Documente Academic
Documente Profesional
Documente Cultură
* interface serial 0
- ip address 192.168.1.0 255.255.255.0
- encapsulation frame-relay
- frame-realy lmi-type cisco
Frame-Relay ARP
- no frame-relay inverse-arp
- no shutdown
Static Frame-Relay Mapping
- frame-relay map ip 192.168.1.3 403 broadcast
Frame-Relay Multipoint configuration (static)
- interface serial 0/0.100 multipoint
- ip address 192.168.1.5 255.255.255.0
- frame-relay map ip 192.168.1.4 505 broadcast
Catalyst 3550 Switching
VTP (vlan trunking protocol)
- vtp mode server
- vtp domain CCIE
- vtp mode client
- vtp mode transparent
VTP server
#
-
vlan database
vtp server
vtp domain CCIE
vtp password cisco
exit
VTP VERSION
# vlan database
- vtp v2-mode
- exit
VLAN PRUNING
# vlan database
- vtp pruning
- exit
TRUNK PORT CONFIGURATION
# interface fastethernet 0/24
- switchport trunk encapsulation isl / dot1q
- switchport mode trunk
- switchport access vlan 1
- end
# interface fastethernet 0/24
- switchport trunk encapsulation dot1q
- switchport mode trunk
- switchport access vlan 1
ETHERCHANNEL CONFIGURATION
#interface ethernet 0/24
- switchport trunk encapsulation isl
- switchport mode trunk
vlan
vlan
vlan
vlan
20
20
20
20
bridge
bridge
bridge
bridge
3550#
CONFIGURE PORT PRIORITY
****Access port configuration****
3550# configure terminal
3550(config)# interface fastethernet 0/3
3550(config-if)# spanning-tree port-priority 1
3550(config)# end
3550#
**** Trunk port configuration****
3550# configure terminal
3550(config)# interface fastethernet 0/11
3550(config-if)# spanning-tree vlan 20 port-priority 1
3550(configif)# end
3550(config)#
CONFIGURE PORTFAST
**** Access port configuration ****
3550(config)# interface fastethernet 0/3
3550(config-if)# spanning-tree portfast
3550(config-if)# end
3550#
**** trunk port configuration****
3550(config)# interface fastethernet 0/11
3550(config-if)# spanning-tree portfast trunk
3550(config-if)# end
3550#
CONFIGURE BRIDGE PACKET DATA UNIT(BPDU) GUARD
CONFIGURE EIGRP
- router eigrp 100
- network 192.168.1.0 0.0.0.255
CONFIGURE BANDWTH
- interface serial 0/0
- bandwith 20
- ip bandwith-percent eigrp 100 200
CONFIGURE ROUTE-SUMMARZATON EIGRP
- interface serial 0/0
- ip summary-address eigrp 100 192.168.0.0 0.0.0.248
configure terminal
router ospf 100
network 192.168.0.0 0.0.0.255 area 0
network 172.16.2.0 0.0.0.255 area 4
area 4 stub
Router 2
-
configure terminal
router ospf 100
network 172.16.2.0 0.0.0.255 area 4
area 4 stub
configure terminal
router ospf 100
network 172.16.2.0 0.0.0.255 area 2
area 2 stub
''Area 2 stub no-summary '' Routerlar arasnda type 3 ve type 4 bilgilerinin gitme
sini engelliyor (Type 3/4 LSA)
CONFIGURE NOT SO STUBY AREA(NSSA)
Router 1
-
configure terminal
router rip
network 10.0.0.0
router ospf 100
network 172.16.45.5 0.0.0.0 area 4
area 4 nssa
redistrubute rip subnets
Router 2
-
configure terminal
router ospf 100
network 172.16.45.4 0.0.0.0 area 4
network 172.16.14.4 0.0.0.0 area 0
area 4 nssa no-summary
'' Area 4 nssa '' Type 7 gelen bilgileri Type 5 bilgilerine cevirme ilemini gerekl
etiriyor.
