networking
DESCRIPTION
SwitchingTRANSCRIPT
NETWORKING
CONFIGURATION PACKAGE
IP MAPPING
R1(config)#ip host HR 1.1.1.1
(HR name will be assign to IP address)
ACL
Standard
R1(config)#access-list 2 permit /deny 200.100.50.0
Extended
R1(config)#access-list 2 deny/permit tcp 200.100.50.5 0.0.0.0
200.100.100.100 0.0.0.0 eq telnet /port num
STATIC NAT
Static
R1(config)#ip nat inside source static 192.168.1.1 1.1.1.2
APPLY
R1(config)#int fa0/0
R1(config)#ip nat inside
R1(config)#exit
DYNAMIC NAT
Make access list first then configure NAT (access list 10)
R1(config)#ip nat pool corvit 1.1.1.1 1.1.1.3 netmask 255.0.0.0
R1(config)#ip nat inside source list 10 pool corvit (1)
APPLY
R1(config)#int fa0/0
R1(config)#ip nat inside
R1(config)#ex
PAT
It is very similar to dynamic NAT the difference is that :in configuring dynamic nat
we type OVERLOAD in eq 1 shown above….
Applying method remain same as dynamic nat..
LAYER 2 SWITCHING CONFIGURATION
SW(CONFIG)#ip routing (to make layer 2 switch use as layer 3 switch MLS)
SW(CONFIG)#no switchport (this command is given to make switchport routed
port)
TRUNK FORMATION
SW(CONFIG)#INT FA0/1
SW(CONFIG)#SWITCHPORT TRUNK ENCAPSULATION DOT1Q/ISL/NEGOTIABLE
SW(CONFIG)#SWITCHPORT MODE ACCESS/TRUNK
STATIC TRUNK
SW(CONFIG)#INT FA0/1
SW(CONFIG)#SWITCHPORT TRUNK ENCAPSULATION DOT1Q
SW(CONFIG)#SWITCHPORT MODE TRUNK
SW(CONFIG)#SWITCHPORT NONEGOTIATE( TO DISABLE DTP)
To reverse the static trunk the command is
SW(CONFIG)#no switchport nonegotiate
VTP PRUNNING
SW(CONFIG)#int fa0/1
SW(CONFIG)#switchport trunk prunning vlan 10,20
To add more vlan in existing
SW(CONFIG)#switchport trunk prunning vlan add/delete
PRIVATE VLAN
SW(CONFIG)#vtp mode transparent
SW(CONFIG)#vlan 100
SW(CONFIG)#private- vlan primary
SW(CONFIG)#ex
SW(CONFIG)#vlan 101
SW(CONFIG)#private- vlan community
SW(CONFIG)#ex
SW(CONFIG)#vlan 102
SW(CONFIG)#private vlan isolated
SW(CONFIG)#ex
SW(CONFIG)#vlan 100
SW(CONFIG)#private-vlan association 100-102
SW(CONFIG)#ex
SW(CONFIG)#int fa0/5,7
SW(CONFIG)#switchport mode private-vlan host
SW(CONFIG)#switchport private-vlan host-association 100
SW(CONFIG)#switchport private-vlan host-association 100 101
FOR PROMISCOUS PORT
SW(CONFIG)#INT FA0/15-19
SW(CONFIG)#switchport mode private-vlan promiscuous
SW(CONFIG)#switchport private vlan mapping 100 (primary) 101-
102(secondary)
SW(CONFIG)#ex
SWITCH VIRTUAL INTERFACE
SW(CONFIG)#interface vlan (number)
SW(CONFIG)#ip add ……….
SW(CONFIG)#ex
LAYER 2 REDUNDANCY CONFIGURATION
PVST
SENDER SIDE
SW(CONFIG)#int fa0/1
SW(CONFIG)#spanning tree vlan 10,20 port id/port priority
RECEIVER SIDE
SW(CONFIG)#int fa0/1
SW(CONFIG)#spanning tree vlan 10,20 cost ?
STP STABILITY
STP PORT FAST
1. BPDU GUARD
2. BPDU FILTER
(they are used for access ports )
SW(CONFIG)#int fa0/1
SW(CONFIG)#spanning tree portfast
SW(CONFIG)#spanning tree bpduguard enable
(to disable manulally error disable state)
SW(CONFIG)#shutdown
SW(CONFIG)#no shutdown
(using timer)
SW(CONFIG)#errdisable rec cause bpduguard
SW(CONFIG)# errdisable recovery interval time ?
