af42
    permit ip 192.0.2.0 0.0.0.255 192.0.2.0 0.0.0.255 dscp af43
    permit ip 192.0.2.0 0.0.0.255 192.0.2.0 0.0.0.255 dscp cs1
    permit ip 192.0.2.0 0.0.0.255 192.0.2.0 0.0.0.255 dscp cs2
    permit ip 192.0.2.0 0.0.0.255 192.0.2.0 0.0.0.255 dscp cs3
    permit ip 192.0.2.0 0.0.0.255 192.0.2.0 0.0.0.255 dscp cs4
    permit ip 192.0.2.0 0.0.0.255 192.0.2.0 0.0.0.255 dscp cs5
    permit ip 192.0.2.0 0.0.0.255 192.0.2.0 0.0.0.255 dscp cs6
    permit ip 192.0.2.0 0.0.0.255 192.0.2.0 0.0.0.255 dscp cs7
    permit ip 192.0.2.0 0.0.0.255 192.0.2.0 0.0.0.255 dscp ef
    permit ip 192.0.2.0 0.0.0.255 192.0.2.0 0.0.0.255 precedence 0
    permit ip 192.0.2.0 0.0.0.255 192.0.2.0 0.0.0.255 precedence 7
    permit ip 192.0.2.0 0.0.0.255 192.0.2.0 0.0.0.255 precedence flash
    permit ip 192.0.2.0 0.0.0.255 192.0.2.0 0.0.0.255 precedence flash-override
    permit ip 192.0.2.0 0.0.0.255 192.0.2.0 0.0.0.255 precedence immediate
    permit ip 192.0.2.0 0.0.0.255 192.0.2.0 0.0.0.255 precedence internet
    permit ip 192.0.2.0 0.0.0.255 192.0.2.0 0.0.0.255 precedence network
    permit ip 192.0.2.0 0.0.0.255 192.0.2.0 0.0.0.255 precedence priority
    permit ip 192.0.2.0 0.0.0.255 192.0.2.0 0.0.0.255 precedence routine
    permit ip 192.0.2.0 0.0.0.255 192.0.2.0 0.0.0.255 fragments
    permit ip 192.0.2.0 0.0.0.255 192.0.2.0 0.0.0.255 option 0
    permit ip 192.0.2.0 0.0.0.0 192.0.2.0 0.0.0.255 option 255
    permit ip 192.0.2.0 0.0.0.255 192.0.2.0 0.0.0.255 option 255
    permit ip 192.0.2.0 0.0.0.255 192.0.2.0 0.0.0.255 option add-ext
    permit ip 192.0.2.0 0.0.0.255 192.0.2.0 0.0.0.255 option any-options
    permit ip 192.0.2.0 0.0.0.255 192.0.2.0 0.0.0.255 option com-security
    permit ip 192.0.2.0 0.0.0.255 192.0.2.0 0.0.0.255 option dps
    permit ip 192.0.2.0 0.0.0.255 192.0.2.0 0.0.0.255 option encode
    permit ip 192.0.2.0 0.0.0.255 192.0.2.0 0.0.0.255 option eool
    permit ip 192.0.2.0 0.0.0.255 192.0.2.0 0.0.0.255 option ext-ip
    permit ip 192.0.2.0 0.0.0.255 192.0.2.0 0.0.0.255 option ext-security
    permit ip 192.0.2.0 0.0.0.255 192.0.2.0 0.0.0.255 option finn
    permit ip 192.0.2.0 0.0.0.255 192.0.2.0 0.0.0.255 option imitd
    permit ip 192.0.2.0 0.0.0.255 192.0.2.0 0.0.0.255 option lsr
    permit ip 192.0.2.0 0.0.0.255 192.0.2.0 0.0.0.255 option match-all
    permit ip 192.0.2.0 0.0.0.255 192.0.2.0 0.0.0.255 option match-any
    permit ip 192.0.2.0 0.0.0.255 192.0.2.0 0.0.0.255 option mtup
    permit ip 192.0.2.0 0.0.0.255 192.0.2.0 0.0.0.255 option mtur
    permit ip 192.0.2.0 0.0.0.255 192.0.2.0 0.0.0.255 option no-op
    permit ip 192.0.2.0 0.0.0.255 192.0.2.0 0.0.0.255 option psh
    permit ip 192.0.2.0 0.0.0.255 192.0.2.0 0.0.0.255 option nsapa
    permit ip 192.0.2.0 0.0.0.255 192.0.2.0 0.0.0.255 option reflect
    permit ip 192.0.2.0 0.0.0.255 192.0.2.0 0.0.0.255 option record-route
    permit ip 192.0.2.0 0.0.0.255 192.0.2.0 0.0.0.255 option rst
    permit ip 192.0.2.0 0.0.0.255 192.0.2.0 0.0.0.255 option router-alert
    permit ip 192.0.2.0 0.0.0.255 192.0.2.0 0.0.0.255 option sdb
    permit ip 192.0.2.0 0.0.0.255 192.0.2.0 0.0.0.255 option security
    permit ip 192.0.2.0 0.0.0.255 192.0.2.0 0.0.0.255 option ssr
    permit ip 192.0.2.0 0.0.0.255 192.0.2.0 0.0.0.255 option stream-id
    permit ip 192.0.2.0 0.0.0.255 192.0.2.0 0.0.0.255 option syn
    permit ip 192.0.2.0 0.0.0.255 192.0.2.0 0.0.0.255 option timestamp
    permit ip 192.0.2.0 0.0.0.255 192.0.2.0 0.0.0.255 option traceroute
    permit ip 192.0.2.0 0.0.0.255 192.0.2.0 0.0.0.255 option ump
    permit ip 192.0.2.0 0.0.0.255 192.0.2.0 0.0.0.255 option visa
    permit ip 192.0.2.0 0.0.0.255 192.0.2.0 0.0.0.255 option zsu
    permit ip 192.0.2.0 0.0.0.255 192.0.2.0 0.0.0.255 reflect ANOTHER_ACL_NAME
    permit ip 192.0.2.0 0.0.0.255 192.0.2.0 0.0.0.255 time-range TIME_RANGE_NAME
    permit ip 192.0.2.0 0.0.0.255 192.0.2.0 0.0.0.255 ttl eq 1
    permit ip 192.0.2.0 0.0.0.255 192.0.2.0 0.0.0.255 ttl gt 1
    permit ip 192.0.2.0 0.0.0.255 192.0.2.0 0.0.0.255 ttl lt 1
    permit ip 192.0.2.0 0.0.0.255 192.0.2.0 0.0.0.255 ttl neq 1
    permit ip 192.0.2.0 0.0.0.255 192.0.2.0 0.0.0.255 ttl range 10 20
    permit ip 192.0.2.0 0.0.0.255 192.0.2.0 0.0.0.255 tos 0
    permit ip 192.0.2.0 0.0.0.255 192.0.2.0 0.0.0.255 tos max-reliability
    permit ip 192.0.2.0 0.0.0.255 192.0.2.0 0.0.0.255 tos max-throughput
    permit ip 192.0.2.0 0.0.0.255 192.0.2.0 0.0.0.255 tos min-delay
    permit ip 192.0.2.0 0.0.0.255 192.0.2.0 0.0.0.255 tos min-monetary-cost
    permit ip 192.0.2.0 0.0.0.255 192.0.2.0 0.0.0.255 tos normal
    permit ip 192.0.2.0 0.0.0.255 192.0.2.0 0.0.0.255 log
    permit ip 192.0.2.0 0.0.0.255 192.0.2.0 0.0.0.255 log name


