'IT Note/CCNP' 카테고리의 글 목록 (2 Page)

[ONT] 1일차

Posted by seunggwon

2008. 10. 27. 00:42 IT Note/CCNP

ONT

Qos

1. Queuing(FIFO, PQ, WPR ... CBWFQ)

2. Compression

3. Red

4. policing, shaping

AUTO Qos, VOIP

Qos

========

1. 정의

2. 분류

3. 정책

========

CLI (router, switch, pix(ASA))

GUI (VPN, IPS, VOICE)

Qos Configuration

1. 분류

2. 정책

3. 적용

===========================================================

MQC

serial 1/0 통과하는 http traffic은 1M bandwidth 를 보장하시오.

1. 분류 HTTP (class-map)

2. 정책 HTTP bandwidth 1M (policy map)

3. 적용 serial 1/0 나가는 (service-policy)

access-list 100 permit tcp any any eq www

class-map HTTP

match access-group 100

policy-map MYPOLICY

class HTTP

bandwidth 1000

interface serial 1/0

service-policy output MYPOLICY

==확인==

show class-map

show policy-map

show policy-map interface s1/0

===================================================================

class-map TEST

match access-group 100

match protocol http (NBAR)

match protocol http url cisco.com

match porotocl http mime ".jpg

match protocol rtp audio

match potocol rtp video // traffic을 형식에 따라 구분해서 match 시킨다.

match any // 모든 traffic을 match시킨다.

match not protocol http // http protocol 제외한 모든 traffic을 match시킨다.

class-map match-all TEST (and) (default)

class-map match-any TEST (or) // 한가지만 match되도...

access-list 100 permit tcp any any eq 80

access-list 100 permit udp any any eq ??

class-map HTTP

match protocol http

class-map FTP

match protocol ftp

class-map TELNET

match protocol telnet

serial 1/0 통과 HTTP traffic 1M 보장

class-map TEST

match protocol http

serial 1/0 통과 10.10.10.1 20.20.20.1로 향하는 HTTP traffic 1M 보장

access-list 100 permit tcp host 10.10.10.1 host 20.20.20.1 eq www

class-map TEST

match access-group 100

=======================================================

HTTP 1M

FTP 1M

TELNET 1M

class-map HTTP

match protocol http

class-map FTP

match protocol ftp

class-map TELNET

match protocol telnet

policy-map MYPOLICY

class HTTP

bandwidth 1000

class FTP

bandwidth 1000

class TELNET

bandwidth 1000

class class-default

bandwidth 1000

interface s1/0

service-policy [input/output] MYPOLICY

확인

show policy-map interface s1/0

59.5.100.205

sw14

username = itbank

password = itbank

초기화

erase startup(nvram startup config)

reload

=======================================

AUTO Qos

interface fa0/1

auto qos voip cisco-phone

auto qos ?

1. CEF (L3 switching 방식) => default

2. NBAR

3. Bandwidth => default

Qos를 분류하는 기준

1. best effort

2. intserv

3. diffserv

Diffserv (MQC)

class-map TEST

match input-interface

match access-group 100

match protocol http //분류할 수 있다.

match ip dscp

match ip precedence

match cos

L2 COS (3bit) // 8가지로 분류할 수 있다.

ethernet (pri)

frame-relay (de)

mpls (wxp)

L3 IP precedence(3bit) // 8가지로 분류할 수 있다.

DSCP (8bit) // 64가지로 분류할 수 있다.

ip (tos)

class-map HTTP

match protocol http

policy-map MYPOLICY

class HTTP

set ip precedence 2

interface fa0/1

service-policy input MYPOLICY

===============================

class-map HTTP

match ip precedence 2

policy-map MYPOLICY

class HTTP

bandwidth 1000

interface s1/0

service-policy output MYYPOLICY

예제

class-map FTP

match protocol ftp

class-map HTTP

match protocol http

class-map TELNET

match access-group 100

policy-map MYPOLICY

class FTP

set ip precedence 5

class HTTP

set ip precedence 2

class TELNET

set ip precedence 4

interface fa0/0

service-policy input MYPOLICY

access-list 100 permit tcp host 1.1.1.1 host 11.11.11.11 eq telnet

문제1

class-map ICMP1

match access-group 100

class-map ICMP2

match access-group 101

class-map TELNET

match access-group 102

policy-map MARKING

class ICMP1

set ip precedence 3

class ICMP2

set ip precedence 2

class TELNET

set ip precedence 1

interface s1/1

service-policy input MARKING

access-list 100 permit icmp host 10.1.41.4 host 2.2.2.2

access-list 101 permit icmp host 10.1.41.4 host 10.1.12.2

access-list 102 permit tcp host 4.4.4.4 host 2.2.2.2 eq telnet

확인

capture R1 s1/0 precedence.cap HDLC

ping 2.2.2.2 source 10.1.41.4 => precedence 3

ping 10.1.12.2 source 10.1.41.4 => precedence 2

telnet 2.2.2.2 /source lo 0 => precedence 1

저작자표시 비영리 변경금지

'IT Note > CCNP' 카테고리의 다른 글

[ONT] 2일차 (0)	2008.10.27
[BSCI] IPSec LAB_03-1 : GRE Tunnel (0)	2008.07.24
[BSCI] IPSec LAB_2 : IPSec Basic configuration(Tunnel) (0)	2008.07.24

Trackback: Comment:

[BSCI] IPSec LAB_01 : IPSec Basic configuration

Posted by seunggwon

2008. 7. 24. 12:37 IT Note/CCNP

과제 : R1의 10.10.10.0/24 네트워크 사용자와 R2의 20.20.20.20.0/24 사용자간에 통신시 IPSec을 구성하라. Static Route를 이용하여 설정하시오.
아래의 조건을 이용하여 구성하시오.
Peer Authentication=pre-share
Encryption=3DES, Hash=md5
Diffie-Hellman=group 1(768bit 방식으로 키분배)
lifetime=3600
[transform-set[ESP(DES) AH(MD5) 사용하시오.], crypto map, name은 적절히 사용하시오.]

'IT Note > CCNP' 카테고리의 다른 글

[ONT] 1일차 (0)	2008.10.27
[BSCI] IPSec LAB_03-1 : GRE Tunnel (0)	2008.07.24
[BSCI] IPSec LAB_2 : IPSec Basic configuration(Tunnel) (0)	2008.07.24

Trackback: Comment:

[BSCI] OSPF LAB_01 : OSPF Basic configuration

[BSCI] EIGRP LAB_04 : EIGRP Advanced configuration (FRAME-RELAY) Point-to-Point, Multipoint

[BSCI] EIGRP LAB_03 : EIGRP Advanced configuration

[BSCI] EIGRP LAB_02 : EIGRP Basic configuration

[BSCI] EIGRP LAB_01 : EIGRP Basic configuration

[ONT] 4일차

[ONT] 3일차

[ONT] 2일차

[ONT] 1일차

'IT Note > CCNP' 카테고리의 다른 글

[BSCI] IPSec LAB_03-1 : GRE Tunnel

[BSCI] IPSec LAB_2 : IPSec Basic configuration(Tunnel)

[BSCI] IPSec LAB_01 : IPSec Basic configuration

'IT Note > CCNP' 카테고리의 다른 글

티스토리툴바