Nikolay Abromov blog

Router R3 is connected on it's ethernet interface to SW3 (working only as a l2 switch) and we have to send him default gateway via IRDP. This how such configuration would looks like: R3 R3#sh run int fast 0/0.50 Building configuration... Current configuration : 262 bytes ! interface FastEthernet0/0.50 encapsulation dot1Q 50 ip address 172.16.30.3 255.255.255.128 ip irdp ip irdp multicast ip irdp maxadvertinterval 20 ip irdp minadvertinterval 20 ip irdp holdtime 60 ip irdp preference 100 ip irdp address 0.0.0.0 100 end R3# and SW3#sh run int vlan 50 Building configuration... Current configuration : 93 bytes ! interface Vlan50 ip address 172.16.30.10 255.255.255.128 ip irdp ip irdp multicast end SW3# however, to make it work you'd need to enable it by entering ip gdp irdp SW3#show ip route Gateway Using Interval Priority Interface 172.16.30.3 IRDP 20 100 Vlan50 Default gateway is 172.16.30.3 Host Gateway Last Use...

The DHCP Authorized ARP feature enhances the Dynamic Host Configuration Protocol (DHCP) and Address Resolution Protocol (ARP) components of the Cisco IOS software to limit the leasing of IP addresses to mobile users to authorized users. This feature enhances security in public wireless LANs (PWLANs) by blocking ARP responses from unauthorized users at the DHCP server. http://www.cisco.com/en/US/docs/ios/12_3t/12_3t4/feature/guide/gtautarp.html

In this topology I have 4 switches (2x3560 and 2x3550) and 6 virtual routers 3725 with Tbased IOS (pc with 12 network cards).I haven't tested the configuration against the netmasterclas workbooks,yet. Some features are missing on this platform or at least on this version of IOS like "object track" in ACL. The first visible difference is that there is no backbone routers as we used to have on INE labs. This is my configuration: "netmasterclass.net" autostart = False [localhost:7200] workingdir = /home/nabromov/dynamips/working udp = 11000 [[3725]] image = /home/nabromov/dynamips/images/c3725-adventerprisek9-mz.124-15.T14.bin ram = 256 nvram = 256 ghostios = True idlepc = 0x60c06028 [[Router R1]] model = 3725 console = 2001 # R1 e0/0 to SW1 fa0/1 f0/0 = NIO_linux_eth:eth0 # R1 f0/1 to SW2 fa0/1 f0/1 = NIO_linux_eth:eth1 s1/0 = FRSW 1 s1/1 = R3 s1/1 [[ROUTER R...

I am planning to try another training provider so I found netmasterclass who are working with Cisco based on Cisco 360 training program. I will post some impressions after I go through few of the labs.

Registration: JUNOS Bootcamp UK March 28th - April 1st 2011 (Mar 28, 2011 - Apr 01, 2011)

another trick that I just learned. If you want to limit the number of the concurrent sessions going through the inspect rules you can use: "RouterXXX(config)#ip inspect hashtable number" Usage Guidelines Use the ip inspect hashtable command to increase the size of the hash table when the number of concurrent sessions increases or to reduce the search time for the session. Collisions in a hash table result in poor hash function distribution because many entries are hashed into the same bucket for certain patterns of addresses. Even if a hash function distribution evenly dispenses the input across all of the buckets, a small hash table size will not scale well if there are a large number of sessions. As the number of sessions increase, the collisions increase, which increases the length of the linked lists, thereby, deteriorating the throughput performance.

this is one of the most important parts, the verification. labXXX#tclsh foreach i { 130.1.17.1 150.1.1.1 130.1.124.1 130.1.234.2 } { ping $i }

okey, everyone will configure the bba-groups in the right way to make the task working.For me the tricky bit was that I used the wrong identifier for this task and the static host map in the dhcp pool didn't work. If yo don't configure the right client identifier it want work. so, what I did was to start the debug of the pppoe session and get the identifier from the dump in the log. *Mar 1 00:13:42.243: Retry count: 1 Client-ID: cisco-c203.03d1.0000-Di1 *Mar 1 00:13:42.243: Client-ID hex dump: 636973636F2D633230332E303364312E *Mar 1 00:13:42.247: 303030302D446931 we should keep in mind that we need to add 00 of front of the first two digits for the client-id and it will looks like 6369.xxxx.xxxx.xxxx.xxxx

*Mar 1 01:41:22.403: %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on FastEthernet0/0 (not full duplex), with Rack1SW2 FastEthernet0/2 (full duplex). to stop these messages you can type LabXXX(config)#no cdp log mismatch duplex

Use the access-list hardware program nonblocking global configuration command to cause the system to continue to forward frames even while a new security access-control list (ACL) configuration is being programmed into the hardware. Use the no form of this command to return to the default behavior, where traffic is blocked on affected interfaces when changes are made to the security ACL configuration while the hardware is updated with the new configuration. access-list hardware program nonblocking no access-list hardware program nonblocking

the company I work for gave me two months to prepare for the lab exam. So next couple of months I will be concentrated on this topic.

I just found this nice tutorial about the v6 tunnels and the ip over-head in particular. http://ardenpackeer.com/routing-protocols/tutorial-ipv6-tunnels-part-1-manual-gre-ipv6ip-tunnels/

First Published: July 11, 2008 Last Updated: September 6, 2010 The Object Groups for ACLs feature lets you classify users, devices, or protocols into groups and apply those groups to access control lists (ACLs) to create access control policies for those groups. This feature lets you use object groups instead of individual IP addresses, protocols, and ports, which are used in conventional ACLs. This feature allows multiple access control entries (ACEs), but now you can use each ACE to allow an entire group of users to access a group of servers or services or to deny them from doing so. In large networks, the number of ACLs can be large (hundreds of lines) and difficult to configure and manage, especially if the ACLs frequently change. Object group-based ACLs are smaller, more readable, and easier to configure and manage than conventional ACLs, simplifying static and dynamic ACL deployments for large user access environments on Cisco IOS routers. Cisco IOS Firewall benefits from object ...