Tuesday, September 26, 2017

JUST certified CCIE

Long time no post and never look back my blog more than 1 year.
After constantly studying and doing LAB for nearly 2 yrs , i just Certified my first CCIE .
Really thank to my Mentor , Senior and friends who stand together during this journey .
It was really hard and under high pressure with my work and study schedule .
Now , time to review my path walked thru to get Certificate . Life will be more touch and harder after getting this Expert Lvl certificate . It still confusing in my mind , i want to Learn about DC environment and Security as future study plan also I heard from my ex boss and get encourage from him to try for CCNA Sec Ops Certificate to realize and disgust to understand daily Sec Ops . Then i listed and bought study materials for CCNA Ops and don't know how long this journey will take ? ..... Yes .. Today is my first day for CCNA Sec Ops Track .

Saturday, September 24, 2016

Default Distance Value Table

This table lists the administrative distance default values of the protocols that Cisco supports:

Route Source	Default Distance Values
Connected interface	0
Static route	1
Enhanced Interior Gateway Routing Protocol (EIGRP) summary route	5
External Border Gateway Protocol (BGP)	20
Internal EIGRP	90
IGRP	100
OSPF	110
Intermediate System-to-Intermediate System (IS-IS)	115
Routing Information Protocol (RIP)	120
Exterior Gateway Protocol (EGP)	140
On Demand Routing (ODR)	160
External EIGRP	170
Internal BGP	200
Unknown*	255

* If the administrative distance is 255, the router does not believe the source of that route and does not install the route in the routing table.

Source : http://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/15986-admin-distance.html

Wednesday, July 6, 2016

OSPF Note

· Type 1 – Router LSA: The Router LSA is generated by each router for each area it is located. In the link-state ID you will find the originating router’s ID.

· Type 2 – Network LSA: Network LSAs are generated by the DR. The link-state ID will be the router ID of the DR.

· Type 3 – Summary LSA: The summary LSA is created by the ABR and flooded into other areas.

· Type 4 – Summary ASBR LSA: Other routers need to know where to find the ASBR. This is why the ABR will generate a summary ASBR LSA which will include the router ID of the ASBR in the link-state ID field.

· Type 5 – External LSA: also known as autonomous system external LSA: The external LSAs are generated by the ASBR.

· Type 6 – Multicast LSA: Not supported and not used.

· Type 7 – External LSA: also known as not-so-stubby-area (NSSA) LSA: As you can see area 1 is a NSSA (not-so-stubby-area) which doesn’t allow external LSAs (type 5). To overcome this issue we are generating type 7 LSAs instead.

Credit - Networklessons.com

Thursday, May 5, 2016

Routing Protocol Changes and Migration

Migrating from one routing protocol to another is always a disruptive change to the network.It requires careful planning to minimize the outages, and even then, they are inevitable,although their duration can be kept very low. Therefore, a routing protocol migration always requires a maintenance window.

Routing protocol migration is usually accomplished with the following steps:

Step 1. Plan the migration strategy.
Step 2. Activate the new routing protocol on all routers in the topology, raising its
administrative distance (AD) above the ADs of the current IGP. If the new IGP
is Routing Information Protocol (RIP) or Enhanced Interior Gateway Routing
Protocol (EIGRP), redistribution from the current into the new IGP has to be
configured on each router as well. The current IGP is left intact.
Step 3. Verify the new IGP’s adjacencies and optionally the working database
contents.
Step 4. Deactivate the current IGP in a gradual fashion.
Step 5. Remove the temporary settings from the new IGP.

Tuesday, May 3, 2016

EIGRP

===============================================================================

EIGRP topology table and the FD value

===============================================================================

Per Cisco doc:

"The feasible distance is the best metric to reach the destination or the best metric that was known when the route went active. This value is used in the feasibility condition check. If the reported distance of the router (the metric after the slash) is less than the feasible distance, the feasibility condition is met and that path is a feasible successor."

The blue and the red number normally match, and that is the FD.

