Below shows the basic minimal configuration for create a Trunk Port. This will allow all VLANs to be sent (still VLAN tagged) out of fast ethernet 0/11. (config)#Int fast0/11(config-if)#switchport mode trunk(config-if)#switchport trunk encapsulation dot1q
A DTE (Date Terminating Equipment) cable is the normal cable you should use. Being DTE you should expect the other end to provide clocking.A DCE (Data Communication Equipment) means that this device must provide the clocking on the wire. If your device is the DCE, you must provide clocking using the clock rate command.
The Cisco Discovery Protocol (CDP) is a proprietary layer 2 network protocol developed by Cisco Systems that runs on most Cisco equipment and is used to share information about other directly connected Cisco equipment such as the operating system version and IP address. Globally (config)# cdp run(config)# no cdp run Interface To disable, (config-if)# no … Read more
Use the following commands to dictate which interface should be defined as the inside and outside. (config)access-list 1 permit 10.10.0.0 0.0.0.255 (config)#ip nat inside source list 1 interface FastEthernet0/0 overload Show/Debug Commands show ip nat translations debug ip nat no debug all
When using a “inspect policy map” you need to add it to a “standard policy-map” to allow you to add it to the service policy.For each policy map there would be a class map, the inspect would match the FTP command, and then use the classmap “inspection-default” in the standard policy map. Running Config policy-map … Read more
Below shows the configuration syntax for configuring a Site to Site VPN on a Cisco PIX firewall. Configuration (config)#isakmp enable outside(config)#isakmp policy 10(config-isakmp-policy)# encryption aes-256(config-isakmp-policy)# hash sha(config-isakmp-policy)# authentication pre-share(config-isakmp-policy)# group 1(config-isakmp-policy)# lifetime 86400(config)#isakmp key shabba address 1.1.1.1 netmask 255.255.255.255 no-xauth(config)#access-list ED permit ip 172.16.1.0 255.255.255.0 172.16.5.0 255.255.255.0(config)#access-list nonat permit ip 172.16.1.0 255.255.255.0 172.16.5.0 255.255.255.0(config)#nat (inside) … Read more
Below shows 2 examples of a Remote Access configuration on version 6.x and 7.x of the Cisco PIX firewall. 6.x (config)#username 123 password 123(config)#isakmp enable outside(config)#ip local pool VPNIP 10.0.10.10-10.0.10.20 mask 255.255.255.0(config)#isakmp policy 1 authentication pre-share(config)#isakmp policy 1 encryption 3des(config)#isakmp policy 1 hash sha(config)#isakmp policy 1 group 2(config)#isakmp policy 1 lifetime 43200 (config)# crypto ipsec … Read more
Below are the steps involved in configuring protocol handling, Create the class-map – Tell the class-map which traffic to match Create Policy-map – Assign class-map to policy map. Tell the class-map what to do to the matched traffic Assign policy map globally or to interface Below will inspect http traffic on port 801 using, and … Read more
Below shows you the commands for creating a read only account on a Cisco PIX firewall. hostname(config)# username client password 123 privilege 5hostname(config)# privilege show level 5 command running-confighostname(config)# privilege show level 5 command startup-confighostname(config)# privilege show level 5 command access-listhostname(config)#aaa authentication ssh console LOCAL
Below shows you a basic access-list configuration. R3>enableR3#configure terminalR3(config)#access-list 56 permit 192.12.10.3R3(config)#access-list 56 deny 192.12.10.0 0.0.0.255R3(config)#access-list 56 permit anyR3(config)#interface serial 0R3(config-if)#ip access-group 56 inR3(config-if)#exitR3(config)#exit