Pages

Monday, April 2, 2012

ASA802 Win7 GNS3 8.2


  1. Prepare below two files

asa802-k8.initrd.gz
http://www.mediafire.com/?t95719uwv6m8aif
asa802-k8.kernel
http://www.mediafire.com/?j6z9gn9r3cgmgbn

  1. Open GNS3, point below option (in yellow) to this two files



  1. Start ASA, console and type below command


modprobe e1000

ifconfig eth0 up
ifconfig eth1 up
ifconfig eth2 up
ifconfig eth3 up
ifconfig eth4 up
ifconfig eth5 up

cp /asa/bin/lina /mnt/disk0/lina
cp /asa/bin/lina_monitor /mnt/disk0/lina_monitor

cd /mnt/disk0
/mnt/disk0/lina_monitor

Friday, March 30, 2012

Adding new Nexus 2K fabric extender

This step by step on how to add new Nexus 2000 (N2K) to Nexus 5000 (N5K)


Before apply, issue command sh fex and sh interface fex, this will show you fex is connected, but not online
  FEX         FEX           FEX                       FEX              
Number    Description      State            Model            Serial    
------------------------------------------------------------------------
---       --------             Connected     N2K-C2248TP-1GE   JAF1453BPRB

Then check to which interface this fex is connected to, sh interface fex
     Fabric      Fabric       Fex                FEX          
Fex  Port      Port State    Uplink    Model         Serial   
---------------------------------------------------------------
---   Eth1/12    Discovered     1    N2K-C2248TP-1GE  JAF1453BPRB


1.create new Fex instant
-use fex-id range number between 100-199
-choose 10G Ethernet ports

 fex <fex-id>
  pinning max-links <1-4>
  description <des..>

2.create new port channel and vPC

Interface port-channel <id>
 description <des..>
 switchport mode fex-fabric
 vpc <vpc-id>
 fex associate <fex-id created above>

3.bind port to the PO created above

interface Ethernet1/9
  description <des...>
  fex associate <fex-id>
  switchport mode fex-fabric
  channel-group <PO-id>

Example.



once finish issue command sh fex again to make sure the new fabric extender is online (it'll download image from N5K before it become fully online, may take some time)
FEX         FEX           FEX                       FEX              
Number    Description      State            Model            Serial    
------------------------------------------------------------------------
112  aus-b3-gp4-l9-fex12                Online     N2K-C2248TP-1GE   JAF1453BPRB

Usually each N5K in Austin only server 1 vlan, in this case we can just assign all the new port in one shot
interface ethernet 112/1/1 - 48
  switchport access vlan 2015
  spanning-tree port type edge
  spanning-tree bpdufilter enable

Friday, March 2, 2012

Implementing QoS DSCP marking on customer router

In this scenario, QoS policing done on Provider CE router and customer don't have access to it, Customer only mark the traffic with DSCP value for QoS policing (on the CE router)



We'll classify highest priority voice to COS1, high priority traffic COS2, less priority COS4 and for traffic didn't match any of those class will be automatically set to COS3 (medium priority)

1.       Classify the packets using ACL, ACL 101 for COS1, 102 COS2  and 104 COS4(traffic didn't match any of the ACL will fall to default, COS3)
access-list 101 remark **** Global VoIP ranges *****
access-list 101 permit ip any 10.1.0.0 0.0.255.255
access-list 101 permit ip 10.1.0.0 0.0.255.255 any
access-list 101 remark **** Global Citrix ranges *****
access-list 101 permit ip any 10.2.0.0 0.0.255.255
access-list 101 permit ip 10.2.0.0 0.0.255.255 any
access-list 101 remark **** Global FTP ranges *****
access-list 101 permit ip any 10.4.0.0 0.0.255.255
access-list 101 permit ip 10.4.0.0 0.0.255.255 any
2.       Set class-map for each packets that match ACL above into respective class and give a name
class-map match-any COS4
  description Low priority data traffic match
match access-group 104
class-map match-any COS2
  description High priority data traffic match
match access-group 102
class-map match-any COS1
  description Highest priority real-time voice traffic
match access-group 101
3.       Create policy map and mark the DSCP value and bandwidth for each class-map
policy-map QoSMarking
class COS1
  set ip dscp ef
  priority 1536
class COS2
  set ip dscp af31
  bandwidth 4096
  random-detect dscp-based
class COS4
  set ip dscp default
  bandwidth 14336
class class-default
  set ip dscp af21
  bandwidth 18432
  random-detect dscp-based
4.       Apply policy map to interface Gi 0/1 that facing CE router
interface GigabitEthernet0/1
description External_facing_CE
ip address 10.9.9.1 255.255.255.252
service-policy output QoSMarking


Basically this is how it's work
·         Traffic entering LAN router from Customer LAN
·         Every packets routed to Gi0/1 will go thru the policy map marking process(step4)
·         First Policy-map will check the packet fall under which class(step3)
·         this done by class-map (step2)
·         by referring the ACL configure on each class(step1)
·         once found, the Policy-map will set the DSCP value base on class the packet belong to
·         If the packet didn't match any ACL, Policy-map will automatically set class-default to it (in this case COS3)