Documentos de Académico
Documentos de Profesional
Documentos de Cultura
https://www.cisco.com/c/en/us/products/routers/branch-routers/index.html
==========================
FORWARDING DE PUERTOS
ip nat inside source static tcp ip_inside_local puerto ip_inside_global puerto
p nat inside source static tcp 192.168.1.9 2222 181.39.85.3 2222
--------------------------------------------------------------
NATEO
NAT ESTATICO
R1(config)#ip nat inside source static 172.16.16.1 64.100.50.1
R1(config)#int g0/0
R1(config-if)#ip nat inside
R1(config-if)#int s0/0/0
R1(config-if)#ip nat outside
NAT DINAMICO
*Paso1
Establecer una ACL que indique cuáles direcciones no más van a salir
*Paso2
Establecer el pool NAT de direcciones con las cuales van a salir
*Paso3
Relación el pool NAT de direcciones con la ACL
*Paso4
Introducir el nateo en las interfaces
PAT
CASO CUANDO ISP DA MAS DE DOS DIRECCIONES
ip nat pool NAT-POOL2 209.165.200.226 209.165.200.240 netmask 255.255.255.224
access-list 1 permint 192.168.0.0 0.0.255.255
ip nat inside source list 1 pool NAT-POOL2 overload
int s0/0/0
ip nat outside
int f0/0
ip nat inside
interface Vlan10
description INTERNET
ip address 186.5.5.145 255.255.255.248
no ip redirects
no ip proxy-arp
ip accounting output-packets
ip virtual-reassembly
rate-limit input access-group 110 10000000 1000000 1000000 conform-action transmit
exceed-action drop
rate-limit input access-group 100 4608000 4608000 4608000 conform-action transmit
exceed-action drop
rate-limit output access-group 110 10000000 1000000 1000000 conform-action
transmit exceed-action drop
rate-limit output access-group 100 4608000 4608000 4608000 conform-action transmit
exceed-action drop
load-interval 30
***********************************************
****************SEGMENTACION INTERNET Y DATOS*******************
interface Ethernet1/0
ip address 192.168.160.169 255.255.255.248
ip nat inside
full-duplex
service-policy input BW
service-policy output BW
UBICAR LAS POLICIES CREADAS EN LAS INTERFACES ej: fa0.1994 de ser necesario
police cir bits si es 1 mega seria:
police cir 1024000
***********************************************
*******SEGMENTACION POR INTERFACE**************
interface Vlan2
ip address 192.168.25.7 255.255.255.0
no ip redirects
no ip proxy-arp
ip virtual-reassembly
ip tcp adjust-mss 1432
rate-limit input 6144000 614400 614400 conform-action transmit exceed-action drop
rate-limit output 6144000 614400 614400 conform-action transmit exceed-action drop
load-interval 30
*********************************************
SEGMENTACION ESPECIFICANDO NOT MACTCH ACL
*********************************************
class-map WEB_TR
match access-group 120
class class-default
policie-map CCIE
class WEB_TR
bandwidth 64
class class-default
int fa4
service-policy output CCIE
EJEMPLO:
access-list 120 permit ip any any
policy-map SEGMENTACION500MB
class SEGMENTACION500MB
bandwidth 512000
interface GigabitEthernet0/0/0
ip address 10.61.60.222 255.255.255.252
service-policy output SEGMENTACION500MB
==========================================================================
###############################################
**********CONFIGURACION VPN********************
interface FastEthernet4
description TO TELCONET
ip address 186.3.100.165 255.255.255.0
crypto map VPN-MEDISUMI
====================================================
TUNEL
CoopStaRosa-CIAS(TU0)==================(TU7)bce-gye-conc-cias
CoopStaRosa-CIAS WAN:10.110.175.90
bce-gye-conc-cias WAN:10.11.117.98
CONFIGURACION:
CoopStaRosa-CIAS
interface Tunnel0
description TO BCE-GYE
ip address 192.168.96.237 255.255.255.252
ip nat outside
ip virtual-reassembly
ip tcp adjust-mss 1432
keepalive 3 3
tunnel source 10.110.175.90
tunnel destination 10.11.117.98
end
ip route 10.11.117.98 255.255.255.255 10.110.175.89 name WAN_BCE_GYE
bce-gye-conc-cias
interface Tunnel7
description coop-SantaRosa
ip address 192.168.96.238 255.255.255.252
ip tcp adjust-mss 1432
keepalive 3 3
tunnel source 10.11.117.98
tunnel destination 10.110.175.90
end
===========================================
CONFIGURACION TUNNEL
CoopStaRosa-CIAS
interface Tunnel1
description BAUSTRO
ip address 172.20.1.126 255.255.255.252
tunnel source 10.110.175.130
tunnel destination 10.33.250.211
!
