John's Bread Crumbs: May 2024

Friday, May 31, 2024

Cisco 124 - DHCP

DHCP D-O-R-A

Discover   Client --> Server   Broadcast
Offer       Server --> Client   Broadcast or Unicast
Request       Client --> Server   Broadcast
Ack           Server --> Client   Broadcast or Unicast

R1(config-if)#ip helper-address <ip-addr>
^ Configures router as a DHCP relay agent.
Notice that you are on a specific interface when you do this.

R1(config-if)#ip address dhcp
^ Configures router as a DHCP client (umm... rare.)
Again, notice you are on a specific interface when you do this.

To config router as a DHCP server:

R1(config)#ip dhcp excluded-address low-address high-address
^ Cisco is weird. You start by defining addresses you want to *exclude* from the range of available addresses. I guess the idea is that it just automatically hands all the addresses on a subnet out unless you exclude them.

Ohhhh... I guess this is because we don't actually activate the lease. I'll bet it's live as soon as it is defined. So you have to first exclude the range before you create it.

R1(config)#ip dhcp pool <pool-name>
^Define a pool-name like LAB_POOL

R1(config)#network <ip-address> {/prefix-length | subnet-mask}
^This carves out a range of IP addresses to hand out (minus the ones that were excluded)

R1(config)#dns-server <ip-address>
^Config the scope for a specific DNS server.

R1(config)#domain-name <domain-name>
^Config scope with a domain name like jeremy.com

R1(config)#default-router <ip-address>
^Config scope for a specific default router

R1(config)#lease {days hours minutes | infinite}
^Define the lease length

[These are my notes from Jeremy's excellent CCNA course which can be viewed here.]

Cisco 123 - DNS

To configure a router as a DNS server:
R1(config)#ip dns server

Add host entries:
R1(config)#ip host R1 192.168.0.1
R1(config)#ip host PC1 192.168.0.101
R1(config)#ip host PC2 192.168.0.102
R1(config)#ip host PC3 192.168.0.103

Configure an external DNS server that R1 can use if requested record is not in local host table on router:
R1(config)#ip name-server 8.8.8.8

R1(config)#ip domain lookup
^Enabled by default, this enables the router to do DNS lookups

R1#show hosts
^ Displays configured hosts and those learned through look-ups of external DNS

Flags:
perm = Configured on router
temp = Cached in local router due to external lookup

To configure a router as a DNS client:
R1(config)#ip name-server 8.8.8.8
R1(config)#ip domain lookup

To configure the default domain name of a router:
R1(config)#ip domain name yourname.com

[These are my notes from Jeremy's excellent CCNA course which can be viewed here.]

Thursday, May 30, 2024

Cisco 122 - NTP

Network Time Protocol

R1#show clock
^Display the time and date

R2#clock set hh:mm:ss DayOfMonth Month Year
^ Set clock

clock = Software clock
calendar = Hardware clock

R2#calendar set hh:mm:ss DayOfMonth Month Year
^ Set hardware clock

R2#show calendar
^ Display hardware clock time & date

R2(config)#clock timezone EST 4
^ Set software clock timezone.
EST = Time zone name
4 = Hour offset from UTC

R2(config)#clock summer-time EDT <date|recurring>
^ Set Daylight Savings Time
Date = When to start
Recurring = Set up a yearly schedule

R1(config)#clock summer-time EDT recurring 2 Sunday March 02:00 1 Sunday November 02:00
^ The first date is when DST starts;
the second is when DST ends

R1(config)#ntp server ip-address [prefer]
^ Tells the router which NTP server from which it should get time

R1(config)#ntp peer ip-address
^ Devices can peer with one another at the same stratum to provide more accurate time
Devices peering with another device is called 'symmetric active'
Modes:
- Server mode
- Client mode
- Symmetric active mode (peer)

NTP does not update the hardware calendar clock.

