R1(config)#int s1/0
R1(config-if)#frame-relay in
R1(config-if)#encapsulation frame-relay intf-type dce
R1(config-if)#clock rate <speed>
R1(config-if)#frame-relay route <pvc-number-1> interface s2/0 <pvc-number-2>
Saturday, 22 December 2012
Saturday, 15 December 2012
OSPF Network Types Summary
Interface Type | uses DR/BDR? | Dynamic Neighbour Discovery | Default Hello Interval | Cisco Priprietary |
broadcast | Yes | Yes | 10 | Yes |
nonbroadcast | Yes | No | 30 | No |
point-to-point | No | Yes | 10 | Yes |
Loopback | No | - | - | Yes |
point-to-multipoint | No | Yes | 30 | No |
point-to-multipoint nonbroadcast | No | No | 30 | Yes |
OSPF Frame-Relay Point-to-multipoint Host Routes
OSPF automatically adds a host(/32) route for neighbours on point to multipoint network. somehow serves as dlci map command.
R1:
router ospf 1
log-adjacency-changes
network 192.168.0.0 0.0.0.255 area 0
interface Serial1/0.1 multipoint
ip address 192.168.0.1 255.255.255.0
ip ospf network point-to-multipoint
frame-relay interface-dlci 101
frame-relay interface-dlci 102
frame-relay interface-dlci 103
show ip route:
1.0.0.0/32 is subnetted, 1 subnets
O 1.1.1.2 [110/65] via 192.168.0.2, 00:09:13, Serial1/0.1
20.0.0.0/24 is subnetted, 1 subnets
O 20.20.20.0 [110/65] via 192.168.0.2, 00:09:13, Serial1/0.1
192.168.0.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.0.0/24 is directly connected, Serial1/0.1
O 192.168.0.2/32 [110/64] via 192.168.0.2, 00:09:13, Serial1/0.1
Order of Operation for an Interface
NAT in -> out NAT out -> in
1 decryption decryption
2 input acl input acl
3 input policing input policing
4 input accounting input accounting
5 PBR NAT G-L
6 redirect PBR
7 NAT L->G redirect
8 crypto map crypto map
9 output acl output acl
10 IOS FW IOS FW
11 tcp intercept tcp intercept
12 encryption encryption
13 queuing queuing
CCNP TSHOOT-640-832 Official Certification Guide - Chapter 10
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080133ddd.shtml
1 decryption decryption
2 input acl input acl
3 input policing input policing
4 input accounting input accounting
5 PBR NAT G-L
6 redirect PBR
7 NAT L->G redirect
8 crypto map crypto map
9 output acl output acl
10 IOS FW IOS FW
11 tcp intercept tcp intercept
12 encryption encryption
13 queuing queuing
CCNP TSHOOT-640-832 Official Certification Guide - Chapter 10
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080133ddd.shtml
Wednesday, 12 December 2012
Multicast Source Discovery Protocol (MSDP)
- Anycast RP
- load balancing between RPs
- faster recovery after RP failure (IGP convergence time)
- Inter-domain Multicast Routing
- send Source Active (SA) messages over TCP every 60s
- configuration: ip msdp peer <peer-address>
PIM Modes
Protocol Independent Multicast - Dense Mode (PIM-DM): uses Source Tree / Shared Path Tree (SPT)
Protocol Independent Multicast - Sparse Mode (PIM-SM): uses Shared Tree / Root Path Tree (RPT)
Protocol Independent Multicast - Sparse Mode (PIM-SM): uses Shared Tree / Root Path Tree (RPT)
Source Specific Multicast Address Ranges
IPv4: 232.0.0.0/8
IPv6: FF3x::/32
http://tools.ietf.org/html/rfc4607
http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6552/ps6594/product_data_sheet0900aecd80320fb8.pdf
IPv6: FF3x::/32
http://tools.ietf.org/html/rfc4607
http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6552/ps6594/product_data_sheet0900aecd80320fb8.pdf
Telnet and SSH from Different VRF
telnet >ip-address> /vrf <vrf-name>
ssh -l <username> -vrf <vrf-name> <ip-host>
https://supportforums.cisco.com/thread/247590
http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/50sg/configuration/guide/vrf.html#wp1082389
ssh -l <username> -vrf <vrf-name> <ip-host>
https://supportforums.cisco.com/thread/247590
http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/50sg/configuration/guide/vrf.html#wp1082389
VRF Definition in IPv6 (Multiprotocol VRF)
vrf definition [vrf-name]
creates a multiprotocol VRF for both IPv4 and IPv6
http://www.cisco.com/en/US/docs/ios/mpls/configuration/guide/mp_vpn_ipv4_ipv6.html
creates a multiprotocol VRF for both IPv4 and IPv6
http://www.cisco.com/en/US/docs/ios/mpls/configuration/guide/mp_vpn_ipv4_ipv6.html
Sunday, 9 December 2012
VTP Advertisements
VTP advertisements can occur in three forms:
- Summary advertisement
- every 5 minutes
- information included
- VTP version
- domain name
- configuration revision number
- time stamp
- MD5 encryption hash code
- number of subset advertisements to follow
- Subset advertisement
- sent after VLAN configuration changed.