  ip access-list extended NAME ! This is a comment
    remark blah blah
    2 permit tcp any any eq bgp
    permit tcp 192.0.2.0 0.0.0.63 192.0.2.0 0.0.0.255 eq 1234
    permit tcp 192.0.2.0 0.0.0.63 192.0.2.0 0.0.0.255 neq 1234
    permit tcp 192.0.2.0 0.0.0.63 192.0.2.0 0.0.0.255 ge 1234
    permit tcp 192.0.2.0 0.0.0.63 192.0.2.0 0.0.0.255 gt 1234
    permit tcp 192.0.2.0 0.0.0.63 192.0.2.0 0.0.0.255 lt 1234
    permit tcp 192.0.2.0 0.0.0.63 192.0.2.0 0.0.0.255 le 1234
    permit tcp 192.0.2.0 0.0.0.63 192.0.2.0 0.0.0.255 established
    permit tcp host 192.0.2.1 192.0.2.0 0.0.0.255 established
    permit tcp object-group source_network object-group destination_network eq 1234
    permit tcp object-group source_network object-group source_service object-group destination_network object-group destination_service
    ! Official Cisco Command Reference:
    ! https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/security/m1/sec-m1-cr-book/sec-cr-p1.html#wp1459792010
    ! 
    ! This references a "port-match-criteria" which is never explained, so will go off of a bloggers post and hope for the best:
    ! https://routing-bits.com/2008/10/29/acl-object-groups-now-on-cisco-ios/
    permit object-group service_group object-group source_network object-group destination_network
    permit object-group service_group object-group source_network object-group destination_network

