Scribd
Upload
95 views

Networking Configuration Package: Ip Mapping

The document provides configuration steps for various networking concepts including IP mapping, access control lists (ACLs), network address translation (NAT), trunking, virtual LANs (VLANs), spanning tree protocol (STP), link aggregation, routing protocols like OSPF, EIGRP, and redundancy protocols like HSRP, VRRP, and GLBP. It also covers security configurations for MAC flooding attacks, voice VLANs, and virtual ACLs (VACLs).

Uploaded by

Ahmed Daud
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
95 views

Networking Configuration Package: Ip Mapping

The document provides configuration steps for various networking concepts including IP mapping, access control lists (ACLs), network address translation (NAT), trunking, virtual LANs (VLANs), spanning tree protocol (STP), link aggregation, routing protocols like OSPF, EIGRP, and redundancy protocols like HSRP, VRRP, and GLBP. It also covers security configurations for MAC flooding attacks, voice VLANs, and virtual ACLs (VACLs).

Uploaded by

Ahmed Daud
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 21

NETWORKING

CONFIGURATION PACKAGE
IP MAPPING
R1(config)#ip host HR 1.1.1.1
(HR name will be assign to IP address)

ACL
Standard
R1(config)#access-list 2 permit /deny 200.100.50.0

Extended
R1(config)#access-list 2 deny/permit tcp 200.100.50.5 0.0.0.0
200.100.100.100 0.0.0.0 eq telnet /port num

STATIC NAT
Static
R1(config)#ip nat inside source static 192.168.1.1 1.1.1.2
APPLY
R1(config)#int fa0/0
R1(config)#ip nat inside
R1(config)#exit

DYNAMIC NAT
Make access list first then configure NAT

(access list 10)

R1(config)#ip nat pool corvit 1.1.1.1 1.1.1.3 netmask 255.0.0.0


R1(config)#ip nat inside source list 10 pool corvit (1)
APPLY
R1(config)#int fa0/0
R1(config)#ip nat inside
R1(config)#ex

PAT
It is very similar to dynamic NAT the difference is that :in configuring dynamic nat
we type OVERLOAD in eq 1 shown above.
Applying method remain same as dynamic nat..

LAYER 2 SWITCHING CONFIGURATION


SW(CONFIG)#ip routing (to make layer 2 switch use as layer 3 switch MLS)
SW(CONFIG)#no switchport (this command is given to make switchport routed
port)

TRUNK FORMATION
SW(CONFIG)#INT FA0/1
SW(CONFIG)#SWITCHPORT TRUNK ENCAPSULATION DOT1Q/ISL/NEGOTIABLE
SW(CONFIG)#SWITCHPORT MODE ACCESS/TRUNK

STATIC TRUNK

SW(CONFIG)#INT FA0/1
SW(CONFIG)#SWITCHPORT TRUNK ENCAPSULATION DOT1Q
SW(CONFIG)#SWITCHPORT MODE TRUNK
SW(CONFIG)#SWITCHPORT NONEGOTIATE( TO DISABLE DTP)
To reverse the static trunk the command is
SW(CONFIG)#no switchport nonegotiate

VTP PRUNNING
SW(CONFIG)#int fa0/1
SW(CONFIG)#switchport trunk prunning vlan 10,20
To add more vlan in existing
SW(CONFIG)#switchport trunk prunning vlan add/delete

PRIVATE VLAN
SW(CONFIG)#vtp mode transparent
SW(CONFIG)#vlan 100
SW(CONFIG)#private- vlan primary
SW(CONFIG)#ex
SW(CONFIG)#vlan 101
SW(CONFIG)#private- vlan community
SW(CONFIG)#ex
SW(CONFIG)#vlan 102

SW(CONFIG)#private vlan isolated


SW(CONFIG)#ex
SW(CONFIG)#vlan 100
SW(CONFIG)#private-vlan association 100-102
SW(CONFIG)#ex
SW(CONFIG)#int fa0/5,7
SW(CONFIG)#switchport mode private-vlan host
SW(CONFIG)#switchport private-vlan host-association 100
SW(CONFIG)#switchport private-vlan host-association 100 101
FOR PROMISCOUS PORT
SW(CONFIG)#INT FA0/15-19
SW(CONFIG)#switchport mode private-vlan promiscuous
SW(CONFIG)#switchport private vlan mapping 100 (primary) 101102(secondary)
SW(CONFIG)#ex

SWITCH VIRTUAL INTERFACE


SW(CONFIG)#interface vlan (number)
SW(CONFIG)#ip add .
SW(CONFIG)#ex

LAYER 2 REDUNDANCY CONFIGURATION

PVST
SENDER SIDE
SW(CONFIG)#int fa0/1
SW(CONFIG)#spanning tree vlan 10,20 port id/port priority
RECEIVER SIDE
SW(CONFIG)#int fa0/1
SW(CONFIG)#spanning tree vlan 10,20 cost ?

