Notes:

1.1 Bridging and switching

SW1

vtp domain IE vtp mode server vtp password CISCO ip routing vlan 3,5,10,783,26,6,26,52,33,255 ! int ra fa 0/1 - 24, gi 0/1 - 2 shutdown ! int fa 0/1 no switchport ip address 132.X.17.7 255.255.255.0 no sh int fa 0/3 sw mod ac sw ac v 3 no sh int fa 0/5 sw mod ac sw ac v 5 no sh int fa 0/9 sw mod ac sw ac v10 no sh int fa 0/10 sw mod ac sw ac v 10 no sh int vlan 783 no shut

SW2

conf t vtp mode client vtp domain IE vtp password CISCO ! int ra fa 0/1 - 24, gi 0/1 - 2 shutdown int fa 0/2 sw mod ac sw ac v 26 no sh int fa 0/6 sw trunk enca dot1q sw mod trunk no sh ! int fa 0/24 sw mod ac sw ac v 52 no sh int vlan 8 no shut ! int vlan 783 no shut !

SW3

vtp mode client vtp domain IE vtp password CISCO int ra fa 0/1 - 24, gi 0/1 - 2 shutdown ! int fa 0/3 sw mod ac sw ac v 33 no sh int fa 0/5 sw mod ac sw ac v 52 no sh int fa0/24 sw mod ac sw ac v 783 no sh int fa 0/4 sw mod ac sw ac v 255 no sh

SW4

vtp mode client vtp domain IE vtp password CISCO

1.2 EtherChannel

SW1(config)# interface range FastEthernet^? 0/13 - 15 SW1(config-if-range)# channel-group 1 mode on

SW2(config)# interface range FastEthernet^? 0/13 - 15 SW2config-if-range)# channel-group 1 mode on

SW2(config)# interface portchannel1 SW1/2(config)# switchport trunk encapsulation isl

1.3 EtherChannel

SW1(config)# interface range FastEthernet^? 0/16 - 18 SW1(config-if-range)# channel-group 2 mode active SW1(config-if-range)# channel-protocol lacp

SW3(config)# interface FastEthernet^? 0/13 - 15 SW3(config-if-range)# channel-group 2 mode active SW3(config-if-range)# channel-protocol lacp

SW1(config)# interface portchannel2 SW1(config-if)# switchport trunk encapsulation dot1q SW1(config-if)# switchport trunk native vlan 783 SW1(config-if)# switchport mode trunk

SW3(config)# interface portchannel2 SW3(config-if)# switchport trunk encapsulation dot1q SW3(config-if)# switchport trunk native vlan 783 SW3(config-if)# switchport mode trunk

1.4 Link aggregation

SW1(config)# interface range Fa0/19 - 20 SW1(config-if)# channel-group 2 mode active

SW4(config)# interface range Fa0/13 - 14 SW4(config-if)# channel-group 2 mode passive

SW1(config)# interface portchannel 2 SW1(config-if)# switchport trunk encapsulation isl SW1(config-if)# switchport mode trunk

SW4(config)# interface portchannel 2 SW4(config-if)# switchport trunk encapsulation isl SW4(config-if)# switchport mode trunk

1.5 Trunking

done in 1.1 SW2(config)# interface FastEthernet^? 0/6 SW2(config-if)# switchport nonegotiate

1.6 Pruning

SW1(config)# vtp pruning

1.7 802.1x authentication

SW1(config)# aaa new-model SW1(config)# aaa authentication dot1x default group radius SW1(config)# aaa authorization network default gorup radius SW1(config)# interface range fa0/9 - 10 SW1(config-if-range)# dot1x port-control auto SW1(config)# dot1x system-auth-control SW1(config)# radius-server host 204.12.X.100 key CISCO SW1(config)# radius-server update-source 150.X.7.7 SW1(config)# username admin privilege-level 15 secret admin SW1(config)# interface loopback 100 SW1(config-if)# ip address 150.X.7.7 255.255.255.255

