Posts Tagged ‘ios’

Cisco Display MAC Address for the Connected Device

 
isr#show mac-address-table interface FastEthernet1
Destination Address  Address Type  VLAN  Destination Port
-------------------  ------------  ----  --------------------
1111.1111.1111		Dynamic	      1	    FastEthernet1
Posted: August 13th, 2011
Categories: cisco, networking
Tags: ,
Comments: No Comments.

Locating the Switchport for an IP on Cisco

isr-device#show arp 192.168.0.3
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  192.168.0.3              7   0006.812b.7c4a  ARPA   Vlan1
 
isr-device#show mac-address-table address 0006.812b.7c4a
Destination Address  Address Type  VLAN  Destination Port
-------------------  ------------  ----  --------------------
0006.812b.7c4a          Dynamic       1     FastEthernet7
Posted: April 6th, 2011
Categories: cisco, networking
Tags: ,
Comments: No Comments.

Cisco IOS Trunk Configuration for VMware ESXi

interface FastEthernet0/1
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,11,12,13
switchport mode trunk
switchport nonegotiate
spanning-tree portfast trunk

From the ESXi side…

esxcfg-vswitch -l
esxcfg-vswitch --add-pg="Virtual Machine Network VLAN12" vSwitch1
esxcfg-vswitch --pg="Virtual Machine Network VLAN12" --vlan="12" vSwitch1
Posted: March 28th, 2011
Categories: cisco, networking
Tags: , , , ,
Comments: No Comments.

Configuring Channel on Cisco Access Point

int dot11radio0
channel 1
 
int dot11radio1
channel 36
Posted: March 25th, 2011
Categories: cisco, ios, networking
Tags: , , , ,
Comments: No Comments.

Cisco IOS PPTP VPN Configuration

vpdn enable
 
vpdn-group VPN_PPTP
accept-dialin
protocol pptp
 
virtual-template 1
 
interface virtual-template1
ip unnumbered FastEthernet0
peer default ip address pool VPN_PPTP_DEFAULT_IP_POOL
ppp encrypt mppe auto required
ppp authentication ms-chap ms-chap-v2
 
ip local pool VPN_PPTP_DEFAULT_IP_POOL 192.168.1.10 192.168.1.12
 
aaa new-model
aaa authentication ppp default local
Posted: March 25th, 2011
Categories: cisco, networking, vpn
Tags: , , ,
Comments: No Comments.

Cisco ASA & IOS Site to Site IPsec/VPN Tunnel Configuration

 
!!!ASA DEVICE:
access-list VPN_SITE_TO_SITE_IPSEC_TRAFFIC extended permit ip 192.168.1.0 255.255.255.0 10.0.0.0 255.255.255.0
access-list ASA_NONAT extended permit ip 192.168.1.0 255.255.255.0 10.0.0.0 255.255.255.0
 
global (outside) 1 interface
nat (inside) 0 access-list ASA_NONAT
 
crypto ipsec transform-set VPN_SITE_TO_SITE_TRANS_SET esp-des esp-md5-hmac
crypto map VPN_SITE_TO_SITE_CRYPTO_MAP 12 match address VPN_SITE_TO_SITE_IPSEC_TRAFFIC
crypto map VPN_SITE_TO_SITE_CRYPTO_MAP 12 set peer PUB.IP.ADDR.HERE
crypto map VPN_SITE_TO_SITE_CRYPTO_MAP 12 set transform-set VPN_SITE_TO_SITE_TRANS_SET
crypto map VPN_SITE_TO_SITE_CRYPTO_MAP interface outside
crypto isakmp enable outside
 
crypto isakmp policy 12
 authentication pre-share
 encryption des
 hash md5
 group 1
 lifetime 86400
 
tunnel-group PUB.IP.ADDR.HERE type ipsec-l2l
tunnel-group PUB.IP.ADDR.HERE ipsec-attributes
 pre-shared-key VPN_PRE_SHARED_KEY
 
!!! IOS DEVICE:
crypto isakmp policy 12
 hash md5
 authentication pre-share
 
crypto isakmp key VPN_PRE_SHARED_KEY address PUB.IP.ADDR.HERE PUB.IP.SUBNET.HERE
crypto ipsec transform-set VPN_SITE_TO_SITE_TRANS_SET esp-des esp-md5-hmac
crypto dynamic-map VPN_SITE_TO_SITE_DYNAMIC_MAP 12
 set transform-set VPN_SITE_TO_SITE_TRANS_SET
crypto map VPN_SITE_TO_SITE_CRYPTO_MAP 12 ipsec-isakmp dynamic VPN_SITE_TO_SITE_DYNAMIC_MAP
 
int FastEthernet0/1
crypto map VPN_SITE_TO_SITE_CRYPTO_MAP
 
int FastEthernet0/0
ip nat inside
 
ip nat inside source list 190 interface FastEthernet0/1 overload
 
no access-list 190
access-list 190 deny ip 10.0.0.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 190 permit ip 10.0.0.0 0.0.0.255 any
Posted: March 25th, 2011
Categories: cisco, networking, vpn
Tags: , , , , ,
Comments: No Comments.

Escape Sequence to Abort on Cisco IOS

Running ping or traceroute from a Cisco device sometimes results in timeouts. Whether the timeouts are due to the blockage of ICMP, TCP filtering or the host is just outright unreachable, waiting for the ping or traceroute command to complete can be extremely painful.

Just as IOS indicates after issuing ping or traceroute, you’ll see “Type escape sequence to abort.”

The escape sequence is…

CTRL-SHIFT-6
CTRL-^
Posted: March 15th, 2011
Categories: cisco, networking
Tags: ,
Comments: No Comments.

Disable DNS Lookups on Cisco IOS

no ip domain-lookup
Posted: November 12th, 2009
Categories: cisco, ios, networking, os
Tags: ,
Comments: No Comments.

Cisco Terminal Output

Setting the number of lines for either Cisco ASA/PIX or IOS devices can be done as follows.

ASA/PIX:
Set to 23 lines - pager 23 (default)
Disable/Do not stop - no pager
<p>
IOS:
Set to 23 lines - length 23
Disable/Do not stop - length 0
<br />Example for IOS:
ios(config)#line console 0
ios(config-line)#length 0
ios(config-line)#^Z
ios(config)#line vty 0 4
ios(config-line)#length 0
ios(config-line)#^Z
Posted: October 19th, 2009
Categories: asa, cisco, ios, networking, os
Tags: , ,
Comments: No Comments.

Configuring HSRP on Cisco IOS Routers

On Router #2

int f0/0
ip address 192.168.0.2 255.255.255.0
standby 1 ip 192.168.0.1
standby 1 preempt
standby 1 priority 110
standby 1 authentication STRING
standby 1 timers 3 10
standby 1 track f0/1

On Router #3

int f0/0
ip address 192.168.0.3 255.255.255.0
standby 1 ip 192.168.0.1
standby 1 preempt
standby 1 priority 100
standby 1 authentication STRING
standby 1 timers 3 10
standby 1 track f0/1
Posted: October 9th, 2009
Categories: cisco, high availability, ios, load balancing, networking, redundancy
Tags: , , , ,
Comments: No Comments.