R1(config)#ntp update-calendar
^ This will update the hardware calendar clock with the NTP provided time

R1(config)#ntp master [stratum]
^Sets the device as a master clock

R1(config)#source interface
^Tells R1 to use <interface> as the soruce of its NTP messages (when acting as a server)
Example:
R1(config)#interface loopback0
R1(config-if)#ip address 10.1.1.1 255.255.255.255
R1(config-if)#exit
R1(config)#ntp source loopback0

R1#show ntp associations
^Displays which NTP servers the device pulls time from

R1#show ntp status
^Displays additional info

There is some errata at Jeremy's lab that indicates the following authentication stuff is not needed unless using ntp passive, broadcast, or multicast stuff:

R1(config)#ntp authenticate
^ Enable NTP authentication

R1(config)#ntp authentication-key <key-number> md5 <key>
^ Create NTP authentication keys

R1(config)#ntp trusted-key <key-number>
Specify the trusted key(s)

R2(config)#ntp <ip-address> key <key-number>
^Notice this isn't needed on R1.
Used on R2, this command specifies which key is needed when pulling time from <ip-address>

[These are my notes from Jeremy's excellent CCNA course which can be viewed here.]

Wednesday, May 29, 2024

Cisco 121 - CDP & LLDP

CDP = Cisco Discovery Protocol
LLDP = Link Layer Discovery Protocol

CDP is Cisco proprietary.
LLDP came later and is industry standard.

They are very similar and do the same things. They are Layer 2 (Ethernet) discovery protocols that share info and discover info about neighboring (connected) devices.

CDP:

Enabled by default.
Both globally and on each interface.

Sent to MAC 0100.0CCC.CCCC
Devices don't forward CCDP frames.
By default sent every 60 seconds.
Holdtime = 180 seconds. If no updates within 180 seconds, remove the neighbor from the CDP neighbor table.
Default is CDPv2.

R1#show cdp
^Displays basic info about CDP (timers, version)

R1#show cdp traffic
^Shows how many CDP messages sent/received

R1#show cdp interface
^Displays which interfaces CDP is enabled on

R1#show cdp neighbors
^Lists neighbors and some basic info on each

R1#show cdp neighbors detail
^More details

R1#show cdp entry <name>
^Same info as above but for specified neighbor

R1(config)#[no] cdp run
^Disable or enable CDP on device

R1(config-if)#[no] cdp enable
^Disable or enable CDP on specific interface.
Recall by default CDP is enabled globally (on the device) and on each interface.

R1(config)#cdp timer <seconds>
Recall default is 60

R1(config)#cdp holdtime <seconds>
Recall default is 180 seconds after which neighbor is removed from CDP neighbor table

R1(config)#[no] cdp advertise-v2
Disable/enable CDP v2.
If v2 is disabled, device will use v1.

LLDP:

Disabled by default.
Must be manually enabled on Cisco devices.
You can run both CDP and LLDP simultaneously.
Sent to MAC C180.C200.000E

Sent every 30 seconds. (CDP is 60)
Holdtime is 120 seconds. (CDP is 180)

Reinitialization delay - Delays the actual initialization of LLDP on an interface by 2 seconds by default.

R1(config)#lldp run
^ Enables LLDP

R1(config-if)#lldp transmit
R1(config-if)#lldp lldp receive
^ Must turn on both transmit and receive on each interface.

R1(config)#lldp timer <seconds>
R1(config)#lldp holdtime <seconds>
R1(config)#lldp reinit <seconds>

[These are my notes from Jeremy's excellent CCNA course which can be viewed here.]

Tuesday, May 28, 2024

Cisco 120 - Extended ACLs

Extended ACLs are like Standard ACLs but you can filter by source/destination IP, protocol, port, and other stuff.

Since they are more surgical/precise, the recommendation is to place them close to the source instead of the destination like with Standard ACLs. This is because Standard ACLs tend to sweep up too much stuff, whereas Extended ACLs can pinpoint very specific traffic, prevent it from entering the network (think WANs), and save traffic.

