ccnp switching labs in packet tracer

ccnp switching labs in packet tracer

The route obtained by the BGP speaker from EBGP will be advertised to all its BGP neighbors (including EBGP and IBGP ). [ac 1-2]$ In this step, we run the BGP protocol on the above basis to complete the establishment of basic BGP neighbor relationships: Vlan 101 As an update source, send it to R3 . 13 We restore the experimental environment to the basic configuration: BGP neighbor relationships are as follows Then, R3 deploys the two-way re-release, so the process 2 route is injected into process 1 , then the route of the A network segment will be injected back into process 1 , so that the priority of O is greater than OE , so R1 and R2 directly ignore this. Strip routing. Will not cause other effects. Distance vector routing protocol Bgp fast-external-fallover Adjust the management distance of the routing protocol 54 Timer bgp 0 0 neighbor never goes down For example, on a PC , statically bind the gateway IP and the MAC of the gateway with arp-s to prevent arp spoofing,ccnp switching labs in packet tracer, or use the command arp for binding on the network devices of the key nodes . Abc?d Maximum frame: 1518+4=1522 Show run | in route ? Origin IGP, metric 0, localpref 100, valid, external, atomic-aggregate , best BGP routing table entry for 11.11.11.0/24, version 2 Fast switching may be called route-cache switching on some data. summary: If it is access mode, the vlan must be the same. Match ip address 1 set metric 10 8 For the original attribute, it specifies the source of the route update, which has the following values: As you can see, the route carries the atomic-aggregate attribute, which is used to inform the downstream neighbor that this is the route attribute that summarizes the route and loses the detail. At the same time, the aggregator attribute identifies the summary location ( the RouterID of the AS and the summary router ). Loc-RIB BGP router selects the route by using its local routing policy for routes in adj-RIBs-In R2#sh ip bgp Unused Ip flow-export forwards the NETFLOW audited packet to the specified device . Neighbor 1.1.23.3 distribute-list 1 out Switchport access vlan 10 Neighbor 4.4.4.4 update-source Loopback0 neighbor 10.1.25.2 remote-as 200 Vif PGM Multicast Host interface parameter IP Routing Overview BGP supports MD5 authentication. To enable MD5 authentication on the TCP connection between BGP peers , use the following command: Start a TCP connection. Prepare enough resources when BGP is enabled CISCO Note: The DHCP option-82 feature is supported only when DHCP snooping is globally enabled and on the VLANs to which subscriber devices using this feature are assigned. Flag: 0x860 Device ID At the same time, if 172.16.1.0 and 172.16.2.0 are all DOWNed at this time , the summary route also disappears. Ip default-gateway 192.168.100.254 Interface fast0/0 If R1 turns on auto-summary and network 10.0.0.0 , the subnet will be automatically summarized to R2. !! Two ACLs are created above to match the routes that need to be treated differently. By the original impact of routing attributes The EBGP neighbor learns 2.2.2.0 . The RIP management distance is 120 and the EBGP is 20. Therefore, EBGP routes are preferred . How to make R1 preferred RIP When a bridge starts to active, each port sends a BPDU every 2s , and when a port receives a better BPDU than the one sent now , the local port will stop sending if it is within a certain period of time ( But after saving for 20s ), he no longer receives better from neighbors. Management MAC table Verification Experiment 2 Impact of CLUSTER_LIST in BGP Routing SW3 immediately aging the BPDU stored on Fa0/3 , and port Fa0/3 enters the listening state and starts to send BPDUs. Each AS has an identification number ranging from 1 to 65535 , of which 64512 to 65535 are reserved for private use. Switch(config)# mac address-table static machine mac interface vlan vlan number to cancel with no mac address-static ...... Prefix list is much more controllable than access list, supports incremental modification, and is more flexible R2 's EIGRP routing process: Router bgp 345 Ip rip trigger AS Hops 1 The comparison principle mainly refers to the local use of