CCIE Command

Frame Relay configuration
* interface serial 0
- ip address 192.168.1.0 255.255.255.0
- encapsulation frame-relay
- frame-realy lmi-type cisco
Frame-Relay ARP
- no frame-relay inverse-arp
- no shutdown
Static Frame-Relay Mapping
- frame-relay map ip 192.168.1.3 403 broadcast
Frame-Relay Multipoint configuration (static)
- interface serial 0/0.100 multipoint
- ip address 192.168.1.5 255.255.255.0
- frame-relay map ip 192.168.1.4 505 broadcast
Catalyst 3550 Switching
VTP (vlan trunking protocol)
- vtp mode server
- vtp domain CCIE
- vtp mode client
- vtp mode transparent
VTP server
#
-
vlan database
vtp server
vtp domain CCIE
vtp password cisco
exit
VTP VERSION
# vlan database
- vtp v2-mode
- exit
VLAN PRUNING
# vlan database
- vtp pruning
- exit
TRUNK PORT CONFIGURATION
# interface fastethernet 0/24
- switchport trunk encapsulation isl / dot1q
- switchport mode trunk
- switchport access vlan 1
- end
- switchport trunk encapsulation dot1q
- swtichport trunk native vlan 1

VLAN ALLOWED
- switchport trunk allowed vlan except 2- 150
#interface fastethernet 0/23
- switchport trunk allowed vlan except 200-300
- exit
VLAN PRUNNG ELIGIBLE
- switchport trunk pruning vlan 2-501
- exit
- switchport trunk pruning vlan 502-1002
- exit
CONFIGURATION 802.1Q TUNNELING
- switchport mode dot1q-tunnel
- exit
- switch port mode dot1q-tunnel
- exit
# vlan dot1q tag native
# exit
L2TP TUNNELING ON SWITCH
- switchport mode access
- l2protocol-tunnel vtp
- exit
# errdisable recovery cause l2tpguard
#l2protocol - tunnel cos 5
# exit
INTERFACE SPEED AND DUPLEXING
- speed 100 (mbps ) or speed 1000 (mbps)
- duplex auto or duplex full or duplex half
ETHERCHANNEL CONFIGURATION
#interface ethernet 0/24
- switchport trunk encapsulation isl
- channel-group 1 mode auto

#interface ethernet 0/23
- switchport trunk encapsulation isl
LAYER 3 ETHERCHANNEL ON SWTCH 3550
# interface port-channel 1
- no switchport
- ip add 192.168.1.1 255.255.255.0
- exit
- no switchport
- no ip address
- no switchport
- no ip adress
- exit
ETHERCHANNEL LOAD BALANCE
# port-channel load-balance {dst-mac or src-mac }
ROUTE BRDGE SELECTON
# spanning-tree vlan 20 root primary diameter 7
-
vlan
vlan
vlan
vlan
20
20
20
20
bridge
bridge
bridge
bridge
priority set to 24576

max aging time unchanged at 20
hello time unchanged at 2
forward delay unchanged 15
SECONDARY ROOT BRIDGE

# spanning-tree vlan 30 root secondary diameter 7
- vlan 30 bridge priority set to 28672
- vlan 30 bridge max aging time unchanged at 20
- vlan 30 bridge hello time unchanged at 2
- vlan 30 bridge forward delay unchanged at 15
MANUAL MODIFY BRIDGE PRIORITY
3550# configure terminal
3550(config)# spanning-tree vlan 30 priority 4096
MANUAL CONFIGURE HELLO,FORWARD,DELAY,MAX AGE
3550#
3550(config)#
3550(config)#
3550(config)#
3550(config)#
spanning-tree vlan 20 hello-time 1

spanning-tree vlan 20 forward-time 4
spanning-tree vlan 20 max-age 6
exit
3550#
CONFIGURE PORT PRIORITY
****Access port configuration****
3550(config)# interface fastethernet 0/3
3550(config-if)# spanning-tree port-priority 1
3550(config)# end
3550#
**** Trunk port configuration****
3550(config-if)# spanning-tree vlan 20 port-priority 1
3550(configif)# end
3550(config)#
CONFIGURE PATH COST