Standard ACLs use numbers 1-99 and 1300-1999
Extended ACLs use numbers 100-199 and 2000-2699

Syntax:
R1(config)#access-list number [permit | deny] protocol src-ip dest-ip

R1(config)#ip access-list extended {name | number}
R1(config-ext-nacl)#[seq-num] [permit|deny] protocol src-ip dest-ip

Example:
R1(config-ext-nacl)#deny tcp any 10.0.0.0 0.0.0.255
^ Blocks all packets from any source to any host in 10.0.0.0/24

R1(config-ext-nacl)#permit ip any any
^ Allow anything.

R1(config-ext-nacl)#deny udp 10.0.0.0 0.0.255.255 host 192.168.1.1
^ Prevent 10.0.0.0/16 from sending UDP traffic to 192.168.1.1/32

R1(config-ext-nacl)#deny icmp host 172.16.1.1 192.168.0.0 0.0.0.255
^ Deny pings from 172.16.1.1/32 to 192.168.0.0/24

You can also do specific ports:

R1(config-ext-nacl)#deny tcp src-ip ___ src-port-num dest-ip

The blank can be:
eq 80 = equals 80
gt 80 = greater than 80 (81 and higher)
lt 80 = less than 80 (79 and less)
neq 80 = not equal 80
range 80 100 = from port 80 to 100

Example:
R1(config-std-nacl)#deny tcp any host 1.1.1.1 eq 80
^ Deny all packets destind for IP 1.1.1.1/32 on TCP port 80 (web)

R1(config-std-nacl)#permit tcp 172.16.1.0 0.0.0.255 gt 9999 host 4.4.4.4 neq 23
^ Allow hosts in 172.16.1.0/24 using TCP source port greater than 9999 to access all TCP ports on 4.4.4.4 except port 23

R1#show access-lists
^ Will display configured ACLs

R1#show ip interface g0/0
^ Shows details about int g0/0 including outgoing and inbound access lists

!! Easy to forget !!
Now apply the ACL to an interface:
R1(config-if)#ip access-group number {in|out}

[These are my notes from Jeremy's excellent CCNA course which can be viewed here.]

Monday, May 27, 2024

Cisco 119 - Standard ACLs

ACL = Access Control List
ACE = Access Control Entry

A single ACL contains multiple sequentially ordered ACEs

ACLs = Like simple IP-based firewall rules (source/destination).

ACLs are configured globally on the router and then applied to an inbound or outbound interface.

Implicit DENY ALL at the end. After finding the first match, the router won't process remaining ACEs.

ACL Types:
Standard - Match based on source IP address only
   - Standard Numbered ACLs
   - Standard Named ACLs

Extended ACLs - Match based on Source/Destination IP, Source/Dest port, etc.
   - Extended Numbered ACLs
   - Extended Named ACLs

Standard ACLs use numbers 1-99 and 1300-1999.

Standard Numbered ACLs:

Syntax:
R1(config)#access-list number {deny | permit } ip wildcard-mask

R1(config)#access-list 1 deny 1.1.1.1 0.0.0.0
R1(config)#access-list 1 deny 1.1.1.1
^ These both do the same thing. Deny a specific host at 1.1.1.1
R1(config)#access-list 1 deny host 1.1.1.1
^ Same as previous two. Historical.

R1(config)#access-list 1 permit any
R1(config)#access-list 1 permit 0.0.0.0 255.255.255.255
^ These both do the same thing: allow all.
R1(config)#access-list 1 remark ## My comment goes here ##
^ Comments

Here is an example access list:
R1(config)#access-list 1 deny 1.1.1.1 0.0.0.0
R1(config)#access-list 1 permit 0.0.0.0 255.255.255.255
R1(config)#access-list 1 remark ## Block Bob from Accounting ##

R1(config)#do show access-lists
Standard IP access list 1
   10 deny 1.1.1.1
   20 permit any

^ Notice there could have been other types of access lists.