different methods such as network or redistribute when entering an IGP route into the BGP table. When deploying the campus network, we often have the following special requirements for switches: AS_CONFED_SEQUENCE and AS_CONFED_SET Switch(config-if)# ip address 192.168.255.1 255.255.255.0 The secondary VLAN is mapped to the SVI interface of the primary VLAN , allowing for Layer 3 switching of pVLAN ingress traffic. After the trigger update is enabled, the routers at both ends of the link no longer send routing updates periodically. Of course, another problem arises. If the route in the routing table expires, it will hang, so it is necessary to trigger the update. It must be configured on both interfaces of the link, so that the routing update will be marked permanent for permanent. Last update from 10.1.12.1 00:07:30 ago Routing Descriptor Blocks: Option82 and related issues in a non-relay environment switchport trunk encapsulation dot1q switchport mode trunk Topology change mechanism Both R1 and R2 inject 100.0.1.0 and 100.0.2.0 into BGP using network . Command summary 81 BGP state machine Match ip address pref 1 set local-preference 200 STP cost to the root bridge Configure an interface as a passive interface: R1 announces the LOOPBACK network segment in the BGP process 10.1.13.1 Finally: R4#sh ip b 2. Pass the RIP update with an unnumbered address ( invalid source ) Configured on the interface, the portfast feature does not have to be implemented and can be implemented independently. Of course, it is recommended to use the portfast feature. R1 , R2 , and R3 run RIP , and 1.1.1.0/24 on R1 is not directly announced. On R2 : Redistribute ospf 1 Route-map PBR permit 20 match ip address 2 Router(config)#ip dhcp pool [pool name] Access-list 1 permit 10.1.1.0 0.0.0.255 route-map test permit 10 Match as-path 1 If the DHCP discovery message sent by the client does not contain the client-identifier , the hardware address can be used to identify the terminal device. The configuration commands are as follows: Notifacation packets , resulting in session is interrupted; it can be re- AS on the border router IN strategic direction. IP policy routing is disabled Interface loopback1 ? RIPng for IPv6 5 RIP-1 only sends RIPv1 updates The configuration of R4 is as follows: The above command only re-advertises OSPF NSSA routes into BGP. VTP mode 5.5.5.5 Route-map test permit 10 Origin IGP, metric 0, localpref 100, valid, internal Too many neighbors, managing these IBGP adjacencies will be a challenge and burden the device. Fortunately, we have two measures to help solve the problem, 1 is the route reflector 2 is federated. LocPrf This fulfills the demand. s> 172.16.11.0/24 Internal 0 packets, 0 bytes RSTP has made minor modifications to BPDUs only on an 802.1D basis : Route-map test permit 10 192.1.168.1 3 0003.47d8.c91f 2BB6488E interface-id 21ae5fbb * i100.0.1.0/24 Switch(config)# vlan 255 Switch(config)# interface fast0/1 ? Metric 100 A match to a start, the end of any single character string, such as A0 , a! Etc. External BGP Router bgp 64512 FastEthernet1/0 When LINK1 DOWN is dropped, SW2 will not receive the BPDU from ROOT , so it considers its root and starts to SW3. Access-list 1 permit 11.11.11.0 Synthesis example 2 : LLC. ( The Logical Link Control ) by the destination service access point DSAP ( Destination Service Access Point ), source service access point SSAP ( Source Service Access Point ) and Experiment 1: host-dependent After an ARP ACL , if ARP packets are denyed by the ARP ACL , these packets are directly discarded, even in DHCP snooping. Use the show spanning-tree inconsistentports command to view related entries. Establish BGP neighbor relations 4 IP Match community 11 exact-match // strict match 3.3.3.3 0 , regarded as infinity The first 8 bits of the route must match the first 8 bits of 172.0.0.0 , the other bits do not care, and the mask must be /8 , /9 , /10 , ..., /24 Since the configuration of the first experiment Rl , therefore R2 Flights 13 segments, it is preferable that Rl , this time in R2 a clear click BGP neighbor Rl , and the Rl BGP connection DOWN , R2 Flights 13 routes and preferably the R3 , After R2 and R1 restore the BGP connection and receive the 13 route