int fa0/0
ip addr blah
ip nat outside
int fa0/1
ip addr blah
ip nat outside
ip nat poop ISP1 ISP1_Valid_range_here prefix-length blah
ip nat pool Cable Cable_Valid_range_here prefix-length blah
These uses below are allowed to use the NAT service.
access-list 1 permit 10.0.0.0 0.255.255.255
route-map ISP1 perm 10
match ip addr 1
match interface fa0/0
route-map Cable perm 10
match ip addr 1
match interfa fa0/1
******************************************************************
********
From: Question 64
Subject: Sample config of using VIC BRI interfaces as an ISDN switch.
Enter this under stupid router tricks (it's got to be more expensive than an ISDN
emulator, but not if you've got the parts lying around).
Switch: Cisco 2600 or 3600 with NM-2V and VIC-2BRI-S/T-TE (NT should work
too), IOS 12.1.5T9 R1, R2: Cisco with ISDN BRI S/T interface. IOS 12.x
R1 S/T crossover cable Switch S/T crossover R2
These configs let you do ISDN BRI dialup between two routers, using a third
router as an ISDN switch. Call setup is flakey but otherwise it seems to work once
the call is up.
Switch config, for ISDN dial (and X.25 over ISDN D-channel thrown in too)
isdn switch-type basic-net3
x25 routing

interface Loopback0
ip address 10.0.0.1 255.255.255.255
whatever
interface BRI1/0
description to R1
no ip address
isdn switch-type basic-net3
isdn overlap-receiving
isdn protocol-emulate network
isdn layer1-emulate network
isdn incoming-voice voice
isdn x25 dchannel
isdn skipsend-idverify
Basic X.25 over D channel, so you can run pad commands
For always on, see the Cisco docs
interface BRI1/0:0
no ip address
ip mtu 1514
no ip mroute-cache
x25 address 5552000
clns mtu 1514
interface BRI1/1
description to R2
no ip address
isdn switch-type basic-net3
isdn protocol-emulate network
isdn layer1-emulate network
isdn incoming-voice voice
isdn skipsend-idverify
interface BRI1/1:0

no ip address
ip mtu 1514
no ip mroute-cache
x25 address 5551000
clns mtu 1514
x25 route 5551111 interface BRI1/1:0
x25 route 5552222 interface BRI1/0:0
voice-port 1/0/0
voice-port 1/0/1
dial-peer voice 1 pots
incoming called-number 6045551111
destination-pattern 6045552222
direct-inward-dial
port 1/0/0
dial-peer voice 2 pots
incoming called-number 6045552222
destination-pattern 6045551111
direct-inward-dial
port 1/0/1
dial-peer voice 10 voip
destination-pattern 6045552222
session target ipv4:10.0.0.1
codec clear-channel
dial-peer voice 20 voip
destination-pattern 6045551111
session target ipv4:10.0.0.1
codec clear-channel
R1, R2 config (just reverse the 5551111/5552222 and 1.1.1.1/1.1.1.2)
isdn switch-type basic-net3
interface BRI0/0

ip address 1.1.1.1 255.255.255.0
encapsulation ppp
dialer string 6045552222 class DOV
dialer-group 1
isdn switch-type basic-net3
isdn incoming-voice data
isdn calling-number 6045551111
isdn x25 dchannel
interface BRI0/0:0
no ip address
ip mtu 1514
no ip mroute-cache
x25 address 5551111
map-class dialer DOV
dialer voice-call
dialer-list 1 protocol ip permit
******************************************************************
********
From: Question 65
Subject: What kind of memory does the 2500 use?
Parity. 70ns, 72-pin FPM w/ tin leads.
******************************************************************
********
From: Question 66
Subject: How do I make an Ethernet Cross-over cable?
Try this as a crossover cable.
1 to 3
2 to 6
3 to 1
6 to 2

4 to 7
5 to 8
7 to 4
8 to 5
Basically in a traditional cross-over, which is a 10 BaseT and a 100 BaseTX, you
are swapping the Green Pair with the Orange Pair, but not so commonly, you have
a 100 BaseT4 cross-over cable (which just happens to also be a 1000 BaseT cross-
over cable), not only do you swap over the Green and Orange Pair, but you also
swap over the Blue and Brown Pair.
The silly part is that in Cisco's Documentation, it show the schematic on a
traditional cross-over cable, but you will see the pin-outs of the 1000BaseT
Interface.

/hgcable.htm#xtocid42327
I have just made comment to Cisco About this.
******************************************************************
********
From: Question 67
Subject: How do I use NBAR to block NIMDA?
See:
> Here's my working config (with thanks to John Kaberna and Chris
> Martin) on a 2610 router:
>
>
> ip cef
>
> class-map match-any http-hacks
> match protocol http url "*default.ida*"
> match protocol http url "*x.ida*"
> match protocol http url "*.ida*"

> match protocol http url "*cmd.exe*"
> match protocol http url "*root.exe*"
> match protocol http url "*_vti_bin*"
> match protocol http url "*_mem_bin*"
> match protocol http mime "*readme.exe*"
> match protocol http mime "*readme.eml*"
>
> policy-map mark-inbound-http-hacks
> class http-hacks
> set ip dscp 1
>
> interface Serial0/0
> ip access-group 101 in
> service-policy input mark-inbound-http-hacks
>
> interface Ethernet0/0
> ip access-group 101 out
>
> access-list 101 deny ip any any dscp 1 log
> access-lst 101 permit ip any any
******************************************************************
********
From: Question 68
Subject: What is a FECN/BECN and does it mean anything?
First, when you use FR, it is not over a host to router connection. FR is going to be
router to ingress-FR-switch through cloud to egress-FR-switch to destination-
router. With that in mind, what you have to worry about with exceeding your CIR
is the ingress FR switch.
FECN and BECNs are different mechanisms which I will explain in a minute.
Let me explain the algorithm that FR switches use to police your bandwidth

usage. It is a token/credit system that is implemented on the *ingress* FR switch
(so the ingress switch is the traffic cop). Keep in mind that everything that I am
about to describe occurs entirely within the FR switch, so when I say that you are
given tokens to transmit, I mean that in the software of the FR switch these tokens
are kept track of, not that the FR switch transmits tokens to your router to use for
each frame. I'm going to start with a simple scenario in which you only have a
CIR and an EIR of 0. Anyway, every second (which is the default interval, or Tc
for those that want the real term) you get Bc tokens which is essentially permission
to transmit that many tokens worth of data over the time of that second.
Bc tokens decrement against the CIR, which is to say that Bc tokens are used to
regulate the CIR not the EIR (I will describe Be tokens later). At the end of the
second you are given more tokens for use during the next second. Every time the
FR switch receives data from the router, it subtracts tokens. What happens if you
run out of tokens is that every frame will be discarded until the next interval at
which point you get more tokens. If it receives a frame marked with a DE bit, it
should discard it automatically.
However, most people don't buy FR service with a EIR of zero. In this case where
you have a CIR and an EIR, the token credit system is a little more