Posts tagged Tutorial

BGP Communities

Feb 4th

Today’s post is about BGP Communities. Here is an explanation of them from Cisco:

“A community is a group of prefixes that share some common property and can be configured with the BGP community attribute. The BGP Community attribute is an optional transitive attribute of variable length. The attribute consists of a set of four octet values that specify a community. The community attribute values are encoded with an Autonomous System (AS) number in the first two octets, with the remaining two octets defined by the AS. A prefix can have more than one community attribute. A BGP speaker that sees multiple community attributes in a prefix can act based on one, some or all the attributes. A router has the option to add or modify a community attribute before the router passes the attribute on to other peers.”

Here is a table listing the Well Known Communities from Cisco:

BGP, CCIE, CCIP, Cisco, HowTo, Lab, Tutorial

BGP Peer Groups

Jan 29th

Posted by Colby in Tutorials

1 comment

Just a short article today on BGP Peer Groups. I’ve been using them while practice labbing for the CCIP exams, thought I’d toss up a short post.

BGP Peer Groups “reduce the load on system resources by allowing the routing table to be checked only once, and updates to be replicated to all peer group members instead of being done individually for each peer in the peer group.” (-Cisco.com) They can also greatly reduce administrative overhead. They’re somewhat self-explanatory, you specify a Peer Group for two or more neighbors, then apply config to the group instead of each individual neighbor. We’re going to use my CCIP topology, but we’ll just focus on the iBGP peers:

We see that all of our PE routers are running iBGP and they’re fully meshed. Let’s look at PE1′s config without Peer Groups:

router bgp 6500
 neighbor 6.6.6.6 remote-as 6500
 neighbor 6.6.6.6 update-source Loopback0
 neighbor 6.6.6.6 next-hop-self
 neighbor 7.7.7.7 remote-as 6500
 neighbor 7.7.7.7 update-source Loopback0
 neighbor 7.7.7.7 next-hop-self
 neighbor 8.8.8.8 remote-as 6500
 neighbor 8.8.8.8 update-source Loopback0
 neighbor 8.8.8.8 next-hop-self

BGP, CCIE, CCIP, CCNP, Cisco, HowTo, Tutorial

Cisco IOS Firewall Tutorial

Jan 25th

Posted by Colby in Tutorials

3 comments

Awhile ago a friend asked me for a write up on IOS Firewall/CBAC. At the time I hadn’t felt like writing about it as I don’t use it much, but I recently had to configure it, so I thought I may as well take a break from Juniper posts and do the article.

The IOS Firewall uses CBAC (Context-Based Access Control) to inspect traffic flows at the upper layers. CBAC will inspect the outgoing traffic while maintaining stateful intformation for each session. It will then open pinholes in the firewall/incoming ACL to allow appropriate traffic back in. Something I forgot to point out, CBAC can be very CPU intensive, your traffic. Keep that in mind before and do some testing before deploying it on your network. Here’s the topology:

We have our router running IOS firewall, its WAN connection is on Fa0/1 out to the internet, and its LAN connection is on Fa0/0, which connects to some servers and workstations. Let’s configure the firewall:

Cisco, HowTo, IOS, Security, Tutorial

Basic JUNOS Configuration

Jan 20th

Posted by Colby in Juniper

8 comments

Today we’ll go over a very basic JUNOS configuration, we will configure the hostname, user account, IP addresses and a default route. The purpose of this article is to provide a look and feel for JUNOS.

First let’s login and take care of the basics:

root> configure
[edit]
root# set system host-name Olive1
[edit]
root# set system login user colby class super-user authentication plain-text-password
New password:
Retype new password:
[edit]
root# commit and-quit
commit complete
Exiting configuration mode

This is a simple config, we enter configuration mode, we set the hostname of the router then we configure a user named “colby” in the “super-user” class. “Super-user” is a pre-defined class in JUNOS, this class has full control of the router.

Anyone familiar with IOS can see that this is pretty different. The commands all start with “set” and they can be quite a bit longer. Let’s take a look at the hierarchical view of what we just did:

system {
    host-name Olive1;
    login {
        user colby {
            uid 2000;
            class super-user;
            authentication {
                encrypted-password "$1$IKhmMCbo$XNAWMDS"; ## SECRET-DATA
            }
        }
    }
}

Definitely not what I’m used to, but not so bad. Now we’ll configure the same thing with multiple commands from the hierarchy:

HowTo, Juniper, JUNOS, Tutorial

Lock and Key ACLs

Jan 14th

Posted by Colby in Tutorials

7 comments

A coworker recently came to me for help with an issue. We have a server sitting behind a router at one of our remote sites. Certain people need RDP access to this server, but we do not want it open to the world, this seems like an ideal scenario for Lock and Key access lists. Lock and Key ACLs are a way to permit temporary access to a resource. Static ACLs either allow or deny, they can create temporary openings to suit a specific need. In our example it will be a telnet server behind a router. Here’s the topology:

Here we see a host on one side of R1 (Fa0/0) and a server on the other side (Fa1/0). In this example we want very limited access to Telnet on that server. Here’s our config:

interface FastEthernet0/0
 description To Host
 ip address 192.168.1.1 255.255.255.0
 ip access-group Telnet in
!
interface FastEthernet1/0
 description To Server
 ip address 192.168.2.1 255.255.255.0
!
ip access-list extended Telnet
 dynamic allow_telnet permit tcp any host 192.168.2.2 eq telnet
 deny   tcp any host 192.168.2.2 eq telnet
 permit ip any any
!
username allow password 0 allow
username allow autocommand access-enable host timeout 10

ACL, CCIE, CCNP, Cisco, HowTo, Tutorial

Calendar
February 2012

S M T W T F S

« Oct

1 2 3 4

5 6 7 8 9 10 11

12 13 14 15 16 17 18

19 20 21 22 23 24 25

26 27 28 29
Categories
- Announcement (8)
- Commands (5)
- Informational (11)
- Juniper (3)
- Labs (20)
- Open Ended Questions (12)
- PeerIX (1)
- Personal (20)
- Quick Challenge (1)
- Troubleshooting Labs (7)
- Tutorials (48)
- Useful Links (8)
Tags
ASA AToM BCMSN BGP bootcamp experience CCIE CCIP CCNA CCNP CCVP Certification Cisco Commands Crypto Dynagen Dynamips EIGRP EtherChannel Firewall GNS3 GRE HowTo IOS IPSEC Juniper JUNOS Lab MPLS Narbik NAT OEQ ONT OSPF PeerIX Personal QoS RIP Script Security STP Troubleshooting Tunnel Tutorial Voice VPN
Recent Posts
Blogs
Forums
Recent Comments
- Anders Bramsen on Policy-Based Routing Tutorial
- Scott on TCL Ping Script
- Yuri Bank on OSPF Quiz
- Adrian on OSPF Quiz
- Colby on OSPF Quiz
- Colby on OSPF Quiz
- Tony on OSPF Quiz

February 2012
S	M	T	W	T	F	S
« Oct
			1	2	3	4
5	6	7	8	9	10	11
12	13	14	15	16	17	18
19	20	21	22	23	24	25
26	27	28	29

Posts tagged Tutorial

BGP Communities

BGP Peer Groups

Cisco IOS Firewall Tutorial

Basic JUNOS Configuration

Lock and Key ACLs

Calendar

Categories

Tags

Recent Posts

Blogs

Forums

Recent Comments