personal

Cisco ASA 9.4 (and later) is now supporting Policy Based Routing. Yeah. Great news, since many customers are requesting something like “HTTP traffic to the left – VoIP traffic to the right”. Coming with a new Cisco ASA 5506-X I was happy to try the policy based routing feature. The configuration steps through the ASDM GUI are not easy and full of errors so I am trying to give some hints within this blog post. The main document from Cisco for policy based routing on a ASA is here . It describes the use-cases for PBR and gives examples. Configuration I am doing all of my configurations through the GUI ASDM. (I know, some people really love the CLI even for configurations, but I don’t. I am using it only for troubleshooting issues.) For this lab I am using a Cisco ASA 5506-X with ASA version 9.5(1), while ASDM is version 7.5(1) . In my lab, I have a default route to ISP 1 (gi1/1) and a different connection to ISP 2 (gi1/2). There is no route to ISP 2 in the ro...

Ensure you have a hostname configured on your router: Router# conf t   Router(config)# hostname router23 You must also configure a domain name: Router(config)# ip domain-name jpt Generate an RSA keypair with a key length of 1024 bits using the following sequence of commands: router(config)# router(config)# crypto key generate rsa The name for the keys will be: routername.soundtraining.class (where routername is your router's hostname) Choose the size of the key modulus in the range of 360 to 2048 for your   General Purpose Keys. Choosing a key modulus greater than 512 may take a few minutes. How many bits in the modulus [512]: 1024 % Generating 1024 bit RSA keys ...[OK] Create a username in the router’s local database for SSH authentication using the following command (for the purpose of the exercise, use the username “user15”): router01(config)# username user15 privilege 15 secret p@ssword Enable login authentication against the local database when logging i...

Planet Switch Configuration Step 1: Log into the Planet Switch Planet switch default IP address is 192.168.0.100 . Default password is “ admin ” Once you have logged into the switch you can change the default IP address to match the IP subnet for LAN1. Here we have used the IP address 192.168.10.100. Step 2: Configure VLAN Membership Go to VLAN Membership configuration menu and create VLAN ID’s and port association. Enter new VLAN ID and click Add On the next page that appears select the ports to be associated with the VLAN Click Apply to save. (We have assigned 6 ports for each VLAN as shown in the screen shots below) Repeat the steps for each VLAN (VLAN’s 1 to 4) Ensure port 1 is associated with all VLANs as this will be the trunk port Note : VLAN1 is enabled by default and all ports are associated with VLAN1 Note: Port 1 must be a member of all VLAN ID’s since this will be used as the 802.1Q VLAN Trunk (uplink) from the Vigor3200 router Step 3: Configure VL...

TestSwitch#show version [Displays software and hardware information] TestSwitch#show running-config [Displays currently running configuration in DRAM] TestSwitch#show start [Displays configuration in NVRAM which will be loaded after reboot] TestSwitch#show flash: [Displays Flash memory information] TestSwitch#show boot [Displays boot path and image] TestSwitch#show clock [Displays the system clock] TestSwitch#show interfaces [Displays all interfaces configuration and status of line] TestSwitch#show vlan [Displays vlan number, name, status and ports associated with it] TestSwitch#show vtp status [Displays VTP mode, Number of existing vlans and config revision] TestSwitch#show interface status [Displays interface status, vlan, Duplex, Speed and type] TestSwitch#show etherchannel [Displays etherchannel information] TestSwitch#show cdp neighbors [Displays information of connected devices] TestSwitch#show cdp neighbors detail [Displays detailed information of connected devices] TestSwitch#s...

ciscoasa> enable ciscoasa# configure terminal ciscoasa(config)# ciscoasa# show running-config ciscoasa# show startup-config ciscoasa# copy run start ciscoasa# write memory ciscoasa# copy tftp flash ciscoasa#config term ciscoasa(config)# boot system flash:/asa911-k8.bin ciscoasa(config)# enable password Gh4w7$-s39fg#(! ciscoasa(config)#username ciscoadmin password adminpassword privilege 15 ciscoasa(config)# hostname DATA-CENTER-FW ciscoasa(config)# crypto key generate rsa modulus 2048 ciscoasa(config)#aaa authentication ssh console LOCAL ciscoasa(config)#username admin password adminpassword privilege 15 ciscoasa(config)#ssh 192.168.1.10 255.255.255.255 inside ciscoasa(config)# interface GigabitEthernet0/1 ciscoasa(config-if)# nameif DMZ ciscoasa(config-if)# ip address 192.168.1.2 255.255.255.0 ciscoasa(config-if)# security-level 50 ciscoasa(config-if)# no shutdown ciscoasa(config)# route outside 0.0.0.0 0.0.0.0 100.1.1.1 ciscoasa(config)# route inside 192.168.2.0 255.255.255.0 192....

span Switch#conf t Switch(config)#monitor session 1 source interface Gi0/1 rx Switch(config)#monitor session 1 destination interface Gi0/2 Switch(config)#end   Rspan   (Source switch) Switch1#conf t Switch1(config)#vlan 30 Switch1(config-vlan)#name RSPAN-Vlan Switch1(config-vlan)#remote-span Switch1(config-vlan)#exit Switch1(config)#monitor session 1 source interface Gi0/1 rx Switch1(config)#monitor session 1 destination remote vlan 30 Switch1(config)#end Allow vlan id 30 on the trunk port Gi0/2 Switch1#sh run int g0/2 switchport trunk encapsulation dot1q switchport trunk allowed vlan 10,20,30 switchport mode trunk (destination switch) Switch2#conf t Switch2(config)#vlan 30 Switch2(config-vlan)#name RSPAN-Vlan Switch2(config-vlan)#remote-span Switch2(config-vlan)#exit Switch2(config)#monitor session 1 destination interface Gi0/2 Switch2(config)#monitor session 1 source remote vlan 30 Switch2(config)#end Allow vlan id 30 on the trunk port Gi0...

Cisco SG300 CLI Commands Other parts were obtained using the CLI PDF provided by Cisco Remove a Trunk and switch to access config t int gi44 switchport trunk allowed vlan remove 2 switchport mode access switchport access vlan 2 or config t int gi44 switchport mode general switchport general allowed vlan remove 2 switchport mode access switchport access vlan 2 Change CDP Device ID Format to Hostname opposed to default MAC address s-sg300#sh cdp Global CDP information:         CDP is globally enabled         CDP log duplex mismatch is globally enabled         CDP log voice VLAN mismatch is globally enabled         CDP log native VLAN mismatch is globally enabled         Mandatory TLVs validation is disabled         Sending CDPv2 advertisements is enabled         Sending Appliance TLV is enabled       ...