Lab Challenge: Reload Router By Telnet

Wednesday, June 2, 2010
Here's a little challenge, I thought of this during my train trip when I was going home this evening. This should be pretty easy. Consider the diagram below and the scenario.




Configure a default route from R1 pointing to R2's ip address. The challenge is to reboot R1 from a telnet command from R3 without typing the command "reload".  R3 should not telnet directly to 12.12.12.1 but instead it should telnet 23.23.23.2 port 3000 to get to 12.12.12.1 port 3005. R1 should automatically ask to proceed to reboot and not ask for username/password once the telnet from R3 is executed.


I believe this should be pretty easy for everyone. Let me know your thoughts on how to solve this challenge. I will post a blog entry regarding this for the next post. For now I need to get back to the belly of the IOS beast. Cheers!
Posted by Pete at 6:33 AM 0 comments
Labels:

Broadcast/Network Ping

Saturday, May 29, 2010
If you want to ping several devices in a single broadcast domain for example, hosts on a particular subnet, you don't have to ping one device at a time. You can simply ping the subnet broadcast or network address like in the example below.


R1#ping 10.1.1.255 

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.255, timeout is 2 seconds:

Reply to request 0 from 10.1.1.2, 80 ms
Reply to request 0 from 10.1.1.3, 80 ms
Reply to request 0 from 10.1.1.4, 80 ms
Reply to request 1 from 10.1.1.4, 52 ms
Reply to request 1 from 10.1.1.2, 52 ms
Reply to request 1 from 10.1.1.3, 52 ms
Reply to request 2 from 10.1.1.3, 84 ms
Reply to request 2 from 10.1.1.4, 84 ms
Reply to request 2 from 10.1.1.2, 84 ms
Reply to request 3 from 10.1.1.2, 20 ms
Reply to request 3 from 10.1.1.4, 20 ms
Reply to request 3 from 10.1.1.3, 20 ms
Reply to request 4 from 10.1.1.3, 16 ms
Reply to request 4 from 10.1.1.4, 16 ms
Reply to request 4 from 10.1.1.2, 16 ms

R1#ping 10.1.1.0 

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.0, timeout is 2 seconds:

Reply to request 0 from 10.1.1.4, 84 ms
Reply to request 0 from 10.1.1.2, 112 ms
Reply to request 0 from 10.1.1.3, 84 ms
Reply to request 1 from 10.1.1.2, 72 ms
Reply to request 1 from 10.1.1.3, 72 ms
Reply to request 1 from 10.1.1.4, 72 ms
Reply to request 2 from 10.1.1.4, 68 ms
Reply to request 2 from 10.1.1.2, 68 ms
Reply to request 2 from 10.1.1.3, 68 ms
Reply to request 3 from 10.1.1.3, 64 ms
Reply to request 3 from 10.1.1.4, 64 ms
Reply to request 3 from 10.1.1.2, 64 ms
Reply to request 4 from 10.1.1.4, 72 ms
Reply to request 4 from 10.1.1.3, 72 ms
Reply to request 4 from 10.1.1.2, 72 ms

Or if you want to check if all links are up connected to a Single Device, you can do the following.. These works also for all kinds of WAN links.


R1#ping 255.255.255.255 rep 1

Type escape sequence to abort.
Sending 1, 100-byte ICMP Echos to 255.255.255.255, timeout is 2 seconds:

Reply to request 0 from 15.15.15.5, 16 ms
Reply to request 0 from 10.1.1.4, 16 ms
Reply to request 0 from 10.1.1.3, 16 ms
Reply to request 0 from 10.1.1.2, 16 ms

This can be used specially in the CCIE to verify if the interfaces are up. I am sure that everybody who reads this already know this stuff when they started with their CCNA's, on the second thought perhaps there are some who don't. Let me know if there are people who just knew this now and I'll be pretty much surprised.
Posted by Pete at 3:03 AM 0 comments
Labels:

IPSEC VPN

Monday, August 24, 2009
R1(config)#access-list 100 permit ip host 1.1.1.1 host 2.2.2.2
R2(config)#access-list 100 permit ip host 2.2.2.2 host 1.1.1.1

R1(config)#crypto isakmp key 0 myvpnrouter address 192.168.20.1
R2(config)#crypto isakmp key 0 myvpnrouter address 192.168.10.1

R1(config-isakmp)#crypto isakmp policy 10
R1(config-isakmp)#group 2
R1(config-isakmp)#hash md5
R1(config-isakmp)#lifetime 28800
R1(config-isakmp)#encryption aes
R1(config-isakmp)#authentication pre-share

R2(config-isakmp)#crypto isakmp policy 10
R2(config-isakmp)#group 2
R2(config-isakmp)#hash md5
R2(config-isakmp)#lifetime 28800
R2(config-isakmp)#encryption aes
R2(config-isakmp)#authentication pre-share

R1(config)#crypto ipsec transform-set TRANSFORMERS esp-3des esp-sha-hmac
R1(config)#crypto ipsec security-association lifetime seconds 28800
R2(config)#crypto ipsec transform-set TRANSFORMERS esp-3des esp-sha-hmac
R2(config)#crypto ipsec security-association lifetime seconds 28800

R1(config)#crypto map MYMAP 10 ipsec-isakmp
% NOTE: This new crypto map will remain disabled until a peer
        and a valid access list have been configured.
R1(config-crypto-map)#match address 100
R1(config-crypto-map)#description to R2
R1(config-crypto-map)#set transform-set TRANSFORMERS
R1(config-crypto-map)#set peer 192.168.20.1
R1(config-crypto-map)#set security-association lifetime seconds 28800

R2(config)#crypto map MYMAP 10 ipsec-isakmp
 % NOTE: This new crypto map will remain disabled until a peer
         and a valid access list have been configured.
R2(config-crypto-map)#match address 100
R2(config-crypto-map)#description to R1
R2(config-crypto-map)#set transform-set TRANSFORMERS
R2(config-crypto-map)#set peer 192.168.10.1
R2(config-crypto-map)#set security-association lifetime seconds 28800


R1(config)#int se1/1
R1(config-if)#crypto map MYMAP
R1(config-if)#
*Jul 11 13:05:47.007: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is ON

R2(config)#int se1/2
R2(config-if)#crypto map MYMAP
R2(config-if)#
*Jul 11 13:05:47.007: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is ON

R1(config)#ip route 0.0.0.0 0.0.0.0 192.168.10.10 name To_R2
R2(config)#ip route 0.0.0.0 0.0.0.0 192.168.20.20 name To_R1

ISP(config)#ip route 2.2.2.2 255.255.255.255 192.168.20.1
ISP(config)#ip route 1.1.1.1 255.255.255.255 192.168.10.1

R1#ping 2.2.2.2 source 1.1.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
Packet sent with a source address of 1.1.1.1
!!!!!

R1#sh cry isakmp sa
dst             src             state          conn-id slot status
192.168.20.1    192.168.10.1    QM_IDLE              1    0 ACTIVE

Posted by Pete at 7:55 PM 0 comments
Labels: ,

BGP Weight

Configuration of BGP Weight

R1(config)#router bgp 1
R1(config-router)#neighbor 12.12.12.2 weight 100

Weight with Route-map

R1(config)#access-list 1 permit host 144.144.144.144
R1(config)#route-map TAKE_AS3 permit 10
R1(config-route-map)#match address 1
R1(config-route-map)#set weight 200
R1(config-router)#neighbor 13.13.13.3 route-map TAKE_AS3 in
R1(config-router)# do clear ip bgp * soft
Posted by Pete at 7:50 PM 0 comments
Labels: ,
Subscribe to: Comments (Atom)