R1(config)#do show ip access-lists
Standard IP access list 1
   10 deny 1.1.1.1
   20 permit any

^ This limits output to ONLY IP access-lists

R1(config)#do show running-config | include access-list
access-list 1 deny 1.1.1.1
access-list 1 permit any
access-list 1 remark ##Block Bob from Accounting ##

^ Notice how we had to coax comments out from the running-config

!! Easy to forget !!
Now apply the ACL to an interface:
R1(config-if)#ip access-group number {in|out}

Recommendation for Standard ACLs: Apply the ACL to the interface nearest the destination.

Standard Named ACLs:

Still only match based on source IP

R1(config)#ip access-list standard acl-name
R1(config-std-nacl)#[entry-number] {deny|permit} ip wildcard-mask

R1(config)#ip access-list standard BLOCK_BOB
R1(config-std-nacl)#5 deny 1.1.1.1
R1(config-std-nacl)#10 permit any
R1(config-std-nacl)#remark ## Configured May 27 2024 ##
R1(config-std-nacl)#int g0/0
R1(config-if)#ip access-group BLOCK_BOB in

Editing and resequencing ACLs

You can configure numbered ACLs the same way as named ACLs:

R1(config)#access-list 1 deny 192.168.1.1
R1(config)#access-list 1 permit any
^ The normal numbered way

R1(config)#ip access-list standard BLOCK_PC1
R1(config-std-nacl)#deny 192.168.1.1
R1(config-std-nacl)#permit any
^ The named way

R1(config)#ip access-list standard 1
R1(config-std-nacl)#deny 192.168.1.1
R1(config-std-nacl)#permit any
^ Use the numbered ACL as a name

With this approach, you can modify ACEs in an ACL:

R1(config-std-nacl)#no 30
^ This would remove ACE 30

R1(config-std-nacl)#30 deny 192.168.2.0 0.0.0.255
^ This would insert a new ACE 30 whereas we previously deleted it

We can also renumber (resequence) ACEs in an ACL:

R1(config)#ip access-list resequence 1 5 10
^ This would renumber ACL #1 starting at 5 and incrementing by 10
Probably more common to start at 10 and increment by 10:
R1(config)#ip access-list resequence 1 10 10

[These are my notes from Jeremy's excellent CCNA course which can be viewed here.]

Cisco 118 - IPv6 More

Solicited-Node Multicast Address:

ff02::0001:ff + Last 6 hex digits of unicast address

Example:
Unicast address: 2001:0db8:0000:0001:0f2a:4fff:fea3:00b1
-->
ff02::0001:ffa3:00b1
Shortened:
ff02::1:ffa3:b1

Neighbor Discover Protocol (NDP)
Replaces IPv4 ARP
Uses ICMPv6 and solicited-node multicast addresses to learn MAC address of other hosts.
NS = Neighbor Solicitation = ICMPv6 Type 135 = NDP equivalent of ARP Request
NA = Neighbor Advertisement = ICMPv6 Type 136 = NDP equivalent of ARP Reply

R1#show ipv6 neighbor
^ Shows the IPv6 Neighbor Table
This is the equivalent of IPv4 MAC Table
Displays:
IPv6 Address           Age   Link-Layer Addr   State   Interface
FE80::C802:9FF:FE7C:8   0   ca02.097c.0008   REACH   Gi0/0
2001:DB8::78:9ABC       0   ca02.097c.0008   REACH   Gi0/0

NDP also has a process to automatically discover routers on the local network:
RS = Router Solicitation = ICMPv6 Type 133
   Asks all routers on local link to identify themselves
   Sent when interface connects to network
   Sent to multicast address FF02::2 (all routers)
RA = Router Advertisement = ICMPv6 Type 134
   Router announces its presence and info about the link
   Sent in response to RS messages and periodically resent
   Sent to multicast address FF02::1 (all nodes)

Summary:
RS = Type 133 = Sent to FF02::2 (all routers)
RA = Type 134 = Replies to FF02::1 (all nodes)
NS = Type 135 = Sent to solicited-node multicast ff02::0001:ff + Last 6 hex
NA = Type 136 = Reply to NS

SLAAC
Stateless Address Auto-configuration
Automatically configures IPv6 addresses
Host uses RS/RA messages to learn IPv6 prefix of local link and then use EUI-64 to generate IPv6 address

R2(config-if)#ipv6 address prefix/prefix-length eui-64
^ This requires the prefix and prefix-length
vs
R2(config-if)#ipv6 address autoconfig
^ This uses SLAAC. No need to know prefix/length.

