Showing posts with label Cisco. Show all posts
Showing posts with label Cisco. Show all posts

Thursday, June 21, 2012

SSH configuration

  1. Specify the Host name.
    Router(config)#hostname <host name>
  2. Define a default domain name.
    Router(config)#ip domain-name <Domain Name>
  3. Generate RSA key pairs.
    Router(config)#crypto key generate rsa
  4. Configure SSH-RSA keys for user and server authentication.
    Router(config)#ip ssh pubkey-chain
  5. Configure the SSH username.
    Router(conf-ssh-pubkey)#username <user name>
  6. Specify the RSA public key of the remote peer.
    Router(conf-ssh-pubkey-user)#key-string
  7. Specify the SSH key type and version. (optional)
    Router(conf-ssh-pubkey-data)#key-hash ssh-rsa <key ID>
  8. Exit the current mode and return to privileged EXEC mode.
    Router(conf-ssh-pubkey-data)#end
Posted by at No comments:
Labels: ,

Tuesday, June 19, 2012

some troubleshooting skill related to CPU usage



process cpu threshold type total rising 80 interval 5

 event syslog pattern "%SYS-1-CPURISINGTHRESHOLD"
 action 1 cli command "enable"
 action 1 cli command "<enable password>"
 action 3 cli command "show clock | append flash:risecpu_info"
 action 4 cli command "show proc cpu sorted | append flash:risecpu_info"
 action 5 cli command "show proc cpu history | append flash:risecpu_info"
 action 6 cli command "show interface | append flash:risecpu_info"
 action 7 cli command "show int switching | append flash:risecpu_info"
 action 8 cli command "show ip traffic | append flash:risecpu_info"
 action 9 cli command "show ip cef switching stat feature | append flash:risecpu_info"
 action 10 cli command "show debug | append flash:risecpu_info"
  action 11 cli command "show align | append flash:risecpu_info"
Posted by at No comments:
Labels: ,

Wednesday, February 16, 2011

route-map case

There is a someone wants to configure such scenario.
if the router see some port then use a gateway, the solution is using route-map and apply it to the interface.

conf t
route-map port80
match ip address matchport80
set ip next-hop xxx.xxx.xxx.xxx <----------- the gateway ip you set for next-hop for the http traffic


ip access-list extended matchport80
 permit tcp any any eq www

interface FastEthernet0/0
 ip policy route-map port80
Posted by at No comments:
Labels: ,

Tuesday, February 1, 2011

Cisco IP advance feature - sweep range of sizes

To check the destination ip mtu, please use the following method.
router#ping
Protocol [ip]:
Target IP address: 10.30.30.1
Repeat count [5]: 1
Datagram size [100]: 1
% A decimal number between 36 and 18024.
Datagram size [100]: 100
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface:
Type of service [0]:
Set DF bit in IP header? [no]: y
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]: y
Sweep min size [36]: 1470
Sweep max size [18024]: 1500
Sweep interval [1]:
Type escape sequence to abort.
Sending 31, [1470..1500]-byte ICMP Echos to 10.30.30.1, timeout is 2 seconds:
!!!!!..........................
Success rate is 16 percent (5/31), round-trip min/avg/max = 52/67/88 ms
Posted by at No comments:
Labels: , ,

Wednesday, December 8, 2010

some common cisco command

ip name-server xxx.xxx.xxx.xxx
sntp server hk.pool.ntp.org
clear interface virtual-access [number]
logging buffer 51200 debug
clock set 10:50:00 Oct 26 2006
clock timezone HKT 8
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime

show process cpu
show process cpu sorted

sh ip cac flow – show current traffic of specified interface**
sh ip accounting – show accumulated traffic of specified interface**
clear ip flow stats
clear counter [interface]

show process memory
show process memory sorted
show memory allocating-process totals
show memory summary
show memory statistics
show memory dead
show memory free
show memory bigger

show buffers
show buffer old


router#config t
router(config)#int vlan1
router(config-if)#ip route-cache flow
OR
router(config-if)#ip accounting (may cause memory low/exhaust, remember to deactivate!)
router(config-if)#^Z
router#sh ip cac flow

