Tuesday, March 3, 2009

Multicast and ACL...

Multicast

  • "ip msdp peer [address] connect-source [interface]" sets up the msdp peer relationship.
  • bgp and msdp peer ip must match.
  • "ip pim neighbor-filter [acl]" can filter PIM neighbor relationships.
  • "ip igmp helper-address [address]" is an interface level command to forward igmp requests to multicast capable router, much like DHCP.
ACL
  • "ip telnet source-interface [x]" can tell a router which interface to use for telnet access.
  • "autocommand access-enable host" links dynamic ACL to telnet authorization.
  • "clear ip access-template [line] [dynamic ACL name] host [x] port [y].." clears a dynamic ACL line.
  • "autocommand access-enable host timeout [x]" creates dynamic acl timeout for dynamic ACL entries.
  • "access-list 100 dynamic [name] timeout [y] permit ip any any" creates static timeout for dynamic ACL entries.
  • "rotary [x]" is a line command to create a telnet session on 300[x]. ie; rotary 3 creates telnet access on port 3003.
  • "ip reflexive-list timeout 120" is a global command to limit reflexive ACL entries.
  • "ip tacacs source-interface [y]" assigns an interface to use for TACACS source requests.
  • When using authentication default, it does not need assigned to any line/port.
IP Services

  • "ip dhcp ping [packets] timeout [y]" changes DHCP behavior. DHCP will ping [packet] number of times with a timeout of [y] before re-assigning a previously used address.
  • manual DHCP bindings require their own pool.
  • interface level command "standby use-bia" will use MAC burned-in address for HSRP mac.
  • preemption is enabled by default in VRRP.
NAT
  • inside local is local IP of private host on your network.
  • inside global is public IP address that the outside network sees as the IP of your local host.
  • outside local is the local IP from the private network which your local hosts sees as IP of remote host.
  • outside global is public ip of remote host.
  • "extendable" allows you to have to NAT entries for the same source IP address.
  • You can use a route-map to "permit" local to global mappings.
  • You can create stateful NAT translations to assign to HSRP groups by using a mapping-ID.
  • You can create stateful NAT translations and assign a primary and backup NAT router (ip nat stateful..)
  • I hate NAT....
  • I really hate NAT....
  • Why can I not understand the NAT syntax?
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)