My Favourite
Content
CSCO11663195 CISCO ID
********************************************************************************
**************************************************************
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
********************************************************************************
**************************************************************
PRIVATE VLAN CONFIGRATION
vtp mode transparent
vlan 200
private-vlan primary
vlan 205
private-vlan community
vlan 210
private-vlan isolated
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------vlan 200
private-vlan association 205,210
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Show private-vlan type
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------interface fa 4/24
switchport mode private-vlan host
switchport private-vlan host-association 200 205
interface fa 4/25
switchport mode privte-vlan host
switchpoert private-vlan host association 200 205
interface fa 4/24
switchport mode private-vlan host
switchport privte-vlan host association 200 210
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------interface fa 4/27
switchport mode private-vlan promiscious
switchport private-vlan map 200 205,210
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------show vlan private-vlan
********************************************************************************
**************************************************************
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
********************************************************************************
**************************************************************
Multilayer Inter-vlan Switching
interface vlan 10
ip add 10.1.1.1 255.255.255.0
no shut
interface vlan 20
ip add 10.1.2.1 255.255.255.0
no shut
ip routing
********************************************************************************
**************************************************************
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
********************************************************************************
**************************************************************
Ether-Channel PAGP(Cisco Prop.) Auto/Desirable/On
Layer 2 Ether-channel
interface range fa 0/1-4
channel-protocol pagp
channel-group 1 mode desirable
show etherchannel
show etherchannel summary
show etherchannel details
Layer 3 Ether-channel
interface range fa 0/1-4
channel-protocol pagp
channel group 1 mode desirable
int port-channel 1
no switch-port
ip add 10.1.1.1 255.255.255.0
show etherchannel
show etherchannel summary
show etherchannel details
********************************************************************************
**************************************************************
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
********************************************************************************
**************************************************************
Ether-Channel LACP 802.3 AD Passive/Active/On
Layer 2 Ether-channel
interface range fa 0/1-4
channel-protocol lacp
channel-group 1 mode active
show etherchannel
show etherchannel summary
show etherchannel details
Layer 3 Ether-channel
interface range fa 0/1-4
channel-protocol lacp
channel group 1 mode active
int port-channel 1
no switch-port
ip add 10.1.1.1 255.255.255.0
show etherchannel
show etherchannel summary
show etherchannel details
********************************************************************************
**************************************************************
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
********************************************************************************
**************************************************************
PER VLAN STP
Can helps in load balancing
spanning-tree vlan 2 root primary
spanning-tree vlan 3 root secondary
spaning-tree vlan 4 priority
spaning-tree portfast
spanning-tree bpduguard enable
if recived port become errdisable
spanning-tree guard root
port become secure
if sombody try to become root bridge on this port it will
show as inconsistant port
show spanning-tree
********************************************************************************
**************************************************************
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
********************************************************************************
**************************************************************
STP 802.1 D
Bridge ID = Priority(32768) + MAC Add
100mbps = 19
10mbps = 100
1gbps = 4
10gbps = 2
BPDU every 2 second
Listening send/recive BPDU Forward delay 15 second
Learning MAC add/CAM Table 15 seconds
Forwarding
Blocking Max age 20 seconds
********************************************************************************
**************************************************************
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
********************************************************************************
**************************************************************
RSTP 802.1 W
Discarding
Learning
Forwarding
Root Port
Designated Port
Alternate Port
Edge Port(Port Fast)
********************************************************************************
**************************************************************
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
********************************************************************************
**************************************************************
To secure telnet session(SSH only)
ip domain arjun.com
crypto key generate rsa
line vty 0 4
login
transport input ssh
********************************************************************************
**************************************************************
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
********************************************************************************
**************************************************************
HSRP (Cisco Prop.)
Hello 3 second Hold 10 second
Standby or Active Router
Virtual IP/Mac add
Tunning
Priority
Preempt
Tracking
Timers
0000.0c07.acxx
interface vlan 70
standby 1 ip (virtual ip)
standby 1 priority 150(higher is better 100 is default)
show standby
interface vlan 70
standby 1 preempt
standby 1 tracking fa 0/23(down int) 60(decrease priority)
standby 1 timers 1 3(second, miliseconds)
********************************************************************************
**************************************************************
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
********************************************************************************
**************************************************************
VRRP
Hello 1 Hold 3
Master/Backup
Master can share virtual IP
skew timer = 256-priority/256
interface fa 0/0
vrrp 20 ip 172.30.4.90(virtual)
vrrp 20 preempt
vrrp timers advertise msec 100
show vrrp
********************************************************************************
**************************************************************
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
********************************************************************************
**************************************************************
GLBP(Cisco Prop.)