**** Access port configuration ****
3550(config-if)# spanning-tree cost 2
3550(config-if)# end
3550#
**** Trunk port configuration****
3550(config-if)# spanning-tree vlan 20 cost 2
3550#
CONFIGURE PORTFAST
**** Access port configuration ****
3550(config-if)# spanning-tree portfast
3550#
**** trunk port configuration****
3550(config-if)# spanning-tree portfast trunk
3550#
CONFIGURE BRIDGE PACKET DATA UNIT(BPDU) GUARD
**** Global Level ****

3550(config)# spanning-tree portfast bpduguard default
3550#
**** Interface Level ****
3550(config-if)# spanning-tree portfast bpduguard enable
3550#
CONFIGURE UPLINKFAST
3550(config)# spanning-tree uplinkfast
3550#
CONFIGURE BACKBONEFAST
3550(config)# spanning-tree backbonefast
CONFIGURE ROOT GUARD
3550(config-if)# spanning-tree guard root
3550#
CONFIGURE LOOP GUARD
3550(config)# spanning-tree loopguard default
CONFIGURE EIGRP
- router eigrp 100
- network 192.168.1.0 0.0.0.255
CONFIGURE BANDWTH
- interface serial 0/0
- bandwith 20
- ip bandwith-percent eigrp 100 200
CONFIGURE ROUTE-SUMMARZATON EIGRP
- ip summary-address eigrp 100 192.168.0.0 0.0.0.248
CONFIGURE STUB NETWORK EIGRP

- router eigrp 100
- network 192.168.0.0 0.0.255.255
- network 10.1.1.0 0.0.0.255
- stub receive only
*(receive only sadece connected bilgilerinden baska hi bir route gndermez)
*(connected ise sadece komsuya bilgilerini yollar)
*(static ise btn routing bilgilerini yollar)
*(summary ise sadece summary bilgilerini yollar)
CONFIGURE UNEQUAL-COST LOAD BALANCING EIGRP
-
router eigrp 100

variance 12
maxmimum-paths 2
traffic-share balanced
interface serial 0/0
bandwith 100 kbps
CONFIGURE OSPF DR/BDR ELECTION

- router ospf 100
- network 192.168.1.0 0.0.0.255 area 0 or 0.0.0.0
- router-id 1.1.1.1 ( * ilk bu deere baklr router id )
- ip ospf priority 0 ( * ikinci olarak priority deerine baklr)
- interface loopback 0
- ip add 120.120.12.11 255.255.255.0 ( * cnc olarakda loopback adrese baklr buda ayn d
eerde ise fiziksel adrese baklr )
CONFIGURE OSPF STUB AREA
Router 1
-
configure terminal
router ospf 100
network 192.168.0.0 0.0.0.255 area 0
network 172.16.2.0 0.0.0.255 area 4
area 4 stub
Router 2
-
configure terminal
router ospf 100
network 172.16.2.0 0.0.0.255 area 4
area 4 stub
''Area 4 Stub'' routerlar arasnda type 5 bilgilerinin gitmesini engelliyor. Yani

LSA (link state advertisements )
CONFIGURE TOTALLY STUB ( ONLY CISCO)
Router 1
- configure terminal
- router ospf 100
- network 192.168.0.0 0.0.0.255 area 0

