[Cisco] VRF Management

เราสร้าง vrf management เพื่อใช้ management เช่น telnet หรือ copy config ไปยัง tftp ที่อยู่ภายใต้ vrf interface

conf t
ip tftp source-interface vlan 100
ip vrf management
  rd 1:1
interface vlan100
  description ## Management  ##
  ip vrf forwarding management
  ip address 192.168.1.1 255.255.255.0
exit
access-list 100 permit 192.168.1.0 0.0.0.255
line vty 0 4
  access-class 100 in vrf-also
end
#copy startup-config tftp://192.168.1.100

Transparent proxy with Squid and Cisco router

[Network Diagram]
[LAN:Client]<——>[Cisco Router]<——–>{Internet Clound}<——–>[Linux]
Loopback Interface: 10.10.255.4/32
LAN Interface: 10.10.255.128/26
Internet Interface: 10.10.210.150/30
Linux box: 10.10.175.36
Reference h**p://inetpro.org/wiki/Squid_WCCP
Configuration on Linux (Ubuntu 10.10 Server)
$ sudo apt-get install squid3
$ sudo vi /etc/squid3/squid.conf
http_port 3128 intercept
acl lan_client src 10.10.255.128/26
http_access allow lan_client
wccp2_router 10.10.210.150
wccp_version 4
wccp2_forwarding_method gre
wccp2_return_method gre
wccp2_assignment_method hash
wccp2_service standard 0 password=cisco
$ modprobe ip_gre
$ ip tunnel add wccp0 mode gre remote 10.10.255.4 local 10.10.175.36 dev eth0
$ ifconfig wccp0 1.1.1.1 netmask 255.255.255.255 up
$ sudo vi /etc/sysctl.conf
net.ipv4.conf.default.rp_filter=0
net.ipv4.conf.all.rp_filter=0
$sudo sysctl -p
IPTABLES Rules
$ sudo iptables -A INPUT -p udp -s 10.10.210.150 –dport 2048 -j ACCEPT
$ sudo iptables -A INPUT -p 47 -s 10.10.255.4 -j ACCEPT
$ sudo iptables -t nat -A PREROUTING -i wccp0 -p tcp –dport 80 -j REDIRECT –to-port 3128
$ sudo /etc/init.d/squid3 start
$ ip tunnel show
gre0: gre/ip  remote any  local any  ttl inherit  nopmtudisc
wccp0: gre/ip  remote 10.10.255.4  local 10.10.175.36  dev eth0  ttl inherit
$ ifconfig wccp0
wccp0     Link encap:UNSPEC  HWaddr 3D-5A-AF-24-00-00-88-E0-00-00-00-00-00-00-00-00
inet addr:1.1.1.1  P-t-P:1.1.1.1  Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP  MTU:1476  Metric:1
RX packets:1744 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:272018 (272.0 KB)  TX bytes:0 (0.0 B)
$ sudo tail -f /var/log/squid3/cache.log
$ sudo tail -f /var/log/squid3/access.log
#==============================================
Configuration on Cisco Router
#sh ver
Cisco IOS Software, 3800 Software (C3825-ADVIPSERVICESK9-M), Version 12.4(10), RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2006 by Cisco Systems, Inc.
Compiled Wed 16-Aug-06 05:13 by prod_rel_team
conf t
ip wccp web-cache version 2
ip wccp web-cache redirect-list wccp_client password cisco
ip access-list standard wccp
permit 10.10.255.131
interface loopback0
ip address 10.10.255.4 255.255.255.255
interface x/y
desc ## LAN ##
ip address 10.10.255.129 255.255.255.192
ip wccp web-cache redirect in
interface x/y
desc ## Internet ##
ip address 10.10.210.150 255.255.255.252
#sh ip wccp web-cache
Global WCCP information:
Router information:
Router Identifier:                   10.10.255.4
Protocol Version:                    2.0
Service Identifier: web-cache
Number of Service Group Clients:     1
Number of Service Group Routers:     1
Total Packets s/w Redirected:        2176
Process:                           3
Fast:                              0
CEF:                               2173
Redirect access-list:                wccp_client
Total Packets Denied Redirect:       648454
Total Packets Unassigned:            0
Group access-list:                   -none-
Total Messages Denied to Group:      0
Total Authentication failures:       0
Total Bypassed Packets Received:     0
#sh ip wccp web-cache detail
WCCP Client information:
WCCP Client ID:          10.10.175.36
Protocol Version:        2.0
State:                   Usable
Initial Hash Info:       00000000000000000000000000000000
00000000000000000000000000000000
Assigned Hash Info:      FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
Hash Allotment:          256 (100.00%)
Packets s/w Redirected:  2176
Connect Time:            01:11:08
Bypassed Packets
Process:               0
Fast:                  0
CEF:                   0

[Cisco] Catalyst6500 High CPU from Virtual Exec

คุณเคยประสบปัญหา High CPU บน Catalyst6500 แล้ว Show process cpu พบว่า process Virtual Exec มีการใช้งาน CPU สูง อาจจะเกิดจากการใช้คำสั่ง  show running  แล้วขนาดของ config และ จำนวน interfaces ที่ค่อนข้่างมาก

วิธีนี้ช่วยคุณได้

conf t

! Enable parser cache, Default is enabled

6500(config)#parser cache

6500(config)#parser config cache interface

6500#show running   <– ในการใช้คำสั่งครั้งแรกจะช้า ครับแต่ว่าครั้งต่อไปจะเร็วขึ้น

ลองดูครับ