What is FlexLinks

Flex links is a network switch feature which enables redundancy and load balancing at the layer 2 level. The feature serves as an alternative to Spanning Tree Protocol (STP). A pair of layer 2 interfaces, such as switch ports or port channels has one interface configured as a backup to the other. If the primary link fails, the backup link takes over traffic forwarding.

When we configure interfaces as FlexLinks they will not send BPDUs. There is no way to detect loops because we don't run spanning-tree on them. Whenever our active interface fails the backup interface will take over.As simple as that

Configuration:

Switch(config)#interface fa0/14

Switch(config-if)#switchport backup interface fa0/16

This is how we make interface fa0/16 a backup of interface fa0/14.

To verify

Switch#show interfaces switchport backup

NOTE : There will be only one interface active at the moment.

Read More...

EtherChannel Notes and Configuration

In normal case when we add multiple links between two switches for redudantancy,except one link all other links will be blocked by SPanning tree.This is to avoid loops.Etherchannels is a technology that lets you bundle multiple physical links into a single logical link.Its also called link aggregation.Etherchannel will bundle all physical links into a logical link with the combined bandwidth.
 
For example by combining 4x 100 Mbit we will get a 400 Mbit link.Spanning tree sees this link as one logical link so there are no loops!.
 
EtherChannel will do load balancing between the links connected.If any of the links connected goes down,It will work with combained bandwidth of the links that are still active. There’s a maximum to the number of links you can use: 8 physical interfaces.
 
Two protocols used in Etherchannel are:
• PAgP (Cisco proprietary)
• LACP (IEEE standard)
 
These protocols can dynamically configure an etherchannel. It’s also possible to configure a static etherchannel without these protocols doing the negotiation of the link for you. If you are going to create an etherchannel you need to make sure that all ports have the same configuration:
• Duplex has to be the same.
• Speed has to be there same.
• Same native AND allowed VLANs.
• Same switchport mode (access or trunk).
 
PAgp and LACP will check if the configuration of the interfaces that you use are the same.
If you want to configure PAgP you have a number of options you can choose from, an interface can be configured as:
• On (interface becomes member of the etherchannel but does not negotiate).
• Desirable (interface will actively ask the other side to become an etherchannel).
• Auto (Will not start negociation.interface will wait passively for the other side to ask to become an etherchannel).
• Off (no etherchannel configured on the interface).
 
Configuration of PagP
Switch(config)#interface fa0/13
Switch(config-if)#channel-group 1 mode desirable
Switch(config)#interface fa0/14
Switch(config-if)#channel-group 1 mode desirable
 
Switch(config)#interface port-channel 1
Switch(config-if)#switchport trunk encapsulation dot1q
Switch(config-if)#switchport mode trunk

Note : Here we use desirable mode.You can choose any mode from above list.Result will be different depends on the mode you choosed.Configure this on both switches where we need to configure EtherChannel.
 
To view :
Switch#show etherchannel 1 port-channel
Switch#show etherchannel summary
Switch#show interfaces fa0/14 etherchannel
 
LACP is similar to PAgP. You also have different options to choose from when you configure the interface:
• On (interfaces becomes member of the etherchannel but does not negotiate).
• Active (interface will actively ask the other side to become an etherchannel).
• Passive (interface will wait passively for the other side to ask to become an etherchannel).
• Off (no etherchannel configured on the interface).
 
LACP Configuration

It’s basically the same thing as PAgP but the terminology is different.
 
Switch(config-if)#interface fa0/13
Switch(config-if)#channel-group 1 mode active
Switch(config-if)#interface f0/14
Switch(config-if)#channel-group 1 mode active
 
Switch(config)#interface port-channel 1
Switch(config-if)#switchport trunk encapsulation dot1q
Switch(config-if)#switchport mode trunk
 
Note : Here we use active mode.You can choose any mode from above list
Note : Pagp and LACP configuration has to be done on both switches configuring EtherChannel
 
To View:
Switch#show etherchannel 1 port-channel
 
NOTE : The configuration of PAgP and LACP is similar. Keep in mind that PAgP can only be used between Cisco devices while LACP is a IEEE standard, you can use it to form etherchannels between different vendors
 
Note: We can use the show etherchannel load-balance command to see what the default configuration is. Etherchannel load-balances based on the source MAC address

Read More...

OSPF Authentication

OSPF Authentication  

OSPF supports authentication to secure routing updates.We can use either clear-text or an MD5 authentication with OSPF.

