Escolar Documentos
Profissional Documentos
Cultura Documentos
CatOS commands
set system name <hostname> set port name <slot/port> <description> set port speed <slot/port> <speed> clear config all set enablepass set password show interface set interface sc0 <ip address mask> set vlan 3 <slot/ports> eg. set vlan 3 3/1-12 show vtp domain clear vtp pruneeligible <vlan> set spantree root [primary| secondary]
(config-if)#spanning-tree priority <priority> Check this as it could be spantree priority set set set set spantree backbonefast enable spantree root route default <next hop> route 0.0.0.0 <next hop>
ip route 0.0.0.0 0.0.0.0 <next hop> (config-if)#ip pim <pim method> spanning-tree vlan 1 root primary| secondary spanning-tree vlan 1 priority <priority (incr of 4096)>
IEEE Fast Ethernet Gigabit Ethernet STP MST RSTP CST Setting ToS on an ethernet frame
VLAN Trunking Protocol VLANs increase the number of broadcast domains. VLANs across interconnected switches require trunking. VLAN tagging involves adding another header to each frame that traverses the trunk and the header includes a VLAN identifier (VLAN ID). To create VLAN [vlan #] In VLAN configuration mode add name [name name] In interface configuration mode: [switchport access vlan #] [vtp pruning|password|domain] Show commands: [show vlan brief][show vlan #][show interface vlan #][show interface type # switchport|trunk] [show vtp status|password][show cdp neighbors] <- can be helpful Trunking protocols: o ISL Proprietary, Full Encapsulation (adds 30 bytes to ethernet frame size brings to 1548) o 802.1Q Standardized, Only a header, Defines native VLAN and does not encapsulate for that VLAN (1) (adds 4 bytes to ethernet frame size brings to 1522) o Both support 4094 VLANs -- 1-1005 normal range, 1006+ extended range VTP Period update messages (every 5 minutes) and when VLAN changes occur. VTP clients and servers react to updates based on VLAN database configuration revision number. Updates dont start until VTP domain is configured. Three VTP Modes: o Server -- Stores database in flash only o Client -- Cannot configure VTP, can receive updates, can pass them on, stores database in flash only o Transparent -- Allows VLAN configuration, Ignores VTP, passes advertisements and updates on, stores database in running config and in flash Three types of messages: Summary advertisements periodic (every 5min), contain revision number, domain name, no database info Subset advertisements only when change occurs, includes subset of VLAN database Advertisement requests request updates as soon as trunk comes up or if local dbase is lost or corrupted For VTP to work; encap (dot1q or isl), domain name and password must match throughout the domain VLAN database stored in flash memory in vlan.dat file (important command to clear file [delete flash:vlan.dat]) Transparent bridging using VTP Version 2 does not check domain name or password, it will just forward the advertisements and messages as per usual VLAN pruning dynamically decides which trunks do not need updates VTP Configuration Commands To configure Trunking first set switchport trunk encapsulation dot1q|isl| encapsulation negotiate Then set the administrative mode switchport mode access|trunk|dynamic desirable|dynamic auto To configure which vlans are switchport trunk allowed add|remove|except|all allowed to cross a trunk vlan-list To trunk to CISCO phones switchport voice vlan #] Choices for port security switchport nonegotiate disables negotiation switchport mode access disables trunking Use a parking lot vlan unused vlan Shutdown interface shutdown interface command Shutdown VLAN shutdown vlan # Clear vlan database delete flash:vlan.dat
Clear revision number by 1. Changing mode to transparent [vtp server|client|transparent] and then back again to whatever it was previously 2. Deleting vlan.dat file [delete flash:vlan.dat] and reloading switch