'' Area 4 nssa no-redistribution '' Type 7 bilgilerinin yollanmasna izin verilmiy
or ayr ca type 4 bilgilerininde gitmesine izin verilmiyor. Type 3 yani default ro
ute
bilgileri yollanyor.
CONFIGURE OSPF DEFAULT ROUTE
-
configure terminal
router ospf 100
network 172.16.45.4 0.0.0.0 area 4
network 172.16.14.4 0.0.0.0 area 0
area 4 nssa no-summary
area 4 default-information-originate
'' Area 4 default-information-originate '' bu karsndaki ASBR dan type 3/4 bilgile
rini istemeye yarayan bir komuttur.
CONFIGURE OSPF COST OF THE DEFAULT ROUTE
- configure terminal
''area 4 default-cost 100'' area lara route lardaki oncelik verilmesi iin kullanla
n bir komut
CONFIGURATION OSPF EXTERNAL ROUTE SUMMARZATON
-configure terminal
- router ospf 100
- summary-address 192.168.0.0 255.255.0.0
BGP CONFIGURATION
-
CONFIGURATION IBGP
Router 1
- configure terminal
- router bgp 100
- neighbor 172.16.4.1 remote-as 100
Router 2
- configure terminal
- router bgp 100
- neighbor 172.16.4.2 remote-as 100
CONFIGURATION BGP ROUTER ID
- configure terminal
- router bgp 100
- bgp router-id 1.1.1.1
- configure terminal
- router bgp 100
- neighbor 172.16.31.1 route-reflector-client
CONFIGURATION FAULT TOLERANS ON BGP
Router 4
-
interface loopback 0
ip address 4.4.4.4 255.255.255.0
router bgp 100
neighbor 5.5.5.5 remote-as 100
neighbor 5.5.5.5 update-source loopback 0
neighbor 6.6.6.6 remote-as 100
neighbor 6.6.6.6 update-source loopback 0
Router 5
- interface loopback 0
- ip address 5.5.5.5 255.255.255.0
-router bgp 100
- neighbor 4.4.4.4 remote-as 100
- neighbor 4.4.4.4 update-source loopback 0
- neighbor 5.5.5.5 remote-as 100
- neighbor 5.5.5.5 update-source loopback 0
CONFIGURATION EBGP MULTIHOP
Router 4
-configure terminal
- router bgp 100
- neighbor 172.16.56.6 remote-as 200
- neighbor 172.16.56.6 ebgp-multihop
- exit
- ip route 172.16.56.0 255.255.255.0 172.16.45.5
Router 5
-
configure terminal
router bgp 200
neighbor 172.16.45.4 remote-as 100
neighbor 172.16.45.4 ebgp-multihop
exit
ip route 172.16.45.0 255.255.255.0 172.16.56.5
configure terminal
interface loopback 0
ip address 4.4.4.4 255.255.255.0
router bgp 100
neighbor 5.5.5.5 remote-as 200
neighbor 5.5.5.5 ebgp-multihop
neighbor 5.5.5.5 update-source-loopback 0
network 4.4.4.0 mask 255.255.255.0
- exit
- ip route 5.5.5.0 255.255.255.0 172.16.44.5
- ip route 5.5.5.0 255.255.255.0 172.16.45.5
Router 5
-
configure terminal
interface loopback 0
ip address 5.5.5.5 255.255.255.0
router bgp 100
neighbor 4.4.4.4 remote-as 200
neighbor 4.4.4.4 ebgp-multihop
neighbor 4.4.4.4 update-source-loopback 0
network 5.5.5.0 mask 255.255.255.0
exit
ip route 4.4.4.0 255.255.255.0 172.16.44.4
ip route 4.4.4.0 255.255.255.0 172.16.45.4
configure terminal
router bgp 100
bgp confederation identifier 200
bgp confederation peers 300
network 3.3.3.0 mask 255.255.255.0
neighbor 172.16.23.2. remote-as 400
neighbor 172.16.45.5 remote-as 100
neighbor 172.16.70.4 remote-as 100
neighbor 172.16.134.1 remote-as 500
configure terminal
router bgp 200
neighbor 172.16.23.3 route-map SETCOMMUNITY out
neighbor 172.16.23.3 send-community
exit
route-map SETCOMMUNITY permit 10 (* 10 sequence numars default 10 dur)
match ip address 2
set community no-export
exit
route-map SETCOMMUNITY permit 20
exit