Clear Text Authentication
To configure clear-text authentication, the first step is to enable authentication for the area, under the OSPF routing process:

Router(config)#  router ospf 1
Router(config-router)#  network 172.16.0.0 0.0.255.255 area 0
Router(config-router)#  area 0 authentication  

Then, the authentication key must be configured on the interface:

Router(config)#  interface fa 0/0
Router(config-if)#  ip ospf authentication
Router(config-if)#  ip ospf authentication-key MYKEY  

MD5 Authentication 
To configure MD5-hashed authentication, the first step is also to enable authentication for the area under the OSPF process:

Router(config)#  router ospf 1
Router(config-router)#  network 172.16.0.0 0.0.255.255 area 0
Router(config-router)#  area 0 authentication message-digest  

Notice the additional parameter message-digest included with the area 0 authentication command. Next, the hashed authentication key must be configured on the interface:

Router(config)# interface fa 0/0
Router(config-router)# ip ospf message-digest-key 10 md5 MYKEY
Router(config-router)# ip ospf authentication message-digest

NOTE: Area authentication must be enabled on all routers in the area, and the form of authentication must be identical (clear-text or MD5). The authentication keys do not need to be the same on every router in the OSPF area, but must be the same on interfaces connecting two neighbors. 

Please note: if authentication is enabled for Area 0, the same authentication must be configured on Virtual Links, as they are “extensions” of Area 0.

Related articles

• CCNP : OSPF Quick Notes
• OSPF LSA Types 
• CCNP Notes : IPV6 Quick Notes
• EIGRP Authentication
• CCNP Routing: EIGRP Quick Notes 
• Basic notes on BGP (border gateway protocol) 

Read More...

Configuring Basic OSPF

Configuring Basic OSPF 

Routing protocol configuration occurs in Global Configuration mode. On Router, to configure OSPF:

Router(config)#  router ospf 1
Router(config-router)#  router-id 1.1.1.1
Router(config-router)#  network 172.16.0.0 0.0.255.255 area 1
Router(config-router)#  network 172.17.0.0 0.0.255.255 area 0  

Explanation 

• The first command, router ospf 1, enables the OSPF process. The “1” indicates the OSPF process ID, and can be unique on each router. The process ID allows multiple OSPF processes to run on the same router. 
• The router-id command assigns a unique OSPF ID of 1.1.1.1 for this router.
• Here in OSPF we use wild card mask along with network statement to assagin an interface to a specific area

To change OSPF bandwidth

Router(config)#  interface s0
Router(config-if)#  bandwidth 64 

To change OSPF Cost

Router(config)#  interface fa 0/0
Router(config-if)#  ip ospf cost 10

Changing the cost of an interface can alter which path OSPF selected as “shortest,” and thus should be used with great care.

To alter how OSPF calculates its default metrics for interfaces:  

Router(config)#  router ospf 1
Router(config-router)#  ospf auto-cost reference-bandwidth 100

The above ospf auto-cost command has a value of 100 configured, which is actually the default. This indicates that a 100Mbps link will have a cost of 1 (because 100/100 is 1).Lowest cost is better

OSPF passive interface
As in EIGRP,OSPF will not form neighbor ship,If the Passive interface command is configured

Router(config)#  router ospf 1
Router(config-router)#  network 10.4.0.0 0.0.255.255 area 0
Router(config-router)#  passive-interface default
Router(config-router)#  no passive-interface fa 0/0 

"Passive-interface default" command make all interface passive and "no passive-interface fa 0/0" command will remove passive interface from fa 0/0 interface

Related articles

• CCNP : OSPF Quick Notes 
• OSPF LSA Types 
• CCNP Routing: EIGRP Quick Notes 
• CCNP Notes : IPV6 Quick Notes 
• Basic notes on BGP (border gateway protocol)

Read More...

