1. QoS
1.1. RSVP
1.1.1. Messages
1.1.1.1. PATH = ask for resources
1.1.1.2. RESV = Confirm resource reservation
1.1.1.3. RESV-CONF = Last confirmation
1.1.1.4. Order
1.1.1.4.1. Source send PATH
1.1.1.4.2. Destination send RESV
1.1.1.4.3. Destination send PATH
1.1.1.4.4. Source send RESV
1.1.1.4.5. Destination send RESV-CONF
1.1.2. Configuration
1.1.2.1. Interface
1.1.2.1.1. ip rsvp bandwidth <total> <flow>
1.1.2.2. LLQ
1.1.2.2.1. ip rsvp pq-profile <max-rate> <max-burst> <peak-to-avg-ratio-%>
1.1.2.3. fair-queue must be enabled.
1.1.2.3.1. Frame-Relay
1.1.2.3.2. fair-queue
1.1.2.4. Source
1.1.2.4.1. ip rsvp sender-host <ip-dest> <ip-src> [tcp | udp] <dst-port> <src-port> <bw> <peak>
1.1.2.4.2. The "-host" generates PATH msg; without it the router waits for traffic to send it.
1.1.2.4.3. show ip rsvp sender
1.1.2.5. Destination
1.1.2.5.1. ip rsvp reservation-host <ip-dest> <ip-src> [tcp | udp] <dst-port> [ff | sw | wf] rate <bw> <peak>
1.1.2.5.2. The "-host" generates RESV msg; without it the router waits for traffic to send it.
1.1.2.5.3. ff (fixed filter)= Only one source can use the reservation
1.1.2.5.4. se (shared explicit) = shared with some specified sources
1.1.2.5.5. wf (wildcast filter) = shared with any source
1.1.2.5.6. show ip rsvp reservation
1.1.2.5.7. show ip rsvp installed [detailed]
1.2. FRTS
1.2.1. Generic Traffic Shape
1.2.1.1. traffic-shape rate <bit-rate> <burst-size> <excess-burst-size>
1.2.2. Frame Relay Traffic Shapping
1.2.2.1. Config
1.2.2.1.1. Interface <if>
1.2.2.1.2. frame-relay trafic-shapping
1.2.2.1.3. DLCI only (optional)
1.2.2.1.4. frame-relay class <class-name>
1.2.3. Class-Based Traffic Shapping
1.2.3.1. Can be combined with MQC
1.2.3.2. Traffic classes
1.2.3.3. Configuration
1.2.3.3.1. interface <if-fr>
1.2.3.3.2. frame-relay interface-dlci <dlci>
1.2.3.3.3. service-policy <policy-map-name>
1.2.3.3.4. policy-map <policy-map-name>
1.2.3.3.5. class <class-name>
1.2.3.3.6. shape
1.2.3.3.7. class-map <class-name>
1.2.3.3.8. match
1.3. MQC
1.3.1. interface <if>
1.3.2. service-policy [input | output] <policy-name>
1.3.3. policy-map <policy-name>
1.3.4. class <class-name>
1.3.5. set
1.3.5.1. ip precedence
1.3.5.2. ip dscp
1.3.5.3. cos
1.3.6. class-map <class-name>
1.3.7. match (qos, acl, mac)
1.3.8. match protocol
1.3.8.1. nbar
1.3.9. match any
1.4. Switch QoS (MLS)
1.4.1. mls qos behavior
1.4.1.1. no mls qos
1.4.1.1.1. QoS disabled
1.4.1.1.2. COS = 0
1.4.1.1.3. COS = 5
1.4.1.1.4. Untagged
1.4.1.2. mls qos
1.4.1.2.1. QoS enabled
1.4.1.2.2. COS = 0
1.4.1.2.3. COS = 5
1.4.1.2.4. Untagged
1.4.1.3. mls qos (if) mls qos trust cos
1.4.1.3.1. COS = 0
1.4.1.3.2. COS = 5
1.4.1.3.3. Untagged
1.4.1.4. mls qos (if) mls qos cos X override
1.4.1.4.1. COS = 0
1.4.1.4.2. COS = 5
1.4.1.4.3. Untagged
1.4.2. Layer 2 to Layer 3 mapping
1.4.2.1. Inbound
1.4.2.1.1. cos-dscp map
1.4.2.2. Outbound
1.4.2.2.1. cos-dscp map
1.4.2.3. show mls qos map [dscp]
1.4.3. Port trust
1.4.3.1. (if) # mls qos trust [dscp | cos | ip-prec]
