when you ping a device for the first time (as in below) the hardware address becomes associated with the ip address and is placed in the pc's arp table, it does not get associated with the gateway router's interface mac address...
C:\>arp -a
Interface: 192.168.1.9 --- 0x2
Internet Address Physical Address Type
192.168.1.1 c0-3f-0e-ab-d1-ec dynamic
192.168.1.250 98-4b-e1-fb-29-40 dynamic
below is the mac-address-table entry for fa0/17, the port that this device is attached to... the arp table in the pc DOES NOT represent the hardware address of the gateway router...
sw2950_02#sh mac-add int fa0/17
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
1 984b.e1fb.2940 DYNAMIC Fa0/17
Total Mac Addresses for this criterion: 1
sw2950_02#
the mac address for this arp is the mac address of the device that was pinged.
Saturday, December 31, 2011
Friday, December 30, 2011
process id's and areas...
there's some question floating around in the ether about how many process id's one can have in ospf, and how many areas... be misinformed no more...
r2620_02(config)#router ospf ?
<1-65535> Process ID
r2620_02(config)#router ospf
r2620_02(config)#router ospf 1
r2620_02(config-router)#netw 10.0.0.0 0.0.0.255 area ?
<0-4294967295> OSPF area ID as a decimal value
A.B.C.D OSPF area ID in IP address format
that would be over 4 billion AREAS, for those who can't count, and over 65,000 PROCESS ID's...
don't believe everything you see on a practice test...
r2620_02(config)#router ospf ?
<1-65535> Process ID
r2620_02(config)#router ospf
r2620_02(config)#router ospf 1
r2620_02(config-router)#netw 10.0.0.0 0.0.0.255 area ?
<0-4294967295> OSPF area ID as a decimal value
A.B.C.D OSPF area ID in IP address format
that would be over 4 billion AREAS, for those who can't count, and over 65,000 PROCESS ID's...
don't believe everything you see on a practice test...
Labels:
area 0,
ccna,
cisco,
ospf,
process-id
Wednesday, December 28, 2011
ppp's two subnets...
at first i thought i was losing my mind, that i had some type of misconfiguration with ppp... but i didn't... ppp will display 2 subnets for each directly connected route; one with the mask that was designed and also a slash 32... this is the behavior of ppp...
no routing protocols, no static or default routes, and with hdlc we have:
r2620_01#sh ip route
Codes:
Gateway of last resort is not set
1.0.0.0/24 is subnetted, 1 subnets
C 1.1.1.0 is directly connected, Loopback0
10.0.0.0/30 is subnetted, 2 subnets
C 10.0.30.0 is directly connected, Serial0/1
C 10.0.20.0 is directly connected, Serial0/0
C 192.168.1.0/24 is directly connected, FastEthernet0/0
r2620_01#
and likewise for the routers...
r2620_02#sh ip route
Codes:
Gateway of last resort is not set
2.0.0.0/24 is subnetted, 1 subnets
C 2.2.2.0 is directly connected, Loopback0
10.0.0.0/30 is subnetted, 1 subnets
C 10.0.20.0 is directly connected, Serial0/0
C 192.168.1.0/24 is directly connected, FastEthernet0/0
but when you flip to ppp...
r2620_01(config-if)#do sh ip route
Codes: Gateway of last resort is not set
1.0.0.0/24 is subnetted, 1 subnets
C 1.1.1.0 is directly connected, Loopback0
10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
C 10.0.30.0/30 is directly connected, Serial0/1
C 10.0.30.2/32 is directly connected, Serial0/1
C 10.0.20.2/32 is directly connected, Serial0/0
C 10.0.20.0/30 is directly connected, Serial0/0
C 192.168.1.0/24 is directly connected, FastEthernet0/0
r2620_01(config-if)#
r2620_03#sh ip route
Codes:
Gateway of last resort is not set
3.0.0.0/24 is subnetted, 1 subnets
C 3.3.3.0 is directly connected, Loopback0
172.16.0.0/30 is subnetted, 1 subnets
C 172.16.0.0 is directly connected, FastEthernet0/0
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.0.30.0/30 is directly connected, Serial0/0
C 10.0.30.1/32 is directly connected, Serial0/0
r2620_03#
ppp is the gift that keeps on giving...
no routing protocols, no static or default routes, and with hdlc we have:
r2620_01#sh ip route
Codes:
Gateway of last resort is not set
1.0.0.0/24 is subnetted, 1 subnets
C 1.1.1.0 is directly connected, Loopback0
10.0.0.0/30 is subnetted, 2 subnets
C 10.0.30.0 is directly connected, Serial0/1
C 10.0.20.0 is directly connected, Serial0/0
C 192.168.1.0/24 is directly connected, FastEthernet0/0
r2620_01#
and likewise for the routers...
r2620_02#sh ip route
Codes:
Gateway of last resort is not set
2.0.0.0/24 is subnetted, 1 subnets
C 2.2.2.0 is directly connected, Loopback0
10.0.0.0/30 is subnetted, 1 subnets
C 10.0.20.0 is directly connected, Serial0/0
C 192.168.1.0/24 is directly connected, FastEthernet0/0
but when you flip to ppp...
r2620_01(config-if)#do sh ip route
Codes: Gateway of last resort is not set
1.0.0.0/24 is subnetted, 1 subnets
C 1.1.1.0 is directly connected, Loopback0
10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
C 10.0.30.0/30 is directly connected, Serial0/1
C 10.0.30.2/32 is directly connected, Serial0/1
C 10.0.20.2/32 is directly connected, Serial0/0
C 10.0.20.0/30 is directly connected, Serial0/0
C 192.168.1.0/24 is directly connected, FastEthernet0/0
r2620_01(config-if)#
r2620_03#sh ip route
Codes:
Gateway of last resort is not set
3.0.0.0/24 is subnetted, 1 subnets
C 3.3.3.0 is directly connected, Loopback0
172.16.0.0/30 is subnetted, 1 subnets
C 172.16.0.0 is directly connected, FastEthernet0/0
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.0.30.0/30 is directly connected, Serial0/0
C 10.0.30.1/32 is directly connected, Serial0/0
r2620_03#
ppp is the gift that keeps on giving...
Tuesday, December 27, 2011
vtputt-putt...
normally processing of commands from the CLI happens as soon as you press enter... not so with VTP when creating a vlan... not until you exit will the command process, as seen below...
sw3550_01#debug sw-vlan vtp events
vtp events debugging is on
sw3550_01#term mon
sw3550_01#config t
sw3550_01(config)#vlan 69
sw3550_01(config-vlan)#do sh vlan brie
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/2, Fa0/4, Fa0/5, Fa0/7
Fa0/8, Fa0/9, Fa0/10, Fa0/11
Fa0/12, Fa0/13, Fa0/14, Fa0/15
Fa0/16, Fa0/17, Fa0/18, Fa0/19
Fa0/20, Fa0/22, Fa0/23, Fa0/24
Gi0/1, Gi0/2
23 VLAN0023 active
1002 fddi-default act/unsup
1003 trcrf-default act/unsup
1004 fddinet-default act/unsup
1005 trbrf-default act/unsup
sw3550_01(config-vlan)#exit
sw3550_01(config)#
now we get our debug output
Dec 27 20:10:40.615: VTP LOG RUNTIME: Transmit vtp summary, domain cisco, rev 13
, followers 1, tlv blk size 8 (inc #tlv field),
MD5 digest calculated = 8D F5 FD E6 E2 18 EB 99 BD AC F8 2F 8B C5 00 DD
Dec 27 20:10:40.615: VTP LOG RUNTIME: Transmit vtp summary, domain cisco, rev 13
, followers 1, tlv blk size 8 (inc #tlv field),
MD5 digest calculated = 8D F5 FD E6 E2 18 EB 99 BD AC F8 2F 8B C5 00 DD
Dec 27 20:10:40.615: VTP LOG RUNTIME: Transmit vtp summary, domain cisco, rev 13
, followers 1, tlv blk size 8 (inc #tlv field),
MD5 digest calculated = 8D F5 FD E6 E2 18 EB 99 BD AC F8 2F 8B C5 00 DD
Dec 27 20:10:40.675: VTP LOG RUNTIME: Summary packet received, domain = cisco, r
ev = 13, followers = 1, length 80, trunk Fa0/1
Dec 27 20:10:40.675: VTP LOG RUNTIME: Validate TLVs : #tlvs 1, max blk size 4
Dec 27 20:10:40.675: VTP LOG RUNTIME: Validate TLVs : #00, val 6, len 4
Dec 27 20:10:40.675: VTP LOG RUNTIME: Summary packet rev 13 equal to domain cisc
o rev 13
Dec 27 20:10:40.679: VTP LOG RUNTIME: Subset packet received, domain = cisco, re
v = 13, seq = 1, length = 220
Dec 27 20:10:40.679: VTP LOG RUNTIME: Summary packet received, domain = cisco, r
ev = 13, followers = 1, length 80, trunk Fa0/3
sw3550_01(config)#
Dec 27 20:10:40.679: VTP LOG RUNTIME: Validate TLVs : #tlvs 1, max blk size 4
Dec 27 20:10:40.679: VTP LOG RUNTIME: Validate TLVs : #00, val 6, len 4
Dec 27 20:10:40.679: VTP LOG RUNTIME: Summary packet rev 13 equal to domain cisc
o rev 13
Dec 27 20:10:40.683: VTP LOG RUNTIME: Subset packet received, domain = cisco, re
v = 13, seq = 1, length = 220
sw3550_01(config)#do sh vlan brie
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/2, Fa0/4, Fa0/5, Fa0/7
Fa0/8, Fa0/9, Fa0/10, Fa0/11
Fa0/12, Fa0/13, Fa0/14, Fa0/15
Fa0/16, Fa0/17, Fa0/18, Fa0/19
Fa0/20, Fa0/22, Fa0/23, Fa0/24
Gi0/1, Gi0/2
23 VLAN0023 active
69 VLAN0069 active1002 fddi-default act/unsup
1003 trcrf-default act/unsup
1004 fddinet-default act/unsup
1005 trbrf-default act/unsup
sw3550_01(config)#
so much for command processing love...
sw3550_01#debug sw-vlan vtp events
vtp events debugging is on
sw3550_01#term mon
sw3550_01#config t
sw3550_01(config)#vlan 69
sw3550_01(config-vlan)#do sh vlan brie
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/2, Fa0/4, Fa0/5, Fa0/7
Fa0/8, Fa0/9, Fa0/10, Fa0/11
Fa0/12, Fa0/13, Fa0/14, Fa0/15
Fa0/16, Fa0/17, Fa0/18, Fa0/19
Fa0/20, Fa0/22, Fa0/23, Fa0/24
Gi0/1, Gi0/2
23 VLAN0023 active
1002 fddi-default act/unsup
1003 trcrf-default act/unsup
1004 fddinet-default act/unsup
1005 trbrf-default act/unsup
sw3550_01(config-vlan)#exit
sw3550_01(config)#
now we get our debug output
Dec 27 20:10:40.615: VTP LOG RUNTIME: Transmit vtp summary, domain cisco, rev 13
, followers 1, tlv blk size 8 (inc #tlv field),
MD5 digest calculated = 8D F5 FD E6 E2 18 EB 99 BD AC F8 2F 8B C5 00 DD
Dec 27 20:10:40.615: VTP LOG RUNTIME: Transmit vtp summary, domain cisco, rev 13
, followers 1, tlv blk size 8 (inc #tlv field),
MD5 digest calculated = 8D F5 FD E6 E2 18 EB 99 BD AC F8 2F 8B C5 00 DD
Dec 27 20:10:40.615: VTP LOG RUNTIME: Transmit vtp summary, domain cisco, rev 13
, followers 1, tlv blk size 8 (inc #tlv field),
MD5 digest calculated = 8D F5 FD E6 E2 18 EB 99 BD AC F8 2F 8B C5 00 DD
Dec 27 20:10:40.675: VTP LOG RUNTIME: Summary packet received, domain = cisco, r
ev = 13, followers = 1, length 80, trunk Fa0/1
Dec 27 20:10:40.675: VTP LOG RUNTIME: Validate TLVs : #tlvs 1, max blk size 4
Dec 27 20:10:40.675: VTP LOG RUNTIME: Validate TLVs : #00, val 6, len 4
Dec 27 20:10:40.675: VTP LOG RUNTIME: Summary packet rev 13 equal to domain cisc
o rev 13
Dec 27 20:10:40.679: VTP LOG RUNTIME: Subset packet received, domain = cisco, re
v = 13, seq = 1, length = 220
Dec 27 20:10:40.679: VTP LOG RUNTIME: Summary packet received, domain = cisco, r
ev = 13, followers = 1, length 80, trunk Fa0/3
sw3550_01(config)#
Dec 27 20:10:40.679: VTP LOG RUNTIME: Validate TLVs : #tlvs 1, max blk size 4
Dec 27 20:10:40.679: VTP LOG RUNTIME: Validate TLVs : #00, val 6, len 4
Dec 27 20:10:40.679: VTP LOG RUNTIME: Summary packet rev 13 equal to domain cisc
o rev 13
Dec 27 20:10:40.683: VTP LOG RUNTIME: Subset packet received, domain = cisco, re
v = 13, seq = 1, length = 220
sw3550_01(config)#do sh vlan brie
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/2, Fa0/4, Fa0/5, Fa0/7
Fa0/8, Fa0/9, Fa0/10, Fa0/11
Fa0/12, Fa0/13, Fa0/14, Fa0/15
Fa0/16, Fa0/17, Fa0/18, Fa0/19
Fa0/20, Fa0/22, Fa0/23, Fa0/24
Gi0/1, Gi0/2
23 VLAN0023 active
69 VLAN0069 active1002 fddi-default act/unsup
1003 trcrf-default act/unsup
1004 fddinet-default act/unsup
1005 trbrf-default act/unsup
sw3550_01(config)#
so much for command processing love...
