Pete's Packet

Limitless

  • Catagories

  • Global visitors

    free counters

  • RSS CCIE Jobs – Metro NY area

    • Senior Network Engineer
      Titan Computer Services New York, NY
    • Architect
      Tekmark Global Solutions LLC New York, NYJob description: ...6) Visio drawings 7) Voice/data convergence 8) Data center design 9) Firewalls/security 10) CCIE Written Roles and Responsibilities: -Provide Network Architectural direction to various client outsourced customer accounts-Works with...
    • Sr. Network Engineer Cisco - Somerset NJ or Jersey City
      Confidential Company Somerset, NJJob description: ...industry knowledge* Excellent communication and interpersonal skills* Excellent customer presentation skills** Cisco Certifications preferred (CCNA, CCNP,CCIE).We are committed to a policy of Equal Employment opportunity and will not discriminate on any legally...
    • Senior Network/Communications Engineer
      Next Level Business Services, Inc. New York City, NYJob description: ...CCDP (Cisco Certified Design Professional)CCSP (Cisco Certified Security Professional)CCIE (Cisco Certified Internet Expert; Routing and Switching or Security)CISSP (Cisco Information Systems Security Professional)...

Archive for May, 2009

« Previous Entries

Nat notes from the doc cd

Posted by Peter Kurdziel on May 29, 2009

Determine how you will use NAT and how NAT will need to be configured.

1. Define NAT inside and outside interfaces by answering the following questions:

– Do users exist off multiple interfaces?

–Are there multiple interfaces going to the Internet?

2. Define what is trying to be accomplished with NAT by answering the following questions:

–Should NAT allow internal users to access the Internet?

–Should NAT allow the Internet to access internal devices such as a mail server?

–Should NAT redirect TCP traffic to another TCP port or address?

–Will NAT be used during a network transition?

–Should NAT allow overlapping networks to communicate?

–Should NAT allow networks with different address schemes to communicate?

–Should NAT allow the use of an application level gateway?

If you specify an access list to use with a NAT command, NAT does not support the commonly used permit ip any any command in the access list.

In a typical environment, NAT is configured at the exit router between a stub domain and backbone

NAT uses the following definitions:

Inside local address—The IP address that is assigned to a host on the inside network. The address is probably not a legitimate IP address assigned by the Network Information Center (NIC) or service provider.

Inside global address—A legitimate IP address (assigned by the NIC or service provider) that represents one or more inside local IP addresses to the outside world.

Outside local address—The IP address of an outside host as it appears to the inside network. Not necessarily a legitimate address, it was allocated from address space routable on the inside.

Outside global address—The IP address assigned to a host on the outside network by the owner of the host. The address was allocated from a globally routable address or network space.

NAT types include:

•Static Address Translation—Static NAT—allows one-to-one mapping between local and global addresses.

•Dynamic Address Translation—Dynamic NAT—maps unregistered IP addresses to registered IP addresses of out of a pool of registered IP addresses.

•Overloading—a form of dynamic NAT that maps multiple unregistered IP addresses to a single registered IP address (many to one) using different ports. This method is also known as Port Address Translation (PAT). By using PAT (NAT Overload), thousands of users can be connected to the Internet using only one real global IP address.

Inside Source Address Translation

  1. ip nat inside source static local-ip global-ip
  2. interface type number
  3. ip address ip-address mask [secondary]
  4. inside & outside nat interfaces

Configuring Dynamic Translation of Inside Source Addresses

  1. ip nat pool name start-ip end-ip {netmask netmask | prefix-length prefix-length}
  2. access-list access-list-number permit source [source-wildcard]
  3. ip nat inside source list access-list-number pool name
  4. inside & outside nat interfaces

Allowing Internal Users Access to the Internet Using NAT

Inside Global Addresses Overloading

  1. ip nat pool name start-ip end-ip {netmask netmask| prefix-length prefix-length}
  2. access-list access-list-number permit source [source-wildcard]
  3. ip nat inside source list access-list-number pool name overload
  4. inside & outside nat interfaces

Posted in IP Services, NAT, Routing & Switching Lab | Leave a Comment »

Enabling Syslog for Logging NAT Translations

Posted by Peter Kurdziel on May 28, 2009

Enabling Syslog for Logging NAT Translations

SUMMARY STEPS
1. enable

2. configure terminal

3. ip nat log translations syslog

4. no logging console

Posted in IP Services, NAT, Routing & Switching Lab | 2 Comments »

troubleshooting cat 6500 QOS

Posted by Peter Kurdziel on May 27, 2009

troubleshooting cat 6500 QOS
sh run
sh mls qos
sh tcam count
sh int slot/port capability
sh queing interface slot/port
remote com sw sh qm-sp
port-data slot/port
sh policy-map inter (software)
sh mls qos ip (hardware)
sh tcam int (hardware)
sh mls netflow ip

