Moblie

Sunday, October 21, 2012

QOS Bandwidth Percent on routers

QOS apply on WAN Link.


Bandwidth Parentage applies if you required minimum bandwidth for particular application. If the application required more bandwidth, that will consumed from fair queue.

In this example the three bandwidth percentage apply in Policy.



class-map match-all EX-App

match access-group 118

class-map match-all Video

match access-group 102

class-map match-all LX-App

match access-group 121

!

!

policy-map policy1

class EX-App

bandwidth percent 45

class LX-App

bandwidth percent 20

class Video

bandwidth percent 7

class class-default

fair-queue




interface GigabitEthernet0/0
description *** Wan link 30 Mbps ***
bandwidth 30720
ip address 172.34.99.211 255.255.255.252
load-interval 30
Service-policy output policy1


VIDEO ACL

access-list 102 permit tcp any any range 3230 3235

access-list 102 permit udp any any range 3230 3235

access-list 102 permit tcp any any eq 1503

access-list 102 permit tcp any any eq 1731

access-list 102 permit tcp any any eq 3603

access-list 102 permit ip any any dscp cs1

access-list 102 permit ip any any dscp af13

access-list 102 permit ip any any dscp cs4

access-list 102 permit ip any any dscp af41

access-list 102 permit tcp any any range 1718 1720

access-list 102 permit udp any any range 1718 1720

access-list 102 permit tcp any any range 2253 2263

access-list 102 permit udp any any range 2253 2263

access-list 102 permit tcp any any range 49152 49159

access-list 102 permit udp any any range 49152 49159

access-list 102 permit ip any host 172.34.0.X
access-list 102 permit ip any host 172.32.36.X


APPLICATION ACL


access-list 118 permit ip host 172.34.0.X any

access-list 118 permit ip host 172.35.0.X any

access-list 118 permit ip host 172.34.0.X any

access-list 118 permit ip host 172.36.0.X any

access-list 118 permit ip host 172.34.0.X any

access-list 118 permit ip host 172.45.0.X any

access-list 118 permit ip host 172.23.0.X any

access-list 118 permit ip host 172.34.0.X any

access-list 121 permit ip host 172.54.0.X any

access-list 121 permit ip host 172.45.0.X any

access-list 121 permit ip host 172.45.0.X any

access-list 121 permit ip host 172.45.0.X any
Posted by at No comments:

Rate Limit on Cisco Router for Wan Link.

Apply Rate Limit 6 Mbps on particular Source and Destination IP address.

interface GigabitEthernet0/0

description *** 30 Mbps WAN Link*

bandwidth 30720

ip address 172.35.34.31 255.255.255.252

rate-limit output access-group 103 6144000 1152000 2304000 conform-action transmit       exceed-action drop

duplex full

speed 100





access-list 103 permit ip host 172.25.0.46 host 172.21.0.31

access-list 103 permit ip host 172.21.0.31 host 172.25.0.46



Posted by at No comments:

Friday, October 12, 2012

Switch Authentication Via TACACS Server for JUNIPER EX-4200 Switch

Switch Authentication Via TACACS Server For JUNIPER EX-4200 Switch
If TACACS server communication fail , The local login will work

********************************************************************************

set system host-name Core_SW2

set system time-zone Asia/Calcutta

set system authentication-order tacplus

set system authentication-order password

set system ports console log-out-on-disconnect

set system root-authentication encrypted-password "X>X>X>X>X>X>X."

set system tacplus-server 10.100.100.4 secret "XXXXXXXXXXXX"

set system tacplus-server 10.100.100.4 source-address 172.X.X.X // Ip address local switch

set system login message "***********************"

set system login user admin uid 2000

set system login user admin class super-user

set system login user admin authentication encrypted-password "XXXXXXXXXXXX"

set system login user NOC uid 2002

set system login user NOC class read-only

set system login user NOC authentication encrypted-password "XXXXXXXXXXXX"

set system login user netroot uid 2001

set system login user netroot class super-user

set system login user netroot authentication encrypted-password "XXXXXXXXXXXX"

set system login user remote uid 2003

set system login user remote class super-user

set system services ftp

set system services ssh

set system services telnet
Posted by at No comments:

Saturday, October 6, 2012

Authentication Via TACACS server for Cisco Device


Switch Authentication Via TACACS
If TACACS server communication fail , The local login will work

*******************************************************************

hostname CORE_SWITCH

!



!

enable password 7 XXXXXXX

!

username ADMIN privilege 15 password 7 XXXXXXXXXXXXXX

username NOC privilege 7 password 7 XXXXXXXXXXXXXXXX

aaa new-model

aaa authentication login default group tacacs+ local

aaa authentication enable default group tacacs+ enable

aaa authorization exec default group tacacs+ local

aaa authorization commands 15 default group tacacs+ local

aaa accounting exec default start-stop group tacacs+

aaa accounting commands 1 default start-stop group tacacs+

aaa accounting commands 15 default start-stop group tacacs+

aaa accounting network default start-stop group tacacs+

aaa accounting connection default start-stop group tacacs+

aaa accounting system default start-stop group tacacs+



interface Vlan100

ip address 10.100.100.254 255.255.255.0

standby 1 ip 10.X.X.X

standby 1 priority 150

standby 1 preempt





ip tacacs source-interface Vlan100





tacacs-server host 105.106.106.40

tacacs-server directed-request

tacacs-server key 7 XXXXXXXXXXXXXX

radius-server source-ports 1645-1646





line con 0

privilege level 15

password 7 XXXXXXXX

stopbits 1

line vty 0 4

password 7 XXXXXXXXX

line vty 5 15

password 7 XXXXXXXXX

!
Posted by at No comments:

Block Network only for Guest Wi-Fi user


Block Guest Wi-Fi user to access the Internal LAN Network and Other site WAN and DMZ Network. Only Internet allowed for Guest Wi-Fi User Via Proxy



interface Vlan43

description **WiFi_Guest Vlan **

ip address 172.29.43.X 255.255.255.0

ip access-group GUEST_BLOCK_NET in





ip access-list extended GUEST_BLOCK_NET

permit ip 172.29.43.0 0.0.0.255 172.29.43.0 0.0.0.255

permit ip any host 10.100.100.254 // Internet Proxy IP //

permit ip any host 172.29.60.1 // Wi_Fi Controler IP //

deny ip 172.29.43.0 0.0.0.255 172.16.0.0 0.15.255.255 // Deny Other Local Vlan networks //

deny ip 172.29.43.0 0.0.0.255 10.100.100.254 0.0.0.255 // Deny Other WAN and DMZ networks //

deny ip 172.29.43.0 0.0.0.255 192.168.100.0 0.0.0.255 // Deny Other Remote Location networks //

permit ip any any
Posted by at No comments:
Subscribe to: Posts (Atom)