Tuesday, March 31, 2015

SNMPv3 inTroDuction and Configuration (CCNP)

                     SNMP {Simple Network Management Protocol}

Ø  Used to communicate between a Network Management System(NMS) and managed devices(e.g. PCs, routers, or switches)

Ø  A protocol used to monitor , configure and receive alerts from managed network devices




SNMPv3 Terms:-
Ø  SNMP View:-define the what you able to see on cisco device
Ø  SNMP Group:- we associate the view with group that identify the type of access  like read-only or read-write and also what kind of security of enabled
Ø  SNMP user:- we associate that with user that defined the what the username is what the password

Internet (ISP) interfaces Configuration
Ø  internet(config)#interface serial 1/0
Ø  internet(config-if)#description CONNECTED WITH R1
Ø  internet(config-if)#ip address 100.100.100.1 255.255.255.252
Ø  internet(config-if)#clock rate 64000
Ø  internet(config-if)#no shut
Ø  internet(config-if)#exit


Ø  internet(config)#ip route 192.168.2.0 255.255.255.0 serial1/0

Ø  R1(config)#interface Serial2/0
Ø  R1(config-if)#description CONNECTED WITH INTERNET
Ø  R1(config-if)#ip address 100.100.100.2 255.255.255.252
Ø  R1(config-if)#no shut
Ø  R1(config-if)#exit

Ø  R1(config)#interface Ethernet1/1
Ø  R1(config-if)# description CONNECTED WITH SW1
Ø  R1(config-if)# ip address 192.168.2.1 255.255.255.0
Ø  R1(config-if)#no shut
Ø  R1(config-if)#exit

SNMPv3 Configuration:-
Ø  R1(config)#snmp-server view FULL-ACCESS iso included
ü  view:- Define an SNMP MIB view
ü  FULL-ACCESS: - Name of the view
ü  iso:- MIB view family name (meaning Full Access)
ü  included:- MIB family is excluded from the view

Ø  R1(config)#snmp-server group CCNP-GROUP v3 priv match exact write FULL-ACCESS
ü  group:- Define a User Security Model group
ü  CCNP-GROUP: - Name of the group
ü  v3:- group using the User Security Model (SNMPv3)
ü  priv:- using authentication and encryption security level
ü  write:- specify a write access for the group

Ø  R1(config)#snmp-server user SHUBHAM CCNP-GROUP v3 auth sha cisco123 priv des56 cisco12345
ü  SHUBHAM: - username which we authenticate
ü  CCNP-GROUP: - Group to which the user belongs
ü  v3:- user using the v3 security model
ü  auth:- authentication parameters for the user
ü   sha:- Use HMAC SHA algorithm for authentication
ü  cisco123:- authentication password for user
ü  priv:- encryption parameters for the user
ü  des56:- Use 56 bit DES algorithm for encryption
ü  cisco12345:- privacy password for user

Troubleshooting & Verification Commands:-
Ø    show ip route
Ø    show ip interface brief
Ø    show snmp                          {shows the snmp statistics}


ü  To Monitor the Router through SNMP
ü  Download PRTG (trial 30 days) Software to monitor the Router

Click Here To Download The PDF File
Read More

Tuesday, March 24, 2015

Policy-Based Routing IP-SLA (Part-2 CCNP)




Ø  SLA Stands for Service Level Agreement
Ø  Allow us to understand the health of  the network along with particular route
Ø  Also allow us to automatically forwards the traffic if one ISP is down to other ISP if we have redundant ISP Connections
Ø  In this scenario we have two ISP Connection coming to our Enterprise Network

1st Step: - IP-SLA Configuration:-
Ø  Ping 200.200.200.1                            {ISP1}
Ø  Ping 200.200.200.5                {ISP2}     {Check the connectivity}

Ø  R1(config)#ip sla 1                                                         {1:- SLA entry Number}
Ø  R1(config-ip-sla)#icmp-echo 200.200.200.1           {ISP1 ip address}
Ø  R1(config-ip-sla-echo)#timeout 200                      {milliseconds}
Ø  R1(config-ip-sla-echo)#frequency 1                       {Second}
Ø  R1(config-ip-sla-echo)#threshold 300                   {milliseconds}
Ø  R1(config-ip-sla-echo)#exit
ü  200.200.00.1:- What is IP address we wana ping
ü  icmp-echo: - Using Ping
ü  Timeout:-how long we wana wait for Ping response back {or consider ping lost}
ü  Frequency:-how many seconds we sending the ping
ü  Threshold:-how long until we consider that device down
2nd Step:- Now Start the SLA
Ø  R1(config)#ip sla schedule 1 start-time now life forever
ü  1:-SLA entry number
3rd Step: - To Make Routing Decision Respond to the SLA {entry or probe}
Ø  R1(config)#track 1 rtr 1
Ø  R1(config-track)#exit
ü  1:-Track Object number
ü  rtr:- Response Time Reporter (RTR) Previous name of IP-SLA
ü  1:- entry number

