Archive for the ‘Cisco configuration’ Category

Newer Entries »

Configuring a trunk link between a cisco switch and linux

Thursday, September 4th, 2008

Sometimes you want to test configuration settings, and linux is a good environment to do these kinds of tests in

To configure a trunk between a cisco switch and a linux machine you first have to do the trunk configuration on the cisco switch:

switch(config)# int Gi 1/0/1
switch(config-if)#switchport trunk encapsulation dot1q
switch(config-if)# switchport mode trunk
switch(config-if)# int vlan 200
switch(config-if)# ip address 10.0.0.1 255.255.255.0
switch(config-if)# no shutdown
switch(config-if)# exit
switch(config)#

Then the linux configuration for an interface eth0:
linux# /sbin/modprobe 8021q
linux# /sbin/vconfig add eth0 200
linux#/sbin/ifconfig eth0.200 10.0.0.2 netmask 255.255.255.0 up
linux# ping 10.0.0.1
PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data.
64 bytes from 10.0.0.1: icmp_seq=1 ttl=64 time=1.17 ms
64 bytes from 10.0.0.1: icmp_seq=2 ttl=64 time=0.698 ms
64 bytes from 10.0.0.1: icmp_seq=3 ttl=64 time=0.716 ms

Tags: ,
Posted in Cisco configuration | No Comments »

Whiping out the ARP cache

Thursday, September 4th, 2008

Sometimes when you are changing out equipment it takes a long time until the new equipment will reply on ICMP. This is often because the layer 3 / 2 mapping information (arp) is old. The result of this is that the frames will have the wrong destination MAC address, and never even receive the frames.
To clear out an IP address from the ARP cache just issue:

clear ip arp <ip address>

This will cause the IP address / MAC mapping to get booted from the device, and it will then do the process of relearning it.

Tags:
Posted in Cisco configuration | No Comments »

Cisco wildcard cheat!

Tuesday, September 2nd, 2008

Just wanted to share a little fast cheat for figuring out the wildcard mask for networks!

The wildcard mask is used some places in IOS, for example in the network command in configuration of the OSPF routing process.

To figure out the network wildcard mask, just take each octet in the netmask and subtract it from 255.

For 255.255.255.0 the wildcard mask will then be 0.0.0.255
For 255.255.255.252 the wildcard mask will be 0.0.0.3 (255 – 252)

Makes work go faster !

Tags: , ,
Posted in Cisco configuration | 1 Comment »

Setting up an office router with in/out NAT, DHCP server

Monday, September 1st, 2008

The scenario is as follows:

Fa4 = WAN port = 1.2.3.4/30
Fa1 – 3 = VLAN1 = 10.0.0.1/24

All of the clients connected to FastEthernet port 1 to 3 of the router needs:

  1. Automatic host configuration with DHCP
    Gateway: 10.0.0.1
    DNS1: 4.3.2.1
    DNS2: 1.2.3.4
  2. Internet access via NAT
  3. The machine at 10.0.0.2 should be excluded from DHCP,
    and have port 80 forwarded to it.

DHCP configuration
router(config)# ip dhcp excluded-address 10.0.0.1 10.0.0.2
router(config)# service dhcp
router(config)# ip dhcp pool Clients
router(dhcp-config)# network 10.0.0.0 255.255.255.0
router(dhcp-config)# domain-name clients.lan
router(dhcp-config)# default-router 10.0.0.1
router(dhcp-config)# dns-server 4.3.2.1 1.2.3.4
router(dhcp-config)# lease 0 1

This give 0 day and 1 hour leases (leasetime 1 hour)

NAT configuration
router(config)# interface vlan 1
router(config-if)# ip nat inside
router(config-if)# interface Fa 4
router(config-if)# ip nat outside
router(config-if)# exit
router(config)# access-list 20 permit 10.0.0.0 0.0.0.255
router(config)# ip nat pool ovrld 1.2.3.4 1.2.3.4 prefix-length 24
router(config)# ip nat inside source list 20 pool ovrld overload

The forwarding of port 80 to 10.0.0.2
router(config)# ip nat inside source static tcp 10.0.0.2 80 interface Fa4 80

That should be all, if there are any errors, please comment!

Tags: , ,
Posted in Cisco configuration | No Comments »

How to get user authentication with AAA running on Cisco

Monday, September 1st, 2008

To get aaa running you need to perform the following steps:

First create a local user database
switch(config)# username myusername secret myunencryptedpassword
switch(config)# aaa new-model
switch(config)# aaa authentication login default local

Could be good to also do:
switch(config)# line vty 0 15
switch(config-line)# login authentication default

Use CTRL+Z to skip out of config fast, then try to login in a new window before
closing the authenticated one, in case you screwed up the configuration.

You can get locked out!

Tags: ,
Posted in Cisco configuration | 1 Comment »

Newer Entries »