Router#reload in 5

ip nat translation tcp-timeout 300
ip nat translation udp-timeout 200
ip nat translation max-entries list 2 100
access-list 2 permit 10.1.68.173
Posted by at No comments:
Labels:

Monday, December 6, 2010

CCIE R&S check list

  1. Implement Layer 2 Technologies
    1. Implement Spanning Tree Protocol (STP)
      1. 802.1d (STP) - 
        1. Transparent Bridging
        2. Process: learning, flooding, filtering, forwarding, aging
      2. 802.1w (RSTP)
      3. 801.1s (MST)
      4. Portfast
      5. Loop guard
      6. Root guard
      7. Bridge protocol data unit (BPDU) guard
      8. BPDU Filters
      9. UplinkFast
      10. BackboneFast
      11. MSTP
      12. Storm control
      13. Unicast flooding
      14. Port roles, failure propagation, and loop guard operation
      15. Optimizing STP by STP Timers
      16. Selecting the Root Bridge for an MST Instance in an MST Environment
      17. Setting the Port Priority to Designate the Forwarding Ports
    2. Implement VLAN and VLAN Trunking Protocol (VTP)
      1. Configuration
        1. Creating, Deleting, and Editing VLANs
        2. VTP in Client/Server Mode
        3. VTP in Transparent Mode
        4. VTP Authentication
        5. VTP Pruning
        6. Controlling VLANs That Cross a Trunk
        7. Selecting the Root Bridge for VLANS in a PVST Environment
    3. Implement trunk and trunk protocols, EtherChannel, and load-balance
      1. Configuration
        1. Trunks Using an Industry Standard Encapsulation
        2. Trunks Using a Cisco Proprietary Encapsulation
        3. EtherChannel Using an Industry-Standard Protocol
        4. EtherChannel Using a Cisco Proprietary Protocol
        5. Disabling Protocols on the EtherChannel
        6. Load-Balancing Type on the EtherChannel
    4. Implement Ethernet technologies
      1. Speed and duplex
      2. Ethernet, FastEthernet, and Gigabit Ethernet
      3. PPP over Ethernet (PPPoE)
    5. Implement Switched Port Analyzer (SPAN), Remote Switched Port Analyzer (RSPAN), and flow control
    6. Implement Frame Relay
      1. Local Management Interface (LMI)
      2. Traffic shaping
      3. Full mesh
      4. Hub and spoke
      5. Discard eligiable (DE)
      6. Configuration:
        1. Frame Relay Multipoint Link on  a Physical Interface Using Inverse ARP
        2. Frame Relay Multipoint Link on  a Physical Interface Without Using Inverse ARP
        3. Frame Relay Multipoint Link on a Subinterface Using Inverse ARP
        4. Frame Relay Multipoint Link on a Subinterface Without Using Inverse ARP
        5. Frame Relay Point-to-Point Subinterfaces
        6. PVC with a Multipoint Interface on One Side and a Subinterface on the Other side
        7. Authentication on a Frame Relay Link Using PPP
    7. Implement High-Level Data Link Control (HDLC) and PPP
  2. Implement IPv4
    1. Implement IP version 4 (IPv4) addressing, subnetting, and variable-length subnet masking (VLSM)
    2. Implement IPv4 tunneling and Generic Routing Encapsulation (GRE)
    3. Implement IPv4 RIP version (RIPv2)
    4. Implement IPv4 Open Shortest Path First (OSPF) 
      1. OSPF on a Broadcast Multicast Access Network (Ethernet)
      2. OSPF over a Frame Relay Multipoint Network by changing Network Types
      3. OSPF over a Frame Relay Multipoint Network by Using the neighbor Command
      4. OSPF over a Frame Relay Point-to-Point Network
      5. Virtual Links
      6. Standard OSPF areas
      7. Stub area
      8. Totally stubby area
      9. Not-so-stubby-area (NSSA)
      10. Totally NSSA
      11. Link-state advertisement (LSA) types
      12. Adjacency on a point-to-point and on a multi-access network
      13. OSPF graceful restart
    5. Implement IPv4 Enhanced Interior Gateway Routing Protocol (EIGRP)
      1. Basic EIGRP
      2. Passive Interfaces
      3. EIGRP Stub on Router and Switches
