Pages

Tuesday, September 27, 2011

Spanning tree portfast

Spanning-tree portfast command makes interface on the switch jump up from spanning-tree disable mode to spanning-tree forwarding mode which is different from the normal spanning tree operation that the interface needs to go through listening status and learning state. Therefore, the interface will come up right away.

How to enable spanning-tree portfast


Spanning-tree portfast in interface level
  In the interface level we use " spanning-tree portfast" command to enable it. This is for an access port only. If you want to enable portfast for trunk port "spanning-tree portfast trunk" is required.


Spanning-tree portfast option in the global configuration
  In the global configuration, we can enable the portfast for all of the access ports on the switch by using "spanning-tree portfast default " command. However, this command will not affect the trunk port on the switch

Option for spanning-tree portfast
   - spanning-tree portfast bpduguard default
   - spanning-tree portfast bpdufilter default

   -spanning-tree portfast bpduguard default :  it will enable the bgpuguard on the all of the portfast interfaces on the switch. This is only valid for access port.
   - spanning-tree portfast bpdufilter default  :  it will enable the bgpufilter on the all of the portfast interfaces on the switch. This is only valid for access port.



Posted by BBru at 10:34 AM 0 comments
Labels:

Sunday, September 25, 2011

GLBP Load Balancing options

There are 3 different options for the GLBP load balancing

  • Host-dependent : load balancing based on MAC address of a host where the same forwarder is used for a particular host while the number of GLBP group members remains unchanged.
  • Round-Robin  :   Each active forwarder will in turns forward the packets. This is a default setting of glbp
  • Weighted   :  load balancing based on the weighting value advertised by the gateway.

Configuration Command

       glbp group load-balancing [host-dependent round-robin weighted]


Posted by BBru at 10:32 PM 0 comments
Labels:

Saturday, September 24, 2011

MPLS LDP advertise lable

mpls ldp advertise-label 


This command is enable by default. The MPLS router will advertise every network it learnt or connected network to its neighbor. In order to stop this advertisement, we use  "no mpls ldp advertise-label " However, this command will disable every advertisement in the network.

If we want to specifically advertise label for specific network to specific destination, we can use the command as followings.
      mpls ldp advertise-lable for <dest prefix>  to <ldp peer>

Example

As shown in the figure, R1, R2 and R3 are in the MPLS network. In this scenario, we specify what prefix and what destination we want to have label advertised for the MPLS network. R1 will advertise label for 1.1.1.1/32 only but not 10.10.10.10/32. Here is the configuration example on R1
( we omitted the IGP configuration )
Before configuration
R2#sh mpls forwarding-table
Local  Outgoing    Prefix            Bytes tag  Outgoing   Next Hop
tag    tag or VC   or Tunnel Id      switched   interface
16     Pop tag     30.30.30.30/32    570        Fa0/1      192.168.2.2
17     Pop tag     3.3.3.3/32        0          Fa0/1      192.168.2.2
18     Pop tag     10.10.10.10/32    0          Fa0/0      192.168.1.1
19     Pop tag     1.1.1.1/32        0          Fa0/0      192.168.1.1


Configuration command

no mpls ldp advertise-labels

mpls ldp advertise-labels for 2 to 1

access-list 1 permit 192.168.1.2
access-list 2 permit 1.1.1.1

Result / Verification

R2#sh mpls forwarding-table
Local  Outgoing    Prefix            Bytes tag  Outgoing   Next Hop
tag    tag or VC   or Tunnel Id      switched   interface
16     Pop tag     30.30.30.30/32    570        Fa0/1      192.168.2.2
17     Pop tag     3.3.3.3/32        0          Fa0/1      192.168.2.2
18     Untagged    10.10.10.10/32    0          Fa0/0      192.168.1.1
19     Pop tag     1.1.1.1/32        0          Fa0/0      192.168.1.1

We can see now that the 10.10.10.10/32 label is not advertised to R2 from R1
Posted by BBru at 1:33 PM 2 comments
Labels:

Wednesday, September 21, 2011

Changing AD in OSPF

As we all know that, the default administrative distance of the OSPF is 110. However, in some cases, we will need to change this value to something else to manipulate the routing table to avoid routing loop or else. We use this following command to accomplish it.

  distance <AD>  <source address> <Mask> <ACL>

In OSPF, the source address is the router-id of the router advertising the network matched in ACL. Therefore, it  is not necessarily the attached routers. See the configuration example below.

We have 4 routers R1,R2,R3,R4. R1 tries to change the administrative distance of the network advertised from R3 from 110 to 50. R3 has the router-id  of 3.3.3.3. Therefore in R1, we can configure as followings.