    permit tcp host 192.0.2.1 host 192.0.2.0
    deny ip any any
    permit icmp any any

  ip vrf NAME
    description management
    rd 192.0.2.1:5
    route-target export 192.0.2.1:5
    route-target import 192.0.2.1:5

  vrf definition NAME
    description management
    rd 192.0.2.1:5
    route-target export 192.0.2.1:5
    route-target import 192.0.2.1:5
    address-family ipv4
      export map name
    ! A comment
    address-family ipv6
    exit
  exit

  ip access-list standard NAME
  ip access-list standard NAME
   10 permit 192.0.2.0 0.0.0.255
   permit 192.0.2.0 0.0.0.127
   20 deny 192.0.2.0 0.0.0.0
   deny any
  exit

  router ospf 1
    log-adjacency-changes
    auto-cost reference-bandwidth 40000
    area 2 authentication message-digest
    area 2 nssa
    passive-interface Vlan1
    network 192.0.2.1 0.0.0.0 area 2

  router bgp 123
    address-family ipv4
      network 192.0.2.0
      exit
    address-family ipv4 vrf NAME
      exit-address-family
    address-family ipv4 vrf NAME
      network 192.0.2.0
      network 192.0.2.0 mask 255.255.255.0
      neighbor 192.0.2.1 activate
      neighbor 192.0.2.1 shutdown
      neighbor 192.0.2.1 next-hop-self
      neighbor 192.0.2.1 soft-reconfiguration inbound
      neighbor 192.0.2.1 soft-reconfiguration outbound
      neighbor 192.0.2.1 password 1 secret
      neighbor 192.0.2.1 password 5 $1$kPhVPvwe$1yLHh4Pa9WWv4Ys7omKV80
      neighbor 192.0.2.1 password 7 1511021F0725
      neighbor 192.0.2.1 prefix-list prefix_list in
      neighbor 192.0.2.1 prefix-list prefix_list out
      neighbor 192.0.2.1 route-map route_map in
      neighbor 192.0.2.1 route-map route_map out
      neighbor 192.0.2.1 inherit peer-policy policy
      neighbor 192.0.2.1 send-community
      neighbor 192.0.2.1 remote-as 20
      neighbor 192.0.2.1 remote-as 20 shutdown
      neighbor 192.0.2.1 timers 1 2
      neighbor 192.0.2.1 ttl-security hops 1
      neighbor 192.0.2.1 description description
      neighbor 192.0.2.1 version 4
      neighbor 192.0.2.1 transport path-mtu-discovery
      exit
    address-family ipv6 vrf NAME
      exit
    address-family ipv6 vrf NAME
      network ::/0
      neighbor ::1 activate
      neighbor ::1 shutdown
      neighbor ::1 remote-as 1
      neighbor ::1 remote-as 1 shutdown
      neighbor ::1 send-community
      neighbor ::1 send-community both
      neighbor ::1 send-community extended
      neighbor ::1 ttl-security hops 1
      neighbor ::1 version 4
      neighbor ::1 timers 1 2
      neighbor ::1 route-map NAME in
      neighbor ::1 route-map NAME out
      neighbor ::1 inherit peer-policy POLICY
      neighbor ::1 soft-reconfiguration inbound
      neighbor ::1 soft-reconfiguration outbound
      neighbor ::1 transport path-mtu-discovery

router bgp 12
ip route 192.0.2.0 255.255.255.0 192.0.2.1


interface FortyGigE0/1
interface FortyGigabitEthernet0/1

  exit

interface HundredGigE1/2/3
  exit

interface vlan123
  exit

interface vlan123
  exit

interface Ethernet0
  exit
interface FastEthernet0
  exit
interface GigabitEthernet0
  exit
interface TenGigabitEthernet0
  exit
interface FortyGigabitEthernet0
  exit
interface loopback0
  exit
interface tunnel0
  exit
interface port-channel0
  exit
interface serial0
  exit
interface vlan1
  exit
interface Ethernet0
  exit
! https://community.cisco.com/t5/switching/shortname-for-a-twentyfivegige-on-the-show-interface-status/td-p/3828548
! Issue #24 new interfaces 

