ccnp switch best book

ccnp switch best book

Ip dhcp snooping trust The address family message is always 2 by default , and is 0 when requesting the entire routing table. Method two: neighbor xxx default-originate The original attribute is i , so R3 and R4 learn BGP route 1.1.1.0 from R1 and R2 at the same time . After the decision, the traffic to 1.1.1.0 will be sent from R2 to R1 , so the sub-optimal path is obtained. Route-map LP permit 20 match ip address pref 2 set local-preference 200 The range is 10 - 1000000 The following is the change of the packet after MD5 authentication is configured (all TCP packets have MD5 HASH field added): 3.3.3.3 (metric 65) from 3.3.3.3 (3.3.3.3) Port Paths: (2 available, best #2, table Default-IP-Routing-Table) Not advertised to any peer Arp spoofing solution BGP comes in 1 and other routes are 20 , and the metric between OSPF remains unchanged. ? * i R3 and R4 , R4 and R5 establish IBGP neighbor relationships, and R3 R4 R5 uses LOOPBACK as the update source and refers to the neighbor . In the R3 , the route AS_PATH learned from R2 about 1.1.1.0 will become " 6666 200 i ", because R3 receives 1.1.1.0 R2#sh ip bgp *> 100.0.2.0/24 The two networks of network 100.0 on R1 and R2 enter BGP , then the BGP table on R4 : Ip detects whether the IP address in the ARP body is invalid or unexpected, such as 0.0.0.0 , 255.255.255.255 , and multicast IP address, which are considered invalid IP . SenderIP verifies whether the message is an ARP request or response . And targetIP only if the message is the ARP response will be verified when Neighbor 1.1.1.1 route-map COST1 in neighbor 3.3.3.3 route-map COST2 in Holddown timers are ignored in some versions of IOS , that is, they do not take effect even if they are set. Neighbor 10.1.13.1 remote-as 100 The address of the slave is the optimal next hop address. This is a feature that is used in large and medium-sized networks to make the configuration "modular". 3.0 this route. This is an example of the use of a distribution list. Of course, it has a wider range of applications. The frame to which the Native VLAN belongs is not tagged when it passes the trunk . Path attribute Note that if you attempt this time SW2 on F0 / 2 interface priority piecemeal, and it is useless, because the port is looking at the sender ID . So if on SW1 , the port priority of F0/2 is reduced. Then on SW2 , F0/2 will win as the root port. STP cost to the root bridge Address 10.1.12.1(10) Hostname R4 interface fa0/0 V Ip route 0.0.0.0 0.0.0.0 null0 router bgp x If you turn on always-compare-med 30.30.30.0/24 Note inconsistent with err-diasble difference is, ERR-disable will disable off the entire interface, and inconsistentport is for a particular VLAN 's. Ip detects whether the IP address in the ARP body is invalid or unexpected, such as 0.0.0.0 , 255.255.255.255 ,ccnp switch best book, and multicast IP address, which are considered invalid IP . SenderIP verifies whether the message is an ARP request or response . And targetIP only if the message is the ARP response will be verified when If R1 turns on auto-summary and network 1.1.1.0 , the announcement is unsuccessful. 100 Logical aggregation of similar links Complete the basic interface IP configuration . Add the following configuration on R2 : Exist-map The KEEPALIVE message actually compensates for the defect that TCP cannot confirm the peer's survival. Path Bgp dampening half-life reuse limit limit limit maximum inhibition time Questions ? Neighbor 10.1.12.1 remote-as 13 Exit Ip dhcp relay information trust-all Bgp confederation identifier 345 bgp confederation peers 64513 neighbor 3.3.3.3 remote-as 64512 The frame to which the Native VLAN belongs is not tagged when it passes the trunk . Lead ( PreambIe ) Configure the secure address of each interface ( Secure MAC Address ) Vlan 100 The use of one-arm routing can solve the problem of data exchange between VLANs , but there are also various drawbacks, such as the interface of the router, the load is too large, and the traffic needs to enter and exit the interface or link twice, causing the load on the trunk link to be too heavy. And the scalability is particularly poor. Vif PGM Multicast Host interface Path A single RR may have a single point of failure problem, so from the perspective of redundancy, there can be multiple RRs in a cluster , Client and each Match 100 , 1400 , 300 400, etc. 192.168.1.0 declares that it has entered RIP , and R3 and R4 can learn this route and load it into its own global routing table. Then if we are at Alternate port: Discard status. In addition to the root port and other ports to the root path, if the active root port fails, the replacement port becomes the root port, so the alternate port can be understood as an alternative to the root port. The configuration is as follows: Switch(config)# vlan 20 Since the AS_PATH attribute does not change within the AS (only when the route leaves the AS ), the AS inner loop has a horizontal splitting mechanism, and the route reflector actually relaxes the horizontal splitting principle . This will bring some hidden dangers to the loop. Therefore, the route reflector needs to use the following two attributes to prevent loops: Length : indicates the full length of the BGP packet, including the header. The physical interfaces belonging to a port-channel must have the same configuration as below. 