Here is the routing table of R1


R1
Gateway of last resort is not set

     20.0.0.0/24 is subnetted, 1 subnets
O E2    20.20.20.0 [110/20] via 192.168.1.2, 00:00:01, FastEthernet0/0
O IA 172.16.0.0/16 [110/21] via 192.168.4.1, 00:00:01, FastEthernet0/1
                   [110/21] via 192.168.1.2, 00:00:01, FastEthernet0/0
C    192.168.4.0/24 is directly connected, FastEthernet0/1
     10.0.0.0/32 is subnetted, 1 subnets
C       10.10.10.10 is directly connected, Loopback0
C    192.168.1.0/24 is directly connected, FastEthernet0/0
O    192.168.2.0/24 [110/20] via 192.168.1.2, 00:00:01, FastEthernet0/0
O    192.168.3.0/24 [110/20] via 192.168.4.1, 00:00:01, FastEthernet0/1
     30.0.0.0/32 is subnetted, 1 subnets
O       30.30.30.30 [110/21] via 192.168.4.1, 00:00:01, FastEthernet0/1
                    [110/21] via 192.168.1.2, 00:00:01, FastEthernet0/0




Check the ospf database seen by R1


 Routing Bit Set on this LSA
  LS age: 137
  Options: (No TOS-capability, DC)
  LS Type: Router Links
  Link State ID: 3.3.3.3
  Advertising Router: 3.3.3.3
  LS Seq Number: 80000004
  Checksum: 0x8D28
  Length: 60
  Area Border Router
  Number of Links: 3

    Link connected to: a Stub Network
     (Link ID) Network/subnet number: 30.30.30.30
     (Link Data) Network Mask: 255.255.255.255
      Number of TOS metrics: 0
       TOS 0 Metrics: 1

    Link connected to: a Transit Network
     (Link ID) Designated Router address: 192.168.3.2
     (Link Data) Router Interface address: 192.168.3.1
      Number of TOS metrics: 0
       TOS 0 Metrics: 10

    Link connected to: a Transit Network
     (Link ID) Designated Router address: 192.168.2.1
     (Link Data) Router Interface address: 192.168.2.2
      Number of TOS metrics: 0
       TOS 0 Metrics: 10



We can see that R1 receive the LSA database from R3 ( area 0 - same area ).  We apply the distance command to change the AD of ospf network from R3 as followings.



R1 

router ospf 1
 router-id 1.1.1.1
 log-adjacency-changes
 network 0.0.0.0 255.255.255.255 area 0
 distance 50 3.3.3.3 0.0.0.0 1


access-list 1 permit any


This will change the AD for the network 30.30.30.30/32 to 50.


R1#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     20.0.0.0/24 is subnetted, 1 subnets
O E2    20.20.20.0 [110/20] via 192.168.1.2, 00:05:10, FastEthernet0/0
O IA 172.16.0.0/16 [50/21] via 192.168.4.1, 00:05:10, FastEthernet0/1
                   [50/21] via 192.168.1.2, 00:05:10, FastEthernet0/0
C    192.168.4.0/24 is directly connected, FastEthernet0/1
     10.0.0.0/32 is subnetted, 1 subnets
C       10.10.10.10 is directly connected, Loopback0
C    192.168.1.0/24 is directly connected, FastEthernet0/0
O    192.168.2.0/24 [110/20] via 192.168.1.2, 00:05:10, FastEthernet0/0
O    192.168.3.0/24 [110/20] via 192.168.4.1, 00:05:10, FastEthernet0/1
     30.0.0.0/32 is subnetted, 1 subnets
O       30.30.30.30 [50/21] via 192.168.4.1, 00:05:10, FastEthernet0/1
                    [50/21] via 192.168.1.2, 00:05:10, FastEthernet0/0

Posted by BBru at 11:36 PM 5 comments
Labels:

Monday, September 19, 2011

Interdomain Multicasting

Example configuration

We have 2 Autonomous System in this scenarios. AS 100 and AS 200 each running OSPF as the IGP routing protocol. The requirement in this example is to configure network to forward the multicast traffic from AS 100 to AS 200. The source of multicast traffic is R3 loopback interface and the receiver is sitting at R4 in the AS 200.

In this scenario, we need to configure Interdomain MSDP. We have selected R1 and R2 as a RPs for each AS. They form the MSDP neighbor together to accomplish this. Here is the configuration.

R1
router bgp 100

 bgp log-neighbor-changes
 neighbor 192.168.1.2 remote-as 200
 !
 address-family ipv4
  redistribute ospf 1
  neighbor 192.168.1.2 activate
  no auto-summary
  no synchronization
  network 1.1.1.0 mask 255.255.255.0
 exit-address-family
 !
 address-family ipv4 multicast
  neighbor 192.168.1.2 activate
  no auto-summary
  no synchronization
 exit-address-family
!
ip forward-protocol nd

ip pim rp-address 1.1.1.1
ip msdp peer 2.2.2.2 connect-source Loopback0 remote-as 200
!

