Thursday, 21 May 2020

Switching Tshoot Ticket 4




ISSUE -  

RAJU COME TO OFFICE  AFTER 2 WEEKS AND CONNECTED HIS NEW LAPTOP IN THE LAN PORT BUT NOT ABLE TO ACCESS THE NETWORK 


SW4#sh int status

Port      Name               Status       Vlan       Duplex  Speed Type

Fa0/1                        connected    1          auto    auto  10/100BaseTX

Fa0/2                        err-disabled 10         auto    auto  10/100BaseTX

Fa0/3                        notconnect   1          auto    auto  10/100BaseTX

Fa0/4                        notconnect   1          auto    auto  10/100BaseTX

Fa0/5                        notconnect   1          auto    auto  10/100BaseTX



SW4#  sh mac address-table interfaces fa0/2

          Mac Address Table

-------------------------------------------


Vlan    Mac Address       Type        Ports

----    -----------       --------    -----


SW4#sh port-security interface fa0/2

Port Security              : Enabled

Port Status                : Secure-shutdown

Violation Mode             : Shutdown

Aging Time                 : 0 mins

Aging Type                 : Absolute

SecureStatic Address Aging : Disabled

Maximum MAC Addresses      : 1

Total MAC Addresses        : 1

Configured MAC Addresses   : 1

Sticky MAC Addresses       : 0

Last Source Address:Vlan   : 0060.47A9.C1E7:10

Security Violation Count   : 1


interface FastEthernet0/2

 switchport access vlan 10

 switchport mode access

 switchport port-security

 switchport port-security mac-address 0060.47A9.C1E4


SW4(config)#int fa0/2

SW4(config-if)#no switchport port-security mac-address 0060.47A9.C1E4

SW4(config-if)#switchport port-security mac-address 0060.4745.D5DE

SW4(config-if)#

SW4(config-if)#^Z


SW4#sh int fa0/2

FastEthernet0/2 is down, line protocol is down (err-disabled)

  Hardware is Lance, address is 0000.0c7c.0502 (bia 0000.0c7c.0502)

 BW 100000 Kbit, DLY 1000 usec,

     reliability 255/255, txload 1/255, rxload 1/255

  Encapsulation ARPA, loopback not set


SW4#config

Configuring from terminal, memory, or network [terminal]? 

Enter configuration commands, one per line.  End with CNTL/Z.

SW4(config)#int fa0/2

SW4(config-if)#shut


%LINK-5-CHANGED: Interface FastEthernet0/2, changed state to administratively down

SW4(config-if)#

SW4(config-if)#

SW4(config-if)#

SW4(config-if)#no shut


SW4(config-if)#

%LINK-5-CHANGED: Interface FastEthernet0/2, changed state to up


%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state to up

^Z

SW4#

%SYS-5-CONFIG_I: Configured from console by console


SW4#

SW4#

SW4#sh int fa0/2

FastEthernet0/2 is up, line protocol is up (connected)

  Hardware is Lance, address is 0000.0c7c.0502 (bia 0000.0c7c.0502)

 BW 100000 Kbit, DLY 1000 usec,

     reliability 255/255, txload 1/255, rxload 1/255

  Encapsulation ARPA, loopback not set

  Keepalive set (10 sec)

  Full-duplex, 100Mb/s

  input flow-control is off, output flow-control is off

  ARP type: ARPA, ARP Timeout 04:00:00

  Last input 00:00:08, output 00:00:05, output hang never

  Last clearing of "show interface" counters never

  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0

  Queueing strategy: fifo

  Output queue :0/40 (size/max)

