always use ip ospf network point-to-point on loopbacks unless prohibited.
This ensures that ospf advertises the loopback with the correct mask. Otherwise this can cause downstream problems with route filters etc. Also can be a problem when building MPLS adjacencies.
OSPF VIRTUAL-LINKS
Its best practice to use the router id when forming virtual links between routers. If anyone adds another loopback this may break existing adjacencies.
Also referencing OSPF advertising routers with the distance command relies on the router id being fixed.
ADJUSTING OSPF DISTANCE WITH AN ACL
access-list 2 deny 7.7.14.0 0.0.0.0
access-list 2 deny 7.7.12.0 0.0.0.0
access-list 2 deny 7.7.1.0 0.0.0.0
access-list 2 permit any
router ospf 1
distance 175 7.7.1.1 0.0.0.0 2
EIGRP NEIGHBORS
You need neighbor statements at both ends
BGP NETWORK ROUTE MAP COMMAND
router bgp 1
network 200.200.200.0 mask 255.255.255.0 route-map SETCOMMUNITY
BGP METRIC
Only need to set on one side. The default is zero so will be preferred.
still need the send-community attribute on neighbor statement!!!
NO-EXPORT Community
Remember this can be applied on the way out of your AS. Thereby telling the neighboring as not to advertise!!!!!
CHECK OUT ROUTINGBITS.COM
CHECKING PORTFAST STATUS
show spanning-tree interface fa0/2 portfast
TO CHECK SPANNING-TREE TOPOLOGY
show spanning-tree summ
MPLS GOOD PRACITICE
mpls ldp router-id lo0
mpls uses tcp
ldp uses tcp port 646. connection established from higher ip on ephemeral port to neighbor on port 646.
tdp uses tcp port 711.
if an acl prohibits. then change protocol!!
show mpls interfaces
show mpls ldp discovery
show mpls forwarding-table
REMEMBER
if running trunk out to access router. remember to still put switchport nonegotiate
If up down on serials. check the clocking. if CTS etc all UP this may indicate a cable problem
CHECK OUT WHEN TO USE OSPF FILTER LISTS --- Inter Area Filtering.
Filter Lists and Area Range commands are two methods of filtering inter area routes
It is for Inter-area filtering. Here we filter goinf from area 0 to area 1.
NB. Uses prefix lists.
R1 Configuration:
!
ip prefix-list DENY_R4_LOOPBACKS seq 5 deny 172.16.104.0/24
ip prefix-list DENY_R4_LOOPBACKS seq 10 deny 172.16.144.0/24
ip prefix-list DENY_R4_LOOPBACKS seq 15 permit 0.0.0.0/0 le 32
!
ip prefix-list DENY_R4_LOOPBACKS seq 10 deny 172.16.144.0/24
ip prefix-list DENY_R4_LOOPBACKS seq 15 permit 0.0.0.0/0 le 32
!
router ospf 1
router-id 1.1.1.1
log-adjacency-changes
area 1 filter-list prefix DENY_R4_LOOPBACKS out
network 10.1.13.1 0.0.0.0 area 0
network 10.1.124.1 0.0.0.0 area 1
network 172.16.101.1 0.0.0.0 area 0
router-id 1.1.1.1
log-adjacency-changes
area 1 filter-list prefix DENY_R4_LOOPBACKS out
network 10.1.13.1 0.0.0.0 area 0
network 10.1.124.1 0.0.0.0 area 1
network 172.16.101.1 0.0.0.0 area 0
!
R2 Configuration:
!
ip prefix-list DENY_R4_LOOPBACKS seq 5 deny 172.16.104.0/24
ip prefix-list DENY_R4_LOOPBACKS seq 10 deny 172.16.144.0/24
ip prefix-list DENY_R4_LOOPBACKS seq 15 permit 0.0.0.0/0 le 32
!
ip prefix-list DENY_R4_LOOPBACKS seq 10 deny 172.16.144.0/24
ip prefix-list DENY_R4_LOOPBACKS seq 15 permit 0.0.0.0/0 le 32
!
router ospf 1
router-id 1.1.1.1
log-adjacency-changes
area 1 filter-list prefix DENY_R4_LOOPBACKS out
network 10.1.13.1 0.0.0.0 area 0
network 10.1.124.1 0.0.0.0 area 1
network 172.16.101.1 0.0.0.0 area 0
router-id 1.1.1.1
log-adjacency-changes
area 1 filter-list prefix DENY_R4_LOOPBACKS out
network 10.1.13.1 0.0.0.0 area 0
network 10.1.124.1 0.0.0.0 area 1
network 172.16.101.1 0.0.0.0 area 0
If prohibited from using a filter list. Then the area range command can be used with the no-advertise option.
R1 Configuration:
!
router ospf 1
router-id 1.1.1.1
log-adjacency-changes
area 0 range 172.16.103.0 255.255.255.0 not-advertise
area 0 range 172.16.133.0 255.255.255.0 not-advertise
network 10.1.13.1 0.0.0.0 area 0
network 10.1.124.1 0.0.0.0 area 1
network 172.16.101.1 0.0.0.0 area 0
router-id 1.1.1.1
log-adjacency-changes
area 0 range 172.16.103.0 255.255.255.0 not-advertise
area 0 range 172.16.133.0 255.255.255.0 not-advertise
network 10.1.13.1 0.0.0.0 area 0
network 10.1.124.1 0.0.0.0 area 1
network 172.16.101.1 0.0.0.0 area 0
!