First half of all MAC Addresses All hosts multicast address All routers multicast address EIGRP sends Hello Packets to RIP sends Hello Packets to AllSPFDR AllSPFRouters ISL Multicast address (note this is a 40bit value) CDP sends to Destination MAC: IGMP Membership query process runs how often? Maximum value for TTL In 802.1q what is TPID Ethertype field always set to? VTP domain name limitation on 4000 series switch Bits allocated to ToS in an 802.1p frame Minimum BGP Message length Maximum BGP Message length Bits in an IPv4 address Bytes in an IPv4 address Always assign NSAP address in IS-IS as Maximum paths EIGRP can load-balance across OSPF POINT-POINT and BROADCAST hello/dead timers OSPF POINT-MULTIPOINT and NON-BROADCAST hello/dead timers Maximum NEW routes a BGP UPDATE message can advertise Current OSPF version Current BGP version Protocol number assigned to EIGRP No. of bytes in System ID for IS-IS NET for Cisco Devices Which IOS version were Prefix lists introduced Which routing algorithm do OSPF AND IS-IS use? Maximum metric for IS-IS Maximum no. of equal cost paths IS-IS can support for load-balancing Default Admin distance for IS-IS Default Admin distance for EIGRP summary route Default Admin distance for iBGP Default Admin distance for eBGP Default Admin distance for static route Default Admin distance for connected route Default Admin distance for RIP Default Admin distance for OSPF
Valid LMI Types: Cisco, ITU-T, ANSI Frame Relay Encapsulation Types: Cisco, IETF
01-00-5e 224.0.0.1 224.0.0.2 224.0.0.10 224.0.0.9 224.0.0.6 224.0.0.5 01:00:0c:00:00 01:00:0c:cc:cc: cc Runs every 60 secs 255 0x81-00 32 3 19 Octets 4096 Octets 32 4 00 6 10/40 30/120 1 v2 v4 88 6 bytes 12.0 Dijkstra 1023 6 115 5 200 20 1 0 120 110
BSCI STUFF:
IP helper addresses manage the forwarding of UDP-based broadcasts 3 types of IS-IS Hello PDUs: Level1 LAN, Level2 LAN and point-to-point 4 components of EIGRP: PDMs, RTP, Neighbor discovery/recovery, DUAL IS-IS LSP advertises routing information IS-IS CSNP will be used at initialisation IS-IS adjacency levels: Level 1 and Level 2 IS-IS pseudonode is the Designated IS (DIS) If BGP hold time is set to 0 (zero) a KEEPALIVE will never be sent IS-IS Level 1 routing is not in the Backbone. Level 2 is routing between areas IS-IS Network common items: Area ID, system ID, NSAP Selector IS-IS router types: Level 1, Level 1/2, and Level 2 IS-IS NET (Network Entity Title) uniquely defines each router on the network and has a network address made up of a system ID and an area ID IS-IS (created by ISO) relies on CLNS as its layer 3 protocol for transport IS-IS PSNP is used on a broadcast network to request an LSP it doesnt have and on a non-broadcast network its used to acknowledge receipt of an LSP IS-IS PSNP contains a list of all the LSPs for the broadcast network IS-IS network types supported are Broadcast and Point-to-Point IS-IS: By default, the Dead-Timer is 3 times the Hello-Timer
BSCI router IOS commands Change OSPF network type (config-if)#ip ospf network <network-type> Make Area 1 a NSSA area (must place on (config)#area 1 nssa all routers) Verify detailed OSPF configuration #show ip ospf information Allow interface to borrow and IP address ip unnumbered from another interface on the router Create a peer group neighbor <peer-group_name> peergroup Enable policy-based routing (not local) ip policy route-map <route-map>
OSPF:
OSPF States: Down Hello packets can be sent from this router to the neighbor but none, so far, have been received Attempt (Only valid for manually configured neighbors in NBMA network) same situation as above Init Router has received hello from the neighbor but this (receiving) routers ID was not included 2Way Bi-directional comms have been established (each router has seen the others hello packet). Router will remain in 2Way state with all but the DR and BDR in a BC or NBMA network. Otherwise it will continue DR and BDR elected at the end of this stage NB: receiving a DBD (Database Descriptor Packet) will also cause a transition to 2Way state Exstart DR/BDR elections complete and exchange of link state information begins. Master/Slave relationship formed between each neighbor relationship based on highest Router ID NB: DR could conceivably be a slave if it was elected DR by virtue of its priority and the neighbor happens to have a higher router ID