EIGRP Configuration and Troubleshooting commands

EIGRP Configuration

Syntax

Router(config)#router eigrp <Autonomous-system-number>
Router(config-router)#network <network address>[wild card-mask] (wild card mask is optional)
Router(config-router)#no auto-summary
Router(config-router)#variance <multiplier> (Optional) 

To influence the metric,it is possible to configure bandwidth on the interfaces:

Router(config)#Interface<interface>
Router(config-if)#bandwidth<BW in kbps>

Configure Default paths in EIGRP
Method 1:
Specify a default network:

Router(config)# ip default-network < network_address >

Method 2:
Create a static default route and then include network 0.0.0.0 in
EIGRP:

Router(config)# ip route 0.0.0.0 0.0.0.0 < next_hop_ip >
Router(config)# router eigrp < as_no >
Router(config-router)# network 0.0.0.0

To view exchange process

Router#debug eigrp packets

To view update process

Router#debug ip eigrp

To view the neighbor table:

Router#show ip eigrp neighbors

To view the EIGRP Topology Table, containing all EIGRP route information: 

Router#  show ip eigrp topology

To view information on EIGRP traffic sent and received on a router: 

Router#  show ip eigrp traffic

To view the bandwidth, delay, load, reliability and MTU values of an interface: 

Router#  show interface s0

To view information specific to the EIGRP protocol: 

Router#  show ip protocols

This command provides us with information on EIGRP timers, EIGRP metrics and summarization

To view the IP routing table: 

Router#  show ip route

To view a specific route within the IP routing table: 

Router#  show ip route 10.3.0.0

To debug EIGRP in realtime: 

Router#  debug eigrp neighbors
Router#  debug eigrp packet
Router#  debug eigrp route
Router#  debug eigrp summary

Read More...

EIGRP Stub

EIGRP Stub

In EIGRP topology,to prevent unnecessary querying, “spoke” routers in a “hub-and-spoke” environment can be configured as Stub routers. A stub router builds a neighbor adjacency with its hub router(s), and will inform neighbors of its stub status.

 

The stub router will still build the full topology table and it will still receives all routes from its neighbors by default.Once EIGRP stub is configured on router,it will immediately respond to any Query packets with an “Inaccessible” message. Neighbors will eventually stop querying the stub router, which helps EIGRP converge quicker and conserves bandwidth. 

.

Syntax:

Router(config)# router eigrp < as_no.>

Router(config-router)# eigrp stub <receive-only / connected/ static/summary/ redistributed> 

Example
Router(config)#  router eigrp 100
Router(config-router)#  eigrp stub connected

 

EIGRP stub Command Options

Receive-only : Prevents the router from advertising any networks 

Connected : Enables the router to advertise connected routes.These must either be included in a network statement or redistributed into EIGRP

Static : Enables the router to advertise static routes. They must be redistributed

into EIGRP

Summary : Enables the router to advertise summary routes, both those created

manually and automatically.

Redistributed: Allows the router to advertise routes redistributed into  EIGRP  from another protocol or AS

 

The connected and static parameters will only advertise those networks if they have been injected into the EIGRP process, either using network statements or using route redistribution. By default, EIGRP stubs will only send connected and summary routes to neighbors.

 

LAB :

• EIGRP Stub

Read More...

EIGRP Load-Balancing

EIGRP Load-Balancing

By default, EIGRP will automatically load-balance across equal-metric routes (four by default, six maximum). EIGRP also supports load-balancing across routes with an unequal metric. We must use the variance command to tell EIGRP to load-balance across unequal-metric links

Syntax

Router(config)#  router eigrp 100
Router(config-router)#  variance 2
Router(config-router)#  maximum-paths 6

The variance command assigns a “multiplier,” in this instance of 2. We multiply this variance value by the metric of our Feasible Distance.Thus, any Feasible Successors with a metric within twice that of our Feasible Distance will now be used for load balancing by EIGRP. 

 

Remember, only Feasible Successors can be used for load balancing.The maximum-paths command adjusts the number of links EIGRP can load-balance across.

 

Click here for EIGRP MAXIMUM PATH AND VARIANCE Lab with GNS3

Read More...

EIGRP Authentication

EIGRP Authentication
If you don’t use authentication and you are running EIGRP someone could try to form an EIGRP neighbor adjacency with one of your routers and try to hack into your network.We can use MD5 authentication with EIGRP.
 