Monday, December 26, 2011
port-sex violation...
port security can be a little funky... when a port is put into errdisabled state due to a violation and the condition is set for shut down, the port will remain in shut down... no shut does not bring it back...
sw2950_02(config)#sw port-sex
^
% Invalid input detected at '^' marker.
sw2950_02(config)#
sw2950_02(config-if)#sw port-sec
sw2950_02(config-if)#sw port-sec mac-add aaaa.bbbb.cccc
sw2950_02(config-if)#sw port-sec vio shut
sw2950_02(config-if)#end
so i linked a cable to it that was obviously not mac address aaaa.bbbb.cccc
sw2950_02#sh port-sec
Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action
(Count) (Count) (Count)
---------------------------------------------------------------------------
Fa0/8 1 1 0 Shutdown
---------------------------------------------------------------------------
Total Addresses in System (excluding one mac per port) : 0
Max Addresses limit in System (excluding one mac per port) : 1024
sw2950_02#sh port-sec int fa0/8
Port Security : Enabled
Port Status : Secure-down
Violation Mode : Shutdown
Aging Time : 0 mins
Aging Type : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses : 1
Total MAC Addresses : 1
Configured MAC Addresses : 1
Sticky MAC Addresses : 0
Last Source Address : 0000.0000.0000
Security Violation Count : 0
sw2950_02#sh int fa0/8
FastEthernet0/8 is down, line protocol is down (err-disabled) Hardware is Fast Ethernet, address is 0009.b73f.ce88 (bia 0009.b73f.ce88)
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
then i tried no shut...
sw2950_02(config-if)#no shit
^
% Invalid input detected at '^' marker.
sw2950_02(config-if)#no shut
sw2950_02(config-if)#do sh int fa0/8
FastEthernet0/8 is down, line protocol is down (err-disabled)
Hardware is Fast Ethernet, address is 0009.b73f.ce88 (bia 0009.b73f.ce88)
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
that won't get it...
sw2950_02(config)#errd recover cause security-violation
sw2950_02(config)#errd recover interval 30
sw2950_02(config)#end
you have to wait for the recovery interval to expire after setting it lower...
then...
sw2950_02#
3d10h: %PM-4-ERR_RECOVER: Attempting to recover from psecure-violation err-disab
le state on Fa0/8
sw2950_02#sh int fa0/8
FastEthernet0/8 is down, line protocol is down (notconnect)
Hardware is Fast Ethernet, address is 0009.b73f.ce88 (bia 0009.b73f.ce88)
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
it's no longer error disabled, and once again usable after removing the security... port security, yuck... lock up your switches...
in interface configuration mode typing shut, then no shut will also bring the errdisabled port back... go figure that one...
sw2950_02(config)#sw port-sex
^
% Invalid input detected at '^' marker.
sw2950_02(config)#
sw2950_02(config-if)#sw port-sec
sw2950_02(config-if)#sw port-sec mac-add aaaa.bbbb.cccc
sw2950_02(config-if)#sw port-sec vio shut
sw2950_02(config-if)#end
so i linked a cable to it that was obviously not mac address aaaa.bbbb.cccc
sw2950_02#sh port-sec
Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action
(Count) (Count) (Count)
---------------------------------------------------------------------------
Fa0/8 1 1 0 Shutdown
---------------------------------------------------------------------------
Total Addresses in System (excluding one mac per port) : 0
Max Addresses limit in System (excluding one mac per port) : 1024
sw2950_02#sh port-sec int fa0/8
Port Security : Enabled
Port Status : Secure-down
Violation Mode : Shutdown
Aging Time : 0 mins
Aging Type : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses : 1
Total MAC Addresses : 1
Configured MAC Addresses : 1
Sticky MAC Addresses : 0
Last Source Address : 0000.0000.0000
Security Violation Count : 0
sw2950_02#sh int fa0/8
FastEthernet0/8 is down, line protocol is down (err-disabled) Hardware is Fast Ethernet, address is 0009.b73f.ce88 (bia 0009.b73f.ce88)
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
then i tried no shut...
sw2950_02(config-if)#no shit
^
% Invalid input detected at '^' marker.
sw2950_02(config-if)#no shut
sw2950_02(config-if)#do sh int fa0/8
FastEthernet0/8 is down, line protocol is down (err-disabled)
Hardware is Fast Ethernet, address is 0009.b73f.ce88 (bia 0009.b73f.ce88)
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
that won't get it...
sw2950_02(config)#errd recover cause security-violation
sw2950_02(config)#errd recover interval 30
sw2950_02(config)#end
you have to wait for the recovery interval to expire after setting it lower...
then...
sw2950_02#
3d10h: %PM-4-ERR_RECOVER: Attempting to recover from psecure-violation err-disab
le state on Fa0/8
sw2950_02#sh int fa0/8
FastEthernet0/8 is down, line protocol is down (notconnect)
Hardware is Fast Ethernet, address is 0009.b73f.ce88 (bia 0009.b73f.ce88)
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
it's no longer error disabled, and once again usable after removing the security... port security, yuck... lock up your switches...
in interface configuration mode typing shut, then no shut will also bring the errdisabled port back... go figure that one...
Labels:
ccna,
ccnp switch,
cisco,
errdisable,
mac security
Sunday, December 25, 2011
lance link secret chimp...
link state/status...
every router learns about it's own link states and the state of its directly connected networks... it determines this by link UP status and ip address
every router forms adjacencies with its neighbor on directly connected networks via hello packets
every router builds a link state packet declaring the state of each directly connected link and forwards it to its neighbor. this lsp includes, bandwidth, neighbor id and link type
upon receipt, every router floods it's OWN neighbors with this lsp, and so on. every router stores a copy of its neighbor's lsp's in its database
every router then constructs its OWN view of the topology and best path determination using the SPF algorithm. a common tree is created, however, it has been defined independently by each router
linkage
every router learns about it's own link states and the state of its directly connected networks... it determines this by link UP status and ip address
every router forms adjacencies with its neighbor on directly connected networks via hello packets
every router builds a link state packet declaring the state of each directly connected link and forwards it to its neighbor. this lsp includes, bandwidth, neighbor id and link type
upon receipt, every router floods it's OWN neighbors with this lsp, and so on. every router stores a copy of its neighbor's lsp's in its database
every router then constructs its OWN view of the topology and best path determination using the SPF algorithm. a common tree is created, however, it has been defined independently by each router
linkage
Labels:
algorithm,
bandwidth,
ccna,
cisco,
link state,
link type,
neighbor id,
spf
Saturday, December 24, 2011
bandaid 64...
if you want to determine your own successor routes in eigrp...
r2620_03(config-if)#int fa0/0
r2620_03(config-if)#bandw 1
r2620_03(config-if)#int s0/0
r2620_03(config-if)#bandw 64
r2620_03(config-if)#do sh ip route eigrp
172.16.0.0/16 is variably subnetted, 5 subnets, 3 masks
D 172.16.3.2/32
[90/2560514560] via 192.168.100.2, 00:00:58, FastEthernet0/0
D 172.16.1.0/24 [90/5152000] via 192.168.10.9, 00:00:49, Serial0/0
D 172.16.3.1/32 [90/5024000] via 192.168.10.9, 00:00:49, Serial0/0
D 172.16.2.0/24 [90/4640000] via 192.168.10.9, 00:00:49, Serial0/0
D 172.16.3.0/30 [90/5024000] via 192.168.10.9, 00:00:49, Serial0/0
r2620_03(config-if)#int fa0/0
r2620_03(config-if)#bandw 64
r2620_03(config-if)#int s0/0
r2620_03(config-if)#band 1
r2620_03(config-if)#do sh ip route eigrp
172.16.0.0/16 is variably subnetted, 5 subnets, 3 masks
D 172.16.3.2/32
[90/40514560] via 192.168.100.2, 00:00:13, FastEthernet0/0
D 172.16.1.0/24
[90/40130560] via 192.168.100.2, 00:00:01, FastEthernet0/0
D 172.16.3.1/32 [90/2561024000] via 192.168.10.9, 00:00:01, Serial0/0
D 172.16.2.0/24
[90/40642560] via 192.168.100.2, 00:00:01, FastEthernet0/0
D 172.16.3.0/30
[90/40514560] via 192.168.100.2, 00:00:01, FastEthernet0/0
r2620_03(config-if)#
the master of your successor...
below will redistribute a static route... notice the code and the AD...
r2620_01#config t
Enter configuration commands, one per line. End with CNTL/Z.
r2620_01(config)#ip route 0.0.0.0 0.0.0.0 lo0
r2620_01(config)#router eigrp 1
r2620_01(config-router)#redistribute static
r2620_01(config-router)#
r2620_03#sh ip route eigrp
172.16.0.0/16 is variably subnetted, 5 subnets, 3 masks
D 172.16.3.2/32
[90/40514560] via 192.168.100.2, 00:13:08, FastEthernet0/0
D 172.16.1.0/24
[90/40130560] via 192.168.100.2, 00:12:56, FastEthernet0/0
D 172.16.3.1/32 [90/2561024000] via 192.168.10.9, 00:12:56, Serial0/0
D 172.16.2.0/24
[90/40642560] via 192.168.100.2, 00:12:56, FastEthernet0/0
D 172.16.3.0/30
[90/40514560] via 192.168.100.2, 00:12:56, FastEthernet0/0
D*EX 0.0.0.0/0 [170/2560640000] via 192.168.10.9, 00:00:53, Serial0/0
r2620_03#
r2620_03(config-if)#int fa0/0
r2620_03(config-if)#bandw 1
r2620_03(config-if)#int s0/0
r2620_03(config-if)#bandw 64
r2620_03(config-if)#do sh ip route eigrp
172.16.0.0/16 is variably subnetted, 5 subnets, 3 masks
D 172.16.3.2/32
[90/2560514560] via 192.168.100.2, 00:00:58, FastEthernet0/0
D 172.16.1.0/24 [90/5152000] via 192.168.10.9, 00:00:49, Serial0/0
D 172.16.3.1/32 [90/5024000] via 192.168.10.9, 00:00:49, Serial0/0
D 172.16.2.0/24 [90/4640000] via 192.168.10.9, 00:00:49, Serial0/0
D 172.16.3.0/30 [90/5024000] via 192.168.10.9, 00:00:49, Serial0/0
r2620_03(config-if)#int fa0/0
r2620_03(config-if)#bandw 64
r2620_03(config-if)#int s0/0
r2620_03(config-if)#band 1
r2620_03(config-if)#do sh ip route eigrp
172.16.0.0/16 is variably subnetted, 5 subnets, 3 masks
D 172.16.3.2/32
[90/40514560] via 192.168.100.2, 00:00:13, FastEthernet0/0
D 172.16.1.0/24
[90/40130560] via 192.168.100.2, 00:00:01, FastEthernet0/0
D 172.16.3.1/32 [90/2561024000] via 192.168.10.9, 00:00:01, Serial0/0
D 172.16.2.0/24
[90/40642560] via 192.168.100.2, 00:00:01, FastEthernet0/0
D 172.16.3.0/30
[90/40514560] via 192.168.100.2, 00:00:01, FastEthernet0/0
r2620_03(config-if)#
the master of your successor...
below will redistribute a static route... notice the code and the AD...
r2620_01#config t
Enter configuration commands, one per line. End with CNTL/Z.
r2620_01(config)#ip route 0.0.0.0 0.0.0.0 lo0
r2620_01(config)#router eigrp 1
r2620_01(config-router)#redistribute static
r2620_01(config-router)#
r2620_03#sh ip route eigrp
172.16.0.0/16 is variably subnetted, 5 subnets, 3 masks
D 172.16.3.2/32
[90/40514560] via 192.168.100.2, 00:13:08, FastEthernet0/0
D 172.16.1.0/24
[90/40130560] via 192.168.100.2, 00:12:56, FastEthernet0/0
D 172.16.3.1/32 [90/2561024000] via 192.168.10.9, 00:12:56, Serial0/0
D 172.16.2.0/24
[90/40642560] via 192.168.100.2, 00:12:56, FastEthernet0/0
D 172.16.3.0/30
[90/40514560] via 192.168.100.2, 00:12:56, FastEthernet0/0
D*EX 0.0.0.0/0 [170/2560640000] via 192.168.10.9, 00:00:53, Serial0/0
r2620_03#
Labels:
bandwidth,
ccna,
eigrp,
redistribute,
static
rip defect route propagation...
