BSCI commando’s:
Algemeen:
Setup Clockrate:
int s0/0
clock rate 64000
Bandwidth Setup (virtueel kan gebruikt worden voor o.a. QoS):
int s0/0
bandwidth 64000
EIGRP Commando’s:
EIGRP Instellen:
router eigrp <AS>
network <ip>
Show EIGRP topology:
show ip eigrp topology
Disable IP CEF: For eigrp load balancing
no ip cef
OSPF:
Setup OSPF:
router ospf <processid>
network <ip> <reverse subnet> area <area>
Full subnet shown:
int Loopback0
ip ospf network point-point
Modify Cost:
int fa0/0
ip ospf cost 50
Stub area:
router ospf 1
area 23 stub
Fully stubby area:
router ospf 1
area 23 stub no-summery
No so stubby area:
router ospf 1
no area 23 nssa
redistrubyte connected subnets
Default Metric:
R2(config)# router ospf 1
R2(config-router)# default-metric 10000
Change metric type:
R2(config)# router ospf 1
R2(config-router)# redistribute rip sub metric-type 1
Redist OSPF In rip:
R2(config)# router ospf 1
R2(config-router)# no default-information originate always
R2(config-router)# redistribute rip
% Only classful networks will be redistributed
Avoid subnets:
R2(config)# router ospf 1
R2(config-router)# redistribute rip subnets
Authentication:
int s0/0
ip ospf authentication
ip ospf authentication-key password
Authentication MD5:
int s0/0
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 password
Virtual Link:
router ospf 1
area 23 virtual-link <ip>
Setup Clockrate:
int s0/0
clock rate 64000
Bandwidth Setup (virtueel kan gebruikt worden voor o.a. QoS):
int s0/0
bandwidth 64000
Setup OSPF:
router ospf 1
area <area> range <network> <subnet>
Default route in OSPF:
router ospf 1
default-information orginate always
RIP:
Setup:
router rip
version 2
no auto-summary
network ….
Passive interface:
router rip
passive-interface <int>
Redist OSPF in RIP:
router rip
redistribute ospf 1 metric 4
BGP:
Setup:
ISP1(config)#router bgp <as>
ISP1(config-router)#neighbor <ip> remote-as <as>
ISP1(config-router)#network <network> mask <subnet>
Setup IBGP
SanJose1(config)#router bgp <AS>
SanJose1(config-router)#neighbor <loopback remote> remote-as <as>
SanJose1(config-router)#neighbor <loopback remkote> update-source lo0
Routemap:
SanJose1(config)#route-map PRIMARY_T1_IN permit 10
SanJose1(config-route-map)#set local-preference 150
SanJose1(config-route-map)#exit
SanJose1(config)#router bgp 64512
SanJose1(config-router)#neighbor 192.168.1.5 route-map PRIMARY_T1_IN in
Fix:
router bgp <as
bgp router-id <beschikbaar IP>
router bgp <as>
no auto-summary
no synchronisation
Apply Routemap
router bgp <as>
neigbor <ip> route-map <map> in / out
ISCW:
VPN GRE:
R1(config)# int tunnel0
R1(config-if)# tunnel source serial0/0/0
R1(config-if)# tunnel destination 192.168.23.3
R1(config-if)# ip address 172.16.13.1 255.255.255.0
R3(config)# int tunnel0
R3(config-if)# tunnel source serial0/0/1
R3(config-if)# tunnel destination 192.168.12.1
R3(config-if)# ip address 172.16.13.3 255.255.255.0
Routing over tunnel:
R1(config)# router eigrp 2
R1(config-router)# no auto-summary
R1(config-router)# network 172.16.0.0
Intresting traffic:
R1(config)# access-list 101 permit gre host 192.168.12.1 host 192.168.23.3
VPN Site-to-Site:
Enable;
crypto isakmp enable
Create isakmp:
R1(config)# crypto isakmp policy 10
R1(config-isakmp)# authentication pre-share
R1(config-isakmp)# encryption aes 256
R1(config-isakmp)# hash sha
R1(config-isakmp)# group 5
R1(config-isakmp)# lifetime 3600
Show isakmp:
show crypto isakmp policy
Config pre-shared keys:
R1(config)# crypto isakmp key cisco address 192.168.23.3
Setup Transformset:
R1(config)# crypto ipsec transform-set 50 esp-aes 256 esp-sha-hmac ah-sha-hmac
R1(cfg-crypto-trans)# exit R1(config)#
Setup Time Alive:
R1(config)# crypto ipsec security-association lifetime seconds 1800
ACL Intresant traffic:
R1(config)#0.0.0.255
Create cryptomap:
R1(config)# crypto map MYMAP 10 ipsec-isakmp
% NOTE: This new crypto map will remain disabled until a peer
and a valid access list have been configured.
R1(config-crypto-map)# match address 101
R1(config-crypto-map)# set peer 192.168.23.3
R1(config-crypto-map)# set pfs group5
R1(config-crypto-map)# set transform-set 50
R1(config-crypto-map)# set security-association lifetime seconds 900
Apply Cryptomap to interface:
R1(config)# interface fastethernet0/0
R1(config-if)# crypto map MYMAP
*Jan 17 04:09:09.150: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is ON
Tags: Cisco