Posts

Image
VXLAN - GNS3 (VEOS \ IOU_L3)  Images:  Spine - IOU - i86bi_linux-adventerprisek9-ms.152-4.M1" Leaf -  vEOS - 4.13.16M-3213248.41316M.1   This was my first crack at configuring VXLAN i used a combination of vEOS and IOS because that is closest to what I run in my production environment. The actual vxlan configuration is very easy its more about making sure the underlying connectivity is in place. You can build the same lab in GNS3 using the CSR router and EIGRP which should be simpler (I had some issues with route summarization). The most important thing to confirm before starting on the vxlan configuration is that you have full reachability between all the loopbacks. Anyway it worked for me next step is doing this with EVPN. ################# ## SPINE-1 ## ################# conf t ## GENERAL ## hostname SPINE-1 ip multicast-routing ## INTERFACES ## int e0/1 ip addr 10.0.11.1 255.255.255.252 int e0/2 ip add...
7 comments
Read more
Image
GRE via IPSEC This lab shows us how to configure a conventional GRE tunnel over IPSEC. GRE is great for emulating a conventional P2P link and is often used in secondary connections via an ISP. This configuration is based on a LAB by the fantastic GNS3 Vault please check them out if you want a more detailed explanation of how to configure the below.   # #################### ## INTERNET ## ##################### int fa0/0 ip addr 192.168.12.2 255.255.255.0 no shut int fa0/1 ip addr 192.168.23.2 255.255.255.0 no shut router eigrp 1 network 192.168.12.0 network 192.168.23.0 ##################### ## NYC ## ##################### int fa0/0 ip addr 192.168.12.1 255.255.255.0 no shut int lo1  ip addr 1.1.1.1 255.255.255.0 router eigrp 1 network 192.168.12.0 router ospf 1  network 192.168.13.0 0.0.0.255 area 0   network 1.1.1.0 0.0.0.255 a...
Post a Comment
Read more
Image
Cisco ISR IPSEC to IPSEC (GNS3) This is a basic  config for IPsec to IPsec tunneling between two cisco ISRs. I prefer to use GRE tunneling for Lan to Lan but this is commonly used when connecting to 3rd parties or where GRE tunneling is not available. ############################### ## NYC ## ############################## # conf t router ospf 1 network 30.0.0.0 0.0.0.255 area 0 network 1.1.1.0 0.0.0.255 area 0 ip access-list ext 101  permit icmp host 1.1.1.1 host 3.3.3.3 crypto isakmp policy 10  encr aes 256  authentication pre-share  group 5  lifetime 1300 crypto isakmp key 0 vault address 40.0.0.1  crypto ipsec security-association lifetime seconds 1800 crypto ipsec transform-set MYSET esp-aes esp-sha-hmac crypto map MYMAP 10 ipsec-isakmp  set peer 40.0.0.1  set transform-set MYSET  match address 101 int fa0/0  ip addr 30.0.0.1 255.255.255.0  crypto map MYMA...
Post a Comment
Read more
Image
IPSEC over GRE  Not something that you would want to do in production but the following configuration is to tunnel IPSEC over GRE (As apposed to GRE inside IPSEC). This is based on a lab from the excellent gns3vault.com link below for the video explanation and final configs. http://gns3vault.com/tunneling/gre-over-ipsec/ ######################## ## NYC ## ######################## int fa0/0  ip addr 192.168.12.1 255.255.255.0  no shut int lo0  ip addr 11.11.11.11 255.255.255.0 crypto isakmp policy 1 encryption aes 256 group 5 authentication pre-shar crypto isakmp key 0 PA$$WORD address 192.168.23.3 crypto ipsec  transform-set NY_TRANS_SET esp-aes esp-sha-hmac crypto ipsec profile TUNNEL_PROTECT  set transform-set NY_TRANS_SET int tu10  tunnel source fa0/0  tunnel destination 192.168.23.3  tunnel mode ipsec ipv4  tunnel protection ipsec profile TUNNEL_PROTECT ip route 33.33.33.0 255.255.255.0 1...
Post a Comment
Read more

Configure OSPF Juniper SRX

Quick page to remind me how to configure OSPF on SRX's as its been a while. ############# # R1 # ############# set interfaces ge-0/0/0 unit 0 family inet address 10.0.0.1/30 set interfaces ge-0/0/1 unit 0 family inet address 192.168.0.1/24 set interfaces lo0 unit 0 family inet address 1.1.1.1/32 set routing-options router-id 1.1.1.1 set protocols ospf area 0.0.0.0 interface ge-0/0/0.0 set security zones security-zone TRUST interfaces ge-0/0/0.0 host-inbound-traffic system-services ping set security zones security-zone TRUST interfaces ge-0/0/0.0 host-inbound-traffic system-services traceroute set security zones security-zone TRUST interfaces ge-0/0/0.0 host-inbound-traffic system-services ssh set security zones security-zone TRUST interfaces ge-0/0/0.0 host-inbound-traffic protocols ospf set security zones security-zone TRUST address-book address BAML 159.5.153.0/24 set security zones security-zone TRUST host-inbound-traffic system-services all se...
Post a Comment
Read more

Factory default a cisco router

1. Connect to the serial console. 2. Power off the router and then power on. 3. Send the router a  BREAK . This should bring you to the  rommon  prompt 4. Type this command at the rommon prompt in order to boot from Flash. rommon 1 > confreg 0x2142 5. Reset the router. rommon 2 > reset 6. The router should now boot into the Initial config dialogue: Would you like to enter the initial configuration dialog? [yes/no]: yes 7. Follow the prompts, to set a basic config. 8. Enter enable mode and set the router to boot from the right place Router> enable Router> conf t Router(config)> config-register 0x2102 Router(config)> end Router> wr mem 9. Reload the router to check it worked properly
Post a Comment
Read more

Turn and SRX into a router

I use the below if i am working in lab environment and want to test something that does not require security to be configured. It is 100 percent not best practice for a production enviroment but if you only have SRX's in your lab and security is not a concern then its a passable workaround. set security forwarding-options family inet6 mode packet-based set security forwarding-options family mpls mode packet-based set security forwarding-options family iso mode packet-based
Post a Comment
Read more