Henry's Points

1. frame-relay lmi-type

There are three types of LMI, Cisco, ANSI and Q933a. (We should know that from ccie written exam. ). So, when configure frame relay on the certain serial port, we have to know what type of LMI in the Frame Relay Switch. Especially when you use dynagen as vitural lab, since it only support ANSI ANNEX D.

2. no frame-relay inverse-arp

When we configure static frame relay, we need to add this configuration to prevent any inverse-arp request traffic.

3. frame-relay map ip 192.168.1.1 102 broadcast

broadcast option is useful when frame relay traffic forward both unicast and multicast. Especially when OSPF update LSA by using multicast to 224.0.0.5. Also, broadcast is not used for spoke to spoke.

Tags: Networks by hengdu
2 Comments »

A little bit rush. Roma is not build in a day, so does CCIE. I watched several guys blogs. They all schedule study wisely. Well, although I am the different story, my CCIE will be built brick by brick. Still don’t forget, what’s technology for?

Tags: Networks by hengdu
No Comments »

Although there is only 2 points for Trunking, it does need to carefully setup and verification. Two things need to keep in mind.

1. Don’t configure “interface Port-channel0″ in layer 2 channel-group. Cisco IOS takes care of it.

2. Make sure all swichports which participate in channel-group have the same configuration in physical layer, including speed, duplex, trunk mode and encapsulation.

HENRY_SW1#config t
HENRY_SW1(config)#inter range fa0/23, fa0/24
HENRY_SW1(config-if-range)#switchport trunk encapsulation dot1q
HENRY_SW1(config-if-range)#switchport trunk allowed vlan all
HENRY_SW1(config-if-range)#switchport mode trunk
HENRY_SW1(config-if-range)#channel-group 1 mode desirable
HENRY_SW1(config-if-range)#end

In case of loop when configure ethernet-channel, make sure that Port-channel participate spanning-tree, instead of those two ports.

HENRY_SW1#sh spanning-tree vlan 432

VLAN0432
Spanning tree enabled protocol ieee
Root ID Priority 32768
Address 0001.4327.7daf
Cost 145
Port 65 (Port-channel1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 33200 (priority 32768 sys-id-ext 432)
Address 000d.29ad.2880
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300

Interface Role Sts Cost Prio.Nbr Type
—————- —- — ——— ——– ——————————–
Fa0/13 Desg FWD 19 128.13 P2p
Fa0/14 Desg FWD 19 128.14 P2p
Fa0/15 Desg FWD 19 128.15 P2p
Fa0/16 Desg FWD 100 128.16 Shr
Po1 Root FWD 12 128.65 P2p

Tags: How-to, Networks by hengdu
No Comments »

The fact is, when we assign a FastEthernet port to be a destination port for SPAN, its “line of protocol is down”. It’s by design according to Cisco Document. Later, I noticed that, even though there is no connection for destination port, the LED is still green to indicate forwarding status. So, The conclusion is, the destination port should be only used for network analyzer. It won’t forward any traffic. The following is the list of destination port characteristics.

A destination port must reside on the same switch as the source port (for a local SPAN session).

A destination port can be any Ethernet physical port.

A destination port can participate in only one SPAN session at a time. A destination port in one SPAN session cannot be a destination port for a second SPAN session.

A destination port cannot be a source port.

A destination port cannot be an EtherChannel group.

A destination port can be a physical port that is assigned to an EtherChannel group, even if the EtherChannel group has been specified as a SPAN source. The port is removed from the group while it is configured as a SPAN destination port.

The port does not transmit any traffic except that traffic required for the SPAN session unless learning is enabled. If learning is enabled, the port also transmits traffic directed to hosts that have been learned on the destination port.

The state of the destination port is up/down by design. The interface shows the port in this state in order to make it evident that the port is currently not usable as a production port.

If ingress traffic forwarding is enabled for a network security device. The destination port forwards traffic at Layer 2.

A destination port does not participate in spanning tree while the SPAN session is active.

When it is a destination port, it does not participate in any of the Layer 2 protocols (STP, VTP, CDP, DTP, PagP).

A destination port that belongs to a source VLAN of any SPAN session is excluded from the source list and is not monitored.

A destination port receives copies of sent and received traffic for all monitored source ports. If a destination port is oversubscribed, it can become congested. This congestion can affect traffic forwarding on one or more of the source ports.

Tags: Networks by hengdu
No Comments »

Since there are limited IP addresses in the lab, I should carefully assign subnet. At the beginning, I create a vlan 450. Then, I assign IP address 192.168.50.35/24 to interface vlan 450. Later, I found out I waste too much IP address since vlan 450 doesn’t have 256 – 2 = 254 hosts. (192.168.50.255 is broadcast IP and 1921.68.50.0 is subnet zero IP). I am trying to subnet 192.168.50.148/30, then I have to change vlan 450 interface network. If this is in the lab, I will screw up the whole things. So, don’t be foolish, do right thing at the beginning.

Later, I saw someone use ip subnet-zero command. However, Cisco doesn’t recommend that. You can get the details from the following link.

Subnet Zero and the All-Ones Subnet

By the way, ip classless should be default configuration.

Tags: Networks by hengdu
No Comments »

RADIUS Server is commonly used in network AAA. It provides authentication by UDP port 1812, accounting by UDP port 1813 and proxy by UDP 1814. To setup RADIUS Server on Fedora is simply.

First, we need install Free Radius to Fedora

sudo yum -y install freeradius

Then, we need to configure client.conf file

vi /etc/raddb/client.conf
…
client 192.168.50.60/24 {
secret = 1a2b3c4d
shortname = freeradius
}

Then, we need assign user name and password

vi /etc/raddb/users
…
“John Smith” ClearText-Password := “cowsgomoon”

Later on, we can start radius deamon by -X option for debugging purpose.

radiusd -X

Of course, you can start radius server by using service command

service radiusd start

Tags: How-to, Linux by hengdu
No Comments »