Posts Tagged ‘tutorial’

To be successful on the BSCI exam and in earning your CCNP, you’ve got to master route redistribution. This isn’t as easy as it sounds, because configuring route redistribution is only half the battle. Whether it’s on an exam or in a real-world production network, you’ve got to identify possible points of trouble before you configure route redistribution – and you need to be able to control redistribution as well. You may have an OSPF domain with 100 routes, but only need to redistribute 10 of them into a neighboring RIPv2 domain. You’ve got to know how to do that, and one method is the use of a distribute-list.

A distribute-list is an access-list that is used to determine what routes can and cannot be redistributed. Distribute-lists let you specify what routes will be filtered from the process. You can use standard or extended ACLs, and you can filter routes that are coming into a routing process or being injected into another process.

In the following example, R1 is redistributing RIP routes into OSPF, but only wants to advertise network 150.1.1.0 /24 to other OSPF routers. An ACL will be written to match that particular network, and then the distribute-list will be written under the routing process. I’m going to show you the IOS Help output for the distribute-list command, and please note that routing updates can be controlled at the interface level or protocol level.

R1(config)#access-list 24 permit 150.1.1.0 0.0.0.255

R1(config)#router ospf 1

R1(config-router)#redistribute rip subnets

R1(config-router)#distribute-list 24 ?

in Filter incoming routing updates

out Filter outgoing routing updates

R1(config-router)#distribute-list 11 out ?

Async Async interface

BRI ISDN Basic Rate Interface

BVI Bridge-Group Virtual Interface
Read the rest of this entry »

To pass the BSCI exam and become a CCNP, you have to be aware of the proper use of passive interfaces. You learned about passive interfaces in your CCNA studies, but here we’ll review the basic concept and clear up one misconception regarding passive interfaces and OSPF.

Configuring an interface as passive will still allow the interface to receive routing updates, but the interface will no longer transmit them. While the command itself would make you think this command will be applied at the interface level, that is not the case. Below, we’ll configure ethernet0 as a RIP passive interface.

R1(config)#router rip

R1(config-router)#passive-interface ethernet0

Ethernet0 will no longer send RIP routing updates, but will accept them.

The passive interface concept is clear enough with RIP, IGRP, and EIGRP – all protocols that send routing update packets. But OSPF doesn’t send routing update packets – OSPF sends link state advertisements. It’s the inability of the passive interface command to stop LSAs that lead many to think that passive interfaces cannot be used with OSPF. Read the rest of this entry »

Your BSCI exam and CCNP certification success depend on mastering BGP, and a big part of that is knowing how and when to use the many BGP attributes. And for those of you with an eye on the CCIE, believe me – you’ve got to know BGP attributes like the back of your hand. One such BGP attribute is the Multi-Exit Discriminator, or MED.

The MED attribute is sent from a router or routers in one AS to another AS to indicate what path the remote AS should use to send data to the local AS.

That sounds a little confusing on paper, so let’s walk through an example. R1 is in AS 1, and R2, R3, and R4 are in AS 234. R4 is advertising a loopback into BGP, and R1 has two possible next-hops to get to that loopback – R2 (172.12.123.2) and R3 (172.12.123.3). Let’s see which of the two paths R1 is using.

R1#show ip bgp 4.4.4.4

BGP routing table entry for 4.4.4.4/32, version 8

Paths: (2 available, best #2, table Default-IP-Routing-Table)

Flag: 0×208

Advertised to non peer-group peers:

172.12.123.3
Read the rest of this entry »

When you earned your CCNA, you thought you learned everything there is to know about RIP. Close, but not quite! There are some additional details you need to know to pass the BSCI exam and get one step closer to the CCNP exam, and one of those involves RIP update packet authentication.

You’re familiar with some advantages of using RIPv2 over RIPv1, support for VLSM chief among them. But one advantage that you’re not introduced to in your CCNA studies is the ability to configure routing update packet authentication.

You have two options, clear text and MD5. Clear text is just that – a clear text password that is visible by anyone who can pick a packet off the wire. If you’re going to go to the trouble of configuring update authentication, you should use MD5. The MD stands for “Message Digest”, and this is the algorithm that produces the hash value for the password that will be contained in the update packets.

Not only must the routers agree on the password, they must agree on the authentication method. If one router sends an MD5-hashed password to another router that is configured for clear-text authentication, the update will not be accepted. debug ip rip is a great command for troubleshooting authenticated updates.

R1, R2, and R3 are running RIP over a frame relay cloud. Here is how RIP authentication would be configured on these three routers.

R1#conf t

R1(config)#key chain RIP

< The key chain can have any name. >

R1(config-keychain)#key 1

< Key chains can have multiple keys. Number them carefully when using multiples. >

R1(config-keychain-key)#key-string CISCO

< This is the text string the key will use for authentication. >

R1(config)#int s0

R1(config-if)#ip rip authentication mode text

< The interface will use clear-text mode. >
Read the rest of this entry »