STP STABILITY
STP PORT FAST
1. BPDU GUARD
2. BPDU FILTER
(they are used for access ports )
SW(CONFIG)#int fa0/1
SW(CONFIG)#spanning tree portfast
SW(CONFIG)#spanning tree bpduguard enable
(to disable manulally error disable state)
SW(CONFIG)#shutdown
SW(CONFIG)#no shutdown
(using timer)
SW(CONFIG)#errdisable rec cause bpduguard

SW(CONFIG)# errdisable recovery interval time ?

BPDU FILTER
SW(CONFIG)#int fa0/12
SW(CONFIG)#spanning tree bpdufilter enable
SW(CONFIG)#exit

ROOT GUARD
(IT IS USED FOR THE SAFETY OF ROOT BRIDGE APPLY ON TRUNK LINK)
SW(CONFIG)#int fa0/2
SW(CONFIG)#spanning tree root quard
SW(CONFIG)#ex

STP CONVERGENCE TIME


1.UPLINK FAST (DETECT DIRECT LINK FAILURE)
2.BACKBONE FAST (DETECT THE INDIRECT LINK FAILURE)

SW(CONFIG)#spanning-tree uplinkfast
SW(CONFIG)#spanning-tree backbone fast

LOGICAL LINK AGGREGATION


PAGP(cisco)
SW(CONFIG)#int fa0/1-4

SW(CONFIG)#channel-group 1 mode desirable


SW(CONFIG)#int fa 0/1-4
SW(CONFIG)#channel-group 1 mode auto
LACP(IEEE)
SW(CONFIG)#int fa0/5-6
SW(CONFIG)#channel-group 2 mode active
SW(CONFIG)#int fa0/5-6
SW(CONFIG)#channel-group 2 mode passive
SW(CONFIG)#int port channel 2
SW(CONFIG)#spannig-tree vlan 1 cost ?

LAYER 3 REDUNDANCY CONFIGURATION


FHRP(FIRST HOPE REDUNDANCY PROTOCOL)
1.HSRP(HOT STANDBY ROUTING PROTOCOL)
R1(CONFIG)#int fa0/1
R1(CONFIG)#standby (group no) priority (num)
R1(CONFIG)#standby (group no) ip (getaway for group)
R1(CONFIG)#do sh standby bri (info in table )
R1(CONFIG)#do sh standby (info in paragraph)
HSRP TRACKING
R1(config)#int fa0/1

R1(config)#standby 1 preempt
R1(config)#int fa0/1
R1(config)#standby 1 track serial 2/0 60
R1(config)#ex

OSPF CONFIGURATION METHODS


1.PER NETWORK/PER SUBNET
R1(config)#ROUTER OSPF 1
R1(config)#network 1.0.0.0 0.255.255.255 area 0

2.PER INTERFACE
1.per ip address
R1(config)#router ospf 1
R1(config)#net 22.22.22.22 0.0.0.0 area 0
2.direct configuration on interface
R1(config)#int s2/0
R1(config)#ip ospf 1 area 0

3.PER PLATFORM (GLOBALLY ENABLE)


R1(config)#router ospf 1
R1(config)#network 0.0.0.0 255.255.255.255 area 0
R1(config)#ex

2.VRRP(VIRTUAL ROUTER REDUNDANCY PROTOCOL)

R1(config)#int fa0/0
R1(config)#vrrp 1 priority ?
R1(config)#vrrp 1 ip (ip address)
R1(config)#end
VRRP TRACKING
In it we have object tracking implement like ACL.while in HSRP there is interface
and object tracking.for tracking, election is done on priority not by virtual ip
address criteria
R1(config)#track 1 interface s2/0 ip routing
Or
R1(config)#track 1 interface s2/0 line-protocol
R1(config)#end
R1(config)#vrrp 1 track 1 ?
R1(config)#vrrp 1 track 1 dec 100 (example)

3.GLBP(GETAWAY LOAD BALANCING PROTOCOL)


it is an advance form of hsrp..in it we use object tracking.
R1(config)#int fa0/0
R1(config)#glbp 1 prioritity (num)
R1(config)#glbp 1 ip (ip address)
R1(config)#end
GLBP TRACKING
R1(config)#track 1 int s2/0 line-protocol

R1(config)#end
R1(config)#int fa0/0
R1(config)#glbp 1 weighting track 1 dec 20
R1(config)#glbp 1 weighting 110 lower 95 upper 105 (example)
GLBP AUTHENTICATION
R1(config)#int fa0/0
R1(config)#glbp 1 authentication ?
R1(config)#end
REDISTRIBUTION (EXTERNAL ROUTES TO OSPF)
R1(config)#router ospf 1
R1(config)#redistribution static subnets metric-type 1 (configure metric type E2
or E1)
R1(config)#redistributre static subnets metric-type 1 metric (num)
(configure seed metric )
ALLOWED VLAN CONCEPT
R1(config)#int fa0/1-2
R1(config)#switchport trunk allowed vlan 1,10,20
R1(config)# switchport trunk allowed add vlan ?
vlans shown in above command)

