ccnp switch 9tut
-
- 7219 Reviews
100
The default keyword has a lower priority than the detail route.
Case: Implementing intranet export data diversion through PBR
Principle of ARP protocol
Instead of tearing down and rebuilding TCP or BGP connections, only the update operation is triggered to make the new routing policy take effect. Soft reset can be used for both inbound and outbound policies only due to outbound or inbound policies.
Dhcp-snooping
In this case R1 on to R4 used strategy, 10.0 route AS_PATH insert 100 of AS number, while the results for the R4 over (64514) 100 100 , on the other side of R3 over 300 200 is 100 , R5 still preferably R4 , as ( 64512) Does not participate in the AS_PATH length calculation.
3.3.3.3
The meaning of this command here is that only 1.1.1.0 is allowed to go out of the route redistributed from the RIP routing protocol (to OSPF , there is no direction, as long as the interface is running OSPF )
Match ip address pref 1 set local-preference 100
!! Take the default route
2
Tag rewrite with Fa1/0, 10.1.13.3, tags imposed: {} via 10.1.12.2, FastEthernet0/0, 0 dependencies
CISCO default MED is 0
In a route-map statement, if there is no match statement, match all
So in fact, it is very simple, as long as the prefix and mask part of the route, respectively, use the source and destination parts of the ACL to match.
12
The meaning of this command here is that only 1.1.1.0 is allowed to go out of the route redistributed from the RIP routing protocol (to OSPF , there is no direction, as long as the interface is running OSPF )
Bibliography
None
.*
?
VLSM support
We know that the AD value of a static route is 1. The above configuration method actually changes the AD value of the static route to 10 . In this way, we have two default routes, one for the telecom exit, the AD value is the default 1 ; the other points to the education network exit, and the AD value is 10 . Then after
Both SW1 and SW2 can learn, and three-year-olds can do it.
3.3.3.3 (metric 65) from 3.3.3.3 (3.3.3.3)
Store the result of the CRC cyclic redundancy check
If there are multiple routes from the same neighboring AS and multiple paths are available through Maximum-paths , all routes with the same cost are added to Loc-RIB.
The election of the root bridge will not be said. Next, look at the two interfaces of RP and SW2, and both will receive the BPDU , and the BPDU received by the interface connected to the root will be received .
[Experiment 5 ] There are subnet routes, the subnet route prefix length is different (but both match), and the longest match
The configuration of R1 is as follows:
With Root Guard
SW2 puts the server into the same VLAN as the PC , which is equivalent to pure pass-through.
Forward Delay time listening to the learning state, or learning state to forwarding state required time defaults to 15s .
Sw1(config-if-range)#channel-group 1 mode desirable Sw1(config-if-range)#no shutdown
If multiple path originating router IDs or router IDs are the same, then the shortest path of the Cluster-List is preferred .
Set ip next-hop recursive 10.1.12.2
A frame whose type field has a value of 0800 represents an IP protocol frame.
<1-99> Community list number (standard)
When a network is directly connected, the interface is not "activated" and attempts to establish a neighbor relationship. BGP neighbor relationships need to be manually
Access-list 1 permit 192.168.1.0
3.3.3.3
All clients in the route reflection cluster should establish IBGP connections with and only with all RRs in the cluster.
Configuration example 46
The smaller the total cost of the switch to reach the root switch path, the better, related to the interface bandwidth.
(Note that in the actual environment, the situation may be quite different).
100 i
At the same time, the same OSPF route is learned from both processes and is used on a first come, first served basis. Therefore, if R3 first learns the route from R1 , it will naturally ignore the one that R2 re-releases. However, if the neighbor relationship between R1 and R3 is already obtained in R3
Configure BPDU is 0x00 and TCN BPDU is 0x80.
When UDLD detects a unidirectional link failure, it administratively shuts down the interface and prompts the user. Unidirectional links can cause various problems, including spanning-tree topology loops
Working Mechanism
Access-list 1 permit 192.168.12.0 router rip
AS64512 private AS number is not allowed to declare to the Internet , if unchecked, R3 received R1 route, the AS_PATH certainly contains 64512 This private AS number, assuming that R3 as Internet routers, how R2 on the R3 delivery route When shielding private ASs ? Just a very simple command: neighbor 10.1.23.3 remove-private-as
Frame format
After the Uplinkfast feature is activated , the switch automatically adjusts some parameters:
Data forwarding mode 13
Ip prefix-list 2 permit 100.0.2.0/24 route-map WT2 permit 10
100
Using reflector
ATOMIC_Aggregate
Destination address: The address of the host or network.