By using authentication your router will authenticate the source of each routing update packet that it will receive. it can also used to prevents false routing updates from sources that are not approved. By enabling authentication its possile to ignore malicious routing updates.
Steps
1. Configure a key chain to group the keys.
2. Configure one or more keys within that key chain. The router checks all inbound packets against the list of keys and uses the first valid one it finds.
3. Configure the password or authentication string for that key.Repeat Steps 2 and 3 to add more keys if desired.
4. Optionally configure a lifetime for the keys within that key chain.If you do this, be sure that the time is synchronized between the two routers.
5. Enable authentication and assign a key chain to an interface.
6. Designate MD5 as the type of authentication
 
Create Key Chain:

R(config)#key chain < key chain name >
R(config-keychain)#key < number >
R(config-keychain-key)#key-string < string >
R(config-keychain-key)# send-lifetime < hh:mm:ss > <hh:mm:ss>  (optional)
R(config-keychain-key)# accept-lifetime <hh:mm:ss> <hh:mm:ss> (optional)

Applying Authentication:

R(config)#interface < interface >
R(config-subif)#ip authentication mode eigrp <as_no> md5
R(config-subif)# ip authentication key-chain eigrp <as_no> < key chain name>

Verify

Router# show key chain
Router# debug eigrp packets

Click here for MD5 Authentication Lab

Read More...

EIGRP summarization

By default,Auto summarizing is enabled in EIGRP.Automatic summarization can be disabled using the following command:     

Router(config)#  router eigrp 100
Router(config-router)#  no auto-summary

"No auto-summary" command is needed because by default EIGRP will behave like a classfull routing protocol which means it won’t advertise the subnet mask along the routing information. For example 1.1.1.0/24 and 2.2.2.0/24 will be advertised as 1.0.0.0/8 and 2.0.0.0/8. Disabling auto-summary will ensure EIGRP sends the subnet mask along

Summaries can also be produced manually on any interface
Syntax:

Router(config)# interface < interface >
Router(config-if)# ip summary-address eigrp < as-no> <summarized_network_ip> <summarized_subnet_mask>

Example:

Router(config)#  interface fa 0/0
Router(config-if)#  ip summary-address eigrp 100 79.0.0.0 255.0.0.0

The manually-created summary route is not advertised as an internal EIGRP route, but instead is classified as an EIGRP summary route. An EIGRP summary route has an Administrative Distance of 5.

Labs

• EIGRP Auto summarization
• EIGRP summarization 

Related articles

• EIGRP Passive Interface 
• EIGRP Notes with Interview Questions
• Access List notes: Numbered and Named ACL 
• How to Prepare for NETWORK ENGINEER INTERVIEW QUESTIONS 
• Basic notes on BGP (border gateway protocol) 
• How to configure Static Routes,Default routes,Floating static routes
• Basic Notes on OSPF (Open Shortest Path First) 
• Difference between Linkstate and distance vector protocols 

Read More...

Configuring EIGRP Unicast Neighbors

EIGRP usually uses a multicast to IP address 224.0.0.10 for its messages.There is an option to configure it to use a unicast address with the command neighbor ip-address .

R(config)# router eigrp < as_no >
R(config-router)# neighbor <ip-address> <interface>

Verification:

R# debug ip packet

Lab:
EIGRP Unicast 

Read More...

EIGRP Passive Interface

EIGRP Passive Interface

In EIGRP (and OSPF) the passive interface command stops sending outgoing hello packets,hence the router cannot form any neighbor relationship via the passive interface.This behavior stops both outgoing and incoming routing updates
 
To enable passive interface on one interface:

Router(config)# router eigrp < as_no.>
Router(config-router)# passive-interface < interface > 

To turn on the passive interface on all interfaces:

Router(config)# router eigrp < as_no.>
Router(config-router)# passive-interface default 

We can configure all interfaces to be passive using the passive-interface default command, and then individually use the no passive-interface command on the interfaces we do want neighbors to be formed on:

Router(config)# router eigrp < as_no.>
Router(config-router)# passive-interface default
Router(config-router)#  no passive-interface <interface> 

To turn off passive interface

Router(config)# router eigrp < as_no.>
Router(config-router)# no passive-interface <default/interface >

Related articles

• Passive Interface (RIP,OSPF and EIGRP) explained with interview questions 
• EIGRP Notes with Interview Questions 
• Difference between Linkstate and distance vector protocols
• Access List notes: Numbered and Named ACL
• Cisco password recovery 
• Basic Notes on OSPF (Open Shortest Path First) 
• OSPF DR and BDR election 
• How to Prepare for NETWORK ENGINEER INTERVIEW QUESTIONS 

Read More...

Cisco Discovery Protocol (CDP)

Cisco Discovery Protocol (CDP) is a proprietary protocol designed by Cisco to help administrators collect information about both locally attached and remote devices. By using CDP, you can gather hardware and protocol information about neighbor devices, which is useful info for troubleshooting the network.CDP messages are generated every 60 seconds as multicast messages on each of its active interfaces.