  5 minute input rate 0 bits/sec, 0 packets/sec

  5 minute output rate 0 bits/sec, 0 packets/sec

     956 packets input, 193351 bytes, 0 no buffer

     Received 956 broadcasts, 0 runts, 0 giants, 0 throttles

     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

     0 watchdog, 0 multicast, 0 pause input

     0 input packets with dribble condition detected

     2357 packets output, 263570 bytes, 0 underruns

     0 output errors, 0 collisions, 10 interface resets

     0 babbles, 0 late collision, 0 deferred

     0 lost carrier, 0 no carrier

     0 output buffer failures, 0 output buffers swapped out


SW4#  sh port-security int fa0/2

Port Security              : Enabled

Port Status                : Secure-up

Violation Mode             : Shutdown

Aging Time                 : 0 mins

Aging Type                 : Absolute

SecureStatic Address Aging : Disabled

Maximum MAC Addresses      : 1

Total MAC Addresses        : 1

Configured MAC Addresses   : 1

Sticky MAC Addresses       : 0

Last Source Address:Vlan   : 0060.47A9.C1E7:10

Security Violation Count   : 0


SW4#sh mac address-table interfaces fa0/2

          Mac Address Table

-------------------------------------------


Vlan    Mac Address       Type        Ports

----    -----------       --------    -----


  10    0060.4745.d5de    STATIC      Fa0/2

SW4#  


Sunday, 17 May 2020

EIGRP - QUICK NOTES

EIGRP                                                                                                         

         IGP

         Classless

         Hybrid (Best of LS & Best of DV)   LS -> Convergence ,DV -> Simplicity in Config

         Metric -> Composite Metric .By default it depends upon Bandwidth & Delay . But load , relability and MTU can be considered if the metric weights i.e K values are set to 1.   

         Bandwidth in 10^7/ Bandwidth (kbps) and delay in 10microseconds.

         Bandwidth =the lowest of the link along the path , Delay= sum of the all delays along the path

         K Values = Metric Weight.

             K1 = Bandwidth =1 , K2= Load= 0 , K3= Delay =1 , K4/K5 = Reliability , MTU =0 (Container)

         Load Balancing over unequal path is proportionate. This achieve due by Variance command.

By default EIGRP can do load balancing over 4 equal cost paths.

But we can load balancing up to 16 equal / unequal cost paths.

R1(config-router)# variance 2    ------multipler - best path cost will get multipled by 2 and which path whose cost  comes under that value over those path load balancing can happen.

         EIGRP Neighbor relationship Rule:-

                1)They should be directly connected

                2) They should belong to same AS

                3) There K Values should be same.

         EIGRP Summarization Rule:-

                1) Automatic Summarization will happen at Classful boundary.

                2) Manual Summarization will happen at at any arbitary boundary.

When summarization is configured on an interface , the router immediatley creates a route pointing to NULL 0. This is EIGRP LOOP Pervention Mechanism.

         EIGRP control Packets:-     HQURA

                 1) Hello :- Establish neighbor relationship = Multicast

                 2) Query :- Ask neighbor about routing information = Normally multicast . Unicast (retransmitted)

                 3) Update :- Sending routing update = Unicast / Multicast

                 4) Reply:- Respond to query about routing information = Unicast

                 5) Ack :- Ack a reliable packet   = Unicast Hello packets .Ack - U Q R

         EIGRP Timers

                Fast Neighbor ( bandwidth= > T1 1.544Mbps)  = 5 Secs and 15 Secs

                Slow Neighbor = 60 Secs and 180 Secs.

         EIGRP AD Values

                 Summary routes = 5 , Internal routes = 90 , External routes =170.

         Specality :- It elects next best path when it elects next best path.

                 Best path - Successor & Next Best path - Feasiable Successor

         AD value (Advertised Distance) = Cost between Next Hop  & Destination.

                FD value (Feasiable Distance) = Cost between local router & Destination.

         DUAL - Diffusion Update Alogrithm

 This a logic which runs on the topology table , elects the best path and put it in Routing table.

              Rule 1:- For a path to become a Feasiable Successor its AD value should be less than current FD value .

                Rule 2:- For a path to be consider as a valid path its AD value should be less than two times the current FD value

         SIA - Stuck in Active -  This is an Issue

If in topology table Feasiable Successor is not present and if Successor goes down then the router will send Queries to all directly connected routers and will remain in SIA till it gets replies all the Queries . Again these Queries are not bounded to AS . Hence there would be an available route but still it will remain in SIA .

         Solution for SIA

                1) Summarization

                 2) EIGRP Stub - That router should have single exit point and hence once it is made EIGRP Stub it will tell dont send me Query because I am learning routes from you only.

EIGRP stub options -RCSS

1)receive-only - Prevents the stub from sending any type of route.

2)connected - Permits the stub to send connected routes (may still need to redistribute)

3)static - Permits the stub to send static routes (may still need to redistribute)

4)summary - Permits stub to send summary route

Default is connected and summary

         Configuration

R1(Config)#router eigrp 100

                         network 11.0.0.0 255.2555.255.0

                         network 12.0.0.0 0.0.0.255

R1# sh ip route

     # sh ip eigrp interface

     # sh ip eigrp neighbor

    # sh ip eigrp topology

         In EIGRP passive route means good and active route means bad.