1.4.3.1.1. if trust COS, DSCP is modified, based on COS-to-DSCP map
1.4.3.1.2. To avoid, use DSCP transparency
1.4.3.2. Maps
1.4.3.2.1. COS = 0 to 7
1.4.3.2.2. IP Precendence = 0 to 7
1.4.3.2.3. DSCP = 0 to 63
1.4.3.2.4. COS-to-DSCP map
1.4.3.2.5. IP Prec-to-DSCP map
1.4.3.2.6. DSCP-to-COS map
1.4.3.2.7. DSCP to DSCP mapping (aka DSCP Mutation)
1.4.4. 3560
1.4.4.1. SRR
1.4.4.1.1. sharing
1.4.4.1.2. shaping
1.4.4.2. Two ingress queues
1.4.4.2.1. Only support SRR sharing
1.4.4.2.2. Normal
1.4.4.2.3. Expedite
1.4.4.3. Four egress gueues
1.4.4.3.1. Uses queue-set
1.4.4.3.2. Assign queue-set to interface
1.4.4.3.3. Set queue-set threshold and buffers
1.4.4.3.4. Map DSCP/CoS to queue
1.4.4.3.5. Set SRR shape or share to queue.
1.4.4.3.6. Expedite (queue 1)
1.4.4.3.7. Limit bandwitch for interface
1.4.5. Use MQC to apply QoS to interface
1.4.5.1. inbound only
1.4.5.2. interface X/Y
1.4.5.3. service-policy input <pmQOS>
1.4.5.4. policy-map <pmQOS>
1.4.5.5. class <cmA>
1.4.5.6. trust [cos | dscp | ip-prec]
1.4.5.7. set [dscp | ip-prec]
1.4.5.8. police [rate-bps] [burst-byte] exceed-action [drop | policied-dscp-transmit]
1.4.5.9. class-map cmA
1.4.5.10. match [acl | ip dscp | ip prec | input-interface]
1.4.5.11. OR
2. Security
2.1. Switch security
2.1.1. Control DHCP packets
2.1.1.1. DHCP Snooping
2.1.1.1.1. Only allow DCHP responses from a trusted port
2.1.1.1.2. ip dhcp snooping [vlan [vlans]]
2.1.1.1.3. DHCP server must be connected to a trusted port
2.1.2. Control frames based on source
2.1.2.1. Filter frames
2.1.2.1.1. IP Source Guard
2.1.2.2. Filter ARP packets
2.1.2.2.1. ARP inspection
2.1.3. Filter specific frames
2.1.3.1. vlan filter <amVLAN> vlan-list <vlan-range>
2.1.3.1.1. vlan access-map <amVLAN>
2.1.3.1.2. Match
2.1.3.1.3. Action
2.1.4. Control VLAN/interface traffic
2.1.4.1. Port Blocking
2.1.4.1.1. Unknow destination MACs packets are forwarded to all ports. To prevent:
2.1.4.1.2. interface <blocked-if>
2.1.4.1.3. switchport block unicast
2.1.4.1.4. switchport block multicast
2.1.4.2. Port Security
2.1.4.2.1. Restric how many and which ones mac-address have access to an interface
2.1.4.2.2. interface <secured-if>
2.1.4.2.3. Enable Port Security
2.1.4.2.4. Maximum mac-address learned
2.1.4.2.5. How to react
2.1.4.2.6. Static MAC assignment
2.1.4.2.7. Learn MACs and don't forget on reload
2.1.4.2.8. Static MACS and don't forget on reload
2.1.4.3. Port protected
2.1.4.3.1. One protected port don't talk with another protected port
2.1.4.3.2. interface <protected-if>
2.1.4.3.3. switchport protected
2.1.4.4. Private VLANs
2.1.4.4.1. Port modes
2.1.4.4.2. VLAN modes
2.1.4.4.3. Configuration
2.2. IP Options
2.2.1. Drop all packets with options marked
2.2.1.1. ip options drop
2.2.2. Ignore the option parameters
2.2.2.1. ip options ignore
3. IP Services
3.1. SPAN
3.1.1. Up to two source sessions
3.1.2. Up to 64 destination ports
3.1.3. Source port = Physical, Trunk, Routed, Voice
3.1.4. monitor session X source [interface | vlan] [rx | tx | both]
3.1.5. monitor session X filter vlan [range]
3.1.6. monitor session X destination [interface | remote vlan]
3.1.7. RSPAN
3.1.7.1. vlan Y
3.1.7.2. remote-span
3.1.7.3. monitor session X source [remote vlan] Z
3.1.7.4. monitor session X destination [interface]
3.1.7.5. Destination switch
3.1.7.6. Intermediate switches
3.1.8. Source switches
3.2. Reflexive ACL
3.2.1. Config
3.2.1.1. interface <if-inside>
3.2.1.2. ip access-group <acl-in> in
3.2.1.2.1. ip access-list extended <acl-in>
3.2.1.2.2. evaluate <tcp-temp-name>
3.2.1.3. ip access-group <acl-out> out
3.2.1.3.1. ip access-list extended <acl-out>
3.2.1.3.2. permit tcp any any reflect <tcp-temp-name>
3.2.1.4. Can be done one in each interface (in/out)
3.3. EEM
3.3.1. Event Detector
3.3.1.1. Monitors:
3.3.1.1.1. CLI Command
3.3.1.1.2. Events
3.3.1.1.3. Object track
3.3.1.1.4. SNMP Events
3.3.1.1.5. Syslog messages
3.3.1.1.6. Interface counters
3.3.1.1.7. Timers
3.3.2. Event Manager
3.3.3. Policy Director
3.3.3.1. Applet Policy
3.3.3.1.1. event manager applet <appNAME>
3.3.3.1.2. event <monitor>
3.3.3.1.3. action x.x <action>
3.3.3.1.4. action 1.0 cli command "cli command"
3.3.3.1.5. action 1.1 mail server <server> from <from> to <to>
3.3.3.1.6. action 1.2 syslog message "message"
3.3.3.2. TCL Policy
3.3.3.2.1. event manager enviroment <variable>
3.3.3.2.2. event manager directoy user policy <path>
3.3.3.2.3. event manager policy <filename>
3.4. WCCP
3.4.1. UDP Port 2048
3.4.2. Basic config
3.4.2.1. ip wccp version [1 | 2]
