[[cisco]]
Trace:
Show page
AdminRecent ChangesSitemap

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
cisco [2006/01/31 13:45]
212.18.42.18 		cisco [2015/05/21 15:01] (current)
zagi [Cisco config tips]
Line 1: Line 1:
 ====== Cisco stuff on need to know bases ====== ====== Cisco stuff on need to know bases ======
  
-==== Related documents ====+see also: **[[cisco:bgp|Cisco BGP stuff]]**, **[[networking]]**, **[[http://www.cymru.com/Documents/secure-ios-template.html|Secure IOS Template]]**
  
 +
 +
 +==== Related documents ====
 +[[http://www.netconfigs.com/tools/bgp.htm]]\\
 [[http://www.cisco.com/warp/public/459/bgp-toc.html]]\\ [[http://www.cisco.com/warp/public/459/bgp-toc.html]]\\
 [[http://www.caida.org/tools/measurement/cflowd/]]\\  [[http://www.caida.org/tools/measurement/cflowd/]]\\ 
Line 10: Line 14:
 Cisco pppoe [[http://www.dslreports.com/faq/8199]]\\ Cisco pppoe [[http://www.dslreports.com/faq/8199]]\\
 Password recovery[[http://www.cisco.com/warp/public/474/]]\\ Password recovery[[http://www.cisco.com/warp/public/474/]]\\
 +[[http://phx-cisco-users.org/index.php|Phoenix Cisco User Group (PCUG)]] Cisco tips [[http://www.ciscoblog.com/docstore/PCUGTips.pdf|presentation]] (local mirror:{{pcugtips.pdf|Cisco tips}})
  
 ==== Password reset and configuration reset ==== ==== Password reset and configuration reset ====
Line 50: Line 55:
   login   login
   password xxx   password xxx
 +  
 +  
 +=== Corrupt/missing IOS image ===
 +
 +   * set BAUD 115200
 +   * upload vix Xmodem
 +
 +==== Cisco security tips ====
 +**Disable:**
 +
 +    * BOOTP server
 +    * Cisco Discovery Protocol (CDP)
 +    * HTTP Configuration and Monitoring
 +    * Domain Name System (DNS)
 +    * Packet Assembler / Disassembler (PAD)
 +    * Internet Control Message Protocol (ICMP) Redirects
 +    * IP Source Routing
 +    * Finger Service
 +    * Proxy ARP
 +    * IP Directed Broadcast
 +
 +==== Cisco config tips ====
  
-==== Cisco tips ====+** Cisco PIX *** 
 +  no fixup protocol smtp 25
  
 **General security template:** **General security template:**
Line 91: Line 119:
   ip cef   ip cef
  
-**NTP**+**NTP** (see also: [[http://www.nil.com/ipcorner/SecTimeManagement/]])
   clock timezone CET 1   clock timezone CET 1
   clock summer-time CEST recurring last Sun Mar 2:00 last Sun Oct 3:00   clock summer-time CEST recurring last Sun Mar 2:00 last Sun Oct 3:00
Line 211: Line 239:
   router bgp 109   router bgp 109
   neighbor 145.2.2.2 remove-private-AS   neighbor 145.2.2.2 remove-private-AS
 +
 +==DHCP==
 +ip dhcp excluded-address 192.168.10.1
 +  ip dhcp pool my.lan
 +     network 192.168.10.0 255.255.255.0
 +     domain-name my.net
 +     dns-server 212.18.X.X
 +     default-router 192.168.10.1
 +     lease 14 0
  
 **OSPF** **OSPF**
Line 224: Line 261:
    log-adjacency-changes    log-adjacency-changes
  
 +== ACL renumbering == 
 +
 +Router(config)#ip access-list resequence MyACL 10 10\\
 +
 +== vlan up/interface down ==
 +
 +no autostate
 +no keepalive
 +
 +== Wireless ==
 +  dot11 ssid TEST1
 +  mbssid guest-mode
 +
 +  dot11 ssid TEST2
 +  mbssid guest-mode
 +
 +Then you have to enable mbssid globally on your radio-interface:
 +
 +  interface Dot11Radio0
 +  mbssid
 +  ssid TEST1
 +  ssid TEST2 
 +  
 +  interface Dot11Radio1
 +  mbssid
 +  ssid TEST1
 +  ssid TEST2 
 +  
 +==== Cisco bash policer script ====
 +
 +<code bash>
 +#!/bin/bash
 +# tnt.aufbix.org
 +#cir=$(($1*1024*1024))
 +cir=$(($1*1024*1000))
 +nburst=$(($cir*3/16))
 +eburst=$(($nburst*2))
 +echo "policy-map $1M"
 +echo "class class-default"
 +echo "police cir $cir bc $nburst be $eburst conform-action set-dscp-transmit default exceed-action drop  violate-action drop"
 +
 +</code>
  
cisco.1138711555.txt.gz · Last modified: 2009/05/25 00:34 (external edit)
Show pageOld revisions
Media ManagerBack to top
CC Attribution-Share Alike 4.0 International
Driven by DokuWiki Recent changes RSS feed Valid CSS Valid XHTML 1.0 ipv6 ready