1.8 Management

SW1(config)# router ospf 1 SW1(config-router)# max-lsa 4000

SW2(config)# router ospf 1 SW2(config-router)# max-lsa 4000

2.1 Full mesh

R1(config)# interface Serial 0/0 R1(config-if)# encapsulation frame-relay R1(config-if)# ip address 132.X.0.1 255.255.255.0 R1(config-if)# no frame-relay inverse-arp R1(config-if)# frame-relay interface-dlci 102 R1(config-if)# frame-relay interface-dlci 103 R1(config-if)# frame-relay interface-dlci 104 R1(config-if)# frame-relay map ip 132.X.0.3 103 br R1(config-if)# frame-relay map ip 132.X.0.2 102 br R1(config-if)# frame-relay map ip 132.X.0.4 104 br R1(config-if)# no shutdown

R2(config)# interface Serial 0/0 R2(config-if)# encapsulation frame-relay R2(config-if)# ip address 132.X.0.2 255.255.255.0 R2(config-if)# no frame-relay inverse-arp R2(config-if)# frame-relay interface-dlci 201 R2(config-if)# frame-relay interface-dlci 203 R2(config-if)# frame-relay interface-dlci 204 R2(config-if)# frame-relay map ip 132.X.0.1 201 br R2(config-if)# frame-relay map ip 132.X.0.4 204 br R2(config-if)# frame-relay map ip 132.X.0.3 203 br R2(config-if)# no shutdown

R3(config)# interface Serial 1/3 R3(config-if)# encapsulation frame-relay R3(config-if)# ip address 132.X.0.3 255.255.255.0 R3(config-if)# no frame-relay inverse-arp R3(config-if)# frame-relay interface-dlci 302 R3(config-if)# frame-relay interface-dlci 301 R3(config-if)# frame-relay interface-dlci 304 R3(config-if)# frame-relay map ip 132.X.0.1 301 br R3(config-if)# frame-relay map ip 132.X.0.2 302 br R3(config-if)# frame-relay map ip 132.X.0.4 304 br R3(config-if)# no shutdown

R4(config)# interface Serial 0/0 R4(config-if)# encapsulation frame-relay R4(config-if)# ip address 132.X.0.4 255.255.255.0 R4(config-if)# no frame-relay inverse-arp R4(config-if)# frame-relay interface-dlci 401 R4(config-if)# frame-relay interface-dlci 402 R4(config-if)# frame-relay interface-dlci 403 R4(config-if)# frame-relay map ip 132.X.0.1 401 br R4(config-if)# frame-relay map ip 132.X.0.2 402 br R4(config-if)# frame-relay map ip 132.X.0.3 403 br R4(config)# no shutdown

2.2 Frame-relay

R3(config)# interface Serial1/1 R3(config-if)# encapsulation frame-relay R3(config-if)# no shutdown R3(config)# interface Serial1/1.1 point-to-point R3(config-subif)# frame-relay interface-dlci 315 R3(config-subif)# ip address 132.X.35.3 255.255.255.0 R3(config-subif)# no frame-relay inverse-arp R3(config-subif)# frame-relay map ip 132.X.35.5 315 br

R5(config)# interface Serial0/0 R5(config-if)# encapsulation frame-relay R5(config-if)# no shutdown R5(config)# interface Serial0/0.1 point-to-point R5(config-subif)# frame-relay interface-dlci 513 R5(config-subif)# ip address 132.X.35.5 255.255.255.0 R5(config-subif)# no frame-relay inverse-arp R5(config-subif)# frame-relay map ip 132.X.35.3 513 br

2.3 Frame relay point-to-point

R6(config)# interface Serial 0/0/0 R6(config-if)# encapsulation frame-relay R6(config-if)# no frame-relay inverse-arp R6(config-if)# frame-relay interface-dlci 100 R6(config-if)# ip address 54.X.2.6 255.255.255.0 R6(config-if)# frame-relay map ip 54.X2.254 100 br R6(config-if)# no shutdown