         An EIGRP interface can be configured as Passive so that it wont send and receive update on that interface.


YOUTUBE CHANNEL

www.youtube.com/c/networkengineerstuff


Saturday, 16 May 2020

Cisco ASA - Password Recovery Procedure

If for any reason you are locked out of an ASA appliance and you don’t remember the password to
log-in, then you need to follow the password recovery procedure below:

Step1:
Connect with a console cable to the ASA and power-cycle the device (switch it OFF and ON again)

Step2:
Press continuously the “ESC” key on your keyboard until the device gets into ROMMON mode. This
mode shows the following prompt:
rommon #1>

Step3:
Now we need to change the “configuration register” which is a special register controlling how
the device boots up etc.
rommon #1>confreg
The security appliance displays the current configuration register value, and asks if you want to
change the value. Answer no when prompt.
Current Configuration Register: 0x00000011
Configuration Summary:
boot TFTP image, boot default image from Flash on netboot failure
Do you wish to change this configuration? y/n [n]: n

Step4:
Now we must manually change the confreg value to 0x41 which means that the appliance will
ignore the startup-configuration when booting. Then, reboot the appliance.
rommon #2>confreg 0x41
rommon #3>boot

Step5:
Now the ASA will ignore its startup configuration and boot up without asking for a password.
ciscoasa>enable
Password: <Hit Enter>
ciscoasa#

Step6:
Copy the startup configuration file into the running configuration.
ciscoasa# copy startup-config running-config
Destination filename [running-config]? <Hit Enter>

Step7:
Now configure a new privileged level password (enable password) and also reset the configuration
register to its original value (0x01)
ciscoasa#conf term
ciscoasa(config)#enable password strongpass
ciscoasa(config)# config-register 0x01
ciscoasa(config)# wr mem

Step8:
Reload the appliance. Now you should be able to log in with the new password.
ciscoasa(config)# reload


Wednesday, 13 May 2020

Switching Tshoot - Ticket 3

PC AND LAPTOP BOTH ARE IN THE SAME VLAN 10 (10.1.1.0/24)
WHEREAS SERVER IS IN THE ANOTHER VLAN 20 (10.1.2.0/24)

SW1 is a Layer 3 Switch

SW2 , SW3 AND SW4 are Layer 2 Switches

Issue :-

=================

Intervlan Communication is not happening






Lets check from PC

!!!! Able to ping laptop which is in the same vlan but not able to ping server which is in different vlan

C:\>ping 10.1.1.3

Pinging 10.1.1.3 with 32 bytes of data:

Reply from 10.1.1.3: bytes=32 time=1ms TTL=128
Reply from 10.1.1.3: bytes=32 time<1ms TTL=128
Reply from 10.1.1.3: bytes=32 time<1ms TTL=128
Reply from 10.1.1.3: bytes=32 time=1ms TTL=128

Ping statistics for 10.1.1.3:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 1ms, Average = 0ms

C:\>ping 10.1.2.2

Pinging 10.1.2.2 with 32 bytes of data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 10.1.2.2:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),


C:\>

Also let check pinging PC from Server

C:\>ping 10.1.1.2

Pinging 10.1.1.2 with 32 bytes of data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 10.1.1.2:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),


C:\>

!!!! Lets check whether we are able to ping the default gateway from PC and Server

PC
=====
C:\>ping 10.1.1.1

Pinging 10.1.1.1 with 32 bytes of data:

Reply from 10.1.1.1: bytes=32 time<1ms TTL=255
Reply from 10.1.1.1: bytes=32 time<1ms TTL=255
Reply from 10.1.1.1: bytes=32 time<1ms TTL=255
Reply from 10.1.1.1: bytes=32 time=2ms TTL=255

Ping statistics for 10.1.1.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 2ms, Average = 0ms

Server
======

C:\>ping 10.1.2.1

Pinging 10.1.2.1 with 32 bytes of data:

Reply from 10.1.2.1: bytes=32 time=1ms TTL=255
Reply from 10.1.2.1: bytes=32 time<1ms TTL=255
Reply from 10.1.2.1: bytes=32 time<1ms TTL=255
Reply from 10.1.2.1: bytes=32 time=1ms TTL=255

Ping statistics for 10.1.2.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 1ms, Average = 0ms