Duplicate Address Detection (DAD)
(Asks Dad if I can use this IPv6 address before I start using it.)
Uses NDP to see if anything else is using my configured IP address.
Host sends an NS using its own IP address.
If no reply, device knows the address is OK. (Thanks, Dad.)
If device gets a NA reply, not OK.

IPv6 Static Routing
ipv6 route destination/prefix-length {next-hop | exit-interface [next-hop]} [ad]

Recall "ad" = Administrative Distance

Network route:
R1(config)#ipv6 route 2001:db8:0:3::/64 2001:db8:0:12::2
^ This is also a recursive route because the router will have to look up how to get to 2001:db8:0:12::2

Host route:
R2(config)#ipv6 route 2001:db8:0:1::100/128 2001:db8:0:12::1
R2(config)#ipv6 route 2001:db8:0:3::100/128 2001:db8:0:23::2
^ Notice with these two commands we specified the prefix length of /128.
Each line is defining a very specific route to a specific host.

Default route:
R3(config)#ipv6 route ::/0 2001:db8:0:23::1
^ Like 0.0.0.0/0 in IPv4

[These are my notes from Jeremy's excellent CCNA course which can be viewed here.]

Sunday, May 26, 2024

Cisco 117 - IPv6 Continued

EUI-64

EUI = Extended Unique Identifier
Method of converting a 48-bit MAC address into the *host* portion of a /64 IPv6 address

1) Divide the MAC address in half:
1234 5678 90AB --> 1234 56 | 78 90AB

2) Insert FFFE in the middle:
1234 56FF | FE78 90AB

3) Invert the 7th bit:
1234 56FF FE78 90AB
^
Recall that each hexadecimal digit is 4 bits.
[Sidenote: I always forget each hex decimal is 4 bits. Here's why:
Hexadecimal F = Decimal 15.
Decimal 15 = Binary 1111
Notice there are 4 bits (ones) in Binary 1111.
Decimal 1 = Binary 0001
Still 4 bits.]

So the 7th bit is "buried in" the second hex digit.
Hexadecimal 12 = binary 0001 0010
Invert the 7th bit in the second group:
0010 --> 0000
Now convert the result back to hexadecimal
Binary 0000 --> 0
So the EUI becomes:
1034 56FF FE78 90AB
^

Doing the math in my head is a pain so memorize this table:

Given this network prefix: 2001:db8::

R1(config)#int g0/0
R1(config-if)#ipv6 address 2001:db8::/64 eui-64
R1(config-if)no shutdown

^ This will tell the router's interface to use EUI-64 rules to configure the interface.

Two more examples:
R1(config-if)#int g0/1
R1(config-if)#ipv6 address 2001:db8:0:1::/64 eui-64
R1(config-if)no shutdown

R1(config-if)#int g0/2
R1(config-if)#ipv6 address 2001:db8:0:2::/64 eui-64
R1(config-if)no shutdown

R1#show interfaces g0/0
^This will reveal MAC address of g0/0

Types of IPv6 addresses:

- Global unicast
   Public address; can be used over Internet. Must be registered.
   Originally defined as 2000::/3 (2000:: to 3FFF....FF)
   Now defined as all addresses not otherwise reserved for other purposes
   Example:
   2001:0DB8:8B00:0001:0000:0000:0000:0001/64

   The first three groups are the 48-bit 'global routing prefix' assigned by the ISP:
   2001:0DB8:8B00

   The fourth group is the 16-bit subnet identifier:
   0001

   Together, they make up the 64-bit (/64) IPv6 network prefix.