Posted in Real World, Routing & Switching Lab | Leave a Comment »

OSPF Path Types

Posted by Peter Kurdziel on May 27, 2009


Path Types

Intra-area
Destinations within the area

Inter-area (IA)
Destinations in another area but within the OSPF AS

Type 1 external (E1)
Destinations outside the OSPF AS
Total cost = external cost + cost to the ASBR

Type 2 external (E2)
Destinations outside the OSPF AS
Total cost = external cost

Posted in OSPF, Routing & Switching Lab | 1 Comment »

OSPF ABR default route (if a match is made in the route-map)

Posted by Peter Kurdziel on May 27, 2009

In this case, the ABR will only generate a default if some subnet within 10.1.1.0/24 is in the local routing table

default-information originate route-map default
route-map default permit 10
match ip address 10
!
access-list 10 permit 10.1.1.0 0.0.0.255

Posted in OSPF, Routing & Switching Lab | Leave a Comment »

OPSF Can Filter Routes in Three Places:

Posted by Peter Kurdziel on May 27, 2009

OPSF Can Filter Routes in Three Places:

When redistributing into OSPF, using route maps.
Filter received routes from the routing table (local only – still in database)

At the area border, using an ABR type 3 filter.
Filter routes advertised via Type 3 LSAs on an ABR (between areas)

On any router, between the OSPF database and the local routing table.
Filter routes on an ASBR (redistributed from another protocol)

OSPF can filter external routes at the ASBR redistributing the routes
Use a route map to permit or deny the correct routes
Prefix lists will also work in this application
router ospf 100
redistribute connected route-map externals subnets
….
route-map externals permit 10
match ip address 10
….
access-list 10 permit 10.1.0.0 0.0.1.0

An OSPF ABR can filter the routes inserted into a Summary LSA (Type 3)
Use a prefix list to permit the ABR to insert routes into the Summary LSA (Type 3) generated into Area 0

router ospf 100
area 1 filter-list prefix area1 out
….
ip prefix-list area1 seq 10 permit 10.1.0.0/24
ip prefix-list area1 seq 20 permit 10.1.1.0/24

Posted in OSPF, Routing & Switching Lab | Leave a Comment »

Common OSPF issues

Posted by Peter Kurdziel on May 27, 2009

Troubleshooting OSPF Commands

Show IP OSPF
Show IP OSPF Database
Show IP OSPF Database Database-Summary
show ip ospf neighbor
show ip ospf neighbor detail
show ip ospf interface
show ip ospf virtual-links
sh ip ospf stat
show ip ospf borders-routers
show ip ospf database self-originate
show ip ospf database adv-router x.x.x.x

Adjacency Is Not Coming Up

Layer 2 is down
OSPF not enabled on the interface
Mismatched subnet mask
Mismatched authentication key
Mismatched area ID
Mismatched transit/stub/NSSA option

Useful Commands for This Problem
Show IP OSPF neighbor
Show IP OSPF interface
Debug IP OSPF adjacency

OSPF Neighbor Stuck in ? State

Useful Commands for This Problem
Show IP OSPF neighbor
Debug IP OSPF adjacency

Reasons for Stuck in ATTEMPT

Our hellos are getting lost in NBMA cloud
Neighbor hellos are getting lost in NBMA cloud
We received neighbor’s hello but rejects it for some reason
Misconfigured neighbor statement
Broken Unicast

Reasons for Stuck in INIT

One side is blocking the hello packet with access-list
One side is translating (NAT) OSPF hello
One side multicast capabilities is broken (Layer 2)
Dialer map or Frame Relay map is missing keyword ‘broadcast’

Reasons for Stuck in 2-WAY

This is normal in broadcast network types
This is to reduce the amount of flooding on the wire
Problem can happen if all the router are configured with priority equal to ‘0’
Take care which routers are configured with priority 0 so they don’t participate in DR election

Reasons for Stuck in EXSTART/EXCHANGE

MTU mismatch—EXCHANGE
Note: If Cisco IOS is < 12.0.3 neighbor will show stuck in EXCHANGE
Neighbor RID is same as ours—EXSTART
Note: If Cisco IOS is > 12.0.7, it displays msg: %OSPF-3-DUP_RTRID & OSPF neighbor list will be empty
Unicast is broken—EXCHANGE
a. Wrong VC/DLCi mapping in frame/ATM environment in highly redundant network
b. MTU problem, can’t ping across with more than certain length packet
c. Access-list blocking unicast; after two-way OSPF send unicast packet except p2p links
d. NAT is translating unicast packet
Between PRI and BRI/dialer and network type is p2p—EXCHANGE

Reasons for Stuck in LOADING

LS request is being made and neighbor is sending bad packet or mem corrupt
a. Do show IP OSPF bad to see bad LSA
b. Show log will show OSPF-4-BADLSATYPE msg
LS request is being made and neighbor is ignoring the request
MTU mismatch problem (RFC 1583 and 2178 compatibility issue) CSCee23634 (R). OSPF should detect if the neighbor MTU is smaller than ours. Currently available in latest 12.3 and 12.0S.