simply rip, 2 routers connected serially to 1... notice the gateway of last resort is not set... if you follow the output you'll see default-information originate put to good use in a rip environment... might save some typing...
r2620_01(config)#do sh run | begin router rip
router rip
network 1.0.0.0
network 10.0.0.0
r2620_01#sh ip route
Gateway of last resort is not set
1.0.0.0/24 is subnetted, 1 subnets
C 1.1.1.0 is directly connected, Loopback0
R 2.0.0.0/8 [120/1] via 10.0.20.2, 00:00:20, Serial0/0
R 3.0.0.0/8 [120/1] via 10.0.30.2, 00:00:04, Serial0/1
10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
C 10.0.30.0/24 is directly connected, Serial0/1
C 10.0.30.2/32 is directly connected, Serial0/1
C 10.0.20.2/32 is directly connected, Serial0/0
C 10.0.20.0/24 is directly connected, Serial0/0
r2620_01#
r2620_02#sh ip route
Gateway of last resort is not set
R 1.0.0.0/8 [120/1] via 10.0.20.1, 00:00:27, Serial0/0
2.0.0.0/24 is subnetted, 1 subnets
C 2.2.2.0 is directly connected, Loopback0
R 3.0.0.0/8 [120/1] via 10.0.20.1, 00:00:27, Serial0/0
10.0.0.0/8 is variably subnetted, 5 subnets, 3 masks
R 10.0.30.0/24 [120/1] via 10.0.20.1, 00:00:27, Serial0/0
R 10.0.30.2/32 [120/1] via 10.0.20.1, 00:00:27, Serial0/0
C 10.0.20.0/24 is directly connected, Serial0/0
C 10.0.20.1/32 is directly connected, Serial0/0
r2620_02#
r2620_03#sh ip route
Gateway of last resort is not set
R 1.0.0.0/8 [120/1] via 10.0.30.1, 00:00:24, Serial0/0
R 2.0.0.0/8 [120/1] via 10.0.30.1, 00:00:24, Serial0/0
3.0.0.0/24 is subnetted, 1 subnets
C 3.3.3.0 is directly connected, Loopback0
10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
C 10.0.30.0/24 is directly connected, Serial0/0
C 10.0.30.1/32 is directly connected, Serial0/0
R 10.0.20.2/32 [120/1] via 10.0.30.1, 00:00:24, Serial0/0
R 10.0.20.0/24 [120/1] via 10.0.30.1, 00:00:24, Serial0/0
r2620_03#
r2620_01(config)#router rip
r2620_01(config-router)#default-information originate
r2620_01(config-router)#end
r2620_01#
r2620_02#sh ip route
Gateway of last resort is 10.0.20.1 to network 0.0.0.0
R 1.0.0.0/8 [120/1] via 10.0.20.1, 00:00:11, Serial0/0
2.0.0.0/24 is subnetted, 1 subnets
C 2.2.2.0 is directly connected, Loopback0
R 3.0.0.0/8 [120/1] via 10.0.20.1, 00:00:11, Serial0/0
10.0.0.0/8 is variably subnetted, 5 subnets, 3 masks
R 10.0.30.0/24 [120/1] via 10.0.20.1, 00:00:11, Serial0/0
R 10.0.30.2/32 [120/1] via 10.0.20.1, 00:00:11, Serial0/0
C 10.0.20.0/24 is directly connected, Serial0/0
C 10.0.20.1/32 is directly connected, Serial0/0
R* 0.0.0.0/0 [120/1] via 10.0.20.1, 00:00:11, Serial0/0
r2620_03#sh ip route
Gateway of last resort is 10.0.30.1 to network 0.0.0.0
R 1.0.0.0/8 [120/1] via 10.0.30.1, 00:00:19, Serial0/0
R 2.0.0.0/8 [120/1] via 10.0.30.1, 00:00:19, Serial0/0
3.0.0.0/24 is subnetted, 1 subnets
C 3.3.3.0 is directly connected, Loopback0
10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
C 10.0.30.0/24 is directly connected, Serial0/0
C 10.0.30.1/32 is directly connected, Serial0/0
R 10.0.20.2/32 [120/1] via 10.0.30.1, 00:00:19, Serial0/0
R 10.0.20.0/24 [120/1] via 10.0.30.1, 00:00:19, Serial0/0
R* 0.0.0.0/0 [120/1] via 10.0.30.1, 00:00:19, Serial0/0
r2620_03#
so rip propagated some default routes as noted by the asterisks in the output of r2 and r3... sigh... but not on r1... this is very exciting...
r2620_01#sh ip route
Gateway of last resort is not set
1.0.0.0/24 is subnetted, 1 subnets
C 1.1.1.0 is directly connected, Loopback0
R 2.0.0.0/8 [120/1] via 10.0.20.2, 00:00:20, Serial0/0
R 3.0.0.0/8 [120/1] via 10.0.30.2, 00:00:20, Serial0/1
10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
C 10.0.30.0/24 is directly connected, Serial0/1
C 10.0.30.2/32 is directly connected, Serial0/1
C 10.0.20.2/32 is directly connected, Serial0/0
C 10.0.20.0/24 is directly connected, Serial0/0
r2620_01#
r2620_01(config)#do sh run | begin router rip
router rip
network 1.0.0.0
network 10.0.0.0
r2620_01#sh ip route
Gateway of last resort is not set
1.0.0.0/24 is subnetted, 1 subnets
C 1.1.1.0 is directly connected, Loopback0
R 2.0.0.0/8 [120/1] via 10.0.20.2, 00:00:20, Serial0/0
R 3.0.0.0/8 [120/1] via 10.0.30.2, 00:00:04, Serial0/1
10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
C 10.0.30.0/24 is directly connected, Serial0/1
C 10.0.30.2/32 is directly connected, Serial0/1
C 10.0.20.2/32 is directly connected, Serial0/0
C 10.0.20.0/24 is directly connected, Serial0/0
r2620_01#
r2620_02#sh ip route
Gateway of last resort is not set
R 1.0.0.0/8 [120/1] via 10.0.20.1, 00:00:27, Serial0/0
2.0.0.0/24 is subnetted, 1 subnets
C 2.2.2.0 is directly connected, Loopback0
R 3.0.0.0/8 [120/1] via 10.0.20.1, 00:00:27, Serial0/0
10.0.0.0/8 is variably subnetted, 5 subnets, 3 masks
R 10.0.30.0/24 [120/1] via 10.0.20.1, 00:00:27, Serial0/0
R 10.0.30.2/32 [120/1] via 10.0.20.1, 00:00:27, Serial0/0
C 10.0.20.0/24 is directly connected, Serial0/0
C 10.0.20.1/32 is directly connected, Serial0/0
r2620_02#
r2620_03#sh ip route
Gateway of last resort is not set
R 1.0.0.0/8 [120/1] via 10.0.30.1, 00:00:24, Serial0/0
R 2.0.0.0/8 [120/1] via 10.0.30.1, 00:00:24, Serial0/0
3.0.0.0/24 is subnetted, 1 subnets
C 3.3.3.0 is directly connected, Loopback0
10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
C 10.0.30.0/24 is directly connected, Serial0/0
C 10.0.30.1/32 is directly connected, Serial0/0
R 10.0.20.2/32 [120/1] via 10.0.30.1, 00:00:24, Serial0/0
R 10.0.20.0/24 [120/1] via 10.0.30.1, 00:00:24, Serial0/0
r2620_03#
r2620_01(config)#router rip
r2620_01(config-router)#default-information originate
r2620_01(config-router)#end
r2620_01#
r2620_02#sh ip route
Gateway of last resort is 10.0.20.1 to network 0.0.0.0
R 1.0.0.0/8 [120/1] via 10.0.20.1, 00:00:11, Serial0/0
2.0.0.0/24 is subnetted, 1 subnets
C 2.2.2.0 is directly connected, Loopback0
R 3.0.0.0/8 [120/1] via 10.0.20.1, 00:00:11, Serial0/0
10.0.0.0/8 is variably subnetted, 5 subnets, 3 masks
R 10.0.30.0/24 [120/1] via 10.0.20.1, 00:00:11, Serial0/0
R 10.0.30.2/32 [120/1] via 10.0.20.1, 00:00:11, Serial0/0
C 10.0.20.0/24 is directly connected, Serial0/0
C 10.0.20.1/32 is directly connected, Serial0/0
R* 0.0.0.0/0 [120/1] via 10.0.20.1, 00:00:11, Serial0/0
r2620_03#sh ip route
Gateway of last resort is 10.0.30.1 to network 0.0.0.0
R 1.0.0.0/8 [120/1] via 10.0.30.1, 00:00:19, Serial0/0
R 2.0.0.0/8 [120/1] via 10.0.30.1, 00:00:19, Serial0/0
3.0.0.0/24 is subnetted, 1 subnets
C 3.3.3.0 is directly connected, Loopback0
10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
C 10.0.30.0/24 is directly connected, Serial0/0
C 10.0.30.1/32 is directly connected, Serial0/0
R 10.0.20.2/32 [120/1] via 10.0.30.1, 00:00:19, Serial0/0
R 10.0.20.0/24 [120/1] via 10.0.30.1, 00:00:19, Serial0/0
R* 0.0.0.0/0 [120/1] via 10.0.30.1, 00:00:19, Serial0/0
r2620_03#
so rip propagated some default routes as noted by the asterisks in the output of r2 and r3... sigh... but not on r1... this is very exciting...
r2620_01#sh ip route
Gateway of last resort is not set
1.0.0.0/24 is subnetted, 1 subnets
C 1.1.1.0 is directly connected, Loopback0
R 2.0.0.0/8 [120/1] via 10.0.20.2, 00:00:20, Serial0/0
R 3.0.0.0/8 [120/1] via 10.0.30.2, 00:00:20, Serial0/1
10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
C 10.0.30.0/24 is directly connected, Serial0/1
C 10.0.30.2/32 is directly connected, Serial0/1
C 10.0.20.2/32 is directly connected, Serial0/0
C 10.0.20.0/24 is directly connected, Serial0/0
r2620_01#
Labels:
ccna,
cisco,
default-information originate,
rip
Thursday, December 22, 2011
catnip of the day...
reow... |
"i always never type full commands, my damn fat cat fingers get tired, but i do make a habit of saying the entire command in my head while typing...
for instance, when i type sh mac-add
i'm silently saying show mac dash address dash table in my head...
why? because i'm a friggin network cat; that's what we do..."
"and don't drink and subnet; you might get your vlans crossovered..."
Labels:
ccna,
cisco,
macdashaddressdashtable
router on a tip...
it doesn't get easier than this...
get a router a switch and 2 pc's...
connect a straight through cable from the router to a port on a switch... remove the ip address from the fa0/0 first and always, when making subinterfaces (frame and ppp too)... make two subinterfaces on the router
encap dot1q 21 means what it says; encapsulation dot1q for vlan 21...
give each sub ip's on different subnets (intervlan routing; now i got a network boner)
r2620_02#config t
Enter configuration commands, one per line. End with CNTL/Z.
r2620_02(config)#int fa0/0.21
r2620_02(config-subif)#encap dot1q 21
r2620_02(config-subif)#ip add 192.168.21.1 255.255.255.0
r2620_02(config-subif)#no shut
r2620_02(config-subif)#int fa0/0.22
r2620_02(config-subif)#encap dot1q 22
r2620_02(config-subif)#ip add 192.168.22.1 255.255.255.0
r2620_02(config-subif)#no shut
r2620_02(config-subif)#
swich time..
make two vlans, make a trunk (assigning vlans to the trunk is optional, why, because they forward all vlan traffic by default unless otherwise slapped around), put an interface into each vlan and you got...
s2(config)#vlan 21
s2(config-vlan)#name 21
s2(config-vlan)#vlan 22
s2(config-vlan)#name 22
s2(config-vlan)#exit
s2(config)#int fa0/17
s2(config-if)#sw mode trunk
s2(config-if)#sw trunk allow vlan 21,22
s2(config-if)#exit
s2(config)#int fa0/15
s2(config-if)#sw mode acc
s2(config-if)#sw acc vlan 21
s2(config-if)#int fa0/16
s2(config-if)#sw mode acc
s2(config-if)#sw acc vlan 22
s2(config-if)#do sh vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/5
10 fac/staff active Fa0/11, Fa0/12, Fa0/13, Fa0/14
20 students active Fa0/18, Fa0/19, Fa0/20, Fa0/21
Fa0/22, Fa0/23, Fa0/24
21 21 active Fa0/15
22 22 active Fa0/16
connect a pc to each switch port and set ip's and gateways...
and then ping the damn things... don't forget to debug ip icmp on the router, see after pc pings...