Single Virtual IP with multiple mac add
AVG Active Virtual Gateway
AVF Active Virtual Forwarder
Round Robin one by one mac add will go to forwar
Host dependent will bind the host to mac
interface fa 0/0
glbp 1 priority 150
glbp timers
glbp 1 weighting
glbp 1 load-balancing
********************************************************************************
**************************************************************
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
********************************************************************************
**************************************************************
SITE TO SITE CLI VPN CONFIG
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Set up isakmp policy(for IKE Phase-I)
crypto isakmp policy 50
authentication pre-share
encryption aes 128
group 2
hash sha
lifetime(leave default)
crypto isakmp key 0 arjun!! address 71.209.254.34 no-xauth
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Set up ipsec transform set(Phase-II)
crypto ipsec transform-set DEMO esp-aes 128 esp-sha-hmac
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Define Traffic
ip access-list extended Traffic
permit ip 172.30.0.0 0.0.255.255 192.168.1.0 0.0.0.255
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Set up crypto map
crypto map VPNMAP 10 ipsec-isakmp
set peer 71.209.254.34
match address Traffic
set transform-set DEMO
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Assign crypto map to interface
int fa 0/0
crypto mapVPNMAP
show crypto isakmp sa
show crypto ipsec sa
Note:- disable nat translation
********************************************************************************
**************************************************************
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
********************************************************************************
**************************************************************
GRE Tunnel
First Router
interface tunnel 0
ip add 10.5.1.2 255.255.255.0
tunnel source s 0/0/0
tunnel destination 41.95.109.2
tunnel mode gre ip
Second Router
interface tunnel 0
ip add 10.5.1.1 255.255.255.0
tunnel source s 0/0/0
tunnel destination 41.95.109.1
tunnel mode gre ip
********************************************************************************
**************************************************************
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
********************************************************************************
**************************************************************
Point to Point Over Ethernet(PPPoE)
interface dialer 1
ip add negoitiated
encapsulation PPP
ip mtu 1492
ip nat outside
ppp authentication pap callin
ppp pap sent username asdf password asdf
dialer pool 1
int fa 0/4
pppoe enable
pppoe-client dial-pool-number 1
show pppoe session
show ppp authentication
debug pppoe events
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------int bvi
ip nat inside
ip access-list extended NAT_ADD
permit ip 192.168.1.0 0.0.0.255
ip nat inside source-list NAT_ADD inter dialer 1 overload
ip route 0.0.0.0 0.0.0.0 dialer 1
********************************************************************************
**************************************************************
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
********************************************************************************
**************************************************************
Voice + PC Vlan Config + QOS
interface fa 0/5
switchport mode access
switchport access vlan 200
switchport voice vlan 100
mls qos trust cos
mls qos trust cisco-phone
auto qos voip cisco-phone
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------QOS
Layer 2 CoS
3 bits
8 Level
Layer 3 ToS
3-6 bits
Many level
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------1 Byte
8 bit
6 bit - DSCP
3 bit - ToS IP Prec.
********************************************************************************
**************************************************************
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
********************************************************************************
**************************************************************
Wireless Security
1997 - WEP wireless equilent privacy
2001 - 802.1x EAP Extension Authentication Protocol
2003 - WPA Wi Fi Protected Access
2004 - WPA2 IEEE 802.11I
Power Over Ethernet
802.3 AF
********************************************************************************
**************************************************************
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
********************************************************************************
**************************************************************
DHCP IOS BASED
ip dhcp-server 10.1.1.1
ip dhcp exclude-address 10.1.1.1 10.1.1.19
ip dhcp pool ABC_Subnet
network 10.1.1.0/24
domain-name ABC.COM
dns-server 10.1.1.10 10.1.1.11
netbios-name-server 10.1.1.10
default-router 10.1.1.1
option 150 ?
ip dhcp database tftp://10.1.1.50 dhcp-bindings.text
ip dhcp database tftp://10.1.1.50 dhcp-bindings.text write-delay 180
Client
int fa 0/0
ip add dhcp
show ip dhcp binding
To import the dhcp settings from isp
ip dhcp pool ABC_Subnet
import all
IP Helper add
int fa 0/0
ip helper-add 10.1.1.50
no ip forward-protocol udp 37
no ip forward-protocol udp 137
UDP Ports
37 Time
49 TACACS
53 DNS
67 DHCP Server
68 DHCP Client
69 TFTP
137 Netbios Name Service
138 Netbios Datagrame Service
********************************************************************************
**************************************************************
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
********************************************************************************
**************************************************************
EIGRP
Backup Routes (Fast Convergence)
Simple configuration
Flexibility in summarization
Unequal cost load balancing
Combine best of distance vector and link state
Support Multiple Network Protocol
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Neighbor Table
Topology Table
Routing Table
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------FD Full Distance
AD Advertise Distance
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Successor
Feasible Successor
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Active Route
Passive Route
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------To be considered a feasible successor AD must be less than FD(AD<FD)
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------HELLO :-Forms relationship
UPDATE :- Sends update
QUERY :- Ask about routes
REPLY :- Response to a query
ACK :- Ack the update, query, reply
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Bandwidth
Delay
Relability
Load
MTU
Metric Formula
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------EIGRP query process
send query update every 5 second
dowtime 15 second
query message reply wait for 3 minutes
during this 3 minute Stuck In Active state happen
To solve query problem
Summary Route
Stub configuration
router eigrp 100
eigrp stub ?connected/summary/recive only/static
Gracefull Shutdown will set all k value to 255(Hello Gudby)
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Eigrp uses multicast 224.0.0.10
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------To enable all interfaces in eigrp
network 0.0.0.0 255.255.255.255
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Add static route to eigrp
ip route 0.0.0.0 0.0.0.0 next hop ip
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Add default route to eigrp(old style)
ip default-network (ip add)
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Add summary route to eigrp
inter fa 0/0
ip summary-address eigrp 100 network add network mask
ip summary-address eigrp 100 network add network mask AD value/Metric
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Load balancing to 4 equal unequal cost path
eigrp 100
varience 2
clear ip eigrp neighbor
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Authentication
To set clock NTP Master/NTP client
Key chain Arjun
Key 1
key-string 11111981
accept-lifetime......................
send-lifetime........................
key 2
......
.....
