ip dhcp smart-relay
Category Archives: Cisco
i got my first juniper
It is a Netscreen 5gt. So now commands maybe usefull:
Cisco IOS | Cisco PIX Cisco ASA |
Juniper Netscreen | Description |
---|---|---|---|
show configuration | show configuration | get config saved | get saved configuration |
show running-config | show running-config | get config | get device configuration |
save | to save changes to config | ||
show version | show version | get system | gets system information, Netscreen mode |
show ip inspect session | get session info | shows load on the firewall 85+ implies there will be some latency | |
show interface sh ip interface |
get interface | shows interfaces, zones | |
get address trust/unturst | shows defined network objects | ||
show arp sh ip arp <interface> |
show arp | get arp | shows arp entries |
show ip route | show route | get route | shows firewall routes |
get service | shows firewall services | ||
get group address | network groups | ||
get group service | service groups | ||
get policy in/out | shows applied firewall policies | ||
get log traffic | shows firewall logs – options: based on src/dst/IP/port | ||
no <command> | unset | to remove a config statement | |
get user all | shows vpn users | ||
get log event | shows vpn logs | ||
get mip | shows one to one Nat’s | ||
get vip | shows configured port forwarding rules | ||
get route ip x.x.x.x | finds the specific route for an ip | ||
set policy id xx | put you in a specific policy then you can add more objects it instead of creating a group |
Cisco Config Archive
c870-adventerprisek9-mz.124-15.T7.bin
c2960-lanlitek9-mz.122-50.SE3.bin
rt1#sh archive The next archive file will be named ftp://cisco:cisco@10.0.160.230/config/rt1-4 Archive # Name 0 1 ftp://cisco:cisco@10.0.160.230/config/rt1-1 2 ftp://cisco:cisco@10.0.160.230/config/rt1-2 3 ftp://cisco:cisco@10.0.160.230/config/rt1-3 <- Most Recent 4 5 6 7 8 9 10 11 12 13 14
sw2#sh archive The maximum archive configurations allowed is 14. The next archive file will be named ftp://cisco:cisco@10.0.160.230/config/sw2--18 Archive # Name 1 ftp://cisco:cisco@10.0.160.230/config/sw2Dec-14-17-24-30.425-8 2 ftp://cisco:cisco@10.0.160.230/config/sw2Dec-14-17-24-36.440-9 3 ftp://cisco:cisco@10.0.160.230/config/sw2Dec-14-17-24-41.926-10 4 ftp://cisco:cisco@10.0.160.230/config/sw2Dec-14-17-24-47.454-11 5 ftp://cisco:cisco@10.0.160.230/config/sw2Dec-14-17-24-54.492-12 6 ftp://cisco:cisco@10.0.160.230/config/sw2Dec-14-17-25-40.688-13 7 ftp://cisco:cisco@10.0.160.230/config/sw2Dec-14-17-25-50.788-14 8 ftp://cisco:cisco@10.0.160.230/config/sw2Dec-14-17-25-58.766-15 9 ftp://cisco:cisco@10.0.160.230/config/sw2Dec-14-17-26-07.104-16 10 ftp://cisco:cisco@10.0.160.230/config/sw2Dec-14-17-26-14.092-17 <- Most Recent
ftp> dir 200 Port command successful 150 Opening data channel for directory list. -rw-r--r-- 1 ftp ftp 20299 Dec 14 18:18 rt1-1 -rw-r--r-- 1 ftp ftp 20299 Dec 14 18:19 rt1-2 -rw-r--r-- 1 ftp ftp 20299 Dec 14 18:21 rt1-3 -rw-r--r-- 1 ftp ftp 6714 Dec 14 18:22 sw2Dec-14-17-22-39.964-0 -rw-r--r-- 1 ftp ftp 6714 Dec 14 18:23 sw2Dec-14-17-23-45.597-1 -rw-r--r-- 1 ftp ftp 6714 Dec 14 18:23 sw2Dec-14-17-23-51.393-2 -rw-r--r-- 1 ftp ftp 6714 Dec 14 18:24 sw2Dec-14-17-23-56.972-3 -rw-r--r-- 1 ftp ftp 6714 Dec 14 18:24 sw2Dec-14-17-24-03.515-4 -rw-r--r-- 1 ftp ftp 6714 Dec 14 18:24 sw2Dec-14-17-24-08.665-5 -rw-r--r-- 1 ftp ftp 6714 Dec 14 18:24 sw2Dec-14-17-24-14.085-6 -rw-r--r-- 1 ftp ftp 6714 Dec 14 18:24 sw2Dec-14-17-24-24.176-7 -rw-r--r-- 1 ftp ftp 6714 Dec 14 18:24 sw2Dec-14-17-24-30.425-8 -rw-r--r-- 1 ftp ftp 6714 Dec 14 18:24 sw2Dec-14-17-24-36.440-9 -rw-r--r-- 1 ftp ftp 6714 Dec 14 18:24 sw2Dec-14-17-24-41.926-10 -rw-r--r-- 1 ftp ftp 6714 Dec 14 18:24 sw2Dec-14-17-24-47.454-11 -rw-r--r-- 1 ftp ftp 6714 Dec 14 18:25 sw2Dec-14-17-24-54.492-12 -rw-r--r-- 1 ftp ftp 6714 Dec 14 18:25 sw2Dec-14-17-25-40.688-13 -rw-r--r-- 1 ftp ftp 6714 Dec 14 18:25 sw2Dec-14-17-25-50.788-14 -rw-r--r-- 1 ftp ftp 6714 Dec 14 18:26 sw2Dec-14-17-25-58.766-15 -rw-r--r-- 1 ftp ftp 6714 Dec 14 18:26 sw2Dec-14-17-26-07.104-16 -rw-r--r-- 1 ftp ftp 6714 Dec 14 18:26 sw2Dec-14-17-26-14.092-17 226 Transfer OK FTP: 1631 Bytes empfangen in 0,00Sekunden 815,50KB/s ftp>
Cisco IOS VPN to IPCop
[sourcecode]
crypto isakmp key supersecertkey address AAA.BBB.CCC.DDD
!