C:\Users\bosgood>ping 192.168.21.1
Pinging 192.168.21.1 with 32 bytes of data:
Reply from 192.168.21.1: bytes=32 time=2ms TTL=255
Reply from 192.168.21.1: bytes=32 time=1ms TTL=255
Reply from 192.168.21.1: bytes=32 time=1ms TTL=255
Reply from 192.168.21.1: bytes=32 time=2ms TTL=255
Ping statistics for 192.168.21.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 2ms, Average = 1ms
C:\Users\bosgood>ping 192.168.22.1
Pinging 192.168.22.1 with 32 bytes of data:
Reply from 192.168.22.1: bytes=32 time=2ms TTL=255
Reply from 192.168.22.1: bytes=32 time=2ms TTL=255
Reply from 192.168.22.1: bytes=32 time=1ms TTL=255
Reply from 192.168.22.1: bytes=32 time=1ms TTL=255
Ping statistics for 192.168.22.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 2ms, Average = 1ms
r2620_02#debug ip icmp
ICMP packet debugging is on
r2620_02#
Dec 22 18:47:13.575: ICMP: echo reply sent, src 192.168.21.1, dst 192.168.21.2
r2620_02#
Dec 22 18:47:14.575: ICMP: echo reply sent, src 192.168.21.1, dst 192.168.21.2
r2620_02#
Dec 22 18:47:15.579: ICMP: echo reply sent, src 192.168.21.1, dst 192.168.21.2
r2620_02#
Dec 22 18:47:16.583: ICMP: echo reply sent, src 192.168.21.1, dst 192.168.21.2
r2620_02#
Dec 22 18:49:39.983: ICMP: echo reply sent, src 192.168.22.1, dst 192.168.22.2
r2620_02#
Dec 22 18:49:40.987: ICMP: echo reply sent, src 192.168.22.1, dst 192.168.22.2
r2620_02#
Dec 22 18:49:41.987: ICMP: echo reply sent, src 192.168.22.1, dst 192.168.22.2
r2620_02#
Dec 22 18:49:42.991: ICMP: echo reply sent, src 192.168.22.1, dst 192.168.22.2
r2620_02#
that's a router on my...
get a router a switch and 2 pc's...
connect a straight through cable from the router to a port on a switch... remove the ip address from the fa0/0 first and always, when making subinterfaces (frame and ppp too)... make two subinterfaces on the router
encap dot1q 21 means what it says; encapsulation dot1q for vlan 21...
give each sub ip's on different subnets (intervlan routing; now i got a network boner)
r2620_02#config t
Enter configuration commands, one per line. End with CNTL/Z.
r2620_02(config)#int fa0/0.21
r2620_02(config-subif)#encap dot1q 21
r2620_02(config-subif)#ip add 192.168.21.1 255.255.255.0
r2620_02(config-subif)#no shut
r2620_02(config-subif)#int fa0/0.22
r2620_02(config-subif)#encap dot1q 22
r2620_02(config-subif)#ip add 192.168.22.1 255.255.255.0
r2620_02(config-subif)#no shut
r2620_02(config-subif)#
swich time..
make two vlans, make a trunk (assigning vlans to the trunk is optional, why, because they forward all vlan traffic by default unless otherwise slapped around), put an interface into each vlan and you got...
s2(config-vlan)#name 21
s2(config-vlan)#vlan 22
s2(config-vlan)#name 22
s2(config-vlan)#exit
s2(config)#int fa0/17
s2(config-if)#sw mode trunk
s2(config-if)#sw trunk allow vlan 21,22
s2(config-if)#exit
s2(config)#int fa0/15
s2(config-if)#sw mode acc
s2(config-if)#sw acc vlan 21
s2(config-if)#int fa0/16
s2(config-if)#sw mode acc
s2(config-if)#sw acc vlan 22
s2(config-if)#do sh vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/5
10 fac/staff active Fa0/11, Fa0/12, Fa0/13, Fa0/14
20 students active Fa0/18, Fa0/19, Fa0/20, Fa0/21
Fa0/22, Fa0/23, Fa0/24
21 21 active Fa0/15
22 22 active Fa0/16
connect a pc to each switch port and set ip's and gateways...
and then ping the damn things... don't forget to debug ip icmp on the router, see after pc pings...
C:\Users\bosgood>ping 192.168.21.1
Pinging 192.168.21.1 with 32 bytes of data:
Reply from 192.168.21.1: bytes=32 time=2ms TTL=255
Reply from 192.168.21.1: bytes=32 time=1ms TTL=255
Reply from 192.168.21.1: bytes=32 time=1ms TTL=255
Reply from 192.168.21.1: bytes=32 time=2ms TTL=255
Ping statistics for 192.168.21.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 2ms, Average = 1ms
C:\Users\bosgood>ping 192.168.22.1
Pinging 192.168.22.1 with 32 bytes of data:
Reply from 192.168.22.1: bytes=32 time=2ms TTL=255
Reply from 192.168.22.1: bytes=32 time=2ms TTL=255
Reply from 192.168.22.1: bytes=32 time=1ms TTL=255
Reply from 192.168.22.1: bytes=32 time=1ms TTL=255
Ping statistics for 192.168.22.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 2ms, Average = 1ms
r2620_02#debug ip icmp
ICMP packet debugging is on
r2620_02#
Dec 22 18:47:13.575: ICMP: echo reply sent, src 192.168.21.1, dst 192.168.21.2
r2620_02#
Dec 22 18:47:14.575: ICMP: echo reply sent, src 192.168.21.1, dst 192.168.21.2
r2620_02#
Dec 22 18:47:15.579: ICMP: echo reply sent, src 192.168.21.1, dst 192.168.21.2
r2620_02#
Dec 22 18:47:16.583: ICMP: echo reply sent, src 192.168.21.1, dst 192.168.21.2
r2620_02#
Dec 22 18:49:39.983: ICMP: echo reply sent, src 192.168.22.1, dst 192.168.22.2
r2620_02#
Dec 22 18:49:40.987: ICMP: echo reply sent, src 192.168.22.1, dst 192.168.22.2
r2620_02#
Dec 22 18:49:41.987: ICMP: echo reply sent, src 192.168.22.1, dst 192.168.22.2
r2620_02#
Dec 22 18:49:42.991: ICMP: echo reply sent, src 192.168.22.1, dst 192.168.22.2
r2620_02#
that's a router on my...
debug vtp...
s3(config)#do sh vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/3, Fa0/4, Fa0/5
10 fac/staff active Fa0/11, Fa0/12, Fa0/13, Fa0/14
Fa0/15, Fa0/16, Fa0/17
20 students active Fa0/18, Fa0/19, Fa0/20, Fa0/21
Fa0/22, Fa0/23, Fa0/24
30 guest active Fa0/6, Fa0/7, Fa0/8, Fa0/9
Fa0/10
99 mgmt&native active
s3#debug sw-vlan vtp ?
events vtp events
packets vtp packets
pruning vtp pruning events
xmit vtp packets transmitted
s3#debug sw-vlan vtp events
vtp events debugging is on
s3#
01:41:21: VTP LOG RUNTIME: Summary packet received, domain = ozlan, rev = 56, fo
llowers = 1, length 80, trunk Fa0/2
01:41:21: VTP LOG RUNTIME: Validate TLVs : #tlvs 1, max blk size 4
01:41:21: VTP LOG RUNTIME: Validate TLVs : #00, val 6, len 4
Summary packet rev 56 greater than domain ozlan rev 5
5
s3#sh vlan
01:41:21: VTP LOG RUNTIME:
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/3, Fa0/4, Fa0/5
10 fac/staff active Fa0/11, Fa0/12, Fa0/13, Fa0/14
Fa0/15, Fa0/16, Fa0/17
20 students active Fa0/18, Fa0/19, Fa0/20, Fa0/21
Fa0/22, Fa0/23, Fa0/24
30 guest active Fa0/6, Fa0/7, Fa0/8, Fa0/9
Fa0/10
69 VLAN0069 active
99 mgmt&native active
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/3, Fa0/4, Fa0/5
10 fac/staff active Fa0/11, Fa0/12, Fa0/13, Fa0/14
Fa0/15, Fa0/16, Fa0/17
20 students active Fa0/18, Fa0/19, Fa0/20, Fa0/21
Fa0/22, Fa0/23, Fa0/24
30 guest active Fa0/6, Fa0/7, Fa0/8, Fa0/9
Fa0/10
99 mgmt&native active
s3#debug sw-vlan vtp ?
events vtp events
packets vtp packets
pruning vtp pruning events
xmit vtp packets transmitted
s3#debug sw-vlan vtp events
vtp events debugging is on
s3#
01:41:21: VTP LOG RUNTIME: Summary packet received, domain = ozlan, rev = 56, fo
llowers = 1, length 80, trunk Fa0/2
01:41:21: VTP LOG RUNTIME: Validate TLVs : #tlvs 1, max blk size 4
01:41:21: VTP LOG RUNTIME: Validate TLVs : #00, val 6, len 4
Summary packet rev 56 greater than domain ozlan rev 5
5
s3#sh vlan
01:41:21: VTP LOG RUNTIME:
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/3, Fa0/4, Fa0/5
10 fac/staff active Fa0/11, Fa0/12, Fa0/13, Fa0/14
Fa0/15, Fa0/16, Fa0/17
20 students active Fa0/18, Fa0/19, Fa0/20, Fa0/21
Fa0/22, Fa0/23, Fa0/24
30 guest active Fa0/6, Fa0/7, Fa0/8, Fa0/9
Fa0/10
69 VLAN0069 active
99 mgmt&native active
Labels:
ccna,
ccnp switch,
cisco,
debug sw-vlan vtp,
vtp
michael jackson says...
the purpose of stp is to prevent loops in your redundant switched network, and...
the closest you can get to turning vtp off on your cisco switches is to place them in transparent mode...
bah humbug...
the closest you can get to turning vtp off on your cisco switches is to place them in transparent mode...
bah humbug...
Wednesday, December 21, 2011
R1#terminal length 0
this command doesn't get a lot of air play and it should... one of the very great features about cisco routers and switches is the ease of configuration achieved with a simple terminal console (or telnet) session, a word processing program and a mouse... copying start to a tftp server is a great way to back up configurations but when you're bouncing around from console, to telnet with multiple devices and you need a quick fix backup, open notepad or some such and scrape the terminal output in to it...
the crux of the matter below:
r2620_03#term length 5
r2620_03#sh run
Building configuration...
Current configuration : 1428 bytes
!
version 12.4
--More--
i shortened the term length to illustrate this point; notice the annoying --More--...
of course you hit the space bar to race through to get where you want to be, but if you want a clean scrape to dump into notepad, get rid of --More-- by setting the term length to 0...
r2620_03#term length 0
this will give a clean run, without nasty --More--
then just scroll back to the top of the output, run the mouse over the text, right click the highlighted text and copy to the buffer.. go back to the config prompt, right click and paste... it will simply load the text as commands and dump it into the running config...
naturally, you could also edit the text before the scrape to get rid of the bad experiments first...
set the term length back to, say 25, and you'll get about a screen at a time next go...
but of course you knew this already...
the crux of the matter below:
r2620_03#term length 5
r2620_03#sh run
Building configuration...
Current configuration : 1428 bytes
!
version 12.4
--More--
i shortened the term length to illustrate this point; notice the annoying --More--...
of course you hit the space bar to race through to get where you want to be, but if you want a clean scrape to dump into notepad, get rid of --More-- by setting the term length to 0...
r2620_03#term length 0
this will give a clean run, without nasty --More--
then just scroll back to the top of the output, run the mouse over the text, right click the highlighted text and copy to the buffer.. go back to the config prompt, right click and paste... it will simply load the text as commands and dump it into the running config...
naturally, you could also edit the text before the scrape to get rid of the bad experiments first...
set the term length back to, say 25, and you'll get about a screen at a time next go...
but of course you knew this already...
etherface...
the absolute horror of it all...
when all else fails, memorize...
ethernet 10Mbs 10BaseT IEEE 802.3 100 meters copper
fast ethernet 100Mbs 1000Base-TX 802.3u 100 meters copper
Gigabit ethernet 1000Mbps 1000Base-T 802.3ab 100 meters copper
Gigabit ethernet 1000Mbps 1000Base-LX 802.3z 5km (long haul) fiber
1000Base-SX 550m (short haul)
10GigE 10Gbps 10GBase-T 802.3an 100m copper
10GigE 10Gbps 10GBase-LR 802.3ae 25km fiber
10GBase-SR 300m
i have to wash my brain...
when all else fails, memorize...
ethernet 10Mbs 10BaseT IEEE 802.3 100 meters copper
fast ethernet 100Mbs 1000Base-TX 802.3u 100 meters copper
Gigabit ethernet 1000Mbps 1000Base-T 802.3ab 100 meters copper
Gigabit ethernet 1000Mbps 1000Base-LX 802.3z 5km (long haul) fiber
1000Base-SX 550m (short haul)
10GigE 10Gbps 10GBase-T 802.3an 100m copper
10GigE 10Gbps 10GBase-LR 802.3ae 25km fiber
10GBase-SR 300m
i have to wash my brain...
