cisco ios

Stateful NAT (SNAT)

Posted on April 8, 2011. Filed under: cisco ios | Tags: , |

Nice feature for maintaining stateful NAT sessions between two border routers.

Communication is established between two or more routers via TCP, session information is shared.

ISP2#sh ip snat distributed
Stateful NAT Connected Peers
SNAT: Mode BACKUP    : State READY    : Local Address 10.0.0.3    : Local NAT id 2    : Peer Address 10.0.0.2    : Peer NAT id 1    : Mapping List 10

ISP2#sh ip snat peer 10.0.0.2
Show NAT Entries created by peer: 10.0.0.2
Pro Inside global      Inside local       Outside local      Outside globalicmp 10.0.0.15:2       192.168.1.254:2    10.0.0.1:2         10.0.0.1:2

!
ip nat Stateful id 1
primary 10.0.0.2
peer 10.0.0.3
mapping-id 10
ip nat pool nat-pool 10.0.0.15 10.0.0.20 netmask 255.255.255.0
ip nat inside source route-map nat-rm pool nat-pool mapping-id 10 overload
Read Full Post | Make a Comment ( None so far )

Hostname X is not a legal LAT node name

Posted on August 23, 2010. Filed under: cisco ios, Uncategorized | Tags: |

Interesting error message occurred when changing host name on a Cisco router, 1841:

old-router-name-is-here(config)#hostname my-new-router-name-here
% Hostname "MY-NEW-ROUTER-          " is not a legal LAT node name, Using "CISCO_CADD00"
my-new-router-(config)#

If the host name being configured is longer than sixteen characters the router will advise that it will use a new host name, however the configuration will still display the one that you intended to use.

Read Full Post | Make a Comment ( None so far )

IOS Object Groups

Posted on August 18, 2010. Filed under: cisco ios | Tags: , |

The feature is first available in IOS version 12.4.20T, more information can be found here http://www.cisco.com/en/US/docs/ios/sec_data_plane/configuration/guide/sec_object_group_acl.html

Simplifies ACL configuration (and QoS, or other features), by grouping networks or services, e.g.

permit tcp object-group source-networks host 10.1.1.1 eq www 8080
!
object-group network source-networks
 host 10.1.99.1
 network 192.168.1.0 /24
 range 172.16.1.1 172.16.1.5

Object-groups can also be used to group services (protocols), e.g.

permit tcp object-group service-ip-telephony object-group source-networks host 10.1.1.1 eq www 8080
!
object-group service service-ip-telephony
permit udp eq tftp
permit tcp eq www 2000
Read Full Post | Make a Comment ( None so far )

Liked it here?
Why not try sites on the blogroll...