Tuesday, 21 January 2014
Sunday, 12 January 2014
IBGP
R1(config-if)#ip add 10.1.12.1
255.255.255.0
R1(config-if)#no sh
R1(config)#int lo0
R1(config-if)#ip add 1.1.1.1
255.255.255.255
R1(config-if)#exit
R1(config)#router bgp 1
R1(config-router)#nei 10.1.12.2
remote-as 1
R1(config-router)#nei 10.1.23.3
remote-as 1
R1(config-router)#nei 10.1.34.4
remote-as 1
R1(config-router)#network 1.1.1.1
mask 255.255.255.255
R1(config-router)#end
R1#conf t
R1(config)#ip route 10.1.23.0
255.255.255.0 10.1.12.2
R1(config)#ip route 10.1.34.0
255.255.255.0 10.1.12.2
R1(config)#end
R2(config)#int f0/0
R2(config-if)#ip add 10.1.12.2
255.255.255.0
R2(config-if)#no sh
R2(config)#int f1/0
R2(config-if)#ip add 10.1.23.2
255.255.255.0
R2(config-if)#no sh
R2(config)#int lo0
R2(config-if)#ip add 2.2.2.2
255.255.255.255
R2(config-if)#exit
R2(config)#router bgp 1
R2(config-router)#nei
10.1.12.1 remote-as 1
R2(config-router)#nei
10.1.23.3 remote-as 1
R2(config-router)#net 2.2.2.2
mask 255.255.255.255
R2(config-router)#end
R2#conf t
R2(config)#ip route 10.1.34.0
255.255.255.0 10.1.23.3
R2(config)#end
R3(config)#int f0/0
R3(config-if)#ip add 10.1.23.3
255.255.255.0
R3(config-if)#no sh
R3(config)#int f1/0
R3(config-if)#ip add 10.1.34.3
255.255.255.0
R3(config-if)#no sh
R3(config)#int lo0
R3(config-if)#ip add 3.3.3.3
255.255.255.255
R3(config-if)#exit
R3(config)#router bgp 1
R3(config-router)#nei
10.1.23.2 remote-as 1
R3(config-router)#nei
10.1.34.4 remote-as 1
R3(config-router)#net 3.3.3.3
mask 255.255.255.255
R3(config-router)#end
R3(config)#ip route
R3(config)#ip route 10.1.12.0
255.255.255.0 10.1.23.2
R3(config)#end
R4(config)#int f0/0
R4(config-if)#ip add 10.1.34.4
255.255.255.0
R4(config-if)#no sh
R4(config)#int lo0
R4(config-if)#ip add 4.4.4.4
255.255.255.255
R4(config-if)#exit
R4(config)#router bgp 1
R4(config-router)#nei
10.1.34.3 remote-as 1
R4(config-router)#net 4.4.4.4
mask 255.255.255.255
R4(config-router)#end
R4#conf t
R4(config)#ip route 10.1.23.0
255.255.255.0 10.1.34.3
R4(config)#ip route 10.1.12.0
255.255.255.0 10.1.34.3
R4(config)#end
R1#sh ip bgp
BGP table version is 5, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i -
internal,
r RIB-failure, S
Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight
Path
*> 1.1.1.1/32
0.0.0.0 0
32768 i
*>i2.2.2.2/32
10.1.12.2 0 100
0 i
*>i3.3.3.3/32
10.1.23.3 0
100 0 i
*>i4.4.4.4/32
10.1.34.4 0 100
0 i
R1#sh ip bgp summ
BGP router identifier
1.1.1.1, local AS number 1
BGP table version is 5, main
routing table version 5
4 network entries using 468
bytes of memory
4 path entries using 208
bytes of memory
3/2 BGP path/bestpath
attribute entries using 372 bytes of memory
0 BGP route-map cache entries
using 0 bytes of memory
0 BGP filter-list cache
entries using 0 bytes of memory
BGP using 1048 total bytes of
memory
BGP activity 4/0 prefixes,
6/2 paths, scan interval 60 secs
Neighbor V
AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.1.12.2 4
1 39 39
5 0 0 00:32:36 1
10.1.23.3 4
1 18 18
5 0 0 00:13:14 1
10.1.34.4 4
1 16 16
5 0 0 00:11:30 1
R1#sh ip route
Codes: C - connected, S -
static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O -
OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 -
OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF
external type 2
i - IS-IS, su - IS-IS summary, L1 -
IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate
default, U - per-user static route
o - ODR, P - periodic downloaded static
route
Gateway of last resort is not
set
1.0.0.0/32 is subnetted, 1 subnets
C 1.1.1.1 is directly connected, Loopback0
2.0.0.0/32 is subnetted, 1 subnets
B 2.2.2.2 [200/0] via 10.1.12.2, 00:33:43
3.0.0.0/32 is subnetted, 1 subnets
B 3.3.3.3 [200/0] via 10.1.23.3, 00:15:21
4.0.0.0/32 is subnetted, 1 subnets
B 4.4.4.4 [200/0] via 10.1.34.4, 00:13:36
10.0.0.0/24 is subnetted, 3 subnets
C 10.1.12.0 is directly connected,
FastEthernet0/0
S 10.1.23.0 [1/0] via 10.1.12.2
S 10.1.34.0 [1/0] via 10.1.12.2
R1#sh tcp bri
TCB Local Address Foreign Address (state)
64FBD584 10.1.12.1.40937 10.1.12.2.179 ESTAB
64FBCF34 10.1.12.1.179 10.1.34.4.29315 ESTAB
64FC1788 10.1.12.1.179 10.1.23.3.59782 ESTAB
R1#ping
10.1.34.4
Type escape sequence to
abort.
Sending 5, 100-byte ICMP
Echos to 10.1.34.4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent
(5/5), round-trip min/avg/max = 56/64/68 ms
R1#ping
4.4.4.4
Type escape sequence to
abort.
Sending 5, 100-byte ICMP
Echos to 4.4.4.4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent
(5/5), round-trip min/avg/max = 56/64/68 ms
R2#sh ip bgp
BGP table version is 5, local
router ID is 2.2.2.2
Status codes: s suppressed, d
damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e -
EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*>i1.1.1.1/32 10.1.12.1 0 100 0 i
*> 2.2.2.2/32 0.0.0.0 0
32768 i
*>i3.3.3.3/32 10.1.23.3 0 100 0 i
*>i4.4.4.4/32 10.1.34.4 0 100 0 i
R3#sh ip bgp
BGP table version is 5, local
router ID is 3.3.3.3
Status codes: s suppressed, d
damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e -
EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight
Path
*>i1.1.1.1/32 10.1.12.1 0 100 0 i
*>i2.2.2.2/32 10.1.23.2 0 100 0 i
*> 3.3.3.3/32 0.0.0.0 0
32768 i
*>i4.4.4.4/32 10.1.34.4 0 100 0 i
R4#sh ip bgp
BGP table version is 5, local
router ID is 4.4.4.4
Status codes: s suppressed, d
damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e -
EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*>i1.1.1.1/32 10.1.12.1 0 100 0 i
*>i2.2.2.2/32 10.1.23.2 0 100 0 i
*>i3.3.3.3/32 10.1.34.3 0 100 0 i
*> 4.4.4.4/32 0.0.0.0 0
32768 i
EBGP
R1(config)#int
f0/0
R1(config-if)#ip
add 10.1.12.1 255.255.255.0
R1(config-if)#no
sh
R1(config)#int
lo0
R1(config-if)#ip
add 1.1.1.1 255.255.255.255
R1(config-if)#exit
R1(config)#router
bgp 1
R1(config-router)#neighbor