interface TwoGigabitEthernet1/0/1 
  exit

interface TwentyFiveGigabitEthernet0/1/2
  exit 

interface FiveGigabitEthernet1/0/2.200 
  exit 

interface SVI0
  exit

interface ISM0/1/2
  exit

interface Embedded-Service-Engine0/0/0
  exit

interface TwoGigabitEthernet1/0/1
  description example
  switchport access vlan 1000
  switchport mode access
  switchport voice vlan 3000
  speed auto
  speed auto 10 100 1000
  speed 10
  speed 100
  speed 1000
  speed nonegotiate
  trust device cisco-phone
  trust device cts
  trust device ip-camera
  trust device media-player
  auto qos voip cisco-phone
  auto qos voip cisco-softphone
  auto qos voip trust
  spanning-tree portfast
  service-policy input name
  service-policy output name


interface range GigabitEthernet0
  exit

interface range GigabitEthernet1/1-2
  description Hello
  vrf forwarding RED
  switchport mode access
  switchport mode trunk
  port-channel standalone-disable
  switchport trunk encapsulation dot1q
  encapsulation dot1q 123
  bandwidth 10240
  ip pim sparse-mode
  ip pim dense-mode
  ip ospf message-digest-key 1 md5 5 secret_password
  ip ospf message-digest-key 1 md5 7 0822455D0A16
  ip ospf cost 20000
  speed 1000
  full-duplex
  load-interval 30
  load-interval 300
  ip dhcp snooping trust
  switchport
  switchport nonegotiate
  switchport trunk encapsulation Dot1q
  switchport trunk allowed vlan 123
  switchport trunk allowed vlan add 123,456
  switchport trunk allowed vlan remove 123-124,125
  switchport mode access
  switchport access vlan 123
  ip address 192.0.2.0 255.255.255.0
  ip helper-address 192.0.2.1
  ip access-group NAME in
  ip access-group NAME out
  ip igmp query-interval 123
  switchport voice vlan 123
  ip redirects
  channel-group 1 mode active
  channel-group 1 mode on
  ipv6 redirects
  ip proxy-arp
  ip vrf forwarding NAME
  storm-control broadcast pps 1
  storm-control multicast pps 160000
  storm-control unknown-unicast kbps 64
  storm-control broadcast kbps 1280000
  storm-control action shutdown
  storm-control action trap
  ipv6 address PREFIX_NAME 0:0:0:1::/64 eui-64
  ipv6 address PREFIX_NAME 0:0:0:1::/64
  ipv6 address general-prefix 0:0:0:1::/64 eui-64
  ipv6 nd prefix ff02::/64
  ipv6 address fe80::5074:f2ff:feb1:a87f/64 link-local
  ipv6 address fe80::5074:f2ff:feb1:a87f/64 link-local cga
  standby version 2
  standby 1 ip 192.0.2.1
  standby 1 priority 200
  standby 1 preempt
  standby 1 preempt delay reload 200
  standby 1 preempt delay minimum 300 reload 300
  standby 2 ipv6 autoconfig
  standby 2 ipv6 ::1/64
  standby 1 track 1 decrement 10
  ipv6 enable
  logging event link-status
  logging event trunk-status
  spanning-tree portfast
  spanning-tree portfast edge
  spanning-tree portfast trunk
  shut
  no switchport
  no shutdown
  shutdown
  switchport port-security
  switchport port-security aging static
  switchport port-security aging time 1440
  switchport port-security aging type absolute
  switchport port-security aging type inactivity
  switchport port-security mac-address 1024
  switchport port-security mac-address sticky
  switchport port-security mac-address sticky 0.0.1
  switchport port-security mac-address vlan 4095
  switchport port-security mac-address vlan 1,2-3
  switchport port-security mac-address vlan 4095 voice
  switchport port-security mac-address 0.0.1 vlan voice
  switchport port-security maximum 4097
  switchport port-security maximum 4097 vlan 4095
  switchport port-security maximum 4097 vlan 1-4095  
  switchport port-security maximum 4097 vlan 1-2,4-4095  
  switchport port-security violation shutdown
  switchport port-security violation restrict
  switchport port-security violation protect
  snmp trap link-status
  snmp trap link-status permit duplicates
  snmp trap if-monitor
  spanning-tree bpduguard enable
  spanning-tree bpduguard disable
  service-policy output SOMETHING
  service-policy input SOMETHING
  exit

conf t

route-map ROUTE_MAP_NAME permit 10
 match ip address prefix-list PREFIX-LIST
 set extcommunity rt  12345:123
 set extcommunity rt  12345:123 additive

route-map ROUTE_MAP_NAME permit 20
 match ip address prefix-list PREFIX-LIST
 set extcommunity rt  12345:123
 set extcommunity rt  12345:123 additive
!
route-map ROUTE_MAP_NAME permit 30
 match ip address ACL_NAME
 set local-preference 123