The information shared in a CDP packet about a Cisco device includes the following:

• Name of the device configured with the hostname command
• IOS software version
• Hardware capabilities, such as routing, switching, and/or bridging
• Hardware platform, such as 2600, 2950, or 1900
• The layer-3 address(es) of the device
• The interface the CDP update was generated on

CDP allows devices to share basic configuration information without even configuring any protocol specific information and is enabled by default on all interfaces. CDP is a Datalink Protocol occurring at Layer 2 of the OSI model. CDP is not routable and can only go over to directly connected devices.
CDP is enabled, by default, on all Cisco devices. CDP updates are generated as multicasts every 60 seconds with a hold-down period of 180 seconds for a missing neighbor.

#cdp run	This command enables cdp globally
#no cdp run	turns off CDP for entire router (global config)
#no cdp enable	turns off CDP on specific interface
#sh cdp neighbor	shows directly connected neighbors
#sh cdp int	shows which interfaces are running CDP
#sh cdp int eth 0/0	show CDP info for specific interface
#sh cdp entry <cdp neighbor here>	shows CDP neighbor detail
#cdp timer 120	change how often CDP info is sent (default cdp timer is 60)
#cdp holdtime 240	how long to wait before removing a CDP neighbor (default CDP holdtime is 180)
#sh cdp run	shows if CDP turned on

Related articles

• Troubleshooting VLAN Problems
• VLAN Trunking Protocol (VTP) explained with Interview Questions
• EIGRP Notes with Interview Questions 
• CCNP Notes : what is Cisco Nonstop Forwarding (NSF)
• Dynamic Trunking Protocol (DTP) 
• Difference between Linkstate and distance vector protocols 
• Passive Interface (RIP,OSPF and EIGRP) explained with interview questions 

Read More...

CCNP : Configuring VLAN ACLs

VLAN ACL (VACL)

We know ACL (Access list) is used to permit and deny traffic.By using VACL,we can control forwarding or denying of packets that are routed into or out of a VLAN or are bridged within a VLAN. VACLs are strictly for security packet filtering and for redirecting traffic to specific physical interfaces. VACLs are not defined by direction (ingress or egress).

Terms used with VLAN ACLs

Access MAP
VACLs use access maps to contain an ordered list of one or more map entries. Each map entry associates a ACLs to an action. Each entry has a sequence number, which allows you to control the precedence of entries.

Actions
Each VLAN access map entry can specify one of the following actions:
• Forward—Sends the traffic to the destination determined by normal operation of the switch.
• Redirect—Redirects the traffic to one or more specified interfaces.
• Drop—Drops the traffic. If you specify drop as the action, you can also specify that the device logs
the dropped packets.
In access map configuration mode, you use the action command to specify the action for a map entry

Creating of VLAN ACL includes 3 steps

1. Create Access-List
2. Create Access MAP
3. Apply on VLAN

Configuring Access list

1. Switch#conf terminal
2. Switch(config)#ip access-list standard 10
3. Switch(config-std-nacl)#permit 172.120.40.0 0.0.0.255
4. Switch(config-std-nacl)#exit

Create Access MAP

1. Switch(config)#vlan access-map SYSNET 1 
2. Switch(config-access-map)#match ip address 10
3. Switch(config-access-map)#action forward
4. Switch(config-access-map)#exit
5. Switch(config)# vlan access-map SYSNET 2
6. Switch(config-access-map)# action drop
7. Switch(config-access-map)# exit

Explanation  

1. ”1″ is the line number 1 of the access-map named “SYSNET”
2. ”10″ is the access-list number used to identify the ACL 
3. This is the action that will be applied to the traffic matched on ACL “10″ .Here we need to allow traffic so we give "action forward
4. Even there is a implicit deny at the end like normal ACL,here we giving "action drop" statement to deny other traffic

Apply on VLAN

Switch(config)#vlan filter SYSNET vlan-list 20Switch(config)#(config)#exit

Applies the VLAN access-map named “SYSNET” to vlan 20.

To remove VLAN ACL

Switch(config)#no vlan access-map map-name [sequence-number]

Related articles

• CCNP switching : AAAdot1x Lab
• Configuring VLAN 
• What is Multi VLAN port ? 
• How to configure Private VLAN
• What is QinQ ( 802.1Q tunneling ) ? 
• What is VLAN Hopping 
• VLAN explained with Interview Questions
• What is the difference between static VLAN and dynamic VLAN? 
• Difference between End-to-end VLANs and Local VLANs
• Troubleshooting VLAN Problems 

Read More...

