Task 7.2 GRE Tunnel,
A bonehead error, I created another eigrp process for the GRE tunnel wich simplify the task :
-don't need to filter the GRE network in order to not see it on the ospf network
-no problem with recursive routing as loopback are not redistributed thrue the tunnel.
For the loopback, I add the loopback on routing process, proctor redistribute static with filtering. With this method no recursive routing problem as R9 loopback is seen thrue the tunnel as external making the ospf the prefered route.
In my solution as R9 loopback is internal to eigrp I needed to set distance on R5 to make ospf the prefered route.
Task 9.3 IP services
I configure NAT, the answer seems to be mobile ARP but not sure it's still in v4 BluePrint
mardi 29 juin 2010
dimanche 20 juin 2010
IPExpert V2 Lab11
Task 2.1 VTP pruning
Forgot to activate pruning missing the phrase 'ensure broadcast frames withtin any given vlan are not sent to switch that don't have access port in that vlan'
Task 5.4 Eigrp Tuning
Forgoten task : prevent SIA process after 300 seconds
timers active-time
Wrong task : drop routes from inactive neighbors after half the default value.
I configured an hold-time of 90 as default for NBMA is 180se
The question was more about to use NSF, permitting using during a normal nsf enabled neighbor failure (restart or maintenace) . default is 240s. to configure it
timers nsf route-hold 120
or
timers graceful-restart purge-time 120
Task 6.1 RIP
Forgotten task : RIP updates should be sent to the broadcast adress :
ip rip v2-broadcast
Task 8.6/7 BGP
Advertising same networks throught 2 different as in AS 567 make one preferable. I manipulate AS_PATH. other solutions was:
- Setting a local preference on input ebgp.
- Setting a weight on all routers of the as 567
- Setting a med with the options of ignoring as-path and always comparing med (because coming of differents as)
Aggregate an adress without routing loops :
- Filtering where the route is propagated (my solution)
- Setting as-set in order the route be automatically filtered from when the more specifics routes come from.
Task 9.2 MPLS VPN
As i used ospf between PE-CE and CE was using vrf I needed to activate vrf-lite capability on CE ospf process in order the coming routes from the PE be accepted. A PE router will set DN or domain-tag in order another PE on the same segment not reinject the route. So a PE will not accept lsa with dn or domain-tag set. As the CE has vrf activated it's considered PE and will not accept any ospf route from the PE. vrf-lit permits to disable this check on the CE
Forgot to activate pruning missing the phrase 'ensure broadcast frames withtin any given vlan are not sent to switch that don't have access port in that vlan'
Task 5.4 Eigrp Tuning
Forgoten task : prevent SIA process after 300 seconds
timers active-time
Wrong task : drop routes from inactive neighbors after half the default value.
I configured an hold-time of 90 as default for NBMA is 180se
The question was more about to use NSF, permitting using during a normal nsf enabled neighbor failure (restart or maintenace) . default is 240s. to configure it
timers nsf route-hold 120
or
timers graceful-restart purge-time 120
Task 6.1 RIP
Forgotten task : RIP updates should be sent to the broadcast adress :
ip rip v2-broadcast
Task 8.6/7 BGP
Advertising same networks throught 2 different as in AS 567 make one preferable. I manipulate AS_PATH. other solutions was:
- Setting a local preference on input ebgp.
- Setting a weight on all routers of the as 567
- Setting a med with the options of ignoring as-path and always comparing med (because coming of differents as)
Aggregate an adress without routing loops :
- Filtering where the route is propagated (my solution)
- Setting as-set in order the route be automatically filtered from when the more specifics routes come from.
Task 9.2 MPLS VPN
As i used ospf between PE-CE and CE was using vrf I needed to activate vrf-lite capability on CE ospf process in order the coming routes from the PE be accepted. A PE router will set DN or domain-tag in order another PE on the same segment not reinject the route. So a PE will not accept lsa with dn or domain-tag set. As the CE has vrf activated it's considered PE and will not accept any ospf route from the PE. vrf-lit permits to disable this check on the CE
dimanche 13 juin 2010
IPExpert V2 Lab9
Task 1.1 Tag native vlan
To override the fact that native vlan is not tagged in 802.1q, use the global command :
vlan dot1q native vlan
To not use A trunk even if you need 2 vlan to be used on a link, use voice vlan.
Task 3.5 Default route without any routing protocol
I used DHCP between R9 and BB3 in order to send a gateway.
The protocol used odr.
Task 4.2
R2 will redistribute osfp into BGP but, the redistributed need to only be sent to eBGP neighbor.
I filtered locally generated routes toward iBGP neighbor.
