Archives 2014 - Afenioux's Blog page

Vlan Shaping

Written by Arnaud 11 march 2014 no comments

conf t
  mls qos

  class-map match-any vlan123
   match vlan 123

  policy-map ratelimit
   class vlan123
   police cir 1000000000
   confirm-action transmit
   exceed-action drop

  int gi0/1
    service-policy input ratelimit

Limit user access (views)

Written by Arnaud 11 march 2014 no comments

limit commands to admin 15 :

privilege exec level 15 ssh
privilege exec level 15 telnet

Create a view for a user :

enable view
conf t
  parser view readonly
    secret 5 ???
    commands exec include show vlan
    commands exec include show
    exit
  username test view readonly password 0 ????

sources :
http://www.cisco.com/en/US/docs/ios/12_3t/12_3t7/feature/guide/gtclivws.html#wp1058080
http://www.cisco.com/c/en/us/support/docs/security-vpn/remote-authentication-dial-user-service-radius/107614-64.html#topic2

Configuring Netflow

Written by Arnaud 08 january 2014 no comments

Old style :

interface Gi0/1
   ip flow ingress

 ip flow-export source Gi0/2
 ip flow-export destination 192.168.0.2 2055

New Style :

interface Gi0/1

ip route-cache flow sampled

ip route-cache distributed

ip flow-export version 5

ip flow-export destination 192.168.0.2 2055

ip flow-sampling-mode packet-interval 100

http://www.cisco.com/en/US/docs/ios/12_0s/feature/guide/12s_sanf.html

Or even :

flow-sampler-map SAMPLER
 mode random one-out-of 100

ip flow-export version 5
ip flow-export destination 192.168.0.2 2055

interface Gi0/1
 flow-sampler SAMPLER

http://www.cisco.com/en/US/docs/ios/12_0s/feature/guide/nfstatsa.html

Debug :

show ip flow sampling
sh ip flow export