The OSPF utilizes two methods of loop prevention when used as the PE-CE routing protocol.
OSPF Down-Bit (DN)
The DN bit is the most significant bit of the LSA options field. It’s use as the DN bit is specified in RFC 4576
The DN bit is set in type 3 LSAs sent from the PE router. Routers will not accept a Type 3, 5 or 7 LSA with the DN bit set. This effectively stops a Router from advertising a BGP learned route back in to BGP.
An issue can arise if you are using OSPF with a VRF on your CE router. Your CE router will learn prefixes from the PE router with the DN bit set and drop them. You can disable the loop prevention two ways. In newer IOSs, you can enable capability vrf-light under the ospf process on the CE router. This will disable the down bit checking.
router ospf 1 vrf [vrf_name]
capability vrf-lite
Read more…
The goal of this lab is for both BR1 and BR2 to both have an OSPF E2 default route learned from a HUB router.
BR1 should prefer the default from HUB 1 while BR2 will prefer the route via HUB 2. If either HUB is unreachable, the BR routers should have a OSPF E2 default route via the other hub.
The diagram is as follows (click to enlarge)
The issue with this design is the requirement for each branch to prefer a different hub default route. By default, they will learn equal cost paths to both hubs.
The base configurations are as follows.
Read more…
Before you start reading a disclaimer.
This post is network adapter specific. I’m using a Dell E6420 Running Windows 7 with an Intel 82579LM wired adapter.
In lieu of having multiple pc’s to test, I thought it easier to use one workstation for my CCIE training.
My CCIE lab is local which makes this easier. I’m using wireless for my internet connection. My wired connection will be a trunk in to one of my lab switch ports. The wired link will be configured as a trunk which will allow multiple Virtual interfaces with different vlans.
Read more…
Recently ine ran a challenge for EEM INE BLOG
I have yet to here anything from ine so I’m posting my code below.
Read more…
LACP is the IEEE (802.3ad) link aggregation standard. On The 3560 supports 8 active links with 8 standby links.
When using LACP, port channels are configured for either active or passive modes. Active will actively attempt to create a lacp link. Passive mode will respond to a LACP attempt from another device but attempt to create a LACP.
Rack1SW2(config-if)#channel-group 10 mode
When using LACP each switch has a system priority for the device and a port priority for each port. By default, these values are both 32768.
System priority is used to determine which switch makes the decision for adding links to the LACP bundle. Since both switches will by default have a system priority of 32768, the switch with the lowest mac address will make the decision.
Rack1SW1(config)#lacp system-priority <1-65535>
Read more…
In order to activate the Anyconnect SSL vpn for an iphone/ipad, you will need to obtain/install two licenses on your ASA.
These licenses are “AnyConnect Mobile license” and “AnyConnect Essentials” or “AnyConnect Premium Clientless SSL VPN Edition”.
The Mobile license and essentials license are licensed per device. The amount of simultaneous users will depend on your device type.
Read more…
When dealing with stub areas in OSPF, the ABR will suppress type 4 and 5 LSA’s. To maintain connectivity the ABR will advertise a default route as a summary LSA (TYPE-3).
For NSSA, a default route is not propagated by default. You must explicitly tell the ABR to send the default route into the NSSA area. This default route will be a NSSA external route ( Type-7).
router ospf <process_id>
area <area_id> nssa default-information-originate
The above output will generate NSSA Type-2 external default route (LSA type-7).
The metric type for the default route above can be changed to a Type 1 with the metric-type command.
router ospf <process_id>
area nssa <area_id> default-information-originate metric-type 1
If the area is set to NSSA totally stuby area. An Inter-area default route will be created on the ABR and sent to the NSSA totally stubby area.
router ospf 1 area
nssa <area_id> default-information-originate no-summary
The cost of the default route can be manually set as follows.
router ospf <process_id>
area <area_id> default-cost <cost>
I was using a tcl script with the IEWB to test connectivity. The extra data included with the pings made it difficult to check the connectivity. I found the below code that will ping multiple devices and output the results in a clean format with either (OK, FAILED)
Read more…
I ran in to an issue where connectivity would drop randomly for around 1 minute. Sometimes this would happen multiple times a day. Other days would have no issues. To help facilitate troubleshooting of the issue, i created an ip sla session to span the path that tracks the last 25 failures.
ip sla 1
icmp-echo 10.1.1.1 source-ip 10.1.1.2
threshold 500
frequency 10
history filter failures
history buckets-kept 25
history lives-kept 1
ip sla schedule 1 life forever start-time now
I’ve been working on my CCIE for a few months. I utilize a Cisco 2511 to connect to my lab remotely. I’ve found the following to be useful when going through mockup labs.
Exit a command (ping, traceroute, etc)
press “ctrl+shift+6″ twice consecutively
Remove all routing configuration
(config)# no ip routing
(config)# ip routing
Erase and reload all routers
You must have an active session from the 2511 (use # “show session” to verify )
send *
{enter}
wr erase
no
reload
{enter}
I’ll add more things as i think of them.
ENSGRP