Configuring VLAN

To create a VLAN:

Switch# conf t
Switch(config)# vlan 50
Switch(config-vlan)# name sysnet
Switch(config-vlan)# exit 

Assigning to an interface:

Switch(config)# int fa 1/3
Switch(config-if)# switchport mode access
Switch(config-if)# switchport access vlan 50
Switch(config-if)# no shut

To delete a VLAN:

 Switch(config)# no vlan 50

VLAN Verification

To determine the trunking status of an interface:

 # show int fa 1/24 trunk OR # show trunk.

For more detailed switchport information:

# show int fa 1/24 switchport

To determine the physical status of a link:

# show int fa 1/24 status

To see a list of VLANs and their assigned interfaces:

# show vlan brief

To check if an interface is assigned to a specific VLAN:

# show vlan id 100

This command is especially helpful as it displays all ports belonging to the VLAN as well as the MTU of each assigned port and type.To see a complete detailed interface list for all VLANs:

# show vlan

Read More...

How to configure Static Routes,Default routes,Floating static routes

Static Routes

A static routing table is created, maintained, and updated by a network  administrator, manually. A static route to every network must be configured on every router for full connectivity. This provides a greater control  for administrator over routing,but its impratical over larger networks.

Static routes provide greater security because network administrator only know the complete routes.Routers will not share static routes with each other.This reduce CPU/RAM overhead and save bandwidth.

static routing is not fault-tolerant , as any change to the routing infrastructure (such as a link  going down, or a new network added) must be done manually corrected by admininstrator.  Static routes have an Administrative Distance (AD) of 1, and thus are always preferred over dynamic routes, unless the default AD is changed. A static route with an adjusted AD is called a floating static route

For complete list of Administrative distance of static and dynamic routing protocols Click here

Mainly Static routes are used

•        where there is only a single path to a network (stub network)

•        When connecting to an ISP and configuring it as a default (static) route

   Advantages of  Static Routing

•        No bandwidth overhead (updates are not shared  between routers)

•        More control on how traffic is routed

Disadvantages of Static routing     

•        No “dynamic” fault tolerance if a link goes down ,Means Administrator need to do it

•        Impractical on large network

•        Infrastructure changes must be manually adjusted 

To configure a static route:

R1(config)#  ip route [destination_network] [subnet_mask] [next hope IP / exit interface ]

R1(config)#  ip route 172.16.0.0 255.255.0.0 172.18.10.2

In above example

172.16.0.0 is the destination network

255.255.0.0 is the subnet mask

172.18.10.2 is the next hop IP

R1(config)#  ip route 172.16.0.0 255.255.0.0 172.18.10.2 S0/0

Here instead of next hop IP ,exit interface is used

NOTE :

•        Next hope IP  is the IP address of the neigbouring router which the packet will go,After it leaves the R1.

•        Exit interface is the interface of R1 which the packet leaving

To remove a static route, simply type no in front of it:

R1(config)#  no ip route 172.16.0.0 255.255.0.0 172.18.10.2 

Default Routes 

Normally, if a specific route to a particular network does not exist, a router will drop all traffic destined to that network. A default route, or gateway of last resort, allows traffic to be forwarded, even without a specific route to a particular network.

The default route is identified by all zeros in both the network and subnet mask (0.0.0.0 0.0.0.0). It is the least specific route possible, and thus will only be used if a more specific route does not exist (hence “gateway of last resort”).

To configure a default route:

R1(config)# ip route 0.0.0.0 0.0.0.0 [address | interface ]

R1(config)# ip route 0.0.0.0 0.0.0.0 172.18.10.2

Floating Static Routes 

There are some circumstances to use a static route as a backup to a dynamic routing protocol.But we know the default administrative distance ofstatic route is less dynamic routing protocols.So inorder to use static routes as back up we need to increase the AD value of static value than dynamic routing protocol used.

To change the Administrative Distance of a static route to 200

R1(config)# ip route 172.16.0.0 255.255.0.0 172.18.10.2 200

Static routes will only remain in the routing table as long as the interface connecting to the next-hop router is up. To ensure a static route remains permantly in the routing table, even if the next-hop interface is down:

 R1(config)# ip route 172.16.0.0 255.255.0.0 172.18.10.2 permanent

Did You Enjoy this Article ?

