[c-nsp] time setting / dns and secure vertual ip
Peter Rathlev
peter at rathlev.dk
Thu Oct 23 16:20:04 EDT 2008
Hi Adrian,
On Thu, 2008-10-23 at 19:10 +0800, adrian kok wrote:
> how can I set up the clock / dns and virtual ip
> following is my setting the clock. now it is 11:20.
> but it shows 15:01
>
> router#show clock
> *15:00:16.743 UTC Wed Oct 22 2008
>
> router#calendar set 11:20:00 22 Oct 2008
> router#show clock
> *15:01:38.215 UTC Wed Oct 22 2008
The "calendar set" command manages the hardware clock of the device. Use
"show calendar" to see what the hardware clock is right now.
Use "clock read-calendar" to copy the time from the hardware clock to
the software clock, which will make "show clock" display what you
expect.
Think of using NTP if you use the clock for anything serious.
> 2/ how can I set up the dns? I can't get the command!
If you need to make the router do DNS resolving, you can use "ip
name-server A.B.C.D" combined with "ip domain-lookup". Consider the
implications though.
> 3/ how can I secure the vertual ip for farm in 6513?
> When I set up it, that ip should be accessed from
> outside by telnet?
>
> If I have many virtual ips in farm setting, what is
> easy way to do it?
Assuming you mean how to make sure administration via telnet/SSH is only
allowed from certain sources, you could use an "access-class" statement
on your VTY lines:
access-list 10 permit 10.0.0.0 0.0.0.255
!
line vty 0 15
access-class 10 in
!
This would permit 10.0.0.0/24, refusing everyone else with TCP RST.
Regards,
Peter
More information about the cisco-nsp
mailing list