4 Comparative principle 1,10,20,30 Address 10.1.12.1(10) Ip address 10.1.25.2 255.255.255.0 RIPv2 supports authentication by changing the field in the RIP message that should normally be the first route entry . In the single update message with authentication , the maximum number of route entries that can be carried is reduced to 24 . Traffic share 1 Virtual-PPP Virtual PPP interface Virtual-Template Virtual Template interface 30.30.44.45 /24 The standard ACL active part and destination part use the source matching route prefix and use the destination part matching route mask. Advanced features 38 A default route will be published into the RIP and passed to other routers. For example, R1 , R2 , and R3 run RIP and open loopback on R1 . ! Second , select a root port on the non-root bridges SW2 and SW3 , as shown in the figure, because these ports reach the minimum overhead of SW1. Non-default (manually configured non-default) priority and cost unchanged R1 , R2 , and R3 run RIP and only announce the direct link between the three. In R1 the ip default-network 172.16.0.0 What is the cause of this phenomenon? R4 does not pass the route that R1 introduces and passes through R3 to R5 . Route 2 : AS_PATH : 100 100 i Neighbor 10.1.25.5 remote-as 345 no auto-summary * i First ensure that R1 , R3 to 10.1.1.0 are routed, and test on R2 : Feature Overview 50 Blocking to forwarding state usually takes 30-50s (default 50S , ie 20+15+15 ), this time can also be adjusted by configuring the spanning tree timer. Management VLAN of the Layer 2 switch R4 [Experiment 4 ] There is a main class network; there is a subnet route (match), the longest match Router(config-dhcp)#network [network address][subnet mask] Type echo protocol ipIcmpEcho 10.2.2.2 source-ipaddr 10.2.2.1 frequency 10 Experimental verification Gratuitous ARP , the free ARP is a special ARP Request/response message, that is, the Sender IP is the same as the Target IP (usually used for IP collision detection). Two-point two-way route is re-released Match ip address prefix-list 1 route-map RP2 permit 10 The ETHERNET_SNAP standard was developed by the IEEE 802.1 committee to ensure interoperability between IEEE 802.3 LAN and Ethernet. Router bgp 64513 BGP table version is 1, main routing table version 1 Path The adjacency list in the CEF component is used for MAC or Layer 2 rewrite information. Neighbor 10.1.23.3 remote-as 13 During the above events, the contents of the following fields will not change: When an RSTP switch receives a BPDU with the TC bit set , it will: Arp replies sent: 3 Forwarder 2 Configure the switch to verify that the source MAC address in a DHCP packet received on untrusted ports matches the client hardware address in the packet. The default is to verify that the source MAC address matches the client hardware address in the packet. Version Update timer update timer The smaller the MED, the higher the priority 3.3.3.3 (metric 65) from 3.3.3.3 (3.3.3.3) RIP Version 2 MIB Extension 100 i Directional strategy. Notification message The update is sent. At this time, both parties have their own routes, but 1.1.1.1 cannot ping with 2.2.2.2 . Obviously this method is too poorly scalable. RSTP immediately accepts these suboptimal BPDUs and returns a better BPDU . The result found can be understood as a pointer to find the associated outbound interface: What is the cause of this phenomenon? R4 does not pass the route that R1 introduces and passes through R3 to R5 . Abc*d Match ip add pre 1 Route-map test permit/deny 10 May be provided for routing cost , cost-ID is equal to the time, preferably cost small. If the cost is equal, select the cost-ID is small. Access-list 1 permit 1.1.1.0 ? * i Router ospf 1 Reference material Route reflector RR description 4 Weight The BGP AS is planned as follows: R1 , R2 , and R3 each have a network loopback route in the BGP process (without any policy); route summarization is performed on R4 and R5 respectively: Dhcp snooping binding database . as follows: Modify the default AD value of BGP . The command is as follows: ? For example, if you go to a destination and there may be multiple equal-cost paths, you may actually use one of them when forwarding data. Use this command to see which interface is actually used for traffic forwarding. VTP Operating Mode : Server Maximum VLANs supported locally 1005 Then all the 172 network segments on R1 and R2 are suppressed. At the same time, since the route-map test only matches the 1.0 and 2.0 network segments (in AS100 ), this summary route, AS_PATH only inherits AS100 , which is 300 100 ; Example 1 : Using route-map to associate neighbor filtering routes The default native vlan is vlan 1 On the debug information we found: R1 and R3 , R2, and R5 establish an EBGP neighbor relationship. Y 10.1.13.3 The packet is captured as follows ( R3 sends the BGP update package to R4 ): 2 : RIP-2 ; Ip prefix-list 1 permit 1.1.1.0/24 route-map test Router# sh ip bgp summary R1(config-router)#distribute-list 1 in ? // All interfaces 200 Verify BGP routing rules and test BGP related policy tools. ICMP redirects are always sent No synchronization Switch(config-if)# switchport access vlan 10 Community Subnet Mask Let 's take a look at the features of BackboneFast : ? Router bgp 123 200 i Communicates with only promiscuous ports * IGP At this point, the direct connection is re-released on R2 , and it is found that 1.1.1.0 has not been re-released into RIP. LocPrf 100 At this time, on R4 , only 1.1.1.0/24 and 192.168.13.0/24 can be learned. Next Hop / / Start bgp dampening , the default is valid for all EBGP routes, you can also add route-map The above