xpresslearn.com » Xpressbits

VTP Server Mode Configuration

Scott Pilkinton — Mon, 26 May 2008 03:12:58 +0000

Task:

Configure IOS based switch to act as a VTP server for your network.

Solution:

! Start from Global configuration mode
!
! Configure VTP Server
vtp mode server
!
! Set VTP to use version 2 of the protocol
!
vtp version 2
!
! Tell all switches to automatically prune unused vlans from trunks
!
vtp pruning
!
! Assign a name to the vtp domain
!
vtp domain Xpresslearn
!
! Assign a password to the VTP domain which prevents vlan changes
! unless passwords match with the client switch
!
vtp password Xpresspw

Basic Port Channel

Scott Pilkinton — Tue, 06 May 2008 15:14:03 +0000

Task:

Create an access port based Etherchannel to increase bandwidth to a computer with two network cards.

Solution:

!
! Configure member ports as basic access ports
!
interface GigabitEthernet1/0/1
 description Nic 1 on Server
 ! This is a Layer2 port
 switchport
 ! Force access mode - no trunking
 switchport mode access
 ! Assign port the vlan needed for the machine
 switchport access vlan 5
 ! Don't wait the better part of one minute to start forwarding traffic on this port
 spanning-tree portfast
 ! Assign port as a member of Port Channel 1
 ! Mode Guide: Select appropriate based on what the other end supports
 ! active - send LACP packets to negotiate Etherchannel
 ! on - do not use any negotiation and just force Etherchannel
 ! desirable - send PAgP packets to negotiate Etherchannel
 channel-group 1 mode active
 ! Configure Etherchannel load balancing algorithm
 port-channel load-balance src-mac

!
interface GigabitEthernet1/0/2
 description Nic 2 on Server
 ! This is a Layer2 port
 switchport
 ! Force access mode - no trunking
 switchport mode access
 ! Assign port the vlan needed for the machine
 switchport access vlan 5
 ! Don't wait the better part of one minute to start forwarding traffic on this port
 spanning-tree portfast
 ! Assign port as a member of Port Channel 1
 ! Mode Guide: Select appropriate based on what the other end supports
 ! active - send LACP packets to negotiate Etherchannel
 ! on - do not use any negotiation and just force Etherchannel
 ! desirable - send PAgP packets to negotiate Etherchannel
 channel-group 1 mode active
 ! Configure Etherchannel load balancing algorithm
 port-channel load-balance src-mac
! Any changes to the member ports going forward should be done on the interface PortChannelX
! and not the individual port numbers

Advertise nat IP into routing protocol

Scott Pilkinton — Fri, 02 May 2008 15:19:51 +0000

Task:

Perform network address translation on a client router and advertise the natted address into a routing protocol, so that it will show up in the connecting network’s routing table. Do not enable the routing protocol on the client network and don’t use the redistribute static command.

Solution:

!
! Advertise this loopback into a routing protocol
!
interface Loopback0
 description Loopback used for Nat
 ip address 192.168.120.50 255.255.255.255
!
! Local Client Network that needs to be natted
!
interface FastEthernet0
 description Customer Local Lan
 ip address 10.0.1.1 255.255.255.0
 ! This command goes on the network to be natted
 ip nat inside
!
!
interface Serial0
 encapsulation frame-relay IETF
!
! WAN sub-interface that connects lan to trusted network
!
interface Serial0.1 point-to-point
 description Wan PVC to Corporate Network
 ip address 172.31.1.2 255.255.255.252
 frame-relay interface-dlci 101
 ! This command goes on the interface that traffic will leave on
 ip nat outside
!
router eigrp 110
 !Enable EIGRP on Wan interface
 network 172.31.1.2 0.0.0.0
 !Put loopback into routing protcol, thus advertising it.
 network 192.168.120.50 0.0.0.0
 no auto-summary
!
! Nat everthing coming in on the interface marked 'inside' that
! matches access list 1 to the IP address assigned to Loopback0.
! Use the overload keyword to perform (one to many) Port address translation
ip nat inside source list 1 interface Loopback0 overload
!
! List of IP's that need to be natted to Loopback0's IP address
access-list 1 remark Hosts to Nat
access-list 1 permit 10.0.1.0 0.0.0.255

Configure VRRP

Scott Pilkinton — Thu, 01 May 2008 03:31:50 +0000

Task:

Configure VRRP on two routers, providing gateway redundancy for a network.

Solution:

!RouterA
!
! Interface configuration, change FastEthernet0/0 keyword as needed
interface FastEthernet0/0
!
! IP address configured on interface
ip address 10.0.0.2 255.255.255.0
!
! Enable VRRP using a group number of 1
vrrp 1 ip 10.0.0.1
!
! Make this router primary
vrrp 1 priority 254
!
! If a failover occurs to RouterB, make RouterA be primary again when it's back online
vrrp 1 preempt
!
! Router must have matching pw to going vrrp group
vrrp 1 authentication md5 key-string abcdefghijklmino

! RouterB
!
! Interface configuration, change FastEthernet0/0 keyword as needed
interface FastEthernet0/0
!
! IP address configured on interface
ip address 10.0.0.3 255.255.255.0
!
! Enable VRRP using a group number of 1
vrrp 1 ip 10.0.0.1
!
! Make this router primary
vrrp 1 priority 253
!
! If a failover occurs to RouterB, make RouterA be primary again when it's back online
vrrp 1 preempt
!
! Router must have matching pw to going vrrp group
vrrp 1 authentication md5 key-string abcdefghijklmino

Configure Basic SNMP

Scott Pilkinton — Wed, 23 Apr 2008 22:58:55 +0000

Task:

Configure SNMP on IOS device, allowing it to be managed by a network management station (NMS)

Solution:

!
!Define access-list containing IP addresses of NMS servers on the network
access-list 10 permit x.x.x.x
!
!Provide contact to call for device support
snmp-server contact Network Manager Phone and Email
!
!Provide physical location of device
snmp-server location East Street Nashville, TN
!
!Provide SNMP string for view only access to device
!Also configure access to only accept requests from hosts
!defined in access-list 10
snmp-server community secretstring RO 10
!
!Provide SNMP string for read/write access to device
!Also configure access to only accept requests from hosts
!defined in access-list 10
snmp-server community securestring RW 10
!
!Send device alerts to SNMP trap receiver
snmp-server host x.x.x.x version 2c receiverstring

AAA TACACS Basics

Scott Pilkinton — Sat, 12 Apr 2008 03:01:44 +0000

Task:

Configure IOS device for authentication to TACACS server for administrative logins.

Solution:

! Create a local user and password
username admin secret password
!
! Must enable AAA to configure TACACS+
aaa new-model
!
! Define the TACACS server IP address
tacacs-server host x.x.x.x key abcdefghijk
!
! Use default for any service that uses authentication
! and use local database if tacacs server is not available
aaa authentication login default group tacacs+ local
!
! Get user privileges from TACACS server and grant all
! privileges if TACACS is not available
aaa authorization exec default group tacacs+ none
!
! Log to TACACS logging
aaa accounting exec default start-stop group tacacs+

What are Xpressbits

Scott Pilkinton — Sat, 12 Apr 2008 03:00:31 +0000

Xpressbits are meant to be quick solutions for accomplishing specific tasks. The bits of information should help in quick configurations of various technologies. The items do not have much of an explanation to them and should be used under the premise that you already understand the technology and just need a quick reference to get all the needed commands for solving the challenge. In most cases, the configurations contained in a Xpressbit is meant to be used with only little modification before applying.