2.4 Frame relay Traffic shaping

R2 PORT_SPEED = 512000 bps R2 CIR = 128000 DLCI 204

R4 PORT_SPEED 512000 R4 CIR 128000 DLCI 402 minimalne Tc=10s

Tc=Bc/CIR ;; Bc+Be = Port speed bc = 128000, be = 0 ; tc = 10ms

ostatne 125 ms.

class-map frame-relay DLCI_204 ; identicky 402 cir 128000 bc 12800 be 0 frame-relay traffic-shaping class_map frame-relay OTHER_DLCI cir 64000 be 0 bc 8000 frame-relay traffic-shaping

interface Serial 0/0 frame-relay interface-dlci ... class OTHER_DLCI frame-relay interface-dlci 204 class DLCI_204

3.1 HDLC

R2(config)# interface Serial 0/1 R2(config-if)# encapsulation hdlc R2(config-if)# compression stacker

R3(config)# interface Serial 1/3 R3(config-if)# encapsulation hdlc R3(config-if)# compression stacker

3.2 PPP

encapsulation ppp ppp authentication chap ppp chap hostname ROUTER4/ROUTER5 ppp chap password CISCO

username ROUTER4/ROUTER5 password 0 CISCO

4.1 OSPF

R1(config)# router ospf 1 R1(config-router)# network 132.X.0.0/24 R1(config)# interface Serial 0/0 R1(config-if)# ip ospf network point-to-multipoint R1(config)# interface loopback0 R1(config-if)# ip ospf 1 ar 0

R2(config)# router ospf 1 R2(config-router)# network 132.X.0.0/24 R2(config)# interface Serial 0/0 R2(config-if)# ip ospf network point-to-multipoint

R3(config)# router ospf 1 R3(config-router)# network 132.X.0.0/24 R3(config)# interface Serial 1/3 R3(config-if)# ip ospf network point-to-multipoint

R4(config)# router ospf 1 R4(config-router)# network 132.X.0.0/24 R4(config)# interface Serial 0/0 R4(config-if)# ip ospf network point-to-multipoint R4(config)# interface Loopback 0 R4(config-if)# ip ospf 1 ar 0

4.2 OSPF

R1(config)# interface FastEthernet^? 0/0 R1(config-if)# ip ospf 1 ar 17 R1(config-if)# ip ospf authentication-key 1 CISCO

R1(config)# router ospf 1 R1(config-router)# area 17 authentication

SW1(config)# interface Fa0/1 SW1(config-if)# ip ospf 1 ar 17 SW1(config-if)# ip ospf authentication-key 1 CISCO

SW1(config)# router ospf 1 SW1(config-router)# area 17 authentication

4.3 OSPF

SW1(config)# interface vlan 3 SW1(config-if)# ip ospf 1 ar 3 SW1(config-if)# ip ospf network point-to-multipoint non-broadcast SW1(config-if)# neighbor 132.X.3.3 SW1(config)# interface vlan 33 SW1(config-if)# ip ospf network point-to-multipoint non-broadcast SW1(config-if)# ip ospf 1 ar 33 SW1(config)# inerface vlan 255 SW1(config-if)# ip ospf 1 ar 33 SW1(config-if)# ip ospf network point-to-multipoint non-broadcast

R3(config)# interface E0/0 R3(config-if)# ip ospf 1 ar 3 R3(config-if)# ip ospf network point-to-multipoint non-broadcast R3(config-if)# neighbor druha_strana VLAN 3

R3(config)# interface E0/1 R3(config-if)# ip ospf 1 ar 33 R3(config-if)# ip ospf network point-to-multipoint non-broadcast R3(config-if)# neighbor ...druha strana vlan 33

SW3(config)# interface vlan 255 SW3(config-if)# ip ospf network point-to-multipoint non-broadcast SW3(config-if)# neighbor 132.X.255.9, 10...

SW4(config)# interface vlan 255 SW4(config-if)# ip ospf network point-to-multipoint non-broadcast SW4(config-if)# neighbor ...

4.5 EIGRP

R2(config)# router eigrp 10 R2(config-router)# no auto-summary R2(config-router)# neighbor 132.X.26.6

R6(config)# router eigrp 10 R6(config-router)# no auto-summary R6(config-router)# neighbor 132.X.26.2

4.6 EIGRP

R6(config)# interface Gi0/0.26 R6(config-if)# ip summary-address eigrp 200.0.0.0/...

