| IOS | JunOS | Purpose |
| clear counters | clear interface statistics | Clears the interface counters |
| clear arp-cache | clear arp | Clears the ARP cache |
| clear ip bgp | clear bgp neighbor | Clears all BGP sessions |
| clear ip bgp neighbor | clear bgp neighbor peer | Clears BGP session to a specifis neighbor |
| clock set | set date | Set the actual time |
| ping dest | ping dest rapid (for cisco like output) | Simple |
| ping (setting source int) | ping dest bypass-routing | Ping with specific source interface |
| reload | request system reboot | Reboot the system |
| send | request message | Send a message to other users |
| show arp | show arp | Shows ARP cache |
| show clns interface | show | Shows IS-IS information from participating interfaces |
| show clns neighbors | show | Shows ES-IS and IS-IS neighbors |
| show clock | show system uptime | Display current date |
| show controller interface | show interfaces interface extensive | Displays physical port informations |
| show diags | show chassis hardware | Displays hardware diagnostics and status |
| show environment all | show chassis environment | Infos about Voltage, Power consumption, Temperature,… |
| show history | show cli history | Shows recent entered commands |
| show interface interface | show interfaces interface detail | Shows interface configuration, counters and status |
| show interface description (newer IOS) | show interfaces description | Shows description, status and interface name |
| show ip bgp neighbor peer advertised-routes | show route advertising-protocol bgp peer | Shows whether a neighbor supports the route refresh capabilty |
| show ip bgp neighbors neigh received-routes | show route receive-protocol bgp peer | Shows whether a neighbor supports the route refresh capability |
| show ip bgp peer-group | show bgp group | Displays BGP informations about all peer-groups |
| show ip bgp peer-group group | show bgp group group | Displays BGP informations about a specific peer-group |
| show ip bgp network mask | show route protocol bgp prefix | BGP informations about a specific prefix |
| show ip bgp network mask longer-prefixes | show route range prefix | BGP informations about a specific prefix as well as longer prefixes |
| show ip bgp regexp regex | show route aspath-regexp “regex” | Shows routes matching AS path filter regex |
| show ip bgp summary | show bgp summary | Shows all BGP IPv4 neighbors |
| show ip interface brief | show interface terse | Displays IPv4 addresses per interface (in JunOS: IPv6 and ISO as well) |
| show ip ospf database | show ospf database | Shows the OSPF database |
| show ip ospf neighbor | show ospf neighbor | Displays all OSPF neighbors |
| show ip ospf interface | show ospf interface | Shows OSPF informations for the interface (e.g. state, dead time,…) |
| show ip route | show route | Displays the global routing table |
| show ip route | show isis routes / show route protocol | Display only IS-IS originated routes |
| show ip route ospf | show ospf route / show route protocol ospf | Display only OSPF originated routes |
| show ipv6 neighbors | show ipv6 neighbors | Display discovered IPv6 neighbors |
| show ipv6 route | show route table inet6.0 | Display IPv6 routing table |
| sh bgp ipv6 summary / show bgp ipv6 unicast | show bgp summary | Displays IPv6 BGP neighbors |
| show tcp brief | show system connection | Shows established TCP connections from/to router (BGP, SSH, Telnet,…) |
| show ip traffic | show system statistic | Shows infos about IP related traffic (BGP, EIGRP, PIM, ARP, ICMP) |
| show | show | Shows the resulting IS-IS topology table after spf calculation |
| show logging | show log messages | Shows infos about loghost (IOS only) and local buffered log file content |
| show processes cpu | show system process | Displays CPU utilization |
| show route-map | show policy | Shows all configured route-maps (JunOS also shows Prefix-Lists,…) |
| show route-map mapname | show policy name mapname | Shows content of route-map mapname |
| show running-config | show configuration | Displays the actual running-configuration |
| show users | show system users | Shows logged in users |
| show tech-support | request support info | Displays a lot of information. Often needed for TAC request. |
| show version | show version | Information about running software release (IOS also shows hardware infos) |
| terminal length 0 | set cli screen-length 0 | Continous output to terminal without more-breaks |
| terminal monitor | monitor start messages | Start logging to terminal (when connected remotely) |
| terminal no monitor | monitor stop | Stop logging to terminal (when connected remotely) |
| write erase / erase startup-config | load factory-default | Resets to factory defaults. IOS requires reload, JunOS needs a “commit” |
Wednesday, September 29, 2010
IOS JunOS
Thursday, September 9, 2010
Configure Router to be the CA Server
NTP configuration
Wednesday, September 8, 2010
IOS Firewall
FROM->INSIDE->TO->OUTSIDE
Allow TCP and UDP sessions initiated from the inside to the outside.
class-map type inspect match-any ALLOWED_TRAFFIC_CMAP
match protocol tcp
match protocol udp
match protocol icmp
policy-map type inspect INSIDE_TO_OUTSIDE_PMAP
class type inspect ALLOWED_TRAFFIC_CMAP
inspect class class-default
drop
zone-pair security INSIDE_TO_OUTSIDE source INSIDE destination OUTSIDE
service-policy type inspect INSIDE_TO_OUTSIDE_पम्प
FROM->OUTSIDE->TO->INSIDE
Permit HTTP and HTTPS access to an internal web server with the IP address of 183.X.46.100
ip access-list extended INSIDE_HTTP_SERVER_ACL
permit tcp any host 183.1.46.100 eq www
permit tcp any host 183.1.46.100 eq 443
class-map type inspect match-all INSIDE_HTTP_SERVER_CMAP
match access-group name INSIDE_HTTP_SERVER_ACL
match protocol tcp
policy-map type inspect OUTSIDE_TO_INSIDE_PMAP
class type inspect INSIDE_HTTP_SERVER_CMAP
inspect class class-default
drop
zone-pair security OUTSIDE_TO_INSIDE source OUTSIDE destination INSIDE
service-policy type inspect OUTSIDE_TO_INSIDE_PMAP
Thursday, August 26, 2010
videos to help
Chris Bryant: Chris Bryant has helped me along my journey with his famous Train Signal training videos. He is CCIE #12933 and really knows his stuff backwards and forwards.http://www.youtube.com/user/ccie12933
Steve Bowler: Steve demonstrates some great concepts and topologies using GNS3.http://www.youtube.com/user/bowlerspTake some time and go through these videos, as they present some extremely important concepts.