Checking from SW1 which is the gateway

SW1#ping 10.1.1.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/1/3 ms

SW1#ping 10.1.2.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.2.2, timeout is 2 seconds:
!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 0/1/3 ms

Both SVIs are also up

SW1#sh int vlan 10
Vlan10 is up, line protocol is up
Hardware is CPU Interface, address is 00d0.ba25.3301 (bia 00d0.ba25.3301)
Internet address is 10.1.1.1/24
MTU 1500 bytes, BW 100000 Kbit, DLY 1000000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
ARP type: ARPA, ARP Timeout 04:00:00
Last input 21:40:21, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
1682 packets input, 530955 bytes, 0 no buffer
Received 0 broadcasts (0 IP multicast)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
563859 packets output, 0 bytes, 0 underruns
0 output errors, 23 interface resets
0 output buffer failures, 0 output buffers swapped out

SW1#sh int vlan 20
Vlan20 is up, line protocol is up
Hardware is CPU Interface, address is 00d0.ba25.3302 (bia 00d0.ba25.3302)
Internet address is 10.1.2.1/24
MTU 1500 bytes, BW 100000 Kbit, DLY 1000000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
ARP type: ARPA, ARP Timeout 04:00:00
Last input 21:40:21, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
1682 packets input, 530955 bytes, 0 no buffer
Received 0 broadcasts (0 IP multicast)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
563859 packets output, 0 bytes, 0 underruns
0 output errors, 23 interface resets
0 output buffer failures, 0 output buffers swapped out


SW1#


Intravlan Communication needs Routing

& Routing is not happening on Gateway SW1

SW1#sh ip route
Default gateway is not set

Host Gateway Last Use Total Uses Interface
ICMP redirect cache is empty

SW1#config
Configuring from terminal, memory, or network [terminal]?
Enter configuration commands, one per line. End with CNTL/Z.

SW1(config)#ip routing

SW1(config)#^Z
SW1#
%SYS-5-CONFIG_I: Configured from console by console

SW1#
SW1#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route

Gateway of last resort is not set

10.0.0.0/24 is subnetted, 2 subnets
C 10.1.1.0 is directly connected, Vlan10
C 10.1.2.0 is directly connected, Vlan20


By default Routing is disabled on Layer 3 Switches and hence we have enabled the routing on same.


PC

C:\>ping 10.1.2.2

Pinging 10.1.2.2 with 32 bytes of data:

Reply from 10.1.2.2: bytes=32 time<1ms TTL=127
Reply from 10.1.2.2: bytes=32 time<1ms TTL=127
Reply from 10.1.2.2: bytes=32 time=10ms TTL=127
Reply from 10.1.2.2: bytes=32 time=12ms TTL=127

Ping statistics for 10.1.2.2:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 12ms, Average = 5ms


Server

C:\>ping 10.1.1.2

Pinging 10.1.1.2 with 32 bytes of data:

Reply from 10.1.1.2: bytes=32 time=1ms TTL=127
Reply from 10.1.1.2: bytes=32 time<1ms TTL=127
Reply from 10.1.1.2: bytes=32 time<1ms TTL=127
Reply from 10.1.1.2: bytes=32 time<1ms TTL=127

Ping statistics for 10.1.1.2:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 1ms, Average = 0ms



Now we are able to ping!!!!

Issue resolved

Thanks for Reading !!!!



Tuesday, 12 May 2020

BGP CHAPTER 17- BGP ATTRIBUTE - WEIGHT


It is Cisco proprietary attribute.

It is local on the router.
 
Used to manipulate outbound traffic.

Range of value for Weight is 0 to 65535.
The default value for weight is 32768 for all routes which are originated by the local router.
The default value for weight is 0 for all routes which are not originated by the local router. 
Always a path with the highest weight will be preferred.