      4. EIGRP Update -Bandwidth Control
      5. Changing the Administrative Distance of EIGRP
      6. Best path
      7. Loop-free paths
      8. EIGRP operations when alternate loop-free paths are available, and when they are not available
      9. EIGRP queries
      10. Unequal-cost Load Balancing for EIGRP
      11. Manual summarization and auto summarization
    6. Implement IPv4 Border Gateway Protocol (BGP) 
      1. IBGP
        1. IBGP Peering
        2. Advertising Routes in iBGP
        3. Next-Hop Attribute
        4. Route Reflectors
        5. Redundancy by Neighbor Relationships Based on Loopbacks
      2. EBGP
        1. EBGP Peering
        2. EBGP Peering Based on Loopbacks
      3. BGP Advanced Features 
        1. Filtering Using ACLs
        2. Filtering Using Prefix Lists
        3. Filtering Using AS Path Filters
        4. Redistributing Connected Routes into BGP
        5. Redistributing Dynamic Routing Protocols into BGP
        6. BGP Aggregation
        7. BGP Aggregation with the Summary Only Parameter
        8. BGP Aggregation with Suppress Maps
        9. BGP Aggregation with Unsuppressed Maps
        10. BGP Best-Path Selection - Weight
        11. BGP Best-Path Selection - Local Preference
        12. BGP Best-Path Selection - MED
        13. BGP Communities - No-Export
        14. BGP Communities - No-Advertise
        15. BGP Confederation BGP Local AS
        16. Working with Private AS Numbers
        17. Route Dampening
        18. Conditional Advertising
        19. Peer Groups
    7. Implement policy routing
    8. Implement Performance Routing (PfR) and Cisco Optimized Edge Routing (OER)
    9. Implement filtering, route redistribution, summarization, synchronization, attributes, and other advanced features.
      1. Route Filtering for OSPF within the Area Using Distribute List with an ACL and Prefix
      2. Route Filtering for OSPF Between Areas
      3. Summarization of OSPF Routes between Areas
      4. Summarization of External routers Within OSPF
      5. Filtering with a Distribute List Using an ACL and Prefix Lists
      6. Using Advanced ACLs and a Prefix List for Filtering Routes
      7. Summarizing Routes with EIGRP
      8. Route Summarization for RIP
      9. Redistribution Between OSPF and EIGRP
      10. Redistribution Between RIP and EIGRP
      11. Redistribution Between RIP and OSPF
      12. Redistribution of Directly Connected Routes
      13. Redistribution of Staic Routes
      14. Redistribution with Filtering Using ACLs and Prefix Lists
      15. Redistribution with Filtering Using Route Tagging
  3. Implement IPv6
    1. Implement IP version (IPv6) addressing and different addressing types
    2. Implement IPv6 neighbour discovery
    3. Implement basic IPv6 functionality protocols
    4. Implement tunnelling techniques
    5. Implement RIPng
    6. Implement OSPF version 3 (OSPFv3)
    7. Implement EIGRP version 6 (EIGRPv6)
    8. Implement IPv6 on a Frame Relay Network - Multipoint
    9. Implement IPv6 on a Frame Relay Network - Point-toPoint
    10. Implement filtering with a Distribute List Using an ACL and Prefix Lists
    11. Implement Route Redistribution Between OSPFv3 and EIGRPv6
  4. Implement MPLS Layer 3 VPNs
    1. Implement Multiprotocol label Switching (MPLS)
      1. MPLS Unicast Routing Using LDP
      2. Controlling Label Distribution
    2. Implement Layer 3 virtual private networks (VPNs) on provider edge (PE), provider (P), and customer edge (CE) routers
      1. MPLS VPN Using Static Routing Between PE-CE
      2. MPLS VPN Using EIGRP as the PE-CE Routing Protocol
      3. MPLS VPN Using OSPF as the PE-CE Routing Protocol
      4. MPLS VPN Using EBGP as the PE-CE Routing Protocol
      5. Controlling Route Propagation Using the Route Target with Import and Export Maps
    3. Implement virtual routing and forwarding (VRF) and Multi-VRF Customer Edge (VRF-Lite)
