TWiki> DocumentCisco Web>IEWBv4-L2 (01 Oct 2009, jcube)EditAttachTEX/PDF
Notes:

1.1 Bridging and switching

SW1 

vtp domain IE
vtp mode server
vtp password CISCO
ip routing vlan 3,5,10,783,26,6,26,52,33,255
int ra fa 0/1 - 24, gi 0/1 - 2
shutdown
int fa 0/1
no switchport
ip address 132.X.17.7 255.255.255.0
no sh
int fa 0/3
sw mod ac
sw ac v 3
no sh
int fa 0/5
sw mod ac
sw ac v 5
no sh
int fa 0/9
sw mod ac
sw ac v 10
no sh
int fa 0/10
sw mod ac
sw ac v 10
no sh
int vlan 783
no shut

SW2 

conf t
vtp mode client
vtp domain IE
vtp password CISCO
int ra fa 0/1 - 24, gi 0/1 - 2
shutdown
int fa 0/2
sw mod ac
sw ac v 26
no sh
int fa 0/6
sw trunk enca dot1q
sw mod trunk
no sh
int fa 0/24
sw mod ac
sw ac v 52
no sh
int vlan 8
no shut
int vlan 783
no shut

SW3 

vtp mode client
vtp domain IE
vtp password CISCO
int ra fa 0/1 - 24, gi 0/1 - 2
shutdown
int fa 0/3
sw mod ac
sw ac v 33
no sh
int fa 0/5
sw mod ac
sw ac v 52
no sh
int fa0/24
sw mod ac
sw ac v 783
no sh
int fa 0/4
sw mod ac
sw ac v 255
no sh

SW4 

vtp mode client
vtp domain IE
vtp password CISCO

1.2 EtherChannel 

SW1(config)# interface range FastEthernet? 0/13 - 15 
SW1(config-if-range)# channel-group 1 mode on

SW2(config)# interface range FastEthernet? 0/13 - 15 
SW2(config-if-range)# channel-group 1 mode on

SW2(config)# interface portchannel1 
SW1/2(config)# switchport trunk encapsulation isl

1.3 EtherChannel 

SW1(config)# interface range FastEthernet? 0/16 - 18 
SW1(config-if-range)# channel-group 2 mode active 
SW1(config-if-range)# channel-protocol lacp

SW3(config)# interface FastEthernet? 0/13 - 15 
SW3(config-if-range)# channel-group 2 mode active 
SW3(config-if-range)# channel-protocol lacp

SW1(config)# interface portchannel2 
SW1(config-if)# switchport trunk encapsulation dot1q 
SW1(config-if)# switchport trunk native vlan 783 
SW1(config-if)# switchport mode trunk

SW3(config)# interface portchannel2 
SW3(config-if)# switchport trunk encapsulation dot1q 
SW3(config-if)# switchport trunk native vlan 783 
SW3(config-if)# switchport mode trunk

1.4 Link aggregation 

SW1(config)# interface range Fa0/19 - 20 
SW1(config-if)# channel-group 2 mode active

SW4(config)# interface range Fa0/13 - 14 
SW4(config-if)# channel-group 2 mode passive

SW1(config)# interface portchannel 2 
SW1(config-if)# switchport trunk encapsulation isl 
SW1(config-if)# switchport mode trunk

SW4(config)# interface portchannel 2 
SW4(config-if)# switchport trunk encapsulation isl 
SW4(config-if)# switchport mode trunk

1.5 Trunking

done in 1.1 
SW2(config)# interface FastEthernet? 0/6 
SW2(config-if)# switchport nonegotiate

1.6 Pruning 

SW1(config)# vtp pruning

1.7 802.1x authentication 

SW1(config)# aaa new-model 
SW1(config)# aaa authentication dot1x default group radius 
SW1(config)# aaa authorization network default gorup radius 
SW1(config)# interface range fa0/9 - 10 
SW1(config-if-range)# dot1x port-control auto 
SW1(config)# dot1x system-auth-control 
SW1(config)# radius-server host 204.12.X.100 key CISCO 
SW1(config)# radius-server update-source 150.X.7.7 
SW1(config)# username admin privilege-level 15 secret admin 
SW1(config)# interface loopback 100 
SW1(config-if)# ip address 150.X.7.7 255.255.255.255