   The remaining four groups make up the 64-bit 'interface identifier' -- the host portion of the address.
   16 hexadecimal digits = 16 digits x 4 bits each = 64 bits

- Unique local
   Private IPv6 addresses which cannot be used over the Internet.
   Like IPv4 10, 172, 192...
   Try to make the addresses unique in case your organization merges with another.
   Defined as:
   FC00::/7
   (FC00:: to FDFF....FF)
   Later update forced them all to start with FD.
   Example:
   FD45:93AC:8A8F:0001:0000:000:0000:0001/64

   FD says unique local address

   Next 40 bits (45:93AC:8A8F) should be randomly generated for merger reasons.

   Last 4 groups are the 64-bit interface identifier.

- Link local
   Automatically generated on IPv6 enabled devices.
   R1(config-if)#ipv6 enable
   ^ Enables IPv6 on an interface without actually assigning an IP address.
   Typically the interface gets a link local IPv6 address in addition to the one you assign; in this case, it would only have a link local IPv6 address.
   Defined as:
   FE80::/10
   (FE80:: to FEBF:FFFF.....FF)
   However standard has a wrinkle that restricts them to begin with FE8.
   Interface ID is generated using EUI-64 rules.
   Link local = Used for communication within a single link (subnet).
   Routers will not forward packets with link-local destination IPv6 addresses.
   Commonly used for routing protocol peerings (OSPFv3) and next-hop address for static routes.

- Multicast
   Unicast addresses are 1-to-1
   Broadcast is from one source to all destinations
   Multicast is 1 to many destinations
   Defined as:
   FF00::/8
   (FF00:: to FFFF....FFFF)
   IPv6 does not broadcast like IPv4.
   But it has a multicast to all hosts in subnet that is like a broadcast.
   Common multicast addresses:

   Multicast address scope = How far multicast scope should be forwarded.
   FF01 = Interface-local (127.0.0.1 -- Stay on local device)
   FF02 = Link-local = Local subnet - Routers won't forward between subnets
   FF05 = Site-local - Limited to a single physical location (like a LAN). Not forwarded over a WAN. Defined by SysAdmin.
   FF08 = Organization-local - An entire company.
   FF0E = No boundaries. Can be routed over Internet.

- Anycast
   "One to one of many"
   Whereas multicast is one to all in that group (one to many), anycast is one to any one of multiple in a group.
   For example, multiple routers might be configured with the same IPv6 address. The "nearest" (by routing metric) would receive the anycast.
   No specified range.
   R1(config-if)#ipv6 address 2001:db8:1:1::99/128 anycast
   ^ This assigns an IPv6 address to an interface and tells the interface it is an "anycast" address. The /128 is like an IPv4 /32.

- Other IPv6 Addresses
   :: = Unspecified (such as when a device does not yet know its IPv6 address). IPv4 equivalent = 0.0.0.0
   ::1 = Loopback address (like 127.0.0.1/8)

Summary:
   FC & FD = Unique local = Private IP
   FE8 = Link local = Local subnet
   FF = Multicast
       FF01 = Interface-local (127.0.0.1)
       FF02 = Link-local = Local subnet - Routers don't route
       FF05 = Site-local = Single physical location like a LAN
       FF08 = Organization-local = An entire company
       FF0E = No boundaries. Can be routed over Internet.


[These are my notes from Jeremy's excellent CCNA course which can be viewed here.]

Saturday, May 25, 2024

Cisco 116 - IPv6 Intro

R1(config)#ipv6 unicast-routing
^ Enable routing for IPv6

R1(config)#int g0/0
R1(config-if)#ipv6 address 2001:db8:0:0::1/64
R1(config-if)#no shutdown
^ Assign an IPv6 address to interface g0/0

R1#show ipv6 interface brief
GigabitEthernet0/0 [up/up]
FE80::EF8:22FF:FE36:8500
2001:DB8::1

Notice two IPv6 addresses were assigned.
The first FE80 address is an automatically assigned Link-Local address.
The second 2001 address is the one I assigned.

[These are my notes from Jeremy's excellent CCNA course which can be viewed here.]

