Differences

This shows you the differences between two versions of the page.

--- cisco [2006/01/31 11:15]
212.18.42.18
+++ cisco [2015/05/21 15:00]
zagi
@@ Line 1: / Line 1: @@
 ====== Cisco stuff on need to know bases ======
-==== Related documents ====
+see also: **[[cisco:bgp|Cisco BGP stuff]]**, **[[networking]]**, **[[http://www.cymru.com/Documents/secure-ios-template.html|Secure IOS Template]]**
+==== Related documents ====
+[[http://www.netconfigs.com/tools/bgp.htm]]\\
 [[http://www.cisco.com/warp/public/459/bgp-toc.html]]\\
 [[http://www.caida.org/tools/measurement/cflowd/]]\\
@@ Line 10: / Line 14: @@
 Cisco pppoe [[http://www.dslreports.com/faq/8199]]\\
 Password recovery[[http://www.cisco.com/warp/public/474/]]\\
+[[http://phx-cisco-users.org/index.php|Phoenix Cisco User Group (PCUG)]] Cisco tips [[http://www.ciscoblog.com/docstore/PCUGTips.pdf|presentation]] (local mirror:{{pcugtips.pdf|Cisco tips}})
 ==== Password reset and configuration reset ====
@@ Line 50: / Line 55: @@
   login
   password xxx
+=== Corrupt/missing IOS image ===
+   * set BAUD 115200
+   * upload vix Xmodem
+==== Cisco security tips ====
+**Disable:**
+    * BOOTP server
+    * Cisco Discovery Protocol (CDP)
+    * HTTP Configuration and Monitoring
+    * Domain Name System (DNS)
+    * Packet Assembler / Disassembler (PAD)
+    * Internet Control Message Protocol (ICMP) Redirects
+    * IP Source Routing
+    * Finger Service
+    * Proxy ARP
+    * IP Directed Broadcast
+==== Cisco config tips ====
-==== Cisco tips ====
+** Cisco PIX ***
+  no fixup protocol smtp 25
 **General security template:**
@@ Line 91: / Line 119: @@
   ip cef
-**NTP**
+**NTP** (see also: [[http://www.nil.com/ipcorner/SecTimeManagement/]])
   clock timezone CET 1
   clock summer-time CEST recurring last Sun Mar 2:00 last Sun Oct 3:00
@@ Line 139: / Line 167: @@
 **General Interface Template:**
-  no ip redirect
+  no ip redirects
   no ip direct broadcast
   no ip proxy-arp
   no ip unreachables
-  ! no ip mask-reply
+  no ip mask-reply
+  no ip mroute-cache
@@ Line 211: / Line 239: @@
   router bgp 109
   neighbor 145.2.2.2 remove-private-AS
+==DHCP==
+ip dhcp excluded-address 192.168.10.1
+  ip dhcp pool my.lan
+     network 192.168.10.0 255.255.255.0
+     domain-name my.net
+     dns-server 212.18.X.X
+     default-router 192.168.10.1
+     lease 14 0
 **OSPF**
@@ Line 224: / Line 261: @@
    log-adjacency-changes
+== ACL renumbering ==
+Router(config)#ip access-list resequence MyACL 10 10\\
+== vlan up/interface down ==
+no autostate
+no keepalive
+== Wireless ==
+  dot11 ssid TEST1
+  mbssid guest-mode
+  dot11 ssid TEST2
+  mbssid guest-mode
+Then you have to enable mbssid globally on your radio-interface:
+  interface Dot11Radio0
+  mbssid
+  ssid TEST1
+  ssid TEST2
+  interface Dot11Radio1
+  mbssid
+  ssid TEST1
+  ssid TEST2
+== Cisco bash policer script ==
+<code bash>
+#!/bin/bash
+# tnt.aufbix.org
+#cir=$(($1*1024*1024))
+cir=$(($1*1024*1000))
+nburst=$(($cir*3/16))
+eburst=$(($nburst*2))
+echo "policy-map $1M"
+echo "class class-default"
+echo "police cir $cir bc $nburst be $eburst conform-action set-dscp-transmit default exceed-action drop  violate-action drop"
+</code>