Protocol use another solution :
On redistribution to BGP it set a community for ospf routes. This community is filtered toward iBGP neighbor :
router bgp 245
redi ospf route-map FROMOSPF
neighbor 100.0.0.6 route-map TO6
route-map FROMOSPF
set community 100:100
route-map TO6 deny
match community 1
route-map TO6 permit
ip community-list permit 100:100
Task 4.5 Specific BGP dampening
When setting specific dampening for a route, it should be set with the set dampening command under the route-map and bgp dampeing route-map command.
Task 5.2 SSM
The goal was to permit only one source to ping a group joined on R6 without any filtering.
The solution was on R6 to join a group with a specific sender and use SSM :
ip igmp join-group 236.6.6.6 source 100.0.0.2
As default SSM group is 232.0.0.0/8
the command ip pim ssm range 236.6.6.6 was needed in order to change the default SSM group.
Task 6.1 Dhcp option TFTP
I used tftp option 150 whereas protocol use 66.
66 is the rfc one and allow on tftp server whereas 150 permit more than on address
To override the fact that native vlan is not tagged in 802.1q, use the global command :
vlan dot1q native vlan
To not use A trunk even if you need 2 vlan to be used on a link, use voice vlan.
Task 3.5 Default route without any routing protocol
I used DHCP between R9 and BB3 in order to send a gateway.
The protocol used odr.
Task 4.2
R2 will redistribute osfp into BGP but, the redistributed need to only be sent to eBGP neighbor.
I filtered locally generated routes toward iBGP neighbor.
Protocol use another solution :
On redistribution to BGP it set a community for ospf routes. This community is filtered toward iBGP neighbor :
router bgp 245
redi ospf route-map FROMOSPF
neighbor 100.0.0.6 route-map TO6
route-map FROMOSPF
set community 100:100
route-map TO6 deny
match community 1
route-map TO6 permit
ip community-list permit 100:100
Task 4.5 Specific BGP dampening
When setting specific dampening for a route, it should be set with the set dampening command under the route-map and bgp dampeing route-map command.
Task 5.2 SSM
The goal was to permit only one source to ping a group joined on R6 without any filtering.
The solution was on R6 to join a group with a specific sender and use SSM :
ip igmp join-group 236.6.6.6 source 100.0.0.2
As default SSM group is 232.0.0.0/8
the command ip pim ssm range 236.6.6.6 was needed in order to change the default SSM group.
Task 6.1 Dhcp option TFTP
I used tftp option 150 whereas protocol use 66.
66 is the rfc one and allow on tftp server whereas 150 permit more than on address
jeudi 10 juin 2010
Frame Relay Traffic Shaping Summary
GTS
- Interface/subinterface level (no pvc level)
- Internal shaper is WFQ
- Could be used with WFQ/PQ/CQ at interface level
interface Serial0/0/0:0.1 point-to-point
ip address 177.0.112.1 255.255.255.0
traffic-shape rate 512000
traffic-shape adaptive 256000
traffic-shape fecn-adapt
frame-relay interface-dlci 112
Legacy FRTS
- Enabled with frame-relay traffic-shaping
- PVC granularity
- Default to 56k/125ms once activated
- Could be used with WFQ/PQ/CQ per PVC
- Could not be used with WFQ/PQ/CQ at interface level (if FRF.12 2 dual fifo is enabled at interface level)
- Could use FRF12 of the map-class, per VC fragmentation
map-class frame-relay SHAPE_384K
frame-relay cir 384000
frame-relay bc 3840
frame-relay be 0
frame-relay adaptive-shaping becn
frame-relay adaptive-shaping interface-congestion
frame-relay fair-queue
interface Serial 0/0/0:0
frame-relay traffic-shaping
!
interface Serial 0/0/0:0.1
ip address 177.0.112.1 255.255.255.0
frame-relay interface-dlci 112
class SHAPE_384K
MQC based FRTS
- Needed for Voice-Adaptive Traffic Shaping
- Could use FRF 12 at interface level (for all vc of the interface)
- Incompatible with the command frame-relay traffic-shaping
policy-map CBWFQ
class VOICE
priority 64
class DATA
bandwidth 128
class class-default
fair-queue
policy-map SHAPE_384K
class class-default
shape average 384000
shape adaptive 192000
service-policy CBWFQ
map-class frame-relay SHAPE_384K
service-policy output SHAPE_384K
interface Serial 0/0/0:0.1
ip address 177.0.112.1 255.255.255.0
frame-relay interface-dlci 112
class SHAPE_384K
MQC based Class based traffic shaping
- Use map-class
- Incompatible with frame-relay traffic-shaping
- Incompatible with adaptive shaping
- Use service policy with shaping configured on default-class or by pvc matching a dlci
- CBFWQ could be used to child policy
- FRF.12 is applied at interface level
policy-map CBWFQ
class VOICE
priority 64
class DATA
bandwidth 128
class class-default
fair-queue
policy-map SHAPE_384K
class class-default
shape average 384000
shape adaptive 192000
service-policy CBWFQ
interface Serial 0/0/0:0.1
ip address 177.0.112.1 255.255.255.0
service-policy output SHAPE_384K
frame-relay interface-dlci 112
- Interface/subinterface level (no pvc level)
- Internal shaper is WFQ
- Could be used with WFQ/PQ/CQ at interface level
interface Serial0/0/0:0.1 point-to-point
ip address 177.0.112.1 255.255.255.0
traffic-shape rate 512000
traffic-shape adaptive 256000
traffic-shape fecn-adapt
frame-relay interface-dlci 112
Legacy FRTS
- Enabled with frame-relay traffic-shaping
- PVC granularity
- Default to 56k/125ms once activated
- Could be used with WFQ/PQ/CQ per PVC
- Could not be used with WFQ/PQ/CQ at interface level (if FRF.12 2 dual fifo is enabled at interface level)
- Could use FRF12 of the map-class, per VC fragmentation
map-class frame-relay SHAPE_384K
frame-relay cir 384000
frame-relay bc 3840
frame-relay be 0
frame-relay adaptive-shaping becn
frame-relay adaptive-shaping interface-congestion
frame-relay fair-queue
interface Serial 0/0/0:0
frame-relay traffic-shaping
!