If the ibgp keyword is not associated , only EBGP routes will be equivalently load balanced (by default only for EBGP routes). If maximum-paths is not configured , the next routing principle will be followed.
Router bgp 64512
AS_PATH type 1 : AS_SET detailed
In the above figure, if both ends of the PC belong to vlan10d , if the fa0/23 port of SW1 will vlan10remove off, then the PC will definitely not be able to communicate.
Look at the top of topology, AS300 has a subnet 172.16.1.0/24 , AS400 has routes 172.16.2.0/24 .
So as long as the 1.1.1.0 network is not DOWN , R1 will always send default routes to R2 .
The above match statement is used to match the neighbor IP that sent the summary route . If you specify a copy attributes option, is inject the specific routes will inherit the path attribute of the aggregated route, or breakdown will be as locally generated routes.
R1 and R2 run OSPF , and announce the direct connection network and their respective LOOPBACK interfaces. R1 LO1 is 1.1.1.1 and R2 LO1 is 2.2.2.2.
Interface f0/3
Another recommended solution is to adjust the management distance of the routing protocol:
100
<100-500> Community list number (expanded) expanded Add an expanded community-list entry
Send TCP packet
BGP routing table entry for 172.16.0.0/16, version 4
FastEthernet0/0
Router ospf1
We know that the AD value of a static route is 1. The above configuration method actually changes the AD value of the static route to 10 . In this way, we have two default routes, one for the telecom exit, the AD value is the default 1 ; the other points to the education network exit, and the AD value is 10 . Then after
Ip community-list 11 permit no-export route-map test permit 10
?
Match ip add pre 1
Access-list 2 permit 192.168.3.0
Network 100.0.1.0 mask 255.255.255.0
?
Therefore, when the IGP route network into BGP , the MED value inherits the metric value in the IGP protocol.
Message life
The ip community-list is also like ACL . There are standard and extension points, 1-99 is the standard, and 100-199 is the extension. Extended community-list
Community number in aa:nn format Add to the existing community
To confirm, the bridge responsible for notifying the topology change will continue to send TCN BPDUs before the bridge confirms the TCN . Next, the designated bridge will generate another TCN for its own root port , and the process is sent all the way to root .
// match AS (100,2 ) and ( 200,2 )
If you reconfigure a secure access port as a trunk, port security converts all the sticky and static secure addresses on that port that were dynamically learned in the access VLAN to sticky or static secure addresses on the native VLAN of the trunk. Port security removes all Secure addresses on the voice VLAN of the access port.
Packets
Match ip address 1 set metric 20
The preferred principle is IGP > EGP > Incomplete
FastEthernet FastEthernet IEEE 802.3
200 ?
RIP-2 Only
*>i
In PVST+ , a VLAN has a spanning tree. On each switch, a unique identifier is required for each spanning tree, that is, the network.
What are the components of CEF :
BEGIN
Each group of GLBPs can have up to four member routers as ip default gateways. These gateways are called AVF ( active virtual forwarder ).
Configure RIP unicast updates:
^
Redistributing Routing Protocols 40
UDP
The pVLAN must be configured on a switch in transparent mode. Also requires VTP version 1 or 2 . It is forbidden to configure the Layer 3 VLAN interface as a secondary VLAN .
In the above example, the phenomenon we mentioned, R4 will know the route from OSPF and RIP to 192.168.1.0/24 , and finally R4 will choose OSPF route. This is a phenomenon we don't want to see in this environment, because it creates a sub-optimal path. The AD values for several common routing protocols are listed below:
Interface fast0/1
The oldest EBGP neighbor means that it is probably the most stable BGP neighbor, so it is preferred here. Of course, this rule has poor controllability and is generally not used as a routing policy. The following happens and will skip this rule:
Passed between peers . If the route attribute of the route received between EBGP peers carries Local Preference , it will be triggered.