.....
int s 0/1
ip authentication mode eigrp 1 md5
ip authentication key-chain eigrp 100 Arjun
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
debug eigrp packet
--------------------EIGRP uses IP Protocol Type 88
Update destination 224.0.0.10
Full updated when neighbor discover
Partial update afterwards neighbor discovery
Hello 5 second Hold 15 seconds
LAN 15 seconds convergence
Frame-relay 60 seconds convergence
BFD Bidirection Forwarding Detection
int fa 0/1
ip hello-interval eigrp 100 2
ip hold-timer eigrp 100 6(three times to hello)
show ip eigrp interface details fa 0/1(to show hello/hold)
router eigrp 100
passive-interface fa 0/1
passive-interface fa 0/2
sh ip protocol(to show passive interface)
Authentication
key chain carkey
key 1
key-string.........
accept.......
send........
key 2
key string.........
accept.......
send........
ip authentication mode eigrp 100 md5
ip authentication key-chain eigrp 100 carkey
show key chain
debug eigrp packet
eigrp router-id
eigrp update message contain
Hello
Update
Query
Reply
Ack
show ip eigrp topology 10.11.10.0/24
Frame-relay multipoint eigrp config
no ip spilthorizon eigrp 100
To set bandwidth
bandwidth 300
ip bandwidth-percentage eigrp 100 20%
Serial 1.544 mbps delay 2000 microsecond
Ethernet 10 mbps dealy 1000
Fast Ether 100 mbps 100
Gig Ether 1 gbps 10
-----------------------------------------------EIGRP route and add value to metric by interger
Offset-list
access-list 11 permit 10.11.1.0
router eigrp 100
offset-list 11 in 3 serial 0/0/0.1
access-list 12 permit 10.11.11.0
router eigrp 100
offset-list 12 out 4
sh ip eigrp topology
sh ip eigrp all links
-----------------------------eigrp stub connected/static/summary/redistributed
maximum path 4-16 for load sharning
-----------------------------Distribute list
access-list 2 deny........ ..............
access-list 2 permit any
router eigrp 100
distibute-list 2 out
----------------------------------Prefix-list
ip prefix-list arjun seq 5 deny 10.1.1.0/24
ip prefix-list arjun seq 10 deny 0.0.0.0/0 ge 30 le 30
ip prefix-list arjun seq 15 permit 0.0.0.0/0 le 32
router eigrp 100
distribute-list prefix arjun out
-----------------------------------------------creat route map arjun than apply
distribute-list route-map arjun out
----------------------------------------------ip summary address eigrp 100 10.1.0.0 0.0.255.255
---------------------------------------------------------------------ip route 0.0.0.0 0.0.0.0 s1/0
or
network 0.0.0.0
or
ip default-network..........
********************************************************************************
**************************************************************
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
********************************************************************************
**************************************************************
OSPF
IP Protocol 89
Neighbor Table
Topology Table
Routing Table
Use Dijkstra SPF
Send triggered update
Send periodic update
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ABR Router
ASBR Router
Backbone Router
All areas must connect to area 0
All routers in an area have the same topology table
Localize update within area
Require a hierarchical design
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ROUTER ID
1) Determine Router ID
DOWN STATE
2)Add interfaces to the
3)Send hello message on
once every 10 second on
once every 30 second on
Router ID
Hello & Dead Timers*
Network Mask*
Area ID*
Neighbor
Router Priority
DR/BDR
Authentication*
link state database(by network command)
chosen interface
broadcast/p2p
NBMA networks
INITIAL STAGE
4)Recive hello
check hello/dead
check netmask
check area id
check Authentication
TWO WAY STAGE
5)Send reply Hello
am i listed as as neighbor in your hello packet
if yes reset dead timers
if no add as new neighbor
EX-START STAGE
6) Master - Slave relationship determine
determined by priority
master sends data base desription (DBD) packets Cliff Notes
slave send DBD packet
LOADING STAGE
7)DBD are acknowledge and reviewed
slave request details(LSR)
master sends update(LSU)
master request details
slave sends update
FULL STAGE
8)Neighbor are synchronized
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Config OSPF
router ospf process id
Network 10.0.0.0 0.0.0.0 area 0
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Cost = Reference bandwidth/Interface bandwidth
int fa 0/0
ip ospf cost 10000
auto-cost refernce-bandwidth 10000
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
clear ip ospf process
router id 2.2.2.2
network 2.2.2.2 0.0.0.0 area 0
makes the router pingable
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Ospf config in interface
inter fa 0/1
ip ospf 1 area 0
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Static Frame Relay
inter s 1
ip add 1.16.0.1 255.255.255.0
encapsulation frame-relay
bandwidth 64
frame-relay map ip 10.16.0.2 110 broadcast
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Frame Relay Point To Point (Subinterfaces)
Different Subnet
Automatic Discovery of Neighbor
inter s
no ip add
int serial 0.110 point to point
ip add 10.17.0.1 255.255.255.0
badwidth 64
frame-relay interface-dlci 110
int serical 0.120 point to point
ip add 10.18.0.1 255.255.255.0
bandwidth 64
frame-relay interface-dlci 120
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Frame Relay Multipoint Subinterfaces
Single Subnet
Manual config of neighbor
interface serial 2
no ip add
encapsulation frame-relay
interface serial 2.2 multipoint
ip add 10.17.0.1 255.255.255.0
bandwidth 64
frame-relay map ip 10.17.0.2 120 broadcast
frame-relay map ip 10.17.0.3 130 broadcast
frame-relay map ip 10.17.0.4 140 broadcast
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------OSPF Network Type NBMA Five Modes
NBMA(RFC)
Neighbors are statically configured
Must be one subnet
Act like a LAN
DR/BDR Election
Full Mesh Topology
Partial Mesh Topology
Hub & Spoke Topology
Point To Multipoint (RFC)
Point To Point(CISCO Prop.)
