Home » Archives for January 2013

HSRP version Multicast Switch Settings

Posted by fanie on Saturday, January 26, 2013

To setting hsrp is something like this : int fa0/0 ip add 34.34.115.1 255.255.255.0 standby 0 ip 34.34.115.8 to know the multicast ip and port used by the system, use this : debug ip packet detail *Mar  1 00:54:07.423: IP: s=34.34.115.8 (local), [...]
More aboutHSRP version Multicast Switch Settings
at 7:23 AM { Add comments }

Auto RP Multicast Router Settings

Posted by fanie

Finding auto-rp multicast port number, without memorizing the numbers sh ip mroute Outgoing interface flags: H - Hardware switched, A - Assert winner Timers: Uptime/Expires Interface state: Interface, Next-Hop or VCD, State/Mode(*, 224.0.1.39), [...]
More aboutAuto RP Multicast Router Settings
at 7:17 AM { Add comments }

IP DHCP Snooping Switch Settings

Posted by fanie on Sunday, January 20, 2013

Ip dhcp snooping DHCP Snooping to stop rogue DHCP servers. Only allow dhcp messages from "trusted" ports ip dhcp snooping trust -> to the dhcp server ip dchp snooping vlan 100 -> inspect dhcp messages in vlan 100 ip dhcp snooping binding abcd.abcd.abcd [...]
More aboutIP DHCP Snooping Switch Settings
at 8:00 AM { Add comments }

Syslog Priority Router Settings

Posted by fanie on Thursday, January 17, 2013

Syslog Priority (highest to lowest):0.  Emergency (highest)1.  Alert2.  Critical3.  Error4.  Warning5.  Notice6.  Informational7.  Debug (lowest) Quick tips to Remember : Eat Asian Cuisine Early With Ninja In [...]
More aboutSyslog Priority Router Settings
at 12:45 AM { Add comments }

OSPF State

Posted by fanie on Saturday, January 12, 2013

FULL/DR and FULL/BDR ,  2WAY/DROTHER comes up  from the point of view non bdr/dr router. (reduce broadcast) [...]
More aboutOSPF State
at 10:49 AM { Add comments }

AAA Authentication Router Settings

Posted by fanie

aaa authentication login default local aaa authentication login default local-case local: case insensitive for username local-case: case sensitive for usern [...]
More aboutAAA Authentication Router Settings
at 9:30 AM { Add comments }

Routing and Forwarding Information Base Definition

Posted by fanie on Friday, January 11, 2013

CEF creates Forwarding Information Base (FIB). CEF offers the following benefit: Better performance than fast-switching(faster) and uses less CPU to do the same task   Enabling ip cef    Router#(config)ip cef   Verifying [...]
More aboutRouting and Forwarding Information Base Definition
at 8:37 PM { Add comments }

Filter Trafic Within Vlan Switch

Posted by fanie

The best way is using vlan access-map. we want to filter ping packet from R1  - SW1 - R2 in vlan 25 SW1 ip access-list extended ICMP permit icmp any any vlan access-map block-icmp 10 match ip address ICMP action drop vlan access-map 20 action [...]
More aboutFilter Trafic Within Vlan Switch
at 7:55 PM { Add comments }

Unicast And Multicast Packet RIP

Posted by fanie

router rip neighbor 1.1.1.2 router will send unicast packet and multicast packet. To stop multicast packet and send unicast packet, use this command : passive-interface fa0/0 Useful debug command : Router#debug ip rip    version 1 send [...]
More aboutUnicast And Multicast Packet RIP
at 9:17 AM { Add comments }

Port Channel Load Balance Switch Settings

Posted by fanie on Sunday, January 6, 2013

Port channel load balance methods can be divided in many types : dst ip (layer 3) many sources -> same destination ip (go through same port) dst mac (layer 2) many sources -> same destination mac (go through same port) dst port (layer 4) many [...]
More aboutPort Channel Load Balance Switch Settings
at 4:27 AM { Add comments }

Switchport nonegotiate Switch Settings

Posted by fanie

Switchport nonegotiate characteristics : Disable DTP (dynamic trunking protocol) Not allowing trunk auto creation (dynamic desirable default port in cisco), Stopping dtp messages which are sent every 30 seconds Defining switchport mode trunk command [...]
More aboutSwitchport nonegotiate Switch Settings
at 2:47 AM { Add comments }

Vlan dot1q Tag untag Native Switch Settings

Posted by fanie

Brief tutorial for vlan behaviour in different conditions : access (vlan 10) - access (vlan 10) Forwarding packet in the same vlan (untagged) access (vlan 10) - trunk (tag vlan 10) Packet will be forwarded tag vlan 10 access (vlan 10) - trunk native [...]
More aboutVlan dot1q Tag untag Native Switch Settings
at 12:06 AM { Add comments }

Spanning-tree Interoperability Switch Settings

Posted by fanie on Saturday, January 5, 2013

Spanning tree is used to avoid network loop in layer 2 switch Common Spanning tree characteristics : Long forwarding time (50 seconds) Blocking (20 seconds -> max-age) Listening (15 seconds -> forward delay) Learning (15 seconds -> forward [...]
More aboutSpanning-tree Interoperability Switch Settings
at 5:03 PM { Add comments }

IP ARP Inspection Switch Settings

Posted by fanie

IP arp inspection is used to validate ip to mac binding of arp cache in a switch. This method prevent from man in the middle attack (broadcast arp request then responded by unknown switch using invalid mac address table). The switch database is using [...]
More aboutIP ARP Inspection Switch Settings
at 8:28 AM { Add comments }

IP DHCP Snooping Switch Settings

Posted by fanie

ip dhcp snooping command is very useful to check dhcp messages from untrusted ports to the trusted port of dhcp server. It is operated by vlan basis by using command : ip dhcp snooping vlan 17 by using that command, every dhcp messages will be validated [...]
More aboutIP DHCP Snooping Switch Settings
at 8:09 AM { Add comments }

Switch Root Guard Advantages

Posted by fanie

Root Guard command is very useful in switch configuration. The configuration is set on the access port of switch. Advantages and characteristics of using root guard : Prevent other switches to become root switch (designated port not root port) Change [...]
More aboutSwitch Root Guard Advantages
at 8:01 AM { Add comments }