- network 172.16.2.0 0.0.0.255 area 2
- area 2 stub no-summary
Router 2
-
configure terminal
router ospf 100
network 172.16.2.0 0.0.0.255 area 2
area 2 stub
''Area 2 stub no-summary '' Routerlar arasnda type 3 ve type 4 bilgilerinin gitme
sini engelliyor (Type 3/4 LSA)
CONFIGURE NOT SO STUBY AREA(NSSA)
Router 1
-
configure terminal
router rip
network 10.0.0.0
router ospf 100
network 172.16.45.5 0.0.0.0 area 4
area 4 nssa
redistrubute rip subnets
Router 2
-
configure terminal
router ospf 100
network 172.16.45.4 0.0.0.0 area 4
network 172.16.14.4 0.0.0.0 area 0
area 4 nssa no-summary
'' Area 4 nssa '' Type 7 gelen bilgileri Type 5 bilgilerine cevirme ilemini gerekl
etiriyor.
'' Area 4 nssa no-redistribution '' Type 7 bilgilerinin yollanmasna izin verilmiy
or ayr ca type 4 bilgilerininde gitmesine izin verilmiyor. Type 3 yani default ro
ute
bilgileri yollanyor.
CONFIGURE OSPF DEFAULT ROUTE
-
configure terminal
router ospf 100
network 172.16.45.4 0.0.0.0 area 4
network 172.16.14.4 0.0.0.0 area 0
area 4 nssa no-summary
area 4 default-information-originate
'' Area 4 default-information-originate '' bu karsndaki ASBR dan type 3/4 bilgile
rini istemeye yarayan bir komuttur.
CONFIGURE OSPF COST OF THE DEFAULT ROUTE
- router ospf 100

- area 4 default-cost 100
** area <area-id> default-cost <0-16777215>
====== > command line
''area 4 default-cost 100'' area lara route lardaki oncelik verilmesi iin kullanla
n bir komut
CONFIGURATION OSPF EXTERNAL ROUTE SUMMARZATON
-configure terminal
- router ospf 100
- summary-address 192.168.0.0 255.255.0.0
BGP CONFIGURATION
-
BGP tcp port 170 kullanyor

farkl otonom sistemler arasnda kullanlyor
ibgp sadece ayn otonom sistemlerde , ebgp ise farkl otonom sistemlerde kullanlr.
artiribute
- weight
- local preference
- med ( multi-exit discriminator)
- origin
- AS path
- next hop
- community
- bgp sadece bir yol kullanr
CONFIGURATION IBGP
Router 1
- router bgp 100
- neighbor 172.16.4.1 remote-as 100
Router 2
- router bgp 100
CONFIGURATION BGP ROUTER ID
- router bgp 100
- bgp router-id 1.1.1.1
CONFIGURATON ROUTE-REFLECTOR ON BGP
- router bgp 100
- neighbor 172.16.31.1 route-reflector-client
CONFIGURATION FAULT TOLERANS ON BGP
Router 4
-
interface loopback 0
ip address 4.4.4.4 255.255.255.0
router bgp 100
neighbor 5.5.5.5 remote-as 100
neighbor 5.5.5.5 update-source loopback 0
neighbor 6.6.6.6 update-source loopback 0
Router 5
- interface loopback 0
- ip address 5.5.5.5 255.255.255.0
-router bgp 100
- neighbor 4.4.4.4 update-source loopback 0
- neighbor 5.5.5.5 update-source loopback 0
CONFIGURATION EBGP MULTIHOP
Router 4
-configure terminal
- router bgp 100
- neighbor 172.16.56.6 ebgp-multihop
- exit
- ip route 172.16.56.0 255.255.255.0 172.16.45.5
Router 5
-
configure terminal
router bgp 200
neighbor 172.16.45.4 ebgp-multihop
exit
ip route 172.16.45.0 255.255.255.0 172.16.56.5
CONFIGURATION EBGP LOAD BALANCING

Router 4
-
configure terminal
ip address 4.4.4.4 255.255.255.0
router bgp 100
neighbor 5.5.5.5 update-source-loopback 0
network 4.4.4.0 mask 255.255.255.0
- exit
- ip route 5.5.5.0 255.255.255.0 172.16.44.5
- ip route 5.5.5.0 255.255.255.0 172.16.45.5
Router 5
-
configure terminal
ip address 5.5.5.5 255.255.255.0
router bgp 100
neighbor 4.4.4.4 update-source-loopback 0
network 5.5.5.0 mask 255.255.255.0
exit
ip route 4.4.4.0 255.255.255.0 172.16.44.4
ip route 4.4.4.0 255.255.255.0 172.16.45.4
CONFIGURATION BGP CONFEDERATION

-
configure terminal
router bgp 100
bgp confederation identifier 200
bgp confederation peers 300
network 3.3.3.0 mask 255.255.255.0
neighbor 172.16.23.2. remote-as 400
CONFIGURATION BGP COMMUNITY