4.7 EIGRP

R5(config)# router eigrp 10 R5(config-router)# redistribute connected route-map FILTER

R6(config)# router eigrp 10 R6(config-router)# redistribute connected route-map FILTER

R5/6(config)# route-map FILTER R5/6(config-route-map)# permti ... VLAN5, 52, 6 Ak by na tom smerovaci neexistovali, tak by som ich vniesol cez redistribute static

4.8 Routing redundancy

backup interface ... backup delay 60 300 backup active

4.9 RIPv2

router rip no auto-summary version 2 network ... distribute-list FILTER_LO out

4.10

ip access-list standard ACL permit 0.0.0.0 255.254.255.255 router rip offset-list ACL in 16

4.11 Redistribution

5.1 BGP

peering normalne, ale neviem ako spravit backup aby sa zdvihol z ineho routra ale iba vtedy ak nieco spadne...

5.2 BGP Peering

neighbor BB2 password CISCO

5.3 BGP Peering

router bgp 400 neighbor local-as 100 no-prepend

5.4 BGP filtering

route-mapa pre AS-PATH, ak obsahuje AS54, remove

5.5 Sumarizacia

aggregate-address 132.X.0.0 MASK summary-only neighbor ... suppress-map neighbor ... unsuppress-map

6.1 PIM

ip multicast-routing ip pim sparse-mode

ip pim rp-address ADRESA_LOOPBACKU

6.2 Multicast testing

ip mrm manager LOL manager ethernet 228.28.28.28 senders ACL receivers ACL

ip mrm test-sender ip mrm test-receiver

6.3 Multicast traffic control

- netusim

7.1 IPv6 Deployment

R2(config)# ipv6 unicast-routing R2(config)# interface loopback0 R2(config-if)# ipv6 address 2001:CC1E:X::2/128

R2(config)# interface Serial 0/0 R2(config-if)# ipv6 address 2001:CC1E:X:2323::2/64 R2(config-if)# frame-relay map ipv6 2001:CC1E:X:2323::3 203 br R2(config)# ipv6 route 2001:CC1E:X::3/128 2001:CC1E:X:2323::3 ... detto na R3...

8.1 Congestion management

class-map match-all TEST match ip address ACL policy-map LOL class TEST bandwidth 256000 interface Serial 0/0 service-policy TEST

8.2 Policy routing

ACL pre FTP spojenie ip policy route-map route-mapa route-map route-mapa match ip address ACL set ip next-hop... HDLC link

8.3 Congestion management

class-map match-all HDLC match ip address ACL policy-map POL class HDLC banddwidth 256000

int serial (hdlc) service-policy POL

9.1 Router hardening

no ip source-route no ip proxy-arp no bootp server banner login "Access to this device or the attached networks is prohibited without express written permission."

9.2 Traffic filtering

deny udp any any eq 161 log

9.3 Traffic logging

logging 132.X.33.100

9.4 ICMP filtering

deny icmp zvnutra any permit ip any any

10.1 RMON

rmon alarm 1 lsystem.58.0 60 absolute rising-treshold 75 1 falling-treshold 40 2 rmon event 1 trap "Five Minute CPU Average Above 75%" rmon event 2 trap "Five Minue CPU Average Below 40%" snmp-server 132.X.33.100 community IETRAP

10.2 remote access

username NOC password CISCO line vty 0 15 exec-timeout 5 absolute-timeout 900 logout-warning 60

10.3 Remote access security

username NOC secret CISCO

10.4 Syslog

logging 132.X.33.100 logging trap 7 int s 1/0 logging event link-status

11.1 Traffic Accounting

ip accounting ip accounting-treshold 2500

Notes!

R4 E0/0 is connected to SW2 Fa0/4 UNUSED SW4 Fa0/5 connected to R6 G0/1 UNUSED

To remove:

username admin secret admin @ SW1 line con 0, privilege level 15, no login @ SW1