snmp-server community TEST RO 1
snmp-server host 192.0.2.1 version 2c TEST
snmp-server host 192.0.2.1 version 3 auth TEST
snmp-server host 192.0.2.1 version 3 noauth TEST
snmp-server host 192.0.2.1 version 1 TEST udp-port 123 aaa server
snmp-server host 192.0.2.1 version 1 TEST cef
snmp-server host 192.0.2.1 version 1 TEST aaa server
snmp-server engineID local engineid-string
snmp-server file-transfer access-group NAME
snmp-server file-transfer access-group NAME protocol ftp
snmp-server file-transfer access-group NAME protocol scp
snmp-server file-transfer access-group NAME protocol rcp
snmp-server file-transfer access-group NAME protocol sftp
snmp-server file-transfer access-group NAME protocol tftp
snmp-server group NAME v1
snmp-server group NAME v2c
snmp-server group NAME v3 noauth
snmp-server group NAME v3 auth
snmp-server group NAME v3 priv
snmp-server group NAME v2c context NAME
snmp-server group NAME v2c context NAME read NAME
snmp-server group NAME v2c context NAME read NAME write NAME
snmp-server group NAME v2c context NAME read NAME write NAME notify NAME
snmp-server group NAME v2c context NAME read NAME write NAME notify NAME access ipv6 name
snmp-server group NAME v2c context NAME read NAME write NAME notify NAME access 99
snmp-server group NAME v2c context NAME read NAME write NAME notify NAME access name
snmp-server inform pending 25 retries 3 timeout 15
snmp-server inform pending 4294967295
snmp-server inform retries 100
snmp-server inform timeout 42949671
snmp-server ip dscp 63
snmp-server ip precedence 0
snmp-server contact ME
snmp-server location HERE
snmp-server manager
snmp-server manager session-timeout 600
snmp-server packetsize 484
snmp-server queue-length 10
snmp-server queue-limit dispatcher 100
snmp-server queue-limit engine 100
snmp-server queue-limit notification-host 10
snmp-server source-interface traps vlan10
snmp-server system-shutdown
snmp-server tftp-server-list ACL_NAME
snmp-server tftp-server-list 10
snmp-server trap authentication unknown-context
snmp-server trap authentication vrf
snmp-server trap link ietf
snmp-server trap link switchover
snmp-server trap retry 10
snmp-server trap timeout 30
snmp-server trap-source vlan10
snmp-server trap-timeout 30
snmp-server trap-authentication
snmp-server usm cisco


line con 0
  stopbits 1
  password secret_password
  modem enable
  transport preferred all
  transport output all
  exit

line aux 0
  transport preferred all
  transport output all
  exit

line vty 0 4
  access-class 42 in vrf-also
  access-class ssh_access in vrf-also
  transport input ssh telnet
  transport input telnet ssh
  transport input telnet
  transport input ssh
  logging synchronous
  transport input ssh
exit
end

monitor session 1 source interface Te1/1 - 2
monitor session 1 destination analysis-module 1 data-port 1
ntp source GigabitEthernet1/2
ntp clock-period 123456
ntp server 192.0.2.1

logout

! https://www.cisco.com/c/en/us/td/docs/routers/access/1800/1801/software/configuration/guide/scg/sampconf.html

Current configuration : 3781 bytes
!
version 12.3
no service pad
service password-encryption
service sequence-numbers
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec
service timestamps log datetime msec localtime show-timezone
no service password-encryption
!
hostname router
!
boot-start-marker
boot-end-marker
!
aaa new-model
!

! https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/security/a1/sec-a1-cr-book/sec-cr-a1.html#wp3188257209
aaa authentication dot1x default enable
aaa authentication dot1x default group radius
aaa authentication dot1x default line
aaa authentication dot1x default local
aaa authentication dot1x default local-case
aaa authentication dot1x default none

