β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Speeding internet :
>Cisco CEF and Address Forgery
Enabling CEF Switching (Cisco Express Forwarding (CEF) is a high-speed packet routing / switching technology used in high-performance Layer 3 switches that allows faster and more efficient traffic processing.)
t.me/UndercodeTesting
π¦ ππΌππ πππΈβπ :
1) r1 (config) #ip cef
2) Set the reverse route check on the interface:
r1 (config) #interface fastEthernet 1/0
r1 (config-if) #ip verify unicast reverse-path
3) show ip cef - displays data in the FIB
4) Show ip cef detail displays the details of each FIB element
5) Show ip cef summary - displays general statistics of FIB elements
6) Use the show cef interface x / x command to find out if the "IP CEF switching enabled,"
or "IP distributed CEF (dCEF) switching enabled."
Written by Undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Speeding internet :
>Cisco CEF and Address Forgery
Enabling CEF Switching (Cisco Express Forwarding (CEF) is a high-speed packet routing / switching technology used in high-performance Layer 3 switches that allows faster and more efficient traffic processing.)
t.me/UndercodeTesting
π¦ ππΌππ πππΈβπ :
1) r1 (config) #ip cef
2) Set the reverse route check on the interface:
r1 (config) #interface fastEthernet 1/0
r1 (config-if) #ip verify unicast reverse-path
3) show ip cef - displays data in the FIB
4) Show ip cef detail displays the details of each FIB element
5) Show ip cef summary - displays general statistics of FIB elements
6) Use the show cef interface x / x command to find out if the "IP CEF switching enabled,"
or "IP distributed CEF (dCEF) switching enabled."
Written by Undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Creating Accessory Lists for Cisco Routers :
> t.me/UndercOdeTesting
π¦ ππΌππ πππΈβπ :
1) Configure a simple sheet (identification up to 100):
Create sheet 10 and deny any connections with the address 192.168.0.2 in it
R1 (config) # access-list 10 deny 192.168.0.2
2) We connect the sheet with the input interface:
R1 (config) #interface fastEthernet 1/0
R1 (config-if) #ip access-group 10 in
R1 (config-if) #exit
3) Delete a sheet as follows (you cannot change a simple sheet):
Once you enter the interface, enter
R1 (config-if) #no ip access-group in
4) Configure a complex sheet (identification greater than 100):
Create
R2 (config) #ip access-list extended 110
5) We go to the sheet and configure it (disable icmp between hosts):
R2 (config) #ip access-list extended 110
R2 (config-ext-nacl) #deny icmp host 192.168.0.1 host 192.168.0.2
R2 (config-ext-nacl) #exit
6) We will connect with the interface
R2 (config) #interface fastEthernet 1/0
R2 (config-if) #ip access-group 110 in
WRITTEN BY UNDERCODE
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Creating Accessory Lists for Cisco Routers :
> t.me/UndercOdeTesting
π¦ ππΌππ πππΈβπ :
1) Configure a simple sheet (identification up to 100):
Create sheet 10 and deny any connections with the address 192.168.0.2 in it
R1 (config) # access-list 10 deny 192.168.0.2
2) We connect the sheet with the input interface:
R1 (config) #interface fastEthernet 1/0
R1 (config-if) #ip access-group 10 in
R1 (config-if) #exit
3) Delete a sheet as follows (you cannot change a simple sheet):
Once you enter the interface, enter
R1 (config-if) #no ip access-group in
4) Configure a complex sheet (identification greater than 100):
Create
R2 (config) #ip access-list extended 110
5) We go to the sheet and configure it (disable icmp between hosts):
R2 (config) #ip access-list extended 110
R2 (config-ext-nacl) #deny icmp host 192.168.0.1 host 192.168.0.2
R2 (config-ext-nacl) #exit
6) We will connect with the interface
R2 (config) #interface fastEthernet 1/0
R2 (config-if) #ip access-group 110 in
WRITTEN BY UNDERCODE
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
To ensure that the management domain can cover all branch switches, trunks must be configured. The Cisco switch can support any medium
as a trunk line, in order to achieve trunking can use its unique ISL label. ISL (Inter-Switch Link) is a
protocol that transfers multiple VLAN information and VLAN data flows between switches, switches and routers, and switches and servers.
By configuring ISL encapsulation on ports directly connected to switches, The VLAN assignment and
configuration of the entire network can be performed across the switch .