3.4.2.1.1. Version 1 = 1 router, Cluster HTTP only
3.4.2.1.2. Version 2 = Multiple routers; Clusters
3.4.2.2. ip wccp web-cache
3.4.2.3. TCP Promiscuous mode
3.4.2.3.1. ip wccp 61
3.4.2.3.2. ip wccp 62
3.4.2.4. From which interfaces?
3.4.2.4.1. interface X/Y
3.4.2.4.2. Standard web service
3.4.2.4.3. TCP Promiscuous mode
3.4.2.4.4. Except:
3.4.3. Who will be redirected?
3.4.3.1. ip wccp web-cache redirect-list <acl>
3.4.4. To which web caches?
3.4.4.1. ip wccp web-cache group-list <acl>
3.4.5. Group web caches
3.4.5.1. ip wccp web-cache group-add <mcast-address> password <pw>
3.4.6. And if web cache is not available?
3.4.6.1. block
3.4.6.1.1. ip wccp mode closed
3.4.6.2. passthrough
3.4.6.2.1. ip wccp mode open
3.4.7. 3560
3.4.7.1. sdm prefer extended
3.4.7.2. reload
3.5. IP SLA
3.5.1. Configuration
3.5.1.1. Probe
3.5.1.1.1. ip sla <oper-number>
3.5.1.1.2. [probe-type]<dest-IP> <dest-port> interval <interval>
3.5.1.1.3. frequency <seconds>
3.5.1.1.4. ip sla schedule <oper-number> life [forever | <seconds>] [start-time <time> | pending | now]
3.5.1.1.5. show ip sla configuration <oper-number>
3.5.1.1.6. show ip sla statistics
3.5.1.2. Responder
3.5.1.2.1. ip sla
3.5.1.2.2. ip sla responder udp-echo ipaddress <ip-address> port <port>
3.5.1.3. Authentication
3.5.1.3.1. ip sla key-chain <key>
3.6. IP Traffic Export
3.6.1. Similar to SPAN on switches
3.6.2. Profile
3.6.2.1. ip traffic-export profile <profile-name> mode [capture | export]
3.6.2.1.1. Capture = store in router flash
3.6.2.1.2. Export = Send
3.6.2.2. interface <export-interface>
3.6.2.3. mac-address <export-host>
3.6.2.4. incoming [access-list <acl> | sample on-in-every <number>]
3.6.2.5. outgoing [access-list <acl> | sample on-in-every <number>]
3.6.2.6. bidirectional
3.6.3. Apply
3.6.3.1. interface <monitored-interface>
3.6.3.2. ip traffic-export apply <profile-name> size <capture-buffer>
3.7. SNMP
3.7.1. Security Models
3.7.1.1. noAuth noPriv
3.7.1.2. Auth Priv
3.7.1.3. Auth noPriv
3.7.2. Config
3.7.2.1. v3
3.7.2.1.1. What?
3.7.2.1.2. Which?
3.7.2.1.3. Who?
3.7.2.1.4. Traps
3.7.2.1.5. Engine
3.7.2.2. v1/v2
3.7.2.2.1. What?
3.7.2.2.2. Community
3.8. NetFlow
3.8.1. Flow =
3.8.1.1. Source IP
3.8.1.2. Dest IP
3.8.1.3. Source Port
3.8.1.4. Dest Port
3.8.1.5. Layer 3
3.8.1.6. ToS
3.8.1.7. Input Interface
3.8.2. Flows can be on
3.8.2.1. Collector
3.8.2.2. Local cache
3.8.3. Config
3.8.3.1. Basic
3.8.3.1.1. ip flow-export destination <collector-ip> <udp-port>
3.8.3.1.2. ip flow-export version 9
3.8.3.1.3. interface <if>
3.8.3.2. Aggregation cache
3.8.3.2.1. ip flow aggregation-cache [prefix | protocol | etc]
3.8.3.3. Filter and sampling
3.8.3.3.1. Filter AND Sampling
3.8.3.3.2. Sampling only
3.9. NAT
3.9.1. Interfaces
3.9.1.1. interface <if-inside>
3.9.1.2. ip nat inside
3.9.1.3. interface <if-outside>
3.9.1.4. ip nat outside
3.9.2. Static or Dynamic?
3.9.3. Source or Destination?
3.9.4. ip nat [inside | outside] [source | destination] static <from> <to>
3.9.4.1. When the packet hit the [inside | outside] interface
3.9.4.2. Change the [source | destination]
3.9.4.3. From <from>
3.9.4.4. To <to>
3.9.4.5. nat outside source = nat inside destination
3.9.5. ip nat pool <pool-name> <start-IP> <end-IP> [netmask | prefix-length]
3.9.6. access-list <acl-number> permit <source-address> <source-wildcard>
3.9.7. ip nat inside source list <acl-number> pool <pool-name> [overload]
3.9.8. Load balance
3.9.8.1. ip nat pool <pool-name> <start-IP> <end-IP> [netmask | prefix-length] type rotary