Exchang Neighbors are exchanging DBD packets with each other. DBDs have e sequence number which can only be incremented by the Master (as determined during the ExStart state) NB: DBD packets contain LSA headers and describe the contents of the entire link-state database Loading Actual exchange of link-state information is happening here. Based on the LSA headers received within the DBD packets received during the Exchange state, the router sends LSRs (Link-State Requests) packets to its neighbor who responds with LSU (Link-State Update) packets. All LSU packets are acknowledged Full All routers are fully adjacent with each other and link-state databases are fully synchronised OSPF LSA 1 2 3 4 5 Type Router Network Summary Summary External Sent by All routers in an area to describe their directly attached links (Intra-area routes). These do not leave the area DR of a broadcast or Nonbroadcast segment to describe the neighbors connected to the segment. These do not leave the area ABR to describe a route to neighbors outside the area ABR to describe a route to an ASBR to neighbors outside the area ASBR to describe routes redistributed into the area. These routes appear as E1 or E2 in the routing table. E2 (default) uses a static cost throughout the OSPF domain as it only takes the cost into account that is reported at redistribution. E1 uses a cumulative cost of the cost reported into the OSPF domain at redistribution plus the local cost to the ASBR Not supported on Cisco Routers ASBR inside a NSSA to describe routes redistributed into the NSSA. LSA 7 is translated into LSA 5 as it leaves the NSSA. These routes appear as N1 or N2 in the ip routing table inside the NSSA. Much like LSA 5, N2 is a static cost while N1 is a cumulative cost that includes the cost up to the ASBR
6 7
OSPF 1. 2. 3.
categories of operation: Neighbor and adjacency initialization LSA flooding SPF tree calculation
OSPF Hello message contents: Router ID, Area ID, Auth info, network mask, Hello interval, options, router priority, router dead interval, DR, BDR, neighbor router IDs Two steps required to change an OSPF neighbor to an adjacent OSPF router: 1. Two-Way communication 2. Database synchronization
BGP Attributes: Well Known Mandatory: ORIGIN, AS_PATH, NEXT_HOP Well-known discretionary: LOCAL_PREF, ATOMIC_AGGREGATE Optional Transitive: AGGREGATOR, COMMUNITY Optional Non-transitive: MULTI_EXIT_DISCRIMINATOR (MED) BGP has four well-known communities: 1. Internet 2. NO_EXPORT 3. NO_ADVERTISE 4. LOCAL_AS
BGP Message types(value): OPEN(1), UPDATE(2), KEEPALIVE(4), NOTIFICATION(3), ROUTE-REFRESH(5)
BGP Attribute Type codes and descriptions: Valu Attribute Classification Description e Type
1 Origin Well-Known Mandatory
Specifies the origin of the path information. This attribute indicates whether the path came originally from an interior routing protocol, the older exterior routing protocol EGP, or some other source A list of autonomous system numbers that describes the sequence of ASes through which this route description has passed. This is a critically important attribute, since it contains the actual path of autonomous systems to the network. It is used to calculate routes and to detect routing loops The next-hop router to be used to reach this destination When a path includes multiple exit or entry points to an AS, this value may be used as a metric to discriminate between them (that is, choose one exit or entry point over the others.) Used in communication between BGP speakers in the same AS to indicate the level of preference for a particular route. In certain circumstances, a BGP speaker may receive a set of overlapping routes where one is more specific than the other. For example, consider a route to the network 34.15.67.0/24 and to the network 34.15.67.0/26. The latter network is a subset of the former, which makes it more specific. If the BGP speaker uses the less-specific route (in this case, 34.15.67.0/24) it sets this path attribute to a value of 1 to indicate that this was done Contains the AS number and BGP ID of the router that performed route aggregation; used for troubleshooting.
