New York:

crypto isakmp key pr3sh4r3dk3y! address 2.2.2.2 no-xauth

crypto ipsec transform-set GRE esp-des esp-md5-hmac
mode transport
!
crypto ipsec profile GRE_Tunnel
set transform-set GRE

interface Tunnel1
description GRE to Miami
ip address 192.168.1.1 255.255.255.0
delay 100
tunnel path-mtu-discovery
tunnel source GigabitEthernet0/1
tunnel destination 2.2.2.2
tunnel protection ipsec profile GRE_Tunnel

interface GigabitEthernet0/1
ip address 1.1.1.1 255.255.255.252

Miami:

crypto isakmp key pr3sh4r3dk3y! address 1.1.1.1 no-xauth

crypto ipsec transform-set GRE esp-des esp-md5-hmac
mode transport
!
crypto ipsec profile GRE_Tunnel
set transform-set GRE

interface GigabitEthernet0/1
ip address 2.2.2.2 255.255.255.252

interface Tunnel1
description GRE to New York
ip address 192.168.1.2 255.255.255.0
delay 100
tunnel path-mtu-discovery
tunnel source GigabitEthernet0/1
tunnel destination 1.1.1.1
tunnel protection ipsec profile GRE_Tunnel

image naming convention:
w7 = autonomous
w8 = lwapp

To downgrade LWAPP to autonomous
================================
1. plug a tftp server directly into AP
2. download latest c1140-k9w7.. rename to c1140-k9w7-tar.default
3. configure tftp server to 10.0.0.10/24
4. hold down mode button until red
5. AP will grab image and boot to autonomous

To upgrade autonomous to LWAPP
=================================
Pre 12.2 code – use upgrade utility

Newer APS:

1. Download latest LWAPP image from cisco website
2. Put laptop running tftp and access point on same network
3. Run the command below

AP# archive download-sw /overwrite /reload tftp://10.222.0.74/c1140-k9w8-tar.152-2.JB.tar

router eigrp 100
network 192.168.16.0
no auto-summary

router bgp 65001
neighbor 1.187.15.17 remote-as 32880
maximum-paths 2
!
address-family ipv4
redistribute eigrp 100 route-map EIGRP_to_BGP

route-map EIGRP_to_BGP deny 10  <–routes not to advertise
match ip address 10
match route-type internal

route-map EIGRP_TO_BGP permit 20 <– allow all other redistribution

access-list 10 permit 10.99.99.0 0.0.0.255

sla monitor 10
type echo protocol ipIcmpEcho 8.8.8.8 interface outside
num-packets 3
timeout 1000
frequency 3
sla monitor schedule 10 life forever start-time now
track 1 rtr 10 reachability

route outside 0.0.0.0 0.0.0.0 24.176.24.1 1 track 1
route backupisp 0.0.0.0 0.0.0.0 70.69.131.1 254

This example will redistribute vpn traffic into your eigrp network.

1. Turn on reverse route for your crypto maps

crypto dynamic-map Outside_dyn_map 20 set reverse-route <– for a remote access VPN
crypto map Outside_map 1 set reverse-route  <– for a L2L tunnel

2. Make route map and define traffic

access-list VPN-Redistribute standard permit 10.222.222.0 255.255.255.128  <– VPN traffic
route-map Redistribute permit 5
match ip address VPN-Redistribute

3. Define eigrp process, including your inside network

router eigrp 10
network 10.254.254.0 255.255.255.224
redistribute static route-map Redistribute

track 10 ip sla 10 reachability
delay down 5 up 5

ip sla 10
icmp-echo 8.8.8.8 source-interface GigabitEthernet0/0.100
threshold 30
timeout 3000
frequency 3
ip sla schedule 10 life forever start-time now
ip sla logging traps

ip route 0.0.0.0 0.0.0.0 192.168.100.252 track 10   <–install only when sla 10=true
ip route 0.0.0.0 0.0.0.0 172.26.100.2 100   <–otherwise use route with higher metric

In CUCM, sip redundancy is provided by either route groups/route lists or srv records.
The only method for sip redundancy on CME systems are srv records.

==================================
ip host losangeles.domain.com 216.82.225.202
ip host newyork.domain.com 216.82.224.202

ip host _sip._udp.sipgroup.domain.com srv 1 50 5060 losangeles.domain.com
ip host _sip._udp.sipgroup.domain.com srv 2 50 5060 newyork.domain.com

ip domain lookup
ip name-server 10.3.0.1
ip domain name domain.com

sip-ua
sip-server dns:sipgroup.domain.com
================================

This example will use los angeles all the time unless unreachable, then use new york,
If I were to set both priorities to 1, they would load balance. The 50 is weight, so you could set 60/40 or whatever..

In this example, a route is installed when an address is NOT reachable..
Useful for backup routes, or automated turnups

ip sla 6
icmp-echo 8.8.8.8
timeout 500
frequency 3
ip sla schedule 6 life forever start-time now

track 101 ip sla 6 reachability
track 102 list boolean and
object 101 not

ip route 192.168.186.0 255.255.255.0 192.168.180.1 track 102

In this example, a route is installed when an address IS reachable.
ip sla 6
icmp-echo 8.8.8.8
timeout 500
frequency 3
ip sla schedule 6 life forever start-time now

track 101 ip sla 6 reachability

ip route 192.168.186.0 255.255.255.0 192.168.180.1 track 101

If you do not have vCenter and you want to be able to collect performance stats past 1 hour, this option is greyed out in the vSphere client, however turning this on is pretty easy:

  1. SSH to the host
  2. Open the file “vi /etc/vmware/hostd/config.xml”
  3. Find the <historicalStatsEnabled> tag under <statssvc> and make this true
  4. Run “services.sh restart”

cpu-pastday

mem-pastday

 

We’ve all had those oh-shit moments when changing an ip, duplex or making other changes and losing connection with a device that will end up costing someone a trip on site and possible downtime.

The best way I’ve found is to cover yourself with this command:

reloadin5

If everything goes according to plan, cancel the reload and write mem, but if not, you’ve minimized downtime.

Kitty has an option to send a script file, which issues commands all at once. This is helpful when changing internet connections remotely. If  you were to copy and pasted the configuration, it would stop where the ip changed but before the correct default route was put in for instance.

kittyscript