The configuration on the core switch side is as follows:
COM (config) #interface gigabitEthernet 2/1
COM (config-if) #switchport
COM (config-if) #switchport trunk encapsulation isl
COM (config-if) #switchport mode trunk
COM (config) #interface gigabitEthernet 2/2
COM (config-if) #switchport
COM (config-if) #switchport trunk encapsulation isl
COM (config-if) #switchport mode trunk
COM (config) #interface gigabitEthernet 2/3
COM (config-if ) #switchport
COM (config-if) #switchport trunk encapsulation isl
The configuration of COM (config-if) #switchport mode trunk
on the branch switch is as follows:
PAR1 (config) #interface gigabitEthernet 0/1
PAR1 (config-if) #switchport mode trunk
PAR2 (config) #interface gigabitEthernet 0/1
PAR2 (config -if) #switchport mode trunk
PAR3 (config) #interface gigabitEthernet 0/1
PAR3 (config-if) #switchport mode trunk
......
At this point, the management domain is set up.
3. Create a VLAN
Once you have established a management domain, you can create a VLAN.
COM (vlan) #Vlan 10 name COUNTER created a VLAN with the number 10 name COUNTER
COM (vlan) #Vlan 11 name MARKET created a VLAN 11 with the name MARKET VLAN
COM (vlan) #Vlan 12 name MANAGING created A VLAN named 12 named MANAGING
...
note that the VLAN here is established on the core switch, in fact, as long as it is established on any
switch in the management domain whose VTP attribute is Server, it will Notify all switches in the entire management domain through VTP. But if you want
If the port of the switch is assigned to a VLAN, it must be set on the switch to which the port belongs.
4. Assign the switch port to VLAN
For example, to assign PAR1, PAR2, PAR3 ... the port 1 of the branch switch to the COUNTER VLAN, port 2 to the MARKET VLAN,
port 3 to the MANAGING VLAN ...
PAR1 (config) #interface fastEthernet 0/1 configure port 1
PAR1 (config-if) #switchport access vlan 10 belong to COUNTER VLAN
PAR1 (config) #interface fastEthernet 0/2 configure port 2
PAR1 (config-if) #switchport access vlan 11 belong to MARKET VLAN
PAR1 ( config) #interface fastEthernet 0/3 configuration port 3
PAR1 (config-if) #switchport access vlan 12 home MANAGING VLAN
PAR2 (config) #interface fastEthernet 0/1 configuration port 1
PAR2 (config-if) #switchport access vlan 10 home COUNTER VLAN
PAR2 (config) #interface fastEthernet 0/2 configuration port 2
PAR2 (config-if) #switchport access vlan 11 belongs to MARKET VLAN
PAR2 (config) #interface fastEthernet 0/3 configuration port 3
PAR2 (config-if) #switchport access vlan 12 Home MANAGING VLAN
PAR3 (config) #interface fastEthernet 0/1 configuration port 1
PAR3 (config-if) #switchport access vlan 10 Home COUNTER VLAN
PAR3 (config) #interface fastEthernet 0/2 Configure port 2
PAR3 (config-if) #switchport access vlan 11 Home MARKET VLAN
PAR3 (config) #interface fastEthernet 0/3 Configure port 3
PAR3 (config-if) #switchport access vlan 12 Belonging to the MANAGING VLAN
β¦β¦
5. Configure Layer 3 switching
At this point, the VLAN has been basically divided. However, how to implement Layer 3 (network layer) switching between VLANs? At this time, it is necessary to
assign network (IP) addresses to each VLAN. There are two cases for assigning IP addresses to VLANs. One is to assign
static IP addresses to all nodes in the VLAN; and the other is to assign dynamic IP addresses to all nodes in the VLAN. The following two cases are introduced separately.
as a trunk line, in order to achieve trunking can use its unique ISL label. ISL (Inter-Switch Link) is a
protocol that transfers multiple VLAN information and VLAN data flows between switches, switches and routers, and switches and servers.
By configuring ISL encapsulation on ports directly connected to switches, The VLAN assignment and
configuration of the entire network can be performed across the switch .
The configuration on the core switch side is as follows:
COM (config) #interface gigabitEthernet 2/1
COM (config-if) #switchport
COM (config-if) #switchport trunk encapsulation isl
COM (config-if) #switchport mode trunk
COM (config) #interface gigabitEthernet 2/2
COM (config-if) #switchport
COM (config-if) #switchport trunk encapsulation isl
COM (config-if) #switchport mode trunk
COM (config) #interface gigabitEthernet 2/3
COM (config-if ) #switchport
COM (config-if) #switchport trunk encapsulation isl
The configuration of COM (config-if) #switchport mode trunk
on the branch switch is as follows:
PAR1 (config) #interface gigabitEthernet 0/1
PAR1 (config-if) #switchport mode trunk
PAR2 (config) #interface gigabitEthernet 0/1
PAR2 (config -if) #switchport mode trunk
PAR3 (config) #interface gigabitEthernet 0/1
PAR3 (config-if) #switchport mode trunk
......