3.9.8.2. ip nat inside destination-list <acl-name> pool <pool-name>
3.9.8.3. Pool = real hosts
3.9.8.4. ACL = Virtual address
3.9.9. Select which IPs get translated.
3.9.9.1. ip nat inside source static <from> <to> route-map <rm-name>
3.9.10. Stateful NAT
3.9.10.1. Use for asymmetrical routing and redundancy
3.9.10.2. With HSRP
3.9.10.2.1. ip nat inside source static <from> <to> redundancy <group-name>
3.9.10.2.2. standby <group> name <group-name>
3.9.10.3. Configuration
3.9.10.3.1. ip nat stateful <id>
3.9.10.3.2. Primary
3.9.10.3.3. Secondary
3.9.10.3.4. peer <other-router-IP>
3.9.10.3.5. mapping-id <map-id>
3.9.10.3.6. ip nat source static route-map <rm-name> pool <pool-name> mapping-id <map-id>
3.10. DHCP
3.10.1. RARP = Layer 2 header
3.10.2. BOOTP = Layer 3 header
3.10.3. DHCP = More options (lease time, extra fields, dynamic range)
3.10.4. DHCP Relay
3.10.4.1. interface <if>
3.10.4.1.1. interface that receives de DHCP request
3.10.4.2. ip helper-address <dhcp-server>
3.10.5. DHCP Server
3.10.5.1. Config
3.10.5.1.1. service dhcp
3.10.5.1.2. ip dhcp excluded-address <start-ip> <end-ip>
3.10.5.1.3. ip dhcp pool <pool-name>
3.10.5.1.4. Network
3.10.5.1.5. Host
3.10.5.1.6. domain <domain-name>
3.10.5.1.7. dns-server <server-IP>
3.10.5.1.8. default-router <gw-ip>
3.10.5.1.9. lease [days [hours] [minutes] | infinite]
3.10.5.2. Troubleshooting
3.10.5.2.1. clear ip dhcp dinding *
3.10.5.2.2. show ip dhcp binding
3.10.5.2.3. show dhcp lease
3.11. Lock and Key Security
3.11.1. Lock the traffic
3.11.1.1. interface <if-traffic>
3.11.1.2. ip access-group <acl> in
3.11.1.3. access-list <acl> permit <always-allowed-traffic>
3.11.1.4. access-list <acl> dynamic <temprary-acl-name> timeout <absolut-seconds> permit <temporary-traffic>
3.11.2. Telnet to enable
3.11.2.1. line vty 0
3.11.2.2. autocommand access-enable <host> timeout <inactivity-seconds>
3.12. NTP
3.12.1. Client/Server
3.12.1.1. Pull method, from client to server
3.12.1.2. Server
3.12.1.2.1. ntp master [stratum]
3.12.1.2.2. Access Control
3.12.1.2.3. Authentication
3.12.1.3. Client
3.12.1.3.1. ntp server <ip-address>
3.12.1.3.2. ntp access-group peer <aclSERVER>
3.12.1.3.3. Authentication
3.12.2. Peer
3.12.2.1. Push/Pull method
3.12.2.2. ntp peer <ip-address>
3.12.2.3. ntp access-group peer <aclPEER>
3.12.3. UDP port 123
3.13. RMON
3.13.1. Configuration
3.13.1.1. Interface
3.13.1.1.1. rmon [native | promiscuous]
3.13.1.2. rmon queuesize <size>
3.13.1.3. rmon alarm <number> <varable> <interval> [delta | absolute] rising-threshold <value> falling-threshold <value>
3.13.1.4. show rmon
3.13.1.5. show rmon alarms
3.13.1.6. show rmon events
4. Misc
4.1. Regular Expression
4.1.1. ( ) Parenthesis
4.1.1.1. Grouping
4.1.2. | (pipe)
4.1.2.1. OR expression
4.1.3. ? (question mark)
4.1.3.1. 0 or 1 occurrence of previous
4.1.4. * (asterisk)
4.1.4.1. 0 or more occurrences of previous
4.1.5. + (Plus sign)
4.1.5.1. 1 or more occurrences of previous
4.1.6. \ (backslash)
4.1.6.1. Escape special characters
4.1.7. [ ] (brackets)
4.1.7.1. Any character from range
4.1.8. ^ (Circumflex )
4.1.8.1. Start of line
4.1.9. $ (dollar sign)
4.1.9.1. End of line
4.1.10. _ (underline)
4.1.10.1. Can be replaced by comma (,), space ( ), start of line (^), end of line ($), rigt or left brace ({})
4.2. SSH
4.2.1. Configuration
4.2.1.1. Generate keys
4.2.1.1.1. crypto key generate rsa
4.2.1.2. Enable SSH server
4.2.1.2.1. ip ssh [version <version-number> | timeout <seconds> | authentication-retries <number>]
4.2.2. show crypto key mypubkey rsa
4.3. Bridge
4.3.1. Ethernet and Frame-Relay example
4.3.1.1. R5
4.3.1.1.1. interface Ethernet0/0.40
4.3.1.1.2. encapsulation dot1Q 40
4.3.1.1.3. ip address 145.11.25.5 255.255.255.0
4.3.1.2. R2
4.3.1.2.1. Global configuration
4.3.1.2.2. Ethernet
4.3.1.2.3. Serial FR
4.3.1.3. R3
4.3.1.3.1. interface Serial1/0
4.3.1.3.2. no ip address
4.3.1.3.3. encapsulation frame-relay
4.3.1.3.4. frame-relay map bridge 302 broadcast
4.3.1.3.5. bridge-group 1
5. Layer 2
5.1. LAN
5.1.1. Trunk Interfaces
5.1.1.1. Trunk Mode
5.1.1.1.1. Dynamic ?
5.1.1.1.2. Don't work:
5.1.1.2. Trunk Encapsulation
5.1.1.2.1. Dynamic?
5.1.2. Etherchannel
5.1.2.1. Modes
5.1.2.1.1. Dynamic ?
5.1.2.2. Configuration
5.1.2.2.1. interface range <first-if> <last-if>
5.1.2.2.2. shutdown
5.1.2.2.3. [switchport | no switchport]
5.1.2.2.4. channel-group <channel-number> mode [on | desirable | auto | active | passive]
5.1.2.2.5. interface port-channel <channel-number>
5.1.2.2.6. switchport mode [access | trunk]
5.1.2.2.7. ... other configurations ...