1.8 Management 

SW1(config)# router ospf 1 
SW1(config-router)# max-lsa 4000

SW2(config)# router ospf 1 
SW2(config-router)# max-lsa 4000

2.1 Full mesh 

R1(config)# interface Serial 0/0 
R1(config-if)# encapsulation frame-relay 
R1(config-if)# ip address 132.X.0.1 255.255.255.0 
R1(config-if)# no frame-relay inverse-arp 
R1(config-if)# frame-relay interface-dlci 102 
R1(config-if)# frame-relay interface-dlci 103 
R1(config-if)# frame-relay interface-dlci 104 
R1(config-if)# frame-relay map ip 132.X.0.3 103 br 
R1(config-if)# frame-relay map ip 132.X.0.2 102 br 
R1(config-if)# frame-relay map ip 132.X.0.4 104 br 
R1(config-if)# no shutdown

R2(config)# interface Serial 0/0 
R2(config-if)# encapsulation frame-relay 
R2(config-if)# ip address 132.X.0.2 255.255.255.0 
R2(config-if)# no frame-relay inverse-arp 
R2(config-if)# frame-relay interface-dlci 201 
R2(config-if)# frame-relay interface-dlci 203 
R2(config-if)# frame-relay interface-dlci 204 
R2(config-if)# frame-relay map ip 132.X.0.1 201 br 
R2(config-if)# frame-relay map ip 132.X.0.4 204 br 
R2(config-if)# frame-relay map ip 132.X.0.3 203 br 
R2(config-if)# no shutdown

R3(config)# interface Serial 1/3 
R3(config-if)# encapsulation frame-relay 
R3(config-if)# ip address 132.X.0.3 255.255.255.0
R3(config-if)# no frame-relay inverse-arp 
R3(config-if)# frame-relay interface-dlci 302 
R3(config-if)# frame-relay interface-dlci 301 
R3(config-if)# frame-relay interface-dlci 304 
R3(config-if)# frame-relay map ip 132.X.0.1 301 br 
R3(config-if)# frame-relay map ip 132.X.0.2 302 br 
R3(config-if)# frame-relay map ip 132.X.0.4 304 br 
R3(config-if)# no shutdown

R4(config)# interface Serial 0/0 
R4(config-if)# encapsulation frame-relay 
R4(config-if)# ip address 132.X.0.4 255.255.255.0 
R4(config-if)# no frame-relay inverse-arp 
R4(config-if)# frame-relay interface-dlci 401 
R4(config-if)# frame-relay interface-dlci 402 
R4(config-if)# frame-relay interface-dlci 403
R4(config-if)# frame-relay map ip 132.X.0.1 401 br 
R4(config-if)# frame-relay map ip 132.X.0.2 402 br 
R4(config-if)# frame-relay map ip 132.X.0.3 403 br 
R4(config)# no shutdown

2.2 Frame-relay 

R3(config)# interface Serial1/1 
R3(config-if)# encapsulation frame-relay
R3(config-if)# no shutdown
R3(config)# interface Serial1/1.1 point-to-point 
R3(config-subif)# frame-relay interface-dlci 315 
R3(config-subif)# ip address 132.X.35.3 255.255.255.0 
R3(config-subif)# no frame-relay inverse-arp 
R3(config-subif)# frame-relay map ip 132.X.35.5 315 br

R5(config)# interface Serial0/0 
R5(config-if)# encapsulation frame-relay 
R5(config-if)# no shutdown 
R5(config)# interface Serial0/0.1 point-to-point 
R5(config-subif)# frame-relay interface-dlci 513 
R5(config-subif)# ip address 132.X.35.5 255.255.255.0 
R5(config-subif)# no frame-relay inverse-arp 
R5(config-subif)# frame-relay map ip 132.X.35.3 513 br
2.3 Frame relay point-to-point 
R6(config)# interface Serial 0/0/0 
R6(config-if)# encapsulation frame-relay 
R6(config-if)# no frame-relay inverse-arp 
R6(config-if)# frame-relay interface-dlci 100 
R6(config-if)# ip address 54.X.2.6 255.255.255.0 
R6(config-if)# frame-relay map ip 54.X2.254 100 br 
R6(config-if)# no shutdown
2.4 Frame relay Traffic shaping

R2 PORT_SPEED = 512000 bps R2 CIR = 128000 DLCI 204

R4 PORT_SPEED 512000 R4 CIR 128000 DLCI 402 minimalne Tc=10s

Tc=Bc/CIR ;; Bc+Be = Port speed bc = 128000, be = 0 ; tc = 10ms

ostatne 125 ms. 