AS_Path
Well-Known Mandatory
3 4
5 6
Aggregator
Optional Transitive
Multicast configuration commands Enable PIM on an interface ip pim <pim method> Configure a IP for Rendezvous ip pim rp-address <ip-address> Point (RP) Other config commands mls rp ip Enable mls on a router
Configure int to send mlsp frames to a switch
mls rp management-interface
Configuration
Enable etherchannel Set int fa0/1 to run full duplex Change spanning tree priority Enable port 2 on card 3 Verify duplex setting on fa0/24 Set port 4 on card 3 to full duplex Set port 3 on card 2 name to sales Set hostname to CT4h Set port 3 of card 2 to 100Mbps Delete startup-config Identify port 3 Set enable mode password Set user mode password Display IP configuration Set IP address on switch
2950 Commands
duplex full spanning-tree port priority
4000 Commands
set port channel
set port enable 3/2 show interface fa0/24 set port duplex 3/4 full set port name 2/3 sales hostname CT4h set system name CT4h set port speed 2/3 100 clear config all
Set default gateway Make ports 3/1-12 part of vlan 3 show vtp status VTP information Clear prune eligibility for vlans Display cached IP-to-Ethernet translations Limit multicast network scope Enable mls on a switch Default Route
show ip arp ttl-threshold
set enablepass set password show interface set interface sc0 <ip-address mask> set vlan 3 3/1-12 show vtp domain clear vtp pruneeligible <vlan>
set mls enable set route default <dest-ip> set route 0.0.0.0 <dest-ip>
Maximum Cable distances Multi-Mode Fibre (MMF) 62.5-micron Gigabit Ethernet Single-mode 9-micron Gigabit Ethernet fibre with 2011. Terry Roswell CCNP
<260m <10km
1300nm laser Multi-Mode Fibre (MMF) 62.5-micron core with 125micron outer cladding (62.5/125) using fast ethernet From patch-panel to switch using 10BT
<400m <5m
Troubleshooting Methodologies:
1. 2. 3. 4. Gather Symptoms Isolate the Problem Fix the problem Document the Problem Resolution
When gathering symptoms try to get as granular as possible. If a user says I cant get to
host X, that is not enough. You need to also find out the following: 1. What service are they actually trying to use to get to host X (ftp, mail, telnet, web etc) 2. Can they reach other hosts in the destination subnet using the same service? 3. Can other hosts in the users subnet access host X using the same service? 4. Can the user reach other hosts in the destination network at all?, using other services? 5. Can they reach other hosts in their own subnet using the same service? 6. Can they reach other hosts in their own subnet at all? 7. Are they experiencing any other difficulties? 8. Have they EVER been successful at getting to host X?, if so, when were they last successful Table for Gathering Symptoms: Information Example Symptoms Cant telnet, ftp or get to WWW Reproducibility Is this a one-time ocurrence, or does it always happen? Reproduce it as exactly as possible Timeline When did it start? How long did it last? How often does it occur? Has the current configuration ever worked properly? Scope What are you able to access successfully via telnet or ftp? Which WWW sites can you reach, if any? Who else does this affect? Baseline info Were any recent changes made to the network configurations?
When isolating the problem use all the tools you can:
1. 2. 3. 4. Ping Traceroute Check config of source machine (default gateway, correct subnet address etc) Check router logs to see if any recent changes were made to the config or if any previously active interfaces etc went down 5. Check config of routers in the path for ACLs that could be blocking the user
ISDN ISDN
Troubleshooting Commands: Ping Clear interface bri X Show interface bri X Show interface bri X 1 2 Show controller bri Show isdn status Show dialer Show ppp multilink Debugging Commands: Debug bri Debug isdn q921 Debug dialer Debug isdn q931 Debug ppp negotiation Debug ppp packet
Network Baseline commands: (Router) Show version Show ip interface brief Show interface Show ip protocols Show ip interface Network Baseline commands: (Switch) CatOS show version show interface show vtp domain show port show trunk show spantree vlan IOS show show show show show show
End System Troubleshooting commands: ipconfig (WinXP/NT/2000) winipcfg (Win9x) ifconfig (Unix) netstat nbtstat route ping traceroute arp
Serial lines Troubleshooting commands: clear counters serial show interface serial show controllers serial show buffers debug serial interface Interface troubleshooting symptoms and causes: Symptom
<interface> is up, line protocol is up Interface is up, line protocol is up (looped) Interface is down, line protocol is down
Possible causes