Monday, December 19, 2011
Wbland...
wlan
4 agencies
itu-r - worldwide organization that manages the assignment of freq's
ieee - wireless standardization of wlan 802.11
wi-fi alliance - industry consortium that encourages interoperability standards through wi-fi
cert program
FCC - u.s. govt agency that regulates usage of various communication freq's
IEEE introduced wlan standards in 1997 with ratification of 802.11 next came 802.1b then 802.1a
and 802.1g
802.11b is 11 Mbps @ 2.4 Ghz with 11 channels (3 nonoverlapped)
802.11a is 54 Mbps @ 5 Ghz with 23 channels (12 nonoverlapped)
802.11g is 54 Mbps @ 2,4 Ghz with 11 channels (3 non0verlapped)
using DSSS max speed for b and g is 11Mbps (b only uses DSSS)
using OFDM max speed for a and g is 54Mbps (a only uses OFDM)
ranges in feet 802.11a highest throughput 54= distance about 75 ft lowest throughput 6=about 200
802.11b 11 150 1 350
802.11g 54 90-100 6 300
Ad hoc mode - one or two or just a few more send wlan frames to each directly for short periods
Infrastructure mode - through an AP, allows for server and internet communication
2 submodes BSS and ESS
Basic service set uses a single AP to make a wireless LAN
Extended service set uses more than one AP, with overlapping cells to allow
for roaming in a larger area
IBSS Independant basic service set 2 devices directly connected-no ap
encoding 3 types
FHSS frequency hopping spread spectrum uses all band freq's, hopping between unlicensed bands
for consecutive transmissions
DSSS Direct sequence spread spectrum for use with b @ 2.4 Ghz unlicensed band
OFDM Orthogonal frequency division multiplexing (a only @ 2.4 Ghz)
Coverage area quality depends on freq, obstructions, interference, antennae, and dsss and ofdm
when encoding through the air
higher freq's send data faster but have smaller coverage
CSMA/CA signals from hosts sharing an AP cannot be isolated from collisions if they transmit at
the same time
prevention
1) listen for busy freq
2) random wait timer before sending a frame to reduce chance for simultaneous sends
does this sound familiar yet?
3) when timer expires, listen again for not busy, resend frame
4) after whole frame sent, listen for acknowledgement
5) no acknowledgement, restart csma logic (step 1)
security risks
war drivers - hacker driving around to exploit insecure or weak ap's (strong authentication)
hackers - find information or deny service, often compromising end hosts as a means to get on
the enterprise without breaching firewalls (strong encryption, and authentication
employees - who install AP's on the LAN with no security, allowing easy hacker
access (IDS, IPS and SWAN)
rogue AP's - attacker captures packets, finds service set identifier, then sets up an AP that
employees might associate with (IDS, IPS and SWAN)
risk reduction - mutual authentication, a secret password key on client and AP
encryption, key and algorithm to scramble frame contents
intrusion detection, IDS IPS and Swan (structured wireless aware architecture,
cisco concept to detect rogues)
WEP Wired equivalency privacy - 1997 original standard provided authentication and encryption
used static PSK's (pre-share keys) manually configured, easily cracked, only 40 bits
Cisco came up with an interim solution; dynamic keyexchange, new encryption key for each
packet and user authentication using 802.1x instead of device authentication
WPA Wi-fi protected access - 2003 similar to Cisco interim, dynamic key exchange using TKIP
(temporal key integrity exchange protocol) uses either 802.1x user authentication or
device authentication with PSK) the encryption algorithm uses MIC (message integrity
check)
802.11i WPA2 - dynamic key exchange, stronger encryption using AES (advanced encryption standard)
and user authentication. not backward compatible with wpa or wep
implementation -
AP parameters include SSID, RF channel and authentication
Clients are only authentication
802.11 is by design plug and play because of open authentication, whereas WEP and WPA
use PSK's that must match exactly
1) verify veracity of existing wired network, connect all ap's in the same
ESS to the same vlan
2) set up the ap as a switch, because it is a switch. however, use a straight through cable;
ip address, mask and default-gateway
3) set up the IEEE standard (a,b,g, or combination)
wireless channel, SSID,power
4) build a client (support the same wlan standard, it will learn the SSID from the AP)
5) verify at client end
6) configure security
7) verify client works with security enabled
i have yuck brain...
4 agencies
itu-r - worldwide organization that manages the assignment of freq's
ieee - wireless standardization of wlan 802.11
wi-fi alliance - industry consortium that encourages interoperability standards through wi-fi
cert program
FCC - u.s. govt agency that regulates usage of various communication freq's
IEEE introduced wlan standards in 1997 with ratification of 802.11 next came 802.1b then 802.1a
and 802.1g
802.11b is 11 Mbps @ 2.4 Ghz with 11 channels (3 nonoverlapped)
802.11a is 54 Mbps @ 5 Ghz with 23 channels (12 nonoverlapped)
802.11g is 54 Mbps @ 2,4 Ghz with 11 channels (3 non0verlapped)
using DSSS max speed for b and g is 11Mbps (b only uses DSSS)
using OFDM max speed for a and g is 54Mbps (a only uses OFDM)
ranges in feet 802.11a highest throughput 54= distance about 75 ft lowest throughput 6=about 200
802.11b 11 150 1 350
802.11g 54 90-100 6 300
Ad hoc mode - one or two or just a few more send wlan frames to each directly for short periods
Infrastructure mode - through an AP, allows for server and internet communication
2 submodes BSS and ESS
Basic service set uses a single AP to make a wireless LAN
Extended service set uses more than one AP, with overlapping cells to allow
for roaming in a larger area
IBSS Independant basic service set 2 devices directly connected-no ap
encoding 3 types
FHSS frequency hopping spread spectrum uses all band freq's, hopping between unlicensed bands
for consecutive transmissions
DSSS Direct sequence spread spectrum for use with b @ 2.4 Ghz unlicensed band
OFDM Orthogonal frequency division multiplexing (a only @ 2.4 Ghz)
Coverage area quality depends on freq, obstructions, interference, antennae, and dsss and ofdm
when encoding through the air
higher freq's send data faster but have smaller coverage
CSMA/CA signals from hosts sharing an AP cannot be isolated from collisions if they transmit at
the same time
prevention
1) listen for busy freq
2) random wait timer before sending a frame to reduce chance for simultaneous sends
does this sound familiar yet?
3) when timer expires, listen again for not busy, resend frame
4) after whole frame sent, listen for acknowledgement
5) no acknowledgement, restart csma logic (step 1)
security risks
war drivers - hacker driving around to exploit insecure or weak ap's (strong authentication)
hackers - find information or deny service, often compromising end hosts as a means to get on
the enterprise without breaching firewalls (strong encryption, and authentication
employees - who install AP's on the LAN with no security, allowing easy hacker
access (IDS, IPS and SWAN)
rogue AP's - attacker captures packets, finds service set identifier, then sets up an AP that
employees might associate with (IDS, IPS and SWAN)
risk reduction - mutual authentication, a secret password key on client and AP
encryption, key and algorithm to scramble frame contents
intrusion detection, IDS IPS and Swan (structured wireless aware architecture,
cisco concept to detect rogues)
WEP Wired equivalency privacy - 1997 original standard provided authentication and encryption
used static PSK's (pre-share keys) manually configured, easily cracked, only 40 bits
Cisco came up with an interim solution; dynamic keyexchange, new encryption key for each
packet and user authentication using 802.1x instead of device authentication
WPA Wi-fi protected access - 2003 similar to Cisco interim, dynamic key exchange using TKIP
(temporal key integrity exchange protocol) uses either 802.1x user authentication or
device authentication with PSK) the encryption algorithm uses MIC (message integrity
check)
802.11i WPA2 - dynamic key exchange, stronger encryption using AES (advanced encryption standard)
and user authentication. not backward compatible with wpa or wep
implementation -
AP parameters include SSID, RF channel and authentication
Clients are only authentication
802.11 is by design plug and play because of open authentication, whereas WEP and WPA
use PSK's that must match exactly
1) verify veracity of existing wired network, connect all ap's in the same
ESS to the same vlan
2) set up the ap as a switch, because it is a switch. however, use a straight through cable;
ip address, mask and default-gateway
3) set up the IEEE standard (a,b,g, or combination)
wireless channel, SSID,power
4) build a client (support the same wlan standard, it will learn the SSID from the AP)
5) verify at client end
6) configure security
7) verify client works with security enabled
i have yuck brain...
Saturday, December 17, 2011
bootstraps...
not sure if odom and the rest still mention this but booting or rebooting is derived from the idea of bootstraps, or more accurately, pulling oneself up by the bootstraps... the safest way to remember what configuration settings do is to look at the boot field... the boot field is the last four bits (all the way to the right) that comprise a number in hex normally 0x2 or ox2102 which means to boot from the config file in flash if possible...
if the last number is 0 boot to rommon, if it's 1 boot software contained in rom...
0x2142 means bypass start (config in nvram) and is mostly used in password recovery...
use show version to see the current config-register setting, ie,
Configuration register is 0x2102 (will be 0x2142 at next reload)
show run and show start do NOT show the register setting but will show manually input boot system configuration...
r2620_01#sh run
Building configuration...
Current configuration : 2049 bytes
!
! Last configuration change at 12:51:27 UTC Sat Dec 17 2011
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname r2620_01
!
boot-start-marker
boot system tftp myass 255.255.255.255
my college friends and i used to refer to throwing up, as booting
if the last number is 0 boot to rommon, if it's 1 boot software contained in rom...
0x2142 means bypass start (config in nvram) and is mostly used in password recovery...
use show version to see the current config-register setting, ie,
Configuration register is 0x2102 (will be 0x2142 at next reload)
show run and show start do NOT show the register setting but will show manually input boot system configuration...
r2620_01#sh run
Building configuration...
Current configuration : 2049 bytes
!
! Last configuration change at 12:51:27 UTC Sat Dec 17 2011
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname r2620_01
!
boot-start-marker
boot system tftp myass 255.255.255.255
my college friends and i used to refer to throwing up, as booting
Friday, December 16, 2011
beware of the glob...
the more definitions i read about this mess, the more awful and terrible they get...
inside local- the best definition i get is private address, or a private address behind the firewall ie,192.168.1.100
inside global- the inside private address natted for the outdside by NAT/firewall; how 192.168.1.100 gets translated and shipped by the firewall as 200.0.0.10
here's where the confusion starts
outside global- the natted address (outside the firewall) 200.0.0.10 on it's way to the ISP
outside local- whatever the ISP does with the address at this point, they may NAT it again, they may ship it as is considering they gave you outside addresses to use, etc., who knows
this whole concept has got to be the worst that cisco has ever come up with
the important point is that NAT will make your rfc1918 address routable for the wild so you can get to your porn...
inside local- the best definition i get is private address, or a private address behind the firewall ie,192.168.1.100
inside global- the inside private address natted for the outdside by NAT/firewall; how 192.168.1.100 gets translated and shipped by the firewall as 200.0.0.10
here's where the confusion starts
outside global- the natted address (outside the firewall) 200.0.0.10 on it's way to the ISP
outside local- whatever the ISP does with the address at this point, they may NAT it again, they may ship it as is considering they gave you outside addresses to use, etc., who knows
this whole concept has got to be the worst that cisco has ever come up with
the important point is that NAT will make your rfc1918 address routable for the wild so you can get to your porn...
