ASP Conﬁguration Handbook phần 9 doc

Creates a list of export route target communities for the specified VRF.ip cef ip inspect name ASP1 realaudio timeout 30 ip inspect name ASP1 ftp timeout 3600 ip inspect name ASP1 smtp t

Trang 1

-ASP1-DFT-7200-D1(config)#ip tftp source-interface Loopback1

This allows you to select the interface address that will be used as the source address for TFTP connections A loopback interface is a software-based connec- tion that can be configured for testing your router as well as an interface.

ASP1-DFT-7200-D1(config)#ip domain name dft.exn.com

You can specify the Domain Name System (DNS) to automatically mine host-name-to-address mappings.The drawback to this command is that if you mistype a command, the router will perform a domain name lookup for the item that you typed.

Trang 2

Creates a list of export route target communities for the specified VRF.

ip cef

ip inspect name ASP1 realaudio timeout 30

ip inspect name ASP1 ftp timeout 3600

ip inspect name ASP1 smtp timeout 3600

ip inspect name ASP1 udp timeout 15

ip inspect name ASP1 tcp timeout 3600

ip inspect name ASP1 http

ip audit notify log

ip audit po max-events 100mpls traffic-eng tunnelsframe-relay switchingmls rp ip

-ASP1-DFT-7200-D1(config)#ip cef

This command enables Cisco express forwarding (CEF) CEF is designed to accommodate changing network dynamics and traffic that results from increased numbers over a short period of time.These patterns are usually associated with Web-based applications and interactive applications.

ASP1-DFT-7200-D1(config)#ip inspect name ASP1 realaudio timeout 30

Use the ip inspect name in global configuration command to define a set of

inspection rules to which packet traffic must adhere.

ASP1-DFT-7200-D1(config)#ip audit notify log

Trang 3

Use the ip audit notify log command in global configuration mode to specify

the method of event notification, so that you can view these notifications and tweak your network for better efficiency.

ASP1-DFT-7200-D1(config)#ip audit po max-events 100

Use the ip audit po local command in global configuration mode to specify the

local post office parameters that should be used when sending event notifications

to your network administrator.

ASP1-DFT-7200-D1(config)#mpls traffic-eng tunnels

The mpls traffic-eng tunnels command enables multiprotocol label switching

(MPLS) traffic engineering tunnel signaling on a device.

This command configures an IP address for the interface.

ASP1-DFT-7200-D1(config-if)#ip wccp web-cache redirect out

Trang 4

This command configures an interface to enable a router to verify that the appropriate packets are being redirected to the cache engine.

ASP1-DFT-7200-D1(config-if)#ip router isis

This enables the Intermediate System-to-Intermediate System (IS-IS) routing protocol on the interface.This command also identifies the area in which the router will work, while letting the router know that it will be routing dynamically rather than statically.

interface FastEthernet0/0

-no ip address

no ip redirects

ip nbar protocol-discoveryfull-duplex

mls rp vtp-domain EXN_ASP_LABmls rp ip

mls rp ipx -

ASP1-DFT-7200-D1(config)#interface FastEthernet 0/0

This command enables interface configuration mode for FastEthernet slot/port.

ASP1-DFT-7 200-D1(config-if)#no ip address

This is the default setting for the interface.

ASP1-DFT-7200-D1(config-if)#mls rp vtp-domain EXN_ASP_LAB

Configures virtual local area network (VLAN) Trunking Protocol (VTP) domain.VTP allows you to make configuration changes centrally on a single

Trang 5

network device, and have those changes automatically communicated to all the other devices within the domain.

Trang 6

Creates, enables, and enters configuration mode for a subinterface on a FastEthernet slot/port.

ASP1-DFT-7200-D1(config-if)#encapsulation isl 900

Creates inter-switch link (ISL) VLAN encapsulation on the interface ISL is a Cisco-specific VLAN encapsulation method.

ASP1-DFT-7200-D1(config-if)#ip nbar protocol-discovery

Enables Network-Based Application Recognition Protocol-Discovery (NBAR) NBAR dynamically recognizes applications and employs network services to attain end-to-end availability, performance, and security.

