Skip to content

Archive

Archive for June, 2011

Weird Cisco Command
================

I found it weird however some of you already know this.

Well if you want to check what is the configuration behind any
file stored in the cisco software,you can check with the
below command.

R1#more flash:[the name of the file]

Or even
R1#more ?
Explore for more options.

We can check the available files with the command:-
R1#dir

Suppose you have stored your configuration in flash:R1
You can check with the command:-
R1#more flash:R1
And the result will display the configuration of R1.This is useful
in some scenarios where you have to upload a config file stored in flash,
but you are not sure which config file has the configuration of your use.

I found it weird because i was checking the Vlan.dat file also in the switch,
although it was in some hexadecimal format,not able to decode,however it is really
amazing command.

You can even check the router ios with the same command:-
R1#more flash:c2800nm-adventerprisek9-mz.151-2.T1.bin
But again there are some hexa stuffs.

You cannot check the Switch IOS because Level 3 switches use ASICs/hardware
instead of the CPU/software that a router would.If anybody plzz share.

Further you can explore to get weird results,happy labbing :)

Switchport Mode Private-Vlan
========================
Hi guys i am back was stuck in some office work.

As per the heading we are discussing Private-Vlans today,
First of all Why we use Private Vlans in our switches? ,
even before why we even use Vlans in our switches?

Vlan is a Virtual LAN(Local Area Network) as in the cisco environment the name
is the recipe,as we all know from our CCNA studies that switches have multiple
Collision domains but a single Broadcast domain,VLAN is a broadcast domain
created by switches,normally , it is router creating that broadcast domain.
So by creating Vlans we are splitting our single default broadcast domain into
multiple broadcast domain by different vlans that will further used by different
ports and by different group of peoples to communicate with each other.
Note:-We still need a layer 3 device to communicate between these vlans.

The private vlan further split this single broadcast domain used by a single
Vlan into multiple isolated broadcast subdomains , that is defined by primary
Vlan and its secondary Vlans.It simply means that even if you are in a single
vlan (broadcast domain) you may or may not talk to each other,example in a
shared ISP co-location ,offices, hotels , where two hotel rooms may be in a
same subnet and in a same Vlan but should not talk to each other directly.

The theory about the Private VLANS is not much complicated rather implementation
may be confusing because Cisco uses different terms in this section to describe
Vlans and Ports.
NOTE:-Switch must be in TRANSPARENT mode to configure PVLANS.

Initially the ports are defined used in PVLANS.
There are 3 types of ports.
1.Promiscuous Ports:-Can talk to any port in a VLAN.
2.Isolated Ports:-Can ONLY talk to Promiscuous ports.
3.Community Ports:-Can ONLY talk to promiscuous ports and ports within their
community,cannot even talk to other different community ports.

First we create our secondary PVLAN and defined as community or isolated.
Example:-
vlan 300
private-vlan [isolated/community]

Then the primary parent vlan is defined and the PVLANs are associated with the
primary vlan.
Example:-
vlan 18
private-vlan primary
private-vlan association 300

After that we configure the interfaces that either they talk to each other or not
talk to each other.If we want a port to talk to each other then we configure that
port as a Promiscuous port,else we configure is as Host port.Here Host option
defines that this port should be either Community Port or Isolated port.

Example:-Suppose we want to configure that SW1 Fa0/6 and SW2 Fa0/8 on vlan 18
cannot talk to each other while the Router1 connected to SW1 Fa0/4 can still talk
to each other and vice-versa.The sample topology will be found by clicking PVLAN,
the diagram is just for reference not made professionally, kindly tolerate :)

PVLAN

Here the configuration look like this.
On Both SW1 and SW2
——————-
vlan 300
private-vlan isolated

vlan 18
private-vlan primary
private-vlan association 300

On SW1:-
——
Interface FastEthernet0/4
switchport access vlan 18
switchport mode private-vlan promiscuous
switchport private-vlan mapping 3 300