- information included:
- VTP version
- Subset sequence number
- domain name
- configuration revision number
- VLAN info field
- Advertisement requests from clients
- VTP client can request the VLAN information it lacks.
CCNP SWITCH 642-813 I\Official Certification Guide
Interoperability between Classic Spanning Tree Protocol (802.1D) and Rapid Spanning Tree (802.1w)
- Inherent fast convergence benefit of 802.1w are lost when it interacts with legacy bridges.
- Each port maintains a variable that defines the protocol to run on that segment.
- A migration delay timer of three seconds starts when the port comes up.
- Migration delay timer resets if port changes its mode of operation.
- Classic 802.1D timers (forward delay and max_age) are only used as backup and should not be necessary if point-to-point links and edge ports are properly identified and set by the administrator.
http://www.cisco.com/en/US/tech/tk389/tk621/technologies_white_paper09186a0080094cfa.shtml
RSVP Maximum Reservable Bandwidth
By default %75 of the bandwidth available on the interface is reservable for RSVP.
To change that max-reserved bandwidth command can be used.
To change that max-reserved bandwidth command can be used.
Saturday, 8 December 2012
QoS Requirements of Data
- Best-effort data
- DSCP 0
- adequate bandwidth, reserve at least %25 of bandwidth
- Bulk data:
- DSCP AF11; excess AF12 or AF13
- moderate bandwidth guarantee but constrained
- Transactional / Interactive data:
- DSCP AF21; excess AF22 or AF23
- adequate bandwidth
- Locally defined mission-critical data:
- AF31; excess AF32 or AF33
- adequate bandwidth
End -to-End QoS Network Design - Chapter 2
NBAR Restrictions
NBAR doesn't support the following:
- Non-IP traffic
- Multicast and other non-CEF switching modes
- Asymmetric flows with stateful protocols
- Packets that are originated from or that are destined to the router running NBAR
- Pipelined persistent HTTP requests.
- URL/host/MIME classification with secure HTTP.
- MPLS labelled packets.
- Fragmented packets
- following interfaces:
- Fast EtherChannel
- Interfaces where tunnelling or encryption is used
- ...
BGP Backdoor
Can be used to favour IGP routes instead of eBGP routes when both exist in the routing table as the default AD for eBGP route is lower than any IGP route.
network <network address> backdoor
The specified network address is treated as a local entry, but not advertised as a normal network entry.
http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800c95bb.shtml#bgpbackdoor
network <network address> backdoor
The specified network address is treated as a local entry, but not advertised as a normal network entry.
http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800c95bb.shtml#bgpbackdoor
Sunday, 2 December 2012
Disable PIM-SM Switchover to SPT
ip pim [vrf vrf-name] spt-threshold {kbps | infinity} [group-list access-list]
infinity: Causes all sources for the specified group to use the shared tree.
http://www.cisco.com/en/US/docs/ios/ipmulti/command/reference/imc_04.html#wp1049494
infinity: Causes all sources for the specified group to use the shared tree.