Labels:
ccna,
cisco,
inside global,
inside local,
NAT,
outside global,
outside whatever
Thursday, December 15, 2011
successor excess...
a successor route is the lowest cost/best path that EIGRP is currently using... this route shows up in the neighbor table, the topology table, and the route table...
r2620_01(config-if)#do sh ip route eigrp
2.0.0.0/24 is subnetted, 1 subnets
D 2.2.2.0 [90/156160] via 192.168.1.120, 00:07:32, FastEthernet0/0
100.0.0.0/24 is subnetted, 1 subnets
D 100.0.0.0 [90/156160] via 192.168.1.100, 00:07:32, FastEthernet0/0
3.0.0.0/24 is subnetted, 1 subnets
D 3.3.3.0 [90/156160] via 192.168.1.130, 00:07:32, FastEthernet0/0
r2620_01(config-if)#
r2620_01(config-if)#do sh ip eigrp topo
IP-EIGRP Topology Table for AS(1)/ID(1.1.1.1)
Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
r - reply Status, s - sia Status
P 1.1.1.0/24, 1 successors, FD is 128256
via Connected, Loopback0
P 2.2.2.0/24, 1 successors, FD is 156160
via 192.168.1.120 (156160/128256), FastEthernet0/0
via 10.0.20.2 (2297856/128256), Serial0/0
P 3.3.3.0/24, 1 successors, FD is 156160
via 192.168.1.130 (156160/128256), FastEthernet0/0
via 10.0.30.2 (2297856/128256), Serial0/1
P 10.0.30.0/24, 1 successors, FD is 2169856
via Connected, Serial0/1
P 10.0.30.1/32, 0 successors, FD is Inaccessible
via 192.168.1.130 (2172416/2169856), FastEthernet0/0
via 10.0.20.2 (2684416/2172416), Serial0/0
via 10.0.30.2 (2681856/2169856), Serial0/1
P 10.0.30.2/32, 1 successors, FD is 2169856
via Rconnected (2169856/0)
P 10.0.20.2/32, 1 successors, FD is 2169856
via Rconnected (2169856/0)
P 10.0.20.0/24, 1 successors, FD is 2169856
via Connected, Serial0/0
P 10.0.20.1/32, 0 successors, FD is Inaccessible
via 192.168.1.120 (2172416/2169856), FastEthernet0/0
via 10.0.30.2 (2684416/2172416), Serial0/1
via 10.0.20.2 (2681856/2169856), Serial0/0
P 100.0.0.0/24, 1 successors, FD is 156160
via 192.168.1.100 (156160/128256), FastEthernet0/0
P 192.168.1.0/24, 1 successors, FD is 28160
via Connected, FastEthernet0/0
r2620_01(config-if)#
and:
r2620_01(config-if)#do sh ip eigrp neigh
IP-EIGRP neighbors for process 1
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
4 192.168.1.130 Fa0/0 14 00:14:53 11 200 0 67
1 192.168.1.100 Fa0/0 12 00:14:53 8 200 0 92
0 192.168.1.120 Fa0/0 14 00:14:53 1030 5000 0 145
3 10.0.30.2 Se0/1 11 00:47:52 3 200 0 68
2 10.0.20.2 Se0/0 11 00:53:08 4 200 0 144
r2620_01(config-if)#
there seems to be confusion about the successor and the feasible successor... certainly not to be confused with active in the topology table, which is according to hoyle:
http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080093f07.shtml#neighbor_table
When there are no feasible successors, a route goes into Active state and a route recomputation occurs. A route recomputation commences with a router sending a query packet to all neighbors. Neighboring routers can either reply if they have feasible successors for the destination or optionally return a query indicating that they are performing a route recomputation. While in Active state, a router cannot change the next-hop neighbor it is using to forward packets. Once all replies are received for a given query, the destination can transition to Passive state and a new successor can be selected.
the successor shows up in the route table, the topology table and the neighbor table, and the feasible successor shows in only the topology and neighbor tables
now lets eliminate the ethernet link to the layer 3 switch and reexamine
r2620_01(config)#int fa0/0
r2620_01(config-if)#shut
r2620_01(config-if)#
Dec 15 16:23:09.798: IP-EIGRP(Default-IP-Routing-Table:1): conn_summary_depend:
FastEthernet0/0 192.168.1.0/24 0
r2620_01(config-if)#
Dec 15 16:23:09.798: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 192.168.1.130 (F
astEthernet0/0) is down: interface down
Dec 15 16:23:09.802: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 192.168.1.100 (F
astEthernet0/0) is down: interface down
Dec 15 16:23:09.806: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 192.168.1.120 (F
astEthernet0/0) is down: interface down
r2620_01(config-if)#
Dec 15 16:23:11.778: %LINK-5-CHANGED: Interface FastEthernet0/0, changed state t
o administratively down
Dec 15 16:23:12.778: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEtherne
t0/0, changed state to down
r2620_01(config-if)#
then
r2620_01(config-if)#do sh ip route eigrp
2.0.0.0/24 is subnetted, 1 subnets
D 2.2.2.0 [90/2297856] via 10.0.20.2, 00:01:37, Serial0/0
100.0.0.0/24 is subnetted, 1 subnets
D 100.0.0.0 [90/2300416] via 10.0.30.2, 00:01:37, Serial0/1
[90/2300416] via 10.0.20.2, 00:01:37, Serial0/0
3.0.0.0/24 is subnetted, 1 subnets
D 3.3.3.0 [90/2297856] via 10.0.30.2, 00:01:37, Serial0/1
D 192.168.1.0/24 [90/2172416] via 10.0.30.2, 00:01:37, Serial0/1
[90/2172416] via 10.0.20.2, 00:01:37, Serial0/0
r2620_01(config-if)#
r2620_01(config-if)#do sh ip eigrp topo
IP-EIGRP Topology Table for AS(1)/ID(1.1.1.1)
Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
r - reply Status, s - sia Status
P 1.1.1.0/24, 1 successors, FD is 128256
via Connected, Loopback0
P 2.2.2.0/24, 1 successors, FD is 156160
via 10.0.20.2 (2297856/128256), Serial0/0
P 3.3.3.0/24, 1 successors, FD is 156160
via 10.0.30.2 (2297856/128256), Serial0/1
P 10.0.30.0/24, 1 successors, FD is 2169856
via Connected, Serial0/1
P 10.0.30.1/32, 0 successors, FD is Inaccessible
via 10.0.20.2 (2684416/2172416), Serial0/0
via 10.0.30.2 (2681856/2169856), Serial0/1
P 10.0.30.2/32, 1 successors, FD is 2169856
via Rconnected (2169856/0)
P 10.0.20.2/32, 1 successors, FD is 2169856
via Rconnected (2169856/0)
P 10.0.20.0/24, 1 successors, FD is 2169856
via Connected, Serial0/0
P 10.0.20.1/32, 0 successors, FD is Inaccessible
via 10.0.30.2 (2684416/2172416), Serial0/1
via 10.0.20.2 (2681856/2169856), Serial0/0
P 100.0.0.0/24, 2 successors, FD is 2300416
via 10.0.20.2 (2300416/156160), Serial0/0
via 10.0.30.2 (2300416/156160), Serial0/1
P 192.168.1.0/24, 2 successors, FD is 2172416
via 10.0.20.2 (2172416/28160), Serial0/0
via 10.0.30.2 (2172416/28160), Serial0/1
r2620_01(config-if)#
r2620_01(config-if)#do sh ip eigrp neigh
IP-EIGRP neighbors for process 1
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
3 10.0.30.2 Se0/1 11 01:13:34 2 200 0 71
2 10.0.20.2 Se0/0 10 01:18:50 3 200 0 149
r2620_01(config-if)#
the feasible's have become the successors and now they are showing up in all three tables
so there...
r2620_01(config-if)#do sh ip route eigrp
2.0.0.0/24 is subnetted, 1 subnets
D 2.2.2.0 [90/156160] via 192.168.1.120, 00:07:32, FastEthernet0/0
100.0.0.0/24 is subnetted, 1 subnets
D 100.0.0.0 [90/156160] via 192.168.1.100, 00:07:32, FastEthernet0/0
3.0.0.0/24 is subnetted, 1 subnets
D 3.3.3.0 [90/156160] via 192.168.1.130, 00:07:32, FastEthernet0/0
r2620_01(config-if)#
r2620_01(config-if)#do sh ip eigrp topo
IP-EIGRP Topology Table for AS(1)/ID(1.1.1.1)
Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
r - reply Status, s - sia Status
P 1.1.1.0/24, 1 successors, FD is 128256
via Connected, Loopback0
P 2.2.2.0/24, 1 successors, FD is 156160
via 192.168.1.120 (156160/128256), FastEthernet0/0
via 10.0.20.2 (2297856/128256), Serial0/0
P 3.3.3.0/24, 1 successors, FD is 156160
via 192.168.1.130 (156160/128256), FastEthernet0/0
via 10.0.30.2 (2297856/128256), Serial0/1
P 10.0.30.0/24, 1 successors, FD is 2169856
via Connected, Serial0/1
P 10.0.30.1/32, 0 successors, FD is Inaccessible
via 192.168.1.130 (2172416/2169856), FastEthernet0/0
via 10.0.20.2 (2684416/2172416), Serial0/0
via 10.0.30.2 (2681856/2169856), Serial0/1
P 10.0.30.2/32, 1 successors, FD is 2169856
via Rconnected (2169856/0)
P 10.0.20.2/32, 1 successors, FD is 2169856
via Rconnected (2169856/0)
P 10.0.20.0/24, 1 successors, FD is 2169856
via Connected, Serial0/0
P 10.0.20.1/32, 0 successors, FD is Inaccessible
via 192.168.1.120 (2172416/2169856), FastEthernet0/0
via 10.0.30.2 (2684416/2172416), Serial0/1
via 10.0.20.2 (2681856/2169856), Serial0/0
P 100.0.0.0/24, 1 successors, FD is 156160
via 192.168.1.100 (156160/128256), FastEthernet0/0
P 192.168.1.0/24, 1 successors, FD is 28160
via Connected, FastEthernet0/0
r2620_01(config-if)#
and:
r2620_01(config-if)#do sh ip eigrp neigh
IP-EIGRP neighbors for process 1
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
4 192.168.1.130 Fa0/0 14 00:14:53 11 200 0 67
1 192.168.1.100 Fa0/0 12 00:14:53 8 200 0 92
0 192.168.1.120 Fa0/0 14 00:14:53 1030 5000 0 145
3 10.0.30.2 Se0/1 11 00:47:52 3 200 0 68
2 10.0.20.2 Se0/0 11 00:53:08 4 200 0 144
r2620_01(config-if)#
there seems to be confusion about the successor and the feasible successor... certainly not to be confused with active in the topology table, which is according to hoyle:
http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080093f07.shtml#neighbor_table
When there are no feasible successors, a route goes into Active state and a route recomputation occurs. A route recomputation commences with a router sending a query packet to all neighbors. Neighboring routers can either reply if they have feasible successors for the destination or optionally return a query indicating that they are performing a route recomputation. While in Active state, a router cannot change the next-hop neighbor it is using to forward packets. Once all replies are received for a given query, the destination can transition to Passive state and a new successor can be selected.
the successor shows up in the route table, the topology table and the neighbor table, and the feasible successor shows in only the topology and neighbor tables
now lets eliminate the ethernet link to the layer 3 switch and reexamine
r2620_01(config)#int fa0/0
r2620_01(config-if)#shut
r2620_01(config-if)#
Dec 15 16:23:09.798: IP-EIGRP(Default-IP-Routing-Table:1): conn_summary_depend:
FastEthernet0/0 192.168.1.0/24 0
r2620_01(config-if)#
Dec 15 16:23:09.798: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 192.168.1.130 (F
astEthernet0/0) is down: interface down
Dec 15 16:23:09.802: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 192.168.1.100 (F
astEthernet0/0) is down: interface down
Dec 15 16:23:09.806: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 192.168.1.120 (F
astEthernet0/0) is down: interface down
r2620_01(config-if)#
Dec 15 16:23:11.778: %LINK-5-CHANGED: Interface FastEthernet0/0, changed state t
o administratively down
Dec 15 16:23:12.778: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEtherne
t0/0, changed state to down
r2620_01(config-if)#
then
r2620_01(config-if)#do sh ip route eigrp
2.0.0.0/24 is subnetted, 1 subnets
D 2.2.2.0 [90/2297856] via 10.0.20.2, 00:01:37, Serial0/0
100.0.0.0/24 is subnetted, 1 subnets
D 100.0.0.0 [90/2300416] via 10.0.30.2, 00:01:37, Serial0/1
[90/2300416] via 10.0.20.2, 00:01:37, Serial0/0
3.0.0.0/24 is subnetted, 1 subnets
D 3.3.3.0 [90/2297856] via 10.0.30.2, 00:01:37, Serial0/1
D 192.168.1.0/24 [90/2172416] via 10.0.30.2, 00:01:37, Serial0/1
[90/2172416] via 10.0.20.2, 00:01:37, Serial0/0
r2620_01(config-if)#
r2620_01(config-if)#do sh ip eigrp topo
IP-EIGRP Topology Table for AS(1)/ID(1.1.1.1)
Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
r - reply Status, s - sia Status
P 1.1.1.0/24, 1 successors, FD is 128256
via Connected, Loopback0
P 2.2.2.0/24, 1 successors, FD is 156160
via 10.0.20.2 (2297856/128256), Serial0/0
P 3.3.3.0/24, 1 successors, FD is 156160
via 10.0.30.2 (2297856/128256), Serial0/1
P 10.0.30.0/24, 1 successors, FD is 2169856
via Connected, Serial0/1
P 10.0.30.1/32, 0 successors, FD is Inaccessible
via 10.0.20.2 (2684416/2172416), Serial0/0
via 10.0.30.2 (2681856/2169856), Serial0/1
P 10.0.30.2/32, 1 successors, FD is 2169856
via Rconnected (2169856/0)
P 10.0.20.2/32, 1 successors, FD is 2169856
via Rconnected (2169856/0)
P 10.0.20.0/24, 1 successors, FD is 2169856
via Connected, Serial0/0
P 10.0.20.1/32, 0 successors, FD is Inaccessible
via 10.0.30.2 (2684416/2172416), Serial0/1
via 10.0.20.2 (2681856/2169856), Serial0/0
P 100.0.0.0/24, 2 successors, FD is 2300416
via 10.0.20.2 (2300416/156160), Serial0/0
via 10.0.30.2 (2300416/156160), Serial0/1
P 192.168.1.0/24, 2 successors, FD is 2172416
via 10.0.20.2 (2172416/28160), Serial0/0
via 10.0.30.2 (2172416/28160), Serial0/1
r2620_01(config-if)#
r2620_01(config-if)#do sh ip eigrp neigh
IP-EIGRP neighbors for process 1
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
3 10.0.30.2 Se0/1 11 01:13:34 2 200 0 71
2 10.0.20.2 Se0/0 10 01:18:50 3 200 0 149
r2620_01(config-if)#
the feasible's have become the successors and now they are showing up in all three tables
so there...
feasibly yours...
when EIGRP receives multiple paths to the same destination with the same prefix it adds these routes to its table and bases a best path decision upon the metrics in these updates. EIGRP determines closeness (lowest metric) as the winner and then installs the lowest metric/best path in its routing table.
