Beruflich Dokumente
Kultur Dokumente
********************************************************************************
**************************************************************
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
********************************************************************************
**************************************************************
PRIVATE VLAN CONFIGRATION
vtp mode transparent
vlan 200
private-vlan primary
vlan 205
private-vlan community
vlan 210
private-vlan isolated
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------vlan 200
private-vlan association 205,210
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Show private-vlan type
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------interface fa 4/24
switchport mode private-vlan host
switchport private-vlan host-association 200 205
interface fa 4/25
switchport mode privte-vlan host
switchpoert private-vlan host association 200 205
interface fa 4/24
switchport mode private-vlan host
switchport privte-vlan host association 200 210
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------interface fa 4/27
switchport mode private-vlan promiscious
switchport private-vlan map 200 205,210
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------show vlan private-vlan
********************************************************************************
**************************************************************
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
********************************************************************************
**************************************************************
Multilayer Inter-vlan Switching
interface vlan 10
ip add 10.1.1.1 255.255.255.0
no shut
interface vlan 20
ip add 10.1.2.1 255.255.255.0
no shut
ip routing
********************************************************************************
**************************************************************
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
********************************************************************************
**************************************************************
Ether-Channel PAGP(Cisco Prop.) Auto/Desirable/On
Layer 2 Ether-channel
interface range fa 0/1-4
channel-protocol pagp
channel-group 1 mode desirable
show etherchannel
show etherchannel summary
show etherchannel details
Layer 3 Ether-channel
interface range fa 0/1-4
channel-protocol pagp
channel group 1 mode desirable
int port-channel 1
no switch-port
ip add 10.1.1.1 255.255.255.0
show etherchannel
show etherchannel summary
show etherchannel details
********************************************************************************
**************************************************************
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
********************************************************************************
**************************************************************
Ether-Channel LACP 802.3 AD Passive/Active/On
Layer 2 Ether-channel
interface range fa 0/1-4
channel-protocol lacp
channel-group 1 mode active
show etherchannel
show etherchannel summary
show etherchannel details
Layer 3 Ether-channel
interface range fa 0/1-4
channel-protocol lacp
channel group 1 mode active
int port-channel 1
no switch-port
ip add 10.1.1.1 255.255.255.0
show etherchannel
show etherchannel summary
show etherchannel details
********************************************************************************
**************************************************************
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
********************************************************************************
**************************************************************
PER VLAN STP
Can helps in load balancing
spanning-tree vlan 2 root primary
spanning-tree vlan 3 root secondary
spaning-tree vlan 4 priority
spaning-tree portfast
spanning-tree bpduguard enable
if recived port become errdisable
spanning-tree guard root
port become secure
if sombody try to become root bridge on this port it will
show as inconsistant port
show spanning-tree
********************************************************************************
**************************************************************
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
********************************************************************************
**************************************************************
STP 802.1 D
Bridge ID = Priority(32768) + MAC Add
100mbps = 19
10mbps = 100
1gbps = 4
10gbps = 2
BPDU every 2 second
Listening send/recive BPDU Forward delay 15 second
Learning MAC add/CAM Table 15 seconds
Forwarding
Blocking Max age 20 seconds
********************************************************************************
**************************************************************
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
********************************************************************************
**************************************************************
RSTP 802.1 W
Discarding
Learning
Forwarding
Root Port
Designated Port
Alternate Port
Edge Port(Port Fast)
********************************************************************************
**************************************************************
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
********************************************************************************
**************************************************************
To secure telnet session(SSH only)
ip domain arjun.com
crypto key generate rsa
line vty 0 4
login
transport input ssh
********************************************************************************
**************************************************************
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
********************************************************************************
**************************************************************
HSRP (Cisco Prop.)
Hello 3 second Hold 10 second
Standby or Active Router
Virtual IP/Mac add
Tunning
Priority
Preempt
Tracking
Timers
0000.0c07.acxx
interface vlan 70
standby 1 ip (virtual ip)
standby 1 priority 150(higher is better 100 is default)
show standby
interface vlan 70
standby 1 preempt
standby 1 tracking fa 0/23(down int) 60(decrease priority)
standby 1 timers 1 3(second, miliseconds)
********************************************************************************
**************************************************************
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
********************************************************************************
**************************************************************
VRRP
Hello 1 Hold 3
Master/Backup
Master can share virtual IP
skew timer = 256-priority/256
interface fa 0/0
vrrp 20 ip 172.30.4.90(virtual)
vrrp 20 preempt
vrrp timers advertise msec 100
show vrrp
********************************************************************************
**************************************************************
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
********************************************************************************
**************************************************************
GLBP(Cisco Prop.)