10.1.12.2 remote-as 2
R1(config-router)#neighbor
10.1.12.2 ebgp-multihop 3
R1(config-router)#neighbor
10.1.12.2 update-source loopback 0
R1(config-router)#network
1.1.1.1 mask 255.255.255.255
R1(config-router)#end
R2(config)#int
f0/0
R2(config-if)#ip
add 10.1.12.2 255.255.255.0
R2(config-if)#no
sh
R2(config)#int
f1/0
R2(config-if)#ip
add 10.1.23.2 255.255.255.0
R2(config-if)#no
sh
R2(config)#int
lo0
R2(config-if)#ip
add 2.2.2.2 255.255.255.255
R2(config-if)#exit
R2(config)#router
bgp 2
R2(config-router)#nei
10.1.12.1 remote-as 1
R2(config-router)#nei
10.1.23.3 remote-as 3
R2(config-router)#net
2.2.2.2 mask 255.255.255.255
R2(config-router)#end
R3(config)#int
f0/0
R3(config-if)#ip
add 10.1.23.3 255.255.255.0
R3(config-if)#no
sh
R3(config)#int
f1/0
R3(config-if)#ip
add 10.1.34.3 255.255.255.0
R3(config-if)#no
sh
R3(config)#int
lo0
R3(config-if)#ip
add 3.3.3.3 255.255.255.255
R3(config-if)#exit
R3(config)#router
bgp 3
R3(config-router)#nei
10.1.23.2 remote-as 2
R3(config-router)#nei
10.1.34.4 remote-as 4
R3(config-router)#net
3.3.3.3 mask 255.255.255.255
R3(config-router)#end
R4(config)#int
f0/0
R4(config-if)#ip
add 10.1.34.4 255.255.255.0
R4(config-if)#no
sh
R4(config)#int
lo0
R4(config-if)#ip
add 4.4.4.4 255.255.255.255
R4(config-if)#exit
R4(config)#router
bgp 4
R4(config-router)#nei
10.1.34.3 remote-as 3
R4(config-router)#net
4.4.4.4 mask 255.255.255.255
R4(config-router)#end
R2#sh ip bgp
BGP table version is 5, local
router ID is 2.2.2.2
Status codes: s suppressed, d
damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e -
EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.1/32 10.1.12.1 0 0 1 i
*> 2.2.2.2/32 0.0.0.0 0
2768 i
*> 3.3.3.3/32 10.1.23.3 0 0 3 i
*> 4.4.4.4/32 10.1.23.3 0 3 4 i
R2#sh run | s bgp
router bgp 2
no synchronization
bgp log-neighbor-changes
network 2.2.2.2 mask 255.255.255.255
neighbor 10.1.12.1 remote-as 1
neighbor 10.1.23.3 remote-as 3
no auto-summary
R2#sh ip bgp summ
BGP router identifier
2.2.2.2, local AS number 2
BGP table version is 5, main
routing table version 5
4 network entries using 468
bytes of memory
4 path entries using 208
bytes of memory
5/4 BGP path/bestpath
attribute entries using 620 bytes of memory
3 BGP AS-PATH entries using
72 bytes of memory
0 BGP route-map cache entries
using 0 bytes of memory
0 BGP filter-list cache
entries using 0 bytes of memory
BGP using 1368 total bytes of
memory
BGP activity 4/0 prefixes,
4/0 paths, scan interval 60 secs
Neighbor V
AS MsgRcvd MsgSent
TblVer InQ OutQ Up/Down State/PfxRcd
10.1.12.1 4 1 17 19
5 0 0 00:13:23 1
10.1.23.3 4 3 16 19
5 0 0 00:09:33 2
R2#sh ip route
Codes: C - connected, S -
static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O -
OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 -
OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF
external type 2
i - IS-IS, su - IS-IS summary, L1 -
IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate
default, U - per-user static route
o
- ODR, P - periodic downloaded static route
Gateway of last resort is not
set
1.0.0.0/32 is subnetted, 1 subnets
B 1.1.1.1 [20/0] via 10.1.12.1, 00:13:51
2.0.0.0/32 is subnetted, 1 subnets
C 2.2.2.2 is directly connected, Loopback0
3.0.0.0/32 is subnetted, 1 subnets
B 3.3.3.3 [20/0] via 10.1.23.3, 00:08:01
4.0.0.0/32 is subnetted, 1 subnets
B 4.4.4.4 [20/0] via 10.1.23.3, 00:07:00
10.0.0.0/24 is subnetted, 2 subnets
C 10.1.12.0 is directly connected,
FastEthernet0/0
C 10.1.23.0 is directly connected,
FastEthernet1/0
R2#sh tcp bri
TCB Local Address Foreign Address (state)
64EDDC80 10.1.23.2.42087 10.1.23.3.179 ESTAB
64EDED04 10.1.12.2.179 10.1.12.1.45753 ESTAB
R1#sh ip bgp
BGP table version is 5, local
router ID is 1.1.1.1
Status codes: s suppressed, d
damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e -
EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.1/32 0.0.0.0 0
32768 i
*> 2.2.2.2/32 10.1.12.2 0 0 2 i
*> 3.3.3.3/32 10.1.12.2 0 2 3 i
*> 4.4.4.4/32 10.1.12.2 0 2 3 4 i
R3#sh ip bgp
BGP table version is 5, local
router ID is 3.3.3.3
Status codes: s suppressed, d
damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e -
EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.1/32 10.1.23.2 0 2 1 i
*> 2.2.2.2/32 10.1.23.2 0 0 2 i
*> 3.3.3.3/32 0.0.0.0 0
32768 i
*> 4.4.4.4/32 10.1.34.4 0 0 4 i
R4#sh ip bgp
BGP table version is 5, local
router ID is 4.4.4.4
Status codes: s suppressed, d
damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e -
EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.1/32 10.1.34.3 0 3 2 1 i
*> 2.2.2.2/32 10.1.34.3 0 3 2 i
*> 3.3.3.3/32 10.1.34.3 0 0 3 i
*> 4.4.4.4/32 0.0.0.0 0
32768 i
Thursday, 9 January 2014
Access-list(ACL)
Q-1 Allow all host ping to B except
A.
R1(config)#ip access-list extended ICMP-ALLOW
R1(comfig-ext-nacl)#deny icmp host 192.168.1.100 host
192.168.2.100 echo
R1(comfig-ext-nacl)#permit ip any any
R1(config)#int f1/0
R1(config-if)#ip access-group ICMP-ALLOW in
Q-2 Allow telnet A to B , deny any
telnet to B.
SW2(config)#ip access-list extended YYY
SW2(config-ext-nacl)#permit tcp host 192.168.1.100 host
192.168.2.100 eq 23
SW2(config-ext-nacl)#deny tcp any host 192.168.2.100 eq 23
SW2(config-ext-nacl)#permit ip any any
SW2(config-ext-nacl)#end
SW2(config)#int vlan 2
SW2(config-if)#ip access-group YYY out
SW2(comfit-if)#end
SW2#sh access-lists
Extended IP access list YYY
10 permit tcp host
192.168.1.100 host 192.168.2.100 eq telnet (59 matches)
20 deny tcp any
host 192.168.2.100 eq telnet (2 matches)
30 permit ip any
any
SW2#sh run int vlan 2
Building configuration...
Current configuration : 86 bytes
!
interface Vlan2
ip address
192.168.2.1 255.255.255.0
ip access-group YYY
out
end
PC_A(config)#line vty 0 4
PC_A(config-line)#password cisco
PC_A(config-line)#end
Q-3 Allow only B , C to browse to D.