BPDU FILTER
SW(CONFIG)#int fa0/12
SW(CONFIG)#spanning tree bpdufilter enable
SW(CONFIG)#exit
ROOT GUARD
(IT IS USED FOR THE SAFETY OF ROOT BRIDGE APPLY ON TRUNK LINK)
SW(CONFIG)#int fa0/2
SW(CONFIG)#spanning tree root quard
SW(CONFIG)#ex
STP CONVERGENCE TIME
1.UPLINK FAST (DETECT DIRECT LINK FAILURE)
2.BACKBONE FAST (DETECT THE INDIRECT LINK FAILURE)
SW(CONFIG)#spanning-tree uplinkfast
SW(CONFIG)#spanning-tree backbone fast
LOGICAL LINK AGGREGATION
PAGP(cisco)
SW(CONFIG)#int fa0/1-4
SW(CONFIG)#channel-group 1 mode desirable
SW(CONFIG)#int fa 0/1-4
SW(CONFIG)#channel-group 1 mode auto
LACP(IEEE)
SW(CONFIG)#int fa0/5-6
SW(CONFIG)#channel-group 2 mode active
SW(CONFIG)#int fa0/5-6
SW(CONFIG)#channel-group 2 mode passive
SW(CONFIG)#int port –channel 2
SW(CONFIG)#spannig-tree vlan 1 cost ?
LAYER 3 REDUNDANCY CONFIGURATION
FHRP(FIRST HOPE REDUNDANCY PROTOCOL)
1.HSRP(HOT STANDBY ROUTING PROTOCOL)
R1(CONFIG)#int fa0/1
R1(CONFIG)#standby (group no) priority (num)
R1(CONFIG)#standby (group no) ip (getaway for group)
R1(CONFIG)#do sh standby bri (info in table )
R1(CONFIG)#do sh standby (info in paragraph)
HSRP TRACKING
R1(config)#int fa0/1
R1(config)#standby 1 preempt
R1(config)#int fa0/1
R1(config)#standby 1 track serial 2/0 60
R1(config)#ex
OSPF CONFIGURATION METHODS
1.PER NETWORK/PER SUBNET
R1(config)#ROUTER OSPF 1
R1(config)#network 1.0.0.0 0.255.255.255 area 0
2.PER INTERFACE
1.per ip address
R1(config)#router ospf 1
R1(config)#net 22.22.22.22 0.0.0.0 area 0
2.direct configuration on interface
R1(config)#int s2/0
R1(config)#ip ospf 1 area 0
3.PER PLATFORM (GLOBALLY ENABLE)
R1(config)#router ospf 1
R1(config)#network 0.0.0.0 255.255.255.255 area 0
R1(config)#ex
2.VRRP(VIRTUAL ROUTER REDUNDANCY PROTOCOL)
R1(config)#int fa0/0
R1(config)#vrrp 1 priority ?
R1(config)#vrrp 1 ip (ip address)
R1(config)#end
VRRP TRACKING
In it we have object tracking implement like ACL.while in HSRP there is interface
and object tracking.for tracking, election is done on priority not by virtual ip
address criteria…
R1(config)#track 1 interface s2/0 ip routing
Or
R1(config)#track 1 interface s2/0 line-protocol
R1(config)#end
R1(config)#vrrp 1 track 1 ?
R1(config)#vrrp 1 track 1 dec 100 (example)
3.GLBP(GETAWAY LOAD BALANCING PROTOCOL)
it is an advance form of hsrp..in it we use object tracking.
R1(config)#int fa0/0
R1(config)#glbp 1 prioritity (num)
R1(config)#glbp 1 ip (ip address)
R1(config)#end
GLBP TRACKING
R1(config)#track 1 int s2/0 line-protocol
R1(config)#end
R1(config)#int fa0/0
R1(config)#glbp 1 weighting track 1 dec 20
R1(config)#glbp 1 weighting 110 lower 95 upper 105 (example)
GLBP AUTHENTICATION
R1(config)#int fa0/0
R1(config)#glbp 1 authentication ?
R1(config)#end
REDISTRIBUTION (EXTERNAL ROUTES TO OSPF)
R1(config)#router ospf 1
R1(config)#redistribution static subnets metric-type 1 (configure metric type E2
or E1)
R1(config)#redistributre static subnets metric-type 1 metric (num)
(configure seed metric )
ALLOWED VLAN CONCEPT
R1(config)#int fa0/1-2
R1(config)#switchport trunk allowed vlan 1,10,20
R1(config)# switchport trunk allowed add vlan ? (to add vlan in existing
vlans shown in above command)
POLICY BASED ROUTING
After making ACL
1.ROUTE MAP
R1(config)#route-map (name) permit/deny (num)
R1(config)#match ip address (ACL)
R1(config)#set clauses
(Similarly more sequences is made according to requirement)
APPLICATION
R1(config)#router ospf 1
R1(config)#redistribute static subnets route-map (name) (example)
R1(config)#end
SECURITY
MAC FLOODING ATTACK
SW(CONFIG)#int fa 0/5
SW(CONFIG)#switchport mode access (mode should be access )
SW(CONFIG)#switchport port-security max ?