Monday, August 9, 2010
Port-to-Application Mapping (PAM)
PAM establishes a table of default port-to-application mapping information at the firewall.
How PAM Works
PAM generates a table of information that identifies specific applications with specific TCP or UDP port information. When the firewall router first starts up, the PAM table is populated with system-defined mapping information. As you customize the mapping information, the PAM table is modified with the new information. The information in the PAM table serves as the default port mapping for traffic passing through the firewall.
The port mapping information in the PAM table is one of three types:
· System defined
· User defined
System-Defined Port
Initially, PAM creates a set of system-defined entries in the mapping table using well-known or registered port mapping information set up during the system startup. The Cisco IOS Firewall CBAC feature requires the system-defined mapping information to function properly. The system-defined mapping information can’t be deleted or changed. It isn’t possible to assign an application to an existing system-defined mapping, such as attempting to map HTTP services to port 25 (SMTP). The following table shows the well-known or registered port mapping information.
| Application Name | Registered Port Number | Protocol Description |
| Cuseeme | 7648 | CU-SeeMe Protocol |
| Exec | 512 | Remote process execution |
| ftp | 21 | File Transfer Protocol (control port) |
| http | 80 | Hypertext Transfer Protocol |
| h323 | 1720 | H.323 Protocol (such as MS NetMeeting and Intel Video Phone) |
| login | 513 | Remote login |
| msrpc | 135 | Microsoft Remote Procedure Call |
| netshow | 1755 | Microsoft NetShow |
| real-audio-video | 7070 | RealAudio and RealVideo |
| smtp | 25 | Simple Mail Transfer Protocol |
| sql-net | 1521 | SQL-NET |
| streamworks | 1558 | StreamWorks Protocol |
| sunrpc | 111 | SUN Remote Procedure Call |
| tftp | 69 | Trivial File Transfer Protocol |
| vdolive | 7000 | VDOLive Protocol |
User-Defined Port
Network applications that use nonstandard ports require user-defined entries in the mapping table. Use the Global Configuration Mode command ip port-map to create user-defined entries ports to application mapping. Use the no form of the command to delete user-defined PAM entries. The command can’t be used to change system-defined port mappings.
The syntax is
Rtr1(config)#ip port-map appl-name port port-num [list acl#]
Rtr1(config)#no ip port-map appl-name port port-num [list acl#]
| appl-name | The name of the application with which to apply the port mapping |
| port | Indicates a port number maps to the application |
| port-num | Port number (1 to 65535) |
| list | The port mapping information applies to a specific host or subnet |
| acl# | Standard ACL number used to identify the host(s) or subnet(s) |
This command was introduced in IOS 12.0(5)T. No default values.
This example shows PAM entries that define a range of nonstandard ports for HTTP services.
Rtr1(config)#ip port-map http port 8000
Rtr1(config)#ip port-map http port 8001
Rtr1(config)#ip port-map http port 8002
Host-Specific Port
User-defined entries in the mapping table can include host-specific mapping, which establishes port mapping information for specific hosts or subnets. In some situations, it might be necessary to override the default port mapping information for a specific host or subnet, including a system-defined default port mapping information. Use the list option for the ip port-map command to specify an ACL for a host or subnet that uses PAM.
In this example, a specific host uses port 8000 for FTP services. ACL 1 identifies the server address (192.168.0.100), while port 8000 is mapped with FTP services:
Rtr1(config)#access-list 1 permit 192.168.0.100
Rtr1(config)#ip port-map ftp port 8000 list 1
In the next example, the same port number is required by different services running on different hosts. Port 8000 is required for FTP services by host 192.168.0.100, while port 8000 is required for HTTP services by host 192.168.0.175. ACL 10 and ACL 2 identify the specific hosts, while PAM maps the ports with the services for each ACL.
Rtr1(config)#access-list 1 permit 192.168.0.100
Rtr1(config)#access-list 2 permit 192.168.0.175
Rtr1(config)#ip port-map ftp port 8000 list 1
Rtr1(config)#ip port-map http port 8000 list 2
Verify Port to Application Mapping
Use the Privileged EXEC Mode command show ip port-map to display the Port to Application Mapping (PAM) information. This command displays the port mapping information at the firewall, including the system-defined and user-defined information. Include the application name to display only the entries for that application. Include the port number to display only the entries for that port.
The syntax is
Rtr1#show ip port-map [appl-name | port port-num]
This command was introduced in IOS 12.0(5)T.
The following example shows the port mapping information for FTP services:
Rtr1#show ip port-map ftp
Default mapping: ftp port 21 system defined
Host specific: ftp port 1250 in list 1 user definedFor more information Check the below linkshttp://www.wr-mem.com/?p=86http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter09186a00800ca7c8.html