- Is it a mutual authentication or only one side is authenticating?
- Clear text or scrambled password in running config:
- username R1 password 0 test
- no service password-encryption
- VTY and Console line authentication
- aaa authentication login default line none
- none required if no password is set on console
- AAA settings
- aaa authentication ppp default group radius local-case
CCIE Memo
Sunday, 6 October 2013
PPP Authentication
Sunday, 28 July 2013
IPv6 Multicast Routing with BSR
R1(config)#ipv6 routing
R1(config)#ipv6 pim bsr candidate rp <IPv6 Address>
R1(config)#ipv6 pim bsr candidate bsr <IPv6 Address> priority X
BSR and RP can't be on a single router.
R1(config)#ipv6 pim bsr candidate rp <IPv6 Address>
R1(config)#ipv6 pim bsr candidate bsr <IPv6 Address> priority X
BSR and RP can't be on a single router.
Saturday, 29 June 2013
IP Addressing in Mars!
Got this few days ago in a test lab:
*Mar 1 00:10:50.423: %BGP-6-NEXTHOP: Invalid next hop (254.192.2.52) received from FEC0:234::4: martian next hop
it seems Class E was reserved to be used on Mars, always knew we are not alone!
*Mar 1 00:10:50.423: %BGP-6-NEXTHOP: Invalid next hop (254.192.2.52) received from FEC0:234::4: martian next hop
it seems Class E was reserved to be used on Mars, always knew we are not alone!
Monday, 27 May 2013
Saturday, 11 May 2013
Full Packet Dump
R1#debug ip packet detail <ACL#> dump
dump is a hidden option.
dump is a hidden option.
Monday, 25 March 2013
OSPF Downward Option
PE1 router advertises intra area routes int MP-BGP. other PE2 redistributes the MP-BGP routes into OSPF as LSA type 3 (Summary address) as MPLS backbone acts as an OSPF superbackbone.
PE2 sets the Down bit on those routes to avoid routing loops in scenarios which a site is dual homed to the service provider network.
If a router receives a Type 3 LSA with its Down bit set on an interface that belongs to a VRF, it drops the LSA. In cases which the site is not dual home this loop prevention mechanism is undesirable.
To disable this behaviour the following command can be used under router ospf, which no longer perform PE specific checks:
R1(config-router)# capability vrf-lite
If the router doesn't support that command, different OSPF domain-ids should be set on the PE routers, which in turn changes the route types to External(LSA Type 5) instead of Summary (LSA Type3).
PE2 sets the Down bit on those routes to avoid routing loops in scenarios which a site is dual homed to the service provider network.
If a router receives a Type 3 LSA with its Down bit set on an interface that belongs to a VRF, it drops the LSA. In cases which the site is not dual home this loop prevention mechanism is undesirable.
To disable this behaviour the following command can be used under router ospf, which no longer perform PE specific checks:
R1(config-router)# capability vrf-lite
If the router doesn't support that command, different OSPF domain-ids should be set on the PE routers, which in turn changes the route types to External(LSA Type 5) instead of Summary (LSA Type3).
Saturday, 16 March 2013
max-reserved-bandwidth
To change the percent of interface bandwidth allocated for Resource Reservation Protocol (RSVP), class-based weighted fair queueing (CBWFQ), low latency queueing (LLQ), IP RTP Priority, Frame Relay IP RTP Priority, Frame Relay PVC Interface Priority Queueing (PIPQ), or hierarchical queueing framework (HQF), use the max-reserved bandwidth command in interface configuration mode.
http://www.cisco.com/en/US/docs/ios/qos/command/reference/qos_m1.html#wp1054626
http://www.cisco.com/en/US/docs/ios/qos/command/reference/qos_m1.html#wp1054626
Subscribe to:
Posts (Atom)