Saturday, May 11, 2024

Cisco 115 - OSPF Part 3

R5#show ospf interface g0/0
^ Displays info about OSPF on interface g0/0

R2(config)#int g0/0
R2(config-if)#ip ospf priority 255
^ Sets the priority of OSPF on an interface to "rig" future elections. Recall that the DR/BDR election is 'non-preemptive'.

DR = Designated Router
BDR = Backup Designated Router

R5#clear ip ospf process
^ Don't do this in a production network.
Forces an election. When the DR goes down, the current BDR will become the DR. Then, an election will occur and this rigged router will become the BDR. I guess the next election will cause this router to become the DR.

R5#show ip ospf neighbor
^ Displays info about OSPF neighbors and their state

R3#show ip ospf interface brief
^ Displays interfaces and OSPF info for each

R3#show ip ospf interface g0/0
^ Displays detailed OSPF info on interface g0/0

Serial interfaces:
- DR and BDR are not elected because there are only 2 neighbors on the interface
- One side functions as DCE (Data Communications Equipment)
- The other side functions as DTE (Data Terminal Equipment)
- DCE needs to specify clock rate (speed) of connection

R1(config-if)#clock rate 64000
^ Sets the clock rate (bps) of the DCE router
R1(config-if)#ip address 192.168.1.1 255.255.255.0
R1(config-if)#no shut

Ethernet interfaces use the speed command.
Serial interfaces use the clock rate command.

Default encapsulation on serial interface is HDLC

R1(config)#int s2/0
R1(config-if)#encapsulation ppp
^ Sets encapsulation to PPP instead of the default HDLC
Encapsulation type must match on both ends.

R1#show controllers s2/0
^ This will reveal which side is the DCE vs the DTE

R1(config-if)#ip ospf network <type>
^ This command manually configures the OSPF network type with the following <type> options:
broadcast (Ethernet and FDDI)
non-broadcast (Frame Relay and X.25)
point-to-point (Serial)
point-to-multipoint

You might configure an Ethernet link between two routers since there is no need for a DR/BDR. This might be a time to config a point-to-point network.

R2(config-router)#router-id 1.2.3.4
^ Configures the router-id of a router

The hello-interval and dead-interval values must match between OSPF neighbors:

R2(config-if)#ip ospf hello-interval <seconds>
^ Sets the number of seconds between hello announcements
Default is 10 seconds

R2(config-if)#ip ospf dead-interval <seconds>
^ Sets how long before the neighbor is considered dead
Default is 40 seconds

R2(config-if)#ip ospf authentication-key banana
^ Sets the authentication password to banana but does not yet enable authentication
R2(config-if)#ip ospf authentication
^ Enables authentication on the interface

R2(config-if)#ip mtu <number>
^ Sets the maximum size of an IP packet that can be sent ot of the interface. Defaults to 1500 bytes.
Must match on both neighbors or will have problems.

OSPF LSA types:
Type 1 - Router LSA - Identifies itself by stating its router ID and lists networks attached to the router's OSPF attached interfaces.
Type 2 - Network LSA - Generated by the DR of each 'multi-access' (broadcast) network. Lists the routers which are attached to the multi-access network.
Type 5 - AS-External LSA - Generated by ASBRs (Autonomous System Boundary Routers) to describe routes to destinations outside of the AS (Autonomous System) (OSPF domain)

R1#show ip ospf database
^ Displays LSDB (OSPF database) including neighbors, each router (type 1 LSA), network (type 2) LSA, and external link states (type 5)

OSPF Neighbor process:

[These are my notes from Jeremy's excellent CCNA course which can be viewed here.]

Friday, May 10, 2024

Cisco 114 - OSPF Part 2

R3#show ip ospf interface f2/0
^ Displays OSPF info about interface f2/0. Includes cost info.

R3(config-router)#auto-cost reference-bandwidth <mbps>
^ Sets the reference bandwidth for better cost calculations.
The default reference bandwidth is 100 mbps which is the speed of Fast Ethernet.
On all your routers, set the reference-bandwidth to higher than your highest link. This allows for later growth.