-
configure terminal
router bgp 200
neighbor 172.16.23.3 route-map SETCOMMUNITY out
neighbor 172.16.23.3 send-community
exit
route-map SETCOMMUNITY permit 10 (* 10 sequence numars default 10 dur)
match ip address 2
set community no-export
exit
route-map SETCOMMUNITY permit 20
exit
access-list 2 permit 2.2.2.0
CONFIGURATION BGP REDISTRIBUTE

-configure terminal
- router eigrp 10
- network 3.3.3.0
- redistirbute bgp 230
- redistiributed connected
- exit
- router bgp 230
neighbor 172.16.134.1 distribute-list 1 out

redistribute eigrp 10
exit
access-list 1 permit 2.2.2.0 0.0.0.255
CONFIGURATION BGP ROUTE DAMPENING

-
configure terminal
bgp dampening
bgp dampening half-life reuse suppress max-suppress
bgp dampening route-map route-map-name
clear ip bgp dampening [prefix-mask]
CONFIGURATION BGP ROUTE AGGREGATE

- router bgp 300
- aggregate-address 150.0.0.0 255.0.0.0
CONFIGURATION BGP ROUTE AGGREGATE WTHOUT AS-SET ARGUMENT
- router bgp 300
- aggregate-address 150.0.0.0 255.0.0.0 summary-only
*** - configure terminal
*** - router bgp 300
*** - aggregate-address 150.0.0.0 255.0.0.0 summary-only as-set
CONFIGURATION BGP ROUTE AGGREGATE WHILE SUPPRESING INDIVIDUAL ROUTES

- router bgp 300
- aggregate-address 150.0.0.0 255.0.0.0 suppress-map SUPPRESSR4 ( suppress yaplac
ak router yani router 4 )
- exit
- route-map SUPPRESSR4 permit 10
- match ip address 4
- exit
- access-list 4 permit 150.40.0.0 0.0.255.255
CONFIGURATION BGP CONDITIONAL ADVERTSEMENT AND ROUTE FILTERING
-
configure terminal
router bgp 300
neighbor 172.16.70.4(wan ipsi) advertise-map ADVERTISE non-exist-map NONEXIST
exit
route-map ADVERTISE permit
match ip address 3
exit
route-map NONEXIST permit 10
match ip address 30
-exit
CONFIGURATION BGP DISTRIBUTE LIST
-
configure terminal
access-list 1 deny 172.16.0.0 0.0.254.255
access-list 1 permit any
router bgp 100
neighbor 172.16.134.3 distiribute-list 1 out
** burda distribute list'i kendi lokalimizden dsar ckarken kullanyoruz out diyerek
CONFIGURATION BGP FILTER LIST

- router bgp 400
- neighbor 172.16.70.3 filter-list 1
- exit
- ip as-path access-list 1 deny _100_
- ip as-path access-list 1 permit .*
***(sadece As number 100den gelenlere izin verme gerisine izin ver demek anlamyo)
CONFIGURATION BGP PREFIX LIST
-configure terminal
- router bgp 500
- neighbor 172.16.56.6. prefix-list MYFILTER out
- exit
- ip prefix-list MYFILTER seq 5 deny 5.5.5.0/24
- ip prefix-list MYFILTER seq 10 permit 0.0.0.0/0 le 32
CONFIGURATION BGP ROUTE-MAP

-
configure terminal
router bgp 100
neighbor 172.16.56.6 route-map MYMAP in
exit
route-map MYMAP permit 10
match ip address 1
exit
route-map MYMAP permit 20
match ip address 2
exit
write
CONFIGURATION BGP WEIGHT

- router bgp 500

neighbor 172.16.56.6 route-map MODWEIGHT in
exit
route-map MODWEIGHT permit 10
match ip address
set weight 200
exit
route-map MODWEIGHT permit 20
CONFIGURATION BGP MED