Broadcast(Cisco Prop)
Point To Multipoint(Cisco Prop)
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------To summarize the route
area 1 range IP & Mask
summary-address 172.16.0.0 255.255.0.0
redistribute rip subnets
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------OSPF LSA Type
LSA Type 1 Router LSA
LSA Type 2 Network LSA DR Generated
LSA Type 3 Summary LSA ABR Summary Route
LSA Type 4 Summary LSA ASBR
LSA Type 5 External LSA
LSA Type 7
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Virtual Link
Add route id to all router
area 1 virtual-link 2.2.2.2
area 1 virtual-link 3.3.3.3
show ip ospf virtual-link
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------STUBBY Area Block Type 5 LSA
area 2 stub
area 3 stub
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Totally Stubby cisco prop Block Type 3,4,5 LSA
area 1 stub no-summary
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------NSSA
area 1 nssa
area 1nssa no-summary
redistribute rip subnets ip & mask metric/Type E1/E2
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------OSPF Authentication
Plain Text
ip ospf authentication
ip ospf authentication-key password
MD 5
ip ospf authentication
ip ospf message-digest-key 1 md5 password
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------max-lsa 100 20% warning-only
default-informastion originate always
--------------------------------------------------router ospf 3
auto-cost-reference-bandwidth 1000
int fa 0/1
bandwidth 1000
int fa 0/2
ip ospf cost 17
-----------------------------Filter Distribute list to filter lsa
ip prefix-list filterintoarea34 seq 5 deny 10.15.6.0/24
ip prefix-list filterintoarea34 seq 10 permit 0.0.0.0/0 le 32
router ospf 3
area 34 filter-list prefix filterintoarea34 in/out
--------------------------------------------ip prefix-list filterintoarea34 seq 5 deny 10.15.6.0/24
ip prefix-list filterintoarea34 seq 10 permit 0.0.0.0/0 le 32
router ospf 3
distribute-list prefix filterintoarea34 in/out
----------------------------------------------will summarize all routes in area 0
area 0 range 0.0.0.0 0.0.0.0
-------------------------------------default-information originate always metric metric type /route map
********************************************************************************
**************************************************************
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
********************************************************************************
**************************************************************
BGP
Establish BGP neighbor
neighbor 10.1.45.1 remote-as 6500
Understanding update source(ibgp)
neighbor 1.1.1.1 update-source loopback 5
Black hole is created when outside traffic enter inside company router not runin
g bgp
BGP redistribution into eigrp/ospf can solve black hole issue
Rip is not capable of handling bgp
For redundancy we can have two link per isp than we can load balance by creating
two static route per dirction like
ip route 4.4.4.4 255.255.255.255 10.1.45.1
ip route 5.5.5.5 255.255.255.255 10.1.45.2
Understanding ebgp multihop
EBGP only learn routed through conacted interfaces
neighbor 5.5.5.5 ebgp-multihop 2-5
no-autosummary
BGP Synchronization
dont learn or advertise a route learned via ibgp untill same routes has been lea
rned by eigrp/ospf
Ways to get networks distributed in bgp
network 50.1.1.0 mask 255.255.255.0
or
access-list 50
deny 10.1.1.1
permit any
route-map Filter
match ip add 50
sh access-list
sh route-map
redistribute connected route-map Filter
sh ip bgp
BGP next hop processing
neighbor 1.1.1.1 next-hop-self
Peer Group ibgp will have full mesh with all ibgp peers
neighbor IBGP_PEER peer group
Neighbor IBGP_PEER remote-as 5500
Neighbor IBGP_PEER next-hop-self
Neighbor IBGP_PEER update-source loopback 1
neighbor 3.3.3.3 peer group IBGP_PEER
neighbor 4.4.4.4 peer group IBGP_PEER
neighbor 2.2.2.2 peer group IBGP_PEER
BGP spilt horizon dont send the update via ibgp to other ibgp peers
sh ip bgp summary
sh ip bgp
How BGP neighbor forms
Idle :- verifying route to neighbor
Active :- Attempting to connect to neighbor
Open Sent :- Open message Hello sent
Open Confirm :- Neighbor replied with open mesage
Active :- Neighbor fail
Establish :------------------------------How BGP Finds the best path
0. Ignore routes with inaccessible next hop address
1. Prefer the path with the highest weight(Cisco Prop.).
2. Prefer the path with highest local preference
3. Prefer the path that was locally originated via a network command
4. Prefer the path with the shortest AS path
5. Prefer the path with lowest origin type
6. Prefer thw path with the lowest multi-exit discriminator(MED)
7. Prefer eBGP over iBGP
8. Prefer the path with the lowest IGP metric to the BGP nest hop.
9. Determine if multiple path require installation in the routing table for BGP
Multipath.
10. When both paths are external prefer the path that was recived first(the olde
st one).
11. Prefer the route that comes from the BGP router with the lowest router ID.
12. If originator or router ID is tha same for multiple path, prefer the path wi
th the minimum cluster list lenght.