R1#sh ip eigrp topology 10.6.6.0/24

EIGRP-IPv4 Topology Entry for AS(1)/ID(10.1.1.1) for 10.6.6.0/24

State is Passive, Query origin flag is 1, 1 Successor(s), FD is 161280

Descriptor Blocks:

10.0.13.3 (FastEthernet0/0), from 10.0.13.3, Send flag is 0x0

Composite metric is (161280/158720), route is Internal

Vector metric:

Minimum bandwidth is 100000 Kbit

Total delay is 5300 microseconds

Reliability is 255/255

Load is 1/255

Minimum MTU is 1500

Hop count is 3

Originating router is 10.6.6.6

R1#sh ip eigrp topology

EIGRP-IPv4 Topology Table for AS(1)/ID(10.1.1.1)

Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,

r - reply Status, s - sia Status

P 10.6.6.0/24, 1 successors, FD is 161280

via 10.0.13.3 (161280/158720), FastEthernet0/0

via 172.16.15.5 (670720/158720), Serial1/0

R1#sh ip route 10.6.6.6

D 10.6.6.0/24 [90/161280] via 10.0.13.3, 00:21:14, FastEthernet0/0

172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks

=====================================================

There are several reasons why the EIGRP neighbor router(s) might not respond to the Query. Common reasons for this include the following:

1. The neighbor router’s CPU is overloaded and the router either cannot respond in time or is even unable to process all incoming packets including the EIGRP packets.

2. Quality issues on the link are causing packets to be lost.

3. Low-bandwidth links are congested and packets are being delayed or dropped.

4. The network topology is excessively large or complex, either requiring the Query to propagate to a significant depth or causing an inordinate number of prefixes to be impacted by a single link or node failure.

===================================================

Thursday, March 17, 2016

How to Setup the Switching Lab With Web IOU v 22

Normally we used packet tracer and GNS 3 for Routing & switching Lab and it will be okay for routing but some switching features can’t making with this .
Here, I used Web IOU v 22 for Switching Lab , it can be do almost switching features as like real devices .
To Setup the IOU, we will need VM ware like Virtual Box or VM workstation that can be easy download from Internet .
Here isthe some Ovf for IOU VM and useful link for easy setup.

At first , need to import the ovf to VM ware workstation .

Figure 1. Importing IOU ovf to VMWare

Figure 2 : Installation of VM machine

Installation will take 5 – 10 mins based on your computer performance.

Figure 3 : Now Cent OS 6.4 is installing

Figure 4 : Login page for Cent OS

Use browser and Access 192.168.138.128, the IP address will base differ based on machine .

Figure 5 : Login page Of IOU

Her You will see a lot ready-made setup lab , If you want clear Page can delete all exiting lab using trash Icon

Figure 6 : How to create new Own Lab

To create a new Own Lab, click the new lab icon as shown in figure:

Figure 7 : Key in the Lab Information

Figure 8 : Adding Net map Inter Switch Link

Here, I added 12 Interswitch link for full mesh topology , If you want to add more switches , can add more links or want just want only 4 switches can copy/paste the below Net map .

1:0/0 2:0/0

1:0/1 2:0/1

1:0/2 3:0/0

1:0/3 3:0/1

1:1/0 4:0/0

1:1/1 4:0/1

2:0/2 3:0/2

2:0/3 3:0/3

2:1/0 4:0/2

2:1/1 4:0/3

3:1/0 4:1/0

3:1/1 4:1/1

Figure 9 : Choosing IOS for Switch

Here I Choose the L2 IOS for switches images assign physical requirements for all switches . If you want to setup Routing lab can use the L3 IOS .

Add caption

· R Okay , Now successfully setup the switch Lab . J

Start the Switches and Access with Console Icon.

Add caption

Can check the Physical Link and Diagram for your reference.

Accessing with Telnet , as in figure we can also setup telnet connect as 192.168.138.128:2001 .

Here we can add the any labs file as we want .

· Here we can add the any labs file as we want .

C Here can play all switches with our terminal. HOPE YOU ENJOY .