Single Virtual IP with multiple mac add
AVG Active Virtual Gateway
AVF Active Virtual Forwarder
Round Robin one by one mac add will go to forwar
Host dependent will bind the host to mac
interface fa 0/0
glbp 1 priority 150
glbp timers
glbp 1 weighting
glbp 1 load-balancing
********************************************************************************
**************************************************************
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
********************************************************************************
**************************************************************
SITE TO SITE CLI VPN CONFIG
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Set up isakmp policy(for IKE Phase-I)
crypto isakmp policy 50
authentication pre-share
encryption aes 128
group 2
hash sha
lifetime(leave default)
crypto isakmp key 0 arjun!! address 71.209.254.34 no-xauth
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Set up ipsec transform set(Phase-II)
crypto ipsec transform-set DEMO esp-aes 128 esp-sha-hmac
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Define Traffic
ip access-list extended Traffic
permit ip 172.30.0.0 0.0.255.255 192.168.1.0 0.0.0.255
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Set up crypto map
crypto map VPNMAP 10 ipsec-isakmp
set peer 71.209.254.34
match address Traffic
set transform-set DEMO
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Assign crypto map to interface
int fa 0/0
crypto mapVPNMAP
show crypto isakmp sa
show crypto ipsec sa
Note:- disable nat translation
********************************************************************************
**************************************************************
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
********************************************************************************
**************************************************************
GRE Tunnel
First Router
interface tunnel 0
ip add 10.5.1.2 255.255.255.0
tunnel source s 0/0/0
tunnel destination 41.95.109.2
tunnel mode gre ip
Second Router
interface tunnel 0
ip add 10.5.1.1 255.255.255.0
tunnel source s 0/0/0
8 bit
6 bit - DSCP
3 bit - ToS IP Prec.
********************************************************************************
**************************************************************
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
********************************************************************************
**************************************************************
Wireless Security
1997 - WEP wireless equilent privacy
2001 - 802.1x EAP Extension Authentication Protocol
2003 - WPA Wi Fi Protected Access
2004 - WPA2 IEEE 802.11I
Power Over Ethernet
802.3 AF
********************************************************************************
**************************************************************
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
********************************************************************************
**************************************************************
DHCP IOS BASED
ip dhcp-server 10.1.1.1
ip dhcp exclude-address 10.1.1.1 10.1.1.19
ip dhcp pool ABC_Subnet
network 10.1.1.0/24
domain-name ABC.COM
dns-server 10.1.1.10 10.1.1.11
netbios-name-server 10.1.1.10
default-router 10.1.1.1
option 150 ?
ip dhcp database tftp://10.1.1.50 dhcp-bindings.text
ip dhcp database tftp://10.1.1.50 dhcp-bindings.text write-delay 180
Client
int fa 0/0
ip add dhcp
show ip dhcp binding
To import the dhcp settings from isp
ip dhcp pool ABC_Subnet
import all
IP Helper add
int fa 0/0
ip helper-add 10.1.1.50
no ip forward-protocol udp 37
no ip forward-protocol udp 137
UDP Ports
37 Time
49 TACACS
53 DNS
67 DHCP Server
68 DHCP Client
69 TFTP
137 Netbios Name Service
138 Netbios Datagrame Service
********************************************************************************
**************************************************************
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
********************************************************************************
**************************************************************
EIGRP
Backup Routes (Fast Convergence)
Simple configuration
Flexibility in summarization
Unequal cost load balancing
Combine best of distance vector and link state
Support Multiple Network Protocol
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Neighbor Table
Topology Table
Routing Table
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------FD Full Distance
AD Advertise Distance
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Successor
Feasible Successor
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Active Route
Passive Route
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------To be considered a feasible successor AD must be less than FD(AD<FD)
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------HELLO :-Forms relationship
UPDATE :- Sends update
QUERY :- Ask about routes
REPLY :- Response to a query
ACK :- Ack the update, query, reply
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Bandwidth