5.1.2.2.8. no shutdown
5.1.2.2.9. interface range <first-if> <last-if>
5.1.2.2.10. no shutdown
5.1.3. FlexLinks
5.1.3.1. Link level redundancy
5.1.3.2. Alternative to STP
5.1.3.3. Automatically disables STP
5.1.3.4. Configuration
5.1.3.4.1. interface <active-interface-L2>
5.1.3.4.2. switchport backup interface <backup-interface-L2>
5.1.3.4.3. switchport backup interface <backup-interface-L2> preemption mode [forced | bandwidth | off]
5.1.3.4.4. switchport backup interface <backup-interface-L2> preemption delay <msec>
5.1.4. Spanning Tree
5.1.4.1. STP (802.1d)
5.1.4.1.1. Cisco PVSTP+
5.1.4.1.2. Port states
5.1.4.1.3. Rules
5.1.4.1.4. Port Roles
5.1.4.1.5. BDPU Types
5.1.4.1.6. Elections
5.1.4.2. Rapid STP (802.1w)
5.1.4.2.1. Cisco RPVSTP
5.1.4.2.2. spanning-tree mode rapid-pvst
5.1.4.2.3. Standardize BackboneFast, UplinkFast, PortFast
5.1.4.2.4. Port states
5.1.4.2.5. Port Roles
5.1.4.3. MST (802.1s)
5.1.4.3.1. Automatically enables RSTP
5.1.4.3.2. Enable MST
5.1.4.3.3. Create MST instances and map VLAN to instance
5.1.4.3.4. Define root, cost, priority
5.1.4.4. Features
5.1.4.4.1. Can be enabled on PVST+, rapid PVST_ and MST
5.1.4.4.2. Can be enabled on PVST+
5.1.5. udld
5.1.5.1. modes
5.1.5.1.1. normal
5.1.5.1.2. aggressive
5.2. WAN
5.2.1. PPP over Frame-relay
5.2.1.1. interface Virtual-Template <if>
5.2.1.2. ip unnumbered <interface>
5.2.1.3. encapsulation ppp
5.2.1.4. CHAP
5.2.1.4.1. ppp authentication chap
5.2.1.4.2. ppp chap username <usernameB>
5.2.1.4.3. ppp chap password <passwordB>
5.2.1.5. PAP
5.2.1.5.1. ppp authentication pap
5.2.1.5.2. ppp pap sent-username <usernameB> password <passwordB>
5.2.1.6. username <usernameA> password <passwordA>
5.2.1.7. interface <Serial>
5.2.1.8. encapsulation frame-relay
5.2.1.9. frame-relay interface-dlci <dlci> ppp Virtual-Template <if>
5.2.1.10. Multilink
5.2.1.10.1. interface Multilink
5.2.1.10.2. ppp multilink
5.2.1.10.3. ppp multilink group <num>
5.2.1.10.4. interface Virtual-Template
5.2.1.10.5. ppp multilink group <num>
6. IGP and PBR
6.1. EIGRP
6.1.1. Administrative Distance
6.1.1.1. router egirp <as>
6.1.1.2. distance <ad> <source-IP> <source-wildcard> <acl>
6.1.1.2.1. Don't match external prefixes, only internal
6.1.1.2.2. Set the neighbor, don't let any (0.0.0.0 255.255.255.255)
6.1.1.3. distance eigrp <internal-ad> <external-ad>
6.1.1.3.1. Change all routes, can't be selective
6.1.2. Metric
6.1.2.1. BW-Metric = 10.000.000/interface-BW(kbps)
6.1.2.2. Delay-Metric = sum [delays (tens of us)] * 256
6.1.2.3. Metric = BW-Metric + Delay-Metric
6.1.3. Load Balance
6.1.3.1. Proportional to metrics
6.1.3.2. Range = Variance multiplier
6.1.3.3. router eigrp <eigrp-as>
6.1.3.4. variance <multiplier>
6.1.4. Neighbors
6.1.4.1. passive-interface <interface>
6.1.4.1.1. Disable send and receive hellos on interface
6.1.4.1.2. Neighbors don't establish
6.1.4.2. neighbor <ip-addr> <interface>
6.1.4.2.1. Suppress multicast hellos on the interface
6.1.4.2.2. Send unicast hellos
6.2. RIP
6.2.1. Basic config
6.2.1.1. router rip
6.2.1.2. version 2
6.2.1.3. no auto-summary
6.2.1.4. passive default
6.2.1.5. network <classful-network>
6.2.2. Destination Format
6.2.2.1. Multicast
6.2.2.1.1. Default
6.2.2.1.2. 224.0.0.9
6.2.2.2. Unicast
6.2.2.2.1. neighbor <neighbor-ip>
6.2.2.2.2. passive-interface <interface>
6.2.2.3. Broadcast
6.2.2.3.1. ip rip v2-broadcast
6.2.3. Filtering
6.2.3.1. Distribute List
6.2.3.1.1. distribute-list <acl> [in | out] <interface>
6.2.3.1.2. acl
6.2.3.2. Offset List
6.2.3.2.1. offset-list <acl> [in | out] <additive-metric>
6.2.3.2.2. Metric 16 means invalid route
6.2.3.2.3. acl
6.2.3.3. Administrative Distance
6.2.3.3.1. distance <adm-distance> <source-ip> <source-wildcard> <acl>
6.2.3.3.2. Administrative Distance 255 means invalid route
6.2.3.3.3. source-ip = RIP Neighbor IP
6.2.3.3.4. acl
6.2.4. Authentication
6.2.4.1. interface <if>
6.2.4.2. ip rip authentication key-chain <key-chain>
6.2.4.3. ip rip authentication mode [text | md5]