Credit : All the Lab info are I learned from Internet and created this blog post for education Purpose .Collected download for better aces in One place . If have anything that have incorrect or not proper information is my fault. Thank you very much and Cheer All

Wednesday, April 16, 2014

Basic MPLS L3 VPN

This lab is according to A small MPLS VPN tutorial (by Alexandre Ribeiro, alexandregomesribeiro@gmail.com) pdf file.

Step1: IGP configuration inside the MPLS backbone
Step2: Basic MPLS configuration
Step3: VRF configuration
Step4: MP-BGP configuration
Step5: IGP configuration between CE and PE
Step6: Redistribute IGP route between CE and PE to MP-BGP
Step7: Verify connectivity between CEs

Using IOS - (C3660-JK9O3S-M)

MPLS VPN Cheatsheet

Basic VPN

Detail Config ::

P_router

P_router#sh running-config
Building configuration...

Current configuration : 1109 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname P_router
!
boot-start-marker
boot-end-marker
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip tcp synwait-time 5
!
ip cef
no ip domain lookup
!
!
mpls label range 100 199
!
interface Loopback0
ip address 172.16.1.1 255.255.255.255
ip ospf network point-to-point
!
interface FastEthernet0/0
description P_router_to_PE_A
ip address 192.168.1.2 255.255.255.252
duplex auto
speed auto
mpls ip
!
interface FastEthernet0/1
description P_router_to_PE_B
ip address 192.168.1.5 255.255.255.252
duplex auto
speed auto
mpls ip
!
router ospf 1
log-adjacency-changes
network 172.16.0.0 0.0.255.255 area 0
network 192.168.1.0 0.0.0.255 area 0
!
no ip http server
no ip http secure-server
!
control-plane
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
!
end
===================================================================

PE_A#sh running-config
Building configuration...

Current configuration : 2171 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname PE_A
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip tcp synwait-time 5
!
ip cef
no ip domain lookup
ip vrf siteA
rd 100:1
route-target export 100:1
route-target import 100:1
!
ip vrf siteB
rd 100:2
route-target export 100:2
route-target import 100:2
!
mpls label range 200 299
!
interface Loopback0
ip address 172.16.1.2 255.255.255.255
ip ospf network point-to-point
!
interface FastEthernet0/0
description PE_A_to_P_router
ip address 192.168.1.1 255.255.255.252
duplex auto
speed auto
mpls ip
!
interface FastEthernet0/1
description PE_A_to_SiteA1
ip vrf forwarding siteA
ip address 10.1.1.2 255.255.255.252
duplex auto
speed auto
!
interface FastEthernet1/0
description PE_A_to_SiteB1
ip vrf forwarding siteB
ip address 10.1.1.2 255.255.255.252
duplex auto
speed auto
!
router ospf 1
log-adjacency-changes
network 172.16.0.0 0.0.255.255 area 0
network 192.168.1.0 0.0.0.255 area 0
!
router rip
!
address-family ipv4 vrf siteB
redistribute bgp 100 metric 1
network 10.0.0.0
no auto-summary
version 2
exit-address-family
!
address-family ipv4 vrf siteA
redistribute bgp 100 metric 1
network 10.0.0.0
no auto-summary
version 2
exit-address-family
!
router bgp 100
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 172.16.1.3 remote-as 100
neighbor 172.16.1.3 update-source Loopback0
!
address-family vpnv4
neighbor 172.16.1.3 activate
neighbor 172.16.1.3 send-community extended
exit-address-family
!
address-family ipv4 vrf siteB
redistribute rip metric 1
no synchronization
exit-address-family
!
address-family ipv4 vrf siteA
redistribute rip metric 1
no synchronization
exit-address-family
!
no ip http server
no ip http secure-server
!

control-plane
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
!
!
end
======================================================================

PE_B#sh running-config
Building configuration...

