ADV SERVICES 4-2
4.1 Network Address Translation NAT ************************ LAB 4 - 2 and 3
Sw1
conf t
int loo 100
ip address 100.100.17.7 255.255.255.255
!
ip route 100.100.42.10 255.255.255.0 10.10.17.1
Sw2
conf t
int loop 100
ip address 100.100.42.10 255.255.255.255
!
ip route 100.100.17.7 255.255.255.0 10.10.42.2
R1
conf t
ip route 100.100.42.10 255.255.255.0 10.10.14.1
R2
conf t
ip route 100.100.17.7 255.255.255.0 10.10.24.4
R4
conf t
ip nat inside source static 10.10.17.7 100.100.17.7
ip nat inside source static 10.10.42.2 100.100. 42.2
int s0/0/0
ip nat outside
int s0/1/0
ip nat outside
=============================================
4.1 Layer 2 QOS
SW1-SW4
int range fa01 - 5
int fa0/19 - 24
mls qos trust cos
!
#mls qos srr-queue input cos-map threshold 1 1
#mls qos srr-queue input cos-map threshold 1 5
#mls qos srr-queue input threshold 1 40 100
#mls qos srr-queue input threshold 1 100 100
SW1
int range fa1/0 - 5
mls qos cos 1
mls qos trust cos
==============================================
4.2 CBWFQ
R2
conf t
class-map match-all BB2
match input-interface fa0/1
policy-map CBWFQ
class BB2
bandwidth 10000
int fa0/0
service-policy output CBWFQ
R3
conf t
class-map match-all BB1
match input-interface fa0/0
policy-map CBWFQ
class BB1
bandwidth 1000
int s0/0/0
service-policy output CBWFQ
================================================
4.3 Routing Protocol Authentication
Sw1 - SW4
conf t
int vlan 123
ip ospf authentication message-digest
ip ospf message-digast-key 1 md5 cisco
!
no service password encription
=================================================
4.5 & 4.6 DHCP & layer 2 security
R4
conf t
ip dhcp pool pool
network 10.10.44.0 255.255.255.0
default-router 10.10.44.4
dns-server 10.10.55.50 10.10.55.51
domain-name cisco.com
!
ip dhcp excluded-address 10.10.44.100
ip dhcp excluded-address 10.10.44.4
ip dhcp excluded-address 10.10.44.200
SW1
conf t
ip dhcp snooping database CCIE.TXT
no ip dhcp snooping information option
ip dhcp snooping
ip dhcp snooping vlan 44
ip dhcp snooping verify mac-address
ip arp inspection vlan 44
int fa0/4
ip dhcp snooping trust
ip arp inspection trust
int fa0/14
ip verify source
switchport
switchport mode access
switchport port-security
switchport access vlan 44
switchport port-security mac-address sticky
switchport port-security violation shutdown
switchport port-security maximum 3
no shut
=============================================================
4.7 WCCP 4-2
R4
conf t
ip wccp web-cache
ip wccp 61
ip wccp 62
ip wccp 61 redirect-list ANY_TO_CLIENT
ip wccp 62 redirect-list CLIENT_TO_ANY
ip access-list extended ANY_TO_CLIENT
permit ip any 10.10.44.0 255.255.255.0
ip access-list extended CLIENT_TO_ANY
permit ip 10.10.44.0 255.255.255.0 any
int s0/0/0
ip wccp 61 redirect in
ip wccp 62 redirect out
int s0/1/0
ip wccp 61 redirect in
ip wccp 62 redirect out
int fa0/1
ip wccp redirect exclude in
=============================================================
ADV SERVICES 4-3
4.1 Network Address Translation NAT ************************ LAB 4 - 2 and 3
Sw1
conf t
int loo 100
ip address 100.100.17.7 255.255.255.255
!
ip route 100.100.42.10 255.255.255.0 10.10.17.1
Sw2
conf t
int loop 100
ip address 100.100.42.10 255.255.255.255
!
ip route 100.100.17.7 255.255.255.0 10.10.42.2
R1
conf t
ip route 100.100.42.10 255.255.255.0 10.10.14.1
R2
conf t
ip route 100.100.17.7 255.255.255.0 10.10.24.4
R4
conf t
ip nat inside source static 10.10.17.7 100.100.17.7
ip nat inside source static 10.10.42.2 100.100. 42.2
int s0/0/0
ip nat outside
int s0/1/0
ip nat outside
=============================================
4.1 Layer 2 QOS
SW1-SW4
int range fa01 - 5
int fa0/19 - 24
mls qos trust cos
!
#mls qos srr-queue input cos-map threshold 1 1
#mls qos srr-queue input cos-map threshold 1 5
#mls qos srr-queue input threshold 1 40 100
#mls qos srr-queue input threshold 1 100 100
SW1
int range fa1/0 - 5
mls qos cos 1
mls qos trust cos
==============================================
4.2 CBWFQ
R2
conf t
class-map match-all BB2
match input-interface fa0/1
policy-map CBWFQ
class BB2
bandwidth 10000
int fa0/0
service-policy output CBWFQ
R3
conf t
class-map match-all BB1
match input-interface fa0/0
policy-map CBWFQ
class BB1
bandwidth 1000
int s0/0/0
service-policy output CBWFQ
================================================
4.3 Routing Protocol Authentication
Sw1 - SW4
conf t
int vlan 123
ip ospf authentication message-digest
ip ospf message-digast-key 1 md5 cisco
!
no service password encription
=================================================
4.5 & 4.6 DHCP & layer 2 security
R4
conf t
ip dhcp pool pool
network 10.10.44.0 255.255.255.0
default-router 10.10.44.4
dns-server 10.10.55.50 10.10.55.51
domain-name cisco.com
!
ip dhcp excluded-address 10.10.44.100
ip dhcp excluded-address 10.10.44.4
ip dhcp excluded-address 10.10.44.200
SW1
conf t
ip dhcp snooping database CCIE.TXT
no ip dhcp snooping information option
ip dhcp snooping
ip dhcp snooping vlan 44
ip dhcp snooping verify mac-address
ip arp inspection vlan 44
int fa0/4
ip dhcp snooping trust
ip arp inspection trust
int fa0/14
ip verify source
switchport
switchport mode access
switchport port-security
switchport access vlan 44
switchport port-security mac-address sticky
switchport port-security violation shutdown
switchport port-security maximum 3
no shut
=============================================================
4.7 WCCP 4-3 ******
R4
conf t
ip wccp web-cache
ip wccp 61
ip wccp 62
ip wccp 61
int s0/0/0
ip wccp 61 redirect in
int s0/1/0
ip wccp 61 redirect in
int fa0/0
ip wccp 62 redirect in
int fa0/1
ip wccp redirect exclude
=============================================================