PVST+ & RPVST+ configuration

spanning-tree mode {pvst | rapid-pvst} ##Bridge priority## spanning-tree vlan 1-4094 priority 32768 ##STP Timers, in seconds## spanning-tree vlan 1-4094 hello-time 2 spanning-tree vlan 1-4094 forward-time 15 spanning-tree vlan 1-4094 max-age 20 ##PVST+ Enhancements## spanning-tree backbonefast spanning-tree uplinkfast ##Interface attributes ## interface FastEthernet0/1 spanning-tree [vlan 1-4094] port-priority 128 spanning-tree [vlan 1-4094] cost 19 ##Manual link type [...]

Is it EIGRP support secondary ip address

Yes the Enhanced Interior Gateway Routing Protocol (EIGRP) supports secondary addresses. However, because EIGRP supply data packets from the primary address, all the routers should be configured with the primary addresses that belong on the same subnet. Be sure that the primary address on the interface is configured for EIGRP by issuing the network command [...]

What is BGP backdoor?

In BGP it is a component that is used to modify the admin distance of eBGP in order for an interior portal routing protocol (IGP) to take precedence over an eBGP route. By default,External BGP (eBGP) has an admin distance value of 20. Administrative distance is the first criterion that a router uses to determine [...]

What is VPN?

A VPN (Virtual Private Network) is a way of making a secure connection to and from a network or computer. VPNs have been used for years, but they have become more powerful in recent years. They are more affordable and also much faster. There are many different types of VPNs available. Let’s take a look [...]

What is VDC’s?

Cisco Nexus 7000 Series switches can be segmented into virtual devices based on customer requirements. VDCs offer several benefits e.g. fault isolation, administration plane, separation of data traffic, and enhanced security. This logical separation provides the following  benefits: Administrative and management separation Change and failure domain isolation from other VDCs Address, VLAN, VRF, and vPC isolation Each VDC acts as an [...]

How to setup NAT Excemption for Site to site and Remote VPN in Cisco ASA version 8.3

—-For Site to Site VPN—- Suppose topology is 192.168.10.0/24 inside(ASA1)outside ===VPN=== outside(ASA2)inside 192.168.20.0/24 So on the ASA1 you can configure NAT Exception look like this object network local-obj subnet 192.168.10.0 255.255.255.0 object network remote-obj subnet 192.168.20.0 255.255.255.0 nat (inside,outside) 1 source static local-obj local-obj destination static remote-obj remote-obj —-For Remote VPN—- Suppose topology is 192.168.3.0/24 [...]

What is error disable state? How to recover from error disable port?

The ErrDisable feature is implemented to handle critical situations where the switch detected excessive or late collisions on a port, port duplex misconfiguration, Ether Channel misconfiguration, Bridge Protocol Data Unit (BPDU) port-guard violation, UniDirectional Link Detection (UDLD), and other causes. The error-disable function let the switch to shut down a port when it encounters physical, [...]

How to use the embedded wireshark in Cisco 3850 switches to capture the traffic

On the 3850 switches has embedded wireshark that can be used to packet capture during the troubleshooting this negate the need of SPAN to capture the traffic. -Define your source monitor capture mycap interface GigabitEthernet1/0/1 both -Set your match statement monitor capture mycap access-list myacl monitor capture mycap match ipv4 any any -Set your destination [...]

Is it possible to use distribute-list command to filter routes in OSPF?

Configuring distribute-list commands that utilize route maps will not achieve desired Link State Advertisement (LSA) filtering. Open Shortest Path First Protocol (OSPF) routes cannot be filtered from entering the OSPF database using distribute-list. The distribute-list in command only filters routes from entering the routing table, and it does not prevent LSA packets from being propagated. [...]

How to configure NAT Exemption in version 8.3 for VPN in Cisco ASA?

1) For  Point-to-point VPN Scenario is 192.168.1.x/24 inside(ASA1)outside ===VPN_tunnel===outside(ASA2)inside 192.168.2.0/24 If you were configuring ASA1 nat exemption for this site to site VPN tunnel, it would look like this: object network obj-local-subnet subnet 192.168.1.0 255.255.255.0object network obj-remote-subnet subnet 192.168.2.0 255.255.255.0 nat (inside,outside) 1 source static obj-local-subnet obj-local-subnet destination static obj-remote-subnet obj-remote-subnet 2)For Remote access VPN [...]

Suppose server x is not able to reach server y through the ASA firewall how you will troubleshoot the connectivity?

To check if the access is allowed through the ASA you can use the command packet-tracer packet-tracer input Inside tcp 10.1.1.10 80 (source address/port) 172.16.1.10 80 (Destination addree/port) detailed Packet-tracer will check multiple parameter such as nat,cal,route etc to check if the access is allowed or not. If something is blocking the access it will [...]

What is WCCP?

WCCP (Web Cache Communication Protocol) allows Cisco IOS routing platforms to transparently redirect content requests. The main benefit of transparent redirection is that users need not configure their browsers to use a web proxy. Instead, they can use the target URL to request content, and have their requests automatically redirected to a cache engine. The [...]

What is VSS?

The Virtual Switching System (VSS) is a clustering technology that combines two Cisco Catalyst 4500 or 6500 Series into a single virtual switch. In a VSS, the data plane of both clustered switches is active at the same time in both chassis. VSS members are connected by virtual switch links (VSLs) using standard Gigabit or [...]

How to configure GLBP?

Gateway Load Balancing Protocol (GLBP) provides redundancy for IP networks, ensuring that user traffic immediately and transparently recovers from first hop router failures, while allowing packet load sharing between a group of redundant routers. GLBP provides load balancing over multiple routers (gateways) using a single virtual IP address and multiple virtual MAC addresses. Each host [...]

What are the new features in the new Cisco ASA version 9?

1.)Cisco TrustSec integration: In this release, the ASA integrates with Cisco TrustSec to provide security group based policy enforcement based on the roles of source and destination devices rather than on network IP addresses. 2.)Cisco Cloud Web Security (ScanSafe): This feature provides content scanning and other malware protection service for web traffic. It can redirect [...]

What ports are used for the VPN?

Internet Protocol Security (IPSec) uses IP protocol 50 for ESP (Encapsulated Security Protocol), IP protocol 51 for Authentication Header (AH), and UDP port 500 for IKE Phase 1 negotiation and Phase 2 negotiations. UDP ports 500 and 4500 are used, if NAT-T is used for IKE Phase 1 negotiation and Phase 2 negotiations Secure Sockets [...]

How to enable authentication in OSPF?

There are two ways of authentication in OSPF. 1) Clear text authentication 2) MD5 authentication 1) Clear text authentication Area based authentication Cisco_Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Cisco_Router(config)#interface f0/0 Cisco_Router(config-if)#ip ospf authentication-key cisco@123 Cisco_Router(config-if)#exit Cisco_Router(config)#router ospf 100 Cisco_Router(config-router)#area 2 authentication Cisco_Router(config-router)#exit Interface based authentication Cisco_Router(config)#int fa0/0 Cisco_Router(config-if)#ip ospf authentication [...]