13. Prefer the path that comes from the lowest neighbor address.
BGP Tuning Attributes
Weight
router bgp 6500
neighbor 10.1.13.2 weight 500
To shut down all neighbor commands per inter
neighbor 10.1.13.2 shut-down
Local Pref(Local only in same AS)
router bgp 6500
default local-pref 200
Local pre network or load balance
ip access-list standard RouteR3
permit 150.1.50.0 0.0.0.255
permit 150.2.50.0 0.0.0.255
ip access-list standard RouteR2
permit 200.0.0.0 0.0.0.255
route-map Localpre permit 10
match ip add RouteR3
set local-pref 1000
exit
route-map Localpre permit 20
match ip add RouteR2
set local-pref 10
route-map Localpre permit 30
blank
blank
router bgp 6500
neighbor 10.1.36.2 route-map Localpre in
Metric or MED for load sharning for incoming traffic(It will influnce the outsid
e AS also)
router bgp 6500
default metric 200
********************************************************************************
**************************************************************
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
********************************************************************************
**************************************************************
Default Administrative Distance
Connected
0
Static
1
Eigrp Summary
5
EBGP
20
EIGRP INTERNAL
90
IGRP
100
OSPF
110
ISIS
115
RIP
120
ODR
160
EIGRP External
170
IBGP
200
Unreachable
255
********************************************************************************
**************************************************************
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
********************************************************************************
**************************************************************
********************************************************************************
**************************************************************
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
********************************************************************************
**************************************************************
PRIVATE VLAN CONFIGRATION
vtp mode transparent
vlan 200
private-vlan primary
vlan 205
private-vlan community
vlan 210
private-vlan isolated
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------vlan 200
private-vlan association 205,210
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Show private-vlan type
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------interface fa 4/24
switchport mode private-vlan host
switchport private-vlan host-association 200 205
interface fa 4/25
switchport mode privte-vlan host
switchpoert private-vlan host association 200 205
interface fa 4/24
switchport mode private-vlan host
switchport privte-vlan host association 200 210
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------interface fa 4/27
switchport mode private-vlan promiscious
switchport private-vlan map 200 205,210
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------show vlan private-vlan
********************************************************************************
**************************************************************
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
********************************************************************************
**************************************************************
Multilayer Inter-vlan Switching
interface vlan 10
ip add 10.1.1.1 255.255.255.0
no shut
interface vlan 20
ip add 10.1.2.1 255.255.255.0
no shut
ip routing
********************************************************************************
**************************************************************
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
********************************************************************************
**************************************************************
Ether-Channel PAGP(Cisco Prop.) Auto/Desirable/On
Layer 2 Ether-channel
interface range fa 0/1-4
channel-protocol pagp
channel-group 1 mode desirable
show etherchannel
show etherchannel summary
show etherchannel details
Layer 3 Ether-channel
interface range fa 0/1-4
channel-protocol pagp
channel group 1 mode desirable
int port-channel 1
no switch-port
ip add 10.1.1.1 255.255.255.0
show etherchannel
show etherchannel summary
show etherchannel details
********************************************************************************
**************************************************************
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
********************************************************************************
**************************************************************
Ether-Channel LACP 802.3 AD Passive/Active/On
Layer 2 Ether-channel
interface range fa 0/1-4
channel-protocol lacp
channel-group 1 mode active
show etherchannel
show etherchannel summary
show etherchannel details
Layer 3 Ether-channel
interface range fa 0/1-4
channel-protocol lacp
channel group 1 mode active
int port-channel 1
no switch-port
ip add 10.1.1.1 255.255.255.0
show etherchannel
show etherchannel summary
show etherchannel details
********************************************************************************
**************************************************************
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
********************************************************************************
**************************************************************
PER VLAN STP
Can helps in load balancing
spanning-tree vlan 2 root primary
spanning-tree vlan 3 root secondary
spaning-tree vlan 4 priority
spaning-tree portfast
spanning-tree bpduguard enable
if recived port become errdisable
spanning-tree guard root
port become secure
if sombody try to become root bridge on this port it will
show as inconsistant port
show spanning-tree
********************************************************************************
**************************************************************
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
********************************************************************************
**************************************************************
STP 802.1 D
Bridge ID = Priority(32768) + MAC Add
100mbps = 19
10mbps = 100
1gbps = 4
10gbps = 2
BPDU every 2 second
Listening send/recive BPDU Forward delay 15 second
Learning MAC add/CAM Table 15 seconds
Forwarding
Blocking Max age 20 seconds
********************************************************************************
**************************************************************
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
********************************************************************************
**************************************************************
RSTP 802.1 W
Discarding
Learning
Forwarding
Root Port
Designated Port
Alternate Port
Edge Port(Port Fast)
********************************************************************************
**************************************************************
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
********************************************************************************
**************************************************************
To secure telnet session(SSH only)
ip domain arjun.com
crypto key generate rsa
line vty 0 4
login
transport input ssh
********************************************************************************
**************************************************************
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
********************************************************************************
**************************************************************
HSRP (Cisco Prop.)
Hello 3 second Hold 10 second
Standby or Active Router
Virtual IP/Mac add
Tunning
Priority
Preempt
Tracking
Timers
0000.0c07.acxx
interface vlan 70
standby 1 ip (virtual ip)
standby 1 priority 150(higher is better 100 is default)
show standby
interface vlan 70
standby 1 preempt
standby 1 tracking fa 0/23(down int) 60(decrease priority)
standby 1 timers 1 3(second, miliseconds)
********************************************************************************
**************************************************************
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
********************************************************************************
**************************************************************
VRRP
Hello 1 Hold 3
Master/Backup
Master can share virtual IP
skew timer = 256-priority/256
interface fa 0/0
vrrp 20 ip 172.30.4.90(virtual)
vrrp 20 preempt
vrrp timers advertise msec 100
show vrrp
********************************************************************************
**************************************************************
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
********************************************************************************
**************************************************************
GLBP(Cisco Prop.)