Router 4
-
configure terminal
router bgp 100
neighbor 172.16.70.3 route-map MODMED out
exit
route-map MODMED permit 10
match ip address 1
set metric 1000
exit
Router 1
-
configure terminal
router bgp 100
neighbor 172.16.134.3 route-map MODMED out
exit
route-map MODMED permit 10
match ip address 1
set metric 2000
exit
CONFIGURATION BGP AS PATH

-configure terminal
- router bgp 300
- network 3.3.3.0 mask 255.255.255.0
- neighbor 172.16.134.1 route-map SET-AS-PATH out
- out
- access-list 1 permit 3.3.3.0 0.0.0.255
- route-map SET-AS-PATH permit 10
- match address 1
- set as-path prepend 300 300
- exit
- write
CONFIGURATION BGP DEFAULT-INFORMATION ORIGINATE
configure terminal
ip route 0.0.0.0 0.0.0.0 serial 0/0
router bgp 400
default-information originate
redistribute static
CONFIGURATION BGP PEER GROUP

-
configure terminal
router bgp 100
neighbor IBGPPEERS peer-group
neighbor IBGPPEERS remote-as 100
neighbor IBGPPEERS route-map INTERNAL out
neighbor IBGPPEERS filter-list 1 out
neighbor IBGPPEERS filter-list 2 out
neighbor IBGPPEERS next-hop-self
neighbor IBGPPEERS soft-reconfiguration in
neighbor IBGPPEERS update-source loopback 0
neighbor 4.4.4.4 peer-group IBGPPEERS
neighbor 1.1.1.1 filter-list 3 in
CONFIGURATION REDISTRIBUTE
-
configure terminal
router rip
redistribute ospf 1 metric 1
router ospf 100
default-metric 100
router eigrp 100
default-metric 10000 100 255 1 1500
write
CONFIGURATION REDISTRIBUTE EIGRP , OSPF , RIP

EIGRP
-
configure terminal
router eigrp 1
network 131.108.0.0
redistribute static
redistribute ospf 1
redistribute rip
redistribute isis
default-metric 10000 100 255 1 1500
OSPF
- network 131.108.0.0 0.0.255.255 area 0
- redistribute static metric 200 subnets
redistribute
redistribute
redistribute
redistribute
rip metric 200 subnets

igrp 1 metric 100 subnets
eigrp 1 metric 100 subnets
isis metric 10 subnets
RIP
-
configure terminal
router rip
network 131.108.0.0
redistribute static
redistribute igrp 1
redistribute eigrp 1
redistribute ospf 1
redistribute isis
default-metric 1
IS-IS
-
configure terminal
router isis
network 49.1234.1111.1111.1111.00
redistribute static metric 20
redistribute rip metric 20
redistribute igrp 1 metric 20
redistribute eigrp 1 metric 20
redistribute ospf 1 metric 20
CONFIGURATION SUMMARIZATION
-
configure terminal
ip address 10.1.5.1 255.255.255.0
ip summary-address eigrp 2000 134.17.32.0 255.255.255.128
CONFIGURATION OSPF ROUTE-MAP

-
configure terminal
route-map RIPONLY permit 10
match ip address 1
router ospf 1
redistribute rip route-map RIPONLYO
CONFIGURATION KEY CHANIN

-
configure terminal
key chanin ka1
key 1
key-string 234
interface ethernet 0/0
ip address 172.16.70.7 255.255.255.0
ip rip authentication key-chain ka1
CONFIGURATION OSPF AUTHENTICATION

Router 1
-
configure terminal
ip address 172.16.70.7 255.255.255.0
ip ospf authentication-key cisco
router ospf 2
network 172.16.70.0 0.0.0.255 area 0
area 0 authentication
Router 2
-
configure terminal
ip address 172.16.70.3 255.255.255.0
router ospf 2
network 172.16.70.0 0.0.0.255 area 0
area 0 authentication
CONFIGURATION OSPF MD5

Router 1
-
configure terminal
ip address 172.16.70.7 255.255.255.0
ip ospf message-digest-key 1 md5 cisco
router ospf 2
network 172.16.70.0 0.0.0.255 area 0
area 0 authentication message-digest
Router 2
-
configure terminal
ip address 172.16.70.3 255.255.255.0
ip ospf message-digest-key 1 md5 cisco
router ospf 2
network 172.16.70.0 0.0.0.255 area 0
area 0 authentication message-digest
CONFIGURATION RIP AUTHENTICATION

