kron occurrence BACKUP in 24:00 recurring
policy-list Daily
!
kron policy-list Daily
cli show run | redirect tftp://172.16.0.1/Current_UC_Backup.conf
or…………
kron occurrence wBackup in 7:0:0 recurring
policy-list Daily
!
kron policy-list Daily
cli copy running-config flash:backupconfig.cfg
New York:
crypto isakmp key pr3sh4r3dk3y! address 2.2.2.2 no-xauth
crypto ipsec transform-set GRE esp-des esp-md5-hmac
mode transport
!
crypto ipsec profile GRE_Tunnel
set transform-set GRE
interface Tunnel1
description GRE to Miami
ip address 192.168.1.1 255.255.255.0
delay 100
tunnel path-mtu-discovery
tunnel source GigabitEthernet0/1
tunnel destination 2.2.2.2
tunnel protection ipsec profile GRE_Tunnel
interface GigabitEthernet0/1
ip address 1.1.1.1 255.255.255.252
Miami:
crypto isakmp key pr3sh4r3dk3y! address 1.1.1.1 no-xauth
crypto ipsec transform-set GRE esp-des esp-md5-hmac
mode transport
!
crypto ipsec profile GRE_Tunnel
set transform-set GRE
interface GigabitEthernet0/1
ip address 2.2.2.2 255.255.255.252
interface Tunnel1
description GRE to New York
ip address 192.168.1.2 255.255.255.0
delay 100
tunnel path-mtu-discovery
tunnel source GigabitEthernet0/1
tunnel destination 1.1.1.1
tunnel protection ipsec profile GRE_Tunnel
image naming convention:
w7 = autonomous
w8 = lwapp
To downgrade LWAPP to autonomous
================================
1. plug a tftp server directly into AP
2. download latest c1140-k9w7.. rename to c1140-k9w7-tar.default
3. configure tftp server to 10.0.0.10/24
4. hold down mode button until red
5. AP will grab image and boot to autonomous
To upgrade autonomous to LWAPP
=================================
Pre 12.2 code – use upgrade utility
Newer APS:
1. Download latest LWAPP image from cisco website
2. Put laptop running tftp and access point on same network
3. Run the command below
AP# archive download-sw /overwrite /reload tftp://10.222.0.74/c1140-k9w8-tar.152-2.JB.tar
router eigrp 100
network 192.168.16.0
no auto-summary
router bgp 65001
neighbor 1.187.15.17 remote-as 32880
maximum-paths 2
!
address-family ipv4
redistribute eigrp 100 route-map EIGRP_to_BGP
route-map EIGRP_to_BGP deny 10 <–routes not to advertise
match ip address 10
match route-type internal
route-map EIGRP_TO_BGP permit 20 <– allow all other redistribution
access-list 10 permit 10.99.99.0 0.0.0.255
sla monitor 10
type echo protocol ipIcmpEcho 8.8.8.8 interface outside
num-packets 3
timeout 1000
frequency 3
sla monitor schedule 10 life forever start-time now
track 1 rtr 10 reachability
route outside 0.0.0.0 0.0.0.0 24.176.24.1 1 track 1
route backupisp 0.0.0.0 0.0.0.0 70.69.131.1 254
This example will redistribute vpn traffic into your eigrp network.
1. Turn on reverse route for your crypto maps
crypto dynamic-map Outside_dyn_map 20 set reverse-route <– for a remote access VPN
crypto map Outside_map 1 set reverse-route <– for a L2L tunnel
2. Make route map and define traffic
access-list VPN-Redistribute standard permit 10.222.222.0 255.255.255.128 <– VPN traffic
route-map Redistribute permit 5
match ip address VPN-Redistribute
3. Define eigrp process, including your inside network
router eigrp 10
network 10.254.254.0 255.255.255.224
redistribute static route-map Redistribute
track 10 ip sla 10 reachability
delay down 5 up 5
ip sla 10
icmp-echo 8.8.8.8 source-interface GigabitEthernet0/0.100
threshold 30
timeout 3000
frequency 3
ip sla schedule 10 life forever start-time now
ip sla logging traps
ip route 0.0.0.0 0.0.0.0 192.168.100.252 track 10 <–install only when sla 10=true
ip route 0.0.0.0 0.0.0.0 172.26.100.2 100 <–otherwise use route with higher metric
In CUCM, sip redundancy is provided by either route groups/route lists or srv records.
The only method for sip redundancy on CME systems are srv records.
==================================
ip host losangeles.domain.com 216.82.225.202
ip host newyork.domain.com 216.82.224.202
ip host _sip._udp.sipgroup.domain.com srv 1 50 5060 losangeles.domain.com
ip host _sip._udp.sipgroup.domain.com srv 2 50 5060 newyork.domain.com
ip domain lookup
ip name-server 10.3.0.1
ip domain name domain.com
sip-ua
sip-server dns:sipgroup.domain.com
================================
This example will use los angeles all the time unless unreachable, then use new york,
If I were to set both priorities to 1, they would load balance. The 50 is weight, so you could set 60/40 or whatever..
In this example, a route is installed when an address is NOT reachable..
Useful for backup routes, or automated turnups
ip sla 6
icmp-echo 8.8.8.8
timeout 500
frequency 3
ip sla schedule 6 life forever start-time now
track 101 ip sla 6 reachability
track 102 list boolean and
object 101 not
ip route 192.168.186.0 255.255.255.0 192.168.180.1 track 102
In this example, a route is installed when an address IS reachable.
ip sla 6
icmp-echo 8.8.8.8
timeout 500
frequency 3
ip sla schedule 6 life forever start-time now
track 101 ip sla 6 reachability
ip route 192.168.186.0 255.255.255.0 192.168.180.1 track 101
If you do not have vCenter and you want to be able to collect performance stats past 1 hour, this option is greyed out in the vSphere client, however turning this on is pretty easy:
