Dropping in to do a quick post today. Sorry for the ridiculous lack of content lately. I’ve been busy with finding/changing jobs and new responsibilites and all that.
Today I’m going to cover “object groups” on ASAs. I was never a big fan of these, which I realized had a lot to do with using them behind others, not actually writing them myself. It takes awhile (for me, at least) to wrap your head around what the person before you was trying to accomplish. This is what put me off object groups. Though, I discovered that if I write them myself, I love them, lol. They can be hugely useful. They’re even available in IOS now (as of 12.4(20)T). Here’s an example of when they’d be used:
It’s Jared from CCNPJourney.com. Colby had asked me a couple weeks ago if I would be interested in posting some articles on his blog as he’s been fairly busy lately, and of course I said yes. So I thought for my introductory post on the blog I would do a brief write-up on how to use Iperf!
For starters here’s a little bit of info on Iperf. Iperf is a tool that many system/network admins use to measure the bandwidth on a network, as well as the quality of the path on that network. It is capable of generating traffic using TCP and UDP. The TCP and UDP tests are useful for performing the following kinds of tests:
- Latency (response time or RTT): can be measured with the Ping utility.
- Jitter: can be measured with an Iperf UDP test.
This means loop!
A coworker came to me with an issue today. He asked if I’d ever seen this before and showed me:
.Aug 25 22:44:29 UTC: %C4K_EBM-4-HOSTFLAPPING: Host 00:00:85:DE:15:61 in vlan 54 is flapping between port Gi2/4 and port Gi2/2 .Aug 25 22:44:59 UTC: %C4K_EBM-4-HOSTFLAPPING: Host 00:00:85:DE:15:61 in vlan 54 is flapping between port Gi2/4 and port Gi2/2 .Aug 25 22:47:42 UTC: %C4K_EBM-4-HOSTFLAPPING: Host 00:00:85:DE:15:61 in vlan 54 is flapping between port Gi2/4 and port Gi2/2
I said “it means there’s a loop, give me the switch IP”. Then I began the mission of tracking down the loop. This was a pretty large site, but luckily I only had to go through a couple switches. Unfortunately this happened a couple hours ago and I didn’t save my work so we won’t be able to go through the real steps.
To track down a loop, you start with the “show mac-address-table address [flapping mac]” command:
SW1#sh mac-add add 0000.85de.1561 Unicast Entries vlan mac address type protocols port -------+---------------+--------+---------------------+-------------------- 1 0000.85de.1561 dynamic ip GigabitEthernet2/2 54 0000.85de.1561 dynamic ip GigabitEthernet2/4
We see that the MAC is coming in on port gi2/2 and gi2/4. One port will lead us to where that MAC is plugged in and the other will lead us to the loop. Pick a port and start working through. This is where CDP comes in handy:
Today’s topic is HSRP (Hot Standby Routing Protocol). HSRP is a Cisco proprietary “First Hop Redundancy Protocol”. It is typically used for redundancy at the first hop from a client segment. It is used with two or more routers in a group who share a virtual IP address. One router is active at a given time and will reply to ARP requests. In this example, we have R1 and R2 in standby group 100 with a virtual IP of 192.168.100.1. This IP will be the default gateway for all hosts in VLAN 100. Here is the topology:
This is a basic topology, both R1 and R2 have connections to the internet. They are running HSRP on their FastEthernet 0/0 interfaces. Here’s the basic HSRP config:
R1(config)#interface fa0/0 R1(config-if)#ip address 192.168.100.2 255.255.255.0 R1(config-if)#standby 100 ip 192.168.100.1 R2(config)#interface fa0/0 R2(config-if)#ip address 192.168.100.3 255.255.255.0 R2(config-if)#standby 100 ip 192.168.100.1
Very simple so far. We use the “standby [0-255] ip [virtual ip address]” command.
Let’s verify the config:
Here’s another short (but hopefully useful) post. We’ll be going through IOS Macros.
I’ve never used IOS Macros before, but I was asked about a problem today, and a macro seems to be an ideal solution. A friend of mine is an engineer for a service provider with a very large network. He has been tasked with implementing passive interfaces as the default for OSPF across the network. Most of the devices which will be modified rely on OSPF for management connectivity. When he runs the “passive-interface default” command, he will lose connectivity before he is able to run “no passive-interface [interface]” to restore connectivity. Macros tell the router to run the predetermined commands for us, which will save us from getting locked out.
The topology is simple and not worth a diagram. R1 and R2 are connected via their FastEthernet0/0 interfaces. They are running OSPF on this interface.