Escolar Documentos
Profissional Documentos
Cultura Documentos
config t
hostname R4
enable secret pass
no ip domain-lookup
no logging console
no service config
alias exec bp show ip int brief | ex una
alias exec sr show ip route
alias exec cn show cdp nei
alias exec sp show ip protocols
line console 0
no login
exec-timeout 0 0
line vty 0 14
no login
exec-timeout 0 0
no ip domain-lookup
no logging console
int fa 1/0
ip add 43.0.0.4 255.0.0.0
no shut
int fa 1/1
ip add 41.0.0.4 255.0.0.0
no shut
***
R3:
config t
hostname R3
enable secret pass
no ip domain-lookup
no logging console
no service config
alias exec bp show ip int brief | ex una
alias exec sr show ip route
alias exec cn show cdp nei
alias exec sp show ip protocols
line console 0
no login
exec-timeout 0 0
line vty 0 14
no login
exec-timeout 0 0
no ip domain-lookup
no logging console
int fa 1/0
ip add 43.0.0.3 255.0.0.0
no shut
int fa 1/1
ip add 31.0.0.3 255.0.0.0
no shut
***
R1:
config t
hostname R1
enable secret pass
no ip domain-lookup
no logging console
no service config
alias exec bp show ip int brief | ex una
alias exec sr show ip route
alias exec cn show cdp nei
alias exec sp show ip protocols
line console 0
no login
exec-timeout 0 0
line vty 0 14
no login
exec-timeout 0 0
no ip domain-lookup
no logging console
int fa 1/0
ip add 41.0.0.1 255.0.0.0
no shut
int fa 1/1
ip add 31.0.0.1 255.0.0.0
no shut
int fa 2/0
ip add 12.0.0.1 255.0.0.0
no shut
***
R2:
config t
hostname r2
enable secret pass
no ip domain-lookup
no logging console
no service config
alias exec bp show ip int brief | ex una
alias exec sr show ip route
alias exec cn show cdp nei
alias exec sp show ip protocols
line console 0
no login
exec-timeout 0 0
line vty 0 14
no login
exec-timeout 0 0
no ip domain-lookup
no logging console
ip route 0.0.0.0 0.0.0.0 12.0.0.1
int fa 1/0
ip add 12.0.0.2 255.0.0.0
no shut
*******
R4:
ip route 0.0.0.0 0.0.0.0 41.0.0.1
R3:
ip route 0.0.0.0 0.0.0.0 31.0.0.1
*******this is it**************************
nat on R1:
config t
int fa 1/0
ip nat outside
int fa 1/1
ip nat outside
int fa 2/0
ip nat inside
ip policy route-map PBR
exit
!
ip sla 1
icmp-echo 41.0.0.4
timeout 500
frequency 1
ip sla schedule 1 life forever start-time now
!
ip sla 2
icmp-echo 31.0.0.3
timeout 500
frequency 1
ip sla schedule 2 life forever start-time now
!
track 10 rtr 1 reachability
delay down 1 up 1
!
track 20 rtr 2 reachability
delay down 1 up 1
!
ip route 0.0.0.0 0.0.0.0 41.0.0.4 11 track 10
ip route 0.0.0.0 0.0.0.0 31.0.0.3 22 track 20
!
access-list 10 permit 12.0.0.0 0.0.0.255
access-list 20 permit 12.0.0.0 0.0.0.255
!
access-list 110 permit ip any any
access-list 120 permit ip any any
!
!
ip nat inside source route-map ISPR4 interface fastethernet 1/0 overload
ip nat inside source route-map ISPR3 interface fastethernet 1/1 overload
!
route-map PBR permit 10
match ip address 110
set ip next-hop verify-availability 41.0.0.4 1 track 10
exit
route-map PBR permit 20
match ip address 120
set ip next-hop verify-availability 31.0.0.3 2 track 20
exit
route-map ISPR4 permit 10
match ip address 10
match interface fastethernet 1/0
route-map ISPR3 permit 10
match ip address 20
match interface fastethernet 1/1
exit
*************GNS3: ************************
conf t
hostname CUCM
enable secret pass
no logging console
no ip domain-lookup
line con 0
no login
exec-timeout 0 0
line vty 0 14
no login
exec-timeout 0 0
int gi0/0
no shut
ip add 192.168.M.254 255.255.255.0
do ping 192.168.M.1
do ping 192.168.M.5X <-- phone!