If yes, Then enter your email below to get
more articles on CCNA and CCNP in your inbox
For FREE !

Related articles

• Difference between Linkstate and distance vector protocols 
• What is the difference between the ip default-gateway, ip default-network, and ip route 0.0.0.0/0 commands? 
• Notes on Administrative Distance and Metric 
• What is the difference between static VLAN and dynamic VLAN? 

Read More...

How to configure Private VLAN

Private VLAN

The private VLAN always has one primary VLAN. Within the primary VLAN you will find the

promiscuous port. In my picture above you can see that there’s a router connected to a

promiscuous port. All other ports are able to communicate with the promiscuous port.

Within the primary VLAN you will encounter one or more secondary VLANs.There are two

types of secondary VLAN. They are 

    • Community VLAN: All ports within the community VLAN are able to communicate

       with each other and the promiscuous port.

    • Isolated VLAN: All ports within the isolated VLAN are unable to communicate with

       each other but they can communicate with the promiscuous port.

Private VLANs are only locally-significant to the switch - VTP will not pass this information to other switches.Each switch interface in a private VLAN assumes a specific role:

Promiscuous - communicates with the primary VLAN and all secondary VLANs. Gateway devices such as routers and switches should connect to promiscuous ports.

Host – communicates only with promiscuous ports, or ports within the local community VLAN. Host devices connect to host ports.PVLANs thus allow groups of host devices to be segmented within a VLAN,while still allowing those devices to reach external networks via a

promiscuous gateway.

NOTE : Private vlan is configured in VTP Transparent Mode

Private VLAN Configuration

The first step to configuring Private VLANs is to specify the secondary VLANs:

Switch(config)# vlan 100

Switch(config-vlan)# private-vlan community

Switch(config)# vlan 101

Switch(config-vlan)# private-vlan isolated

Next, the primary VLAN must be specified, and the secondary VLANs associated with it:

Switch(config)# vlan 50

Switch(config-vlan)# private-vlan primary

Switch(config-vlan)# private-vlan association 100,101

Secondary VLANs 100 and 101 have been associated with the primary VLAN 50.Next, Host ports must be identified, and associated with a primary and secondary VLAN:

Switch(config)# interface range fa0/5 – 6

Switch(config-if)# switchport private-vlan host

Switch(config-if)# switchport private-vlan host-association 50 101

Interfaces fa0/5 and fa0/6 have been identified as host ports, and associated with primary VLAN 50, and secondary VLAN 101.Finally, promiscuous ports must be identified, and associated with the primary VLAN and all secondary VLANs.

Switch(config)# interface range fa0/20

Switch(config-if)# switchport private-vlan promiscuous

Switch(config-if)# switchport private-vlan mapping 50 100 101

Interface fa0/20 has been identified as a promiscuous port, and associated with primary VLAN 50, and secondary VLANs 100 and 101.

Show Commands

#show interfaces fastEthernet 0/20 switchport

#show vlan private-vlan

#show vlan private-vlan type

Points to Remember

    • Devices within a community VLAN can communicate with each other AND the

        promiscuous port.

    • Devices within an isolated VLAN cannot communicate with each other and can ONLY

        communicate with the promiscuous port.

    • The promiscuous port can communicate with any other port.

    • Secondary VLANs are unable to communicate with other secondary VLANs.

    • Private VLANs can be spanned across multiple switches if you use trunks.

Related articles

• VLAN explained with Interview Questions
• VLAN Trunking Protocol (VTP) explained with Interview Questions
• How to Prepare for NETWORK ENGINEER INTERVIEW QUESTIONS
• How to Configure Protected Ports (Switching)

Read More...

Setting Passwords on router

Setting Passwords on router 

Here you will be able to learn how to set the password on a router.

• enable secret <give password here> - set encrypted password for privileged access 
• enable password <give password here> - set password for privileged access  

Setting the password for console access: 

• (config)#line console 0 
• (config-line)#login  
• (config-line)#password <put password here> 

Set password for virtual terminal (telnet) access (password must be set to access router through telnet):  

• (config)#line vty 0 4  
• (config-line)#login  
• (config-line)#password <put password here>  

Set password for auxiliary (modem) access: 

• (config)#line aux 0 
• (config-line)#login  
• (config-line)#password <put password here> 

Read More...