access-list 2 permit 2.2.2.0
configure terminal
bgp dampening
bgp dampening half-life reuse suppress max-suppress
bgp dampening route-map route-map-name
clear ip bgp dampening [prefix-mask]
configure terminal
router bgp 300
neighbor 172.16.70.4(wan ipsi) advertise-map ADVERTISE non-exist-map NONEXIST
exit
access-list 3 permit 3.3.3.0 0.0.0.255
access-list 30 permit 30.30.30.0 0.0.0.255
route-map ADVERTISE permit
match ip address 3
exit
route-map NONEXIST permit 10
match ip address 30
-exit
CONFIGURATION BGP DISTRIBUTE LIST
-
configure terminal
access-list 1 deny 172.16.0.0 0.0.254.255
access-list 1 permit any
router bgp 100
neighbor 172.16.134.3 distiribute-list 1 out
** burda distribute list'i kendi lokalimizden dsar ckarken kullanyoruz out diyerek
configure terminal
router bgp 100
neighbor 172.16.56.6 route-map MYMAP in
exit
access-list 1 permit 60.1.1.0 0.0.0.255
access-list 2 permit 60.2.2.0 0.0.0.255
route-map MYMAP permit 10
match ip address 1
exit
route-map MYMAP permit 20
match ip address 2
exit
write
configure terminal
router bgp 100
neighbor 172.16.70.3 route-map MODMED out
exit
access-list 1 permit 1.1.1.0 0.0.0.255
access-list 1 permit 4.4.4.0 0.0.0.255
route-map MODMED permit 10
match ip address 1
set metric 1000
exit
Router 1
-
configure terminal
router bgp 100
neighbor 172.16.134.3 route-map MODMED out
exit
access-list 1 permit 4.4.4.0 0.0.0.255
route-map MODMED permit 10
match ip address 1
set metric 2000
exit
configure terminal
ip route 0.0.0.0 0.0.0.0 serial 0/0
router bgp 400
default-information originate
redistribute static
configure terminal
router bgp 100
neighbor IBGPPEERS peer-group
neighbor IBGPPEERS remote-as 100
neighbor IBGPPEERS route-map INTERNAL out
neighbor IBGPPEERS filter-list 1 out
neighbor IBGPPEERS filter-list 2 out
neighbor IBGPPEERS next-hop-self
neighbor IBGPPEERS soft-reconfiguration in
neighbor IBGPPEERS update-source loopback 0
neighbor 4.4.4.4 peer-group IBGPPEERS
neighbor 5.5.5.5 peer-group IBGPPEERS
neighbor 6.6.6.6 peer-group IBGPPEERS
neighbor 1.1.1.1 peer-group IBGPPEERS
neighbor 1.1.1.1 filter-list 3 in
CONFIGURATION REDISTRIBUTE
-
configure terminal
router rip
redistribute ospf 1 metric 1
router ospf 100
default-metric 100
router eigrp 100
default-metric 10000 100 255 1 1500
write
configure terminal
router eigrp 1
network 131.108.0.0
redistribute static
redistribute ospf 1
redistribute rip
redistribute isis
default-metric 10000 100 255 1 1500
OSPF
- configure terminal
- network 131.108.0.0 0.0.255.255 area 0
- redistribute static metric 200 subnets
redistribute
redistribute
redistribute
redistribute
RIP
-
configure terminal
router rip
network 131.108.0.0
redistribute static
redistribute igrp 1
redistribute eigrp 1
redistribute ospf 1
redistribute isis
default-metric 1
IS-IS
-
configure terminal
router isis
network 49.1234.1111.1111.1111.00
redistribute static metric 20
redistribute rip metric 20
redistribute igrp 1 metric 20
redistribute eigrp 1 metric 20
redistribute ospf 1 metric 20
CONFIGURATION SUMMARIZATION
-
configure terminal
interface serial 0/0
ip address 10.1.5.1 255.255.255.0
ip summary-address eigrp 2000 134.17.32.0 255.255.255.128
configure terminal
access-list 1 permit 10.55.55.0 0.0.0.255
route-map RIPONLY permit 10
match ip address 1