SSH v2 Minimum Key Size
For SSH Version 2, the modulus size must be at least 768 bits.
http://www.cisco.com/en/US/docs/ios/12_3t/12_3t4/feature/guide/gt_ssh2.html#wp1055056
http://www.cisco.com/en/US/docs/ios/12_3t/12_3t4/feature/guide/gt_ssh2.html#wp1055056
TACACS Summary
- Authentication and Authorisation are done at different stages
- TCP port 49
- Encrypt the entire payload
- Cisco proprietary
SNMPv3 Encryption Algorithms
In the AES and 3-DES Encryption Support for SNMP Version 3 feature the Cipher Block Chaining/Data Encryption Standard (CBC-DES) is the privacy protocol. Originally only DES was supported (as per RFC 3414). This feature adds support for AES-128 (as per RFC 3826) and AES-192, AES-256 and 3-DES
http://www.cisco.com/en/US/docs/ios/12_4t/12_4t2/snmpv3ae.html#wp1053786
http://www.cisco.com/en/US/docs/ios/12_4t/12_4t2/snmpv3ae.html#wp1053786
Access List Entry log and log-input
The log and log-input options apply to an individual ACE and cause packets that match the ACE to be logged. The log-input option enables logging of the ingress interface and source MAC address in addition to the packet's source and destination IP addresses and ports.
http://www.cisco.com/web/about/security/intelligence/acl-logging.html#2
http://www.cisco.com/web/about/security/intelligence/acl-logging.html#2
IP Source Guard and DHCP Snooping with Option 82
When IP source guard is enabled in IP and MAC filtering mode, the DHCP snooping option 82 must be enabled to ensure that the DHCP protocol works properly. Without option 82 data, the switch cannot locate the client host port to forward the DHCP server reply. Instead, the DHCP server reply is dropped, and the client cannot obtain an IP address.
http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/31sga/configuration/guide/dhcp.html#wp1083306
https://supportforums.cisco.com/thread/145470
http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/31sga/configuration/guide/dhcp.html#wp1083306
https://supportforums.cisco.com/thread/145470
Saturday, 1 December 2012
port-filter Class-map Type
You can apply the port-filter policy feature to the control-plane host subinterface to block traffic destined to closed or nonlistened TCP/UDP ports.
Closed-ports—Matches automatically on all closed-ports on the router.
show control-plane host open-ports
http://www.cisco.com/en/US/docs/ios/12_4t/12_4t4/htcpp.html#wp1109374
Closed-ports—Matches automatically on all closed-ports on the router.
show control-plane host open-ports
http://www.cisco.com/en/US/docs/ios/12_4t/12_4t4/htcpp.html#wp1109374
Hash Value Generation for Access Control Entry
ip access-list logging hash-generation
Cisco IOS routers generate syslog entries for log-enabled ACEs. The system appends a tag (either a user-defined cookie or a router-generated MD5 hash value) to ACE syslog entries. This tag uniquely identifies the ACE, within an access control list (ACL), that generated the syslog entry.
http://www.cisco.com/en/US/docs/ios/security/command/reference/sec_i1.html#wp1042763
Cisco IOS routers generate syslog entries for log-enabled ACEs. The system appends a tag (either a user-defined cookie or a router-generated MD5 hash value) to ACE syslog entries. This tag uniquely identifies the ACE, within an access control list (ACL), that generated the syslog entry.
http://www.cisco.com/en/US/docs/ios/security/command/reference/sec_i1.html#wp1042763
Sunday, 18 November 2012
IPv6 Redistribute with include-connected
For IPv6 whether or not connected links are included in redistribution is up to you at the time of configuration.
http://blog.ine.com/2008/01/15/understanding-how-redistribution-works-in-ipv6/
http://blog.ine.com/2008/01/15/understanding-how-redistribution-works-in-ipv6/
Differences between OSPFv3 and OSPFv2
- Configured using interface command
- Advertising multiple networks on an interface
- OSPFv3 RID must be set
- Flooding scope (link-local, area, AS)
- Multiple instance per link
- Source packets from link-local address (except virtual link)
- Authentication using AH / ESP
- New LSA Types:
- Intra-Area Prefix LSA (Type 9)
- Link LSA (Type 8)
- Router LSA can be split across multiple LSAs; Link State ID in LSA header is a fragment ID
IPv6 and IPv4 QoS Differences
Differences:
- There is no equivalent for match ip rtp in IPv6
- IPv6 access lists cannot be numbered
Differences between EIGRP for IPv4 and IPv6
- Configured on interface
- Must no shut the routing process
- 32-bit router ID
- Passive interface
- Route filtering: only distribute-list prefix-list
- Automatic summarisation
- Cisco IOS support: 12.4(6)T
- No auto-summary, as there is no classful concept anymore
CCIE Routing and Switching Certification Guide (4th edition)
Saturday, 17 November 2012
IPv6 Neighbour Discovery Lifetime
The value indicates the usefulness of the router as a default router on this interface.Setting the value to 0 indicates that the router should not be considered a default router on this interface.
ipv6 nd ra lifetime superseded the old ipv6 nd ra-lifetime interface command.
ipv6 nd ra lifetime superseded the old ipv6 nd ra-lifetime interface command.
