Moblie
Saturday, December 1, 2012
Sunday, October 21, 2012
QOS Bandwidth Percent on routers
QOS apply on WAN Link.
Bandwidth Parentage applies if you required minimum bandwidth for particular application. If the application required more bandwidth, that will consumed from fair queue.
In this example the three bandwidth percentage apply in Policy.
class-map match-all EX-App
match access-group 118
class-map match-all Video
match access-group 102
class-map match-all LX-App
match access-group 121
!
!
policy-map policy1
class EX-App
bandwidth percent 45
class LX-App
bandwidth percent 20
class Video
bandwidth percent 7
class class-default
fair-queue
interface GigabitEthernet0/0
description *** Wan link 30 Mbps ***
bandwidth 30720
ip address 172.34.99.211 255.255.255.252
load-interval 30
Service-policy output policy1
VIDEO ACL
access-list 102 permit tcp any any range 3230 3235
access-list 102 permit udp any any range 3230 3235
access-list 102 permit tcp any any eq 1503
access-list 102 permit tcp any any eq 1731
access-list 102 permit tcp any any eq 3603
access-list 102 permit ip any any dscp cs1
access-list 102 permit ip any any dscp af13
access-list 102 permit ip any any dscp cs4
access-list 102 permit ip any any dscp af41
access-list 102 permit tcp any any range 1718 1720
access-list 102 permit udp any any range 1718 1720
access-list 102 permit tcp any any range 2253 2263
access-list 102 permit udp any any range 2253 2263
access-list 102 permit tcp any any range 49152 49159
access-list 102 permit udp any any range 49152 49159
access-list 102 permit ip any host 172.34.0.X
access-list 102 permit ip any host 172.32.36.X
APPLICATION ACL
access-list 118 permit ip host 172.34.0.X any
access-list 118 permit ip host 172.35.0.X any
access-list 118 permit ip host 172.34.0.X any
access-list 118 permit ip host 172.36.0.X any
access-list 118 permit ip host 172.34.0.X any
access-list 118 permit ip host 172.45.0.X any
access-list 118 permit ip host 172.23.0.X any
access-list 118 permit ip host 172.34.0.X any
access-list 121 permit ip host 172.54.0.X any
access-list 121 permit ip host 172.45.0.X any
access-list 121 permit ip host 172.45.0.X any
access-list 121 permit ip host 172.45.0.X any
Bandwidth Parentage applies if you required minimum bandwidth for particular application. If the application required more bandwidth, that will consumed from fair queue.
In this example the three bandwidth percentage apply in Policy.
class-map match-all EX-App
match access-group 118
class-map match-all Video
match access-group 102
class-map match-all LX-App
match access-group 121
!
!
policy-map policy1
class EX-App
bandwidth percent 45
class LX-App
bandwidth percent 20
class Video
bandwidth percent 7
class class-default
fair-queue
interface GigabitEthernet0/0
description *** Wan link 30 Mbps ***
bandwidth 30720
ip address 172.34.99.211 255.255.255.252
load-interval 30
Service-policy output policy1
VIDEO ACL
access-list 102 permit tcp any any range 3230 3235
access-list 102 permit udp any any range 3230 3235
access-list 102 permit tcp any any eq 1503
access-list 102 permit tcp any any eq 1731
access-list 102 permit tcp any any eq 3603
access-list 102 permit ip any any dscp cs1
access-list 102 permit ip any any dscp af13
access-list 102 permit ip any any dscp cs4
access-list 102 permit ip any any dscp af41
access-list 102 permit tcp any any range 1718 1720
access-list 102 permit udp any any range 1718 1720
access-list 102 permit tcp any any range 2253 2263
access-list 102 permit udp any any range 2253 2263
access-list 102 permit tcp any any range 49152 49159
access-list 102 permit udp any any range 49152 49159
access-list 102 permit ip any host 172.34.0.X
access-list 102 permit ip any host 172.32.36.X
APPLICATION ACL
access-list 118 permit ip host 172.34.0.X any
access-list 118 permit ip host 172.35.0.X any
access-list 118 permit ip host 172.34.0.X any
access-list 118 permit ip host 172.36.0.X any
access-list 118 permit ip host 172.34.0.X any
access-list 118 permit ip host 172.45.0.X any
access-list 118 permit ip host 172.23.0.X any
access-list 118 permit ip host 172.34.0.X any
access-list 121 permit ip host 172.54.0.X any
access-list 121 permit ip host 172.45.0.X any
access-list 121 permit ip host 172.45.0.X any
access-list 121 permit ip host 172.45.0.X any
Rate Limit on Cisco Router for Wan Link.
