ccnp tshoot topology 2019
-
- 1083 Reviews
The secure address entry can be configured by using the MAC ( SecureDynamic ) dynamically learned by the port , or by manually configuring the interface ( SecureConfigured ) and the sticy MAC address ( SecureSticky ).
Port
Route-map test permit 10
Match abd , abcd , abcdefg, etc.
10.1.25.2
10.1.12.1 from 10.1.12.1 (1.1.1.1)
5.5.5.5 ( metric 2 ) from 5.5.5.5 (5.5.5.5)
Transmit limit accumulator 0x0 (0x0) IP MTU 1500
Router bgp 345
Tables
Represents a range. Matches only one of the characters contained in the range.
Using the previous two commands, the aging time does not affect the static address entries that are statically configured. Of course, the sticky entries are not affected. These entries are never aging, but if you match the above For a command, the manually configured security address entry is also limited by the aging time.
Route Control Overview 77
Vlan 10
It can be activated in interface mode or in global mode, which is different.
MED
Tag 1111, type extern 2, forward metric 64
When the previous eight routing principles fail to optimize the optimal route, and the maximum-paths [ibgp] n is configured under the BGP process , and the value of n is 2-6, the equivalent load balancing will be performed.
Neighbor 5.5.5.5 update-source Loopback0
OSPF
In the ORIGINATOR_ID ,ccnp tshoot topology 2019, then it is known that a routing loop has occurred , so the route is ignored.
The configuration of R4 is as follows:
10
|
Interface level commands. By limiting the number of ARP packets received on an interface , you can prevent the switch that enables DAI from being attacked by the DoS . Precautions:
LEN : Number of bytes in the Agent Information field , excluding the length of the code and len fields
Neighbor R3 filter-list 1 weight 4000
Route-map OSPF3to1 permit 10 match tag 10
No auto-summary
Neighbor 10.1.23.3 local-as 201 no-prepend replace-as
Remote-ID suboption fields
RIP Version 2 Protocol Analysis
Interface vlan 100
BPDU , then he will send again. Therefore, for 802.1D , the root bridge will send BPDUs to all interfaces continuously . The non-root bridge will receive BPDUs from its own root port and send BPDUs to its designated port . Non-designated ports will not send. BPDU 's will only listen.
Note also that, because the R4 and R5 for the federal EBGP neighbor relationship, so there are also TTL is 1 problems, if they use the loopback interface to establish BGP relationship, it needs to use to neighbor 5.5.5.5 ebgp-multihop 3 command.
Because when actually deployed, SVI mouth may be more, go to if one of the no passive-interface to configure the amount may be relatively large, so you can choose to passive-interface defaut all interfaces of all passive off, and then a single interface to no passive -interface .
ORIGINATOR_ID is a 32-bit value created by a route reflector . This value is the IBGP routerID of the route initiator in the local AS . Note that this initiator is not necessarily the initiator of this route (there is experimental verification below), if the initiator finds its RID In the received route
Matching with the detailed route 172.16.32.0/24 , so eventually these two routes will be filtered out, which is inconsistent with our needs. In fact, this is the drawback of using a standard ACL to match the route, you can only match the network number of the route, and can not further match the prefix of the route.
PVLAN port type
Weight
New link Link1 between A and Root
Track 2 rtr 2 reachability
Path control 77
Set interface
Ip arp inspection limit {rate pps [burst interval seconds ] | none}
At the same time, R4 also received the 100.0 route introduced by R2 , but it was not passed to R3 . This is the principle of horizontal splitting of IBGP : " BGP routers will not pass IBGP to him and pass it to other IBGP neighbors."
No-advertise no-export
Instead of choosing R3 ? This is determined according to the routing principle of BGP (see the BGP document of Red Tea Three Cups Zhu SIR ). Here, the final impact of routing is such a rule "preferred routing from EBGP neighbors (relative to IBGP neighbors) "), R2 is the EBGP neighbor of R5 , so it is preferred.
BPDU format and operation
10.1.13.1 4 3
Experimental verification
Lab 3 : The access layer switch is inserted into option82 , and the upstream core switch also turns on dhcp snooping.
Synthesis example 2 :
BGP table version is 1, local router ID is 4.4.4.4
Receiving behavior
Neighbor 4.4.4.4 route-map LP out
No synchronization
BGP , the IBGP neighbor relationship is established between the BEs . If A has a network segment 1.1.1.0 , A injected into the BGP , and transmitted to the EBGP neighbors B ,
Vlans allowed on trunk
A single RR may have a single point of failure problem, so from the perspective of redundancy, there can be multiple RRs in a cluster , Client and each
The maximum time allowed before a KEEPLIVE or update message must be received . If Holdtime is inconsistent at both ends , both parties accept a smaller time.
The mapped ethernet vlan will be blocked
The comparison principle of OE2 is first compared to the external metric of OE2 . If they are equal, further comparison of the internal metric is the metric to the ASBR .
Switch(config-if)# ip address 192.168.10.254 255.255.255.0
Isis
Next Hop
Bgp confederation identifier 345 This command is used to tell the AS outside the federation . My local AS number is 345.
Ip local policy route-map x
Access-list 1 permit 3.3.3.0 router rip
3
Ip community-list 11 permit 100:11
Router(config)#ip dhcp excluded-address 172.16.1.100 172.16.1.103
Public
Port-security supports 802.1Q tunnel interface
(optional) configure password
Matchlog keyword in this command and the log keyword in the permit or deny ARP access-list
5.5.5.5
BPDUguard
...
PVST+
If the feature is not enabled on the local end, the data packet is either routed successfully or never routed out (discarded).
10.1.12.2
Difficult case 60
Network 100.0.1.0 mask 255.255.255.0
If DHCP snooping is turned off or this is a DHCP- free network environment, such as a pure static IP address environment, use ARP
Neighbor 5.5.5.5 weight 100
For details on the related fields of the BGP table, see the show section of the BGP Configuration section of this document.
1.1.1.0 backdoor to solve the problem, once the route becomes a local route, the AD value becomes 200 , and the router does not go to its EBGP.
We found that both O , O IA or with the FA 's OE2 routes are redistributed into BGP later, these BGP routes Next-hop are they in OSPF the IGP next hop. At the same time, the network segment where the OSPF direct connection port is activated locally will also be injected into BGP . After the injection, Next_Hop is the router (BGP update source IP) .
STP and RSTP port comparison:
The initial situation is the same as above. Let's take a look at redistributing OSPF routes into EIGRP AS 100. The configuration is of course still carried out on R2 .
10.1.13.1
Switch(config-if)# switchport mode host
Configuration example 46
Configuration command 46
192.168.255.0/24 .
LocPrf
The EBGP route should be better. I saw R5 and went to see R3 :
The above command will also tag native vlan
IGRP
After " 10.1.20.0 " is passed to R2 , since the updated subnet is consistent with the R2 interface main network, R2 receives the update, and uses the interface mask /23 as the mask of the received RIP subnet, then R2 local loading This RIP route is 10.1.20.0/23 . In fact, the prefix length of the route is wrong. We can configure a secondary address on the R2 interface. In this way, RIP will use the mask of the secondary address (if configured) to receive the route. For example, configure R2 with 10.1.123.222/24 .