At this point, the management domain is set up.
3. Create a VLAN
Once you have established a management domain, you can create a VLAN.
COM (vlan) #Vlan 10 name COUNTER created a VLAN with the number 10 name COUNTER
COM (vlan) #Vlan 11 name MARKET created a VLAN 11 with the name MARKET VLAN
COM (vlan) #Vlan 12 name MANAGING created A VLAN named 12 named MANAGING
...
note that the VLAN here is established on the core switch, in fact, as long as it is established on any
switch in the management domain whose VTP attribute is Server, it will Notify all switches in the entire management domain through VTP. But if you want
If the port of the switch is assigned to a VLAN, it must be set on the switch to which the port belongs.
4. Assign the switch port to VLAN
For example, to assign PAR1, PAR2, PAR3 ... the port 1 of the branch switch to the COUNTER VLAN, port 2 to the MARKET VLAN,
port 3 to the MANAGING VLAN ...
PAR1 (config) #interface fastEthernet 0/1 configure port 1
PAR1 (config-if) #switchport access vlan 10 belong to COUNTER VLAN
PAR1 (config) #interface fastEthernet 0/2 configure port 2
PAR1 (config-if) #switchport access vlan 11 belong to MARKET VLAN
PAR1 ( config) #interface fastEthernet 0/3 configuration port 3
PAR1 (config-if) #switchport access vlan 12 home MANAGING VLAN
PAR2 (config) #interface fastEthernet 0/1 configuration port 1
PAR2 (config-if) #switchport access vlan 10 home COUNTER VLAN
PAR2 (config) #interface fastEthernet 0/2 configuration port 2
PAR2 (config-if) #switchport access vlan 11 belongs to MARKET VLAN
PAR2 (config) #interface fastEthernet 0/3 configuration port 3
PAR2 (config-if) #switchport access vlan 12 Home MANAGING VLAN
PAR3 (config) #interface fastEthernet 0/1 configuration port 1
PAR3 (config-if) #switchport access vlan 10 Home COUNTER VLAN
PAR3 (config) #interface fastEthernet 0/2 Configure port 2
PAR3 (config-if) #switchport access vlan 11 Home MARKET VLAN
PAR3 (config) #interface fastEthernet 0/3 Configure port 3
PAR3 (config-if) #switchport access vlan 12 Belonging to the MANAGING VLAN
β¦β¦
5. Configure Layer 3 switching
At this point, the VLAN has been basically divided. However, how to implement Layer 3 (network layer) switching between VLANs? At this time, it is necessary to
assign network (IP) addresses to each VLAN. There are two cases for assigning IP addresses to VLANs. One is to assign
static IP addresses to all nodes in the VLAN; and the other is to assign dynamic IP addresses to all nodes in the VLAN. The following two cases are introduced separately.
We assume that the interface IP address assigned to VLAN COUNTER is 172.16.58.1/24, and the network address is: 172.16.58.0,
The interface IP address assigned by VLAN MARKET is 172.16.59.1/24, the network address is 172.16.59.0,
the interface IP address assigned by VLAN MANAGING is 172.16.60.1/24, and the network address is 172.16.60.0 ... If the IP address
is dynamically assigned, set the IP address of the DHCP server on the network to 172.16.1.11.
(1) Assign static IP addresses to all the nodes
in the VLAN First set the interface IP addresses of each VLAN on the core switch as follows:
COM (config) #interface vlan 10
COM (config-if) #ip address 172.16.58.1 255.255.255.0 VLAN10 interface IP
COM (config) #interface vlan 11
COM (config-if) #ip address 172.16.59.1 255.255.255.0 VLAN11 interface IP
COM (config) #interface vlan 12
COM (config-if) #ip address 172.16 .60.1 255.255.255.0 VLAN12 interface IP
β¦
and then set the IP address of each VLAN-accessed computer to be consistent with the network address of the VLAN to which it belongs, and set the default gateway as
the interface address of the VLAN. In this way, all VLANs can also visit each other.
(2) Assign dynamic IP addresses to all the nodes
in the VLAN. First, set the interface IP address of each VLAN and the IP address of the DHCP server on the core switch as follows:
COM (config) #interface vlan 10
COM (config-if) #ip address 172.16.58.1 255.255.255.0 VLAN10 interface IP
COM (config-if) #ip helper-address 172.16.1.11 DHCP Server IP
COM (config) #interface vlan 11
COM (config-if) #ip address 172.16.59.1 255.255.255.0 VLAN11 interface IP
COM (config-if) #ip helper-address 172.16.1.11 DHCP Server IP
COM (config) #interface vlan 12
COM (config-if) #ip address 172.16.60.1 255.255.255.0 VLAN12 interface IP
COM (config-if) #ip helper-address 172.16.1.11 DHCP Server IP
...
and then set the network addresses on the DHCP server to be 172.16.58.0, 172.16.59.0, 172.16 .60.0 scope,
and set the "router" option of these scopes to the interface IP address of the corresponding VLAN. In this way, you can ensure that all VLANs
can also visit each other.
