[[cisco]]
Trace:
Show page
AdminRecent ChangesSitemap

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
cisco [2006/05/28 22:42]
a 		cisco [2015/05/21 15:01] (current)
zagi [Cisco config tips]
Line 1: Line 1:
 ====== Cisco stuff on need to know bases ====== ====== Cisco stuff on need to know bases ======
  
-see also: **[[cisco:bgp|Cisco BGP stuff]]**, **[[networking]]**+see also: **[[cisco:bgp|Cisco BGP stuff]]**, **[[networking]]**, **[[http://www.cymru.com/Documents/secure-ios-template.html|Secure IOS Template]]** 
 + 
  
 ==== Related documents ==== ==== Related documents ====
Line 12: Line 14:
 Cisco pppoe [[http://www.dslreports.com/faq/8199]]\\ Cisco pppoe [[http://www.dslreports.com/faq/8199]]\\
 Password recovery[[http://www.cisco.com/warp/public/474/]]\\ Password recovery[[http://www.cisco.com/warp/public/474/]]\\
 +[[http://phx-cisco-users.org/index.php|Phoenix Cisco User Group (PCUG)]] Cisco tips [[http://www.ciscoblog.com/docstore/PCUGTips.pdf|presentation]] (local mirror:{{pcugtips.pdf|Cisco tips}})
  
 ==== Password reset and configuration reset ==== ==== Password reset and configuration reset ====
Line 52: Line 55:
   login   login
   password xxx   password xxx
 +  
 +  
 +=== Corrupt/missing IOS image ===
 +
 +   * set BAUD 115200
 +   * upload vix Xmodem
 +
 +==== Cisco security tips ====
 +**Disable:**
 +
 +    * BOOTP server
 +    * Cisco Discovery Protocol (CDP)
 +    * HTTP Configuration and Monitoring
 +    * Domain Name System (DNS)
 +    * Packet Assembler / Disassembler (PAD)
 +    * Internet Control Message Protocol (ICMP) Redirects
 +    * IP Source Routing
 +    * Finger Service
 +    * Proxy ARP
 +    * IP Directed Broadcast
 +
 +==== Cisco config tips ====
  
-==== Cisco tips ====+** Cisco PIX *** 
 +  no fixup protocol smtp 25
  
 **General security template:** **General security template:**
Line 93: Line 119:
   ip cef   ip cef
  
-**NTP**+**NTP** (see also: [[http://www.nil.com/ipcorner/SecTimeManagement/]])
   clock timezone CET 1   clock timezone CET 1
   clock summer-time CEST recurring last Sun Mar 2:00 last Sun Oct 3:00   clock summer-time CEST recurring last Sun Mar 2:00 last Sun Oct 3:00
Line 213: Line 239:
   router bgp 109   router bgp 109
   neighbor 145.2.2.2 remove-private-AS   neighbor 145.2.2.2 remove-private-AS
 +
 +==DHCP==
 +ip dhcp excluded-address 192.168.10.1
 +  ip dhcp pool my.lan
 +     network 192.168.10.0 255.255.255.0
 +     domain-name my.net
 +     dns-server 212.18.X.X
 +     default-router 192.168.10.1
 +     lease 14 0
  
 **OSPF** **OSPF**
Line 225: Line 260:
    passive-interface Loopback0    passive-interface Loopback0
    log-adjacency-changes    log-adjacency-changes
 +
 +== ACL renumbering == 
 +
 +Router(config)#ip access-list resequence MyACL 10 10\\
 +
 +== vlan up/interface down ==
 +
 +no autostate
 +no keepalive
 +
 +== Wireless ==
 +  dot11 ssid TEST1
 +  mbssid guest-mode
 +
 +  dot11 ssid TEST2
 +  mbssid guest-mode
 +
 +Then you have to enable mbssid globally on your radio-interface:
 +
 +  interface Dot11Radio0
 +  mbssid
 +  ssid TEST1
 +  ssid TEST2 
 +  
 +  interface Dot11Radio1
 +  mbssid
 +  ssid TEST1
 +  ssid TEST2 
 +  
 +==== Cisco bash policer script ====
 +
 +<code bash>
 +#!/bin/bash
 +# tnt.aufbix.org
 +#cir=$(($1*1024*1024))
 +cir=$(($1*1024*1000))
 +nburst=$(($cir*3/16))
 +eburst=$(($nburst*2))
 +echo "policy-map $1M"
 +echo "class class-default"
 +echo "police cir $cir bc $nburst be $eburst conform-action set-dscp-transmit default exceed-action drop  violate-action drop"
 +
 +</code>
 +
cisco.1148848962.txt.gz · Last modified: 2009/05/25 00:34 (external edit)
Show pageOld revisions
Media ManagerBack to top
CC Attribution-Share Alike 4.0 International
Driven by DokuWiki Recent changes RSS feed Valid CSS Valid XHTML 1.0 ipv6 ready