Router 1
- key chain ka1
- key 1
key-string
ip address 172.16.45.4 255.255.255.0
Router 2
-configure terminal
- key chain ka1
- key 1
- key-string 234
- ip address 172.16.45.5 255.255.255.0
- ip rip authentication key-chain ka1
CONFIGURATION RIP V2 MD5

Router 1
-
configure terminal
key chain ka1
key 1
key-string 234
ip address 172.16.45.4 255.255.255.0
ip rip authentication mode md5
router rip
version 2
network 172.16.0.0
Router 2
-
configure terminal
key 1
key-string 234
ip address 172.16.45.5 255.255.255.0
ip rip authentication mode md5
router rip
version 2
network 172.16.0.0
CONFIGURATION IS-IS AUTHENTICATION

Router 1
-
configure terminal
ip address 10.3.3.1 255.255.255.0
ip router isis
clns router isis
isis password SECr3t level-1
router isis
- network 49.1234.1111.1111.1111.00
- area-password tighter
- domain-password seCurity
Router 2
-
configure terminal
ip address 10.3.3.2 255.255.255.0
ip router isis
clns router isis
router isis
network 49.1234.2222.2222.2222.00
area-password tighter
domain-password seCurity
CONFIGURATION EIGRP MD5 AUTHENTICATION

Router 1
-
configure terminal
ip authentication mode eigrp 1 md5
ip authentication key-chain eigrp 1 thekey
key chain thekey
key 1
key-string 0987654321
accept-lifetime infinite
send-lifetime 04:00:00 dec 4 2008 infinite
Router 2
-
configure terminal
ip authentication mode eigrp 1 md5
ip authentication key-chain eigrp 1 thekey
key chain thekey
key 1
key-string 0987654321
accept-lifetime infinite
send-lifetime 04:00:00 dec 4 2008 infinite
CONFIGURATION BGP TCP MD5 AUTHENTICATION

Router 1
- router bgp 109
- neighbor 172.16.134.3 password abc123
Router 2
- router bgp 109
- neighbor 172.16.134.1 password abc123
CONFIGURATION CGMP ( CISCO GROUP MANAGEMENT PROTOCOL)

-
configure terminal
ip address 172.16.10.1 255.255.255.0
no ip redirects
ip pim sparse-mode
ip cgmp
CGMP CONFIGURATION ON SWTICH

- set cgmp enable
CGMP LEAVE CONFIGURATION ON SWTICH
- set cgmp leave enable
CONFIGURATION IGMP ON SWTICH
- set igmp enable | disable
PIM DENSE MODE:
- Cok az sayda alcnn olduu mode
- Multicast trafii cok youn
- Multicast trafii sabit
CONFIGURATION IP MULTICAST ROUTING
- ip multicast-routing
CONFIGURATION PIM SENSE AND DENSE MODE (PROTOCOL INDEPENDENT MULTICAST)
- interface ethernet 0/0
- ip pim sparse-dense-mode
CONFIGURATION NTP
Router 1 ( Server NTP)
-
configure terminal
ntp master
int ethernet 0/0
ntp broadcast
Router 2 (Client NTP)

- ntp update-calendar
- ntp server 172.16.70.7 prefer (ncelikli server)
- ntp server 172.16.70.3

Router 3 ( Server NTP)
-
configure terminal
ntp master
ntp broadcast
CONFIGURATION NTP AUTHENTICATION

Router 1
-
configure terminal
ntp authentication
ntp authentication-key 10 md5 ticktock
ntp trustep-key 10
ntp update-calendar
ntp peer 172.16.70.7
Router 2
-
configure terminal
ntp authentication
ntp authentication-key 10 md5 ticktock
ntp trusted-key 10
ntp update-calendar
ntp peer 172.16.70.3
CONFIGURATION NTP TIMEZONE