6.2.5. Default route
6.2.5.1. router rip
6.2.5.2. default-information originate
6.2.5.3. Conditional
6.2.5.3.1. Only send default route if there is a specific prefix in route table
6.2.5.3.2. router rip
6.2.5.3.3. default information originate route-map <condition-route-map>
6.2.6. Summarization
6.2.6.1. interface <if>
6.2.6.2. ip summary-address rip <summary-ip> <mask>
6.3. OSPF
6.3.1. Basic config
6.3.1.1. Router process
6.3.1.1.1. router ospf <process-id>
6.3.1.1.2. network <ip-address> <wildcard-mask> area <area-id>
6.3.1.2. Interface
6.3.1.2.1. interface <if>
6.3.1.2.2. ip ospf <process-id> area <area-id>
6.3.2. Network types
6.3.2.1. Elects DR/BDR ?
6.3.2.1.1. Y
6.3.2.1.2. N
6.3.2.2. Configuration
6.3.2.2.1. ip ospf network-type <type>
6.3.2.2.2. ip ospf priority <priority-value>
6.3.2.3. Default Types by interface
6.3.2.3.1. Frame-Relay
6.3.2.3.2. Ethernet
6.3.2.3.3. Loopback
6.3.2.3.4. Tunnel
6.3.3. Area types
6.3.3.1. LSAs
6.3.3.1.1. Type 1
6.3.3.1.2. Type 2
6.3.3.1.3. Type 3
6.3.3.1.4. Type 4
6.3.3.1.5. Type 5
6.3.3.1.6. Type 7
6.3.3.1.7. Totally Stub or Totally NSSA (5 -> 7)
6.3.3.1.8. Stub or NSSA (5 -> 7)
6.3.3.2. Stub
6.3.3.2.1. Stub
6.3.3.2.2. Totally Stub
6.3.3.2.3. Not-so-stubby (NSSA)
6.3.3.2.4. Not-so-stubby Totally Stub
6.3.3.2.5. NSSA no-redistribution
6.3.3.2.6. NSSA Suppress-FA
6.3.4. Route types
6.3.4.1. In order of preference
6.3.4.2. O
6.3.4.2.1. Intra-area
6.3.4.3. O IA
6.3.4.3.1. Inter-area
6.3.4.4. O E1
6.3.4.4.1. Metric = External Cost + Internal Cost
6.3.4.5. O E2
6.3.4.5.1. Default when redistributing
6.3.4.5.2. Metric = External cost only; don't change through area
6.3.4.6. External routes
6.3.5. Summarization
6.3.5.1. Inter-area (ABR)
6.3.5.1.1. area <area-id> range <summary-ip> <mask>
6.3.5.2. External (ASBR)
6.3.5.2.1. summary-address <summary-ip> <mask>
6.3.6. Virtual-link
6.3.6.1. Required for areas not connected to area 0
6.3.6.2. area <not-area-0-id> virtual-link <dest-ospf-router-id>
6.3.6.3. Not allowed through stub areas
6.3.7. Filtering
6.3.7.1. Type-3 LSA filter
6.3.7.1.1. Only can be done on the ABR
6.3.7.1.2. router ospf <process-id>
6.3.7.1.3. area <area-id> filter-list <prefix-list> [in | out]
6.3.7.2. Prevent LSA from being installed on routing table
6.3.7.2.1. ip prefix-list <pl-filter> permit <net-to-be-filtered>
6.3.7.2.2. route-map <route-map-filter> deny 10
6.3.7.2.3. match ip address prefix <pl-filter>
6.3.7.2.4. route-map flter <route-map-filter> permit 20
6.3.7.2.5. router ospf <process>
6.3.7.2.6. distribute-list route-map <route-map-filter> in
6.3.8. Authentication
6.3.8.1. Enable and set type
6.3.8.1.1. Interface
6.3.8.1.2. Area
6.3.8.1.3. Virtual-Link
6.3.8.2. Password
6.3.8.2.1. Text
6.3.8.2.2. MD5
6.3.8.2.3. Virtual-link
6.3.9. MPLS
6.3.9.1. Sham-Link
6.3.9.1.1. Avoid routing outside MPLS Core
6.3.9.1.2. Created in PE routers, when backdoor link exists between two sites.
6.3.9.1.3. area <area-id> sham-link <src-add> <dst-addr> cost <cost>
6.3.9.1.4. Use loopback interface for source/destination
6.3.9.1.5. show ip ospf sham-link
6.3.9.2. Domain-id
6.3.9.2.1. 8-byte value of BGP update that identify OSPF domain
6.3.9.2.2. Routes received from far-end CPE are classified as:
6.3.9.2.3. router ospf <process-id>
6.3.9.2.4. domain-id <ip-address-format-id>
6.3.9.3. VRF-Lite
6.3.9.3.1. OSPF routes received by CPEs have the down-bit set
6.3.9.3.2. Down-bit don't let OSPF routes be re-learned bt BGP; Avoid loops
6.3.9.3.3. Don't let routes be installed on VRF either
6.3.9.3.4. To enable VRF use on CE:
6.3.9.3.5. router ospf <process-id>
6.3.9.3.6. capability vrf-lite
6.3.10. Administrative Distance
6.3.10.1. distance <ad> <source-IP> <source-wildcard> <acl>
6.3.10.1.1. It's not possible to change AD from only one neighbor, it must change for all neighbors for that process
6.3.10.2. distance ospf external <O-EX-distance> inter-area <O-IA-distance> intra-area <O-distance>