Etherchannel Mode On and Spanning Tree Loop
A common issue during EtherChannel configuration is that the interfaces go into err-disable mode. This can be seen when Etherchannel is switched to the ON mode in one switch, and the other switch is not configured immediately. If left in this state for a minute or so, STP on the switch where EtherChannel is enabled thinks there is a loop. This causes the channeling ports to be put in err-disable state.
n order to resolve the issue, set the channel mode to desirable on both sides of the connection, and then re-enable the interfaces.
http://www.cisco.com/en/US/tech/tk389/tk213/technologies_configuration_example09186a0080094647.shtml
n order to resolve the issue, set the channel mode to desirable on both sides of the connection, and then re-enable the interfaces.
http://www.cisco.com/en/US/tech/tk389/tk213/technologies_configuration_example09186a0080094647.shtml
Thursday, 15 November 2012
When RSTP flushes CAM table?
- When transitioning from discarding to forwarding
- Upon receiving a topology change notification (TCN)
BPDU Guard
- Prevents a switch to be added to a port by mistake
- If any BPDU is received port will be put in err-disable
- Used with portfast ports
- Can't be used with root guard
- Blocks the whole port
Switch(config)# spanning-tree portfast bpduguard default
Switch(config-if)# spanning-tree bpdugard enable
MST Configuration
For MST to work between two switches the following has to be the same:
- Name
- Revision Number
- Instance to VLAN Mapping
Switch(config)# spanning-tree mode mst
Switch(config)# spanning-tree mst configuration
Switch(config-mst)# name <instance-name>
Switch(config-mst)# revision <revision-number>
Switch(config-mst)# instance <instance-id> vlan <vlan-list>
Switch(config)# spanning-tree mst <instance-id> root [primary | secondary] diameter <diameter>
Switch(config)# spanning-tree mst <instance-id> priority <bridge-priority>
Switch(config-if)# spanning-tree mst <instance-id> cost <cost>
Switch(config-if)# spanning-tree mst <instance-id> port-priority <port-priority>
Switch(config)# spanning-tree mst <instance-id> mst hello-time <seconds>
Switch(config)# spanning-tree mst <instance-id> mst forward-time <seconds>
Switch(config)# spanning-tree mst <instance-id> mst max-age <seconds>
Difference between VTP versions
VTP version 1:
- Supports normal VLAN numbers (1-1001)
- Supports pruning of unused VLANs (no longer sends broadcasts and unknown unicasts
- supports cleartext and MD5 digest password
VTP version 2:
- Forwards the VTP messages without checking the version number or domain in transparent mode
- Supports Token Ring
- Performs consistency check on the VTP / VLAN parameters (from CLI or SNMP)
- Pass on Unrecognised TLVs
VTP version 3:
- Supports extended VLAN numbers (1-4095)
- Transfer information regarding Private VLAN structure
- Support for databases other than VLAN (for example MST)
- Protection from unintended database overrides during insertion of new switches
- Hidden password protection
- CCNP SWITCH 642-813 Official Certification Guide
Tuesday, 13 November 2012
Loop Guard
When BPDUs go missing, port is moved to loop inconsistent and kept in nondesignated role
- It only operates on interfaces that are considered point-to-point by the spanning tree.
- It can't be used with root guard
- It operates per VLAN
- It recovers automatically
Sunday, 4 November 2012
EIGRP Interface Load (K2)
EIGRP routing updates are triggered only by a change in network topology (interface up/down event, IP addressing change or configured bandwidth/delay change) and not by change in interface load or reliability. The load/reliability numbers are thus a snapshot taken at the moment of the topology change and should be ignored.
http://blog.ioshints.info/2009/06/eigrp-load-and-reliability-metrics.html
http://blog.ioshints.info/2009/06/eigrp-load-and-reliability-metrics.html
EIGRP routing over DMVPN (mGRE)
On Hub:
- Disable as-member split-horizon
- Disable as-member next-hop-self
Saturday, 3 November 2012
EIGRP traffic-share min
when you use the traffic-share command with the keyword min, the traffic is sent only across the minimum-cost path, even when there are multiple paths in the routing table. This is identical to the forwarding behaviour without use of the variance command. However, if you use the traffic-share min command and the variance command, even though traffic is sent over the minimum-cost path only, all feasible routes get installed into the routing table, which decreases convergence times.