SW(CONFIG)#switchport port-security mac address ?
Sticky or static
SW(CONFIG)#switchport port-security violation ?
VOICE VLANS
SW(CONFIG)#vlan 10,20
SW(CONFIG)#vlan 10
SW(CONFIG)#name voice
SW(CONFIG)#vlan 20
SW(CONFIG)#name data
SW(CONFIG)#end
SW(CONFIG)#int range fa0/1-4
SW(CONFIG)#switchport host
SW(CONFIG)#switchport access vlan 20
SW(CONFIG)#switchport voice vlan 10
SW(CONFIG)#end
Virtual access control list(VACL)
(one ACL at a time apply on one interface)
SW(CONFIG)#access-list 6 permit 10.0.0.4 0.0.0.0
SW(CONFIG)#vlan access-map UMER 10
SW(CONFIG)#match ip add 6
SW(CONFIG)#action drop
SW(CONFIG)#vlan access-map UMER 20
SW(CONFIG)#action forward
SW(CONFIG)#ex
SW(CONFIG)#vlan filter UMER vlan-list 30,40
RSTP(RAPID SPANNING TREE PROTOCOL)
(DR and BDR selection is done in it)
SW(CONFIG)#int fa0/0
SW(CONFIG)#ip ospf priority 0 (router will not take action in bdr and
dr elction
SW(CONFIG)#ip ospf priority 200 (DR)
SW(CONFIG)#ip ospf priority 100 (BDR)
SW(CONFIG)#end
SW(CONFIG)#do debug ip ospf adj (show the results in runtime)
REGULAR AREA CONFIGURATIONS
STUBY AREA
SW(CONFIG)#ROUTER OSFP 1
SW(CONFIG)#AREA 1 STUB
TOTALLY STUBY AREA
It is implemented on ABR only because LSA-3 is generated by it.
SW(CONFIG)#ROUTER OSPF 1
SW(CONFIG)#AREA 1 STUB NO-SUMMARY
NSSA
SW(CONFIG)#router ospf 1
SW(CONFIG)#area 1 nssa
SW(CONFIG)#area 1 nssa default ( creation of default route for NSSA)
TOTALLY NSSA
SW(CONFIG)#router ospf 1
SW(CONFIG)#area 1 nssa no-summary
SW(CONFIG)#end
OSPF ROUTE SUMMARIZATION
Manual support of summarization and LSA-5 has summarization applied on ASBR
and LSA-3 has summazrization done on ABR….in EIGRP,RIP-V2,BGP ROUTE
SUMMARIZATION IS AUTO…
FOR LSA-5
SW(CONFIG)#router ospf 1
SW(CONFIG)#redistribute static subnets
SW(CONFIG)#summary-address 192.168.0.0 255.255.255.0 (example)
FOR LSA-3
SW(CONFIG)#router ospf 1
SW(CONFIG)#area 0 range 172.16.0.0 255.255.0.0 (example)
SW(CONFIG)#do sh ip rou sum
IP PREFIX LIST
It blocks /permit/deny the prefix(route)….
