Camino al CCIE: abril 2012

lunes, 16 de abril de 2012

BGP-01

R1
router eigrp 1
network 1.1.1.0 0.0.0.255
network 10.10.0.0 0.0.0.255
no auto-summary
router bgp 65000
no synchronization
bgp log-neighbor-changes
network 1.1.1.0 mask 255.255.255.0
neighbor 10.10.0.4 remote-as 65000
no auto-summary
R4
router eigrp 1
passive-interface FastEthernet0/1
network 4.4.4.0 0.0.0.255
network 10.10.0.0 0.0.0.255
network 172.16.0.0 0.0.0.255
no auto-summary
!
router bgp 65000
no synchronization
bgp log-neighbor-changes
network 4.4.4.0 mask 255.255.255.0
neighbor 10.10.0.1 remote-as 65000
neighbor 10.10.0.1 distribute-list 10 out
neighbor 172.16.0.6 remote-as 65010
no auto-summary
!
R6
router bgp 65010
no synchronization
bgp log-neighbor-changes
network 6.6.6.0 mask 255.255.255.0
neighbor 172.16.0.4 remote-as 65000
no auto-summary

http://youtu.be/a4QnNHgJHy0

domingo, 8 de abril de 2012

QoS - MQC

MQC es un metodo ,configurar la calidad de servicio (cabecera ip y sobre interfaces truncales 802..q) para que estos sean procesados mas rapidamente por el router

1 ) Se configura el trafico , el grupo de direccones ( se puede usar puertos )

2) Se crea la politica ( se puede cambiar la prioridad , el limite de ancho de banda,...)

3) Se aplica en la interface la politica

R1:

enable

config t

access-list 101 permit ip 10.0.10.0 0.0.0.255 20.0.10.10 0.0.0.255

class-map CM

match access-group 101

exit

polic-map PM

class CM

set dscp 5

int s2/0

service-policy out PM

lunes, 2 de abril de 2012

VPN Site to Site

VPN site to site
1.Definir ISAKMP policy
2.Definie Tansform-SET
3.Define ACL , para definir que vamos a encriptar
4.Crear crypto map , aplicar a una interface

R1
crypto isakmp policy 10
encr aes 256
authentication pre-share
group 2
!
crypto isakmp key CISCO address 2.2.2.1
!
crypto ipsec transform-set TSET esp-aes esp-sha-hmac
!
crypto map CRYPTO 10 ipsec-isakmp
set peer 2.2.2.1
set transform-set TSET
match address 101
!
interface Serial0/0
ip address 1.1.1.1 255.255.255.252
serial restart-delay 0
crypto map CRYPTO
!
　
R3
crypto isakmp policy 10
encr aes 256
authentication pre-share
group 2
crypto isakmp key CISCO address 1.1.1.1
!
crypto ipsec transform-set TSET esp-aes esp-sha-hmac
!
crypto map CRYPTO 10 ipsec-isakmp
set peer 1.1.1.1
set transform-set TSET
match address 101
!
interface Serial0/0
ip address 2.2.2.1 255.255.255.252
crypto map CRYPTO