ASP1-DFT-7200-D1(config-if)#tag-switching ip

Enables packet forwarding to go across cell-based devices that are connected

to the interface.Tag switching was created to resolve the challenges that face an evolving Internet and high-speed data communications in general.Tag switching uses two main components: forwarding and control Forwarding uses the tag information that is carried by packets, and tag-forwarding information, which is handled by a tag switch that executes packet forwarding Control is in charge of retaining the correct tag-forwarding information for a group of connected tag switches.

ASP1-DFT-7200-D1(config-if)#mls rp management-interface

This command specifies an interface as the management interface for MLS.

ASP1-DFT-7200-D1(config-if)#standby 2 priority 100 preempt delay 120

Configures HSRP priority and sets the preempt delay.

ASP1-DFT-7200-D1(config-if)#standby 2 ip 192.168.1.2

Sets the IP address for the standby unit.

ASP1-DFT-7200-D1(config-if)#standby 2 track POS1/0

Configures the interface so that the HSRP priority can change based on the availability of other interfaces.

interface FastEthernet0/0.801

-encapsulation isl 801

ip address 192.168.101.5 255.255.255.0

Trang 8

!interface POS1/0

ip address 192.168.254.1 255.255.255.0

ip wccp web-cache redirect out

no keepalivetag-switching mtu 1500tag-switching ipclock source internal -

ASP1-DFT-7200-D1(config-if)#no keepalive

The keepalive command specifies how many seconds of inactivity will elapse

before it sends a transmission to another router.

ASP1-DFT-7200-D1(config-if)#tag-switching mtu 1500

This command sets the maximum transmission unit (MTU) for tag-switching packets to 1500 on this interface.

ASP1-DFT-7200-D1(config-if)#clock source internal

This command specifies that the interface will clock its data from its internal clock.

interface FastEthernet2/0

full-duplextag-switching ipstandby 11 preempt

!interface Serial3/0

Trang 9

ASP1-DFT-7200-D1(config-if)#cablelength 10

This command specifies the distance of the cable from the interface processor

to the network equipment.

ASP1-DFT-7200-D1(config-if)#dsu bandwidth 44210

This command specifies the maximum allowable bandwidth used by the port adapter Maximum bandwidth is 22 kbps to 44736 kbps.The default varies for different port adapters.

Trang 10

This command redistributes routes from one routing domain into another routing domain.The connected switch is the source protocol from which routes are being redistributed.

ASP1-DFT-7200-D1(config-if)#net 49.0001.0000.00d1.00

This command is used to configure an IS-IS network entity title (NET) for the routing process.

router rip

-version 2 -

-network 10.0.0.0

no auto-summaryexit-address-family -

ASP1-DFT-7200-D1(config-router)#address-family ipv4 vrf lab1-access1

To enter the address family submode for configuring routing protocols such

as BGP, RIP, and static routing.

ASP1-DFT-7200-D1(config-router-af)#version 2

Listen for and use RIP v2 on this address family.

ASP1-DFT-7200-D1(config-router-af)#network 10.0.0.0

Trang 11

Sets the default network to 10.0.0.0 for this address family.

Trang 12

When you use neighbor remote-as, routing information for IPv4 is advertised by

default when you configure a BGP routing session.To remove these

advertise-ments, you need to enter the no bgp default ipv4-unicast command.

-neighbor 192.168.253.5 remote-as 70neighbor 192.168.253.5 ebgp-multihop 255neighbor 192.168.253.5 activate

neighbor 192.168.253.5 send-community both

no auto-summary

Trang 13

no synchronization

network 10.10.1.0 mask 255.255.255.0

exit-address-family

-ASP1-DFT-7200-D1(config-router-af)#redistribute rip metric 1

This redistributes RIP advertisements with a metric of 1.

ip nat pool ASP-1 192.168.2.5 192.168.2.10 netmask 255.255.255.0

ip nat inside source route-map internet_out pool ASP-1 overload

ip classless

ip route 0.0.0.0 0.0.0.0 192.168.254.2

Trang 14

ip route 192.168.253.6 255.255.255.255 POS1/0

no ip http server

ip bgp-community new-format -

ASP1-DFT-7200-D1(config-router-af)#address-family vpnv4

This command tells BGP that it should use standard VPNv4 address prefixes.

