Moblie

Tuesday, July 21, 2009

BGP Source & Destination Traffic Load Share

Source and destination base Traffic delivery.
Achieve
1.All internal traffic and client traffic pass through via ISP A
2. 10.28.20.0/24 source route Via ISP B for outgoing traffic
3. 166.24.10.0/24 traffic pass through via ISP B for incoming traffic
********************** Config **************************
Router 1
R1:
router bgp 4500
no synchronization
bgp log-neighbor-changes
network 1.0.0.0
neighbor 210.26.12.21 remote-as 4500
neighbor 210.26.12.38 remote-as 4500
neighbor 210.26.12.38 route-map Test in
neighbor 210.26.12.42 remote-as 4500
no auto-summary
!
!
access-list 1 permit 166.24.10.0 0.0.0.255
!
route-map Test permit 10
match ip address 1
set weight 100
!
route-map Test permit 20
!
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Router 3
R3:
router bgp 4500
no synchronization
bgp log-neighbor-changes
network 3.0.0.0
neighbor 88.88.88.1 remote-as 100
neighbor 88.88.88.1 route-map Test1 out
neighbor 210.26.12.22 remote-as 4500
neighbor 210.26.12.22 next-hop-self
neighbor 210.26.12.29 remote-as 4500
neighbor 210.26.12.29 next-hop-self
no auto-summary
!
access-list 1 permit 1.0.0.0 0.0.0.255
!
route-map Test1 permit 10
match ip address 1
set as-path prepend 100 100 100 100
!
route-map Test1 permit 20
!
!
*********************END*********************
Note: ( LAB 1 Diagram for Reference)

Posted by at No comments:

Friday, July 10, 2009

BGP Lab 1 Traffic Redundancy Both ISP.

In this scenario the BGP routing configure on all Routers & Switch.
The traffic routes on both the ISP’s ( ISP A, ISP B). If any ISP Link
goes down the traffic will shift to another ISP



******************** Config ************************
Router 1
R1:
router bgp 4500
no synchronization
bgp log-neighbor-changes
network 1.0.0.0
neighbor 210.26.12.21 remote-as 4500
neighbor 210.26.12.38 remote-as 4500
neighbor 210.26.12.42 remote-as 4500
no auto-summary
!
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Router 2
R2:
router bgp 4500
no synchronization
bgp log-neighbor-changes
network 2.0.0.0
neighbor 210.26.12.25 remote-as 4500
neighbor 210.26.12.30 remote-as 4500
neighbor 210.26.12.41 remote-as 4500
no auto-summary
!
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Router 3
R3:
router bgp 4500
no synchronization
bgp log-neighbor-changes
network 3.0.0.0
neighbor 88.88.88.1 remote-as 100
neighbor 210.26.12.22 remote-as 4500
neighbor 210.26.12.22 next-hop-self
neighbor 210.26.12.29 remote-as 4500
neighbor 210.26.12.29 next-hop-self
no auto-summary
!
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Router 4
R4:
router bgp 4500
no synchronization
bgp log-neighbor-changes
network 4.0.0.0
neighbor 77.77.77.1 remote-as 200
neighbor 210.26.12.26 remote-as 4500
neighbor 210.26.12.26 next-hop-self
neighbor 210.26.12.37 remote-as 4500
neighbor 210.26.12.37 next-hop-self
no auto-summary
!
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Router 5
R5:
router bgp 100
no synchronization
bgp log-neighbor-changes
network 5.0.0.0
neighbor 55.55.55.1 remote-as 400
neighbor 88.88.88.2 remote-as 4500
neighbor 99.99.99.1 remote-as 500
no auto-summary
!
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Router 6
R6:
router bgp 200
no synchronization
bgp log-neighbor-changes
network 6.0.0.0
neighbor 77.77.77.2 remote-as 4500
neighbor 100.100.100.1 remote-as 400
no auto-summary
!
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Router BB1
BB1
router bgp 500
no synchronization
bgp log-neighbor-changes
network 7.0.0.0
network 172.25.11.0 mask 255.255.255.0
neighbor 99.99.99.2 remote-as 100
no auto-summary
!
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Router BB2
BB2
router bgp 400
no synchronization
bgp log-neighbor-changes
network 8.0.0.0
network 166.24.10.0 mask 255.255.255.0
neighbor 55.55.55.2 remote-as 100
neighbor 100.100.100.2 remote-as 200
no auto-summary
!
*************************Complete*************************
Posted by at No comments:

