[[cisco]]
Trace:
Show page
AdminRecent ChangesSitemap

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
cisco [2006/01/30 22:56]
193.77.104.168 		cisco [2015/05/21 15:01] (current)
zagi [Cisco config tips]
Line 1: Line 1:
 +====== Cisco stuff on need to know bases ======
 +
 +see also: **[[cisco:bgp|Cisco BGP stuff]]**, **[[networking]]**, **[[http://www.cymru.com/Documents/secure-ios-template.html|Secure IOS Template]]**
 +
 +
 +
 +==== Related documents ====
 +[[http://www.netconfigs.com/tools/bgp.htm]]\\
 [[http://www.cisco.com/warp/public/459/bgp-toc.html]]\\ [[http://www.cisco.com/warp/public/459/bgp-toc.html]]\\
 [[http://www.caida.org/tools/measurement/cflowd/]]\\  [[http://www.caida.org/tools/measurement/cflowd/]]\\ 
Line 6: Line 14:
 Cisco pppoe [[http://www.dslreports.com/faq/8199]]\\ Cisco pppoe [[http://www.dslreports.com/faq/8199]]\\
 Password recovery[[http://www.cisco.com/warp/public/474/]]\\ Password recovery[[http://www.cisco.com/warp/public/474/]]\\
 +[[http://phx-cisco-users.org/index.php|Phoenix Cisco User Group (PCUG)]] Cisco tips [[http://www.ciscoblog.com/docstore/PCUGTips.pdf|presentation]] (local mirror:{{pcugtips.pdf|Cisco tips}})
 +
 +==== Password reset and configuration reset ====
  
   - Press Break on the terminal keyboard within 60 seconds of the power-up to put the router into ROMMON.   - Press Break on the terminal keyboard within 60 seconds of the power-up to put the router into ROMMON.
Line 44: Line 55:
   login   login
   password xxx   password xxx
 +  
 +  
 +=== Corrupt/missing IOS image ===
 +
 +   * set BAUD 115200
 +   * upload vix Xmodem
 +
 +==== Cisco security tips ====
 +**Disable:**
 +
 +    * BOOTP server
 +    * Cisco Discovery Protocol (CDP)
 +    * HTTP Configuration and Monitoring
 +    * Domain Name System (DNS)
 +    * Packet Assembler / Disassembler (PAD)
 +    * Internet Control Message Protocol (ICMP) Redirects
 +    * IP Source Routing
 +    * Finger Service
 +    * Proxy ARP
 +    * IP Directed Broadcast
 +
 +==== Cisco config tips ====
 +
 +** Cisco PIX ***
 +  no fixup protocol smtp 25
  
-General security template:+**General security template:**
  
   no service finger   no service finger
Line 76: Line 112:
   service tcp-keepalives-in   service tcp-keepalives-in
   service tcp-keepalives-out   service tcp-keepalives-out
- 
-  ! Set time for UK 
-  clock timezone GMT 0 
-  clock summer-time BST recurring 
  
   ! Do not allow packet to specify their own route   ! Do not allow packet to specify their own route
Line 87: Line 119:
   ip cef   ip cef
  
-NTP+**NTP** (see also: [[http://www.nil.com/ipcorner/SecTimeManagement/]]) 
 +  clock timezone CET 1 
 +  clock summer-time CEST recurring last Sun Mar 2:00 last Sun Oct 3:00
   !ntp source Loopback0   !ntp source Loopback0
   !ntp master   !ntp master
Line 94: Line 128:
   !ntp broadcast   !ntp broadcast
  
-SNMP+**SNMP**
   snmp-server community NotTelling RO 1   snmp-server community NotTelling RO 1
   snmp-server location Somewhere   snmp-server location Somewhere
Line 101: Line 135:
   snmp-server host 220.144.159.130 SecretToo   snmp-server host 220.144.159.130 SecretToo
  
-DNS+**DNS**
   no ip domain-lookup   no ip domain-lookup
   ip domain-list domain.org   ip domain-list domain.org
Line 132: Line 166:
  
  
-General Interface Template: +**General Interface Template:** 
-  no ip redirect+  no ip redirects
   no ip direct broadcast   no ip direct broadcast
   no ip proxy-arp   no ip proxy-arp
   no ip unreachables   no ip unreachables
-  no ip mask-reply +  no ip mask-reply 
- +  no ip mroute-cache
    
  
  
-General Security Template:+**General Security Template:**
  
   service password-encryption   service password-encryption
Line 155: Line 189:
  
  
-HSRP+**HSRP**
  
-Router 1:+//Router 1://
   interface ethernet 0/0   interface ethernet 0/0
   description Server LAN   description Server LAN
Line 163: Line 197:
   standby 10 ip 169.223.10.254   standby 10 ip 169.223.10.254
  
-Router 2:+//Router 2://
   interface ethernet 0/0   interface ethernet 0/0
   description Service LAN   description Service LAN
Line 175: Line 209:
  
  
-BGP+**BGP**
  
   router bgp 200   router bgp 200
Line 206: Line 240:
   neighbor 145.2.2.2 remove-private-AS   neighbor 145.2.2.2 remove-private-AS
  
-OSPF+==DHCP== 
 +ip dhcp excluded-address 192.168.10.1 
 +  ip dhcp pool my.lan 
 +     network 192.168.10.0 255.255.255.0 
 +     domain-name my.net 
 +     dns-server 212.18.X.X 
 +     default-router 192.168.10.1 
 +     lease 14 0 
 + 
 +**OSPF**
  
   router ospf 100   router ospf 100
Line 218: Line 261:
    log-adjacency-changes    log-adjacency-changes
  
 +== ACL renumbering == 
 +
 +Router(config)#ip access-list resequence MyACL 10 10\\
 +
 +== vlan up/interface down ==
 +
 +no autostate
 +no keepalive
 +
 +== Wireless ==
 +  dot11 ssid TEST1
 +  mbssid guest-mode
 +
 +  dot11 ssid TEST2
 +  mbssid guest-mode
 +
 +Then you have to enable mbssid globally on your radio-interface:
 +
 +  interface Dot11Radio0
 +  mbssid
 +  ssid TEST1
 +  ssid TEST2 
 +  
 +  interface Dot11Radio1
 +  mbssid
 +  ssid TEST1
 +  ssid TEST2 
 +  
 +==== Cisco bash policer script ====
 +
 +<code bash>
 +#!/bin/bash
 +# tnt.aufbix.org
 +#cir=$(($1*1024*1024))
 +cir=$(($1*1024*1000))
 +nburst=$(($cir*3/16))
 +eburst=$(($nburst*2))
 +echo "policy-map $1M"
 +echo "class class-default"
 +echo "police cir $cir bc $nburst be $eburst conform-action set-dscp-transmit default exceed-action drop  violate-action drop"
 +
 +</code>
  
cisco.1138658172.txt.gz · Last modified: 2009/05/25 00:34 (external edit)
Show pageOld revisions
Media ManagerBack to top
CC Attribution-Share Alike 4.0 International
Driven by DokuWiki Recent changes RSS feed Valid CSS Valid XHTML 1.0 ipv6 ready