command only re-advertises OSPF internal routes and E1 routes into BGP. 0 , regarded as infinity Adding the summary-only parameter will only pass the summary route, and the detail route will be suppressed. The summary route generated in this case will lose the AS_PATH attribute of the underlying detail route , so there may be some hidden dangers. None The port mac of the Layer 2 switch is used here :) The portfast interface is enabled to activate the bpdufilter feature. Instead of tearing down and rebuilding TCP or BGP connections, only the update operation is triggered to make the new routing policy take effect. Soft reset can be used for both inbound and outbound policies only due to outbound or inbound policies. VLAN IDs of the allowed VLANs when this port is in trunking mode add VLANs to the current list *>i100.0.1.0/24 Received a Layer 2 frame. Represents a range. Matches only one of the characters contained in the range. Match length matches according to the third layer length of the packet Next Hop The mechanism of proposal agreement is very fast, because they are not limited to any timers. This handshake mechanism will quickly spread to the entire switching network end and can quickly converge when the topology changes. R1 and R3 , R2, and R5 establish an EBGP neighbor relationship. This way the routing table: In the nogotiate permanent link aggregation mode, the neighbor must be manually configured as a trunk gate and no DTP frame is sent . Generally used when the peer device does not support DTP . For details on the BGP neighbor table field, see the show section of the BGP Configuration section of this document. IP Routing Table 5 Deception process ARP Request Experiment 1 Technical analysis: 10.1.31.0/24 This subnet has been successfully updated " 10.1.31.0 " because it is the same as the main source of the R1 update source interface . First, in order to avoid the suboptimal path problem, we use the distribution list in the in direction on R2 and R3 to filter out 1.1.1.0 . // AS200 is the Primary AS and is used to configure the BGP process. * i Route . 1 : the AS_PATH : 100 the MED : 200 is External RouterID : 1.1.1.1 Ip default-network 172.16.0.0 If a DHCP relay is also deployed on the switch, the switch adds the relay address to the DHCP packet. This is the general case, of course, there are two situations, it depends on the specific environment and the specific routing protocol. 8 Ip route-cache flow show ip cache flow 3.3.3.3 ? Route-map WT2 permit 20 match ip address prefix-list 2 set weight 200 Origin IGP, metric 0, localpref 100, valid, internal, best In direction basic configuration -------------- The configuration is as follows: 16 bytes After configuration, it is found that the soft-clear route is useless. There is no way to reset the bgp connection with clear ip b * . Then the 8.8.8.0 route AS_PATH seen on R12 is: 11 9 ? GLBP automatically manages the allocation of virtual MAC addresses and decides who is responsible for handling the forwarding work. These functions are performed by AVG ( active virtual Redistribution will only perform re-release actions on routes in the routing table. The basic interaction process is as follows (the process described below is independent of the above diagram): Neighbor management 4 By default , the rate on the DAI untrusted interface is 15 pps , while the trusted interface is unlimited. 0.0.0.0 * i Address family The next outgoing interface of the route is the port of the match . Option82 and related issues in a non-relay environment Port Vlans in spanning tree forwarding state and not pruned Summary of 192.168.0.0/16 on R2 The maximum number of secure MAC addresses allowed by default is 1 Multicast capability Network 30.30.30.0 mask 255.255.255.0 Private AS number Timer verification The experiment is completed here, we set MARK , then we will analyze the impact of various attributes on the routing. AS number . 2B , but with the network development, . 2B is not enough, so now expanded to 4 Ge B router bgp? You can view (Note: only available in certain IOS supported under version) Interface level commands. By limiting the number of ARP packets received on an interface , you can prevent the switch that enables DAI from being attacked by the DoS . Precautions: Service dhcp Route-map test permit 20 Private-vlan ioslate R1 and R2 run OSPF , and announce the direct connection network and their respective LOOPBACK interfaces. R1 LO1 is 1.1.1.1 and R2 LO1 is 2.2.2.2. Tftp: Database agent URL Network Next Hop Metric LocPrf Weight Path Hostname R1 interface s0/0 (interface) ip load-sharing per-packet UPDATE message *>i Fa0/20 1,10 Ip route 100.1.0.0 255.255.0.0 null0 10.1.13.3 Debug dhcp detail Again, the following topology, the phenomenon is the same as above, pay attention to the summary route using the as-set keyword, the AS_PATH of the underlying detailed route will be put into {} , which is AS_SET . *>i R3 , R4 , and R5 run OSPF , announcing the three interconnect interfaces and their respective LOOPBACKs. We look at the above chart, two switches trunk both ends of the native vlan is not the same, what's the problem? First, the vlan2 communication at both ends is certainly no problem, but the communication between vlan3 and vlan4 has a problem . The data frame sent by the user of the left vlan3 goes out of the trunk from the left switch , and is not tagged, but these data frames are sent to the right switch. It will think that these data frames belong to vlan4 , which is a problem.