! https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/security/a1/sec-a1-cr-book/sec-cr-a1.html#wp3330656416
aaa accounting auth-proxy default none group name
aaa accounting system default none group name
aaa accounting commands 1 default none group name
aaa accounting commands 15 default none group name
aaa accounting network default none group name
aaa accounting exec default none group name
aaa accounting connection default none group name
aaa accounting dot1x default none group name
aaa accounting dot1x guarantee-first none group name
aaa accounting dot1x name vrf name start-stop group name
aaa accounting dot1x name vrf name stop-only group name
aaa accounting dot1x name vrf name none broadcast group name
aaa accounting dot1x name vrf name none broadcast radius

aaa group server radius rad_eap
  server 192.0.2.1 auth-port 1812 acct-port 1813
!
aaa authentication login default local
aaa authentication login default auth-guest
aaa authentication login default enable
aaa authentication login default guest
aaa authentication login default if-authenticated
aaa authentication login default if-needed
aaa authentication login default krb5
aaa authentication login default krb-instance
aaa authentication login default krb-telnet
aaa authentication login default line
aaa authentication login default local
aaa authentication login default none
aaa authentication login default radius
aaa authentication login default rcmd
aaa authentication login default tacacs
aaa authentication login default tacacsplus

aaa authentication login LIST_NAME group GROUP_NAME enable none
aaa authentication login default group GROUP_NAME enable none

! https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/security/a1/sec-a1-cr-book/sec-cr-a1.html#wp1598045725
aaa authorization auth-proxy default
aaa authorization auth-proxy list-name
aaa authorization cache list-name
aaa authorization config-commands list-name
aaa authorization configuration list-name
aaa authorization console list-name
aaa authorization exec list-name
aaa authorization ipmobile list-name
aaa authorization multicast list-name
aaa authorization network list-name
aaa authorization policy-if list-name
aaa authorization prepaid list-name
aaa authorization radius-proxy list-name
aaa authorization reverse-access list-name
aaa authorization subscriber-service list-name
aaa authorization template list-name

aaa authorization exec default cache group-name
aaa authorization exec default if-authenticated
aaa authorization exec default local
aaa authorization exec default none
aaa authorization exec default group ldap
aaa authorization exec default group radius
aaa authorization exec default group tacacs+
aaa authorization exec default group group-name
aaa authorization exec default group group-name cache group-name if-authenticated local none group ldap group radius group tacacs+ group group-name

aaa authorization auth-proxy default
! https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/security/a1/sec-a1-cr-book/sec-cr-a2.html#wp2385098032
aaa session-id unique
aaa session-id common

ip subnet-zero
ip cef
ip ssh version 2
ip scp server enable
!
vpdn enable
vpdn-group 1
request-dialin
protocol pppoe
!
interface dialer 1
ip address negotiated
ppp authentication chap
dialer pool 1
dialer-group 1
!
dialer-list 1 protocol ip permit
ip nat inside source list 1 interface dialer 0 overload
ip classless (default)
ip route 192.0.2.0 0.255.255.255 dialer 0
!
ip dhcp snooping
ip dhcp snooping vlan 123
ip dhcp excluded-address 192.0.2.1 192.0.2.10
!
ip dhcp pool vlan1
network 192.0.2.0 255.255.255.0
default-router 192.0.2.1
!
ip dhcp pool vlan2
  network 192.0.2.0 255.255.255.0
  default-router 192.0.2.1
!
ip dhcp pool vlan3
network 10.0.3.0 255.255.255.0
default-router 192.0.2.1
!
ip ips po max-events 100
no ftp-server write-enable
!
bridge irb
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface FastEthernet4
no ip address
!
interface FastEthernet5
no ip address
!
interface FastEthernet6
no ip address
!
interface FastEthernet7
no ip address
!
interface FastEthernet8
no ip address
!
interface FastEthernet9
switchport mode trunk
no ip address
!
interface FastEthernet0
  ip address 192.0.2.1 255.255.255.0
  no ip directed-broadcast
  ip nat outside
  ip access-group 103 in
  no cdp enable
  crypto ipsec client ezvpn ezvpnclient outside
  crypto map static-map
  duplex auto
  speed auto
!
interface FastEthernet1
no ip address
duplex auto
speed auto
!
!
interface Dot11Radio0
no ip address
!
broadcast-key vlan 1 change 45
!
encryption vlan 1 mode ciphers tkip
!
ssid cisco
vlan 1
authentication open
authentication network-eap eap_methods
authentication key-management wpa optional
!
ssid ciscowep
vlan 2
authentication open
!
ssid ciscowpa
vlan 3
  authentication open
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
rts threshold 2312
power local cck 50
power local ofdm 30
channel 2462
station-role root
!
interface Dot11Radio0.1
description Cisco Open
encapsulation dot1Q 1 native
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio0.2
encapsulation dot1Q 2
bridge-group 2
bridge-group 2 subscriber-loop-control
bridge-group 2 spanning-disabled
bridge-group 2 block-unknown-source
no bridge-group 2 source-learning
no bridge-group 2 unicast-flooding
!
interface Dot11Radio0.3
encapsulation dot1Q 3
bridge-group 3
bridge-group 3 subscriber-loop-control
bridge-group 3 spanning-disabled
bridge-group 3 block-unknown-source
no bridge-group 3 source-learning
no bridge-group 3 unicast-flooding
!
interface Vlan1
  ip address 192.0.2.1 255.255.255.0
  no ip directed-broadcast (default)
  crypto ipsec client ezvpn ezvpnclient inside
  ip inspect firewall in
  no cdp enable
  bridge-group 1
  bridge-group 1 spanning-disabled
!
interface Vlan2
no ip address
bridge-group 2
bridge-group 2 spanning-disabled
!
interface Vlan3
no ip address
bridge-group 3
bridge-group 3 spanning-disabled
!
interface BVI1
ip address 192.0.2.1 255.255.255.0
ip nat inside
!
interface BVI2
ip address 192.0.2.1 255.255.255.0
!
interface BVI3
ip address 192.0.2.1 255.255.255.0
!
ip classless
!
ip http server
no ip http secure-server
!
radius-server local
  nas 192.0.2.1 key 0 secret_password
  group rad_eap
!
user jsomeone nthash 7 0123456789ABCDEF492143375828267C7A760E1113734624452725707C010B065B
user DOMAIN\someone nthash 7 0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF01