  5. Implement IP Multicast
    1. Implement PIM Dense Mode
    2. PIM on an NMBA Network
    3. Implement Protocol Independent Multicast (PIM) sparse mode
      1. Static Rendezvous Point
      2. Multiple Statuc Rendezvous Points
      3. Auto Rendezvous Points
      4. PIM Sparse Mode with Multiple Rendezvous Points Using the Auto Rendezvous Point
    4. Bidirectional PIM
    5. Implement Multicast Source Discovery Protocol (MSDP)
      1. MSDP
      2. MSDP to an Anycast Rendezvous Point
    6. Implement interdomain multicast routing
    7. Implement PIM Auto-Rendezvous Point (Auto-RP), unicast rendezvous point (RP), and bootstrap router (BSR)
    8. Implement multicast tools, features, and source-specific multicast
      1. Multicast Rate Limiting
      2. IGMP Filtering on the Switch
      3. Use of teh Switch to Block Multicast Traffic
      4. Multicasting Through a GRE Tunnel
      5. Multicast Helper Address
    9. Implement IPv6 multicast
      1. IPv6 Multicast Routing Using PIM
      2. IPv6 Multicast Listener discovery (MLD) Protocol
  6. Implement Network Security
    1. Implement access lists
      1. Standard Access Lists
      2. Extended Access Lists
      3. Time-Based Access Lists
      4. Reflexive Access Lists
    2. Implement Unicast Reverse Path Forwarding (uRPF)
    3. Implemenet IP Source Guard
    4. Implement authentication, authorization, and accounting (AAA) (configuring AAA server is not required, only the client-side (IOS) is configured)
      1. Use of a Router to Authenticate Against a AAA Server Using TACACS+
      2. Use of a Router to Authenticate Against a AAA Server Using RADIUS
      3. Local Privilege Authorization
      4. Accounting to a AAA Server Using TACACS+
      5. Accounting to a AAA Server Using RADIUS
    5. Implement Control Plane Policing (CoPP)
    6. Implement Cisco IOS and Zone-Based Firewalls
      1. Basic Cisco IOS Firewall
      2. DoS Protection on a Cisco IOS Firewall
      3. Basic Zone-Based Firewall
      4. Zone-Based Firewall with Deep Packet Inspection
    7. Implement Cisco IOS Intrusion Prevention System (IPS)
    8. Implement Secure Shell (SSH)
    9. Implement 802.1x
    10. Implement NAT
      1. Dynamic NAT
      2. PAT
      3. Static NAT
      4. Policy-Based NAT
    11. Implement routing protocol authentication
      1. Routing Protocol Authentication for EIGRP
      2. Routing Protocol Authentication for OSPF-Area-Wide
      3. Routing Protocol Authentication for OSPF-Interface-Specific
      4. Routing Protocol Authentication for OSPF Virtual Links
      5. Routing Protocol Authentication for BGP
    12. Implement device access control
    13. Implement security features
      1. Storm Control
      2. Switch Port Security
      3. Dot1x Authentication
      4. Dot1x Authentication for VLAN Assignment
      5. VLAN Access Maps
      6. DHCP Snooping
      7. DAI
      8. IP Source Guard
      9. Private VLANs
      10. Configuring the TCP Intercept Feature
      11. Configuring Blocking of Fragment Attacks
      12. Configuring Switch Security Features
      13. Configuring Antispoofing Using ACL
      14. Configuring Antispoofing Using uRPF
  7. Implement Network Service
    1. Implement Hot Standby Router Protocol (HSRP)
      1. HSRP between two Routers
      2. Pre-empt for HSRP
      3. Authentication for HSRP
    2. Implement Gateway Load Balancing Protocol (GLBP)
    3. Implement Virtual Router Redundancy Protocol (VRRP)
    4. Implement Network Time Protocol (NTP)
      1. NTP Using the NTP Master and NTP Server Commands
      2. NTP Without Using the NTP Server
      3. NTP Using NTP Broadcast Commands
    5. Implement DHCP
      1. Configuring DHCP on a Cisco IOS Router
      2. Configuring DHCP on a Switch
      3. Using a Router and a Switch to Act as a DHCP Relay Agent (Helper Address)