ip route 10.33.250.211 255.255.255.255 10.110.175.129 name BAUSTRO
CONCENTRADOR_CUENCA-ATM-CIAS#
interface Tunnel196
description COOP-SANTA-ROSA
ip address 172.20.1.125 255.255.255.252
ip tcp adjust-mss 1432
tunnel source 10.33.250.211
tunnel destination 10.110.175.130
end
ip route 10.110.175.130 255.255.255.255 10.33.250.209 name COOP_STAROSA
================================================
VER RUTAS RECIBIDAS EN BGP
sh ip bgp neigh x.x.x.x received-routes
sh ip bgp vpnv4 vrf routerbg7513_1_40 summary
=================================================
CONFIGURAR PBR
ip access-list extended 101
permit ip 10.0.0.0 0.0.0.255 any
route-map gold
match ip address 101
set ip next-hop 172.16.255.2
interface fa0/0
ip policy route-map gold
debug ip policy
debug ip packet 101 detail
debug ip policy 101
Note1: The ‘set ip next-hop‘ and ‘set ip default next-hop‘ are similar commands but
have a different order of operations. Configuring the set ip next-hop command
causes the system to use policy routing first and then use the routing table.
Configuring the set ip default next-hop command causes the system to use the
routing table first and then policy route the specified next hop.
==================================================
CONFIGURAR RELOAD PROGRAMADO
Ciscozine#reload in 1:30
Reload scheduled for 10:20:49 UTC Thu Apr 28 2011 (in 1 hour and 30 minutes) by
console
Reload reason: Reload Command
Proceed with reload? [confirm]
Ciscozine#show reload
Reload scheduled for 10:20:49 UTC Thu Apr 28 2011 (in 1 hour and 29 minutes) by
console
Reload reason: Reload Command
Ciscozine#reload cancel (cancelar reinicio)
==================================================
PARA ACTIVAR VLAN CUAND NO HAY NADA CONECTADO
int vlan 1
no autostate
=======================
COMANDOS PARA VER EN SWITCH CISCO BW
sh mls qos int fa0/16 queueing
sh mls qos aggregate-policer
========================
COMANDOS PARA VER LOAD BALANCE (CUANDO POR UNA INTERFAZ SUBE Y OTRA INTERFAZ BAJA)
sw etherchannel load-balance
EJEMPLO:
nedetel-vincesbalzar#sh etherchannel load-balance
EtherChannel Load-Balancing Configuration:
dst-ip
track 1 ip sla 1
interface Vlan1
description LAN-CLIENTE
ip address 192.168.6.252 255.255.255.0
standby 1 ip 192.168.6.254
standby 1 priority 110
standby 1 preempt
standby 1 track 1 decrement 60
ROUTER BACKUP
interface Vlan1
description LAN
ip address 192.168.6.253 255.255.255.0
standby 1 ip 192.168.6.254
standby 1 priority 90
standby 1 preempt
=====OTRA FORMA====
configure object tracking for the GigabitEthernet 0/2 interface. When the line-
protocol changes (goes down) then the object state will change
SW2(config)#interface Vlan 1
SW2(config-if)#standby 1 track 1 decrement 60
Fuente:https://networklessons.com/cisco/ccie-routing-switching/hsrp-hot-standby-
routing-protocol
=================================================================
BGP
weight es solo un parametro que indica como sale el router, para que retorne el
trafico por el backup se debe setear metric 1000 como routemap en el backup, ya que
como esta caido el principal el pe va a ir al cpe por el backup, y asi mismo cuando
el pe sense que que el principal del cpe ya haya subido va enviar todo el trafico
por la metric 0 es decir por el principal
CPE
federal#sh ip bgp
Network Next Hop Metric LocPrf Weight Path
* 0.0.0.0 10.211.227.221 890 27947 27947 i
* 181.39.73.1 990 27947 i
* 10.211.183.225 900 27947 27947
i
*> 181.198.17.1 1000 27947 i
PE
pe1gyec> sh ip bgp vpnv4 vrf telconet | b 181.39.87.64
Network Next Hop Metric LocPrf Weight Path
* 181.39.87.64/30 181.39.73.18 1000 0 65305 i
*> 181.198.17.36 0 0 65305
i