Track object take the SLA entry and essentially says the ip address/interface is up or down
4th Step:- Now attach the Track object to our Static routes
Ø  R1(config)#ip route 0.0.0.0 0.0.0.0 200.200.200.1 track 1     
ü  Primary Routes from ISP1
ü  Track 1:- Track object number

Ø  R1(config)#ip route 0.0.0.0 0.0.0.0 200.200.200.5 10       
ü  10 :- Administrative distance      
ü  Backup Route from ISP2
Troubleshooting & Verification Commands:-
Ø  R1#show ip sla statistics
Ø  R1#show track
Ø  R1#show ip route
Now Test
Ø  Shutdown the ISP1 serial interface
Ø  Automatically all the traffic goes to ISP2
After no shut

Ø  And all traffic goes to ISP

Click Here To Download The PDF File

Read More

Policy-Based Routing {Part-1 CCNP}

Policy-Based Routing


Introduction:-
Ø  Is a most powerful feature you have available to you to direct traffic moving to your cisco router
Ø  Process applied to ingress interface of a router which override’s the normal routing process

Objectives:-
Ø  PC1 surfs the internet all day doing nothing productive. All traffic from this PC should route out ISP, which is a slower internet connection. If ISP2 is down, PC1 should not be able to access the internet
Ø  PC2 handles sophisticated transactions. Both Telnet and HTTPS traffic should route towards ISP1, which is the more reliable connections. All other traffic from PC2 should router out ISP2
Ø  Traffic from other clients (not shown in this diagram) should route out ISP2.

Testing:-
Ø  Telnet from PC1 to ISP2 (200.200.200.5). This session should be connect to the ISP Router
Ø  Verify the traffic by using “show route-map” command on the R1.
Ø  Performing the telnet session to ISP1(200.200.200.1) should fail (Simply because ISP1 and ISP2 have no knowledge of each other)
Ø  Telnet from PC2 to ISP1 (200.200.200.1} .Both session should connect

v  Router1 interfaces Configuration
Ø  interface FastEthernet0/0
Ø   description CONNECTED WITH SW1
Ø   ip address 192.168.2.1 255.255.255.0
Ø  no shut

Ø  interface Serial1/0
Ø   description CONNECTED WITH ISP1
Ø   ip address 200.200.200.2 255.255.255.252
Ø  no shut

Ø  interface Serial1/1
Ø   description CONNECTED WITH ISP2
Ø   ip address 200.200.200.6 255.255.255.252
Ø  no shut

ISP1 (actually a routers} interfaces configuration
Ø  interface Serial1/0
Ø   description CONNECTED WITH R1
Ø   ip address 200.200.200.1 255.255.255.252
Ø  clock rate 64000
Ø  no shut

Ø  ip route 192.168.2.0 255.255.255.0 200.200.200.2         {for connecting R1 internal network}

ISP2 (actually a routers} interfaces configuration
Ø  interface Serial1/1
Ø   description CONNECTED WITH R1
Ø   ip address 200.200.200.5 255.255.255.252
Ø  clock rate 64000
Ø  no shut

Ø  ip route 192.168.2.0 255.255.255.0 200.200.200.6                  {for connecting R1 internal network}
First all the Devices ping each other But ISP1 and ISP2 do not ping each other

Create an access-list for permit PC1 and PC2 traffic
Ø  access-list 10 permit 192.168.2.50                                                      {Permit PC1}
Ø  access-list 120 permit tcp host 192.168.2.100 any eq 443             {Permit PC2 https}
Ø  access-list 120 permit tcp host 192.168.2.100 any eq telnet          {Permit PC2 telnet}

Now Implement the ACL into Route-map
Ø  route-map POLICY-DEMO permit 10     {POLICY-DEMO:- route-map name}
Ø   match ip address 10                                 {Match PC1 ACL 10}
Ø   set ip next-hop 200.200.200.5               {Set ISP2}

Ø  route-map POLICY-DEMO permit 20      
Ø   match ip address 120                                  {Match PC2 ACL 120}
Ø   set ip next-hop 200.200.200.1                  {Set ISP2 for Telnet & https}

Ø  route-map POLICY-DEMO permit 30        
Ø   set ip next-hop 200.200.200.5                 {Permit PC2 and All Traffic to ISP2}

Apply Route-map into R1 Fastethernet interface
Ø  interface FastEthernet0/0
Ø   description CONNECTED WITH SW1
Ø   ip policy route-map POLICY-DEMO            {filter the incoming traffic from internal networks}

Troubleshooting & Verification Commands
Ø  Show ip route
Ø  Show ip interface brief
Ø  Show access-list
Ø  Show route-map
Ø  Debug ip policy


Now Test




Click Here To Download The PDF File

Read More
© 2012 Best Cisco CCNA CCNP and Linux/CentOS PDF Notes
Designed By Shubham Kumar