- traffic-share balanced (default):
- Variance=1 (default):
- Traffic will be sent to successor(s) only (equal cost load balancing).
- Feasible successors are kept in EIGRP topology table.
- Feasible successors are not kept in the routing table.
- Variance=2+:
- Traffic will be sent to successor(s) and feasible successors(s).
- Traffic will be sent inversely proportional to their metrics.
- All successor(s) and feasible successor(s) are kept in the routing table.
- traffic-share min across-interfaces:
- Variance=1 (default):
- same as (1.1)
- Variance=2+:
- Traffic will be sent to successor(s) only (equal cost load balancing).
- Feasible successors are kept in the routing table.
Sunday, 28 October 2012
OSPF Default Route Cost
set on ABR:
area [area-number] default-cost [cost]
area [area-number] default-cost [cost]
OSPF Forwarding Address and How to Suppress It
If the forwarding address in an external LSA is specified, and this address is not reachable, the address contained in the LSA is not inserted into the route table. When NSSA ABR translates the type 7 NSSA LSA into they 5 LSA, by default the forwarding address is transferred from type 7 to type 5. The ABR can be configured to suppress the forwarding address during the translation, replacing the specified address with the address 0.0.0.0. When another router receives the type 5 external LSA with the forwarding address suppressed, instead of trying to direct traffic for the external address to the forwarding address the receiving router will attempt to direct the traffic to the toe 7 to type 5 translating ABR router.
area 10 nssa translate type 7 suppress-fa
Routing TCP/IP Volume 2, Second Edition
area range Command
area range command specifies the area to which the summary adress belongs, the summary address, and the address mask.
It also installs a route to the null interface automatically. The router can be configured to not install it in the route table using the command no discard-route.
no-advertise switch is used for filtering summary addresses to be advertise to backbone network.
Routing TCP/IP Volume 2, Second Edition
It also installs a route to the null interface automatically. The router can be configured to not install it in the route table using the command no discard-route.
no-advertise switch is used for filtering summary addresses to be advertise to backbone network.
Routing TCP/IP Volume 2, Second Edition
Which ABR Translates Type 7 to Type 5
In scenarios which there are more than one ABR connected to the NSSA area, only the ABR with the highest router-id may translate Type 7 LSA(s) to Type 5 LSA(s).
OSPF External Type 1 and Type 2 Comparison
E1 Routes: Both the external cost and internal OSPF cost matters.
E2 Routes: Only the external cost matters (unless there is a tie).
Use E2 if the goal is to always send traffic through one ASBR.
Use E1 if the goal is to balance the traffic, and make each router pick the closes ASBR.
CCNP-TSHOOT 642-902 Official Certification Guide
E2 Routes: Only the external cost matters (unless there is a tie).
Use E2 if the goal is to always send traffic through one ASBR.
Use E1 if the goal is to balance the traffic, and make each router pick the closes ASBR.
CCNP-TSHOOT 642-902 Official Certification Guide
Calculating the Cost of Type 2 External Routes-Inter-Area
- Calculate the cost to rech the ABR, based on the local area's topology.
- Add the cost from the ABR to the ASBR, as listed in a Type 4 LSA.
CCNP-ROUTE 642-902 Official Certification Guide
Calculating the Cost of Type 2 External Routes-Intra-Area
- Find the advertising ASBR(s) as listed in the Type 5 LSA(s).
- Calculate the lowest cost route to reach any of the ASBR(s) based on the area topology.
CCNP-ROUTE 642-902 Official Certification Guide
Calculating the Cost of Inter-Area Routes
- Calculate the intra-area cost from the router to the ABR listed in the type 3 LSA.
- Add the cost value listed in the Type 3 LSA
Calculating the Cost of Intra-Area Routes
- find all subnets inside the area, based on LSA type 1 and 2.
- Runs SPF and find possible paths.
- Calculate the OSPF interface costs for all outgoing interfaces and picking the lowest total cost route for each subnet as the best route.