crypto isakmp policy 20
encr 3des
hash md5
authentication pre-share
group 2
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto map CSM_CME_FastEthernet0.831 131 ipsec-isakmp
set peer AAA.BBB.CCC.DDD
set transform-set ESP-3DES-SHA
match address XY-TEST-CRYPTO-ACL
reverse-route
!
ip nat outside source static 192.168.XX.121 10.4.YYY.243 add-route
!
ip access-list extended XY-TEST-CRYPTO-ACL
permit ip 10.0.YYY.40 0.0.0.252 192.168.XX.0 0.0.0.255
!
[/sourcecode]
[sourcecode]
# Do not modify ‘ipsec.conf’ directly since any changes you make will be
# overwritten whenever you change IPsec settings using the web interface!
#
version 2.0
config setup
protostack=netkey
klipsdebug=”none”
plutodebug=”none”
#plutoload=%search
#plutostart=%search
uniqueids=yes
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16,%v4:!192.168.5.0/255.255.255.0,%v4:!10.0.244.40/30
conn %default
keyingtries=0
disablearrivalcheck=no
leftupdown=/usr/local/bin/ipsecupdown.sh
#RED
conn RED
left=192.168.0.1
leftsubnet=192.168.XXX.0/24
right=AAA.BBB.CCC.EEE
rightsubnet=10.0.YYYY.40/30
ike=3des-sha-modp1024
esp=3des-sha1
ikelifetime=1h
keylife=24h
dpddelay=30
dpdtimeout=120
dpdaction=restart
pfs=no
authby=secret
auto=start
[/sourcecode]
ISDN Cable
ISDN BRI S/T Cable
8 Pin | TE | NT | Polarity |
---|---|---|---|
1 | Not used | Not used | Not used |
2 | Not used | Not used | Not used |
3 | Transmit | Receive | + |
4 | Receive | Transmit | + |
5 | Transmit | Receive | – |
6 | Receive | Transmit | – |
7 | Not used | Not used | Not used |
8 | Not used | Not used | Not used |
1 | Not used | Not used | Not used |
ISDN BRI Cross Over Cable
Side A (8 Pin) | connect | Side B (8 Pin) | |
---|---|---|---|
1 | Not used | 1 | |
2 | Not used | 2 | |
3 | <-> | 4 | |
4 | <-> | 3 | |
5 | <-> | 6 | |
6 | <-> | 5 | |
7 | Not used | 7 | |
8 | Not used | 8 | |
1 | Not used | Not used | Not used |
Bandwidth Throttling / Policing on Cisco ASA
http://slazyk.com/2009/08/bandwidth-policing-throttling-cisco-asa/
Cisco – Enterasys – LACP
http://reischle.net/ReischleNet/Networking-Blog/8E664038-ED23-4D24-9350-6AB76037A832.html
Cisco DNS Server
ip dns view default
dns forwarder 10.0.243.143
dns forwarder 10.0.243.144
ip dns server
http://www.nil.com/ipcorner/RouterDNS/
http://blog.ioshints.info/2006/09/use-your-cisco-router-as-primary-dns.html
Installing the Cisco Security Manager on Windows 2008 R2
Cisco Security Manager
Hardware
Manufacture | Dell | Cisco Requirements |
---|---|---|
Model | 2850 | |
CPU | 2xIntel Xeon 3.40 GHz | |
RAM | 8GB | |
OS | Windows 2008 R2 / 64bit |
Prepare Windows 2008 R8
Swap Size C: 12280MB D: 12280MB
Replace a Harddisk on a WAE-7341
We have installed some WAE-7341 Boxes in our computer center. Recently one installed harddisk has failed and we need to replace it.