Everything is working The circuit is in loopback somewhere Improper cabling No carrier signal from local provider HW failure (interface or CSU/DSU; cabling) Clocking (or lack thereof) Failed CSU/DSU Router interface problems Mismatched timing on CSU/DSU or carrier network Misconfigured interface Keepalive sequencing not incrementing Carrier Problem, noisy line L2 issues such as LMI Queued packets not sent for several seconds HW problem (eg, router interface, cable or CSU/DSU) Mismatched clocking signals Looped interface Interface shutdown Line protocol down and interface resetting periodically Unstable signalling coming from local provider Faulty cabling HW failure (eg. interface or CSU/DSU) Faulty cabling HW failure Line congestion Line speed oversubscribes the router interface capacity Local Provider problem Noisy line Faulty cabling Improper cabling HW failure Interface is capable of transmitting at higher than line speed Possible faulty hardware
Interface is being overutilised as memory available for buffering incoming and outgoing packets is running low The hardware buffer is full The RX interface is running faster than the SP can send them to the interface The IP hardware buffers cannot copy frames to the SP buffers
Keepalive problems
Interface is administratively down Lind speed is larger than the interface capacity Interface speed is
Frame Relay Troubleshooting commands show interface show frame-relay lmi show frame-relay pvc show frame-relay map
Keepalive problems
DLCI mismatch
DLCI assigned to the interface. 2. If the correct DLCI number is configured on the proper interface, contact the local carrier to verify that it has the same DLCI configured on their FR switch 1. Use the show ip interface command to display the access list applied to the interface 2. Analyse the ACL, then remove and modify, if necessary
5 guidelines for creating Network Documentation 1. Determine the scope 2. Know the objective 3. Keep it consistent 4. Make it accessible 5. Maintain it Global buffers: small, middle, big, very big, large, huge 4 categories for SHOW commands: 1. Global 2. Interface 3. Process 4. Protocol 3 categories for DEBUG commands: 1. Global 2. Interface 3. Protocol 2 Protocols used for dynamic IP address assignment: 1. BootP 2. DHCP
EIGRP In order for a route to become a feasible successor, its Advertised (Reported) Distance must be less than the Feasible Distance of the Successor. The feasible distance of the successor is the advertised distance of that route plus your distance to that router (?????) NOT CLEAR ENOUGH!!!
Further Study:
Fields contained in the BGP OPEN Message. (Version, My AS, Hold time, BGP ID, Optional Parameters length, Optional Parameters) BGP Attribute flag settings (eg. 1st high-order bit is 0, attribute is well-known, set to 1 means it is optional BGP NOTIFICATION Error codes (eg. 2 is Error is an OPEN message error) 1. Idle is the initial state of a BGP connection. The BGP speaker is waiting for a start event, 2. 3.
generally either the establishment of a TCP connection or the re-establishment of a previous connection. Once the connection is established, BGP moves to the next state. Connect is the next state. If the TCP connection completes, BGP will move to the OpenSent stage if the connection does not complete, BGP goes to Active. Active indicates that the BGP speaker is continuing to create a peer relationship with the remote router. If this is successful, the BGP state goes to OpenSent. You'll occasionally see a BGP connection flap between Active and Connect. This indicates an issue with the physical cable itself, or with the configuration. OpenSent indicates that the BGP speaker has received an Open message from the peer. BGP will determine whether the peer is in the same AS (iBGP) or a different AS (eBGP) in this state. In OpenConfirm state, the BGP speaker is waiting for a keepalive message. If one is received, the state moves to Established, and the neighbor relationship is complete. It is in the Established state that update packets are actually exchanged.
4. 5. 6.
BGP: Multiple Route-Reflectors being used for redundancy MUST ALL have the CLUSTER ID configured. BGP: confederations must have confederation ID and confederation peers configured. BGP distribute-list filters incoming and outgoing routes for a BGP session BGP route-maps filter and/or manipulate routes and/or traffic
BGP Attribute Flags
Attribute Flag
Highest bit Second highest bit Third highest bit Fourth highest bit
Flag Name
Description
Defines whether an attribute is well known (0) or optional (1). Defines whether an optional attribute is nontransitive (0) or transitive (1). Partial bit Defines whether an optional transitive attribute is complete (0) or partial (1). Extended Length Defines whether the attribute length is 1 octet (0) or 2 octets bit (1). This flag is only used (set to 1) when the attribute length is greater than 255 octets