ASP1-DFT-7200-D1(config)#ip nat pool ASP-1 192.168.2.5 192.168.2.10

netmask 255.255.255.0

This command creates and groups a pool of network addresses for the router

to use in its Network Address Translation (NAT) process.

ASP1-DFT-7200-D1(config)#ip nat inside source route-map internet_out

pool ASP-1 overload

This command will translate the inside interface packets from addresses that match those on the access list.These addresses are then allocated from the named

pool that was created in the command above.The overload command (optional)

enables port translation for UDP and TCP.

Creates a static mapping to POS1/0.

ASP1-DFT-7200-D1(config)#ip bgp-community new-format

This command configures the new community format, wherein the nity number is displayed in the short form.

commu-map-class frame-relay 3600

-logging source-interface Loopback1

Trang 15

logging 192.168.1.11

access-list 105 deny tcp any any

access-list 105 permit udp any any eq snmp

access-list 105 permit udp any any eq snmptrap

access-list 105 permit icmp any any echo-reply

access-list 105 deny udp any any

access-list 120 permit ip 10.0.0.0 0.255.255.255 any

route-map internet_out permit 10

ASP1-DFT-7200-D1(config-map-class)#logging source-interface Loopback1

Sets the source for logging to the loopback interface.

ASP1-DFT-7200-D1(config-map-class)#logging 192.168.1.11

Logs information to 192.168.1.11.

ASP1-DFT-7200-D1(config)#access list 105 deny tcp any any

Creates an access list that denies all TCP packets from any to any.

ASP1-DFT-7200-D1(config)#route-map internet_out permit 10

Route maps are used to control and modify routing information It can also define the conditions by which routes are redistributed between routing domains.

ASP1-DFT-7200-D1(config)#match ip address 120

The match command specifies conditions that must correspond in order for

the packet to be processed.

-snmp-server engineID local 00000009020000D0BC326400

snmp-server community public RO

Trang 16

snmp-server community private RW -

ASP1-DFT-7200-D1(config)#snmp-server engineID local

00000009020000D0BC326400

Specifies the local copy of SNMP on the router.

ASP1-DFT-7200-D1(config)#snmp-server community public RO

Allows for read-only access Only authorized management stations are able to retrieve MIB objects.

ASP1-DFT-7200-D1(config)#snmp-server community private RW

Allows for read-write access Authorized management stations are able to retrieve and modify MIB objects.

line con 0

-exec-timeout 0 0transport input noneline aux 0

line vty 0 4password 7 08004257061700573305150B242Elogin

transport input lat pad v120 mop telnet rlogin udptn nasiline vty 5 15

logintransport input lat pad v120 mop telnet rlogin udptn nasi

!end

Configuration for a Cisco Systems Gigabit Switch Router Router That

Is Located within the Distribution Layer

The following is the configuration for a Cisco Systems gigabit switch router (GSR) that is located in the Distribution layer.

Trang 17

ASP1-DFT-GSR-B1#show running-configuration

Using 7792 out of 520184 bytes

!

! Last configuration change at 03:34:08 PST Tue Dec 19 2000

! NVRAM config last updated at 06:20:57 PST Mon Feb 5 2001

!

version 12.0

no service pad

service timestamps debug datetime msec localtime show-timezone

service timestamps log datetime msec localtime show-timezone

service password-encryption

!

hostname ASP1-DFT-GSR-B1

!

boot system slot0:gsr-p-mz_120-9_S.bin

enable secret 5 $1$ShLc$HBf2vRWSEkd/GqQCI2.Ni0

enable password 7 08004257061700573305150B242E

ASP1-DFT-GSR-B1(config)#clock summer-time PDT recurring

This sets the system clock to acknowledge daylight-savings time.