CCNP-ROUTE 642-902 Official Certification Guide
Saturday, 27 October 2012
show ip ospf statistics
Provides information about how frequently a router is executing the SFP algorithm.This command also shows when the SPF algorithm last ran and is recommended as the first troubleshooting step for link-state advertisement (LSA) flapping.
Record of reasons causing SPF to be executed:
Record of reasons causing SPF to be executed:
- N—A change in a network LSA (type 2) has occurred.
- R—A change in a router LSA (type 1) has occurred.
- SA—A change in a Summary autonomous system boundary router (ASBR) (SA) LSA has occurred.
- SN—A change in a Summary Network (SN) LSA has occurred.
- X—A change in an External Type-7 (X7) LSA has occurred.
CCNP-TSHOOT 642-832 Official Certification Guide and http://www.cisco.com/en/US/docs/ios/12_3t/ip_route/command/reference/ip2_s4gt.html#wp1167148
4-Byte AS-PATH
The new AS number is 4-bytes and split into two 2-byte values, in X.Y syntax. The support for the 4-byte AS is advertised via BGP capability negotiation. In order to ensure interoperability with existing BGP peers that do not support 4-byte AS, encoding of BGP OPEN message is reserved and 4-byte AS support is exchanged between the BGP peers via the capability field.
When BGP attempts to establish a session with its peer, the OPEN message may include an optional parameter, called Capabilities. A NEW speaker will include the NEW (4-byte AS) capability when it attempts to OPEN a session with its peer. An OLD speaker should simply ignore the NEW capability advertised by its peer and continue to operate in OLD mode, as detailed in RFC 3392.
If the NEW speaker advertises and receives the 4-byte AS capability from its peer, it will just encode the 4-byte AS number in its AS_PATH or AGGREGATOR attributes when exchanging information with this peer.
If the NEW speaker does not receive the 4-byte AS capability from a particular peer, it indicates this peer is an OLD speaker. Two new attributes are introduced, namely AS4_PATH and AS4_AGGREGATOR. Both attributes are optional transitive. These new attributes use the same encoding as the original ASPATH and AGGREGATOR except the AS Number used is 4-bytes instead of 2-bytes. The NEW speaker will substitute a reserved 2-byte AS number (called AS_TRANS with AS # 23456) for each 4-byte AS so that ASPATH and AGGREGATOR is still 2-byte in length and ASPATH length is still preserved, and at the same time insert the new AS4_PATH and AS4_AGGREGATOR, which will contain the 4-byte encoded copy of the attributes. The NEW speaker will then advertise ASPATH and/or AGGREGATOR together with the AS4_PATH and/or AS4_AGGREGATOR. The OLD speaker that receives these new attributes will preserve and blindly pass them along even though it does not understand them. Subsequent NEW speakers will merge the ASPATH and/or AGGREGATOR with the AS4_PATH and/or AS4_AGGREGATOR to retrieve the original 4-byte AS information without losing any attribute contents, as illustrated in the Figure 1.
http://www.cisco.com/web/about/security/intelligence/4byte-as.html
Troubleshooting Mismatched Duplex
On the full-duplex side:
On the half-duplex side:
- High Rcv-Err
- Runts
- FCS-Err
On the half-duplex side:
- High Late-Col counter
- excessive collisions
CCNP-TSHOOT 642-832 - Official Certification Guide
Monday, 22 October 2012
OSPF P-bit
When external routing information is imported into an NSSA in a type 7 link-state advertisement (LSA), the type 7 LSA has only area flooding scope. To further distribute the external information, type 7 LSAs are translated into type 5 LSAs at the NSSA border. The P-bit in the type 7 LSA Options field indicates whether the type 7 LSA should be translated. Only those LSAs with the P-bit set are translated. When you redistribute information into the NSSA, the P-bit is automatically set. A possible workaround applies when the Autonomous System Boundary Router (ASBR) is also an Area Border Router (ABR). The NSSA ASBR can then summarise with the not-advertise keyword, which results in not advertising the translated type 7 LSAs.
http://www.cisco.com/en/US/tech/tk365/technologies_q_and_a_item09186a0080094704.shtml
http://www.cisco.com/en/US/tech/tk365/technologies_q_and_a_item09186a0080094704.shtml
Sunday, 21 October 2012
Cisco Proprietary 802.1D Enhancements vs 802.1w
Cisco proprietary 802.1D enhancements (PortFast, UplinkFast and BackboneFast) are all implemented in 802.1w. Only PortFast requires manual configuration in 802.1w.