Experiment 1
The aggregate-address command is used for BGP manual summarization. The following is a detailed explanation of all subcommands of the command.
Match community 1
The time interval between listening and learning states. Default 15S
Metric
Configuration and implementation
Activate Port-Security (on the access interface)
At the same time, R4 also received the 100.0 route introduced by R2 , but it was not passed to R3 . This is the principle of horizontal splitting of IBGP : " BGP routers will not pass IBGP to him and pass it to other IBGP neighbors."
RSTP immediately accepts these suboptimal BPDUs and returns a better BPDU .
100
Can affect BGP routing (before the equivalent load balancing),ccnp switch 9tut, somewhat similar to " tie breaker " in the path selection, is to break the tangles when tangled
Route reflector planning principle
Link aggregation mode
ACL
Ip address 192.168.10.254 255.255.255.0
learner
Path
Before routing 0bits must 0.0.0.0 ago 0 Ge bit match, in fact, all the bits does not matter, but also for the mask, that did not write ge keyword is implicit so ge 0 Le 32 , that is, cover The code length is greater than 0 and less than or equal to 32 . So this prefix list is permit
?
4. Proposal/Agreement Sequence
Vlan 10
* i
* i
10.1.23.2
If the route is passed from an IBGP neighbor and is introduced by the BGP router in the AS
IBGP horizontal segmentation
Interface level commands. By limiting the number of ARP packets received on an interface , you can prevent the switch that enables DAI from being attacked by the DoS . Precautions:
BGP route advertisement
Router(config-router)# distance eigrp internal-distance external-distance
The following priorities are reduced in order: default-originate (for each neighbor configuration), default-information-originate (for each address cluster configuration), network , redistribute , aggregate-address
R3 announces 192.168.1.0 , 2.0 , and sets the community attribute of 1.0 to no-adv.
Vlans in spanning tree forwarding state and not pruned
SW1(config)# interface vlan 10
Next turn on DAI on SW1 :
Vlans in spanning tree forwarding state and not pruned
Switch(config)# interface vlan 10
Last update from 10.1.12.1 00:07:30 ago Routing Descriptor Blocks:
The above command only re-advertises OSPF internal routes and E1 routes into BGP.
It can only be mapped to the ethernet of vlan
Again, the following topology, the phenomenon is the same as above, pay attention to the summary route using the as-set keyword, the AS_PATH of the underlying detailed route will be put into {} , which is AS_SET .
If the local BGP advertiser becomes the next hop address, the next hop field in the local BGP RIB is 0.0.0.0.
Router bgp 100
Ip route 10.1.1.0 255.255.255.0 10.1.254.1
(Optional) Configuring the security address aging time
meaning
Must be zero
Vif PGM Multicast Host interface
3.3.3.3
Lab topology and description
RIP version number:
/ / Use this command to delete
The disadvantage is that the original Ethernet frame is destroyed and the FCS is recalculated . ISL is the direct encapsulation header and trailer. DOT1q public, ISL private
200 i
A CFI of 1 is indicated as a non-classic format. Used to distinguish between Ethernet frames, FDDI ( Fiber Distributed Digital Interface ) frames, and Token Ring frames.
V1 uses broadcast, which is sent every 30s by default , using UDP port 520 (source, destination port)
Routing feedback 42
Http: Database agent URL
As shown in the figure on the left, if the PC wants to Telnet the switch, first the PC should be able to ping the switch. Secondly, the VTY should be activated on the switch and the password should be configured. Then we create a VLAN 10 on the Layer 2 switch , assign the F0/1 port to VLAN 10 , and configure an IP address for the logical interface of VLAN 10 of the Layer 2 switch , and the IP of the same network segment as the PC . In this way, the PC can access the switch. But the problem is coming, so that the PC and the switch are on the same network segment and the same VLAN . In case there is a conflict between the IP address configured by the PC and the switch, we can consider dividing the switch into one. Separate VLANs for managing these switches. This VLAN is suitable for the entire traffic network, unified VLAN and unified IP.Planning, it is the management VLAN , so the management VLAN is not a specific VLAN , not VLAN1 , which is a misunderstanding of many people. In general, we will use a more "unprecedented" VLAN ID and IP , such as VLAN255 in this lab , and the network segment.