R1(config)#ip prefix-list UMER deny 192.168.1.0/24 le 26 (-le=less than
and equal to)
R1(config)#ip prefix-list UMER permit 0.0.0.0/0 le 32 (permit any
command)
APPLY PREFIX-LIST
R1(config)#router ospf 1
R1(config)#distribute-list prefix-list UMER in
R1(config)#end
R1(config)#clear ip route * (rerfresh the routing table)
AREA FILTER APPLY ON AREA
R1(config)#ip prefix-list UMER deny 172.16.0.1/32
R1(config)#ip prefix-list UMER permit 0.0.0.0/0 le 32
R1(config)#router ospf 1
R1(config)# area 1 filter-list prefix UMER in
R1(config)#end
R1(config)#clear ip route *
R1(config)# sh ip route ospf
OSPF VIRTUAL LINK
Configure b/w two routers ,one of the routers is ABR,m there should
be common regular area b/w two routers…by default virtual link is
present in area 0..configuration is dependant on router id..it connect
the regular area to backbone area…
R1(config)#router ospf 1
R1(config)#area 1 virtual-link 22.22.22.22 (given the router id of
desitnation)
EIGRP ROUTE-SUMMARIZATION
RIP AND EIGRP HAVE ROUTE SUMMARIZATION IMPLEMETENT ON
INTERFACE BASIS WHILE OSPF HAVE ROUTE SUMMARIZATION DONE IN
OSPF PROCESS
R1(config)#int s2/0
R1(config)#ip sum-add eigrp 100 192.168.16.0 255.255.255.0 (e.g)
AUTHENTICATION TECHNIQUES(RIP,EIGRP,OSPF)
1.OSPF
R1(config)#INT S2/0
R1(config)#IP OSPF AUTHENTICATION MESSAGE-DIGEST
R1(config)#IP OSPF MESSAGE-DIGEST-KEY 1 MD5 CISCO
R1(config)#END
2.RIP/EIGRP
AUTHENTICATION TECHNIQUE IS SAME FOR BOTH
R1(config)#KEY CHAIN UMER
R1(config)#KEY 1
R1(config)#KEY-STRING CISCO
R1(config)#INT S2/1
R1(config)#IP AUTHENTICATION MODE EIGRP 100 MD5
R1(config)#IP AUTHENTICATION KEY-CHAIN EIGRP 100 UMER
R1(config)#END
R1(config)#DO SH KEY CHAIN
BGP(BORDER GETAWAY PROTOCOL)
R1(config)#DO SH IP BGP SUM (BGP NEIGHBOUR DATABASE)
R1(config)#do s hip bgp (bgp database)
R1(config)#router bgp 100
R1(config)#no auto summary
R1(config)#neighbour 1.1.1.2 remote-as 200
BGP ATTRIBUTES
1.WEIGHT
It has impact on that router on which it is configured..
R1(config)#ROUTER BGP 200
R1(config)#NEIGHBOUR 3.1.1.1 REMOTE-AS 200 WEIGHT 10
2. LOCAL PREFERENCE
It is configured on border routers and this attribute has impact on whole local
autonomous system.it is an inbound attribute.and has more preference than I-
BGP /E-BGP…
R1(config)#router bgp 200
R1(config)#bgp default local preference ?
3. MED (multi exit discriminator)
It will be shown as “metric” in output ,local preference has more priority than
MED..MED is an outbound attribute….
APPLY
First we have to make ACL then route-map will be constructed after that it will
be applied on that router from which routes are coming out and enter into
other autonomous system…and metric is set for specific group of ip addresses
and different metric is set for other group of ip addresses….
For example
R1(config)#route-map R12 permit 10
R1(config)#match ip add (ACL)
R1(config)#set metric 10
R1(config)#route-map R12 permit 20
R1(config)#match ip add (ACL)
R1(config)#set metric 5
R1(config)#route-map R12 permit 30
R1(config)#router bgp 100
R1(config)#neigbour 1.1.1.1 route-map R12 out
R1(config)#end
R1(config)#clear ip bgp *
4.AS-PATH
R1(config)#route-map ASP permit 10
R1(config)#set as-path prepend 11 12 13
R1(config)# ex
R1(config)#router bgp 200
R1(config)# neighbour 1.1.1.1 route-map ASP in
R1(config)#end
R1(config)#do clear ip bgp *
R1(config)#do sh ip bgp
I-BGP CONFIGURATION TECHNIQUE
1.FULL MESH
2.ROUTE-REFLECTOR
ROUTE REFLECTOR CONFIGURATION
CONFIGURATION FOR RR
R1(config)# router bgp 20
R1(config)#neighbour 5.9.0.3 remote-as 20
R1(config)# neighbour 5.9.0.4 “ “
R1(config)# “ 5.9.0.5 “ “
R1(config)#neighbour 5.9.0.3 update-source-loop 0
R1(config)# “ 5.9.0.4 “ “
R1(config)# “ 5.9.0.5 “ “
R1(config)#neigbour 5.9.0.3 route-reflector-client
R1(config)# “ 5.9.0.4 “ “
R1(config)# “ 5.9.0.5 “ “
R1(config)#ex
(same on other RR if present)
Similarly for RR clients configurations are as follows
R1(config)#neighbour bgp 20
R1(config)#neighbour 5.9.0.2 remote 20
R1(config)#neighbour 5.9.0.2 up loop 0
R1(config)#neighbour 5.9.0.3 remote 20
R1(config)#neighbour 5.9.0.3 up loop 0
Similar configuration on others RR clients..
For RR the command of “next-hop-self” is given..
END
(prepared by M.UMER TAHIR)