WEIGHT
BGP ATTRIBUTE - WEIGHT


Lets check the Interfaces IP Address and the status 

R1#sh ip  int brief | i up
Serial0                    12.1.1.1        YES manual up                    up
Serial1                    13.1.1.1        YES manual up                    up

R2#sh ip  int brief | i up
Serial0                    12.1.1.2        YES manual up                    up
Serial2                    23.1.1.2        YES manual up                    up
R2#

R3#sh ip  int brief | i up
Serial1                    13.1.1.3        YES manual up                    up
Serial2                    23.1.1.3        YES manual up                    up
R3#

Configuration of eBGP 

R1(config)#router bgp 100
R1(config-router)#neighbor 12.1.1.2 remote-as 200
R1(config-router)#neighbor 13.1.1.3 remote-as 300
R1(config-router)#^Z

R2(config)#router bgp 200
R2(config-router)#neighbor 12.1.1.1 remote-as 100
R2(config-router)#neighbor 23.1.1.3 remote-as 300
R2(config-router)#^Z

R3(config)#router bgp 300
R3(config-router)#neighbor 13.1.1.1 remote-as 100
R3(config-router)#neighbor 23.1.1.2 remote-as 200
R3(config-router)#^Z

R1#sh ip bgp summary
BGP router identifier 13.1.1.1, local AS number 100
BGP table version is 1, main routing table version 1

Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
12.1.1.2        4   200       8       8        1    0    0 00:05:43        0
13.1.1.3        4   300       7       8        1    0    0 00:00:44        0
R1#

R2#sh ip bgp summary
BGP router identifier 23.1.1.2, local AS number 200
BGP table version is 1, main routing table version 1

Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
12.1.1.1        4   100       9       8        1    0    0 00:06:00        0
23.1.1.3        4   300       4       4        1    0    0 00:00:38        0
R2#

R3#sh ip bgp summary
BGP router identifier 23.1.1.3, local AS number 300
BGP table version is 1, main routing table version 1

Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
13.1.1.1        4   100       5       5        1    0    0 00:01:19        0
23.1.1.2        4   200       4       4        1    0    0 00:00:57        0

Now lets configure a loopback 0 interface on R3 and advertise same in BGP 

R3(config)#int loopback 0
May  9 08:19:39.059: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback0, changed state to up
R3(config-if)#ip address 100.100.100.1 255.255.255.0
R3(config-if)#^Z

R3#sh ip bgp

R3#config
Configuring from terminal, memory, or network [terminal]?
Enter configuration commands, one per line.  End with CNTL/Z.
R3(config)#router bgp 300
R3(config-router)#network 100.100.100.0 mask 255.255.255.0
R3(config-router)#^Z
R3#
May  9 08:21:28.143: %SYS-5-CONFIG_I: Configured from console by console
R3#sh ip bgp
BGP table version is 2, local router ID is 23.1.1.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 100.100.100.0/24 0.0.0.0                  0         32768 i


Now lets use Weight attribute to manipulate OUTGOING PATH for R1 for network 100.100.100.0/24

Now 
On R1 we have 2 path to reach 100.100.100.0/24

R1#sh ip  bgp
BGP table version is 2, local router ID is 13.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*  100.100.100.0/24 12.1.1.2                               0 200 300 i
*>                  13.1.1.3                 0             0 300 i
R1#

PATH 1 ===> via R2
PATH 2 ===> via R3 

and PATH 2 is best .

Now lets USE WEIGHT TO MAKE PATH1 THE BEST ROUTE

Currently the weight for the both path is 0

Lets make the weight for PATH 1 as 10 

R1(config)#router bgp 100

R1(config-router)#neighbor 12.1.1.2 weight ?
  <0-65535>  default weight

R1(config-router)#neighbor 12.1.1.2 weight 10
R1(config-router)#^Z

R1#clear ip bgp * soft in
R1#clear ip bgp * soft out
R1#
R1#sh ip bgp
BGP table version is 3, local router ID is 13.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 100.100.100.0/24 12.1.1.2                              10 200 300 i
*                   13.1.1.3                 0             0 300 i
R1#

Now see the PATH 1 is best 

Another way of doing this is by using route-map

Lets configure another Loopback on R3

R3(config)#int loopback 1
R3(config-if)#ip address 111.111.111.1 255.255.255.0
R3(config-if)#^Z
R3#
May  9 08:48:33.255: %SYS-5-CONFIG_I: Configured from console by console
R3#config
Configuring from terminal, memory, or network [terminal]?
Enter configuration commands, one per line.  End with CNTL/Z.
R3(config)#router bgp 300
R3(config-router)#network 111.111.111.0 mask 255.255.255.0
R3(config-router)#^Z
R3#

Now lets check on R1 

R1#sh ip bgp
BGP table version is 6, local router ID is 13.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 100.100.100.0/24 12.1.1.2                              10 200 300 i
*                   13.1.1.3                 0             0 300 i
* 111.111.111.0/24  13.1.1.3                 0             0 300 i
*>                  12.1.1.2                              10 200 300 i
R1#