SONET and SDH Speeds

SONET -------- SDH
OC-3 ---------- STM-1
OC-12 --------- STM-4
OC-48 --------- STM-16
OC-192 -------- STM-64
Posted by at No comments:

Thursday, June 25, 2009

IPS 4215 in ROMMON Mode

Press Ctrl-R while this message is displayed to display the ROMMON menu. The console display resembles the following:

CISCO SYSTEMS IDS-4215
Embedded BIOS Version 5.1.3 17/6/03 12:24:54.32
Compiled by ciscouser
Evaluating Run Options ...
Cisco ROMMON (1.2) #0: Sun June 12 12:24:58 MDT 2003
Platform IDS-4215
0: i8255X @ PCI(bus:0 dev:13 irq:11)
1: i8255X @ PCI(bus:0 dev:14 irq:11)
Using 1: i82557 @ PCI(bus:0 dev:14 irq:11), MAC: 0000.c0fa.ee02
Use ? for help.
rommon>
Posted by at No comments:

Friday, June 19, 2009

Management interfaces on IPS

IDS-4210 ------> FastEthernet0/1
IDS-4215 ------> FastEthernet0/0
IDS-4235 ------> GigabitEthernet0/1
IDS-4250 ------> GigabitEthernet0/1
IPS-4240 ------> Management0/0
IPS-4255 ------> Management0/0
IPS-4260 ------> Management0/0
NM-CIDS ------> FastEthernet0/0
AIP-SSM-10 ------> GigabitEthernet0/0
AIP-SSM-20 ------> GigabitEthernet0/0
IDSM-2 ------> GigabitEthernet0/2
Posted by at No comments:

Tuesday, June 9, 2009

Port Security on Switch

The port security standard configuration on switch. Its the Industry standard configuration on switches. The port will block or disable if any broadcast happen in the Local Area Network..

Example of switch configuration in LAN .
******************** Switch Config ******************
conf t
interface FastEthernet0/1
description **** CONNECTED TO ROUTER ****
!
interface FastEthernet0/2
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable
description **** CONNECTED TO XYZ SERVER ****
switchport port-security violation protect
storm-control broadcast level 50.50
storm-control multicast level 50.50
!
interface range FastEthernet0/2 - 23
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable
switchport port-security violation protect
storm-control broadcast level 50.50
storm-control multicast level 50.50
!
interface FastEthernet0/24
description **** CONNECTED TO Switch 2****
switchport port-security violation protect
udld port aggressive
switchport mode trunk
spanning-tree guard loop

!
end
*************************************************************
Posted by at No comments:

Friday, May 29, 2009

CheckPoint Blog

Link of Checkpoint Blog useful information about Nokia and Checkpoint Firewall

http://www.radical-it.be/blog/
Posted by at No comments:

Thursday, May 28, 2009

Types Of Security Devices

 Cisco Firewall
  1.    PIX (506,515,525,535)
  2.    ASA (5510, 5520,5540,5580)
  3.    Firewall Services Module (FWSM) (6500 switch,7600 router)
Network Security Devices
  1. VPN card
  2. VPN consternater
  3. IPS 4200 (4215, 4240, 4255, 4260, 4270)
  4. ASA IPS Module
Mail & Web security
  1. IRON PORT
  2. CheckPoint Firewall
  3. Bluecoat Proxy
  4. Palo Alto Firewall
Posted by at No comments:
Subscribe to: Posts (Atom)