Trang 18

!policy-map test

-ASP1-DFT-GSR-B1(config)#ip cef accounting non-recursive

This command enables accounting through nonrecursive prefixes For prefixes that are directly connected to their next hops, it enables the collection of the number of packets and bytes express forwarded through a prefix.

ASP1-DFT-GSR-B1(config)#clns routing

This command enables Connectionless Network Services (CLNS) routing.

interface Loopback1

-ip address 192.168.253.3 255.255.255.255

ip directed-broadcast

ip router isis -

ASP1-DFT-GSR-B1(config-int)#ip directed broadcast

The default setting for routers is to forward directed broadcasts.You can

dis-able this with the no ip directed broadcast command.

interface POS0/0

-ip address 192.168.250.129 255.255.255.128

no ip directed-broadcastrate-limit output dscp 8 15000000 10000 20000 conform-action transmitexceed-action transmit

Trang 19

rate-limit output dscp 10 15000000 10000 20000 conform-action transmitexceed-action transmit

rate-limit output dscp 14 5000000 10000 20000 conform-action transmitexceed-action drop

20000 conform-action transmit exceed action transmit

This command is very similar to the police command.This command applies

this Committed Access Rate (CAR) policy to packets sent on this interface, and what actions are taken if those limits are exceeded.

ASP1-DFT-GSR-B1(config-int)#no ip mroute-cache

This command configures IP multicast fast switching or multicast distributed switching (MDS) on the interface.

ASP1-DFT-GSR-B1(config-int)#crc 16

Trang 20

This command enables you to set the length of the cyclic redundancy check (CRC) on a fast serial interface processor (FSIP) or HSSI interface processor (HIP) on a Cisco router.

interface POS0/1

-no ip address

no ip directed-broadcast

no ip mroute-cache

no keepaliveshutdowncrc 16

no cdp enable -

ASP1-DFT-GSR-B1(config-int)#no cdp enable

Cisco Discover Protocol (CDP) is enabled by default If you do not want

to use the CDP device discovery capability, you would use the no cdp enable

command.

interface POS0/2

-no ip address

no ip mroute-cache

no keepaliveshutdowncrc 16

no cdp enable -

ASP1-DFT-GSR-B1(config-int)#shutdown

This shuts the port down Shutdown is the default for all interfaces If you

would like to use the interface, remember to type no shutdown when you are

ready to use it (Note: If you cut and paste a configuration to the router, the

interfaces will come up in shutdown mode.)

Trang 22

interface GigabitEthernet2/0

ip address 192.168.70.2 255.255.255.0

ip router isisrate-limit output dscp 8 15000000 10000 20000 conform-action transmitexceed-action transmit

no ip mroute-cachetag-switching ip

!interface POS3/0

no ip address

no ip directed-broadcastshutdown

crc 16

!interface POS3/1

Trang 23

-ASP1-DFT-GSR-B1(config-int)#no atm ilmi-keepalive

This command disables Integrated Local Management Interface (ILMI) connectivity procedures for this interface.

Trang 24

no ip mroute-cacheatm pvc 1 1 1 aal5snap 155000 145000 256 random-detecttag-switching ip

-ASP1-DFT-GSR-B1(config)#interface ATM5/0.102 point-to-point

This command creates a point-to-point subinterface on the ATM port adapter.

ASP1-DFT-GSR-B1(config)#atm pvc 1 1 1 aal5snap 155000 145000 256

random-detect

This command creates a permanent virtual circuit (PVC) between ATM switches.This command is comprised of a VPI/VCI pair, a virtual channel (VC), and has an encapsulation method.

interface ATM5/1

-no ip address

Trang 25

ASP1-DFT-GSR-B1(config-int)#service-policy output test

This command allows you to use a service policy as a QoS policy within a

policy map (this is also referred to as a hierarchical service policy).