Interface FastEthernet0/6
switchport access vlan 18
switchport mode private-vlan host
switchport private-vlan host-association 3 300

On SW2:-
——-
Interface FastEthernet0/8
switchport access vlan 18
switchport mode private-vlan host
switchport private-vlan host-association 3 300

We can check the configuration of PVLAN by:-
Show interface FastEthernet0/4 switchport | include private

For further studies on PVLAN  you can go here

BGP Reachability

=================

R1
|
|     
|      
R2—FR CLOUD—R6
|
|
|
R5

Here in the above scenario R1 and R2 both connected to R6 via Frame-relay cloud and OSPF area 0 is running between all of them, and R6 is advertising default route into OSPF domain.R2 is in BGP AS 100,R6 is in BGP AS 200 and R5 is in AS 54.Here BGP is not running on R1.

The above task describes a case where reachabilty is lost to certain BGP networks when the primary Frame Realy connection of R2 is down.When the Frame Relay connection is down,all of R2’s traffic destined to R6 must transit R1.The problem , however is that R1 does not participate in BGP routing.Therefore,although BGP NLRI(Network Layer Reachability Information) is successfully transmitted throughout the network,traffic may be black holed when it reaches R1.

In order to resolve this issue, BGP has been redistributed into OSPF(IGP).R2 has been configured to redistribute all BGP information learned from AS 54 into OSPF.For traffic in the opposite direction, it doesnt matter,since R6 is originating a default route. The syntax of the commands will be:- on R2

router ospf 1 

redistribute bgp 100 subnets route-map BGP2OSPF

 ip as-path access-list 1 permit ^54_

route-map BGP2OSPF permit 10

match as-path 1

>>>Here _ matching everything in between that is starting ^ from 54.

 

BGP Filtering

===========

One of the most important thing in BGP to prevent our own public AS to be used as transit AS for other BGP AS’s. There are several ways to accomplish this as we can also use BGP Communities to accomplish this one simple way that i have found while doing lab today.

 >> Suppose our AS is 300 and we dont want AS 200 to use our AS as transit AS. We can accomplish this by using an “ip as-path access-list”matching the as-path and then filtering it to the specified neighbor by BGP “filter-list”.Here is the example.

>>The syntax of AS-PATH access-list.

 RTC(conf)#ip as-path access-list 13 permit ^$

 Here ^ is matching the begining of the string.

Here $ is matching the end of the string.

>>The syntax of BGP filter-list.

router bgp 300

neighbor[ip address] filter-list 13 out

Therefore by only advertising prefixes that were originated inside AS 300,AS 200 cannot use AS 300 to reach any other ASs like AS 100 in this scenario.In the above solution this is accomplished through the usage of filtering based on AS-PATH information. Since the AS-PATH of a prefix is not added until the prefix leaves the AS,prefixes which have been originated within AS will have an empty AS-PATH.This can be easily matched with a REGULAR EXPRESSION which specifies that the end of the line comes immediately after the start of the line,and is denoted as ^$. We can verify this configuration by the command:-

R1#show ip bgp neighbors [ip address of EBGP Neighbor] advertised-routes

BGP Default Route Origination
=============================

We can originate default route to specific BGP neighbor through

route bgp [AS No.]
neighbor [ip address] default-originate

Note:-By doing this the Default route is originated to the BGP peer along with the other routes in the BGP table.If you want to advertise only Default-route then do backup your configuration with a prefix-list or access-list or route-map.

>>router bgp [AS No.]
neighbor [ip address of neighbor] prefix-list ONLY_DEFAULT_ORIGINATE  out

Your Prefix-list could look like this.
>>ip prefix-list ONLY_DEFAULT_ORIGINATE seq 5 permit 0.0.0.0/0

Here in the above prefix-list we are only permitting Default-route by “0.0.0.0/0” if we have taken “0.0.0.0/0 le 32” then all the routes including Default route will advertise to the neighbor.Do watch for the granular things while doing configurations in BGP.