router ospf 1
redistribute rip route-map RIPONLYO
configure terminal
key chanin ka1
key 1
key-string 234
interface ethernet 0/0
ip address 172.16.70.7 255.255.255.0
ip rip authentication key-chain ka1
configure terminal
interface ethernet 2/0
ip address 172.16.70.7 255.255.255.0
ip ospf authentication-key cisco
router ospf 2
network 172.16.70.0 0.0.0.255 area 0
area 0 authentication
Router 2
-
configure terminal
interface ethernet 1/0
ip address 172.16.70.3 255.255.255.0
router ospf 2
network 172.16.70.0 0.0.0.255 area 0
area 0 authentication
configure terminal
interface ethernet 2/0
ip address 172.16.70.7 255.255.255.0
ip ospf message-digest-key 1 md5 cisco
router ospf 2
network 172.16.70.0 0.0.0.255 area 0
area 0 authentication message-digest
Router 2
-
configure terminal
interface ethernet 1/0
ip address 172.16.70.3 255.255.255.0
ip ospf message-digest-key 1 md5 cisco
router ospf 2
network 172.16.70.0 0.0.0.255 area 0
area 0 authentication message-digest
key-string
interface serial 0/2
ip address 172.16.45.4 255.255.255.0
ip rip authentication key-chain ka1
Router 2
-configure terminal
- key chain ka1
- key 1
- key-string 234
- interface serial 0/0
- ip address 172.16.45.5 255.255.255.0
- ip rip authentication key-chain ka1
configure terminal
key chain ka1
key 1
key-string 234
interface serial 0/2
ip address 172.16.45.4 255.255.255.0
ip rip authentication mode md5
ip rip authentication key-chain ka1
router rip
version 2
network 172.16.0.0
Router 2
-
configure terminal
key 1
key-string 234
interface serial 0/0
ip address 172.16.45.5 255.255.255.0
ip rip authentication mode md5
ip rip authentication key-chain ka1
router rip
version 2
network 172.16.0.0
configure terminal
interface ethernet 0/0
ip address 10.3.3.1 255.255.255.0
ip router isis
clns router isis
isis password SECr3t level-1
isis password SECr3t level-2
router isis
- network 49.1234.1111.1111.1111.00
- area-password tighter
- domain-password seCurity
Router 2
-
configure terminal
interface ethernet 0/0
ip address 10.3.3.2 255.255.255.0
ip router isis
clns router isis
isis password SECr3t level-1
isis password SECr3t level-2
router isis
network 49.1234.2222.2222.2222.00
area-password tighter
domain-password seCurity
configure terminal
interface ethernet 0/0
ip authentication mode eigrp 1 md5
ip authentication key-chain eigrp 1 thekey
key chain thekey
key 1
key-string 0987654321
accept-lifetime infinite
send-lifetime 04:00:00 dec 4 2008 infinite
Router 2
-
configure terminal
interface ethernet 0/0
ip authentication mode eigrp 1 md5
ip authentication key-chain eigrp 1 thekey
key chain thekey
key 1
key-string 0987654321
accept-lifetime infinite
send-lifetime 04:00:00 dec 4 2008 infinite
configure terminal
interface ethernet 0/0
ip address 172.16.10.1 255.255.255.0
no ip redirects
ip pim sparse-mode
ip cgmp
configure terminal
ntp master
int ethernet 0/0
ntp broadcast
configure terminal
ntp master
interface ethernet 0/1
ntp broadcast
configure terminal
ntp authentication
ntp authentication-key 10 md5 ticktock
ntp trustep-key 10
ntp update-calendar
ntp peer 172.16.70.7
Router 2
-
configure terminal
ntp authentication
ntp authentication-key 10 md5 ticktock
ntp trusted-key 10
ntp update-calendar
ntp peer 172.16.70.3
configure terminal
