Site to Site VPN  
Monday, December 24, 2012, 09:26 AM - - Cisco Notes
Posted by Administrator


Credits to Keith!

[ view entry ] ( 1356 views )   |  print article
Cisco 3550 siwtches: EMI vs SMI 
Thursday, December 20, 2012, 01:18 AM - - Cisco Notes
Posted by Administrator
First, the latest releases of switch software have adopted a new naming convention:

a)ipbase (Formerly SMI): Cisco IOS IP base image and device manager files. This image has Layer 2+ and basic Layer 3 routing (Static, RIP) features.

b)ipservices(Formerly EMI): Cisco IOS IP services image and device manager files. This image has Layer 2+ and full Layer 3 features.

c)ipbasek9: Cisco IOS IP base cryptographic image and device manager files. This image has the Kerberos, Secure Shell (SSH), Layer 2+, and basic Layer 3 routing features.

d)ipservicesk9: Cisco IOS IP services cryptographic image and device manager files. This image has the Kerberos, SSH, Layer 2+, and full Layer 3 features.

http://www.cisco.com/en/US/products/hw/ ... 98851.html
The 3560/3570 switches also have an advipservices image that supports a subset of IPv6.
http://www.cisco.com/en/US/products/hw/ ... 7459b.html

-----------------------------------------
https://supportforums.cisco.com/thread/143438



[ view entry ] ( 1469 views )   |  print article  |  related link
IOS Zone Based Firewall (Router) 
Wednesday, December 5, 2012, 07:50 PM - - Cisco Notes
Posted by Administrator

Other solutions:
CBAC
Reflexive ACLs

[ view entry ] ( 1358 views )   |  print article
Cisco Context Based Access Control (CBAC) 
Wednesday, December 5, 2012, 06:43 PM - - Cisco Notes
Posted by Administrator
ip inspect command




----------------------------------
Alternative to Reflexive ACLs. Reflexive ACLs came out first.

[ view entry ] ( 1560 views )   |  print article
Outbound ACL do not filter traffic originated from router. 
Wednesday, December 5, 2012, 12:51 AM - - Cisco Notes
Posted by Administrator
The outbound ACL does not count for the router generated traffic, its the fact.

An access list can control traffic arriving at the router or leaving the router, but not traffic originating at the router.

in the Cisco Doc link

http://www.cisco.com/en/US/docs/ios-xml ... CBC37727F9

----------------------------
See command:
ip local policy route-map "route-map-name"

[ view entry ] ( 1445 views )   |  print article
Reflexive ACL Configuration (Router!) 
Tuesday, December 4, 2012, 07:21 PM - - Cisco Notes
Posted by Administrator


ASA is a different ball game!. ASA firewall defaults to permit traffic originated in more secure interfaces to be responded by less secure interfaces.

[ view entry ] ( 1573 views )   |  print article
ADSL Bridge mode without authentication. 
Monday, December 3, 2012, 09:19 PM - - Cisco Notes
Posted by Administrator
wic-adsl configuration with Verizon DSL. No username and password supplied by ISP. No PPPoE nor PPPoA used for connection.

https://supportforums.cisco.com/thread/2137389
------------------------------------
Configuration:


interface ATM0
no ip address
ip virtual-reassembly
no snmp trap link-status
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
ip address dhcp
ip nat outside
ip virtual-reassembly
no snmp trap link-status
atm route-bridged ip
pvc 0/35
encapsulation aal5snap




[ view entry ] ( 1787 views )   |  print article
Frame Relay Hub-N-Spoke with point-to-point subinterfaces 
Wednesday, October 31, 2012, 12:38 AM - - Cisco Tutorials
Posted by Administrator
Frame Relay hub-n-spoke layout with 2 PVCs. Each PVC in different subnets. Demonstrates RIPv2, OSPF and EIGRP configurations.

PDF:
http://www.angelcool.net/tutorials/cisc ... SUBNET.pdf

[ view entry ] ( 1657 views )   |  print article
Using an extended ACL as a prefix-list 
Tuesday, October 2, 2012, 06:47 AM - - Cisco Notes
Posted by Administrator
Great explanation by Darren:
http://mellowd.co.uk/ccie/?p=2201

Also see CCNP ROUTE (4th print) p. 337, 2nd paragraph.

“...show some particular interesting features for matching routes. With an extended ACL, IOS compares the source IP address parameter to the subnet number of the route and the destination IP address to the subnet mask of the route. For example, the permit ip host 172.16.101.0 host 255.255.255.0 command matches the specific route for subnet 172.16.101.0, specifically with mask 255.255.255.0 .”



[ view entry ] ( 1505 views )   |  print article
Automatic interface shutdown, when tracked interface goes down (Cisco) 
Wednesday, September 26, 2012, 12:25 AM - - Cisco Notes
Posted by Administrator
The Embedded Event Manager in IOS 12.4(2)T and higher can integrate with Object Tracking, and will allow you to run a script or IOS commands when the object state changes. With this, you could down the interface easily. If you are interested in this, let me know, and I can give you an example.

Assume you have track 11 setup to watch the interface you care about. You want to shutdown interface Serial0:31 as well in that case:


event manager applet ethertrack
event track 11 state down
action 1.0 syslog msg "Ethernet interface is down; shutting down Serial0:31"
action 2.0 cli command "enable"
action 3.0 cli command "config t"
action 4.0 cli command "interface ser0:31"
action 5.0 cli command "shut"
action 6.0 cli command "end"
action 7.0 syslog msg "Serial0:31 is now down"


Again, this requires 12.4(2)T or higher to be running on the router. It is only an example, but it will take down the serial interface when the tracked object goes down. You could also create a similar applet to watch for the object state to go up, then bring back up the Serial interface.

track 11 setup: track 11 interface FastEthernet0/0 line-protocol

https://supportforums.cisco.com/thread/178216

Also see: tracking reachability

[ view entry ] ( 1319 views )   |  print article

<<First <Back | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | Next> Last>>


2024 By Angel Cool