Showing posts with label IOS. Show all posts
Showing posts with label IOS. Show all posts

Tuesday, October 8, 2013

BGP Conditionally Injected Loops

While writing up the previous post on BGP Conditional Route Injection I got an idea while I was verifying the information in the post. I thought I saw a way for a loop to form in that the injected route would be learned by a router making it send traffic in the wrong direction.

It turns out I was right.

BGP Conditional Route Injection

This is one of those “complicated” configs. There’s a bunch of typing involved, and the syntax need to be just so.  I labbed this up tonight and it didn’t work. I proceeded to stare at my config for the next 30 minutes before I saw my error. This, my friend, is how you fail the TS section. So in the hopes that I don’t pull the same stunt with this feature come Lab day you folks are now treated to another blog post!

Sunday, September 22, 2013

RIP Distribute-lists and the Extended ACL

Here’s a neat trick that’s an easy one to screw up or forget the syntax on.  In RIP (and EIGRP as well I believe) you can use an extended access-list to filter out specific routes advertised by specific neighbours.  This is done using the source and destination fields of the extended ACL to specify source of the routing update, and the route(s) you want to filter respectively.

Example after the jump.

Thursday, September 5, 2013

Help Please: PPP Multilink

I'm going to try something a little different for this post.  Usually I take something that I've been labbing that I find interesting, or challenging, and document it for memory retention and your reading enjoyment.  This time I've got a config-let for PPP Multilink that I found quite by accident that I don't know is "right" or not.  It works, so that would mean it's right enough, but I'm hoping that someone out there can point me at some supporting documentation that can clarify what the difference is between this method and what I'll call the more traditional method, and why you would use one over the other.


Monday, September 2, 2013

VTP Transparent Mode Relay Caveat

As I get my fingers back in shape for the Lab I figured a little VTP practice tonight was in order.  VTP is fairly straightforward, so I wasn't expecting anything unusual when I started in on a little bit of config with a transparent VTP switch...

I've previously run under the assumption that a VTP transparent switch will relay VTP frames as long as it is in the same domain as the VTP frame it receives.  If there's a mismatch then the frame is discarded.  Well, this is still true, but there's a third scenario that I hadn't ever really considered before: the domain is set to NULL.

Thursday, August 29, 2013

MPLS and the Next Hop

This week I discovered that in all my labbing it would seem that I have never tried to run L3VPN MPLS over a Frame Relay hub and spoke configuration using OSPF and the provider IGP with a broadcast network type.  The reason that I know I’ve never done this before is because it just doesn’t work.  This seems like a sneaky little scenario for a TS task so here’s what things look like should you ever encounter it.

Thursday, January 24, 2013

Broken Network's Quick and Dirty Guide to Traffic Shaping

This is a very brief look at Generic Traffic Shaping (GTS), Frame Relay Traffic Shaping (FRTS) and Class Based Traffic Shaping. Nothing more, nothing less. You won’t learn the finer points of traffic shaping from this post, but you will see configuration examples of all three so that you’ll know the difference between them when you see them in a config, or if you’re asked to configure a specific type.

Monday, January 14, 2013

Assigning Addresses over PPP using DHCP

This topic is something that seems to kick my ass every time I need to configure it.  For some reason I can easily remember how to set up PPPoE, and I can remember how to dynamically assign addresses to the clients using IPCP without issue.  But for some reason I have a real mental block when it comes to using DHCP instead.  To that end, it’s time to blog it!

Monday, November 5, 2012

OSPF NSSA External LSA: Type 7

Still with me?  Good stuff!  We’re almost done.  Last up is the OSPF Type 7 NSSA External LSA.

Thursday, November 1, 2012

OSPF External LSA: Type 5

Welcome to the OSPF Type 5 LSA!

The Type 5 LSA is used to advertise routes that are external to the OSPF domain within the OSPF domain (hence the External moniker). There are two types of Type 5 LSA’s: Type 1 and Type 2 (seriously?).  We’ll be looking at both here.

Tuesday, October 30, 2012

OSPF Summary LSA's: Type 3 & 4

And now for everyone’s favourite LSA, the Type 3 LSA!

Combined with everyone’s least favourite LSA, the Type 4 LSA!