CONFIGURING IP TELEPHONY:
config t
no telephony-service
telephony-service
no auto-reg-ephone
no auto assign
max-ephone 8
max-dn 8
ip source-address 192.168.M.254
create cnf-files
ephone-dn 1
number M01
exit
ephone 1
mac-address ____.____.____
type 6941
button 1:1
restart
exit
VOICE ROUTING:
config t
voice service voip
ip address trusted list
ipv4 0.0.0.0 0.0.0.0
you suspect your gf is sop to the internet, you want to monitor her fa 0/3 (tx/rx)
packets
and send the Re-routed packets to your Fa 0/1 so that Wireshark can catch her sop
talk.
Router#192.168.m.2
D1>enable
config t
Monitor session 1 source interface fa 0/3 Both
monitor session 1 destination interface fa 0/1
end
IF you are on a Different Switch somewhere, you can still monitor someone as long
as you know which he belongs:
Bantay: Core (this only works if you have trunk!)
CORE:
config t
vtp domain rivan
vtp password pass
int range fa 0/21-22
swi trunk enc dot1Q
swi mode trunk
vlan 69
name tagahuli
remote-span
no monitor session 1
monitor session 1 source vlan 69
monitor session 1 destination interface fa 0/1
------------------------------------------------------------------------
Dist:
config t
default int fa 0/24
do ping d1
do wr
CORE:
config t
ip host c1 126.m.0.1
ip host d1 126.m.0.2
default int fa 0/24
int fa 0/23
no shut
no switchport
ip add 126.m.0.1 255.255.0.0
do ping 126.m.0.1
do ping c1
show sessions
config t
ip cef
mpls ldp router-id lo0 force
mpls ip
int fa 1/0
mpls ip
mpls label protocol ldp
mpls mtu 1512
VRF CONFIGURATION:
config t
ip vrf clientBDOa
route-target 64999:1
rd 999:1
On Core Switch
Task 3: Voip Switching with RMON
CORE SWITCH
configure the default Management VLAN
conf t
int vlan 1
ip add 192.168.M.1 255.255.255.0
no shut
do ping 192.168.M.1
DISTRO SWITCH
conf t
int vlan 1
ip add 192.168.M.2 255.255.255.0
no shut
do ping 192.168.M.2
Step3:
config t
vlan 5
private-vlan primary
private-vlan association 501,502
exit
Step4:
config t
int fa0/3
swi mode private-vlan host
swi private-vlan host-asso 5 502
!IP phone will be Isolated
int fa0/1
swi mode private-vlan host
swi private-vlan host-asso 5 501
int fa 0/24
switchport
switchport mode private-vlan promiscuous
no switchport private-vlan mapping 2 201,202
switchport private-vlan mapping 5 501,502
end
What Happened,Private VLAN isolated your network
from the Corporate DHCP Server.(CoreM),CUCM router
must now server sa both the VoIPGW and DHCP server
for the PrivateVLAN.
CUCM:
ip dhcp pool cucm
network 192.168.m.0 255.255.255.0
default-router 192.168.m.254
option 150 ip 192.168.m.254
-----------------------------------------------------------------------
DistM
enable secret pass
ip host d1
line vty 0 14
no login
exec-timeout 0 0
config t
int fa 0/23
no switchport
ip add 126.m.0.2 255.255.0.0
do ping 126.m.0.2
hostname Create:
Dist:
config t
ip host d1 126.m.0.2
do telnet d1
exit
wr
SWITCHING OF TELCO:
WHAT ARE YOUR CHOICES:
1. FLOATING STATIC ROUTES:
2. bACKUP INTERFACE
3.
R1: WILL BE THE GATEWAY ROUTER, R2:MGA PC SA OFFICE.
R1:
CONFIG T
ip route 0.0.0.0 0.0.0.0 41.0.0.4 10
ip route 0.0.0.0 0.0.0.0 31.0.0.3 20
R1:
config t
int fa 1/0
no shut
baCKup Interface FA 1/1
bad: slow to backup, ethernet ports:
backup Interface: backup and serial interface
not ethernet, NOBODY USES SERIAL ANYMORE:
BROADBAND.
DIST:
config t
vtp domain rivan
vtp password pass
int range fa 0/21-22
swi trunk enc dot1Q
swi mode trunk
do sh vlan brief
no monitor session 1
monitor session 1 source int fa0/3 both
monitor session 1 desti Remote vlan 69
step2:
config t
vlan filter vacl1 vlan-list 5
do show vlan filter
c>telnet 10.5.0.1
c>ipconfig /release
c>ipconfig /renew
Distri:
PrivateVLAN configuration: used by small office!
step1: go to Transparent mode:
dist#confi t
vtp mode Transparent
Step2: Define the vlan and subVLANs:
config t
vlan 5
vlan 501
name pvlan501
private-vlan community
vlan 502
name pvlan502
private-vlan isolated
exit