    6. Implement Web Cache Communication Protocol (WCCP)
    7. Use of the Router to Generate an Exception Dump Using TFTP
    8. Use of the Router to Generate an Exception Dump Using FTP
    9. Use of the Router to Generate an Exception Dump Using RCP
    10. Broadcast Forwarding for Protocols
  8. Implement Quality of Service (QoS)
    1. Implement Modular QoS CLI (MQC)
      1. Policing
      2. Class-based weighted fair queuing (CBWFQ)
      3. Low latency queuing (LLQ)
      4. Shaping Using MQC
      5. Random Early Detection Using MQC
      6. WRED Using MQC
      7. Using Network-Based Aplication Recognition (NBAR) for QoS
      8. Discard Eligible Marking Using MQC
    2. modified deficit round robin (MDRR)
    3. Classification
      1. Marking Using DSCP
      2. Marking Using IP Precedence
      3. Marking Using COS
    4. Congestion Management and Congestion Avoidance
      1. Priority Queuing
      2. Custom Queuing
      3. Weighted Fair Queuing
      4. Weighted random early detection (WRED), and random early detection (RED)
      5. Resource Reservation Protocol (RSVP)
    5. Policing and Shaping
      1. CAR Using Rate Limiting Under the Interface
      2. Frame Relay Traffic Using Map Classes
      3. Discard Eligible List
    6. Link Efficiency Mechanisms
      1. Compression
      2. link fragmentation and interleaving (LFI) for Frame Relay
    7. Implement Layer 2 QoS: weighted round robin (WRR), shaped round robin (SRR), and policies
    8. Implement generic traffic shaping
    9. Implement Cisco AutoQoS
  9. Troubleshoot a Network 
    1. Troubleshoot complex Layer 2 network issues
      1. Troubleshooting Catalyst Switch Network Issues
      2. Troubleshooting Frame Relay Network Issues
    2. Troubleshoot complex Layer 3 network issues
      1. Troubleshooting IP Addressing Network Issues
      2. Troubleshooting Routing Protocol Network Issues
      3. Troubleshooting Routing Protocol Loop Issues
    3. Troubleshoot a network in response to application problems
      1. Determinig Which Aspects of the Network to Troubleshoot to Determine Network
    4. Troubleshoot network services
      1. Troubleshooting  Misconfigured NTP Setup
      2. Troubleshooting  Misconfigured DHCP Setup
      3. Troubleshooting  Misconfigured Telnet and SSH Setup
      4. Troubleshooting  Misconfigured SNMP Setup
    5. Troubleshoot network security
      1. Troubleshooting Misconfigured ACLs
      2. Troubleshooting Misconfigured NAT
      3. Troubleshooting Misconfigured AAA Services
  10.  Optimize the Network
    1. Logging In
      1. Logging into a Remote Syslog Server
      2. Logging into the Internal Buffer
    2. Implement IP Service Level Agreement SLA
      1.  
    3. Implement Netflow
    4. Implement SPAN, RSPAN, and router IP traffic export (RITE)
    5. Implement Simple Network Managemnet Protocol (SNMP)
      1. SNMP Management on the Switch 
      2. Use of a Router to Communicate to an SNMP Management Station
      3. User of a Router to Generate SNMP Traps
    6. Implement Cisco IOS Embedded Event Management (EEM)
    7. Implement Remote Monitoring (RMON) 
      1. Use of a Router to Generate SNMP Traps Using RMON
    8. Accounting
      1. IP Accounting
    9. Implement FTP
    10. Implement TFTP
    11. Implement TFTP server on router
    12. Implement Secure Copy Protocol (SCP)
    13. Implement HTTP and HTTPS
    14. Implement Telnet
      1. Telnet and SSH management on the Switch
      2. Disabling telnet and the SSH Client on the Switch
      3. Controlling Inbound and Outbound Telnet on the Switch
  11.  Misc
    1. Regular and Smart Macros
    2. Switch Banners
    3. UDLD
    4. Switch Virtual Interface (SVIs) for IP Routing
    5. Router on a Stick
    6. IP Phones to Connect to the Catalyst Swith
    7. Dot1q Tunneling
Posted by at No comments:
Labels: ,
Subscribe to: Posts (Atom)