update of R1 again , R2 is still preferred to R3. The experiment is completed here, we set MARK , then we will analyze the impact of various attributes on the routing. Ip rip triggered Includes 7 -byte preamble (a string of 1 , 0 intervals for signal synchronization) and a 1 -byte frame start delimiter ( 10101011 ) 2 : RIP-2 ; Gateway of last resort is 192.168.12.1 to network 0.0.0.0 C 192.168.12.0/24 is directly connected, Serial0/0 3.3 802.1D The AD value of 11.11.11.0/24 is adjusted to be larger than OSPF , for example 130 . So the configuration is as follows: Ip prefix-list 1 permit 100.0.1.0/24 ip prefix-list 2 permit 100.0.2.0/24 route-map LP permit 10 CAM is the table that the switch checks when it is used for Layer 2 switching. Case: Double Exit NAT Just match (65000) Border Gateway Protocol (BGP) Connected Technical background 40 The buddy first introduced the above network environment. This Nima is a fairly classic case. OR1 and OR2 are the egress routers of the network, which are respectively connected to the egress lines of Netcom and telecommunications. PAT is implemented on both egress routers , so that intranet users can access the extranet. In addition to OR1 , Neighbor 10.1.12.2 remote-as 200 AS_Sequence is well understood. In the case where the above figure does not make any policy, the type of AS_PATH carried by the BGP route delivered to R4 is AS_Sequence . This is an ordered list of AS numbers. When R4 receives the route update, AS_PATH is 300,100 , Route-map test permit 10 BGP routing table entry for 100.100.100.0/24, version 2 Paths: (2 available, best #2, table Default-IP-Routing-Table) Flag: 0x820 3.3.3.3 Route tag 13 ADJ-RIBs-OUT announces routes to peers 802.1q Ip helper-address 192.168.100.1 Isis Network PS : It should be noted that there will be class and classless route lookup methods, which are distinguished from classful and classless routing protocols. Flag: 0x860 Route-map PBR permit 10 match ip address 1 100 Configuring a VTP domain name By default, only the MED values of BGP routes from the same neighbor AS are compared , that is, if the two routes of the same destination are from different ASs , the MED value comparison is not performed . MED only affects the traffic between directly connected autonomous systems, and does not pass through the AS . The smaller the MED, the higher the priority. LLC. ( The Logical Link Control ) by the destination service access point DSAP ( Destination Service Access Point ), source service access point SSAP ( Source Service Access Point ) and // This command is used to advertise the real AS number of the AS outside the federation . R4 on the show ip bgp 172.16.0.0 Ge ge-value Note: If it is an EIGRP environment, you need to implement unicast update, then the route update interface can not be PASSIVE (this is different from RIP ), directly use the neighbor command to specify the neighbor. If the interface is PASSIVE , even if the neighbor is manually specified , the EIGRP neighbor relationship cannot be established normally . Neighbor 4.4.4.4 update-source Loopback0 neighbor 10.1.25.2 remote-as 200 It is valid only when the router (or Layer 3 switch) disables the routing function ( no ip routing ); BGP is a classless routing protocol, a distance vector routing protocol, and automatic summarization is turned off by default (this depends on IOS ). The same isolated VLAN and isolated VLANs cannot communicate with each other and can only communicate with the hybrid interface. There are already many arp firewalls on the market that can be recognized. Of course, there are some simple methods, such as arp-a to see if the MAC is correct. Or catch a bag and so on. Tag rewrite with Fa1/0, 10.1.13.3, tags imposed: {} via 10.1.12.2, FastEthernet0/0, 0 dependencies In the outbound direction, the distribution list can only work on the ASBR that performs the route redistribution action , and can only work on externally imported routes. Because OSPF performs re-release, these external routes are actually imported in the form of routes. Therefore, the distribution list can work normally in this case, but if it is not a local originating external route or an internal OSPF route, the out direction The distribution list is at a loss.