Route Map. Route maps define
criteria for matching packets, and then use this
criteria to perform routing on them.
1
Go into the privileged mode
by typing enable.
2
Configure the device using by typing config
t.
3
Then:
(config)#
route-map MYMAP permit 20
This greats a route map entry named MYMAP
with a sequence of 20 (where values with a
lower sequence will be implemented before
this one).The permit parameter defines
that the packets are permitted.
4
Next we can view the options avialable
in route-map with:
(config-route-map)#
?
5
The match option is used to define the
parameter in the packet to match:
(config-map)#
match ?
From this it can be seen that we can match
thinks like: as-path, community, interface,
ip address, packet length, metric, route-type
and tag.
6
To view the options for ip matching:
(config-route-map)#
match ip ?
7
One of the options is with the IP address,
for this we define the access-list number
which defines the packets to match:
(config-route-map)#
map ip address 100
8
Now we can define what happens to the packets,
the options can be viewed with:
(config-route-map)#
set ?
9
For example to define the next hop for
the data packets:
(config-route-map)#
set ip next-hop 30.40.50.60
9
We can then define the access-list with:
(config-route-map)#
exit (config)#
access-list 100 ip 10.20.30.0 0.0.0.255 10.30.40.0
0.0.0.255
which takes all incoming addresses from the
10.20.30.1 to 10.20.30.254 to the destination
addresses of 10.30.40.1 to 10.30.40.254.
10
Go back to the user executive
mode with the command exit
11
Show the main system configuration with
show
running-config.
Other commands implemented:
# help
# show ip aliases - to enable the
usage of the .0 subnet (use no ip subnet-zero
to disable it).
# show ip idrp - to display details
of IDRP (ICMP Discovery Routing Protocol).
# show ip netmasks - to display
details of netmasks used on a given subnet address.
# show ip nat statistics - to display
details of NAT (Network Address Translation).
# show ip nat translations - to
display details of NAT translations.
# show ip nat translations verbose -
to display details of port translations in NAT.
# show ip snat- to display active
SNAT (Stateful Network Address Translation) translations.
# clear counters - clear counters
on interfaces.
# show ip nhrp- to display NHRP
details.
# show ip nhrp traffic - to display
NHRP traffic.
# show ip rip database- to display
rip database.
# show ip route summary - show
summmary details of a route.
# show ip route - show details
of a route.
# show flash: chips- show details
of Flash devices.
# show flash: filesys- show details
of file system on the Flash devices.
# show flash: all- show all the
details of the Flash.
# show flash: detailed - show detailed
information of the Flash.
# show memory scan - show if there
are any memory errors.
# show ip http server all - show
HTTP server details.
# show ip http server status -
show HTTP server status.
# ping ipx 1111.2222.3333.4444
- ping an IPX address.
(config)# ip http max-connections 5
- set the maximum connections to 5 for the HTTP
server.
(config)# ip http port 8080 - set
the HTTP (WWW) port to 8080.
(config)# ip default-gateway w.x.y.z
- which defaults the default gateway when routing
is disabled
(config)# ip classless - defines
classless IP addresses
(config)# ip directed-broadcast
- enable the translation of directed broadcasts
to physical broadcasts
(config)# ip domain-list - define
list of default domain names for unqualified host
names
(config)# ip domain-lookup - enable
DNS lookup service
(config)# ip forward-protocol -
specify the ports which forwards broadcasts
(config)# ip netmask-format bitcount
- display netmask in bit count format (such as 192.168.0.10/24).
(config)# ip netmask-format decimal
- display netmask in decimal format (such as 255.255.255.0).
(config)# ip netmask-format hexadecimal
- display netmask in hexadecimal format
(such as 0xFFFFFF00).
(config)# no ip routing - disable
routing (use ip routing to enable
it).
(config)# ip subnet-zero - to enable
the usage of the .0 subnet (use no ip subnet-zero
to disable it).
(config)# router odr- enable ODR
(On-demand routing) routing (use no router
odr to disable it).
(config)# cdp run- enable CDP on
router
(config)# no cdp run- disable CDP
on router (recommended for security purposes).
(config-if)# carrier-delay 5 -
defines carrier-delay on a serial port (in this
case 5 seconds).
(config-if)# cut-through - defines
cut-through switching on an Ethernet port (cut-through
forwards the data frame before it has been fully
received on the incoming port).
(config-if)# duplex full - defines
full duplex on an Ethernet port.
(config-if)# duplex half - defines
half duplex on an Ethernet port.
(config-if)# duplex auto - defines
auto duplex on an Ethernet port.
(config-if)# speed 10- defines
10Mbps rate on an Ethernet port.
(config-if)# speed 100 - defines
100Mbps rate on an Ethernet port.
(config-if)# ip split-horizon-
enables split-horizon on the interface.
(config-if)#ip nhrp - enables NHRP
(Next Hop Resolution Protocol).
(config-if)# ip proxy-arp- enable
proxy Address Resolution Protocol on an interface.
(config-if)# cdp enable - enable
CDP on an interface.
(config-if)# no cdp enable- disable
CDP on an interface.
(config-router)# default-metric 1544 2000
255 1 1500 - setup default metrics.
(config-router)# redistribute ospf 10 metric
3 - redistribute route.
(config-router)# distribute-list 2 in -
distribution list on an interface.
(config-router)# neighbor w.x.y.z -
defines the router (w.x.y.z) in which to broadcast
the routing information to.
(config-router)# version 2- defines
RIP Version 2 (or Version 1 can be used).
Additional:
ACLs can also be extended ACL, such as, to block
Napster traffic destined for port 8888:
(config)# access-list 100 deny tcp 192.5.5.0
0.0.0.255 any eq 8888 log
(config)# access-list 100 deny udp 192.5.5.0 0.0.0.255
any eq 8888 log
(config)# interface e0
(config-if)# ip access-group 100 in
or Kazaa (on port 1214):
(config)# access-list 101 deny tcp 192.5.5.0
0.0.0.255 any eq 1214 log
(config)# access-list 101 deny udp 192.5.5.0 0.0.0.255
any eq 1214 log
(config)# interface e0
(config-if)# ip access-group 101 in
Gnutella can be blocked with ports 6346 and 6347,
while ICQ is blocked with 5190.
Note. If you want to see the completed configuration,
please type the command complete
at any point, and the configuration should be set,
to the configuration defined in the previous sections.
[