networking

NETWORKING

CONFIGURATION PACKAGE

IP MAPPING

R1(config)#ip host HR 1.1.1.1

(HR name will be assign to IP address)

ACL

Standard

R1(config)#access-list 2 permit /deny 200.100.50.0

Extended

R1(config)#access-list 2 deny/permit tcp 200.100.50.5 0.0.0.0

200.100.100.100 0.0.0.0 eq telnet /port num

STATIC NAT

Static

R1(config)#ip nat inside source static 192.168.1.1 1.1.1.2

APPLY

R1(config)#int fa0/0

R1(config)#ip nat inside

R1(config)#exit

DYNAMIC NAT

Make access list first then configure NAT (access list 10)

R1(config)#ip nat pool corvit 1.1.1.1 1.1.1.3 netmask 255.0.0.0

R1(config)#ip nat inside source list 10 pool corvit (1)

APPLY


R1(config)#ip nat inside

R1(config)#ex

PAT

It is very similar to dynamic NAT the difference is that :in configuring dynamic nat

we type OVERLOAD in eq 1 shown above….

Applying method remain same as dynamic nat..

LAYER 2 SWITCHING CONFIGURATION

SW(CONFIG)#ip routing (to make layer 2 switch use as layer 3 switch MLS)

SW(CONFIG)#no switchport (this command is given to make switchport routed

port)

TRUNK FORMATION

SW(CONFIG)#INT FA0/1

SW(CONFIG)#SWITCHPORT TRUNK ENCAPSULATION DOT1Q/ISL/NEGOTIABLE

SW(CONFIG)#SWITCHPORT MODE ACCESS/TRUNK

STATIC TRUNK

SW(CONFIG)#INT FA0/1

SW(CONFIG)#SWITCHPORT TRUNK ENCAPSULATION DOT1Q

SW(CONFIG)#SWITCHPORT MODE TRUNK

SW(CONFIG)#SWITCHPORT NONEGOTIATE( TO DISABLE DTP)

To reverse the static trunk the command is

SW(CONFIG)#no switchport nonegotiate

VTP PRUNNING

SW(CONFIG)#int fa0/1

SW(CONFIG)#switchport trunk prunning vlan 10,20

To add more vlan in existing

SW(CONFIG)#switchport trunk prunning vlan add/delete

PRIVATE VLAN

SW(CONFIG)#vtp mode transparent

SW(CONFIG)#vlan 100

SW(CONFIG)#private- vlan primary

SW(CONFIG)#ex

SW(CONFIG)#vlan 101

SW(CONFIG)#private- vlan community

SW(CONFIG)#ex

SW(CONFIG)#vlan 102

SW(CONFIG)#private vlan isolated

SW(CONFIG)#ex

SW(CONFIG)#vlan 100

SW(CONFIG)#private-vlan association 100-102

SW(CONFIG)#ex

SW(CONFIG)#int fa0/5,7

SW(CONFIG)#switchport mode private-vlan host

SW(CONFIG)#switchport private-vlan host-association 100

SW(CONFIG)#switchport private-vlan host-association 100 101

FOR PROMISCOUS PORT

SW(CONFIG)#INT FA0/15-19

SW(CONFIG)#switchport mode private-vlan promiscuous

SW(CONFIG)#switchport private vlan mapping 100 (primary) 101-

102(secondary)

SW(CONFIG)#ex

SWITCH VIRTUAL INTERFACE

SW(CONFIG)#interface vlan (number)

SW(CONFIG)#ip add ……….

SW(CONFIG)#ex

LAYER 2 REDUNDANCY CONFIGURATION

PVST

SENDER SIDE


SW(CONFIG)#spanning tree vlan 10,20 port id/port priority

RECEIVER SIDE


SW(CONFIG)#spanning tree vlan 10,20 cost ?

STP STABILITY

STP PORT FAST

1. BPDU GUARD

2. BPDU FILTER

(they are used for access ports )


SW(CONFIG)#spanning tree portfast

SW(CONFIG)#spanning tree bpduguard enable

(to disable manulally error disable state)

SW(CONFIG)#shutdown

SW(CONFIG)#no shutdown

(using timer)

SW(CONFIG)#errdisable rec cause bpduguard

SW(CONFIG)# errdisable recovery interval time ?

