kron occurrence BACKUP in 24:00 recurring
policy-list Daily
!
kron policy-list Daily
cli show run | redirect tftp://172.16.0.1/Current_UC_Backup.conf
or…………
kron occurrence wBackup in 7:0:0 recurring
policy-list Daily
!
kron policy-list Daily
cli copy running-config flash:backupconfig.cfg
New York:
crypto isakmp key pr3sh4r3dk3y! address 2.2.2.2 no-xauth
crypto ipsec transform-set GRE esp-des esp-md5-hmac
mode transport
!
crypto ipsec profile GRE_Tunnel
set transform-set GRE
interface Tunnel1
description GRE to Miami
ip address 192.168.1.1 255.255.255.0
delay 100
tunnel path-mtu-discovery
tunnel source GigabitEthernet0/1
tunnel destination 2.2.2.2
tunnel protection ipsec profile GRE_Tunnel
interface GigabitEthernet0/1
ip address 1.1.1.1 255.255.255.252
Miami:
crypto isakmp key pr3sh4r3dk3y! address 1.1.1.1 no-xauth
crypto ipsec transform-set GRE esp-des esp-md5-hmac
mode transport
!
crypto ipsec profile GRE_Tunnel
set transform-set GRE
interface GigabitEthernet0/1
ip address 2.2.2.2 255.255.255.252
interface Tunnel1
description GRE to New York
ip address 192.168.1.2 255.255.255.0
delay 100
tunnel path-mtu-discovery
tunnel source GigabitEthernet0/1
tunnel destination 1.1.1.1
tunnel protection ipsec profile GRE_Tunnel
router eigrp 100
network 192.168.16.0
no auto-summary
router bgp 65001
neighbor 1.187.15.17 remote-as 32880
maximum-paths 2
!
address-family ipv4
redistribute eigrp 100 route-map EIGRP_to_BGP
route-map EIGRP_to_BGP deny 10 <–routes not to advertise
match ip address 10
match route-type internal
route-map EIGRP_TO_BGP permit 20 <– allow all other redistribution
access-list 10 permit 10.99.99.0 0.0.0.255
sla monitor 10
type echo protocol ipIcmpEcho 8.8.8.8 interface outside
num-packets 3
timeout 1000
frequency 3
sla monitor schedule 10 life forever start-time now
track 1 rtr 10 reachability
route outside 0.0.0.0 0.0.0.0 24.176.24.1 1 track 1
route backupisp 0.0.0.0 0.0.0.0 70.69.131.1 254
This example will redistribute vpn traffic into your eigrp network.
1. Turn on reverse route for your crypto maps
crypto dynamic-map Outside_dyn_map 20 set reverse-route <– for a remote access VPN
crypto map Outside_map 1 set reverse-route <– for a L2L tunnel
2. Make route map and define traffic
access-list VPN-Redistribute standard permit 10.222.222.0 255.255.255.128 <– VPN traffic
route-map Redistribute permit 5
match ip address VPN-Redistribute
3. Define eigrp process, including your inside network
router eigrp 10
network 10.254.254.0 255.255.255.224
redistribute static route-map Redistribute
track 10 ip sla 10 reachability
delay down 5 up 5
ip sla 10
icmp-echo 8.8.8.8 source-interface GigabitEthernet0/0.100
threshold 30
timeout 3000
frequency 3
ip sla schedule 10 life forever start-time now
ip sla logging traps
ip route 0.0.0.0 0.0.0.0 192.168.100.252 track 10 <–install only when sla 10=true
ip route 0.0.0.0 0.0.0.0 172.26.100.2 100 <–otherwise use route with higher metric
In this example, a route is installed when an address is NOT reachable..
Useful for backup routes, or automated turnups
ip sla 6
icmp-echo 8.8.8.8
timeout 500
frequency 3
ip sla schedule 6 life forever start-time now
track 101 ip sla 6 reachability
track 102 list boolean and
object 101 not
ip route 192.168.186.0 255.255.255.0 192.168.180.1 track 102
In this example, a route is installed when an address IS reachable.
ip sla 6
icmp-echo 8.8.8.8
timeout 500
frequency 3
ip sla schedule 6 life forever start-time now
track 101 ip sla 6 reachability
ip route 192.168.186.0 255.255.255.0 192.168.180.1 track 101
We’ve all had those oh-shit moments when changing an ip, duplex or making other changes and losing connection with a device that will end up costing someone a trip on site and possible downtime.
The best way I’ve found is to cover yourself with this command:
“reload in 5”
If everything goes according to plan, cancel the reload and write mem, but if not, you’ve minimized downtime.