Single Virtual IP with multiple mac add
AVG Active Virtual Gateway
AVF Active Virtual Forwarder
Round Robin one by one mac add will go to forwar
Host dependent will bind the host to mac
interface fa 0/0
glbp 1 priority 150
glbp timers
glbp 1 weighting
glbp 1 load-balancing
********************************************************************************
**************************************************************
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
********************************************************************************
**************************************************************
SITE TO SITE CLI VPN CONFIG
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Set up isakmp policy(for IKE Phase-I)
crypto isakmp policy 50
authentication pre-share
encryption aes 128
group 2
hash sha
lifetime(leave default)
crypto isakmp key 0 arjun!! address 71.209.254.34 no-xauth
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Set up ipsec transform set(Phase-II)
crypto ipsec transform-set DEMO esp-aes 128 esp-sha-hmac
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Define Traffic
ip access-list extended Traffic
permit ip 172.30.0.0 0.0.255.255 192.168.1.0 0.0.0.255
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Set up crypto map
crypto map VPNMAP 10 ipsec-isakmp
set peer 71.209.254.34
match address Traffic
set transform-set DEMO
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Assign crypto map to interface
int fa 0/0
crypto mapVPNMAP
show crypto isakmp sa
show crypto ipsec sa
Note:- disable nat translation
********************************************************************************
**************************************************************
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
********************************************************************************
**************************************************************
GRE Tunnel
First Router
interface tunnel 0
ip add 10.5.1.2 255.255.255.0
tunnel source s 0/0/0
tunnel destination 41.95.109.2
tunnel mode gre ip
Second Router
interface tunnel 0
ip add 10.5.1.1 255.255.255.0
tunnel source s 0/0/0
tunnel destination 41.95.109.1
tunnel mode gre ip
********************************************************************************
**************************************************************
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
********************************************************************************
**************************************************************
Point to Point Over Ethernet(PPPoE)
interface dialer 1
ip add negoitiated
encapsulation PPP
ip mtu 1492
ip nat outside
ppp authentication pap callin
ppp pap sent username asdf password asdf
dialer pool 1
int fa 0/4
pppoe enable
pppoe-client dial-pool-number 1
show pppoe session
show ppp authentication
debug pppoe events
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------int bvi
ip nat inside
ip access-list extended NAT_ADD
permit ip 192.168.1.0 0.0.0.255
ip nat inside source-list NAT_ADD inter dialer 1 overload
ip route 0.0.0.0 0.0.0.0 dialer 1
********************************************************************************
**************************************************************
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
********************************************************************************
**************************************************************
Voice + PC Vlan Config + QOS
interface fa 0/5
switchport mode access
switchport access vlan 200
switchport voice vlan 100
mls qos trust cos
mls qos trust cisco-phone
auto qos voip cisco-phone
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------QOS
Layer 2 CoS
3 bits
8 Level
Layer 3 ToS
3-6 bits
Many level
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------1 Byte
8 bit
6 bit - DSCP
3 bit - ToS IP Prec.
********************************************************************************
**************************************************************
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
********************************************************************************
**************************************************************
Wireless Security
1997 - WEP wireless equilent privacy
2001 - 802.1x EAP Extension Authentication Protocol
2003 - WPA Wi Fi Protected Access
2004 - WPA2 IEEE 802.11I
Power Over Ethernet
802.3 AF
********************************************************************************
**************************************************************
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
********************************************************************************
**************************************************************
DHCP IOS BASED
ip dhcp-server 10.1.1.1
ip dhcp exclude-address 10.1.1.1 10.1.1.19
ip dhcp pool ABC_Subnet
network 10.1.1.0/24
domain-name ABC.COM
dns-server 10.1.1.10 10.1.1.11
netbios-name-server 10.1.1.10
default-router 10.1.1.1
option 150 ?
ip dhcp database tftp://10.1.1.50 dhcp-bindings.text
ip dhcp database tftp://10.1.1.50 dhcp-bindings.text write-delay 180
Client
int fa 0/0
ip add dhcp
show ip dhcp binding
To import the dhcp settings from isp
ip dhcp pool ABC_Subnet
import all
IP Helper add
int fa 0/0
ip helper-add 10.1.1.50
no ip forward-protocol udp 37
no ip forward-protocol udp 137
UDP Ports
37 Time
49 TACACS
53 DNS
67 DHCP Server
68 DHCP Client
69 TFTP
137 Netbios Name Service
138 Netbios Datagrame Service
********************************************************************************
**************************************************************
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
********************************************************************************
**************************************************************
EIGRP
Backup Routes (Fast Convergence)
Simple configuration
Flexibility in summarization
Unequal cost load balancing
Combine best of distance vector and link state
Support Multiple Network Protocol
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Neighbor Table
Topology Table
Routing Table
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------FD Full Distance
AD Advertise Distance
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Successor
Feasible Successor
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Active Route
Passive Route
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------To be considered a feasible successor AD must be less than FD(AD<FD)
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------HELLO :-Forms relationship
UPDATE :- Sends update
QUERY :- Ask about routes
REPLY :- Response to a query
ACK :- Ack the update, query, reply
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Bandwidth
Delay
Relability
Load
MTU
Metric Formula
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------EIGRP query process
send query update every 5 second
dowtime 15 second
query message reply wait for 3 minutes
during this 3 minute Stuck In Active state happen
To solve query problem
Summary Route
Stub configuration
router eigrp 100
eigrp stub ?connected/summary/recive only/static
Gracefull Shutdown will set all k value to 255(Hello Gudby)
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Eigrp uses multicast 224.0.0.10
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------To enable all interfaces in eigrp
network 0.0.0.0 255.255.255.255
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Add static route to eigrp
ip route 0.0.0.0 0.0.0.0 next hop ip
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Add default route to eigrp(old style)
ip default-network (ip add)
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Add summary route to eigrp
inter fa 0/0
ip summary-address eigrp 100 network add network mask
ip summary-address eigrp 100 network add network mask AD value/Metric
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Load balancing to 4 equal unequal cost path
eigrp 100
varience 2
clear ip eigrp neighbor
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Authentication
To set clock NTP Master/NTP client
Key chain Arjun
Key 1
key-string 11111981
accept-lifetime......................
send-lifetime........................
key 2
......
.....
