asyd.net docs:cisco
http://asyd.net/home/
2011-06-26T20:47:22+02:00asyd.net
http://asyd.net/home/
http://asyd.net/home/lib/images/favicon.icotext/html2008-10-03T08:25:38+02:00docs:cisco:802.1q
http://asyd.net/home/docs/cisco/802.1q
Router
interface FastEthernet0/0
no ip address
speed auto
full-duplex
no cdp enable
no mop enabled
!
interface FastEthernet0/0.34
encapsulation dot1Q 34
ip address 192.168.34.3 255.255.255.0
!
interface FastEthernet0/0.43
encapsulation dot1Q 43
ip address 84.14.13.129 255.255.255.248
!text/html2008-10-03T08:25:38+02:00docs:cisco:adsl
http://asyd.net/home/docs/cisco/adsl
Here my configuration for my ADSL from Nerim (a small french ISP which provide native IPv6)
!
interface ATM0
description DSL Nerim
no ip address
no ip redirects
no ip proxy-arp
load-interval 30
no atm ilmi-keepalive
pvc 0/16 ilmi
!
dsl operating-mode auto
!
interface ATM0.35 point-to-point
description ATM FT
no ip redirects
no ip proxy-arp
pvc cipa 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface Dialer0
description PPPoA Nerim
ip a…text/html2006-01-05T09:12:21+02:00docs:cisco:ipsec
http://asyd.net/home/docs/cisco/ipsec
!
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key MyCrypTKey address <ipv4 peer>
!
!
crypto ipsec transform-set FMS-Transform esp-3des esp-md5-hmac
!
crypto map Fimasys-map 1 ipsec-isakmp
set peer <ipv4 peer>
set security-association lifetime seconds 86400
set transform-set FMS-Transform
set pfs group2
match address 120
!
access-list 120 permit ip 192.168.160.0 0.0.0.255 192.168.66.0 0.0.0.255
access-list 120 permit ip 192.168.160.0 0.0.0.255…text/html2008-10-03T08:25:38+02:00docs:cisco:netflow
http://asyd.net/home/docs/cisco/netflow
Configuring netflow
!
interface Ethernet1/0
ip address 172.16.0.2 255.255.0.0
ip route-cache flow
full-duplex
!
ip flow-export version 5
ip flow-export destination 192.168.34.5 3000
!
* Cisco Configuring Netflow
* Configure NTOP for netflowtext/html2008-10-03T08:25:38+02:00docs:cisco:port-monitor
http://asyd.net/home/docs/cisco/port-monitor
monitor session 1 source interface Fa0/6 rx
monitor session 1 destination interface Fa0/5
Note You can configure only two monitors per switchtext/html2008-10-03T08:25:38+02:00docs:cisco:pptpserver
http://asyd.net/home/docs/cisco/pptpserver
Define a new AAA (Authentication, Authorization, Accounting) model
!
aaa authentication login default group radius local
aaa authentication login login-local line local enable
aaa authentication login noauth line none
aaa authentication login netlogin line none
aaa authentication ppp default group radius
aaa authorization network default group radius
aaa accounting network default start-stop group radius
aaa session-id common
!text/html2008-10-03T08:25:38+02:00docs:cisco:ratelimit
http://asyd.net/home/docs/cisco/ratelimit
Write your ACL matching the traffic you want shape
access-list 100 permit tcp host 192.168.3.10 eq www any
access-list 101 permit tcp any eq www 192.168.3.0 0.0.0.255text/html2008-10-03T08:25:38+02:00docs:cisco:snmp
http://asyd.net/home/docs/cisco/snmp
Enable a SNMP server under IOS
Go into enable mode, then configure mode:
GFlop$ enable
GFlop# conf t
Create an access list to restrict snmp usage:
GFlop(config)# access-list 1 permit 192.168.1.4
Enable the snmp server
GFlop(config)# snmp-server location Foo Bar
GFlop(config)# snmp-server contact Foo@Bar.net
GFlop(config)# snmp-server community public ro 1text/html2008-10-03T08:25:38+02:00docs:cisco:transparentproxy
http://asyd.net/home/docs/cisco/transparentproxy
!
interface Ethernet0
description * LAN *
ip address 192.168.1.254 255.255.255.0
no ip directed-broadcast
no ip mroute-cache
ip policy route-map proxy-redir
!
access-list 110 deny tcp host 192.168.1.42 any eq www
access-list 110 permit tcp any any eq www
!
route-map proxy-redir permit 10
match ip address 110
set ip next-hop 192.168.1.42
!