POLICY BASED ROUTING


After making ACL

(to add vlan in existing

1.ROUTE MAP

R1(config)#route-map (name) permit/deny (num)


R1(config)#match ip address (ACL)
R1(config)#set clauses
(Similarly more sequences is made according to requirement)
APPLICATION
R1(config)#router ospf 1
R1(config)#redistribute static subnets route-map (name) (example)
R1(config)#end

SECURITY
MAC FLOODING ATTACK
SW(CONFIG)#int fa 0/5
SW(CONFIG)#switchport mode access (mode should be access )
SW(CONFIG)#switchport port-security max ?
SW(CONFIG)#switchport port-security mac address ?
Sticky or static
SW(CONFIG)#switchport port-security violation ?

VOICE VLANS
SW(CONFIG)#vlan 10,20

SW(CONFIG)#vlan 10
SW(CONFIG)#name voice
SW(CONFIG)#vlan 20
SW(CONFIG)#name data
SW(CONFIG)#end
SW(CONFIG)#int range fa0/1-4
SW(CONFIG)#switchport host
SW(CONFIG)#switchport access vlan 20
SW(CONFIG)#switchport voice vlan 10
SW(CONFIG)#end

Virtual access control list(VACL)


(one ACL at a time apply on one interface)

SW(CONFIG)#access-list 6 permit 10.0.0.4 0.0.0.0


SW(CONFIG)#vlan access-map UMER 10
SW(CONFIG)#match ip add 6
SW(CONFIG)#action drop
SW(CONFIG)#vlan access-map UMER 20
SW(CONFIG)#action forward

SW(CONFIG)#ex
SW(CONFIG)#vlan filter UMER vlan-list 30,40

RSTP(RAPID SPANNING TREE PROTOCOL)


(DR and BDR selection is done in it)
SW(CONFIG)#int fa0/0
SW(CONFIG)#ip ospf priority 0 (router will not take action in bdr and
dr elction
SW(CONFIG)#ip ospf priority 200
SW(CONFIG)#ip ospf priority 100

(DR)
(BDR)

SW(CONFIG)#end
SW(CONFIG)#do debug ip ospf adj

(show the results in runtime)

REGULAR AREA CONFIGURATIONS


STUBY AREA
SW(CONFIG)#ROUTER OSFP 1
SW(CONFIG)#AREA 1 STUB
TOTALLY STUBY AREA
It is implemented on ABR only because LSA-3 is generated by it.
SW(CONFIG)#ROUTER OSPF 1
SW(CONFIG)#AREA 1 STUB NO-SUMMARY
NSSA

SW(CONFIG)#router ospf 1
SW(CONFIG)#area 1 nssa
SW(CONFIG)#area 1 nssa default ( creation of default route for NSSA)
TOTALLY NSSA
SW(CONFIG)#router ospf 1
SW(CONFIG)#area 1 nssa no-summary
SW(CONFIG)#end

OSPF ROUTE SUMMARIZATION


Manual support of summarization and LSA-5 has summarization applied on ASBR
and LSA-3 has summazrization done on ABR.in EIGRP,RIP-V2,BGP ROUTE
SUMMARIZATION IS AUTO
FOR LSA-5
SW(CONFIG)#router ospf 1
SW(CONFIG)#redistribute static subnets
SW(CONFIG)#summary-address 192.168.0.0 255.255.255.0

(example)

FOR LSA-3
SW(CONFIG)#router ospf 1
SW(CONFIG)#area 0 range 172.16.0.0 255.255.0.0
SW(CONFIG)#do sh ip rou sum

IP PREFIX LIST

(example)

It blocks /permit/deny the prefix(route).

R1(config)#ip prefix-list UMER deny 192.168.1.0/24 le 26


and equal to)

(-le=less than

R1(config)#ip prefix-list UMER permit 0.0.0.0/0 le 32


command)

(permit any

APPLY PREFIX-LIST
R1(config)#router ospf 1
R1(config)#distribute-list prefix-list UMER in
R1(config)#end
R1(config)#clear ip route * (rerfresh the routing table)

AREA FILTER APPLY ON AREA


R1(config)#ip prefix-list UMER deny 172.16.0.1/32
R1(config)#ip prefix-list UMER permit 0.0.0.0/0 le 32
R1(config)#router ospf 1
R1(config)# area 1 filter-list prefix UMER in
R1(config)#end
R1(config)#clear ip route *
R1(config)# sh ip route ospf

