Monthly Archives: February 2013

2.1.c Implement and troubleshoot VLAN

2.1.c [iii] Normal, extended VLAN, voice VLAN

STP

In order to facilitate a loop free topology a root switch is elected as a reference point for the entire tree. This is accomplished by establishing a BID (bridge id) for every switch in the diameter. A bridge ID is an 8 byte construct composed of 2 bytes of priority, and 6 bytes MAC address. Further, the priority is segmented into 4 bits priority and 12 bits extended system id, where the extended system id is the VLAN ID.

 

VLAN0010

Spanning tree enabled protocol rstp

Root ID Priority 32778

Address 0009.b73f.ce80

Cost 12

Port 64 (Port-channel2)

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

 

Bridge ID Priority 32778 (priority 32768 sys-id-ext 10)

 

32768 16384 8192 4096 2048 1024 512 256 128 64 32 16 8 4 2 1

 

here is the binary math with the example vlan 10

 

1000 0000 0000 1010

 

32768 + 8 + 2

3.6.a Describe packet types

3.6.a [i] LSA types [1, 2, 3, 4, 5, 7, 9]

this is a great article…

OSPF route calculation overview

1) Routers establish adjacencies to flood topological information. The flooding process in OSPF is pretty complicated, and ensures the LSAs are delivered to all routers in a single area. As mentioned, topological information is carried in the form of LSAs and cannot be filtered, which it is essential to the OSPF algorithm. The only thing that limits LSA propagation is the flooding domain associated with the particular LSA type. Using the topological information learned, all routers within an area build the consistent graph of the network connections.

the rest is here:

http://blog.ine.com/2009/08/17/ospf-route-filtering-demystified/

asa and auto nat…

it’s all over the internet but here is my rendition…

asa_nat_gns3

the topology is not pretty but you get the idea… the host is actually a cloud to the win 7 box…

these were the iterations focusing only on nat:

route inside 192.168.1.0 255.255.255.0 10.1.1.2 1

ciscoasa# sh run int g0
!
interface GigabitEthernet0
nameif inside
security-level 100
ip address 10.1.1.1 255.255.255.0

ciscoasa# sh run int g1
!
interface GigabitEthernet1
nameif outside
security-level 0
ip address 200.1.1.1 255.255.255.0

ciscoasa# sh run nat
!
object network inside-net
nat (inside,outside) dynamic interface

ciscoasa# sh nat

Auto NAT Policies (Section 2)
1 (inside) to (outside) source dynamic inside-net interface
translate_hits = 1, untranslate_hits = 0

ciscoasa# sh run object
object network inside-net
subnet 192.168.1.0 255.255.255.0

and the moment of truth:

ciscoasa# sh xlate
1 in use, 4 most used
Flags: D – DNS, i – dynamic, r – portmap, s – static, I – identity, T – twice
TCP PAT from inside:192.168.1.2/49742 to outside:200.1.1.1/7427 flags ri idle 0:00:26 timeout 0:00:30

this is the host going through r1 and the asa to the isp…

asa_nat

i’ve seen this guy, jay johnston on cln… this guy is sharp… he has a great video tutorial here… outstanding…

https://supportforums.cisco.com/docs/DOC-12324

i had asdm up and running but i preferred doing it from the cli…