-
configure terminal
clock timezone PST -8
clock summer-time PDT recurring
ntp update-calendar
ntp server 172.16.70.3
ntp server 172.16.70.7
ntp broadcast
exit
CONFIGURATION STATIC NAT

-
configure terminal
ip nat inside source static 10.55.55.100 172.16.55.100
ip address 10.55.55.5 255.255.255.0
ip nat inside
ip address 172.15.56.5 255.255.255.0
ip nat outside
CONFIGURATION DYNAMC NAT

ip nat pool dyn-nat 172.16.55.1 172.16.55.254 netmask 255.255.255.0

ip nat inside source list 1 pool dyn-nat
ip address 10.55.55.5 255.255.255.0
ip nat inside
ip address 172.16.56.5 255.255.255.0
ip nat outside
exit
CONFIGURATION HSRP FOR ISL LINK

Router 1
-
configure terminal
interface fastethernet 1/1.10
encapsulation isl 10
ip address 172.16.10.2 255.255.255.0
standby 1 ip 172.16.10.110
standby priority 105
standby 1 preempt
ip address 172.16.20.2 255.255.255.0
standby 2 ip 172.16.20.120
standby 2 priority 50
Router 2
-
configure terminal
ip address 172.16.10.3 255.255.255.0
standby 1 ip 172.16.10.110
standby priority 50
ip address 172.16.20.3 255.255.255.0
standby 2 ip 172.16.20.120
standby 2 priority 105
standby 2 preempt
- preempt komutu : aktive routern down olup yeniden aktive olmasna salayan komut
- priority : celiklendirme iin kullanlan deer
CONFIGURATION HSRP TER ( Trunking External Router )

- interface ethernet 0/0
- standby 70 track s0/0 50
COMFIGURATION HSRP AUTHENTICATION

-
configure terminal
standby 70 authentication word
exit
CONFIGURATION TIME-BASED ACCESS-LIST

-
configure terminal
time-range no-http
periodic weekdays 8:00 to 18:00
time-range udp-yes
periodic weekend 12:00 to 20:00
ip access-list extended strict
deny tcp any any eq http time-range no-http
permit udp any any time-range udp-yes
ip access-group strict in
CONFIGURATION LOCK AND KEY

-
configure terminal
access-list 100 permit tcp any host 152.16.66.2 eq telnet
access-list 100 dynamic LOCKANDKEY timeout 10 permit tcp any any
username it-user password cisco
interface fastethernet 0/0
ip access-group 100 in
exit
line vty 0 4
login local
autocommand access-enable host timeout 5
CONFIGURATION CONTENT BASED ACCESS CONTROL

-configure terminal
- ip inspect name FIREWALL http
- ip inspect name FIREWALL ftp
- ip inspect name FIREWALL smtp
- ip inspect name FIREWALL netshow
- ip inspect name FIREWALL h323
- ip inspect name FIREWALL tcp
- ip inspect name FIREWALL udp
- ip inspect name FIREWALL http java-list 10
- access-list 10 deny any
- access-list 100 permit icmp any any echo-reply
- access-list 100 permit icmp any any time-executed
- access-list 100 deny ip any any log
- ip inspect FIREWALL out
- ip access-group 100 in
CONFIGURATION IPSEC
-
configure terminal
crypto isakmp policy 1
hash md5
authentication pre-shared
encryption 3des
group 2
exit
crypto isakmp key ciscoCCIE address 172.16.134.4 255.255.255.0
crypto ipsec transform-set TSET esp-3des ah-md5-hmac
mode tunnel
exit
access-list 100 permit ip host 172.16.134.3 host 172.16.134.4
crypto map MYMAP ipsec-isakmp
set peer 172.16.134.4
set transform-set TSET
match address 101
exit
crypto map MYMAP
CONFIGURATION VOIP POTS DIAL-PEER

-
configure terminal
dial-peer voice 1 pots
destination-pattern 7777
port 1/0/0
CONFIGURATION VOIP DIAL-PEER

-
configure terminal
dial-peer voice 2 voip
session target ipv4: 172.16.14.1
CONFIGURATION END TO END VOIP