SW2(config)#ip access-list extended YYY
SW2(config-ext-nacl)#permit tcp host 192.168.1.101 host
192.168.2.101 eq 80
SW2(config-ext-nacl)#deny tcp any host 192.168.2.101 eq 80
SW2(config-ext-nacl)#end
SW2(config)#ip access-list extended YYY
SW2(config-ext-nacl)#no 30 permit ip any any
SW2(config-ext-nacl)#70 permit ip any any
SW2(config-ext-nacl)#end
Extended IP access list YYY
10 permit tcp host
192.168.1.100 host 192.168.2.100 eq telnet (59 matches)
20 deny tcp any
host 192.168.2.100 eq telnet (2 matches]
40 permit tcp host
192.168.1.101 host 192.168.2.101 eq www
50 deny tcp any
host 192.168.2.101 eq www
70 permit ip any
any
Q-4 Allow A , D to telnet C any any
telnet to C.
R1(config)#ip access-list extended ZZZ
R1(config-ext-nacl)#permit tcp host 192.168.2.101 host
192.168.1.101 eq 23
R1(config-ext-nacl)#deny tcp any host 192.168.1.101 eq 23
R1(config-ext-nacl)#permit ip any any
R1(config-ext-nacl)#end
R1(config)#int f1/0
R1(config-if)#ip access-group ZZZ out
R1(config-if)#end
PC_C#conf t
PC_C(config)#line vty 0 4
PC_C(config-line)#password cisco
PC_C(config-line)#end
PC_A#telnet 192.168.1.101
Trying 192.168.1.101 ... Open
User Access Verification
Password:
PC_C>exit
[Connection to 192.168.1.101 closed by foreign host]
PC_A#
PC_D#telnet 192.168.1.101
Trying 192.168.1.101 ... Open
User Access Verification
Password:
PC_C>exit
[Connection to 192.168.1.101 closed by foreign host]
PC_D#
PC_B>telnet 192.168.1.101
Trying 192.168.1.101 ...
% Destination unreachable; gateway or host down
Q-5 Allow only C to access network
192.168.2.0/24 port 8192 tcp
SW2(config)#ip access-list extended XXX
SW2 (config-ext-nacl)#permit
tcp host 192.168.1.101 192.168.2.0 0.0.0.255 eq 8192
SW2 (config-ext-nacl)#deny tcp any 192.168.2.0 0.0.0.255 eq
8192
SW2 (config-ext-nacl)#end
SW2#conf t
SW2 (config)#int vlan 2
SW2 (config-if)#ip access-group XXX out
SW2 (config-if)#end
PC_C>en
PC_C#telnet 192.168.2.100 8192
Trying 192.168.2.100, 8192 ...
% Connection timed out; remote host not responding
SW2#sh run int vlan 2
Building configuration...
Current configuration : 86 bytes
!
interface Vlan2
ip address
192.168.2.1 255.255.255.0
ip access-group XXX
out
end
SW2#sh access-lists
Extended IP access list XXX
10 permit tcp host
192.168.1.101 192.168.2.0 0.0.0.255 eq 8192
20 deny tcp any
192.168.2.0 0.0.0.255 eq 8192
Extended IP access list YYY
10 permit tcp host
192.168.1.100 host 192.168.2.100 eq telnet
20 deny tcp any
host 192.168.2.100 eq telnet
40 permit tcp host
192.168.1.101 host 192.168.2.101 eq www
50 deny tcp any
host 192.168.2.101 eq www
70 permit ip any
any
R1#sh run int f1/0
Building configuration...
Current configuration : 144 bytes
!
interface FastEthernet1/0
ip address
192.168.1.1 255.255.255.0
ip access-group ZZZ
out
speed 100
full-duplex
end
R1#sh access-lists
Extended IP access list ICMP-ALLOW
10 deny icmp host
192.168.1.100 host 192.168.2.100 echo
20 permit ip any
any (97 matches)
Extended IP access list ZZZ
10 permit tcp host
192.168.2.101 host 192.168.1.101 eq telnet (31 matches)
20 deny tcp any
host 192.168.1.101 eq telnet (2 matches)
30 permit ip any
any
Subscribe to:
Posts (Atom)