Cisco Tips & Tricks

January 28, 2010

Spanning Tree 802.1d and RSTP 802.1w

Filed under: Switching, Technology and Software — ciscotips @ 9:37 pm

Great videos from Cisco Learning Network

For Spanning Tree Protocol ( 802.1d)

https://learningnetwork.cisco.com/docs/DOC-1755

For Rapid Spanning Tree Protocol ( 802.1w)

https://learningnetwork.cisco.com/docs/DOC-1754

October 18, 2009

System MTU / ip ospf mtu-igonore

Filed under: ccie, IP Routing, ospf, Switching — ciscotips @ 6:54 pm

I was working on OSPF lab and suddenly on my 3560’s I saw a OSPF adjacency errors.

%OSPF-5-ADJCHG: Process 1, Nbr 192.168.10.1 on
FastEthernet0/0 from EXSTART to DOWN, Neighbor Down: Too many
retransmissions

%OSPF-5-ADJCHG: Process 1, Nbr 192.168.10.1 on
FastEthernet0/0 from DOWN to DOWN, Neighbor Down: Ignore timer expired

Suddenly I realized that may be I have MTU issues as I just completed a Q-in Q lab and changed my switch MTU ,  but to double check

I thought of checking a “debug ip ospf events” … and here it was.

OSPF: Rcv DBD from 192.168.10.1 on
FastEthernet0/0 seq 0x12A6 opt 0x52 flag 0x7 len 32  mtu 1504 state
EXSTART

OSPF: Nbr 192.168.10.1 has larger interface MTU

There are multiple ways to fix this, you can either issue “system mtu 1500” on switches or use an interface level command on Routers “Ip ospf mtu-ignore” . or the third one will be to change MTU on router interfaces ( Least preferred).

when value is changed, it will not be stored in neither running-config
nor startup-config. On Catalyst 3550, this information is stored in a
separate file on the flash. On Catalyst 3560, you can’t see it, unless
you do “show system mtu”.

“system mtu 1500” on switches is the default command. Even when value is changed, it will not be stored in  running-config  or startup-config. On Catalyst 3550, this information is stored in a separate file on the flash. On Catalyst 3560, you can’t see it, unless you do “show system mtu”.

This is one of the well-know gotchas on the actual lab exam.You have to know how to solve this. Hence, when configuring routing protocols on switches, make sure you know what the MTU is.

One important thing to note is that you might break stuff in the lab if you were suppose to configure MTU for q-in q lab and later you changed “System MTU” in your switch to fix OSPF issue.

You can also use system mtu routing 1500 in your switch to fix OSPF issue as this will be only used for routing but for Q-in-Q lab switch MTU will be still used as 1504.

IMHO,Best way to fix this in the lab would be “ip ospf mtu-ignore” under the interface on your router.

MTU  has to be the same on both ends of the link before the neighbor can form adjacency.

March 5, 2008

Cisco Graphical Simulator or GNS3

Filed under: cisco, Router, Switching, Technology and Software — ciscotips @ 6:38 pm

What is GNS3 ?

GNS3 is a graphical network simulator that allows you to design complex network topologies and to launch simulations on them.

To allow complete simulations, GNS3 is strongly linked with :

  • Dynamips, an IOS emulator which allows users to run IOS binary images from Cisco Systems.
  • Dynagen, a text-based front-end for Dynamips.

GNS3 is a excellent complementary tool to real labs for administrators of Cisco networks or people wanting to pass their CCNA, CCNP, CCIP or CCIE certifications.

It can also be used to experiment features of Cisco IOS or to check configurations that need to be deployed later on real routers. This project is an open source product that may be used on multiple platforms, including Windows, Linux, and MacOS X.

Features overview

  • Designing high quality complex network topologies.
  • Emulating Cisco routers.
  • Simulating simple Ethernet, ATM and Frame Relay switches.
  • Load and save in Dynagen’s INI-like format.
  • Image export (JPEG, PNG, BMP and XPM).

Important notice: users must provide their own Cisco IOS to use GNS3.

January 31, 2008

Cisco Open source tools

Filed under: cisco, IP Routing, security, Switching, Technology and Software — ciscotips @ 3:13 am

I came across a great resource, Cisco-centric Open Source Community (COSI). COSI is an Internet-based community that develops free Cisco tools and makes them available for download from its Web site. There are almost 50 utilities available for download. The scripts and utilities all include documentation, and the community has developed all of these tools to work with Cisco IOS routers, switches, firewalls, or CiscoWorks management software.

COSI’s Web site also offers other advantages. Clicking the link to download a script takes you to a community download page, which also features discussion forums for questions and support of these tools. It’s important to remember that Cisco’s Technical Assistance Center (TAC) doesn’t support these tools, so you must count on your own skills and the help of others in the community.