clock timezone PST -8
clock summer-time PDT recurring
ntp update-calendar
ntp server 172.16.70.3
ntp server 172.16.70.7
interface ethernet 0/1
ntp broadcast
exit
configure terminal
ip nat inside source static 10.55.55.100 172.16.55.100
interface ethernet 0/0
ip address 10.55.55.5 255.255.255.0
ip nat inside
interface serial 0/0
ip address 172.15.56.5 255.255.255.0
ip nat outside
configure terminal
interface fastethernet 1/1.10
encapsulation isl 10
ip address 172.16.10.2 255.255.255.0
standby 1 ip 172.16.10.110
standby priority 105
standby 1 preempt
interface fastethernet 1/1.20
encapsulation isl 20
ip address 172.16.20.2 255.255.255.0
standby 2 ip 172.16.20.120
standby 2 priority 50
Router 2
-
configure terminal
interface fastethernet 1/1.10
encapsulation isl 10
ip address 172.16.10.3 255.255.255.0
standby 1 ip 172.16.10.110
standby priority 50
interface fastethernet 1/1.20
encapsulation isl 20
ip address 172.16.20.3 255.255.255.0
standby 2 ip 172.16.20.120
standby 2 priority 105
standby 2 preempt
- preempt komutu : aktive routern down olup yeniden aktive olmasna salayan komut
- priority : celiklendirme iin kullanlan deer
configure terminal
interface ethernet 0/0
standby 70 authentication word
exit
configure terminal
time-range no-http
periodic weekdays 8:00 to 18:00
time-range udp-yes
periodic weekend 12:00 to 20:00
ip access-list extended strict
deny tcp any any eq http time-range no-http
permit udp any any time-range udp-yes
interface ethernet 0/0
ip access-group strict in
configure terminal
access-list 100 permit tcp any host 152.16.66.2 eq telnet
access-list 100 dynamic LOCKANDKEY timeout 10 permit tcp any any
username it-user password cisco
interface fastethernet 0/0
ip access-group 100 in
exit
line vty 0 4
login local
autocommand access-enable host timeout 5
CONFIGURATION IPSEC
-
configure terminal
crypto isakmp policy 1
hash md5
authentication pre-shared
encryption 3des
group 2
exit
crypto isakmp key ciscoCCIE address 172.16.134.4 255.255.255.0
crypto ipsec transform-set TSET esp-3des ah-md5-hmac
mode tunnel
exit
access-list 100 permit ip host 172.16.134.3 host 172.16.134.4
crypto map MYMAP ipsec-isakmp
set peer 172.16.134.4
set transform-set TSET
match address 101
exit
interface serial 0/0
crypto map MYMAP
configure terminal
dial-peer voice 1 pots
destination-pattern 7777
port 1/0/0
configure terminal
dial-peer voice 2 voip
destination-pattern 7777
session target ipv4: 172.16.14.1
configure terminal
dial-peer voice 1 pots
destination-pattern 4000
port 1/0/0
dial-peer voice 2 voip
destination-pattern 7777
session target ipv4: 172.16.14.1
Router 2
-
configure terminal
dial-peer voice 4 pots
destination-pattern 7777
port 1/0/1
dial-peer voice 3 voip
- destination-pattern 4000
- session target ipv4: 172.16.14.4
CONFIGURATION PRIVATE LINE AUTO RINGDOWN
Router 1
-
configure terminal
connection plar 5600
exit
dial-peer voice 1 voip
destination-pattern 5...
session target ipv4: 172.16.14.1
Router 2
-
configure terminal
dial-peer voice 1 pots
destination-pattern 5600
port 1/1
configure terminal
access-list 101 permit udp any any range 16384 32768
access-list 101 permit tcp any any eq 1720
priority-list 1 protocol ip high list 101
priority-list 1 default medium
interface serial 0/0
priority-group 1