6.4. PBR
6.4.1. ip local policy route-map <map-name>
6.4.1.1. Local packets are not subject to PBR. Local policy fix this.
6.4.2. interface <if>
6.4.2.1. interface where the packet would pass by
6.4.3. ip policy route-map <map-name>
6.4.4. route-map <map-name>
6.4.5. match ip address <acl>
6.4.6. set ip next-hop <ip>
6.5. PFR/OER
6.5.1. Configuration guide
6.5.1.1. Master
6.5.1.1.1. Key chain
6.5.1.1.2. Border
6.5.1.1.3. Measure
6.5.1.1.4. Learn
6.5.1.1.5. Route
6.5.1.1.6. Prefixes
6.5.1.2. Border
6.5.1.2.1. Key chain
6.5.1.2.2. Master
6.5.1.2.3. NAT
6.6. 1st hop redundancy
6.6.1. Cisco Proprietary?
6.6.1.1. Y
6.6.1.1.1. Load balance
6.6.1.2. N
6.6.1.2.1. VRRP
6.6.2. Configuration
6.6.2.1. HSRP = standby
6.6.2.2. VRRP = vrrp
6.6.2.3. GLBP = glbp
6.6.2.4. standby <group> IP <ip-address>
6.6.2.5. standby <group> priority <priority-number>
6.6.2.5.1. Higher wins
6.6.2.6. standby <group> preempt
6.6.2.7. standby <group> track <track> decrement <priority-decrement>
7. BGP
7.1. Path attributes {Order of choice}
7.1.1. Must be know?
7.1.1.1. Y
7.1.1.1.1. Present in all updates?
7.1.1.2. N
7.1.1.2.1. Must forward?
7.1.2. Local Info
7.1.2.1. {1} Weight
7.1.2.1.1. Local information to the router, never send in updates
7.1.2.1.2. Higher wins
7.2. Configuration
7.2.1. Basic
7.2.1.1. router bgp <as-number>
7.2.1.2. neighbor <ip-address> remote-as
7.2.1.3. no auto-summary
7.2.1.4. Synchronization?
7.2.1.4.1. Y
7.2.1.4.2. N
7.2.1.5. Peer-group
7.2.1.5.1. neighbor <pgNAME> peer-group
7.2.1.5.2. neighbor <pgNAME> ...
7.2.1.5.3. neighbor <ip-address> peer-group <pgNAME>
7.2.1.6. Direct connection?
7.2.1.6.1. N
7.2.1.7. iBGP
7.2.1.7.1. Not fully-meshed?
7.2.1.8. Community
7.2.1.8.1. ip bgp-community new-format
7.2.1.8.2. neighbor <ip-address> send-community [standard | extended | both]
7.2.1.9. iBGP to IGP redistribution
7.2.1.9.1. Disabled by default
7.2.1.9.2. To enable:
7.2.1.9.3. router bgp <as-number>
7.2.1.9.4. bgp redistribute internal
7.2.2. Inject routes
7.2.2.1. network
7.2.2.1.1. network <ip-address> mask y.y.y.y
7.2.2.1.2. network <ip-address> mask y.y.y.y backdoor
7.2.2.2. default
7.2.2.2.1. neighbor <ip-address> default-originate
7.2.2.2.2. Don't need to have the default-route
7.2.2.2.3. Don't supress more specific
7.2.2.3. Summarization
7.2.2.3.1. aggregate-address
7.2.2.4. Conditional
7.2.2.4.1. Injection
7.2.2.4.2. Advertising
7.2.3. Control advertisement
7.2.3.1. neighbor <ip-address> distribute-list <acl-number> [out | in]
7.2.3.2. neighbor <ip-address> filter-list <ip-as-path-acl-number> [out | in]
7.2.3.3. neighbor <ip-address> route-map <rmBGP> [out | in]
7.2.3.4. route-map <rmBGP>
7.2.3.5. match ip address <acl-number>
7.2.3.6. match as-path <ip-as-path-acl-number>
7.2.3.7. match community <community-list-number>
7.2.3.8. set local-preference
7.2.3.9. set metric
7.2.3.10. set as-path prepend
7.2.3.11. set community
7.2.3.12. Manipulate prefixes
7.2.3.12.1. Filter private ASs
7.2.3.12.2. Change local AS
7.2.3.12.3. Change next-hop for all?
7.2.3.13. Propagate prefix-list
7.2.3.13.1. Sender
7.2.3.13.2. Receiver
7.2.3.14. SET
7.2.3.15. Match
7.2.4. Syncronization
7.2.4.1. Disable syncronization
7.2.4.1.1. no synchronization
8. IPv6
8.1. Addressing
8.1.1. Loopback
8.1.1.1. ::1
8.1.2. empty
8.1.2.1. ::
8.1.3. Default route
8.1.3.1. ::/0
8.1.4. Link-Local
8.1.4.1. FE80::/64
8.1.5. Unique-local
8.1.5.1. FC00::/7
8.1.6. Global
8.1.6.1. 2000::/3
8.2. ICMPv6
8.2.1. Combines several IPv4 funtions: ICMPv4, IGMP and ARP
8.3. Configuration
8.3.1. ipv6 unicast-routing
8.3.2. Interface
8.3.2.1. ipv6 enable
8.3.2.1.1. Auto-generate link-local, even if the interface don't have IPv6 unique/global address
8.3.2.2. ipv6 address <ipv6-address>
8.3.2.3. ipv6 address <link-local-add> link-local
8.3.2.4. ipv6 address <prefix-only> eui-64
8.3.3. Routing
8.3.3.1. Static
8.3.3.1.1. ipv6 route <ipv6-network/length> <next-hop-address>