Router1
-
configure terminal
port 1/0/0
Router 2
-
configure terminal
port 1/0/1
- destination-pattern 4000
- session target ipv4: 172.16.14.4
CONFIGURATION PRIVATE LINE AUTO RINGDOWN
Router 1
-
configure terminal
connection plar 5600
exit
destination-pattern 5...
Router 2
-
configure terminal
port 1/1
*** NUMBER EXPANSION

- num-exp 444 5551234
CONFIGURATION PRIORITY QUEUNING
-
configure terminal
access-list 101 permit udp any any range 16384 32768
access-list 101 permit tcp any any eq 1720
priority-list 1 protocol ip high list 101
priority-list 1 default medium
priority-group 1

CCIE Command

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

CCIE Command

Hochgeladen von

Copyright:

Verfügbare Formate

Frame Relay configuration

- swtichport trunk native vlan 1

- channel-group 1 mode auto

priority set to 24576

SECONDARY ROOT BRIDGE

spanning-tree vlan 20 hello-time 1

CONFIGURE PATH COST

**** Global Level ****

CONFIGURE STUB NETWORK EIGRP

router eigrp 100

CONFIGURE OSPF DR/BDR ELECTION

''Area 4 Stub'' routerlar arasnda type 5 bilgilerinin gitmesini engelliyor. Yani

- network 192.168.0.0 0.0.0.255 area 0

- router ospf 100

====== > command line

BGP tcp port 170 kullanyor

CONFIGURATON ROUTE-REFLECTOR ON BGP

CONFIGURATION EBGP LOAD BALANCING

CONFIGURATION BGP CONFEDERATION

CONFIGURATION BGP COMMUNITY

CONFIGURATION BGP REDISTRIBUTE

neighbor 172.16.134.1 distribute-list 1 out

CONFIGURATION BGP ROUTE DAMPENING

CONFIGURATION BGP ROUTE AGGREGATE

CONFIGURATION BGP ROUTE AGGREGATE WHILE SUPPRESING INDIVIDUAL ROUTES

CONFIGURATION BGP FILTER LIST

CONFIGURATION BGP ROUTE-MAP

CONFIGURATION BGP WEIGHT

neighbor 172.16.56.6 remote-as 600

CONFIGURATION BGP MED

CONFIGURATION BGP AS PATH

CONFIGURATION BGP DEFAULT-INFORMATION ORIGINATE

CONFIGURATION BGP PEER GROUP

CONFIGURATION REDISTRIBUTE EIGRP , OSPF , RIP

rip metric 200 subnets

CONFIGURATION OSPF ROUTE-MAP

CONFIGURATION KEY CHANIN

CONFIGURATION OSPF AUTHENTICATION

CONFIGURATION OSPF MD5

CONFIGURATION RIP AUTHENTICATION

CONFIGURATION RIP V2 MD5

CONFIGURATION IS-IS AUTHENTICATION

CONFIGURATION EIGRP MD5 AUTHENTICATION

CONFIGURATION BGP TCP MD5 AUTHENTICATION

CONFIGURATION CGMP ( CISCO GROUP MANAGEMENT PROTOCOL)

CGMP CONFIGURATION ON SWTICH

Router 2 (Client NTP)

- ntp server 172.16.70.3

CONFIGURATION NTP AUTHENTICATION

CONFIGURATION NTP TIMEZONE

CONFIGURATION STATIC NAT

CONFIGURATION DYNAMC NAT

ip nat pool dyn-nat 172.16.55.1 172.16.55.254 netmask 255.255.255.0

CONFIGURATION HSRP FOR ISL LINK

CONFIGURATION HSRP TER ( Trunking External Router )

COMFIGURATION HSRP AUTHENTICATION

CONFIGURATION TIME-BASED ACCESS-LIST

CONFIGURATION LOCK AND KEY

CONFIGURATION CONTENT BASED ACCESS CONTROL

CONFIGURATION VOIP POTS DIAL-PEER

CONFIGURATION VOIP DIAL-PEER

CONFIGURATION END TO END VOIP

*** NUMBER EXPANSION

Global Level