THIS is the successor...
the default is four equal cost paths for determination, but this can be adjusted to include more or less paths... equal is a relative term and allowances can be determined using variance (to establish near equality)
a feasible successor is a path determined close, but not best after the calculation... this so called backup neighbor may be placed in the topology table and utilized in the event of successor failure
bandwidth and delay are EIGRP's default calculators... load, reliability and MTU can also be considered... see below...
r2620_01#sh int fa0/0
FastEthernet0/0 is up, line protocol is up
Hardware is AmdFE, address is 000f.2394.6c40 (bia 000f.2394.6c40)
Internet address is 192.168.1.50/24
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
THIS is the successor...
the default is four equal cost paths for determination, but this can be adjusted to include more or less paths... equal is a relative term and allowances can be determined using variance (to establish near equality)
a feasible successor is a path determined close, but not best after the calculation... this so called backup neighbor may be placed in the topology table and utilized in the event of successor failure
bandwidth and delay are EIGRP's default calculators... load, reliability and MTU can also be considered... see below...
r2620_01#sh int fa0/0
FastEthernet0/0 is up, line protocol is up
Hardware is AmdFE, address is 000f.2394.6c40 (bia 000f.2394.6c40)
Internet address is 192.168.1.50/24
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
OSPF area zero hour, nine a.m...
With OSPF, area 0 is the backbone area, more than one area is not a requirement, but multiple areas in the network must connect to it. Ethernet is a multi-access type network; the serial connections below are PPP. In point-to-point networks, DR and BDR elections are unecessary. In multi-access networks they are...
r2620_01#sh ip ospf neigh
Neighbor ID Pri State Dead Time Address Interface
2.2.2.2 1 FULL/BDR 00:00:32 192.168.1.200 FastEthernet0/
0
100.0.0.1 1 FULL/DR 00:00:39 192.168.1.100 FastEthernet0/
0
3.3.3.3 0 FULL/ - 00:00:39 10.0.30.2 Serial0/1
2.2.2.2 0 FULL/ - 00:00:33 10.0.20.2 Serial0/0
r2620_01#
so if we lose the ethernet connection to 100.0.0.1 what happens...
first of course
r2620_01#
Dec 15 08:28:24.087: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEtherne
t0/0, changed state to down
Dec 15 08:28:24.091: %OSPF-5-ADJCHG: Process 1, Nbr 2.2.2.2 on FastEthernet0/0 f
rom FULL to DOWN, Neighbor Down: Interface down or detached
Dec 15 08:28:24.095: %OSPF-5-ADJCHG: Process 1, Nbr 100.0.0.1 on FastEthernet0/0
from FULL to DOWN, Neighbor Down: Interface down or detached
r2620_01#
then
r2620_01#sh ip ospf neigh
Neighbor ID Pri State Dead Time Address Interface
3.3.3.3 0 FULL/ - 00:00:34 10.0.30.2 Serial0/1
2.2.2.2 0 FULL/ - 00:00:38 10.0.20.2 Serial0/0
r2620_01#
true to form no election takes place... let's bring it back...
r2620_01#
Dec 15 08:42:45.863: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEtherne
t0/0, changed state to up
r2620_01#
then
Neighbor ID Pri State Dead Time Address Interface
2.2.2.2 1 INIT/DROTHER 00:00:38 192.168.1.200 FastEthernet0/
0
3.3.3.3 0 FULL/ - 00:00:35 10.0.30.2 Serial0/1
2.2.2.2 0 FULL/ - 00:00:39 10.0.20.2 Serial0/0
r2620_01#
Dec 15 08:43:25.879: %OSPF-5-ADJCHG: Process 1, Nbr 100.0.0.1 on FastEthernet0/0
from LOADING to FULL, Loading Done
Dec 15 08:43:25.883: %OSPF-5-ADJCHG: Process 1, Nbr 2.2.2.2 on FastEthernet0/0 f
rom LOADING to FULL, Loading Done
r2620_01#
and post election after the smoke settles...
r2620_01#sh ip ospf neigh
Neighbor ID Pri State Dead Time Address Interface
2.2.2.2 1 FULL/BDR 00:00:35 192.168.1.200 FastEthernet0/
0
100.0.0.1 1 FULL/DR 00:00:32 192.168.1.100 FastEthernet0/
0
3.3.3.3 0 FULL/ - 00:00:32 10.0.30.2 Serial0/1
2.2.2.2 0 FULL/ - 00:00:36 10.0.20.2 Serial0/0
r2620_01#
now we'll put s0/1's network into a different area, area 1, on both sides
router ospf 1
log-adjacency-changes
network 1.1.1.1 0.0.0.0 area 0
network 10.0.20.0 0.0.0.255 area 0
network 10.0.30.0 0.0.0.255 area 0
network 192.168.1.0 0.0.0.255 area 0
r2620_01(config)#router ospf 1
r2620_01(config-router)#netw 10.0.30.0 0.0.0.255 area 1
r2620_01(config-router)#
Dec 15 08:50:37.531: %OSPF-5-ADJCHG: Process 1, Nbr 3.3.3.3 on Serial0/1 from FU
LL to DOWN, Neighbor Down: Interface down or detached
r2620_01(config-router)#
Dec 15 08:50:37.535: %OSPF-6-AREACHG: 10.0.30.0/24 changed from area 0 to area1
then change the other side to area 1
r2620_03(config-router)#netw 10.0.30.0 0.0.0.255 area 1
r2620_03(config-router)#
*Mar 5 06:52:08.733: %OSPF-6-AREACHG: 10.0.30.0/24 changed from area 0 to area
1
r2620_03(config-router)#
*Mar 5 06:52:08.757: %OSPF-5-ADJCHG: Process 1, Nbr 1.1.1.1 on Serial0/0 from L
OADING to FULL, Loading Done
r2620_03(config-router)#
then back to our router r2620_01
r2620_01(config-router)#
Dec 15 08:52:57.727: %OSPF-5-ADJCHG: Process 1, Nbr 3.3.3.3 on Serial0/1 from LO
ADING to FULL, Loading Done
r2620_01(config-router)#
now we have multiple areas and the result is:
r2620_01#sh ip ospf neigh
Neighbor ID Pri State Dead Time Address Interface
2.2.2.2 1 FULL/BDR 00:00:34 192.168.1.200 FastEthernet0/
0
100.0.0.1 1 FULL/DR 00:00:32 192.168.1.100 FastEthernet0/
0
2.2.2.2 0 FULL/ - 00:00:36 10.0.20.2 Serial0/0
3.3.3.3 0 FULL/ - 00:00:35 10.0.30.2 Serial0/1
r2620_01#
a re-election, where multi-access wins...
Wednesday, December 14, 2011
wildassmasks...
wild card masks... i've linked this before but the site below is truly invaluable...
http://www.dslreports.com/faq/15216
my take on it...
128 192 224 240 248 252 254 256
1 1 1 1 1 1 1 1
count em up...
255.255.255.192 = (action in the fourth octet) /26 or 24 + 2 one's
255.255.240.0 = (action in the third) /20 or 16 + 4 one's
ok, we love 256... 256 - 192 = (in the first example) 64
64 minus 1 in the fourth octet =
0.0.0.63 is the wildass
second example; 256 - 240 = 16 -1 or 15 in the third is
0.0.15.255 is the wildass
it's easier to subtract from 256 than 255, and faster... wild...
http://www.dslreports.com/faq/15216
my take on it...
128 192 224 240 248 252 254 256
1 1 1 1 1 1 1 1
count em up...
255.255.255.192 = (action in the fourth octet) /26 or 24 + 2 one's
255.255.240.0 = (action in the third) /20 or 16 + 4 one's
ok, we love 256... 256 - 192 = (in the first example) 64
64 minus 1 in the fourth octet =
0.0.0.63 is the wildass
second example; 256 - 240 = 16 -1 or 15 in the third is
0.0.15.255 is the wildass
it's easier to subtract from 256 than 255, and faster... wild...
Labels:
bits,
ccna,
cisco,
decimal,
octet,
slash notation,
wildcard mask
router OSPooF...
no router OSPF 0...
a router cannot have a process id of 0
area 0 - good; process id 0 - HULK SMASH...
good router process-id:
router ospf 1
log-adjacency-changes
network 1.1.1.1 0.0.0.0 area 0
network 10.0.20.0 0.0.0.255 area 0
network 10.0.30.0 0.0.0.255 area 0
network 192.168.1.0 0.0.0.255 area 0
bad router process id:
r2620_01(config)#router ospf 0
^
% Invalid input detected at '^' marker.
r2620_01(config)#
good router process-id
r2620_01(config)#router ospf ?
<1-65535> Process ID
r2620_01(config)#router ospf
can you say what is 2^16-1?
a router cannot have a process id of 0
area 0 - good; process id 0 - HULK SMASH...
good router process-id:
router ospf 1
log-adjacency-changes
network 1.1.1.1 0.0.0.0 area 0
network 10.0.20.0 0.0.0.255 area 0
network 10.0.30.0 0.0.0.255 area 0
network 192.168.1.0 0.0.0.255 area 0
bad router process id:
r2620_01(config)#router ospf 0
^
% Invalid input detected at '^' marker.
r2620_01(config)#
good router process-id
r2620_01(config)#router ospf ?
<1-65535> Process ID
r2620_01(config)#router ospf
can you say what is 2^16-1?
Labels:
65536,
ccna,
cisco,
ospf,
process id
Monday, December 12, 2011
DNS goes both ways...
DNS (port 53) uses both TCP and UDP... you've got it memorized, those bastards won't trick you on that one... you know damn well that TCP is connection oriented and that means reliable transport among other things... you also know UDP doesn't care, just keeps sending those 512 bytes (it can go higher, but 512 is the safe bet) whether the receiver likes it or not... look at TFTP; your IOS is counting on getting to your gear and so are you, but UDP blithely leaves any semblance of reliability up to the application layer...
so why does DNS use both?
DNS uses TCP for zone transfers because its reliability keeps the zone databases consistent.
DNS uses UDP for DNS queries... if it doesn't get a response, it will simply re-transmit after 3-5 seconds
UDP just doesn't give a shit...
so why does DNS use both?
DNS uses TCP for zone transfers because its reliability keeps the zone databases consistent.
DNS uses UDP for DNS queries... if it doesn't get a response, it will simply re-transmit after 3-5 seconds
UDP just doesn't give a shit...
Labels:
512,
byte,
ccna,
cisco,
connection,
connectionless,
DNS,
ios,
query,
TCP,
TFTP,
UDP,
zone transfer
Sunday, December 11, 2011
subinterface boogers...
when a subinterface is created there are boogers left behind, but they don't show up in show run or show start, they only show up when you show run interface;
r2620_03(config)#int fa0/0.1
r2620_03(config-subif)#encap dot1q 100
r2620_03(config-subif)#do sh run int fa0/0.1
Building configuration...
Current configuration : 60 bytes
!
interface FastEthernet0/0.1
encapsulation dot1Q 100
end
r2620_03(config-subif)#exit
r2620_03(config)#no int fa0/0.1
% Not all config may be removed and may reappear after reactivating the sub-inte
rface
r2620_03(config)#do sh run int fa0/0.1
Building configuration...
Current configuration : 5 bytes
end
(this means my current configuration bytes)
r2620_03(config)#
i have subinterface boogers and ether crickets on me...
r2620_03(config)#int fa0/0.1
r2620_03(config-subif)#encap dot1q 100
r2620_03(config-subif)#do sh run int fa0/0.1
Building configuration...
Current configuration : 60 bytes
!
interface FastEthernet0/0.1
encapsulation dot1Q 100
end
r2620_03(config-subif)#exit
r2620_03(config)#no int fa0/0.1
% Not all config may be removed and may reappear after reactivating the sub-inte
rface
r2620_03(config)#do sh run int fa0/0.1
Building configuration...
Current configuration : 5 bytes
end
(this means my current configuration bytes)
r2620_03(config)#
i have subinterface boogers and ether crickets on me...
Labels:
ccna,
cisco,
dot1q,
show interface,
show run,
show start,
subinterface
trunk funk...
to make a trunk two commands are necessary (see below for ISL)
switchport trunk encap dot1q
and
sw mode trunk
in that order for IEEE
sw3550_01(config-if)#do sh run int fa0/17
Building configuration...
Current configuration : 82 bytes
!
interface FastEthernet0/17
switchport mode access
speed 100
duplex full
end
sw3550_01(config-if)#sw mode trunk
Command rejected: An interface whose trunk encapsulation is "Auto" can not be co
nfigured to "trunk" mode.
(that's a hell of an error message, it was access)
sw3550_01(config-if)#sw trunk encap dot1q
sw3550_01(config-if)#sw mode trunk
sw3550_01(config-if)#^Z
sw3550_01#sh run int fa0/17
Building configuration...
