Cisco

Free CCNA books

Trouble shooting

sh ip int brie

sh int status

  • Output naar SSH sessie > terminal monitor
  • Debug ACL > debug IP packet 181(ACL number)

Access list

  • access-list 181 remark TEST_ACL
  • access-list 181 permit source destination
  • sh access-list 181
  • regel tussenvoegen
    • ip access-list extended 181
    • promt changes to “config-ext-nacl”
    • 15 permit ip source destination
  • regel verwijderen
    • ip access-list extended 181
    • promt changes to “config-ext-nacl”
    • no 15 permit ip source destination
  • Access list verwijderen
    • Change to config
    • no access-list 181

Reset Cisco 800

  1. First switch off your router.
  2. Then, switch on your router and within the first 20 seconds of startup send a break character to the terminal.
    • Windows OS – If you are using PuTTY, on your keyboard press Ctrl + Break buttons at the same time; or you right click on the bar at the top of the PuTTY window and select Special Command > Break.
  3. Next, You will immediately be taken to the prompt.
  4. After that, at the prompt, type the following command to tell the Cisco router to skip the existing configuration or settings on startup: confreg 0x2142.
  5. Then, at the prompt, type the following command to restart the Cisco router: reset.
  6. The router will restart shortly.
  7. Next, If you are prompted for initial configuration dialogue, type no.
  8. Then, After the loading has stopped, press Return to be taken to the main prompt on screen.
  9. At the prompt:
    • Type en to enter privileged mode
    • Type write erase to issue the erase comment
    • Type y to confirm erase command
    • Type configure t
    • Type config-register 0x2102 this tells the Cisco  router to process existing config on startup
    • Type end
  10. Finally, switch off your router and then turn it back on. Your router has now been restored to the original factory configuration.

Reset Cisco 3550

Boot mode indrukt houden

flush_init

dir flash

rename flash: config.text flash:config.old

reboot

IPSEC VPN

Source:  soundtraining.net

Network setup


1 Phase one The key exchange

Invoke encrypted services
    crypto isakmp policy 10 ( Number between 1 and 10000 (priority of the policy))
select the hash algoritm
    hash sha
select the way of authentication
    authentication pre-share
to identify the key
    crypto isakmp key vpnkey address 192.168.1.12 (vpnkey = textstring must match at both side of the connection)

2 Encrypting the tunnel

setup ipsec
    crypto ipsec transform-set vpnset esp-sha esp-sha-hmac (vpnset = textstring must be consistant)
Exit
    exit
setup crypto map
    crypto map vpnset 10 ipsec-isakmp
        (number between 10 and 65k to identify the sequence to insert in the crypto map)
Which transform set to use
    set transform-set vpnset
Match access list
    match address 100
    set peer 192.168.1.12

3 Apply the crypto map to the outside interface

    int f4
    crypto map vpnset

4 Creating an access list to identify the traffic flow (inside to inside)

    access-list 100 permit ip 192.168.101.0 0.0.0.255 ip 192.168.102.0 0.0.0.255
set a default route even when it is not needed.
    ip route 0.0.0.0 0.0.0.0 192.168.1.1

Training

  • Do sh run > with do you can give commands from lower level
  • no ip domain-lookup > prevents searching for a typo as domain
  • Show running-config | section Fastethernet0/11
  • 802.1Q > VLAN
  • spanning tree