R1(config)#int g0/0
R1(config-if)#ip ospf cost 10000
^ Manually sets the ospf cost of an interface to 10000

Not recommended:
Another way to change the OSPF cost of an interface is with the bandwidth command. Recall the formula to calculate OSPF cost is:
reference bandwidth / interface bandwidth

R1(config-if)#bandwidth <kbps>
^The interface speed does not actually change, but costs calculated with OSPF metrics use the bandwidth number.

R3#show ip ospf interface brief
^ Displays OSPF costs for each interface

R1#show ospf neighbor
^ Displays info about ospf neighbors

R1(config)#int g0/0
R1(config-if)#ip ospf 1 area 0
R1(config-if)#int g1/0
R1(config-if)#ip ospf 1 area 0
^ These commands specifically go into two interfaces and activates OSPF on them

R1(config-router)#passive-interface default
^ Configure ALL interfaces as OSPF passive interfaces

R1(config-router)#no passive-interface <int-id>
^ Turns off passive interface for specified interface

show ip protocols
^ Displays OSPF info

[These are my notes from Jeremy's excellent CCNA course which can be viewed here.]

Friday, May 3, 2024

Cisco 113 - OSPF Part 1

(config)#router ospf 1
^ Enters OSPF configuration mode.
The "1" is the process ID.
A router can run multiple OSPF processes at once.
Process ID is unrelated to area.

(config-router)#network 10.0.12.0 0.0.0.3 area 0
(config-router)#network 10.0.13.0 0.0.0.3 area 0
(config-router)#network 172.16.1.0 0.0.0.15 area 0
^ These three commands activate OSPF on all interfaces that match the given parameters. They are configured as area 0.
The commands tell the router to find all interfaces that match the ranges specified.
Recall the network command uses wildcard matching. So 0.0.0.15 = 255.255.255.240
Also recall that these commands don't specify which networks to advertise.
The commands activate OSPF on interfaces that fall in the range of the given wildcard matching patterns.

(config-router)#passive-interface g2/0
^ Tells the interface to stop sending OSPF 'hello' messages out that interface - probably because there are no further routers for that interface to neighbor with.
Use this command on any interface that doesn't have any OSPF neighbors.

(config)#ip route 0.0.0.0 0.0.0.0 203.0.113.2
^ Adds a default route and points to the next hop as the ISP's IP address
(This becomes our gateway of last resort)

(config-router)#default-information originate
^ This advertises the default route into OSPF so the other routers learn about it

R1#show ip protocols
^ Displays information about the routing protocol being used.
For us, that's OSPF

(config-router)#router-id 1.1.1.1
^ Manually configure the router ID as 1.1.1.1
The router will continue to use the old ID until we reload the router or use the command:
clear ip ospf process
^ Dangerous command because it clears out the routing map for a while until things are rebuilt. This means downtime.

(config-router)#maximum-paths <#>
^ Change the maximum number of redundant paths that can be added to the routing table from 4 to #

(config-router)#distance <#>
^ Set the administrative distance

R4(config)#int l0
^ That's "L" 0 <-- Loopback0 (not the number 10)
This command creates a loopback interface
R4(config-if)#ip address 1.1.1.1 255.255.255.255
^ Assigns IP address 1.1.1.1/24 to interface Loopback0

R4>show ip int | begin Loop
^ Displays IP addresses assigned to interfaces beginning with the first match of "Loop" (Loopback0)

R4>show ip int brief
Shows a summary of interfaces and their IP assigned IP addresses

R4>show int l0
^ Again, that's loopback0, not the number 10
^ Command shows details of interface Loopback0

R1#show ip ospf neighbor
^ Shows OSPF neighbors

R1#show ip ospf database
^ Shows LSDB (link-state database)

R1#show ip ospf interface
^ Displays details about OSPF settings on each interface

[These are my notes from Jeremy's excellent CCNA course which can be viewed here.]