| IOS | JunOS | Purpose |
| clear counters | clear interface statistics | Clears the interface counters |
| clear arp-cache | clear arp | Clears the ARP cache |
| clear ip bgp | clear bgp neighbor | Clears all BGP sessions |
| clear ip bgp neighbor | clear bgp neighbor peer | Clears BGP session to a specifis neighbor |
| clock set | set date | Set the actual time |
| ping dest | ping dest rapid (for cisco like output) | Simple |
| ping (setting source int) | ping dest bypass-routing | Ping with specific source interface |
| reload | request system reboot | Reboot the system |
| send | request message | Send a message to other users |
| show arp | show arp | Shows ARP cache |
| show clns interface | show | Shows IS-IS information from participating interfaces |
| show clns neighbors | show | Shows ES-IS and IS-IS neighbors |
| show clock | show system uptime | Display current date |
| show controller interface | show interfaces interface extensive | Displays physical port informations |
| show diags | show chassis hardware | Displays hardware diagnostics and status |
| show environment all | show chassis environment | Infos about Voltage, Power consumption, Temperature,… |
| show history | show cli history | Shows recent entered commands |
| show interface interface | show interfaces interface detail | Shows interface configuration, counters and status |
| show interface description (newer IOS) | show interfaces description | Shows description, status and interface name |
| show ip bgp neighbor peer advertised-routes | show route advertising-protocol bgp peer | Shows whether a neighbor supports the route refresh capabilty |
| show ip bgp neighbors neigh received-routes | show route receive-protocol bgp peer | Shows whether a neighbor supports the route refresh capability |
| show ip bgp peer-group | show bgp group | Displays BGP informations about all peer-groups |
| show ip bgp peer-group group | show bgp group group | Displays BGP informations about a specific peer-group |
| show ip bgp network mask | show route protocol bgp prefix | BGP informations about a specific prefix |
| show ip bgp network mask longer-prefixes | show route range prefix | BGP informations about a specific prefix as well as longer prefixes |
| show ip bgp regexp regex | show route aspath-regexp “regex” | Shows routes matching AS path filter regex |
| show ip bgp summary | show bgp summary | Shows all BGP IPv4 neighbors |
| show ip interface brief | show interface terse | Displays IPv4 addresses per interface (in JunOS: IPv6 and ISO as well) |
| show ip ospf database | show ospf database | Shows the OSPF database |
| show ip ospf neighbor | show ospf neighbor | Displays all OSPF neighbors |
| show ip ospf interface | show ospf interface | Shows OSPF informations for the interface (e.g. state, dead time,…) |
| show ip route | show route | Displays the global routing table |
| show ip route | show isis routes / show route protocol | Display only IS-IS originated routes |
| show ip route ospf | show ospf route / show route protocol ospf | Display only OSPF originated routes |
| show ipv6 neighbors | show ipv6 neighbors | Display discovered IPv6 neighbors |
| show ipv6 route | show route table inet6.0 | Display IPv6 routing table |
| sh bgp ipv6 summary / show bgp ipv6 unicast | show bgp summary | Displays IPv6 BGP neighbors |
| show tcp brief | show system connection | Shows established TCP connections from/to router (BGP, SSH, Telnet,…) |
| show ip traffic | show system statistic | Shows infos about IP related traffic (BGP, EIGRP, PIM, ARP, ICMP) |
| show | show | Shows the resulting IS-IS topology table after spf calculation |
| show logging | show log messages | Shows infos about loghost (IOS only) and local buffered log file content |
| show processes cpu | show system process | Displays CPU utilization |
| show route-map | show policy | Shows all configured route-maps (JunOS also shows Prefix-Lists,…) |
| show route-map mapname | show policy name mapname | Shows content of route-map mapname |
| show running-config | show configuration | Displays the actual running-configuration |
| show users | show system users | Shows logged in users |
| show tech-support | request support info | Displays a lot of information. Often needed for TAC request. |
| show version | show version | Information about running software release (IOS also shows hardware infos) |
| terminal length 0 | set cli screen-length 0 | Continous output to terminal without more-breaks |
| terminal monitor | monitor start messages | Start logging to terminal (when connected remotely) |
| terminal no monitor | monitor stop | Stop logging to terminal (when connected remotely) |
| write erase / erase startup-config | load factory-default | Resets to factory defaults. IOS requires reload, JunOS needs a “commit” |
Wednesday, September 29, 2010
IOS JunOS
Thursday, September 9, 2010
Configure Router to be the CA Server
Configure Router to be a CA server to automatically grant certificates using the following parameters :
RSA key size: 512 Bits
Key Label: CA-CCIE
Any Passphrase: CCIESEC3
Encryption: 3DES
Key Location: NVRAM
Issure Name: CN=CA-CCIE.Cisco.com L=ND C=IN
IOS SERVER CONFIGURATION:
note: Ensure your router clock is sync with all routers
!