For both networks Path 1 ie Path via R2 is best 

But for we want that only for network 100.100.100.0/24 the best path should be via R2

and that can be achieve using route-map

R1#sh run | section bgp
router bgp 100
 no synchronization
 bgp log-neighbor-changes
 neighbor 12.1.1.2 remote-as 200
 neighbor 12.1.1.2 weight 10
 neighbor 13.1.1.3 remote-as 300
 no auto-summary
R1#
R1#
R1#config
Configuring from terminal, memory, or network [terminal]?
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#router bgp 100
R1(config-router)#no neighbor 12.1.1.2 weight 10
R1(config-router)#^Z
R1#
May  9 08:52:50.871: %SYS-5-CONFIG_I: Configured from console by console
R1#clear ip bgp * soft in
R1#clear ip bgp * soft out
R1#sh ip bgp
BGP table version is 8, local router ID is 13.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*  100.100.100.0/24 12.1.1.2                               0 200 300 i
*>                  13.1.1.3                 0             0 300 i
*> 111.111.111.0/24 13.1.1.3                 0             0 300 i
*                   12.1.1.2                               0 200 300 i
R1#

NOW LETS USE ROUTE-MAP

R1(config)#ip access-list standard 10
R1(config-std-nacl)#permit 100.100.100.0 0.0.0.255
R1(config-std-nacl)#^Z
R1#

R1(config)#route-map TECHMAP permit 10
R1(config-route-map)#match ip address 10
R1(config-route-map)#set weight 10
R1(config)#route-map TECHMAP permit 20
R1(config-route-map)#set weight 0
R1(config-route-map)#^Z
R1#

R1#sh ip access-lists
Standard IP access list 10
    10 permit 100.100.100.0, wildcard bits 0.0.0.255
R1#sh route-map
route-map TECHMAP, permit, sequence 10
  Match clauses:
    ip address (access-lists): 10
  Set clauses:
    weight 10
  Policy routing matches: 0 packets, 0 bytes
route-map TECHMAP, permit, sequence 20
  Match clauses:
  Set clauses:
    weight 0
  Policy routing matches: 0 packets, 0 bytes
R1#
R1(config)#router bgp 100
R1(config-router)#neighbor 12.1.1.2 route-map TECHMAP in
R1(config-router)#^Z

R1#sh ip bgp
BGP table version is 23, local router ID is 13.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 100.100.100.0/24 12.1.1.2                              10 200 300 i
*                   13.1.1.3                 0             0 300 i
*> 111.111.111.0/24 13.1.1.3                 0             0 300 i
*                   12.1.1.2                               0 200 300 i

Now we can see that only for network 100.100.100.0/24 the best path is via R2




Monday, 11 May 2020

Network Engineer Job Responsibilities | Qualifications | Skills


Network Engineer Job Responsibilities | Qualifications | Skills


Network Engineer Job Responsibilities

  • Designing & Implementing the Network
  • Preparing network devices configurations  
  • Supporting the Implemented network in 24x7 support
  • Monitoring the networking by using Network Monitoring Tools 
  • Troubleshooting the network issues and outages.
  • Implementing new changes as per requirement in the network 
  • Performing Physical connectivity i,e cables , connector etc.
  • Preparing network related documents which would involve Network services agreements , Incident Reports ,Audit Reports , Network Diagrams etc.
  • Understanding of Change Management , Configuration Management etc .Change Process.

Network Engineer Qualifications/Skills:

  • Graduate in Information Technology / Computer Science or equivalent 
  • Understanding of Networking Concepts.
  • Knowledge of Network Devices and Hardware
  • Network troubleshooting skills 
  • Time-management skills
  • Strong documentation skills
  • Knowledge of multivendor and multi-platform devices 
  • Certifications like - CCNA , CCNP , CCIE , JNCIA , JNCIS , JNCIP ,JNCIE ,CCSA, CCSE , ITIL etc.




Sunday, 10 May 2020

HOW TO RESET NEXUS SWITCH PASSWORD



How to reset Nexus switch Password !!!!!

But lets understand why we would need to Reset Nexus Switch Password 

1) Simply !!!! You forgot the password 

or 

2) You have a brand new switch and you have not selected normal setup .