BPDU FILTER


SW(CONFIG)#spanning tree bpdufilter enable

SW(CONFIG)#exit

ROOT GUARD

(IT IS USED FOR THE SAFETY OF ROOT BRIDGE APPLY ON TRUNK LINK)


SW(CONFIG)#spanning tree root quard

SW(CONFIG)#ex

STP CONVERGENCE TIME

1.UPLINK FAST (DETECT DIRECT LINK FAILURE)

2.BACKBONE FAST (DETECT THE INDIRECT LINK FAILURE)

SW(CONFIG)#spanning-tree uplinkfast

SW(CONFIG)#spanning-tree backbone fast

LOGICAL LINK AGGREGATION

PAGP(cisco)

SW(CONFIG)#int fa0/1-4

SW(CONFIG)#channel-group 1 mode desirable

SW(CONFIG)#int fa 0/1-4

SW(CONFIG)#channel-group 1 mode auto

LACP(IEEE)


SW(CONFIG)#channel-group 2 mode active


SW(CONFIG)#channel-group 2 mode passive

SW(CONFIG)#int port –channel 2

SW(CONFIG)#spannig-tree vlan 1 cost ?

LAYER 3 REDUNDANCY CONFIGURATION

FHRP(FIRST HOPE REDUNDANCY PROTOCOL)

1.HSRP(HOT STANDBY ROUTING PROTOCOL)

R1(CONFIG)#int fa0/1

R1(CONFIG)#standby (group no) priority (num)

R1(CONFIG)#standby (group no) ip (getaway for group)

R1(CONFIG)#do sh standby bri (info in table )

R1(CONFIG)#do sh standby (info in paragraph)

HSRP TRACKING


R1(config)#standby 1 preempt


R1(config)#standby 1 track serial 2/0 60

R1(config)#ex

OSPF CONFIGURATION METHODS

1.PER NETWORK/PER SUBNET

R1(config)#ROUTER OSPF 1

R1(config)#network 1.0.0.0 0.255.255.255 area 0

2.PER INTERFACE

1.per ip address

R1(config)#router ospf 1

R1(config)#net 22.22.22.22 0.0.0.0 area 0

2.direct configuration on interface

R1(config)#int s2/0

R1(config)#ip ospf 1 area 0

3.PER PLATFORM (GLOBALLY ENABLE)


R1(config)#network 0.0.0.0 255.255.255.255 area 0

R1(config)#ex

2.VRRP(VIRTUAL ROUTER REDUNDANCY PROTOCOL)


R1(config)#vrrp 1 priority ?

R1(config)#vrrp 1 ip (ip address)

R1(config)#end

VRRP TRACKING

In it we have object tracking implement like ACL.while in HSRP there is interface

and object tracking.for tracking, election is done on priority not by virtual ip

address criteria…

R1(config)#track 1 interface s2/0 ip routing

Or

R1(config)#track 1 interface s2/0 line-protocol

R1(config)#end

R1(config)#vrrp 1 track 1 ?

R1(config)#vrrp 1 track 1 dec 100 (example)

3.GLBP(GETAWAY LOAD BALANCING PROTOCOL)

it is an advance form of hsrp..in it we use object tracking.


R1(config)#glbp 1 prioritity (num)

R1(config)#glbp 1 ip (ip address)

R1(config)#end

GLBP TRACKING

R1(config)#track 1 int s2/0 line-protocol

R1(config)#end


R1(config)#glbp 1 weighting track 1 dec 20

R1(config)#glbp 1 weighting 110 lower 95 upper 105 (example)

GLBP AUTHENTICATION


R1(config)#glbp 1 authentication ?

R1(config)#end

REDISTRIBUTION (EXTERNAL ROUTES TO OSPF)


R1(config)#redistribution static subnets metric-type 1 (configure metric type E2

or E1)

R1(config)#redistributre static subnets metric-type 1 metric (num)

(configure seed metric )

ALLOWED VLAN CONCEPT

R1(config)#int fa0/1-2

R1(config)#switchport trunk allowed vlan 1,10,20

R1(config)# switchport trunk allowed add vlan ? (to add vlan in existing

vlans shown in above command)

POLICY BASED ROUTING

After making ACL

1.ROUTE MAP

R1(config)#route-map (name) permit/deny (num)

R1(config)#match ip address (ACL)

R1(config)#set clauses

(Similarly more sequences is made according to requirement)

APPLICATION


R1(config)#redistribute static subnets route-map (name) (example)

R1(config)#end

SECURITY

MAC FLOODING ATTACK

SW(CONFIG)#int fa 0/5

SW(CONFIG)#switchport mode access (mode should be access )

SW(CONFIG)#switchport port-security max ?