Important thing:-One very important thing to remember to check the routing table of the IBGP neighbor where we are advertising the Default route,whether the route that we have redistributed into IBGP neighbor is installed into routing table or not.check with the command:-
>>sh ip route | inc 0.0.0.0
 
if the Neighbor routing table is already learing the default route from other IGP then do deny this route by access-list,suppose we have originated earlier a default route via ospf in the routing domain , it will look like this.

R1#sh ip route | include  0.0.0.0
Gateway of last resort is X.X.X.X to network 0.0.0.0
O*E2 0.0.0.0/0 [110/1] via X.X.X.X, 00:33:11, FastEthernet1/12

Here we are already learing the default route from OSPF as the OSPF has lower Admin Distance(110) than IBGP(200) the default route via OSPF is installed in the routing table.
We can deny it in OSPF by.
>>router ospf 1
distribute-list PREFER_DEFAULT_VIA_BGP in

>>ip access-list standard PREFER_DEFAULT_VIA_BGP
 deny   0.0.0.0
 permit any

 

 

 

Today while i was doing lab i was stuck in the scenario where i have to do unequal cost load balancing in the eigrp domain.After many hours i finally got the desired result , thought of sharing this , kindly tell me if i am wrong anywhere.

One of the most important factors in choosing EIGRP as an IGP in the Network is the ability of  doing unequal cost load balancing.To enable this feature into Eigrp we need to issue “Variance” command under the Eigrp process.In order for path to be considered for unequal cost load balancing it must be a feasible successor with a metric less than or equal to the successor’s metric times the Variance.

Feasible Distance= Local Distance + Advertised Distance

A path whose advertised distance is lower than the feasible distance of the successor is deemed as feasible successor

Note:-Only routes that are feasible successors can be used for unequal cost load
balancing.

The formula for Eigrp Metric calculation:-

Metric = [k1 * bandwidth + (k2 * bandwidth)/(256 – load) + k3 * delay] *[k5/(reliability + k4)]

The “k” values are derived from the metric weights command, where K1 and
K3 are 1 by default and all other values are 0. This essentially means that only
bandwidth and delay are taken into account. “Bandwidth” is the inverse
bandwidth in Kbps times 107 (107/BWKbps). “Delay” is delay in tens of microseconds (DLYusec/10). These values are added together and then scaled
by a factor of 256. The composite metric is therefore represented by default as:

Metric = (107/BWKbps + DLYusec/10) * 256

Note:-Try to use Delay instead of Bandwidth because by changing bandwidth and QoS is running in the network , it will effect the traffic drastically in the network.

In order to achieve the any desired ratio suppose we want to distribute traffic in a ratio of 3:1 among the successors and feasible successors, and we are using delay we can set our equation like BW1 and Delay1 for the one path and BW2 and Delay 2 for other path.Now the equation will look like this.

3*[107/BW1 in Kbps + Delay1 in usec/10) * 256]=(107/BW2 in Kbps + Delay2 in usec/10) * 256

Here in the above formula watchout for BW1 ,Delay1,BW2 and Delay2.

By taking BW1 and BW2 as it is from the interface , we can find the end result something like :- Delay1=something times Delay2 ,now we can put the value of Delay 2 to find out Delay 1.

Lastly we can apply this Delay to the interface and check and verify our configuration by :-

sh ip route [destination network address] | include frame|share

Check the ratio in the traffic share count to see the exact result between both the paths.Also dont forget to include the Variance command  in the  Eigrp process.

sh ip eigrp topology [destination network address]

A must visit corner everyday for CCIE candidates.

CCIE News and Announcements

Cisco has slightly changed the appearance of the DocCD , now for the DocCD we need to go to the http://www.cisco.com/ (obviously) then SUPPORT tab then on the Product Support area we find a small link of the ALL PRODUCTS , click on the All products and you will be on the same old page where we love to be. :)