A tradeoff: These tools are not ideal for new Cisco IOS users or anyone who doesn’t have some Linux experience. Many of these tools help automate more advanced Cisco admin tasks when administering a midsize to large Cisco network

July 13, 2007

Trainsignal BCMSN CBT

Filed under: Switching — ciscotips @ 2:48 am

I was quiet impressed with Trainsignal’s  BCMSN tutorial. It all started when Scott contacted me to take a look at Trainsignal’s excellent tutorials. I really appreciate the way Train signal has handled new topics like Wireless LAN in there CBT. All trainers delievering these CBT’s are CCIE’s,  I would say Trainsignal has selected best of the Trainers to cover important topics. Train signal tutorials  is a recommended tutorials for anybody who is preparing CCNA/CCNP exams.

April 28, 2007

Why port Security?

Filed under: cisco, security, Switching — ciscotips @ 10:02 pm

Port security can be the best method of security incase you do not have a physical control of your devices in the location. Port security will only let group of address/addresses to access the switch securing your network from physical attacks.

Secured ports restrict a port to a user-defined group of stations. When you assign secure addresses to a secure port, the switch does not forward any packets with source addresses outside the defined group of addresses. If you define the address table of a secure port to contain only one address, the workstation or server attached to that port is guaranteed the full bandwidth of the port. As part of securing the port, you can also define the size of the address table for the port.

Command to enable port security

In config mode, use following command to enable port security

switchport port-security

To define allowed mac-addrresses

switchport port-security maximum max_addrs

To set security violation

switchport port-security violation {shutdown | restrict | protect}

April 1, 2007

Configuring Switch ports in Campus Environments

Filed under: Router, Switching — ciscotips @ 12:13 am

Last week,  I saw my colleague doing something pretty weird and that kind of initiated me to write this tip which i thought was not a tip initally. Due to Large 6500 48 ports 10/100 cards deployment we need to assign vlans to probably different set of ports. I aw my colleague getting in to each interface and then configuring vlan with switchport access vlan command. I realised that most of us are not aware of cool cisco command to configure similar interfaces in a single go. Here is the command

In a large switch environment, to configure all or

multiple interfaces on a switch with the same configuration

parameters, do the following:

Switch(config)# interface range [ interface { port

range } ]

For example:

Switch(config)#interface range fastEthernet 0/1 – 30

To configure different ports with the same configuration:

Switch(config)#int range fa0/1 , fa0/12 , fa0/13

May 23, 2006

Auditing Router Interfaces

Filed under: Router, Switching — ciscotips @ 11:01 pm

I received a following tip from  Robert in california, incorporating here:- 

Maintenance Finding Router Interface Information I sometimes need to audit a listing of all interfaces on a router or Multiswitch Feature Card (MSFC) for the IP address and description. While there are ways to get either  (for example, show ip int brief and sh int desc), I have been looking for a command that enables me to display both types of information at once. To find the exact information that I need quickly, I use the following command: 

show run | include interface | ip address | description

Connecting a new switch

Filed under: Switching — ciscotips @ 10:57 pm

 When connecting a new switch to your network you can accidentally change your current VLAN database if the new switch has a higher VLAN Trunking Protocol (VTP) revision number. To avoid this, you must clear the VTP revision number on the new switch. The easiest way is to change the VTP domain name to “something_else” and back to “your_VTP_domain” on the new switch. This sets the VTP revision number to 0 and you can connect the switch to the network without any problem.

May 20, 2006

QoS-Rate-Limiting Tip

Filed under: Access-lists, QOS, Router, Switching, Technology and Software — ciscotips @ 7:17 am

QOS feature that performs rate-limiting and packet classification is called CAR-Committed Access Rate.

Here is a quick tip that limits an Internet based traffic
(primarily http and FTP) to 512K, with a nice, fat burst.

First create the access lists.

access-list 100 permit tcp any any eq www
access-list 100 permit tcp any any eq ftp

Then apply rate limiting rules to the appropriate interface:

interface Serial1/0
bandwidth 2048
ip address 172.16.100.2 255.255.255.252
rate-limit input access-group 100 512000 1024000 2048000 conform-action transmit exceed-action drop
rate-limit output access-group 100 512000 1024000 2048000 conform-action transmit exceed-action drop

It will limit only http and ftp trafic, for other corporate web applications running on different ports, it will still get full E1 bandwidth.

Warning:-If, in a rate-limit rule, you reference an access list that does not exist, the rule will match all traffic. Usually not good.

Older Posts »

Blog at WordPress.com.