Current configuration : 119 bytes
!
interface FastEthernet0/17
switchport trunk encapsulation dot1q
switchport mode trunk
speed 100
duplex full
end
sw3550_01#
and cisco's ISL
sw3550_01(config-if)#sw trunk encap isl
sw3550_01(config-if)#sw mode trunk
sw3550_01(config-if)#do sh run int fa0/17
Building configuration...
Current configuration : 117 bytes
!
interface FastEthernet0/17
switchport trunk encapsulation isl
switchport mode trunk
speed 100
duplex full
end
sw3550_01(config-if)#
to dump the trunk, the opposite is true...
sw3550_01(config-if)#no sw trunk encap isl
Command rejected: A port which is configured to "trunk" mode can not be configur
ed to negotiate the encapsulation.
sw3550_01(config-if)#no sw mode trunk
sw3550_01(config-if)#no sw trunk encap isl
sw3550_01(config-if)#do sh run int fa0/17
Building configuration...
Current configuration : 93 bytes
!
interface FastEthernet0/17
switchport mode dynamic desirable
speed 100
duplex full
end
sw3550_01(config-if)#sw mode access
sw3550_01(config-if)#do sh run int fa0/17
Building configuration...
Current configuration : 82 bytes
!
interface FastEthernet0/17
switchport mode access
speed 100
duplex full
end
sw3550_01(config-if)#
funk trunk...
switchport trunk encap dot1q
and
sw mode trunk
in that order for IEEE
sw3550_01(config-if)#do sh run int fa0/17
Building configuration...
Current configuration : 82 bytes
!
interface FastEthernet0/17
switchport mode access
speed 100
duplex full
end
sw3550_01(config-if)#sw mode trunk
Command rejected: An interface whose trunk encapsulation is "Auto" can not be co
nfigured to "trunk" mode.
(that's a hell of an error message, it was access)
sw3550_01(config-if)#sw trunk encap dot1q
sw3550_01(config-if)#sw mode trunk
sw3550_01(config-if)#^Z
sw3550_01#sh run int fa0/17
Building configuration...
Current configuration : 119 bytes
!
interface FastEthernet0/17
switchport trunk encapsulation dot1q
switchport mode trunk
speed 100
duplex full
end
sw3550_01#
and cisco's ISL
sw3550_01(config-if)#sw trunk encap isl
sw3550_01(config-if)#sw mode trunk
sw3550_01(config-if)#do sh run int fa0/17
Building configuration...
Current configuration : 117 bytes
!
interface FastEthernet0/17
switchport trunk encapsulation isl
switchport mode trunk
speed 100
duplex full
end
sw3550_01(config-if)#
to dump the trunk, the opposite is true...
sw3550_01(config-if)#no sw trunk encap isl
Command rejected: A port which is configured to "trunk" mode can not be configur
ed to negotiate the encapsulation.
sw3550_01(config-if)#no sw mode trunk
sw3550_01(config-if)#no sw trunk encap isl
sw3550_01(config-if)#do sh run int fa0/17
Building configuration...
Current configuration : 93 bytes
!
interface FastEthernet0/17
switchport mode dynamic desirable
speed 100
duplex full
end
sw3550_01(config-if)#sw mode access
sw3550_01(config-if)#do sh run int fa0/17
Building configuration...
Current configuration : 82 bytes
!
interface FastEthernet0/17
switchport mode access
speed 100
duplex full
end
sw3550_01(config-if)#
funk trunk...
i wanna be that guy...
who can use a command and it is embedded in his brain...
who can read a chapter once and all the complications become native...
who can figure out the answer in the question...
who can sit at a new system and play it like a maestro...
who stops second guessing and trusts his first instinct...
instead, i am the guy who...
has to beat the shit out of a thing before it is mine...
has to take it apart and put it back together before truly understanding it...
has to read it, then spit it out in language that belongs to me...
has to cross check before finally believing it...
has to drive himself insane before coming out the other end...
sucks to be the second guy...
Labels:
ccna,
certification. that guy,
cisco
Saturday, December 10, 2011
vlan creation myth...
actual cert question from reputable (nameless) cert type authority...
which of the following steps are necessary to add a new vlan to a switched network
select all that apply
a) create vlan
b) name vlan
c) configure ip address for vlan
d) add desired ports to vlan
e) add vlan to vtp domain
given answer a,b,d
WRONG... read the question... necessary to add a new vlan
only a) is correct... of course it's pretty useless without the other stuff, but that wasn't the question... see below...
sw3550_01(config)#vlan 69
sw3550_01(config-vlan)#end
sw3550_01#sh vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/22, Gi0/1, Gi0/2
2 hosts active
10 10 active
69 VLAN0069 active
note that the only requirement to CREATE a vlan is:
sw3550_01(config)#vlan 69
the others are options; the name is plugged in by default, added ports are not necessary, and the new vlan is automatically activated...
from the horse's mouth...
http://www.ciscopress.com/articles/article.asp?p=29803
VLANs are created by number, and there are two ranges of usable VLAN numbers (normal range 1–1000 and extended range 1025–4096). When a VLAN is created, you can also give it certain attributes such as a VLAN name, VLAN type, and its operational state.
be very afraid...
which of the following steps are necessary to add a new vlan to a switched network
select all that apply
a) create vlan
b) name vlan
c) configure ip address for vlan
d) add desired ports to vlan
e) add vlan to vtp domain
given answer a,b,d
WRONG... read the question... necessary to add a new vlan
only a) is correct... of course it's pretty useless without the other stuff, but that wasn't the question... see below...
sw3550_01(config)#vlan 69
sw3550_01(config-vlan)#end
sw3550_01#sh vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/22, Gi0/1, Gi0/2
2 hosts active
10 10 active
69 VLAN0069 active
note that the only requirement to CREATE a vlan is:
sw3550_01(config)#vlan 69
the others are options; the name is plugged in by default, added ports are not necessary, and the new vlan is automatically activated...
from the horse's mouth...
http://www.ciscopress.com/articles/article.asp?p=29803
VLANs are created by number, and there are two ranges of usable VLAN numbers (normal range 1–1000 and extended range 1025–4096). When a VLAN is created, you can also give it certain attributes such as a VLAN name, VLAN type, and its operational state.
be very afraid...
Labels:
ccna,
cisco,
horse's mouth,
name,
number,
vlan creation,
vtp
achille's lists...
i hate ACL's, firewalls, filters and especially window's stupid firewall... as a network guy i figure it to be my sworn duty to allow access to the wire, to give john Q user the unmitigated freedom of byte exploration... a perfect world... of course it becomes evident that john Q user will eventually get himself or the network in some kind of trouble with this very freedom... so we first open the door, then slam it shut...
the standard ACL is concerned with the source... not a lot of flexibility there... however, standard acl's shine when used with NAT for a quick, painless solution to get the private network users released into the wild...
extended and named acl's are another universe, providing more elegant examples of slamming the door on john Q user...
stepping back... why are standard acl's best utilized nearest the destination, and extended acl's best utilized nearest the source, besides the fact that cisco and odom and lammle, et al, have been pounding this into our collective minds for years? processing and WAN overhead, that's why... stopping hitler at Munich, like Clemenza said... filter that shit where it lives (extended) and block that shit before it gets in (standard)
filtering telnet is easy; just turn it off and use SSH and/or VPN instead...
disallowing ICMP onto your private network is another matter...
r2620_01(config)#ip access-list extended no_outside_pings
r2620_01(config-ext-nacl)#deny icmp any any echo log
r2620_01(config-ext-nacl)#permit ip any any
r2620_01(config-ext-nacl)#exit
r2620_01(config)#int s0/1
r2620_01(config-if)#ip access-group no_outside_pings in
r2620_01(config-if)#
then:
stardate log 2620_01:
r2620_01#
Dec 10 08:13:56.815: %SEC-6-IPACCESSLOGDP: list no_outside_pings denied icmp 10.
0.30.2 -> 10.0.30.1 (8/0), 5 packets
r2620_01#
but do yourself a favor... keep ping alive on the LAN
the standard ACL is concerned with the source... not a lot of flexibility there... however, standard acl's shine when used with NAT for a quick, painless solution to get the private network users released into the wild...
extended and named acl's are another universe, providing more elegant examples of slamming the door on john Q user...
stepping back... why are standard acl's best utilized nearest the destination, and extended acl's best utilized nearest the source, besides the fact that cisco and odom and lammle, et al, have been pounding this into our collective minds for years? processing and WAN overhead, that's why... stopping hitler at Munich, like Clemenza said... filter that shit where it lives (extended) and block that shit before it gets in (standard)
filtering telnet is easy; just turn it off and use SSH and/or VPN instead...
disallowing ICMP onto your private network is another matter...
r2620_01(config)#ip access-list extended no_outside_pings
r2620_01(config-ext-nacl)#deny icmp any any echo log
r2620_01(config-ext-nacl)#permit ip any any
r2620_01(config-ext-nacl)#exit
r2620_01(config)#int s0/1
r2620_01(config-if)#ip access-group no_outside_pings in
r2620_01(config-if)#
then:
r2620_03#ping 10.0.30.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.30.1, timeout is 2 seconds:
U.U.U
Success rate is 0 percent (0/5)
r2620_03#
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.30.1, timeout is 2 seconds:
U.U.U
Success rate is 0 percent (0/5)
r2620_03#
stardate log 2620_01:
r2620_01#
Dec 10 08:13:56.815: %SEC-6-IPACCESSLOGDP: list no_outside_pings denied icmp 10.
0.30.2 -> 10.0.30.1 (8/0), 5 packets
r2620_01#
but do yourself a favor... keep ping alive on the LAN
Thursday, December 8, 2011
frame dash relay...
how to set up a frame relay lab using 3 routers... the dirty...
who in the hell uses frame anymore...
take two routers and call me in the morning
here we go...
router1 will be our frame switch
frame commands per interface on frame switch... frame-relay intf-type dce is a precaution... look at the cables and you won't need those commands...
r1
interface Serial0/0
no ip address
encapsulation frame-relay
clock rate 64000
frame-relay intf-type dce
frame-relay route 102 interface Serial0/1 103
end
interface Serial0/1
no ip address
encapsulation frame-relay
clock rate 64000
frame-relay intf-type dce
frame-relay route 103 interface Serial0/0 102
end
on r2
interface Serial0/0
ip address 10.0.20.2 255.255.255.0
encapsulation frame-relay
frame-relay interface-dlci 102
frame-relay lmi-type ansi
end
on r3
interface Serial0/0
ip address 10.0.20.10 255.255.255.0
encapsulation frame-relay
frame-relay interface-dlci 103
frame-relay lmi-type ansi
end
the addresses on r2 and r3 have to be in the same subnet
the dlci's are the local dlci's on each router...
show frame route is your best friend r1 (frame switch)
r2620_01#sh frame route
Input Intf Input Dlci Output Intf Output Dlci Status
Serial0/0 102 Serial0/1 103 active
Serial0/1 103 Serial0/0 102 active
r2620_01#
r2620_01#sh frame lmi
LMI Statistics for interface Serial0/0 (Frame Relay DCE) LMI TYPE = ANSI
Invalid Unnumbered info 0 Invalid Prot Disc 0
Invalid dummy Call Ref 0 Invalid Msg Type 0
Invalid Status Message 0 Invalid Lock Shift 0
Invalid Information ID 0 Invalid Report IE Len 0
Invalid Report Request 0 Invalid Keep IE Len 0
Num Status Enq. Rcvd 2 Num Status msgs Sent 2
Num Update Status Sent 0 Num St Enq. Timeouts 0
LMI Statistics for interface Serial0/1 (Frame Relay DCE) LMI TYPE = ANSI
Invalid Unnumbered info 0 Invalid Prot Disc 0
Invalid dummy Call Ref 0 Invalid Msg Type 0
Invalid Status Message 0 Invalid Lock Shift 0
Invalid Information ID 0 Invalid Report IE Len 0
Invalid Report Request 0 Invalid Keep IE Len 0
Num Status Enq. Rcvd 3 Num Status msgs Sent 3
Num Update Status Sent 0 Num St Enq. Timeouts 0
r2620_01#
r2620_02#ping 10.0.20.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.20.10, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 56/56/56 ms
r2620_02#
r2620_02#sh fram lmi
LMI Statistics for interface Serial0/0 (Frame Relay DTE) LMI TYPE = ANSI
Invalid Unnumbered info 0 Invalid Prot Disc 0
Invalid dummy Call Ref 0 Invalid Msg Type 0
Invalid Status Message 0 Invalid Lock Shift 0
Invalid Information ID 0 Invalid Report IE Len 0
Invalid Report Request 0 Invalid Keep IE Len 0
Num Status Enq. Sent 806 Num Status msgs Rcvd 804
Num Update Status Rcvd 0 Num Status Timeouts 3
Last Full Status Req 00:00:55 Last Full Status Rcvd 00:00:55
r2620_02#
just like that... lose the ansi statement on one end and watch it drop...
Subscribe to:
Posts (Atom)