SW(CONFIG)#switchport port-security mac address ?

Sticky or static

SW(CONFIG)#switchport port-security violation ?

VOICE VLANS

SW(CONFIG)#vlan 10,20

SW(CONFIG)#vlan 10

SW(CONFIG)#name voice

SW(CONFIG)#vlan 20

SW(CONFIG)#name data

SW(CONFIG)#end

SW(CONFIG)#int range fa0/1-4

SW(CONFIG)#switchport host

SW(CONFIG)#switchport access vlan 20

SW(CONFIG)#switchport voice vlan 10

SW(CONFIG)#end

Virtual access control list(VACL)

(one ACL at a time apply on one interface)

SW(CONFIG)#access-list 6 permit 10.0.0.4 0.0.0.0

SW(CONFIG)#vlan access-map UMER 10

SW(CONFIG)#match ip add 6

SW(CONFIG)#action drop

SW(CONFIG)#vlan access-map UMER 20

SW(CONFIG)#action forward

SW(CONFIG)#ex

SW(CONFIG)#vlan filter UMER vlan-list 30,40

RSTP(RAPID SPANNING TREE PROTOCOL)

(DR and BDR selection is done in it)


SW(CONFIG)#ip ospf priority 0 (router will not take action in bdr and

dr elction

SW(CONFIG)#ip ospf priority 200 (DR)

SW(CONFIG)#ip ospf priority 100 (BDR)

SW(CONFIG)#end

SW(CONFIG)#do debug ip ospf adj (show the results in runtime)

REGULAR AREA CONFIGURATIONS

STUBY AREA

SW(CONFIG)#ROUTER OSFP 1

SW(CONFIG)#AREA 1 STUB

TOTALLY STUBY AREA

It is implemented on ABR only because LSA-3 is generated by it.

SW(CONFIG)#ROUTER OSPF 1

SW(CONFIG)#AREA 1 STUB NO-SUMMARY

NSSA

SW(CONFIG)#router ospf 1

SW(CONFIG)#area 1 nssa

SW(CONFIG)#area 1 nssa default ( creation of default route for NSSA)

TOTALLY NSSA


SW(CONFIG)#area 1 nssa no-summary

SW(CONFIG)#end

OSPF ROUTE SUMMARIZATION

Manual support of summarization and LSA-5 has summarization applied on ASBR

and LSA-3 has summazrization done on ABR….in EIGRP,RIP-V2,BGP ROUTE

SUMMARIZATION IS AUTO…

FOR LSA-5


SW(CONFIG)#redistribute static subnets

SW(CONFIG)#summary-address 192.168.0.0 255.255.255.0 (example)

FOR LSA-3


SW(CONFIG)#area 0 range 172.16.0.0 255.255.0.0 (example)

SW(CONFIG)#do sh ip rou sum

IP PREFIX LIST

It blocks /permit/deny the prefix(route)….

R1(config)#ip prefix-list UMER deny 192.168.1.0/24 le 26 (-le=less than

and equal to)

R1(config)#ip prefix-list UMER permit 0.0.0.0/0 le 32 (permit any

command)

APPLY PREFIX-LIST


R1(config)#distribute-list prefix-list UMER in

R1(config)#end

R1(config)#clear ip route * (rerfresh the routing table)

AREA FILTER APPLY ON AREA

R1(config)#ip prefix-list UMER deny 172.16.0.1/32

R1(config)#ip prefix-list UMER permit 0.0.0.0/0 le 32


R1(config)# area 1 filter-list prefix UMER in

R1(config)#end

R1(config)#clear ip route *

R1(config)# sh ip route ospf

OSPF VIRTUAL LINK

Configure b/w two routers ,one of the routers is ABR,m there should

be common regular area b/w two routers…by default virtual link is

present in area 0..configuration is dependant on router id..it connect

the regular area to backbone area…


R1(config)#area 1 virtual-link 22.22.22.22 (given the router id of

desitnation)