8.3.3.1.2. ipv6 route <ipv6-network/length> <next-hop-link-local-add> <exit-interface>
8.3.3.2. The routing process is automatically created when assigned to interface
8.3.3.3. RIP
8.3.3.3.1. interface <if>
8.3.3.3.2. ipv6 rip <process-name> enable
8.3.3.3.3. ipv6 rip <process-name> default-information originate
8.3.3.3.4. ipv6 router rip <process-name>
8.3.3.4. EIGRP
8.3.3.4.1. Uses FF02::A (all EIGRP routers)
8.3.3.4.2. interface <if>
8.3.3.4.3. ipv6 eigrp <as-number>
8.3.3.4.4. ipv6 router eigrp <as-number>
8.3.3.5. OSPF
8.3.3.5.1. interface <if>
8.3.3.5.2. ipv6 ospf <process> area <area-number>
8.3.3.5.3. ipv6 router ospf <process>
8.4. Tunnels
8.4.1. Tunnels source and destination are always IPv4
8.4.2. Manual
8.4.2.1. Manual Tunnel
8.4.2.1.1. IPv6 -> IPv4::IPv6 -> IPv6
8.4.2.1.2. interface tunnel <if>
8.4.2.1.3. ipv6 address <ipv6>
8.4.2.1.4. tunnel source <ipv4>
8.4.2.1.5. tunnel destination <ipv4>
8.4.2.1.6. tunnel mode ipv6ip
8.4.2.2. IPv6 over GRE
8.4.2.2.1. IPv6 -> IPv4::GRE::IPv6 -> IPv6
8.4.2.2.2. Can carry non-IP packets, like IS-IS
8.4.2.2.3. interface tunnel <if>
8.4.2.2.4. ipv6 address <ipv6>
8.4.2.2.5. tunnel source <ipv4>
8.4.2.2.6. tunnel destination <ipv4>
8.4.2.2.7. tunnel mode gre ip
8.4.3. Automatic
8.4.3.1. 6to4
8.4.3.1.1. IPv6 -> IPv4::IPv6 -> IPv6
8.4.3.1.2. 2002:[IPv4-in-hex]::/48
8.4.3.1.3. interface tunnel <if>
8.4.3.1.4. ipv6 address 2002::[IPv4]::
8.4.3.1.5. tunnel source <ipv4>
8.4.3.1.6. tunnel mode ipv6ip 6to4
8.4.3.1.7. ipv6 route 2002::/16 tunnel<if>
8.4.3.1.8. Destination is extracted from the IPv6 data packet destination IP
8.4.3.1.9. No Multicast Support
8.4.3.2. ISATAP
8.4.3.2.1. IPv6 -> IPv4::IPv6 -> IPv6
8.4.3.2.2. [64-bit-prefix]:0000:5ef3:[IPv4-in-hex]/64
8.4.3.2.3. interface tunnel <if>
8.4.3.2.4. ipv6 address [64-bit-prefix]::/64 eui-64
8.4.3.2.5. tunnel source <ipv4>
8.4.3.2.6. no ipv6 nd suppress-ra
8.4.3.2.7. tunnel mode ipv6ip isatap
8.4.3.2.8. Destination is extracted from the IPv6 data packet destination IP
8.4.3.3. 6rd
8.4.3.3.1. 6rd utilises an SP's own IPv6 address prefix - avoids well-known prefix (2002::/16)
8.4.3.3.2. CE
8.4.3.3.3. BR
8.4.3.4. Dual Stack Lite
8.4.3.4.1. Dual stack endpoints
8.4.3.4.2. IPv6 Backbone
8.4.3.4.3. Based on Carrier Grade NAT
8.5. IPV6 NAT
8.5.1. NAT-PT
8.5.1.1. Interfaces
8.5.1.1.1. IPV6 side
8.5.1.1.2. IPv4 side
8.5.1.2. Static NAT
8.5.1.2.1. ipv6 nat v4v6 source <ipv4-address> <ipv6-address>
8.5.1.2.2. ipv6 nat v6v4 source <ipv6-address> <ipv4-address>
8.5.1.3. Dynamic NAT
8.5.1.3.1. ipv6 nat v4v6 source list <acl-ipv4> pool <pool-ipv6>
8.5.1.3.2. ipv6 nat v6v4 source list <acl-ipv6> pool <pool-ipv4>
8.5.1.4. ipv6 nat prefix
8.5.1.4.1. Installs the connected prefix in the IPv6 routing table
8.5.1.4.2. ipv6 nat prefix <prefix-ipv6>
9. Multicast
9.1. PIM Mode
9.1.1. Dense Mode
9.1.1.1. Flood & Prune
9.1.1.2. ip pim dense-mode
9.1.2. Sparse Mode
9.1.2.1. Any Source Multicast (ASM)
9.1.2.1.1. Uses RP
9.1.2.1.2. Shared -> Source Specific (*,G -> S.G)
9.1.2.1.3. ip multicast-routing
9.1.2.1.4. Static RP?
9.1.2.2. Use (S,G) ?
9.1.2.2.1. Y
9.1.2.2.2. N
9.1.3. MSDP (Multicast source discovery protocol)
9.1.3.1. Allow RPs to excahnge information about groups sources
9.1.3.2. ip msdp peer <ip-address>
9.1.3.3. ip msdp originator-id <loopback-if>
9.1.3.4. ip msdp mesh-group <group-name <neighbors-IP-address>
9.1.3.4.1. Used if there are more than two RP fully-meshed, to avoid loops
9.1.4. NBMA networks
9.1.4.1. RPF rules prevent traffic from spoke to hub to be replicated to other spokes
9.1.4.1.1. Use NBMA mode
9.1.4.1.2. Create tunnel between spokes and routers
9.2. IGMP
9.2.1. v1
9.2.1.1. Old
9.2.1.2. Slow leave
9.2.2. v2
9.2.2.1. Join to mcast group address
9.2.2.2. Fast leave
9.2.2.3. Querier
9.2.3. v3
9.2.3.1. Join to 224.0.0.22
9.2.3.1.1. Easy to Layer2 snooping
9.2.3.2. Source filter
9.2.3.2.1. Enable SSM
9.2.4. IGMP Snooping
9.2.4.1. ip igmp snooping <vlan> <interface connected to mcast router>