Current configuration : 2143 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname PE_B
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip tcp synwait-time 5
!
ip cef
no ip domain lookup
!
ip vrf siteA
rd 100:1
route-target export 100:1
route-target import 100:1
!
ip vrf siteB
rd 100:2
route-target export 100:2
route-target import 100:2
!
!
mpls label range 300 399
!
interface Loopback0
ip address 172.16.1.3 255.255.255.255
ip ospf network point-to-point
!
interface FastEthernet0/0
description PE_B_to_P_router
ip address 192.168.1.6 255.255.255.252
duplex auto
speed auto
mpls ip
!
interface FastEthernet0/1
description PE_B_to_SiteB2
ip vrf forwarding siteA
ip address 10.1.1.6 255.255.255.252
duplex auto
speed auto
!
interface FastEthernet1/0
ip vrf forwarding siteB
ip address 10.1.1.6 255.255.255.252
duplex auto
speed auto
!
router ospf 1
log-adjacency-changes
network 172.16.0.0 0.0.255.255 area 0
network 192.168.1.0 0.0.0.255 area 0
!
router rip
!
address-family ipv4 vrf siteB
redistribute bgp 100 metric 1
network 10.0.0.0
no auto-summary
version 2
exit-address-family
!
address-family ipv4 vrf siteA
redistribute bgp 100 metric 1
network 10.0.0.0
no auto-summary
version 2
exit-address-family
!
router bgp 100
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 172.16.1.2 remote-as 100
neighbor 172.16.1.2 update-source Loopback0
!
address-family vpnv4
neighbor 172.16.1.2 activate
neighbor 172.16.1.2 send-community extended
exit-address-family
!
address-family ipv4 vrf siteB
redistribute rip metric 1
no synchronization
exit-address-family
!
address-family ipv4 vrf siteA
redistribute rip metric 1
no synchronization
exit-address-family
!
no ip http server
no ip http secure-server
!

control-plane

line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
!
end
================================================================

Site_A1#sh running-config
Building configuration...

Current configuration : 948 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Site_A1
!
boot-start-marker
boot-end-marker
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip tcp synwait-time 5
!
interface Loopback0
ip address 192.168.1.1 255.255.255.255
!
interface FastEthernet0/0
description SiteA1_to_PE_A
ip address 10.1.1.1 255.255.255.252
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
router rip
version 2
network 10.0.0.0
network 192.168.1.0
no auto-summary
!
no ip http server
no ip http secure-server
!
control-plane
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
!
!
end
=============================================================
Site_A2#sh running-config
Building configuration...

Current configuration : 948 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Site_A2
!
boot-start-marker
boot-end-marker
!
interface Loopback0
ip address 192.168.2.1 255.255.255.255
!
interface FastEthernet0/0
description SiteA2_to_PE_A
ip address 10.1.1.5 255.255.255.252
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
router rip
version 2
network 10.0.0.0
network 192.168.2.0
no auto-summary
!
no ip http server
no ip http secure-server
!
control-plane
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
!
!
end
==================================================================
Site_B1#sh running-config
Building configuration...

Current configuration : 927 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Site_B1
!
boot-start-marker
boot-end-marker
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip tcp synwait-time 5
!
!
ip cef
no ip domain lookup
!
interface Loopback0
ip address 192.168.1.1 255.255.255.255
!
interface FastEthernet0/0
description SiteB1_to_PE_A
ip address 10.1.1.1 255.255.255.252
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
router rip
version 2
network 10.0.0.0
no auto-summary
!
no ip http server
no ip http secure-server
!
!
control-plane
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
!
!
end
================================================================
Site_B2#sh running-config
Building configuration...

Current configuration : 927 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Site_B2
!
boot-start-marker
boot-end-marker
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip tcp synwait-time 5
!
!
ip cef
no ip domain lookup
!
interface Loopback0
ip address 192.168.2.1 255.255.255.255
!
interface FastEthernet0/0
description SiteB2_to_PE_B
ip address 10.1.1.5 255.255.255.252
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
router rip
version 2
network 10.0.0.0
no auto-summary
!
no ip http server
no ip http secure-server
!
control-plane
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
!
!
end

Zaw Min Htann's Notes