(When you boot the nexus switch for the first time it will prompt for Abort Auto provisioning and proceed with Normal setup and when you enter Yes -
default username password will be admin admin123)

So lets understand the steps to Reset the Password

HOW TO RESET NEXUS SWITCH PASSWORD


STEPS :-
  • Connect your laptop to console of the Nexus Switch 
  • Open console of the switch 
  • Reboot Switch 
  • After Rebooting start pressing Ctrl + C immediately
  • Switch loader mode will appear  loader >
  • Enter the command 
  • loader > cmdline recoverymode=1
  • loader> dir to view the nx-os images present 
  • loader > boot "nx-os name" e.g -loader > boot n9000-dk123.1.bin 
  • Note in case after entering this command switch ask for login then use below command
  • loader > boot n9000-dk123.1.bin load+found
  • Switch will enter in boot mode 
  • switch(boot)# admin-password Cisco@123
  • switch(boot)#exit
  • switch(boot)#load-NXOS
  • Then switch will boot with select NX-OS
  • Login with username - admin and new password (here Cisco@123)

Saturday, 9 May 2020

BGP CHAPTER 15 - BGP - AS PATH PREPEND

Today in this post we will focus on an very important BGP Attribute -AS PATH . 

We will also how we can use AS-PATH PREPEND to manipulate the path selection .


AS PATH ATTRIBUTE 

  • It is well-known Mandatory attribute 
  • Present in each and every BGP update.
  • When a BGP router sends a update to its eBGP neighbor it adds its own AS number to the left of the AS path.
  • The AS Path allows us to see  which autonomous system needs to be crossed inorder to reach the destination.
  • When a router receives a route and which includes its own AS number the router will not accept the router . 
  • BGP AS PATH attributes is also used in loop prevention.  
  • BGP refers shortest AS path to reach the destination 
Lets see an lab for AS Path and also we will see how we can use AS Path prepending to manipulate the path selection .


Lets check the interfaces of all the routers - R1 , R2 ,R3 and R4

R1#sh int des
Interface                      Status         Protocol Description
Fa0                            admin down     down
Se0                            up             up       to R2
Se1                            up             up       to R3
Se2                            admin down     down
Se3                            admin down     down
R1#
R1#sh ip int brief
Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0              unassigned      YES NVRAM  administratively down down
Serial0                    12.0.0.1        YES NVRAM  up                    up
Serial1                    13.0.0.1        YES NVRAM  up                    up
Serial2                    unassigned      YES NVRAM  administratively down down
Serial3                    unassigned      YES NVRAM  administratively down down

R2#sh int des
Interface                      Status         Protocol Description
Fa0                            admin down     down
Se0                            up             up       to R1
Se1                            up             up       to R4
Se2                            admin down     down
Se3                            admin down     down
R2#sh ip int brief
Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0              unassigned      YES NVRAM  administratively down down
Serial0                    12.0.0.2        YES NVRAM  up                    up
Serial1                    24.0.0.2        YES NVRAM  up                    up
Serial2                    unassigned      YES NVRAM  administratively down down
Serial3                    unassigned      YES NVRAM  administratively down down

R3#sh int des
Interface                      Status         Protocol Description
Fa0                            admin down     down
Se0                            up             up       to R4
Se1                            up             up       to R1
Se2                            admin down     down
Se3                            admin down     down
R3#sh ip int brief
Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0              unassigned      YES NVRAM  administratively down down
Serial0                    34.0.0.3        YES NVRAM  up                    up
Serial1                    13.0.0.3        YES NVRAM  up                    up
Serial2                    unassigned      YES NVRAM  administratively down down
Serial3                    unassigned      YES NVRAM  administratively down down

R4#sh int des
Interface                      Status         Protocol Description
Fa0                            admin down     down
Se0                            up             up       to R3
Se1                            up             up       to R2
Se2                            admin down     down
Se3                            admin down     down
R4#
R4#sh ip int brief
Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0              unassigned      YES NVRAM  administratively down down
Serial0                    34.0.0.4        YES NVRAM  up                    up
Serial1                    24.0.0.4        YES NVRAM  up                    up
Serial2                    unassigned      YES NVRAM  administratively down down
Serial3                    unassigned      YES NVRAM  administratively down down

BGP Configuration is already done , lets check out the BGP Configuration and BGP Neighborship.