Sunday, October 28, 2012

OSPF Network LSA: Type 2

Welcome back to my LSA re-review. No need for a long winded intro here. Let’s get at it.

Thursday, October 25, 2012

OSPF Router LSA: Type 1

Ahh yes, this is the part of the CCIE studying where I revisit topics that I’ve previously studied before but have since started to forget some of the finer details of. This is where my inability to pass the stupid lab combined with the finite amount of memory capacity I have becomes a pain in the ass and forces me to redo things. This is where I my blogging takes on a morose tone and I start to sound like a whiny little bitch.

OK, not really.

But this is where I am going to look at the six OSPFv2 LSA’s that we care about for the CCIE R&S lab. In detail. Hence the title.

First up; Type 1.

Sunday, February 26, 2012

The Ridiculously Long and Complicated BGP Command 'neighbor local-as'

Few commands in IOS are as seemingly long and as confusing to me as what the BGP command 'neighbor local-as' command can be.  This command can extend a further 3 more keywords that each change the behavior quite a bit.  I've studied this before, and I always think I have it down, then after some time I come back to it and sit there staring at my screen with a stupid look on my face and a little bit of drool coming out the corner of my mouth while I re-learn it again.  Here's to hoping that a little blog action finally once and for all gets this one into my head.

Friday, December 30, 2011

DHCP Based Security Part 2: IP Source Guard

This is post two in a three post series on DHCP based switching security technologies.  Previously I looked at DHCP Snooping, and now I'm going to look at IP Source Guard.

Tuesday, May 31, 2011

IP Subnet-Zero

I thought it would be interesting to take a little stroll through history and look at something that really isn't relevant to today's network, but was something that you weren't allowed to use in days gone by.  As the blog title says, that something is IP Subnet-Zero.
ZER0 ZER0 ZER0 ZER0
What is IP Subnet Zero?  Well, it's a legacy command on Cisco routers the controls whether or not the use of the all zeros subnet is permitted.  What's the all zeros subnet?  To properly understand what the all zeros subnet is we need to first remember what classful networking was, and how things all got started in IP beginning with RFC 791
ZER0 ZER0 ZER0 ZER0

Monday, April 4, 2011

Lock-and-Key Security (Or how I learned to love the Dynamic ACL)

After a great February of blogs (for me anyway) I didn't manage to get a single post out in March.  Oddly enough March turned out to be a new record for pageviews...  Weird eh?

At any rate, I did do up another guest blog post for Steve on Networking-Forum.com on Lock-and-Key security..  If you're interested I encourage you to head on over and check it out.


http://www.networking-forum.com/blog/?p=2108

I hope you enjoy it.

Monday, February 21, 2011

What the Heck is EIGRP Named Configuration?

While doing some MPLS labbing this week I came across something that I'd never seen before.  I decided that I wanted to use EIGRP as my PE-CE routing protocol, and I was using one router to simulate 4 CE's.  My line of thinking was that I'd just create four VRFs and it'd be no problem.  For some reason it never occurred to me that I could use 4 separate EIGRP instances in my config...  I instead just assumed that I could do a VRF aware EIGRP config without any trouble.  Well, I was wrong.  At least I was wrong in the way I originally tried to get it working.  So after a 'no router eigrp 1' I headed over to the DocCD and found me some EIGRP Named Configuration.

Tuesday, February 1, 2011

How IOS Cheats When Using the Network Command

When you type a command into the IOS CLI you normally expect IOS to execute your instruction as typed.  You don't expect IOS to modify what you typed, or to assume you meant something other than what you actually typed in.  In fact, to me that behavior is extremely undesirable.  I understand there are some assumed defaults where if you omit certain keywords then IOS imposes on for you.  That's fine.  But sometimes IOS changes what you typed in to something completely different.  The network command contains one such example.


Sunday, January 9, 2011

The Mess that is QoS in Layer 2

Since I looked at QoS Classification and Marking in the IP Header I figure I might as well finish it off and go over the same topic at Layer 2.  I kept the title, but in reality it's not that bad here.  There's a lot more consistency between the various Layer 2 technologies and things seem to translate pretty well.  The only real challenge comes into play when you need to start translating a Layer 2 marking to a Layer 3 marking, and vice versa.  I'll get to that in a bit, but first lets look at what we have to work with.