R2
router bgp 200
 bgp log-neighbor-changes
 neighbor 192.168.1.1 remote-as 100
 !
 address-family ipv4
  redistribute ospf 1
  neighbor 192.168.1.1 activate
  no auto-summary
  no synchronization
  network 2.2.2.0 mask 255.255.255.0
 exit-address-family
 !
 address-family ipv4 multicast
  neighbor 192.168.1.1 activate
  no auto-summary
  no synchronization
 exit-address-family
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
ip pim rp-address 2.2.2.2
ip msdp peer 1.1.1.1 connect-source Loopback0 remote-as 100
!

R3
ip pim rp-address 1.1.1.1

R4
ip pim rp-address 2.2.2.2

Verify configuration

R1#sh ip msdp summary
MSDP Peer Status Summary
Peer Address     AS    State    Uptime/  Reset SA    Peer Name
                                Downtime Count Count
2.2.2.2          200   Up       00:06:54 0     0     ?
R1#

R3#ping 239.1.1.1

Type escape sequence to abort.
Sending 1, 100-byte ICMP Echos to 239.1.1.1, timeout is 2 seconds:

Reply to request 0 from 10.1.1.2, 388 ms
R3#

R2#sh ip mroute
IP Multicast Routing Table
Flags: D - Dense, S - Sparse, B - Bidir Group, s - SSM Group, C - Connected,
       L - Local, P - Pruned, R - RP-bit set, F - Register flag,
       T - SPT-bit set, J - Join SPT, M - MSDP created entry,
       X - Proxy Join Timer Running, A - Candidate for MSDP Advertisement,
       U - URD, I - Received Source Specific Host Report,
       Z - Multicast Tunnel, z - MDT-data group sender,
       Y - Joined MDT-data group, y - Sending to MDT-data group
Outgoing interface flags: H - Hardware switched, A - Assert winner
 Timers: Uptime/Expires
 Interface state: Interface, Next-Hop or VCD, State/Mode

(*, 239.1.1.1), 01:02:18/00:03:19, RP 2.2.2.2, flags: SJC
  Incoming interface: Null, RPF nbr 0.0.0.0
  Outgoing interface list:
    FastEthernet0/1, Forward/Sparse, 01:02:18/00:03:19

(172.16.1.2, 239.1.1.1), 00:00:26/00:02:33, flags: M
  Incoming interface: FastEthernet0/0, RPF nbr 192.168.1.1
  Outgoing interface list:
    FastEthernet0/1, Forward/Sparse, 00:00:26/00:03:19

(*, 224.0.1.40), 01:08:40/00:03:21, RP 2.2.2.2, flags: SJCL
  Incoming interface: Null, RPF nbr 0.0.0.0
  Outgoing interface list:
    FastEthernet0/0, Forward/Sparse, 01:05:16/00:02:25
    FastEthernet0/1, Forward/Sparse, 01:08:40/00:03:21


Posted by BBru at 8:57 PM 0 comments
Labels:

Configuring Netflow for multicast traffic


This section was copied from cisco.com

Configuring NetFlow for Multicast IP Traffic

To configure NetFlow for multicast IP traffic, perform this task:
 
Command
Purpose
Step 1 
Router(config)# ip multicast netflow output-counters
(Optional) Enables the calculation of output bytes/packets for an ingress flow.
Step 2 
Router(config)# ip multicast netflow rpf-failure
(Optional) Enables NetFlow for multicast data that fails the RPF check.
Step 3 
Router(config)# interface{vlan vlan_ID} | {type slot/port} | {port-channel port_channel_number}
Selects a Layer 3 interface to configure.
Step 4 
Router(config-if)# ip flow{ingress | egress}
Enables NetFlow multicast traffic on the specified interface (for RP and PFC).
Specify ingress to enable NetFlow multicast ingress accounting.
Specify egress to enable NetFlow multicast egress accounting.
Posted by BBru at 12:46 AM 2 comments
Labels:

Tuesday, September 6, 2011

How to Decrypt Key 7 using IOS

Everyone may experience when we don't remember the password that we put into the configuration. This is a way to decry pt it using the cisco IOS.

Example


You forgot the password for the ntp authentication part
show run | in ntp

ntp authentication-key 1 md5 120D000406060851212E3D 7

Solution
- Create key chain. 



R1(config)#key chain decryptkey
R1(config-keychain)#key 1
R1(config-keychain-key)#key-string 7  120D000406060851212E3D
R1(config-keychain-key)#

R1#sh key chain
Key-chain decryptkey:
    key 1 -- text "testmd5key"
        accept lifetime (always valid) - (always valid) [valid now]
        send lifetime (always valid) - (always valid) [valid now]
Posted by BBru at 9:59 PM 0 comments
Labels:
Subscribe to: Posts (Atom)