R1#sh run | section bgp
router bgp 100
 no synchronization
 bgp log-neighbor-changes
 neighbor 12.0.0.2 remote-as 200
 neighbor 13.0.0.3 remote-as 300
 no auto-summary


R1#sh ip bgp summary
BGP router identifier 13.0.0.1, local AS number 100
BGP table version is 1, main routing table version 1

Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
12.0.0.2            4   200      19         19                1           0    0       00:16:15        0
13.0.0.3            4   300      19         19                1           0    0       00:16:12        0

R2#sh run | section bgp
router bgp 200
 no synchronization
 bgp log-neighbor-changes
 neighbor 12.0.0.1 remote-as 100
 neighbor 24.0.0.4 remote-as 200
 no auto-summary


R2#sh ip bgp summ
BGP router identifier 24.0.0.2, local AS number 200
BGP table version is 1, main routing table version 1

Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
12.0.0.1          4   100      20           20             1            0    0         00:17:51        0
24.0.0.4          4   200      20           20             1            0    0         00:17:48        0

R3#sh run | section bgp
router bgp 300
 no synchronization
 bgp log-neighbor-changes
 network 100.0.0.0 mask 255.255.255.0
 neighbor 13.0.0.1 remote-as 100
 neighbor 34.0.0.4 remote-as 200
 no auto-summary

R3#sh ip bgp sum
BGP router identifier 34.0.0.3, local AS number 300
BGP table version is 1, main routing table version 1

Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
13.0.0.1          4   100      22           22              1          0    0          00:19:40        0
34.0.0.4          4   200      22           22              1          0    0          00:19:40        0

R4#sh run | section bgp
router bgp 200
 no synchronization
 bgp log-neighbor-changes
 neighbor 24.0.0.2 remote-as 200
 neighbor 24.0.0.2 next-hop-self
 neighbor 34.0.0.3 remote-as 300
 no auto-summary


R4#sh ip bgp summary
BGP router identifier 34.0.0.4, local AS number 200
BGP table version is 1, main routing table version 1

Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
24.0.0.2          4    200      28         28               1           0    0          00:25:03        0
34.0.0.3         4     300      28         28               1           0    0          00:25:02        0

Lets configure a loopback interface on R3 

R3(config)#int loopback 0
R3(config-if)#ip address 100.0.0.1 255.255.255.0
R3(config-if)#^Z

Advertising the network 100.0.0.0/24 in BGP on R3

R3#config
Configuring from terminal, memory, or network [terminal]?
Enter configuration commands, one per line.  End with CNTL/Z.
R3(config)#router bgp 300
R3(config-router)#network 100.0.0.0 mask 255.255.255.0
R3(config-router)#^Z

Now we check on R1 that the network is learnt via two paths -

- path 1 - AS200 -AS300
- path 2- AS 300


R1#sh ip bgp
BGP table version is 4, local router ID is 13.0.0.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric  LocPrf  Weight    Path
*  100.0.0.0/24     12.0.0.2                                            0       200 300 i
*>                         13.0.0.3                 0                         0       300 i

& we can see that path2 is best path .

Now lets manipulate the path selection and make Path1 as best path by  using AS Path prepending.

Let us first understand what is AS Path Prepend

AS Path Prepend 

AS Path Prepend means adding one or more AS number to the left side of the AS Path.

R1(config)#route-map TECHSTUFF

R1(config-route-map)#set as-path ?
  prepend  Prepend to the as-path
  tag      Set the tag as an AS-path attribute

R1(config-route-map)#set as-path pre
R1(config-route-map)#set as-path prepend ?
  <1-65535>  AS number
  last-as    Prepend last AS to the as-path
  <cr>

R1(config-route-map)#set as-path prepend 299 298 297
R1(config-route-map)#^Z

R1(config)#router bgp 100
R1(config-router)#neighbor 13.0.0.3 route-map TECHSTUFF ?
  in   Apply map to incoming routes
  out  Apply map to outbound routes

R1(config-router)#neighbor 13.0.0.3 route-map TECHSTUFF in
R1(config-router)#^Z

R1#clear ip bgp * soft in

R1#sh ip bgp
BGP table version is 3, local router ID is 13.0.0.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight   Path
*  100.0.0.0/24     13.0.0.3                 0                     0       299 298 297 300 i
*>                         12.0.0.2                                        0       200 300 i


As we can check now that the path2 via R2 is best path .


In this way we can use AS Prepend to manipulate the path selection by adding AS Path on left of AS path.


Hope this is informative !!!!!!

Thanks for reading