class-map frame-relay DLCI_204 ; identicky 402 cir 128000 bc 12800 be 0
frame-relay traffic-shaping class_map frame-relay OTHER_DLCI cir 64000 be 0 bc 8000
frame-relay traffic-shaping

interface Serial 0/0 frame-relay interface-dlci ... class OTHER_DLCI
frame-relay interface-dlci 204 class DLCI_204

3.1 HDLC 

R2(config)# interface Serial 0/1 
R2(config-if)# encapsulation hdlc 
R2(config-if)# compression stacker

R3(config)# interface Serial 1/3 
R3(config-if)# encapsulation hdlc 
R3(config-if)# compression stacker

3.2 PPP 

encapsulation ppp
ppp authentication chap
ppp chap hostname ROUTER4/ROUTER5
ppp chap password CISCO

username ROUTER4/ROUTER5 password 0 CISCO

4.1 OSPF 

R1(config)# router ospf 1 
R1(config-router)# network 132.X.0.0/24 
R1(config)# interface Serial 0/0 
R1(config-if)# ip ospf network point-to-multipoint 
R1(config)# interface loopback0 
R1(config-if)# ip ospf 1 ar 0

R2(config)# router ospf 1 
R2(config-router)# network 132.X.0.0/24 
R2(config)# interface Serial 0/0 
R2(config-if)# ip ospf network point-to-multipoint

R3(config)# router ospf 1 
R3(config-router)# network 132.X.0.0/24 
R3(config)# interface Serial 1/3 
R3(config-if)# ip ospf network point-to-multipoint

R4(config)# router ospf 1 
R4(config-router)# network 132.X.0.0/24 
R4(config)# interface Serial 0/0 
R4(config-if)# ip ospf network point-to-multipoint 
R4(config)# interface Loopback 0 
R4(config-if)# ip ospf 1 ar 0

4.2 OSPF 

R1(config)# interface FastEthernet? 0/0 
R1(config-if)# ip ospf 1 ar 17 
R1(config-if)# ip ospf authentication-key 1 CISCO

R1(config)# router ospf 1 
R1(config-router)# area 17 authentication

SW1(config)# interface Fa0/1 
SW1(config-if)# ip ospf 1 ar 17 
SW1(config-if)# ip ospf authentication-key 1 CISCO

SW1(config)# router ospf 1 
SW1(config-router)# area 17 authentication

4.3 OSPF 

SW1(config)# interface vlan 3 
SW1(config-if)# ip ospf 1 ar 3 
SW1(config-if)# ip ospf network point-to-multipoint non-broadcast 
SW1(config-if)# neighbor 132.X.3.3 
SW1(config)# interface vlan 33 
SW1(config-if)# ip ospf network point-to-multipoint non-broadcast 
SW1(config-if)# ip ospf 1 ar 33 
SW1(config)# inerface vlan 255 
SW1(config-if)# ip ospf 1 ar 33 
SW1(config-if)# ip ospf network point-to-multipoint non-broadcast

R3(config)# interface E0/0 
R3(config-if)# ip ospf 1 ar 3 
R3(config-if)# ip ospf network point-to-multipoint non-broadcast 
R3(config-if)# neighbor druha_strana VLAN 3

R3(config)# interface E0/1 
R3(config-if)# ip ospf 1 ar 33 
R3(config-if)# ip ospf network point-to-multipoint non-broadcast 
R3(config-if)# neighbor ...druha strana vlan 33

SW3(config)# interface vlan 255 
SW3(config-if)# ip ospf network point-to-multipoint non-broadcast 
SW3(config-if)# neighbor 132.X.255.9, 10...

SW4(config)# interface vlan 255 
SW4(config-if)# ip ospf network point-to-multipoint non-broadcast 
SW4(config-if)# neighbor ...

4.5 EIGRP 

R2(config)# router eigrp 10 
R2(config-router)# no auto-summary 
R2(config-router)# neighbor 132.X.26.6

R6(config)# router eigrp 10 
R6(config-router)# no auto-summary 
R6(config-router)# neighbor 132.X.26.2

4.6 EIGRP 

R6(config)# interface Gi0/0.26 
R6(config-if)# ip summary-address eigrp 200.0.0.0/...