Finally, perform network settings on each computer connected to the VLAN, and set the IP address option to obtain an IP address automatically.
3. Summary
This article is a summary of the author's actual work. The author tries to explain the whole process of creating VLAN in plain text.
And given the detailed setting steps, as long as you have some understanding of the IOS of Cisco switches, it is not difficult to understand this article. Follow
the steps shown in this article step by step, you can create multiple VLANs for a typical Fast Ethernet network
---- At the beginning of the enterprise network, due to its small size, narrow application area, and knowledge of Internet access The low level and
lack of knowledge about network security and management make the enterprise network limited to the exchange mode. There are two main switching technology
ways: Ethernet frame switching and cell switching based on ATM, which has greatly improved performance relative to the shared network, but
all in one IP or IPX network segment network device Speaking, it is in the same broadcast domain. When the number of workstations is large and the
information flow is large, it is easy to form a broadcast storm, which seriously affects the operation speed of the network and even easily leads to network paralysis. How to
avoid this problem? It is a good choice to divide the network.
The interface IP address assigned by VLAN MARKET is 172.16.59.1/24, the network address is 172.16.59.0,
the interface IP address assigned by VLAN MANAGING is 172.16.60.1/24, and the network address is 172.16.60.0 ... If the IP address
is dynamically assigned, set the IP address of the DHCP server on the network to 172.16.1.11.
(1) Assign static IP addresses to all the nodes
in the VLAN First set the interface IP addresses of each VLAN on the core switch as follows:
COM (config) #interface vlan 10
COM (config-if) #ip address 172.16.58.1 255.255.255.0 VLAN10 interface IP
COM (config) #interface vlan 11
COM (config-if) #ip address 172.16.59.1 255.255.255.0 VLAN11 interface IP
COM (config) #interface vlan 12
COM (config-if) #ip address 172.16 .60.1 255.255.255.0 VLAN12 interface IP
β¦
and then set the IP address of each VLAN-accessed computer to be consistent with the network address of the VLAN to which it belongs, and set the default gateway as
the interface address of the VLAN. In this way, all VLANs can also visit each other.
(2) Assign dynamic IP addresses to all the nodes
in the VLAN. First, set the interface IP address of each VLAN and the IP address of the DHCP server on the core switch as follows:
COM (config) #interface vlan 10
COM (config-if) #ip address 172.16.58.1 255.255.255.0 VLAN10 interface IP
COM (config-if) #ip helper-address 172.16.1.11 DHCP Server IP
COM (config) #interface vlan 11
COM (config-if) #ip address 172.16.59.1 255.255.255.0 VLAN11 interface IP
COM (config-if) #ip helper-address 172.16.1.11 DHCP Server IP
COM (config) #interface vlan 12
COM (config-if) #ip address 172.16.60.1 255.255.255.0 VLAN12 interface IP
COM (config-if) #ip helper-address 172.16.1.11 DHCP Server IP
...
and then set the network addresses on the DHCP server to be 172.16.58.0, 172.16.59.0, 172.16 .60.0 scope,
and set the "router" option of these scopes to the interface IP address of the corresponding VLAN. In this way, you can ensure that all VLANs
can also visit each other.
Finally, perform network settings on each computer connected to the VLAN, and set the IP address option to obtain an IP address automatically.
3. Summary
This article is a summary of the author's actual work. The author tries to explain the whole process of creating VLAN in plain text.
And given the detailed setting steps, as long as you have some understanding of the IOS of Cisco switches, it is not difficult to understand this article. Follow
the steps shown in this article step by step, you can create multiple VLANs for a typical Fast Ethernet network
---- At the beginning of the enterprise network, due to its small size, narrow application area, and knowledge of Internet access The low level and
lack of knowledge about network security and management make the enterprise network limited to the exchange mode. There are two main switching technology
ways: Ethernet frame switching and cell switching based on ATM, which has greatly improved performance relative to the shared network, but
all in one IP or IPX network segment network device Speaking, it is in the same broadcast domain. When the number of workstations is large and the
information flow is large, it is easy to form a broadcast storm, which seriously affects the operation speed of the network and even easily leads to network paralysis. How to
avoid this problem? It is a good choice to divide the network.