R2 Configuration
!
router ospf 1
router-id 2.2.2.2
log-adjacency-changes
area 0 range 172.16.103.0 255.255.255.0 not-advertise
area 0 range 172.16.133.0 255.255.255.0 not-advertise
network 10.1.23.2 0.0.0.0 area 0
network 10.1.124.2 0.0.0.0 area 1
network 172.16.102.2 0.0.0.0 area 0
router-id 2.2.2.2
log-adjacency-changes
area 0 range 172.16.103.0 255.255.255.0 not-advertise
area 0 range 172.16.133.0 255.255.255.0 not-advertise
network 10.1.23.2 0.0.0.0 area 0
network 10.1.124.2 0.0.0.0 area 1
network 172.16.102.2 0.0.0.0 area 0
!
OSPF SHAM-LINKS need to be up and adjacency FULL
MAKE OSPF SHAM LINK AREA 0.
R4#show ip ospf sham-links
Sham Link OSPF_SL3 to address 7.7.100.5 is up
Area 0 source address 7.7.100.4
Run as demand circuit
DoNotAge LSA allowed. Cost of using 1 State POINT_TO_POINT,
Timer intervals configured, Hello 10, Dead 40, Wait 40,
Hello due in 00:00:02
Adjacency State FULL (Hello suppressed)
Index 1/2, retransmission queue length 0, number of retransmission 0
First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0)
Last retransmission scan length is 0, maximum is 0
Last retransmission scan time is 0 msec, maximum is 0 msec
TO CONTROL ACCESS TO A MCAST GROUP
ip igmp access-group {acl}
no access-list 11
access-list 11 permit 239.10.5.1 0.0.0.0
access-list 11 permit 224.0.1.39 0.0.0.0
access-list 11 permit 224.0.1.40 0.0.0.0
access-list 11 deny any
int vlan 243
ip igmp access-group 11
PIM
show ip pim nei
show ip igmp groups
this shows groups!!
show ip pim rp map
show ip pim interface
USEFUL COMMAND
show run brief
show run class-map
show run policy-map
NTP PEER
Means clocks will sync. Clock with the lowere stratum will provide the clock.
ntp server is ONE way. IE will take clock from server regardless of server's stratum.
NEAT TRICK TO SAVE A RUNNING CONFIG
copy run flash:rich
to display the file
more flash:rich
copy flash:rich run
R4#show ip prot
Routing Protocol is "rip"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Sending updates every 30 seconds, next due in 26 seconds
Invalid after 180 seconds, hold down 180, flushed after 240
Redistributing: rip
Neighbor(s):
15.15.15.66
15.15.15.34
use show ip route x.x..x.x longer prefixes
MATCH ANY CLASSFUL NETWORKS
access-list 101 permit 0.0.0.0 127.0.0.0 host 255.0.0.0
access-list 101 permit 128.0.0.0 63.255.0 host 255.255.0.0
access-list 101 permit 192.0.0.0 31.255.255.0 host 255.255.255.0
route-map BLOCKCLASSFUL deny 10
match ip addr 101
route-map BLOCKCLASSFUL permit 20
router ospf 1
redist rip subnets route-mapBLOCKCLASSFUL
LEARNINGS FOR RIP LAB
1) Need to filter classfull networks on redistribution on R2!! Otherwise requirement for all networks to have a single path out of area zero to the right cannot be met. This networks originate in the RIP domain due to classfull routing properties of RIP.
2) For BGP need a distance command on R3 to poison the next hop address. Need to make sure path to exit does not traverse a NON BGP domain. Routes learnt from backbone are not advertised in the IGP. so if the path goes to a NON BGP router it will be dropped as the required route will not be present in the routing table.
3) Wathc out for the addition of autoqos. This will have repercussions for the 'no peer neighbor' route applied to the interface on R5. Also for redistribution on R1 do NOT qualify with an interface, oetherwise this will break as well!!!!
4)check bgp domain has route reflector client
5) dont forget redistribute coonnected on r5 and sw2
6) acl for as prepending is a single line!!!
access-list 177 permit ip 197.68.20.0 0.0.3.0 host 255.255.255.0
route-map my as permit 10
match ip addr 177
set as-path prepend 254 254 254
route-map myas permit 20
7) IPV6 MULTICAST
cut and paste on r1,R2 and R4
ipv6 multicast-routing
ipv6 access-list mgroup
permit host ff08::4000:4000 any
ipv6 pim rp-address FC01:DB8:74:C:211:21FF:FEFB:1D4D mgroup
8) IP HTTP SECURE-SERVER
ip http secure-server
username cisco password 0 cisco
username ADMIN privilege 15 password 0 CISCO
aaa new-model
aaa authentication login default line none
aaa authentication login HTTP local-case
aaa authorization exec HTTP local
ip http authentication aaa login-authentication HTTP
ip http authentication aaa exec-authorization HTTP
EEM
====
TO FIND OID value
technology
--- Network Management
----- SNMP
----- Maintain Op
-----How to collect CPU
event manager applet CCIE
event snmp oid 1.3.6.1.4.1.9.9.109.1.1.1.1.8 get-type next entry-op gt entry-val "60" poll-interval 60
action 1.0 cli command "enable"
action 1.0 cli command "event manager run EMAIL"
event manager applet EMAIL
evenet none
action 1.0 cli command "enable"
action 2.0 cli command "event manager run GET"
action 2.0 mail server "198.2.5.10" to engineer@cisco.com from EEMm@cisco.com subject "CPUAlert5min" body "$_cli_result"
event manager applet GET
event none
action 1.0 cli command "enable"
action 2.0 cli command "term len 13"
action 3.0 cli command "show process cpu corted 5min "pattern "--More--"
No comments:
Post a Comment