Apply Rate Limit 6 Mbps on particular Source and Destination IP address.
interface GigabitEthernet0/0
description *** 30 Mbps WAN Link*
bandwidth 30720
ip address 172.35.34.31 255.255.255.252
rate-limit output access-group 103 6144000 1152000 2304000 conform-action transmit exceed-action drop
duplex full
speed 100
access-list 103 permit ip host 172.25.0.46 host 172.21.0.31
access-list 103 permit ip host 172.21.0.31 host 172.25.0.46
Friday, October 12, 2012
Switch Authentication Via TACACS Server for JUNIPER EX-4200 Switch
Switch Authentication Via TACACS Server For JUNIPER EX-4200 Switch
If TACACS server communication fail , The local login will work
********************************************************************************
set system host-name Core_SW2
set system time-zone Asia/Calcutta
set system authentication-order tacplus
set system authentication-order password
set system ports console log-out-on-disconnect
set system root-authentication encrypted-password "X>X>X>X>X>X>X."
set system tacplus-server 10.100.100.4 secret "XXXXXXXXXXXX"
set system tacplus-server 10.100.100.4 source-address 172.X.X.X // Ip address local switch
set system login message "***********************"
set system login user admin uid 2000
set system login user admin class super-user
set system login user admin authentication encrypted-password "XXXXXXXXXXXX"
set system login user NOC uid 2002
set system login user NOC class read-only
set system login user NOC authentication encrypted-password "XXXXXXXXXXXX"
set system login user netroot uid 2001
set system login user netroot class super-user
set system login user netroot authentication encrypted-password "XXXXXXXXXXXX"
set system login user remote uid 2003
set system login user remote class super-user
set system services ftp
set system services ssh
set system services telnet
If TACACS server communication fail , The local login will work
********************************************************************************
set system host-name Core_SW2
set system time-zone Asia/Calcutta
set system authentication-order tacplus
set system authentication-order password
set system ports console log-out-on-disconnect
set system root-authentication encrypted-password "X>X>X>X>X>X>X."
set system tacplus-server 10.100.100.4 secret "XXXXXXXXXXXX"
set system tacplus-server 10.100.100.4 source-address 172.X.X.X // Ip address local switch
set system login message "***********************"
set system login user admin uid 2000
set system login user admin class super-user
set system login user admin authentication encrypted-password "XXXXXXXXXXXX"
set system login user NOC uid 2002
set system login user NOC class read-only
set system login user NOC authentication encrypted-password "XXXXXXXXXXXX"
set system login user netroot uid 2001
set system login user netroot class super-user
set system login user netroot authentication encrypted-password "XXXXXXXXXXXX"
set system login user remote uid 2003
set system login user remote class super-user
set system services ftp
set system services ssh
set system services telnet
Saturday, October 6, 2012
Authentication Via TACACS server for Cisco Device
Switch Authentication Via TACACS
If TACACS server communication fail , The local login will work
*******************************************************************
hostname CORE_SWITCH
!
!
enable password 7 XXXXXXX
!
username ADMIN privilege 15 password 7 XXXXXXXXXXXXXX
username NOC privilege 7 password 7 XXXXXXXXXXXXXXXX
aaa new-model
aaa authentication login default group tacacs+ local
aaa authentication enable default group tacacs+ enable
aaa authorization exec default group tacacs+ local
aaa authorization commands 15 default group tacacs+ local
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting network default start-stop group tacacs+
aaa accounting connection default start-stop group tacacs+
aaa accounting system default start-stop group tacacs+
interface Vlan100
ip address 10.100.100.254 255.255.255.0
standby 1 ip 10.X.X.X
standby 1 priority 150
standby 1 preempt
ip tacacs source-interface Vlan100
tacacs-server host 105.106.106.40
tacacs-server directed-request
tacacs-server key 7 XXXXXXXXXXXXXX
radius-server source-ports 1645-1646
line con 0
privilege level 15
password 7 XXXXXXXX
stopbits 1
line vty 0 4
password 7 XXXXXXXXX
line vty 5 15
password 7 XXXXXXXXX
!
Block Network only for Guest Wi-Fi user
Block Guest Wi-Fi user to access the Internal LAN Network and Other site WAN and DMZ Network. Only Internet allowed for Guest Wi-Fi User Via Proxy
interface Vlan43
description **WiFi_Guest Vlan **
ip address 172.29.43.X 255.255.255.0
ip access-group GUEST_BLOCK_NET in
ip access-list extended GUEST_BLOCK_NET
permit ip 172.29.43.0 0.0.0.255 172.29.43.0 0.0.0.255
permit ip any host 10.100.100.254 // Internet Proxy IP //
permit ip any host 172.29.60.1 // Wi_Fi Controler IP //
deny ip 172.29.43.0 0.0.0.255 172.16.0.0 0.15.255.255 // Deny Other Local Vlan networks //
deny ip 172.29.43.0 0.0.0.255 10.100.100.254 0.0.0.255 // Deny Other WAN and DMZ networks //
deny ip 172.29.43.0 0.0.0.255 192.168.100.0 0.0.0.255 // Deny Other Remote Location networks //
permit ip any any
Subscribe to:
Posts (Atom)