OSPF VIRTUAL LINK

Configure b/w two routers ,one of the routers is ABR,m there should
be common regular area b/w two routersby default virtual link is
present in area 0..configuration is dependant on router id..it connect
the regular area to backbone area
R1(config)#router ospf 1
R1(config)#area 1 virtual-link 22.22.22.22
desitnation)

(given the router id of

EIGRP ROUTE-SUMMARIZATION
RIP AND EIGRP HAVE ROUTE SUMMARIZATION IMPLEMETENT ON
INTERFACE BASIS WHILE OSPF HAVE ROUTE SUMMARIZATION DONE IN
OSPF PROCESS

R1(config)#int s2/0
R1(config)#ip sum-add eigrp 100 192.168.16.0 255.255.255.0 (e.g)
AUTHENTICATION TECHNIQUES(RIP,EIGRP,OSPF)
1.OSPF
R1(config)#INT S2/0
R1(config)#IP OSPF AUTHENTICATION MESSAGE-DIGEST
R1(config)#IP OSPF MESSAGE-DIGEST-KEY 1 MD5 CISCO
R1(config)#END
2.RIP/EIGRP

AUTHENTICATION TECHNIQUE IS SAME FOR BOTH


R1(config)#KEY CHAIN UMER
R1(config)#KEY 1
R1(config)#KEY-STRING CISCO
R1(config)#INT S2/1
R1(config)#IP AUTHENTICATION MODE EIGRP 100 MD5
R1(config)#IP AUTHENTICATION KEY-CHAIN EIGRP 100 UMER
R1(config)#END
R1(config)#DO SH KEY CHAIN

BGP(BORDER GETAWAY PROTOCOL)


R1(config)#DO SH IP BGP SUM
R1(config)#do s hip bgp

(BGP NEIGHBOUR DATABASE)

(bgp database)

R1(config)#router bgp 100


R1(config)#no auto summary
R1(config)#neighbour 1.1.1.2

remote-as 200

BGP ATTRIBUTES
1.WEIGHT
It has impact on that router on which it is configured..
R1(config)#ROUTER BGP 200

R1(config)#NEIGHBOUR 3.1.1.1 REMOTE-AS 200 WEIGHT 10


2. LOCAL PREFERENCE
It is configured on border routers and this attribute has impact on whole local
autonomous system.it is an inbound attribute.and has more preference than IBGP /E-BGP
R1(config)#router bgp 200
R1(config)#bgp default local preference ?
3. MED (multi exit discriminator)
It will be shown as metric in output ,local preference has more priority than
MED..MED is an outbound attribute.
APPLY
First we have to make ACL then route-map will be constructed after that it will
be applied on that router from which routes are coming out and enter into
other autonomous systemand metric is set for specific group of ip addresses
and different metric is set for other group of ip addresses.
For example
R1(config)#route-map R12 permit 10
R1(config)#match ip add (ACL)
R1(config)#set metric 10
R1(config)#route-map R12 permit 20
R1(config)#match ip add (ACL)
R1(config)#set metric 5
R1(config)#route-map R12 permit 30
R1(config)#router bgp 100

R1(config)#neigbour 1.1.1.1 route-map R12 out


R1(config)#end
R1(config)#clear ip bgp *
4.AS-PATH
R1(config)#route-map ASP permit 10
R1(config)#set as-path prepend 11 12 13
R1(config)#

ex

R1(config)#router bgp 200


R1(config)# neighbour 1.1.1.1 route-map ASP in
R1(config)#end
R1(config)#do clear ip bgp *
R1(config)#do sh ip bgp

I-BGP CONFIGURATION TECHNIQUE


1.FULL MESH
2.ROUTE-REFLECTOR

ROUTE REFLECTOR CONFIGURATION


CONFIGURATION FOR RR
R1(config)# router bgp 20

R1(config)#neighbour

5.9.0.3 remote-as 20

R1(config)# neighbour 5.9.0.4

R1(config)#

5.9.0.5

R1(config)#neighbour 5.9.0.3 update-source-loop 0


R1(config)#

5.9.0.4

R1(config)#

5.9.0.5

R1(config)#neigbour 5.9.0.3 route-reflector-client


R1(config)#
R1(config)#

5.9.0.4

5.9.0.5

R1(config)#ex
(same on other RR if present)
Similarly for RR clients configurations are as follows
R1(config)#neighbour bgp 20
R1(config)#neighbour 5.9.0.2 remote 20
R1(config)#neighbour 5.9.0.2 up loop 0
R1(config)#neighbour 5.9.0.3 remote 20
R1(config)#neighbour 5.9.0.3 up loop 0
Similar configuration on others RR clients..
For RR the command of next-hop-self is given..

END
(prepared by M.UMER TAHIR)

You might also like