EIGRP ROUTE-SUMMARIZATION

RIP AND EIGRP HAVE ROUTE SUMMARIZATION IMPLEMETENT ON

INTERFACE BASIS WHILE OSPF HAVE ROUTE SUMMARIZATION DONE IN

OSPF PROCESS

R1(config)#int s2/0

R1(config)#ip sum-add eigrp 100 192.168.16.0 255.255.255.0 (e.g)

AUTHENTICATION TECHNIQUES(RIP,EIGRP,OSPF)

1.OSPF

R1(config)#INT S2/0

R1(config)#IP OSPF AUTHENTICATION MESSAGE-DIGEST

R1(config)#IP OSPF MESSAGE-DIGEST-KEY 1 MD5 CISCO

R1(config)#END

2.RIP/EIGRP

AUTHENTICATION TECHNIQUE IS SAME FOR BOTH

R1(config)#KEY CHAIN UMER

R1(config)#KEY 1

R1(config)#KEY-STRING CISCO

R1(config)#INT S2/1

R1(config)#IP AUTHENTICATION MODE EIGRP 100 MD5

R1(config)#IP AUTHENTICATION KEY-CHAIN EIGRP 100 UMER

R1(config)#END

R1(config)#DO SH KEY CHAIN

BGP(BORDER GETAWAY PROTOCOL)

R1(config)#DO SH IP BGP SUM (BGP NEIGHBOUR DATABASE)

R1(config)#do s hip bgp (bgp database)

R1(config)#router bgp 100

R1(config)#no auto summary

R1(config)#neighbour 1.1.1.2 remote-as 200

BGP ATTRIBUTES

1.WEIGHT

It has impact on that router on which it is configured..

R1(config)#ROUTER BGP 200

R1(config)#NEIGHBOUR 3.1.1.1 REMOTE-AS 200 WEIGHT 10

2. LOCAL PREFERENCE

It is configured on border routers and this attribute has impact on whole local

autonomous system.it is an inbound attribute.and has more preference than I-

BGP /E-BGP…


R1(config)#bgp default local preference ?

3. MED (multi exit discriminator)

It will be shown as “metric” in output ,local preference has more priority than

MED..MED is an outbound attribute….

APPLY

First we have to make ACL then route-map will be constructed after that it will

be applied on that router from which routes are coming out and enter into

other autonomous system…and metric is set for specific group of ip addresses

and different metric is set for other group of ip addresses….

For example

R1(config)#route-map R12 permit 10

R1(config)#match ip add (ACL)

R1(config)#set metric 10


R1(config)#match ip add (ACL)

R1(config)#set metric 5



R1(config)#neigbour 1.1.1.1 route-map R12 out

R1(config)#end

R1(config)#clear ip bgp *

4.AS-PATH

R1(config)#route-map ASP permit 10

R1(config)#set as-path prepend 11 12 13

R1(config)# ex


R1(config)# neighbour 1.1.1.1 route-map ASP in

R1(config)#end

R1(config)#do clear ip bgp *

R1(config)#do sh ip bgp

I-BGP CONFIGURATION TECHNIQUE

1.FULL MESH

2.ROUTE-REFLECTOR

ROUTE REFLECTOR CONFIGURATION

CONFIGURATION FOR RR

R1(config)# router bgp 20

R1(config)#neighbour 5.9.0.3 remote-as 20

R1(config)# neighbour 5.9.0.4 “ “

R1(config)# “ 5.9.0.5 “ “

R1(config)#neighbour 5.9.0.3 update-source-loop 0

R1(config)# “ 5.9.0.4 “ “

R1(config)# “ 5.9.0.5 “ “

R1(config)#neigbour 5.9.0.3 route-reflector-client

R1(config)# “ 5.9.0.4 “ “

R1(config)# “ 5.9.0.5 “ “

R1(config)#ex

(same on other RR if present)

Similarly for RR clients configurations are as follows

R1(config)#neighbour bgp 20

R1(config)#neighbour 5.9.0.2 remote 20

R1(config)#neighbour 5.9.0.2 up loop 0

R1(config)#neighbour 5.9.0.3 remote 20

R1(config)#neighbour 5.9.0.3 up loop 0

Similar configuration on others RR clients..

For RR the command of “next-hop-self” is given..

END

(prepared by M.UMER TAHIR)

networking

Documents

ex swconfig

shutdown swconfig

timer swconfig

secondary swconfig

existing swconfig

state swconfig

int fa01 swconfig

int fa02 swconfig