.....
int s 0/1
ip authentication mode eigrp 1 md5
ip authentication key-chain eigrp 100 Arjun
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
debug eigrp packet
--------------------EIGRP uses IP Protocol Type 88
Update destination 224.0.0.10
Full updated when neighbor discover
Partial update afterwards neighbor discovery
Hello 5 second Hold 15 seconds
LAN 15 seconds convergence
Frame-relay 60 seconds convergence
BFD Bidirection Forwarding Detection
int fa 0/1
ip hello-interval eigrp 100 2
ip hold-timer eigrp 100 6(three times to hello)
show ip eigrp interface details fa 0/1(to show hello/hold)
router eigrp 100
passive-interface fa 0/1
passive-interface fa 0/2
sh ip protocol(to show passive interface)
Authentication
key chain carkey
key 1
key-string.........
accept.......
send........
key 2
key string.........
accept.......
send........
ip authentication mode eigrp 100 md5
ip authentication key-chain eigrp 100 carkey
show key chain
debug eigrp packet
eigrp router-id
eigrp update message contain
Hello
Update
Query
Reply
Ack
show ip eigrp topology 10.11.10.0/24
Frame-relay multipoint eigrp config
no ip spilthorizon eigrp 100
To set bandwidth
bandwidth 300
ip bandwidth-percentage eigrp 100 20%
Serial 1.544 mbps delay 2000 microsecond
Ethernet 10 mbps dealy 1000
Fast Ether 100 mbps 100
Gig Ether 1 gbps 10
-----------------------------------------------EIGRP route and add value to metric by interger
Offset-list
access-list 11 permit 10.11.1.0
router eigrp 100
offset-list 11 in 3 serial 0/0/0.1
access-list 12 permit 10.11.11.0
router eigrp 100
offset-list 12 out 4
sh ip eigrp topology
sh ip eigrp all links
-----------------------------eigrp stub connected/static/summary/redistributed
maximum path 4-16 for load sharning
-----------------------------Distribute list
access-list 2 deny........ ..............
access-list 2 permit any
router eigrp 100
distibute-list 2 out
----------------------------------Prefix-list
ip prefix-list arjun seq 5 deny 10.1.1.0/24
ip prefix-list arjun seq 10 deny 0.0.0.0/0 ge 30 le 30
ip prefix-list arjun seq 15 permit 0.0.0.0/0 le 32
router eigrp 100
distribute-list prefix arjun out
-----------------------------------------------creat route map arjun than apply
distribute-list route-map arjun out
----------------------------------------------ip summary address eigrp 100 10.1.0.0 0.0.255.255
---------------------------------------------------------------------ip route 0.0.0.0 0.0.0.0 s1/0
or
network 0.0.0.0
or
ip default-network..........
********************************************************************************
**************************************************************
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
********************************************************************************
**************************************************************
OSPF
IP Protocol 89
Neighbor Table
Topology Table
Routing Table
Use Dijkstra SPF
Send triggered update
Send periodic update
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ABR Router
ASBR Router
Backbone Router
All areas must connect to area 0
All routers in an area have the same topology table
Localize update within area
Require a hierarchical design
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ROUTER ID
1) Determine Router ID
DOWN STATE
2)Add interfaces to the
3)Send hello message on
once every 10 second on
once every 30 second on
Router ID
Hello & Dead Timers*
Network Mask*
Area ID*
Neighbor
Router Priority
DR/BDR
Authentication*
link state database(by network command)
chosen interface
broadcast/p2p
NBMA networks
INITIAL STAGE
4)Recive hello
check hello/dead
check netmask
check area id
check Authentication
TWO WAY STAGE
5)Send reply Hello
am i listed as as neighbor in your hello packet
if yes reset dead timers
if no add as new neighbor
EX-START STAGE
6) Master - Slave relationship determine
determined by priority
master sends data base desription (DBD) packets Cliff Notes
slave send DBD packet
LOADING STAGE
7)DBD are acknowledge and reviewed
slave request details(LSR)
master sends update(LSU)
master request details
slave sends update
FULL STAGE
8)Neighbor are synchronized
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Config OSPF
router ospf process id
Network 10.0.0.0 0.0.0.0 area 0
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Cost = Reference bandwidth/Interface bandwidth
int fa 0/0
ip ospf cost 10000
auto-cost refernce-bandwidth 10000
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
clear ip ospf process
router id 2.2.2.2
network 2.2.2.2 0.0.0.0 area 0
makes the router pingable
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Ospf config in interface
inter fa 0/1
ip ospf 1 area 0
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Static Frame Relay
inter s 1
ip add 1.16.0.1 255.255.255.0
encapsulation frame-relay
bandwidth 64
frame-relay map ip 10.16.0.2 110 broadcast
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Frame Relay Point To Point (Subinterfaces)
Different Subnet
Automatic Discovery of Neighbor
inter s
no ip add
int serial 0.110 point to point
ip add 10.17.0.1 255.255.255.0
badwidth 64
frame-relay interface-dlci 110
int serical 0.120 point to point
ip add 10.18.0.1 255.255.255.0
bandwidth 64
frame-relay interface-dlci 120
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Frame Relay Multipoint Subinterfaces
Single Subnet
Manual config of neighbor
interface serial 2
no ip add
encapsulation frame-relay
interface serial 2.2 multipoint
ip add 10.17.0.1 255.255.255.0
bandwidth 64
frame-relay map ip 10.17.0.2 120 broadcast
frame-relay map ip 10.17.0.3 130 broadcast
frame-relay map ip 10.17.0.4 140 broadcast
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------OSPF Network Type NBMA Five Modes
NBMA(RFC)
Neighbors are statically configured
Must be one subnet
Act like a LAN
DR/BDR Election
Full Mesh Topology
Partial Mesh Topology
Hub & Spoke Topology
Point To Multipoint (RFC)
Point To Point(CISCO Prop.)