Trang 26

no ip route-cache cef

no ip mroute-cacheshutdown

no cdp enable

!router ospf 99redistribute isis level-1-2 subnetsnetwork 192.168.215.0 0.0.0.255 area 0 -

ASP1-DFT-GSR-B1(config)#router ospf 99

This command enables Open Shortest Path First (OSPF) and creates a process ID (99).

ASP1-DFT-GSR-B1(config-router)#redistribute isis level-1-2 subnets

This command redistributes IS-IS level-1 and level-2 traffic into OSPF.

ASP1-DFT-GSR-B1(config-router)#network 192.168.215.0 0.0.0.255 area 0

This command assigns that network to area 0.

router isis

-redistribute ospf 99 metric 1 metric-type internal level-1-2net 49.0001.0000.0000.00b2.00

metric-style transition -

ASP1-DFT-GSR-B1(config-router)#redistribute ospf 99 metric 1 metric-type

Trang 27

redistribute isis level-2

redistribute ospf 99 metric 1

-ASP1-DFT-GSR-B1(config-router)#redistribute isis level-2

This command redistributes IS-IS level-2 into BGP.

ASP1-DFT-GSR-B1(config-router)#redistribute ospf 99 metric 1

This command redistributes OSPF 99 into BGP with a metric of 1.

Trang 28

ip 192.168.248.2 atm-vc 1 broadcastsnmp-server engineID local 00000009020000D0FF644820snmp-server community public RO

snmp-server community private RW -

ASP1-DFT-GSR-B1(config)#map-list MGX-B1

This command allows you to define an ATM map statement for either a PVC

or SVC.

ASP1-DFT-GSR-B1(config)#ip 192.168.248.2 atm-vc 1 broadcast

This command creates a logical circuit to ensure that there is reliable munication between two network devices A virtual channel (VC) is defined by a VPI/VCI pair, and can be either permanent or switched.

com-

-!

!line con 0exec-timeout 0 0transport input noneline aux 0

line vty 0 4exec-timeout 39 0password 7 08004257061700573305150B242Elogin

!ntp update-calendarntp server 192.168.78.1ntp server 192.168.216.2ntp server 192.168.67.1end

-ASP1-DFT-GSR-B1(config)#ntp update-calendar

Trang 29

This command will allow the router to periodically update the calendar from Network Time Protocol (NTP).

ASP1-DFT-GSR-B1(config)#ntp server 192.168.78.1

This command enables you to allow the system clock to be synchronized by

a time-server that is located on your network.

Configuration for a Second Cisco

Systems Gigabit Switch Router Router

That Is Located within the Distribution Layer

The following is the configuration for a second Cisco Systems gigabit switch router (GSR) that is located within the Distribution layer.

service timestamps debug datetime msec localtime show-timezone

service timestamps log datetime msec localtime show-timezone

service password-encryption

!

hostname ASP1-DFT-GSR-C2

!

boot system slot0:gsr-p-mz_120-9_S.bin

enable secret 5 $1$ShLc$HBf2vRWSEkd/GqQCI2.Ni0

enable password 7 08004257061700573305150B242E

Trang 30

!interface Loopback0

no ip address

!interface Loopback1

ip address 192.168.253.2 255.255.255.255

ip router isis

!interface POS0/0

ip address 192.168.2.2 255.255.255.0

ip router isisrate-limit output dscp 8 5000000 10000 20000 conform-action transmitexceed-action transmit

Trang 31

Trang 32

exceed-action droprate-limit output dscp 0 100000000 50000 50000 conform-action transmitexceed-action drop

shutdowntag-switching ipcrc 16

!interface POS0/2

no ip address

crc 16

!interface POS0/3

ip address 192.168.50.2 255.255.255.0

no ip directed-broadcastrate-limit output dscp 8 15000000 10000 20000 conform-action transmitexceed-action transmit

Trang 33

Tiêu đề	Sample configuration for an application service provider network
Trường học	Syngress Media, Inc.
Chuyên ngành	Application Service Provider Network
Thể loại	appendix
Năm xuất bản	2001
Thành phố	Not specified

Định dạng
Số trang	66
Dung lượng	339,78 KB