Monday 12 November 2012

Specify ACL to interface


Standard ACLs can filter traffic based on source IP address only. In this task, you are configuring a standard ACL that blocks traffic from the 192.168.11.0 /24 network. This ACL will be applied inbound on the R3 serial interface. Remember that every ACL has an implicit “deny all” that causes all traffic that has not matched a statement in the ACL to be blocked. For this reason, add the permit any statement to the end of the ACL.

Step 1. Create the ACL.

In global configuration mode, create a standard named ACL called std-1.

R3(config)#ip access-list standard std-1

In standard ACL configuration mode, add a statement that denies any packets with a source address of 192.168.11.0 /24 and prints a message to the console for each matched packet.

R3(config-std-nacl)#deny 192.168.11.0 0.0.0.255

Permit all other traffic.

R3(config-std-nacl)#permit any

Step 2. Apply the ACL.

Apply the ACL std-1 as a filter on packets entering R3 through serial interface 0/0/1.

R3(config)#interface serial 0/0/1
R3(config-if)#ip access-group std-1 in

Assign default gateway to switch

S1#(config) ip default-gateway [IP ADDRESS]

Assign Management VLAN

Assigning IP address to VLAN interface 


SW1>enable
SW1>configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
SW1(config)#vlan 10
SW1(config-vlan)#name Management
SW1(config-vlan)#end
SW1
#SW1#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
SW1(config)#interface vlan10
SW1(config-if)#ip address 10.1.1.10 255.255.255.0
SW1(config-if)#no shut
SW1(config-if)#
SW1(config-if)#interface FastEthernet0/1
SW1(config-if)#switchport access vlan 10
SW1(config-if)#no shut
SW1(config-if)#end
SW1#

Thursday 18 October 2012

Restart Cisco Router 1841

hard reset router

Ctrl+Backspace+Pause


rommon 1 > confreg 2142
rommon 2 > reset

Router>en
Router#show version

Saturday 18 August 2012

Cisco network design documents

Cisco offers a whole bunch of design guides for deploying and optimizing networks from branch size all the way up to data center and ISP  level.

[LINK] Cisco Validated Design documentation


Saturday 28 July 2012

VLAN'S SWITCH SIDE

Create and Name VLAN

S1(config)#vlan {VLAN NUMBER}
S1(config-vlan)#name {VLAN NAME}
S1(config -vlan)# exit


Trunk VLAN

S1(config)#int range {INT RANGE E.G fa0/0 - fa0/24}  
NOTE: int range command doesn't work in packet tracer, use int {INT}
S1(config-if)#switchport mode trunk
S1(config-if)#switchport trunk native vlan {VLAN NUMBER}

Access VLAN

S1(config)#int range {INT RANGE E.G fa0/0 - fa0/24}  
NOTE: int range command doesn't work in packet tracer, use int {INT}

S1(config-if)#switchport mode access
S1(config-if)#switchport access vlan {VLAN NUMBER}

VLAN'S ROUTER SIDE

Sub interface configuration as Native VLAN

R1(config)int fa0/0.99
R1(config-subif) encap dot1q 99 native
R1(config-subif) ip address {IPADDRESS} {MASK}


VLAN Sub interface configuration

R1(config)int fa0/0.99
R1(config-subif) encap dot1q 99
R1(config-subif) ip address {IPADDRESS} {MASK}