Broadcast(Cisco Prop)
Point To Multipoint(Cisco Prop)
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------To summarize the route
area 1 range IP & Mask
summary-address 172.16.0.0 255.255.0.0
redistribute rip subnets
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------OSPF LSA Type
LSA Type 1 Router LSA
LSA Type 2 Network LSA DR Generated
LSA Type 3 Summary LSA ABR Summary Route
LSA Type 4 Summary LSA ASBR
LSA Type 5 External LSA
LSA Type 7
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Virtual Link
Add route id to all router
area 1 virtual-link 2.2.2.2
area 1 virtual-link 3.3.3.3
show ip ospf virtual-link
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------STUBBY Area Block Type 5 LSA
area 2 stub
area 3 stub
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Totally Stubby cisco prop Block Type 3,4,5 LSA
area 1 stub no-summary
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------NSSA
area 1 nssa
area 1nssa no-summary
redistribute rip subnets ip & mask metric/Type E1/E2
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------OSPF Authentication
Plain Text
ip ospf authentication
ip ospf authentication-key password
MD 5
ip ospf authentication
ip ospf message-digest-key 1 md5 password
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------max-lsa 100 20% warning-only
default-informastion originate always
--------------------------------------------------router ospf 3
auto-cost-reference-bandwidth 1000
int fa 0/1
bandwidth 1000
int fa 0/2
ip ospf cost 17
-----------------------------Filter Distribute list to filter lsa
ip prefix-list filterintoarea34 seq 5 deny 10.15.6.0/24
ip prefix-list filterintoarea34 seq 10 permit 0.0.0.0/0 le 32
router ospf 3
area 34 filter-list prefix filterintoarea34 in/out
--------------------------------------------ip prefix-list filterintoarea34 seq 5 deny 10.15.6.0/24
ip prefix-list filterintoarea34 seq 10 permit 0.0.0.0/0 le 32
router ospf 3
distribute-list prefix filterintoarea34 in/out
----------------------------------------------will summarize all routes in area 0
area 0 range 0.0.0.0 0.0.0.0
-------------------------------------default-information originate always metric metric type /route map
********************************************************************************
**************************************************************
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
********************************************************************************
**************************************************************
BGP
Establish BGP neighbor
neighbor 10.1.45.1 remote-as 6500
Understanding update source(ibgp)
neighbor 1.1.1.1 update-source loopback 5
Black hole is created when outside traffic enter inside company router not runin
g bgp
BGP redistribution into eigrp/ospf can solve black hole issue
Rip is not capable of handling bgp
For redundancy we can have two link per isp than we can load balance by creating
two static route per dirction like
ip route 4.4.4.4 255.255.255.255 10.1.45.1
ip route 5.5.5.5 255.255.255.255 10.1.45.2
Understanding ebgp multihop
EBGP only learn routed through conacted interfaces
neighbor 5.5.5.5 ebgp-multihop 2-5
no-autosummary
BGP Synchronization
dont learn or advertise a route learned via ibgp untill same routes has been lea
rned by eigrp/ospf
Ways to get networks distributed in bgp
network 50.1.1.0 mask 255.255.255.0
or
access-list 50
deny 10.1.1.1
permit any
route-map Filter
match ip add 50
sh access-list
sh route-map
redistribute connected route-map Filter
sh ip bgp
BGP next hop processing
neighbor 1.1.1.1 next-hop-self
Peer Group ibgp will have full mesh with all ibgp peers
neighbor IBGP_PEER peer group
Neighbor IBGP_PEER remote-as 5500
Neighbor IBGP_PEER next-hop-self
Neighbor IBGP_PEER update-source loopback 1
neighbor 3.3.3.3 peer group IBGP_PEER
neighbor 4.4.4.4 peer group IBGP_PEER
neighbor 2.2.2.2 peer group IBGP_PEER
BGP spilt horizon dont send the update via ibgp to other ibgp peers
sh ip bgp summary
sh ip bgp
How BGP neighbor forms
Idle :- verifying route to neighbor
Active :- Attempting to connect to neighbor
Open Sent :- Open message Hello sent
Open Confirm :- Neighbor replied with open mesage
Active :- Neighbor fail
Establish :------------------------------How BGP Finds the best path
0. Ignore routes with inaccessible next hop address
1. Prefer the path with the highest weight(Cisco Prop.).
2. Prefer the path with highest local preference
3. Prefer the path that was locally originated via a network command
4. Prefer the path with the shortest AS path
5. Prefer the path with lowest origin type
6. Prefer thw path with the lowest multi-exit discriminator(MED)
7. Prefer eBGP over iBGP
8. Prefer the path with the lowest IGP metric to the BGP nest hop.
9. Determine if multiple path require installation in the routing table for BGP
Multipath.
10. When both paths are external prefer the path that was recived first(the olde
st one).
11. Prefer the route that comes from the BGP router with the lowest router ID.
12. If originator or router ID is tha same for multiple path, prefer the path wi
th the minimum cluster list lenght.
13. Prefer the path that comes from the lowest neighbor address.
BGP Tuning Attributes
Weight
router bgp 6500
neighbor 10.1.13.2 weight 500
To shut down all neighbor commands per inter
neighbor 10.1.13.2 shut-down
Local Pref(Local only in same AS)
router bgp 6500
default local-pref 200
Local pre network or load balance
ip access-list standard RouteR3
permit 150.1.50.0 0.0.0.255
permit 150.2.50.0 0.0.0.255
ip access-list standard RouteR2
permit 200.0.0.0 0.0.0.255
route-map Localpre permit 10
match ip add RouteR3
set local-pref 1000
exit
route-map Localpre permit 20
match ip add RouteR2
set local-pref 10
route-map Localpre permit 30
blank
blank
router bgp 6500
neighbor 10.1.36.2 route-map Localpre in
Metric or MED for load sharning for incoming traffic(It will influnce the outsid
e AS also)
router bgp 6500
default metric 200
********************************************************************************
**************************************************************
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
********************************************************************************
**************************************************************
Default Administrative Distance
Connected
0
Static
1
Eigrp Summary
5
EBGP
20
EIGRP INTERNAL
90
IGRP
100
OSPF
110
ISIS
115
RIP
120
ODR
160
EIGRP External
170
IBGP
200
Unreachable
255
********************************************************************************
**************************************************************
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
********************************************************************************
**************************************************************
