sábado, 19 de enero de 2013

QoS



QOS
 
 


Publicado por en No hay comentarios:

miércoles, 2 de enero de 2013

MPLS VPN




###########################################
CORE
###########################################
interface Loopback0
 ip address 3.3.3.3 255.255.255.0
 ip ospf network point-to-point

interface Serial0/0
 ip address 10.10.10.1 255.255.255.252
 mpls ip

interface Serial0/1
 ip address 10.10.10.5 255.255.255.252
 mpls ip

router ospf 1
 network 3.3.3.0 0.0.0.255 area 0
 network 10.10.10.0 0.0.0.3 area 0
 network 10.10.10.4 0.0.0.3 area 0
router bgp 10
 neighbor 1.1.1.1 remote-as 10
 neighbor 2.2.2.2 remote-as 10
mpls ldp router-id Loopback0


################################################
PE1
################################################
ip vrf cliente
 rd 1:100
 route-target export 100:1
 route-target import 100:1
ip vrf forwarding
interface Loopback0
 ip address 1.1.1.1 255.255.255.0
 ip ospf network point-to-point
!
interface Serial0/0
 ip address 10.10.10.2 255.255.255.252
 mpls ip

interface Serial0/1
 ip vrf forwarding cliente
 ip address 192.168.10.2 255.255.255.0
router eigrp 1
 address-family ipv4 vrf cliente
  redistribute bgp 10 metric 100000 10 255 1 1500
  network 192.168.10.0
  no auto-summary
  autonomous-system 1
 exit-address-family
!
router ospf 1
 network 1.1.1.0 0.0.0.255 area 0
 network 10.10.10.0 0.0.0.3 area 0
!
router bgp 10
 neighbor 2.2.2.2 remote-as 10
 neighbor 2.2.2.2 update-source Loopback0
 address-family vpnv4
  neighbor 2.2.2.2 activate
  neighbor 2.2.2.2 send-community both
 exit-address-family
 address-family ipv4 vrf cliente
  redistribute eigrp 1
  no synchronization
 exit-address-family
##########################################
PE2
#########################################
ip vrf cliente
 rd 1:100
 route-target export 100:1
 route-target import 100:1
!
ip vrf forwarding
interface Loopback0
 ip address 2.2.2.2 255.255.255.0
 ip ospf network point-to-point

interface Serial0/0
 ip address 10.10.10.6 255.255.255.252
 mpls ip
interface Serial0/1
 ip vrf forwarding cliente
 ip address 192.168.20.2 255.255.255.0
router eigrp 1
 redistribute bgp 10 metric 10000 10 255 1 1500
 auto-summary

 address-family ipv4 vrf cliente
  network 192.168.20.0
  no auto-summary
  autonomous-system 1
 exit-address-family
!
router ospf 1
 log-adjacency-changes
 network 2.2.2.0 0.0.0.255 area 0
 network 10.10.10.4 0.0.0.3 area 0
!
router bgp 10
 no synchronization
 bgp log-neighbor-changes
 neighbor 1.1.1.1 remote-as 10
 neighbor 1.1.1.1 update-source Loopback0
 no auto-summary
 !
 address-family vpnv4
  neighbor 1.1.1.1 activate
  neighbor 1.1.1.1 send-community both
 exit-address-family
 !
 address-family ipv4 vrf cliente
  redistribute eigrp 1
  no synchronization
 exit-address-family
!
mpls ldp router-id Loopback0
!
##############################################
CE1
##########################################

router eigrp 1
 network 4.4.4.0 0.0.0.255
 network 192.168.10.0
 no auto-summary
!
no ip http server
Publicado por en No hay comentarios:

Firewalll ZBF ( Zone Base Firewall)






##########################################################
Paso 1. Cree las zonas para el firewall con el comando zone security.
###########################################################
zone security insite
zone security outsite
############################################################
Paso 2. Defina clases de tráfico con el comando class-map type inspect.
############################################################
class-map type inspect match-any classe1
match protocol http
match protocol https
match protocol icmp
#################################################################
Paso 3. Especifique políticas de firewall con el comando policy-map type inspect.
#################################################################

policy-map type inspect politica1
class type inspect classe1
inspect

####################################################################
Paso 4. Aplique políticas de firewall a los pares de zonas de origen y destino usando el
comando zone-pair security.
####################################################################

zone-pair security InternotoExterno source insite destination outsite
service-policy type inspect politica1
##################################################################
Paso 5. Asigne interfaces de router a las zonas usando el comando de interfaz zone-member security
#################################################################

interface FastEthernet0/0
ip address 192.168.1.254 255.255.255.0
zone-member security insite
interface FastEthernet0/1
ip address 192.168.20.254 255.255.255.0
zone-member security outsite
Publicado por en No hay comentarios:
Suscribirse a: Entradas (Atom)