!
radius-server host 192.0.2.1 auth-port 1812 acct-port 1813 key secret_password
!
control-plane
!
bridge 1 route ip
bridge 2 route ip
bridge 3 route ip
!
ip inspect name firewall tcp
ip inspect name firewall udp
ip inspect name firewall rtsp
ip inspect name firewall h323
ip inspect name firewall netshow
ip inspect name firewall ftp
ip inspect name firewall sqlnet
!
access-list 101 permit icmp host 192.0.2.1 any echo
access-list 101 permit icmp host 192.0.2.1 any echo-reply
access-list 101 permit icmp host 192.0.2.1 any unreachable
access-list 101 permit icmp host 192.0.2.1 any time-exceeded
access-list 101 permit udp host 192.0.2.1 any eq isakmp
access-list 101 permit udp host 192.0.2.1 eq isakmp any
access-list 101 permit esp host 192.0.2.1 any
access-list 101 permit icmp any any
access-list 101 deny ip any any
access-list 101 permit ip 192.0.2.0 0.0.0.255 192.0.2.0 0.0.255.255
access-list 101 permit ip 192.0.2.0 0.0.0.255 eq 1050 192.0.2.0 0.0.255.255
access-list 101 permit ip 192.0.2.0 0.0.0.255 eq 1050 established 192.0.2.0 0.0.255.255
no cdp run
!
line con 0
  password secret_password
  no modem enable
  modem enable
  transport preferred all
  transport output all
!
line aux 0
  transport preferred all
  transport output all
!
line vty 0 4
  password secret_password
  transport preferred all
  transport input all
  transport output all
!

aaa server radius dynamic-author
  client 192.0.2.1
  client 192.0.2.1/23
  client host.example.com
  client host.e
  client 192.0.2.1 server-key 0 asdf asdf
  client 192.0.2.1 server-key 6 asdf
  client 192.0.2.1 server-key 7 asdf
  client 192.0.2.1 server-key 2 asdf
  client 192.0.2.1 vrf blue
  client 192.0.2.1 invalid

aaa group server radius sg1
  server 192.0.2.1
  server 192.0.2.1


policy-map QOS_STUFF
  class VOICE
    priority 3600
  class VOICE-CONTROL
    bandwidth percent 2
    police cir 1234567
    conform-action transmit
    exceed-action drop
    violate-action drop
    shape average 123
    service-policy SOMETHING


class-map match-all VOICE
  match ip dscp ef
  exit


class-map match-all VIDEO-SERVER
  match access-group 6


login block-for 30 attempts 7 within 20
!security password min-length 9
!no service password-recovery
service password-encryption
service tcp-keepalives-in
service tcp-keepalives-out
service sequence-numbers
service timestamps log
service timestamps log uptime
service timestamps debug uptime
service timestamps log datetime show-timezone year
service timestamps log datetime localtime show-timezone
! Invalid, example given in issue https://github.com/heyglen/network_tech/issues/10
! Waiting for response...
service timestamps log datetime localtime msec year show-timezone
service timestamps debug datetime localtime msec year show-timezone

