AlwaysTheNetwork
Just another Cisco blog
OSPF Authentication
Jun 1st
This post is about the different OSPF authentication methods. It will be part of a series outlining OSPF commands/technologies.
We can configure OSPF to use authentication for an entire area, or just for a single interface. Today we’ll go over both. Here’s the topology:
First we’ll setup authentication for all of area 0:
R1(config)#interface FastEthernet0/0 R1(config-if)#ip ospf message-digest-key 1 md5 cisco R1(config-if)#ip ospf 100 area 0 R1(config-if)# R1(config-if)#router ospf 100 R1(config-router)#area 0 authentication message-digest R2(config)#interface FastEthernet0/0 R2(config-if)#ip ospf message-digest-key 1 md5 cisco R2(config-if)#ip ospf 100 area 0 R2(config-if)# R2(config-if)#router ospf 100 R2(config-router)#area 0 authentication message-digest R3(config)#interface FastEthernet0/0 R3(config-if)#ip ospf message-digest-key 1 md5 cisco R3(config-if)#ip ospf 100 area 0 R3(config-if)# R3(config-if)#router ospf 100 R3(config-router)#area 0 authentication message-digest |
Nothing crazy here, we configure OSPF and an MD5 key under our area 0 interfaces, then we specify that all of area 0 should use MD5 authentication. Note that the commands differ slightly if we want to use clear-text, it would be “ip ospf authentication-key [key]” and “area 0 authentication” under the OSPF 100 process.
Let’s verify:
R1#sh ip ospf neigh
Neighbor ID Pri State Dead Time Address Interface
2.2.2.2 1 FULL/DR 00:00:32 10.1.123.2 FastEthernet0/0
3.3.3.3 1 FULL/DROTHER 00:00:35 10.1.123.3 FastEthernet0/0
R1#sh ip ospf int fa0/0
...
Message digest authentication enabled
Youngest key id is 1 |
Everything is working, our neighbors are up and we see that authentication is enabled with the key we specifcied. Note, if we leave off a key, the neigbhors will still form and MD5 will still be enabled, but it will say key 0:
Cisco Port to ASIC Mapping
May 31st
You know you’re a nerd or really bored when you get into conversations about the oversubscription of ports on each ASIC. 
So obviously I was having this conversation, lol. I’m pretty noobish when it comes to the mechanics of network gear. I know the configuration relatively well, but not enough about the internals. So I did some searching and came across this great page on James Ventre’s blog. Check it out if you’re curious about ASICs and how many ports each will support on various platforms. I found some other interesting reading on the site as well.
Here’s another helpful link describing the architecture of the 3750-Es. Page 53 goes into the ASICs specifically.
New Idea
May 29th
Lately I’ve been doing lab posts with walkthroughs, which don’t seem to get a ton of interest. Obviously I’ll continue doing labs for my CCIE studies and I’ll likely post them, but I don’t think I’m going to do the walkthroughs anymore. They take a lot of time and I haven’t been feeling motivated.
My new plan is to go through the Command Guides for each technology I study (OSPF, BGP, EIGRP, STP, etc) and do quick posts summarizing the command’s purpose and working through an example of usage. I’ll probably include more than one command in each post, depending on their depth. I think this will help me (and hopefully others) get a better understanding of everything.
What do you guys think of this approach? Any suggestions?
BGP Multipath-Relax
May 21st
So I learned a new command today. As usual I want to share with everyone. Today’s command is “bgp bestpath as-path multipath-relax”, which is actually hidden in IOS.
To give some background, BGP will not load balance across multiple paths by default. We can configure it to do so with the “maximum-paths n” command, which is pretty well known. The criteria of this command is that all attributes must match (Weight, LP, AS Path, etc). This is acceptable if we are multihomed to a single AS, but what if we are multihomed to different ASes? In that case we are not able to load balance across theoretically equal paths. Enter the “bgp bestpath as-path multipath-relax” command…
Here’s our first topology:
(click for fullsize)
Now the config:
R1(config)#router bgp 100 R1(config-router)#no synchronization R1(config-router)#neighbor 10.1.12.2 remote-as 200 R1(config-router)#neighbor 10.1.13.3 remote-as 200 R1(config-router)#no auto-summary |
Here we see the basic BGP config on R1. We will only be configuring R1 in this post.
Catalyst 6500 Information
May 19th
Lately I’ve been feeling like my 6500 knowledge is severely lacking. I work with them everyday, but my knowledge of the underlying technology isn’t very deep. I know the basics like most people, which supervisors are better, a general idea of what they’re capable of, etc. But I’m not familiar with the nitty gritty on the sups and line cards. Naturally I decided to learn more. 
Here are some good links:
- Great overview from Etherealmind
- Detailed 6500 presentation from Cisco Networkers 2004
- 6500 Architecture Overview from Cisco.com
- Good information on the SFM from Cisco.com
- Good information on the Module Buffers and Queues from Cisco.com
- Good information on the Sup32 from Cisco.com
I’m posting this here so I never lose it, and hopefully it will help others. If you guys know of any other decent 6500 links, please post in the comments!
Recent Comments