interface Serial 0/0/0:0.1
ip address 177.0.112.1 255.255.255.0
frame-relay interface-dlci 112
class SHAPE_384K
MQC based FRTS
- Needed for Voice-Adaptive Traffic Shaping
- Could use FRF 12 at interface level (for all vc of the interface)
- Incompatible with the command frame-relay traffic-shaping
policy-map CBWFQ
class VOICE
priority 64
class DATA
bandwidth 128
class class-default
fair-queue
policy-map SHAPE_384K
class class-default
shape average 384000
shape adaptive 192000
service-policy CBWFQ
map-class frame-relay SHAPE_384K
service-policy output SHAPE_384K
interface Serial 0/0/0:0.1
ip address 177.0.112.1 255.255.255.0
frame-relay interface-dlci 112
class SHAPE_384K
MQC based Class based traffic shaping
- Use map-class
- Incompatible with frame-relay traffic-shaping
- Incompatible with adaptive shaping
- Use service policy with shaping configured on default-class or by pvc matching a dlci
- CBFWQ could be used to child policy
- FRF.12 is applied at interface level
policy-map CBWFQ
class VOICE
priority 64
class DATA
bandwidth 128
class class-default
fair-queue
policy-map SHAPE_384K
class class-default
shape average 384000
shape adaptive 192000
service-policy CBWFQ
interface Serial 0/0/0:0.1
ip address 177.0.112.1 255.255.255.0
service-policy output SHAPE_384K
frame-relay interface-dlci 112
mardi 1 juin 2010
IPExpert V3 Lab1
Task 2.2 CHAP Authentication with same hostname
By default chap refuse to authenticate both sides with same hostname
no ppp chap ignoreus is the magicall command that authorize that.
Task 2.5 MPLS
The missed task was to configure ldp authentication without "mpls ldp neighbor password" command.
Ways to configure LDP password :
Neighbor by neighbor
mpls ldp neighbor X.X.X.X password pass
For neighbor in an acl with multiple options :
mpls ldp password option X for ACL_NUM1 pass
mpls ldp password option Y for ACL_NUM2 pass
If not specifically defined try this password, else no password.
mpls ldp password fallback pass
Password could be required for all peer or peer in an acl
mpls ldp password required
mpls ldp password required for ACL_NUM
Task 3.5 RIP
Mask was different between 2 adjacents due to IPCP adress negotiated. Need the command "no validate-update-source'
Task 3.5 EIGRP load-sharing
When eigrp load-balance between same cost multi-past or different cost multi-path. The load-balancing done by CEF could be configured (default is per-destination) :
ip load-sharing per-parcket
ip load-sharing per-destination
By default chap refuse to authenticate both sides with same hostname
no ppp chap ignoreus is the magicall command that authorize that.
Task 2.5 MPLS
The missed task was to configure ldp authentication without "mpls ldp neighbor password" command.
Ways to configure LDP password :
Neighbor by neighbor
mpls ldp neighbor X.X.X.X password pass
For neighbor in an acl with multiple options :
mpls ldp password option X for ACL_NUM1 pass
mpls ldp password option Y for ACL_NUM2 pass
If not specifically defined try this password, else no password.
mpls ldp password fallback pass
Password could be required for all peer or peer in an acl
mpls ldp password required
mpls ldp password required for ACL_NUM
Task 3.5 RIP
Mask was different between 2 adjacents due to IPCP adress negotiated. Need the command "no validate-update-source'
Task 3.5 EIGRP load-sharing
When eigrp load-balance between same cost multi-past or different cost multi-path. The load-balancing done by CEF could be configured (default is per-destination) :
ip load-sharing per-parcket
ip load-sharing per-destination
Inscription à :
Articles (Atom)