Delay
Relability
Load
MTU
Metric Formula
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------EIGRP query process
send query update every 5 second
dowtime 15 second
query message reply wait for 3 minutes
********************************************************************************
**************************************************************
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
********************************************************************************
**************************************************************
OSPF
IP Protocol 89
Neighbor Table
Topology Table
Routing Table
Use Dijkstra SPF
Send triggered update
Send periodic update
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ABR Router
ASBR Router
Backbone Router
All areas must connect to area 0
All routers in an area have the same topology table
Localize update within area
Require a hierarchical design
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ROUTER ID
1) Determine Router ID
DOWN STATE
2)Add interfaces to the
3)Send hello message on
once every 10 second on
once every 30 second on
Router ID
Hello & Dead Timers*
Network Mask*
Area ID*
Neighbor
Router Priority
DR/BDR
Authentication*
INITIAL STAGE
4)Recive hello
check hello/dead
check netmask
check area id
check Authentication
TWO WAY STAGE
5)Send reply Hello
am i listed as as neighbor in your hello packet
if yes reset dead timers
if no add as new neighbor
EX-START STAGE
6) Master - Slave relationship determine
determined by priority
master sends data base desription (DBD) packets Cliff Notes
slave send DBD packet
LOADING STAGE
7)DBD are acknowledge and reviewed
slave request details(LSR)
master sends update(LSU)
master request details
slave sends update
FULL STAGE
8)Neighbor are synchronized
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Config OSPF
router ospf process id
Network 10.0.0.0 0.0.0.0 area 0
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Cost = Reference bandwidth/Interface bandwidth
int fa 0/0
ip ospf cost 10000
auto-cost refernce-bandwidth 10000
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
access-list 50
deny 10.1.1.1
permit any
route-map Filter
match ip add 50
sh access-list
sh route-map
redistribute connected route-map Filter
sh ip bgp
BGP next hop processing
neighbor 1.1.1.1 next-hop-self
Peer Group ibgp will have full mesh with all ibgp peers
neighbor IBGP_PEER peer group
Neighbor IBGP_PEER remote-as 5500
Neighbor IBGP_PEER next-hop-self
Neighbor IBGP_PEER update-source loopback 1
neighbor 3.3.3.3 peer group IBGP_PEER
neighbor 4.4.4.4 peer group IBGP_PEER
neighbor 2.2.2.2 peer group IBGP_PEER
BGP spilt horizon dont send the update via ibgp to other ibgp peers
sh ip bgp summary
sh ip bgp
How BGP neighbor forms
Idle :- verifying route to neighbor
Active :- Attempting to connect to neighbor
Open Sent :- Open message Hello sent
Open Confirm :- Neighbor replied with open mesage
Active :- Neighbor fail
Establish :------------------------------How BGP Finds the best path
0. Ignore routes with inaccessible next hop address
1. Prefer the path with the highest weight(Cisco Prop.).
2. Prefer the path with highest local preference
3. Prefer the path that was locally originated via a network command
4. Prefer the path with the shortest AS path
5. Prefer the path with lowest origin type
6. Prefer thw path with the lowest multi-exit discriminator(MED)
7. Prefer eBGP over iBGP
8. Prefer the path with the lowest IGP metric to the BGP nest hop.
9. Determine if multiple path require installation in the routing table for BGP
Multipath.
10. When both paths are external prefer the path that was recived first(the olde
st one).
11. Prefer the route that comes from the BGP router with the lowest router ID.
12. If originator or router ID is tha same for multiple path, prefer the path wi
th the minimum cluster list lenght.
13. Prefer the path that comes from the lowest neighbor address.
BGP Tuning Attributes
Weight
router bgp 6500
neighbor 10.1.13.2 weight 500
To shut down all neighbor commands per inter
neighbor 10.1.13.2 shut-down
Local Pref(Local only in same AS)
router bgp 6500
default local-pref 200
********************************************************************************
**************************************************************
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
********************************************************************************
**************************************************************
Default Administrative Distance
Connected
0
Static
1
Eigrp Summary
5
EBGP
20
EIGRP INTERNAL
90
IGRP
100
OSPF
110
ISIS
115
RIP
120
ODR
160
EIGRP External
170
IBGP
200
Unreachable
255
********************************************************************************
**************************************************************
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
********************************************************************************
**************************************************************