STP vs RSTP
802.1D: BPDUs originate from the root bridge and are relayed by all switches down the tree every Hello Time.
802.1w: BPDUs are sent out every switch port at Hello Time intervals, regardless of whether BPDUs are received from the root.
CCNP-SWITCH 642-813 Official Certification Guide
802.1w: BPDUs are sent out every switch port at Hello Time intervals, regardless of whether BPDUs are received from the root.
CCNP-SWITCH 642-813 Official Certification Guide
Monday, 15 October 2012
Init bit in EIGRP Update Packet
Suppose you have Routers A and B, running along fine, for many hours. Router A reloads, but comes back up before Router B's hold timer has expired. When Router B sees A's hellos, it will assume that A just missed a couple, and everything is fine. But everything isn't fine--A just lost all of its routing information! How can A signal this state, and as B to re-synchronize?
A can send an empty update, with the init bit set. This causes Router B to place A in the "pending" state, and wipe out all the information it's learned from A (unless, of course, graceful restart is configured/etc).
https://supportforums.cisco.com/thread/50827
A can send an empty update, with the init bit set. This causes Router B to place A in the "pending" state, and wipe out all the information it's learned from A (unless, of course, graceful restart is configured/etc).
https://supportforums.cisco.com/thread/50827
Sunday, 26 August 2012
Multiple BGP AS on Cisco Router
When you need to have BGP sessions from an AS number different that the one configured with router bgp as-number. As Cisco doesn't support multiple instances of BGP like the way juniper supports it.
neighbor ip-address local-as as-number [no-prepend [replace-as [dual-as]]]
no-prepend: Does not prepend the local autonomous system number to any routes received from the eBGP neighbor.
replace-as: Prepends only the local autonomous-system number to the AS_PATH attribute. The autonomous system number from the local BGP routing process is not prepended.
http://www.cisco.com/en/US/tech/tk365/technologies_configuration_example09186a00800949cd.shtml
neighbor ip-address local-as as-number [no-prepend [replace-as [dual-as]]]
no-prepend: Does not prepend the local autonomous system number to any routes received from the eBGP neighbor.
replace-as: Prepends only the local autonomous-system number to the AS_PATH attribute. The autonomous system number from the local BGP routing process is not prepended.
http://www.cisco.com/en/US/tech/tk365/technologies_configuration_example09186a00800949cd.shtml
Sunday, 12 August 2012
OSPF Load Blance
If multiple equal-cost, equal-path-type exist, OSPF load balances over a maximum of 16.
R1(config-router)#maximum-path [1-16]
R1(config-router)#maximum-path [1-16]
Hot Potato Routing
Getting packets to external destinations out of the network at the closest exit point!
OSPF Reference Bandwidth
R1(config-router)#auto-cost reference-bandwidth [The reference bandwidth in terms of mbps]
default reference bandwidth is 100 mbps
Ensure configuration is consistent across all routers
default reference bandwidth is 100 mbps
Ensure configuration is consistent across all routers
NSSA and P-bit
If the NSSA's ABR receives a type 7 LSA with the P-bit set to one, it will translate the type 7 LSA into a type 5 LSA and flood it throughout the other areas. If the P-bit is set to zero, no translation will take place and the destination in the type 7 LSA will not be advertised outside of the NSSA.
Monday, 30 July 2012
IPv6 Neighbor Discovery Protocol
Types and Codes:
- Router Solicitation: 133
- Router Advertisement: 134
- Neighbor Solicitation: 135
- Neighbor Advertisement: 136
Sunday, 29 July 2012
Static ARP on Ethernet
R1(config)#arp 1.1.1.1 aaaa.aaaa.aaaa arpa
ARP Timeout
R1(config)#int gi 1/0
! default ARP timeout
R1(config-if)# arp timeout 14400
! default ARP timeout
R1(config-if)# arp timeout 14400
Various Subnet Mask Representations
R1(config)#line vty 0 4
R1(config)#ip netmask-format [ decimal | hexadecimal | bit-count ]
R1(config)#ip netmask-format [ decimal | hexadecimal | bit-count ]
Subscribe to:
Posts (Atom)