clock timezone EST -5
clock timezone AT -3 30
clock timezone PST -8

clock summer-time EST recurring 2 Sun Mar 20:00 1 Sun Nov 02:00
clock summer-time EST recurring 2 Sun Mar 20:00 1 Sun Nov 02:00 60
clock summer-time PDT recurring 1 Sunday April 2:00 last Sunday October 2:00 
clock summer-time EST date 12 October 1997 2:00 26 April 1998 2:00
clock summer-time EST date 12 October 1997 2:00 26 April 1998 2:00 01
clock summer-time EST date October 12 1997 2:00 April 26 1998 2:00
clock summer-time EST date October 12 1997 2:00 April 26 1998 2:00 01

ntp server [NTP_SVR-1] prefer
ntp server [NTP_SVR-1]
no ip domain-lookup
ip domain-name [DOMAIN]
ip name-server [DNS1]
ip name-server [DNS2]
ip subnet-zero
ip classless
ip igmp snooping querier
no ip http server
no ip http secure-server
no ip finger
no service finger
no logging console
no logging monitor
no ip source-route
no service pad
spanning-tree mode rapid-pvst
! VTP Disable
vtp mode off
no vtp mode
vtp mode off
vtp mode transparent
vtp mode server
vtp mode client
vtp domain locIDF##
vtp password locIDF##
vtp version 2
vtp mode off
no vtp mode
!


!***************************************************
!SSH CONFIGURE
!***************************************************
!
crypto key zeroize rsa
crypto key zeroize rsa noconfirm
crypto key generate rsa modulus 2048 noconfirm


crypto key zeroize rsa
!
!
crypto key generate rsa general-keys modulus 2048
ip ssh authentication-retries 2
ip ssh source-interface vlan 400
ip ssh version 2
ip scp server enable
!
line vty 0 15
! exec-timeout 10 30
logging synchronous
! login local
exec prompt timestamp
history size 100
transport input ssh
transport output ssh
exit
!
line aux 0
  transport input none
  transport output none 
exit

line console 0
exec-timeout 30 30
logging synchronous
login local
login tacacs
login
exec prompt timestamp
history size 100
exit
!
!line aux 0
!no exec
!exit
!

ip sla 1
  icmp-echo 192.0.2.1 source-ip 192.0.2.2
  icmp-echo 192.0.2.1 source-ip 1::1
  icmp-echo 192.0.2.1 source-interface Tunnel123
  icmp-echo 0:0:0:1::1 source-interface Tunnel123
  icmp-echo host.example.com source-interface Tunnel123
  tag ASCII_TAG
  tos 184
  vrf RED
  threshold 2000
  timeout 604800000
  frequency 5
  udp-jitter host.example.com 443 
  udp-jitter 192.0.2.1 443 endpoint-list NAME
  udp-jitter ::1 443 ssm
  udp-jitter host.example.com 443 source-ip 192.0.2.1
  udp-jitter host.example.com 443 source-ip 192.0.2.1 source-port 65535
  udp-jitter host.example.com 443 control enable
  udp-jitter host.example.com 443 control disable
  udp-jitter host.example.com 443 control disable num-packets 123
  udp-jitter host.example.com 443 control disable interval 123

ip sla schedule 1 life 1
ip sla schedule 1 life forever start-time now
ip sla schedule 1 start-time now
ip sla schedule 1 start-time pending
ip sla schedule 1 start-time after 01:02
ip sla schedule 1 start-time after 01:02:03
ip sla schedule 1 ageout 20
ip sla schedule 1 recurring

tacacs server HIDDENSERVER
 address ipv4 HIDDENIP
 key 7 025A1758190F1F35124F051C17035A4C1417396B2D3B732727616C27293C2F7363726970743E
 timeout 7
!
tacacs server HIDDENSERVER
 address ipv4 HIDDENIP
 key 7 025A1758190F1F35124F051C17035A4C1417396B2D3B732727616C27293C2F7363726970743E
 timeout 7
!
aaa group server tacacs+ TACACS_GROUP
 server name HIDDENSERVER
 server name HIDDENSERVER
!

crypto isakmp policy 1
encryption 3des
authentication pre-share
group 2
lifetime 480
!
crypto isakmp client configuration group rtr-remote
key secret-password
dns 192.0.2.1 192.0.2.2
domain company.com
pool dynpool
!
crypto ipsec transform-set vpn1 esp-3des esp-sha-hmac
!
crypto ipsec security-association lifetime seconds 86400
!
crypto dynamic-map dynmap 1
set transform-set vpn1
reverse-route
!
crypto map static-map 1 ipsec-isakmp dynamic dynmap
crypto map dynmap isakmp authorization list rtr-remote
crypto map dynmap client configuration address respond

crypto ipsec client ezvpn ezvpnclient
connect auto
group 2 key secret-password
mode client
peer 192.0.2.1