Route-map простой пример

route-map DLINK permit 10
match ip address DLINK
set ip next-hop 10.254.21.252
!
ip access-list extended DLINK
permit ip host 10.5.8.218 lj

interface GigabitEthernet0/1.158
ip policy route-map DLINK

Для хоста с адресом 10.5.8.218 шлюзом будет 10.254.21.252

SSH в Cisco

Commands to verify SSH configuration:
• show ssh
• show ip ssh
• debug ip ssh

Router>enable
Password:
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname R1
R1(config)#ip domain-name home.local
R1(config)#crypto key generate rsa general-keys modulus 2048
The name for the keys will be: R1.home.local
% The key modulus size is 2048 bits
% Generating 2048 bit RSA keys, keys will be non-exportable...[OK]
R1(config)#ip ssh time-out 60
R1(config)#ip ssh authentication-retries 3
R1(config)#ip ssh version 2
R1(config)#line vty 0 4
R1(config-line)#transport input ssh
R1(config-line)#exit
R1(config)#aaa new-model
R1(config)#username bob password 0 cisco
R1(config)#exit

Скачивание и распаковка архивированной IOS

archive download-sw tftp://x.x.x.x/cme-full-7.0.0.1.tar

Запретить торренты на cisco

Create a class-map to match the protocols to be blocked.
ITOPERATIONZ(config)#class-map match-any torrentz
ITOPERATIONZ(config-cmap)#match protocol bittorrent
Create a policy-map to specify what should be done with the traffic.
ITOPERATIONZ(config)#policy-map torrentz
ITOPERATIONZ(config-pmap)#class torrentz
ITOPERATIONZ(config-pmap-c)#drop
Apply the policy to the user-facing (incoming) interface.
ITOPERATIONZ(config)#interface fa0/1
ITOPERATIONZ(config-if)#service-policy input torrentz
NBAR command will only work with 12.2 IOS.

Бекап конфига Cisco пр write memory

archive
path tftp://192.168.111.100/$h-$t write-memory

$h - hostname
$t -time
Wait while more posts are being loaded