NAT Lab Tips

The Law of NAT

Inside to Outside

  • A route to the destination prefix must exist before NAT can occur – Seeing nothing under show nat translations is a good indication of this.
Outside to Inside
  • NAT will occur first and then check the route-table for routing purposes
Advertisements

EEM Lab Tips

  • Check that no other EEM process is running before configuring using show event manager policy registered.
  • Create a process with event manager applet MY_PROCESS.
  • Applets are just IF and THEN statements. IF is a match and THEN is an action.
  • The IF Statement: event cli pattern “.*interface loopback.*” sync yes – Here we are looking for somebody typing on the CLI ‘interface loopback’. The [dot/period] means wildcard or anything and the [asterix] means zero or more occurrence of the [dot/period].
  • The THEN Statement: Perform the following commands to shutdown the interface
    • action 1.0 cli command “enable”
    • action 1.1 cli command “configure terminal”
    • action 1.2 cli command “$_cli_msg” (variable to get to the same interface)
    • action 1.3 cli command “shutdown”
  • Verify with debug event manager all

WCCP Lab Tips

  • Typically two lines of CLI. One to redirect and one to listen to WCCP members join requests etc.
  • redirect-list is the access-list corresponding to the subnets you wish to redirect.
  • group-list is the access-list corresponding to the WCCP member(s).
  • Configure at the global command and then configure at the interface to specify A) The Redirect [ip wccp 99 redirect in] and B) The listener [ip wccp group-listen].
  • show ip wccp to verify.

Syslog Lab Tips

  • Anything to do with Syslog can generally be found under logging global configuration command.

HSRP Written Notes

These are my ‘crib notes’ that I’ve made to serve as a last minute refresher. Please forgive the grammer / spelling as I did not develop these notes with publishing in mind.

HSRP

*** Theory ****

  • Hot Standby Routing Protocol (HRSP): Allows two or more routers to share an IP address, e,g. Default gateway so that if one goes down the other router can still serve. Create a standby address that the standy group will share. Cisco calls this a phantom router.
    • MAC Address: Has its own (virtual) MAC address to avoid long arp cache timeouts and the HSRP primary router will respond to it.
    • How it works: The group sends multicast hellos to eachother 1 in every 3 seconds
    • Primary router: elected via priority.
    • Failover: Next router becomes primary and then announces it is the primary and all other routers will re-arrange their roles / priority to know who will be next
    • Resign: failover router resigns if primary router comes back up and sends hello which still has the higher priority if pre-empt is enabled
    • Enabling it: conf-if# standby 10 ip 1.1.1.1
    • Pre=empt:allows it to reclaim as primary
    • Interface tracking – Monitors additional interface
    • Defaults: priority is 100 and no pre-empt

 

 

  • Hot Standby Routing Protocol (HSRP) – Cisco. 1 router is primary. Host uses virtual MAC/IP. (pseudorouter).  Hello timers etc can be changed. Highest priority determines primary router (pre-empt is disabled by default , so changing priority will not take immediate effect)
    • 00-00-0c-070ac0xx = HSRP well known MAC. Xx is group number, e.g. 05 or 17 = 11 (16 + 1)
    • States
      • Disabled
      • Initial (init) – interface is up but HSRP not running
      • Learn – Learn about the active router etc
      • Listen – knows the VMAC and listening for Hellos
      • Speak – Sending hellos
      • Standby  – Sends hello and is candidate for active
      • Active – Router is forwarding to VIP
    • HSRP Interface tracking – Monitor additional interface e.g. (WAN). If WAN goes down, the router priority goes down allowing the other router to be high priority and takeover (pre-empt enabled) – config-if#standby 1 track serial 0 decrement

NTP Written Notes

These are my ‘crib notes’ that I’ve made to serve as a last minute refresher. Please forgive the grammer / spelling as I did not develop these notes with publishing in mind.

NTP

*** Theory ****

  • Stratums: How accurate the clock.3 or 4  is a good stratum
  • NTP Modes
    • Broadcast client mode: We are a client and expect to receive the time as a broadcast
      • Config-if# ntp broadcast client
      • Show ntp associations
      • Choses the best NTP based on lower stratum
    • Static client mode: We are the client and we choose who to receive it from. Most common
      • Config# ntp server tmc.edu
      • Show ntp status
    • Master mode: The router is the master clock. It receives it from atomic clock and then sends to others.
      • Config# ntp server tmc.edu
      • Config# ntp master
      • 127,127,7,1 loopback as a NTP source
    • Peer association: top-down relationship. Top master typically associates with an atomic clock on internet
      • Config# ntp peer ip
  • Timezone: need to set timezone
    • Config# clock timezone Arizona -7
    • Config# clock summer-time
    • Authentication
      • Config# ntp authentication-key 1 md5 cisco
      • Config# ntp authentication-key 2 md5 nugget
      • Config# ntp trusted-key 2

 

Redundancy Crib Notes

These are my ‘crib notes’ that I’ve made to serve as a last minute refresher. Please forgive the grammer / spelling as I did not develop these notes with publishing in mind.

Redundancy

*** Theory ****

  • ICMP Router Discovery Protocol (IRDP) – Generates Router Advertisement heard by host on that segment. If a host hears more than one IRDP router, it will choose 1 as it primary and failover to second if need be. Host uses real IP and MAC. Hosts can send RS, requesting for RA.
  • Hot Standby Routing Protocol (HSRP) – Cisco. 1 router is primary. Host uses virtual MAC/IP. (pseudorouter).  Hello timers etc can be changed. Highest priority determines primary router (pre-empt is disabled by default , so changing priority will not take immediate effect)
    • 00-00-0c-070ac0xx = HSRP well known MAC. Xx is group number, e.g. 05 or 17 = 11 (16 + 1)
    • States
      • Disabled
      • Initial (init) – interface is up but HSRP not running
      • Learn – Learn about the active router etc
      • Listen – knows the VMAC and listening for Hellos
      • Speak – Sending hellos
      • Standby  – Sends hello and is candidate for active
      • Active – Router is forwarding to VIP
  • HSRP Interface tracking – Monitor additional interface e.g. (WAN). If WAN goes down, the router priority goes down allowing the other router to be high priority and takeover (pre-empt enabled) – config-if#standby 1 track serial 0 decrement
  • VRRP – Same as HSRP, but Active router is known as the master router, standby is backup. Multicast is 224.0.0.18. MAC is 00-00-52-00-01-xx (xx is group number in hex). VRRP has pre-empt by default.
  • GLBP – Cisco only. Does load balancing.  Lets routers work on the load via round-robin. Host sees on gateway, but really there is multiple gateway. Host gets real MAC of router but  IP is VIP.
    • AVG – Active Virtual Gateway is the router with the HIGHEST GLBP priority (highest IP if tied).  It sends virtual MAC as ARP response, which is the same layer 3 address and is how load balance is achieved. There a stand by AVG and AVF
    • Algorithms – Round robin, host-dependent load balancing (Same MAC everytime), weighted – Percentage of traffic per Router

 

*** Commands ****

Config-if# ip irdp // enables IRDP

Config-if# (SHOW) standby 5 ip x.x.x.x// enables HSRP