ip domain-name cisco.com
!
crypto key generate rsa general-keys label CA-CCIE exportable
crypto key export rsa CA-CCIE pem url nvram 3des CCIESEC3
!
ip http server
!
crypto pki server CA-CCIE
database url nvram:
issuer-name CN=CA-CCIE.Cisco.com L=ND C=IN
grant auto
no shut
ENROLL A ROUTER (client) TO CA SERVER
!
ip domain-name cisco.com
!
crypto key generate rsa
!
crypto ca trustpoint CA-CCIE
enrollment url http://150.1.5.5:80
revocation-check none
!
crypto ca authenticate CA-CCIE
!
crypto ca enroll CA-CCIE
password:CCIESEC3
re-enter password:CCIESEC3
DOC-CD
Technology
+ Security and VPN
+ IPSec Negotiation/IKE Protocols
+ Configuration Examples and TechNotes
+Dynamic LAN-to-LAN VPN between Cisco IOS Routers Using IOS CA on the Hub Configuration Example
NTP configuration
Make Router as NTP server
router(config)# ntp master
router(config)# ntp source loopback 0
router(config)#clock timezone IST 5 30
Configure a router as NTP client
router1(config)# ntp server 150.1.5.5
DOC-CD details
Configuration guides
Cisco IOS Network Management Configuration Guide, Release 12.4T
+ Basic System Management
+ Performing Basic System Management
Wednesday, September 8, 2010
IOS Firewall
2.1 Zone-Based Firewall
FROM->INSIDE->TO->OUTSIDE
Allow TCP and UDP sessions initiated from the inside to the outside.
class-map type inspect match-any ALLOWED_TRAFFIC_CMAP
match protocol tcp
match protocol udp
match protocol icmp
policy-map type inspect INSIDE_TO_OUTSIDE_PMAP
class type inspect ALLOWED_TRAFFIC_CMAP
inspect class class-default
drop
zone-pair security INSIDE_TO_OUTSIDE source INSIDE destination OUTSIDE
service-policy type inspect INSIDE_TO_OUTSIDE_पम्प
FROM->OUTSIDE->TO->INSIDE
Permit HTTP and HTTPS access to an internal web server with the IP address of 183.X.46.100
ip access-list extended INSIDE_HTTP_SERVER_ACL
permit tcp any host 183.1.46.100 eq www
permit tcp any host 183.1.46.100 eq 443
class-map type inspect match-all INSIDE_HTTP_SERVER_CMAP
match access-group name INSIDE_HTTP_SERVER_ACL
match protocol tcp
policy-map type inspect OUTSIDE_TO_INSIDE_PMAP
class type inspect INSIDE_HTTP_SERVER_CMAP
inspect class class-default
drop
zone-pair security OUTSIDE_TO_INSIDE source OUTSIDE destination INSIDE
service-policy type inspect OUTSIDE_TO_INSIDE_PMAP
FROM->INSIDE->TO->OUTSIDE
Allow TCP and UDP sessions initiated from the inside to the outside.
class-map type inspect match-any ALLOWED_TRAFFIC_CMAP
match protocol tcp
match protocol udp
match protocol icmp
policy-map type inspect INSIDE_TO_OUTSIDE_PMAP
class type inspect ALLOWED_TRAFFIC_CMAP
inspect class class-default
drop
zone-pair security INSIDE_TO_OUTSIDE source INSIDE destination OUTSIDE
service-policy type inspect INSIDE_TO_OUTSIDE_पम्प
FROM->OUTSIDE->TO->INSIDE
Permit HTTP and HTTPS access to an internal web server with the IP address of 183.X.46.100
ip access-list extended INSIDE_HTTP_SERVER_ACL
permit tcp any host 183.1.46.100 eq www
permit tcp any host 183.1.46.100 eq 443
class-map type inspect match-all INSIDE_HTTP_SERVER_CMAP
match access-group name INSIDE_HTTP_SERVER_ACL
match protocol tcp
policy-map type inspect OUTSIDE_TO_INSIDE_PMAP
class type inspect INSIDE_HTTP_SERVER_CMAP
inspect class class-default
drop
zone-pair security OUTSIDE_TO_INSIDE source OUTSIDE destination INSIDE
service-policy type inspect OUTSIDE_TO_INSIDE_PMAP
Subscribe to:
Posts (Atom)