Avatar
[ view entry ] ( 1563 views ) | print article
Credits to Keith!
[ view entry ] ( 1525 views ) | print article
First, the latest releases of switch software have adopted a new naming convention:
a)ipbase (Formerly SMI): Cisco IOS IP base image and device manager files. This image has Layer 2+ and basic Layer 3 routing (Static, RIP) features.
b)ipservices(Formerly EMI): Cisco IOS IP services image and device manager files. This image has Layer 2+ and full Layer 3 features.
c)ipbasek9: Cisco IOS IP base cryptographic image and device manager files. This image has the Kerberos, Secure Shell (SSH), Layer 2+, and basic Layer 3 routing features.
d)ipservicesk9: Cisco IOS IP services cryptographic image and device manager files. This image has the Kerberos, SSH, Layer 2+, and full Layer 3 features.
http://www.cisco.com/en/US/products/hw/ ... 98851.html
The 3560/3570 switches also have an advipservices image that supports a subset of IPv6.
http://www.cisco.com/en/US/products/hw/ ... 7459b.html
-----------------------------------------
https://supportforums.cisco.com/thread/143438
[ view entry ] ( 1693 views ) | print article | related link
Other solutions:
CBAC
Reflexive ACLs
[ view entry ] ( 1571 views ) | print article
ip inspect command
----------------------------------
Alternative to Reflexive ACLs. Reflexive ACLs came out first.
[ view entry ] ( 1753 views ) | print article
The outbound ACL does not count for the router generated traffic, its the fact.
An access list can control traffic arriving at the router or leaving the router, but not traffic originating at the router.
in the Cisco Doc link
http://www.cisco.com/en/US/docs/ios-xml ... CBC37727F9
----------------------------
See command:
ip local policy route-map "route-map-name"
[ view entry ] ( 1663 views ) | print article
ASA is a different ball game!. ASA firewall defaults to permit traffic originated in more secure interfaces to be responded by less secure interfaces.
[ view entry ] ( 1754 views ) | print article
wic-adsl configuration with Verizon DSL. No username and password supplied by ISP. No PPPoE nor PPPoA used for connection.
https://supportforums.cisco.com/thread/2137389
------------------------------------
Configuration:
interface ATM0
no ip address
ip virtual-reassembly
no snmp trap link-status
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
ip address dhcp
ip nat outside
ip virtual-reassembly
no snmp trap link-status
atm route-bridged ip
pvc 0/35
encapsulation aal5snap
[ view entry ] ( 1986 views ) | print article
Frame Relay hub-n-spoke layout with 2 PVCs. Each PVC in different subnets. Demonstrates RIPv2, OSPF and EIGRP configurations.
PDF:
http://www.angelcool.net/tutorials/cisc ... SUBNET.pdf
[ view entry ] ( 1879 views ) | print article
Great explanation by Darren:
http://mellowd.co.uk/ccie/?p=2201
Also see CCNP ROUTE (4th print) p. 337, 2nd paragraph.
“...show some particular interesting features for matching routes. With an extended ACL, IOS compares the source IP address parameter to the subnet number of the route and the destination IP address to the subnet mask of the route. For example, the permit ip host 172.16.101.0 host 255.255.255.0 command matches the specific route for subnet 172.16.101.0, specifically with mask 255.255.255.0 .”
[ view entry ] ( 1726 views ) | print article
<<First <Back | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | Next> Last>>