Information Is in the DB but Not in the RT
Useful Commands for this Problem
Show IP OSPF interface <interface>
Show IP OSPF database <x>
Where ‘x’ can be router, network, summary, summary-asbr, external, NSSA

Mismatched Network Types
Point-to-Point Numbered and Unnumbered Links
Different Mask or IP Subnet on P2P Links
Address Flipped on Dual Links
Forwarding Address Problem
Discontigous Backbone

Reasons for SPF Running Constantly

Useful Commands for This Problem
Show IP OSPF stat
Show IP OSPF database
Show IP OSPF database database-sum
debug IP OSPF

Reasons for NSSA ABR Not Translating Type 7 LSA
Only NSSA ABR with the highest RID does the conversion

Posted in Real World, Routing & Switching Lab | Leave a Comment »

OSPF Stub Area’s

Posted by Peter Kurdziel on May 27, 2009

Stub Area = allows intra+inter LSA types but does not allow external. replace the Type 5 with a default route (use a summary default created by the ABR)
“area XX stub”

Total Stub Area = No Inter-Area routes allows intra routes and replaces summary(LSA3) and external with a default route (use the summary created by the ABR)
“area XX stub no-summary”

NSSA Area = Stub area with an ASBR in it allows intra + inter area routes but does not allow external (LSA5). Does allow redistribution and LSA 7. (only external routes are from the ASBR)
“area XX nssa”

NSSA Total Stub Area = Total Stub Area with an ASBR in it. Allows intra + adds a default route for summary. does not allow external but does allow redistribution.
“area XX nssa no-summary”

type
cmd

lsa
default route injected without :default-info originate?
stub area xx stub 1,2,3,4 yes
totally stubby area x stub no-summary 12, default of 3 yes
nssa area x nssa 1,2,3,4,7 no
not so totally stubby area x nssa no-summary 1,2, default of 3, 7 yes

=========
Stub areas don’t receive summary LSAs (type 3) from their ABR

Totally Stub areas don’t receive summary LSAs (type 3)  or external routing information (types 4 or 5) from their ABR

Not So Stubby Areas (NSSA)
Routes redistributed into OSPF are generated as NSSA externals (type 7) by the ASBR
The ABR converts these routes to externals (type 5)
The ABR generates a border router (type 4) LSA for the ASBR
The ABR does not flood any summary (type 3) LSAs into the area

Totally Not So Stubby Areas (Totally NSSA)
Routes redistributed into OSPF are generated as NSSA externals (type 7) by the ASBR
The ABR converts these routes to externals (type 5)
The ABR generates a border router (type 4) LSA for the ASBR
The ABR does not flood any summary (type 3) LSAs into the area
The ABR does not flood any external routing information (type 5) or border router (type 4) LSAs into the area

With a stub area, no external routes can be propagated into it. You could use a stub area, for example, for a branch office that has no connection other than to head office. In that case, you might make it totally stubby, that is, give it only a default route.

An NSSA is a bit like a stub as far as the internal OSPF topology is concerned, but it is allowed to connect to the outside world. In other words, it is allowed to have an ASBR border router. Imagine you had a branch office that had an external link, say, to the Internet. You could run that as an NSSA, but not as a stub.

=======

allowed LSA’a
area type 1&2 3 4 5 7
Backdone -Area 0 Yes Yes Yes Yes No
Non-Backdone, non-stub Yes Yes Yes Yes No
Stub Yes Yes No No No
Totally Stubby Yes No*& No No No
Not so stubby Yes Yes No No Yes
*single type3 per ABR, advertising a default route.

Posted in OSPF, Routing & Switching Lab | 1 Comment »

Check this out!! Must see

Posted by Peter Kurdziel on May 25, 2009

Krzysztof Zaleski’s website

http://inetcon.org/study_en.html

Mind maps:
http://inetcon.org/study/CCIE_RS_Quick_Review_Kit.pdf  – 2009.05.22 New!!!

Posted in Routing & Switching Lab | Leave a Comment »

Day 112 – mock lab

Posted by Peter Kurdziel on May 24, 2009

There were at least 2-3 things on the mock lab that I do not remember seeing before.

Some things I need to watch out for, especially when I’m tired;

  1. typo’s.
  2. exploring my options based on the task’s WORDING.
  3. work on speed

I have 2 more of Narbiks workbooks I need to go over. Once I’m done I want to go over them all again once really quickly taking notes on what I forgot or what I get stuch on.   This is where my base is so I want to spend some time on it but I don’t want to spend too much time. Then I can start hamming out the full labs.

Posted in Routing & Switching Lab | Leave a Comment »

« Previous Entries
 
Follow

Get every new post delivered to your Inbox.