Friday 26 October 2012

Retrieve Cisco Config with wget

On the router or switch:

 #conf t
#ip http server
#ip http authentication local
#username cisco priv 15 pass cisco

Then on your PC:

wget --user cisco --password cisco http://192.168.0.1/level/15/exec/show/running-config/view/full  -O cisco-config.txt
(substitute your IP address for 192.168.0.1). 

 Show Tech-support:

 wget --user cisco --password cisco http://192.168.0.1/level/15/exec/show/tech-support/CR  -O show-tech.txt
Posted by at No comments:

PPP Multilink


username R2 password 0 cisco
! Configure a user account with the hostname of the peer and a matching password
interface Multilink1
 ip address 1.1.1.1 255.255.255.252
 ppp multilink
 ppp multilink group 1
!
interface Serial0/1
 no ip address
 encapsulation ppp
 clock rate 2000000
 ppp authentication chap
 ppp multilink
 ppp multilink group 1
!
interface Serial0/2
 no ip address
 encapsulation ppp
 clock rate 2000000
 ppp authentication chap
 ppp multilink
 ppp multilink group 1

=====================

username R1 password 0 cisco
!
interface Multilink1
 ip address 1.1.1.2 255.255.255.252
 ppp multilink
 ppp multilink group 1
!
interface Serial0/1
 no ip address
 encapsulation ppp
 clock rate 2000000
 ppp authentication chap
 ppp multilink
 ppp multilink group 1
!
interface Serial0/2
 no ip address
 encapsulation ppp
 clock rate 2000000
 ppp authentication chap
 ppp multilink
 ppp multilink group 1

=====================


R1#show ppp multilink

Multilink1, bundle name is R2
  Username is R2
  Endpoint discriminator is R2
  Bundle up for 00:01:29, total bandwidth 4632, load 1/255
  Receive buffer limit 36000 bytes, frag timeout 1000 ms
    0/0 fragments/bytes in reassembly list
    0 lost fragments, 0 reordered
    0/0 discarded fragments/bytes, 0 lost received
    0x4 received sequence, 0x9 sent sequence
  Member links: 2 active, 0 inactive (max not set, min not set)
    Se0/1, since 00:01:29
    Se0/2, since 00:01:29
No inactive multilink interfaces


R2#show interface multilink1
Multilink1 is up, line protocol is up
  Hardware is multilink group interface
  Internet address is 1.1.1.2/30
  MTU 1500 bytes, BW 3088 Kbit/sec, DLY 100000 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation PPP, LCP Open, multilink Open
  Open: IPCP, CDPCP, loopback not set
  Keepalive set (10 sec)
  DTR is pulsed for 2 seconds on reset
  Last input 00:00:52, output never, output hang never
  Last clearing of "show interface" counters 00:36:36
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     1071 packets input, 117686 bytes, 0 no buffer
     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     1078 packets output, 132324 bytes, 0 underruns
     0 output errors, 0 collisions, 5 interface resets
     0 unknown protocol drops
     0 output buffer failures, 0 output buffers swapped out

#debug ppp authentication
Posted by at No comments:

Thursday 25 October 2012

Switch Based Access Control

  • Control access to and from devices in the same VLAN using MAC address:
#conf t
#vlan access-map MAC_DENY 10
#action drop
#match mac address MAC_DENY_ACL

 #mac access-list extended MAC_DENY_ACL
#permit host 0000.0000.0001 host 0000.0000.0002

 #vlan filter MAC_DENY vlan-list 100

 This means traffic from 0000.0000.0001 to 0000.0000.0002 will be dropped in VLAN 100
  • Control access to and from devices in the same VLAN using IP address:
#conf t

#vlan access-map IP_DENY 10
#action drop
#match ip address 150

 #access-list 150 permit ip host 192.168.199.1 host 192.168.199.2

 #vlan filter IP_DENY vlan-list 100

 This means traffic from 192.168.199.1 to  192.168.199.2 will be dropped in VLAN 100
Posted by at No comments:
Subscribe to: Posts (Atom)