4.7 EIGRP 

R5(config)# router eigrp 10 
R5(config-router)# redistribute connected route-map FILTER

R6(config)# router eigrp 10 
R6(config-router)# redistribute connected route-map FILTER

R5/6(config)# route-map FILTER 
R5/6(config-route-map)# permti ... VLAN5, 52, 6 Ak by na tom smerovaci neexistovali, tak by som ich vniesol cez redistribute static

4.8 Routing redundancy 

backup interface ...
backup delay 60 300
backup active

4.9 RIPv2 

router rip
no auto-summary
version 2
network ...
distribute-list FILTER_LO out

4.10 

ip access-list standard ACL permit 0.0.0.0 255.254.255.255
router rip
offset-list ACL in 16

4.11 Redistribution

BGP"> 5.1 BGP

peering normalne, ale neviem ako spravit backup aby sa zdvihol z ineho routra ale iba vtedy ak nieco spadne...

BGP Peering"> 5.2 BGP Peering 

neighbor BB2 password CISCO

BGP Peering"> 5.3 BGP Peering 

router bgp 400
neighbor local-as 100
no-prepend

BGP filtering"> 5.4 BGP filtering

route-mapa pre AS-PATH, ak obsahuje AS54, remove

5.5 Sumarizacia 

aggregate-address 132.X.0.0 MASK summary-only
neighbor ...
suppress-map
neighbor ...
unsuppress-map

6.1 PIM 

ip multicast-routing
ip pim sparse-mode

ip pim rp-address ADRESA_LOOPBACKU

6.2 Multicast testing 

ip mrm manager LOL manager ethernet 228.28.28.28 senders ACL receivers ACL

ip mrm test-sender
ip mrm test-receiver

6.3 Multicast traffic control

- netusim

7.1 IPv6 Deployment 

R2(config)# ipv6 unicast-routing 
R2(config)# interface loopback0 
R2(config-if)# ipv6 address 2001:CC1E:X::2/128

R2(config)# interface Serial 0/0 
R2(config-if)# ipv6 address 2001:CC1E:X:2323::2/64 
R2(config-if)# frame-relay map ipv6 2001:CC1E:X:2323::3 203 br 
R2(config)# ipv6 route 2001:CC1E:X::3/128 2001:CC1E:X:2323::3 ... detto na R3...

8.1 Congestion management 

class-map match-all TEST
match ip address ACL policy-map LOL
class TEST
bandwidth 256000
interface Serial 0/0 service-policy TEST

8.2 Policy routing

ACL pre FTP spojenie 
ip policy route-map route-mapa
route-map route-mapa match ip address ACL set ip next-hop...
HDLC link

8.3 Congestion management 

class-map match-all HDLC
match ip address ACL policy-map POL class HDLC
bandwidth 256000

int serial (hdlc) service-policy POL

9.1 Router hardening 

no ip source-route
no ip proxy-arp
no bootp server
banner login "Access to this device or the attached networks is prohibited without express written permission."

9.2 Traffic filtering 

deny udp any any eq 161 log

9.3 Traffic logging 

logging 132.X.33.100

9.4 ICMP filtering 

deny icmp zvnutra any permit ip any any

10.1 RMON 

rmon alarm 1
lsystem.58.0 60
absolute rising-treshold 75 1
falling-treshold 40 2
rmon event 1
trap "Five Minute CPU Average Above 75%"
rmon event 2
trap "Five Minue CPU Average Below 40%"
snmp-server 132.X.33.100
community IETRAP

10.2 remote access 

username NOC password CISCO
line vty 0 15
exec-timeout 5
absolute-timeout 900
logout-warning 60

10.3 Remote access security 

username NOC secret CISCO

10.4 Syslog 

logging 132.X.33.100
logging trap 7
int s 1/0
logging event link-status

11.1 Traffic Accounting 

ip accounting
ip accounting-treshold 2500
Notes! R4 E0/0 is connected to SW2 Fa0/4 UNUSED SW4 Fa0/5 connected to R6 G0/1 UNUSED To remove: username admin secret admin @ SW1 line con 0, privilege level 15, no login @ SW1

-- Main.JCube - 29 Sep 2009

Edit | Attach | Print version | History: r2 < r1 | Backlinks | Raw View | More topic actions
Topic revision: r2 - 01 Oct 2009 - 21:34:13 - jcube
 
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback