CCIE Command Reference Flashcards

1
Q

reduce the floods of LSA per link in directly connected neighbors.

A

ip ospf flood-reduction

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

message-digest?

A

MD5

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

enable ospf authentication in all interfaces?

A

area X authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

como ver Type-4 LSA ?

A

sh ip ospf database asbr-summary

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Si tienes un ABR, como puedes ver a los equipos que estan conectados un router en esa area en especifica?

A

show ip ospf data router adv-router x.x.x.x.

Este comando es conveniente ya que si lo haces en un ABR, te va a mostrar la conexion pero entre todas las areas.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

how to filter lsa-type 3 between areas?

A

1-create a prefix list

2-area x filter list

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

how to configure a conditional default routing monitoring a link?

A

1-configure an ip sla
2-track a static route to an unknown ip to null 0
3- match that route with a route-map
4-redistribute a default route matching that route-map

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

decastar null 0 when you summarize?

A

no discard-route internal/external.

internal for ABR and external for ASBR

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

configurar filtro de un source en especifico usando route-map?

A

config t

access-list 3 permit 155.1.146.0 0.0.0.255
access-list 4 permit host 155.1.0.4

route-map vlan146 deny 10
match ip add 3
match ip next-hop 4

route-map vlan146 permit 20

router ospf 1
distribu route-map vlan146 in

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

aggregate address + summary-only?

A

por default, cuando haces un summary en bgp, el te sumariza la ruta pero tambien te envia los longest match prefix. Summary-only, es para evitarlol

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Aggregate address + suppress map

A

es como un leak-map, puedes sumarizar y suppress more specific routes and leave others unsuppressed

Para dejar rutas Unsuppresed no lo puedes hacer negando access-list, tienes que configurar un route-map que haga match al access-list y que haga deny de ese acl.

access-list 1 permit host 3.2.1.1
route-map ale deny 10
match ip add 1

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

bgp maximum-path

A

te deja instalar en tu routing table otra ruta para llegar al destino, no solo “the best route”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

filter database to a specific neighbor

A

neighbor 1.1.1.1 database-filter all out

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

OSPF ASBR - do a summarization without translating to type 5?

A

summary-address 160.1.10.10 255.255.255.255 not-advertise

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

max-metric router-lsa

A

Sirve para prevenir un black hole en la red, digamos que vallas a hacer una ventana de mantenimiento y quieres forzar todo el trafico a que tome otra ruta y no utilize el router afectado como transito. Lo que hace el comando es que configura la metrica al maximo (65535) para que nadie lo utilize como transito.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

ip ospf dead-interval minimal

A

te deja poner el dead interval en 1 segundo y puedes poner el timer de los hellos en ospf en msec.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

cada que tiempo acepto el mismo LSA en mi router.

A

LSA Arrival.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

como configurar un link para que asuma que un transmision de lsa dura x segundos y que si no llega en 10 segundos lo envie otra vez

A

ip ospf transmit-delay x

ip ospf retransmit-interval 10

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

configurar ospf que no mas de 500 rutas de las que el tenga, sean rutas de redistribucion

A

redistribute maximum-prefix 500

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

ignore type-6 lsa log message (ospf multicast)

A

ignore lsa mospf

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Difference between ebgp multihop and disable-connected-check?

A

por default, bgp verifica que cuando vallas a tener un ebgp neighbor, esten directamente conectados, este se da cuenta porque el TTL de un paquete para establecer neighbor relationship es de 1.

ebgp multihop: incrementa el ttl, por lo tanto aunque no estes directamente conectado, vas a poder tener peering con tu neighbor, no importa cuantos routers tengas que transitar.

disable-connected-check: no aumenta el ttl, pero hace disable a la verificacion de si tu neighbor esta directamente conectado si usas de source la loopback, es ideal para ahorrar recursos si estas directamente conectado a tu neighbor.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Configure confederation. Example with sub-AS 65146 and public AS 100 ?

A

router bgp 65146

bgp confederation identifier 100

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

ebgp confederation peer

A

bgp confederation peers x (autonomous system del neighbor)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

how to influece a path using Origin?

A

route-map x
match as-path x
set origin bgp

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

1-bgp dmzlink-bw?

enable to neighbors?

A

enable load balance in bgp base on the bandwidth of the links connecting the peers
2-neighbor x.x.x.x dmzlink-bw

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

limita el maximo de as-path que puede tener un network para yo ponerlo en mi routing table

A

bgp maxas-limit - recuerda que las redes de tus ibgp peers van a tener un “i” .

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

BGP suppress map

A

te permite hacer leaking de las rutas sumarizadas, lo que este dentro de ese route-map es lo que se va a sumarizar.

ej: si quiero sumarizar la red 10.0.0.0/22 pero quiero dejar pasar la 10.0.2.0 =

ccess-list 1 permit 10.0.2.0 0.0.0.255

route-map NET10 deny 10
match ip add 1

route-map NET10 PERMIT 20

router bgp 200
aggregate-address 10.0.0.0 255.255.252.0 suppres-map NET10

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

si sumarizo en BGP, como hago para enviarle a un neighbor en especifico un leak de una ruta?

A

unsuppress-map, poniendo en el route-map la ruta que quiero que se filtre.

This feautre can only be configured on the router that performs prefix aggregation with summary-only. Cuando lo configures, solo crea un route-map permitiendo los leak routes, no crees un segundo route-map porque sino va a hacer match a todas las rutas y las va a permitir.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

attribute-map

A

te deja ponerle atributos (weigh,local P, community, etc) a una ruta que estes sumarizando, lo haces con un route-map vacio + el atributo que quieras.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

aggregate address + advertise map

A

decides cuales prefix quieres unir al summary para que se calculen el AS-Set.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

como hacer match de communities en route-map

A

ip community-list standard/expanded permit/deny

Nota: si es para insertar un community = “set community x “

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

Cuando no vas a usar route-map vacio al final?

A

cuando estes redistribuyendo.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

Best practice to name your communities?

A

tu AS number + el AS number de donde viene. Ej:

100:200 = ese community viene para mi AS 100 y el source es el AS 200.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

use community new format

A

ip bgp-community new-format

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

añade al community que recibiste, otro community

A

set community “x” addictive

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

borra el community que allas configurado en el community-list ale

A

set community ale delete

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

como trabaja el exist map/non exist map en bgp?

A

estos buscan si la ruta existe o no en “tu bgp routing table” auque este en el RIB, si no esta aprendida por bgp el entiende que no existe.

ejemplo: si quieres que una red se anuncie siempre y cuando tu link directamente conectado este up, asegurate que ese link se este anunciando con el comando “neighbor”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

BGP - como ver si tu conditional advertisement esta funcionando?

A

sh ip bgp nei x.x.x.x | in Condition

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

BGP conditional route-injection y como configurarlo?

A

te permite desumarizar un prefix haciendo leaks de ciertos networks.

Requisitos para configurarlo:

2 route-maps:

1ro: te dice cuales rutas vas a hacer leak del summary.
2do: the condition that must be met for the new prefixes to be injected. Este route-map va a tener 2 match, el primero es el que hace el match del aggregate y el segundo es el que dice cual neighbor te esta anunciando la ruta, (el cual es el IP con el que hiciste peering con el neighbor)

Cuando usas este comando, por default se lo anuncias a todos tus neighbors, lo cual puede causar un loop. Si quieres que ciertos neighbors no lo aprendan, crea un route-map negando el prefijo que estas insertando y aplicaselo a los neighbors.

Ej de configuracion:

ip prefix-list INJECT_PREFIX permit 10.0.1.0/24
ip prefix-list AGGREGATE permit 10.0.0.0/22
ip prefix-list ROUTE_SOURCE permit 155.1.37.3/32

route-map INJECT_MAP permit 10
match ip add prefix INJECT_PREFIX
set origin igp

route-map EXIST_MAP permit 10
match ip add prefix-list AGGREGATE
match ip route-source ROUTE_SOURCE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

BGP-ver si un filtro que creaste para negar ruta esta funcionando

A

ej: debug ip bgp update 155.1.79.9 in

clear ip bgp 155.1.79.9 soft in

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

regular expression - prefix received from a directly connected neighbor.

A

^x_

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

regexp from your neighbor clients

A

^x_([0-9])+

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

regexp from as 254 when is just two hop away?

A

^([0-9])+254

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

regexp prefixes learned from a confederation peer

A

^(x)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

filter-list

A

forma para aplicar as-path access-list sin route-map.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

limitar cantidad de prefix que puedes aprender de un bgp neighbor?

A

neighbor x.x.x.x maximum-prefix

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

bgp default originate

A

no necesita que el default este en el RIB para anunciarlo. puedes ponerlo que solo anuncie la default si tienes cierta red en tu routing table usando route-map.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

configuring local AS

A

tienes que borrar tu AS actual, crear el nuevo que quieres usar y luego poner el comando:

local-as X

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

no-prepend replace-as

A

Se usa en “hide as local feature” , tu neighbor deja de ver el new AS prepended (detras, es decir, si tu AS viejo es 100 y el nuevo el 50, el neighbor va a ver 100 50) y solo ve con el que el esta haciendo peering. this combination will replace the real AS number with the one specified in the local-as command, the local-as will appear in the open message.

dual-as: the external peer could be configured to peer using the real AS number,

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

neighbor x.x.x.x remove-private-as

A

cuando le anuncias rutas a ese neighbor, el va a verificar que en las rutas que le estas anunciando el AS-Set para asegurarse que no alla un private-as, de encontrar uno, lo remueve.

Este comando solo funciona si el private-as esta al principio del as-path.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

neighbor x.x.x.x advertisement-interval

A

bgp tiene un timer para enviar updates a los neighbors, este los mantiene almacenados hasta que se cumpla ese timer y ahi comienza a anunciar.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

1- bgp fast fallover

2-bgp fast peering session deactivation support (neigh x.x.x.x fall-over)

A

Es recomendado tener tu ebgp peer directamente conectado, asi si el link falla, no hay que esperar a que el hold-down timer expire para que los routers se den cuenta que estan down, lo que hace que esto sea posible es bgp fast fallover.

2-Nueva version de fallover, funciona tanto para ebgp/ibgp peers. La diferencia es que este no se fija en el interface state, sino se fija que el IGP llegue al neighbor, tan pronto este no llega, se considera down.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q

neighbor x.x.x.x capability orf prefix-list both

A

enable orf between you and your peerings. Luego de este comando, debes aplicarte el filter list hacia tu neighbor, in

how to check if it is working?

On the neighbor that is supposed to receive the prefix, use this commmand:

sh ip bgp nei x.x.x.x received prefix-filter

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
54
Q

bgp next-hop trigger

A

can modify the time the nexthop change if igp prefix change.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
55
Q

neighbor x.x.x.x ttl-security x

A

aternativa a ebgp-multihop, decides de cuantos ttl vas a aceptar el neighor relationship, el default es 1.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
56
Q

difference between ttl-security and ebgp multihop.

A

By default, ebgp peers needs to be directly connected, when you send a packet for a ebgp peering, it has a ttl of 1.

Ebgp multihop = send the packet with the amount of TTL that you specify.

ttl-security = send the packets with ttl 255 but you are waiting for packets con un maximo 255 menos el valor configurado en ttl security. Ej: si configuras un ttl-security de 3, estas esperando un bgp packet de ttl-252 o mas, sino drop the packet.

bgp ttl-security da seguridad, ya que si viene alguien con el mismo ip de tu neighbor spoof, no va a poder hacer adjacencia contigo porque va a venir con un ttl menor al configurado.

cuando esta con ttl-security, los routers envian los bgp packets con un ttl de 255.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
57
Q

VRF common formats RD creation

A

ASN:NN (most popular): where asn is bgp AS and NN is the vrf number inside the router.

IP address:NN : where IP is the router’s IP and NN is the vrf name

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
58
Q

LDP Ports

A

tcp and udp 646

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
59
Q

MPLS- configuring sham-links

A

1-crear un loopback aparte solamente para esto y asignarlo al VRF que estas hablando con el otro PE
2-anunciar este loopback por bgp (nunca ospf, using network command, INSIDE VRF of the CPE, los CPE la pueden aprender, pero como externa, no porque su origen es OSPF.):

router bgp 100
add ipv4 vrf VPN_A
net x.x.x.x mask x.x.x.x

3-configurar sham-link en los PE

router ospf x vrf x
area x sham-link (source loopback) + (destination loopback)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
60
Q

eigrp site of origin

A

site of origin: previene que las rutas tuyas anunciadas vuelvan a enseñartelas y la aprendas otra vez por un backup-link.

use to prevent routing loops in mpls due to mutual redistribution.

reference:

http://brbccie.blogspot.com/2012/12/bgp-cost-community-eigrp-soo-and.html

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
61
Q

mpls - l3vpn between CPE using the same AS solution?

A

1-as-override

2-allow as-in

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
62
Q

si uso no bgp default ipv4 unicast, como habilito un neighbor que no este en ipv4?

A

add ipv4

neigh x.x.x.x activate

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
63
Q

bgp default route note

A

En bgp, no puedes redistribuir un default route a tus neighbors haciendo redistribute static, tienes obligatoriamente que tener “default information originate”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
64
Q

configuring tunnel with ipsec crypto map

A

crypto map alex local-address lo0

crypto map alex 10 ipsec-isakmp
match address vpn
set peer 150.1.7.7
set transform-set ipsec

interface x
crypto map R7_TO_R8 (este comando solo se usa en interfaces fisicas, incluyendo gre over IPsec)

Nota: si el tunnel fuera gre over ipsec, no se iba a necesitar tantos acl, solo un extended acl permitiendo el trafico GRE entre ambos endpoints Ip con que se configuran los ACL.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
65
Q

configuring tunel with ipsec using VTI

A

Fase 1 se queda igual solo varia fase 2:

crypto ipsec profile alex
set transform-set ipsec

int tunn x
tunnel mode ipsec ipv4
tunnel protection ipsec profile alex

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
66
Q

ip pim send-rp-announce

A

el router empieza a anunciar que quiere ser el RP. la interfaz en el syntax es, cual se va a usar como RP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
67
Q

ip pim rp-announce-filter

A

the mapping agent filter any attempts for a RP candidate trying to become a RP for a particular group.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
68
Q

auto-rp listener

A

sirve si quieres correr auto-rp sin sparse-dense-mode. Si lo usas es para evitar el dense-mode fallback. Lo que hace es que los multicast packets hacia los grupos 224.0.1.39/40 se envian en dense mode.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
69
Q

multicast BSR

A

boostrap router es el protocolo standard para anunciar el RP. si tienes varios de estos, el priority determina cual es el preffered, siendo el valor mas alto el preferido.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
70
Q

difference betwen BSR and autoRP

A

en autorp, los candidates rp envian mensaje a un mapping agent, este escoje el mejor RP y lo distribuye.

En BSR, todos los routers se anuncian como candidate RP entre ellos, luego cada vez que un router encuentra uno mejor que el (priority mas alto) deja de anunciarse.

En bsr, se puede elegir el priority de un rp para que sea mas bajo y sea elegido, en AutoRP obligatoriamente es el Highest IP va a ser seleccionado.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
71
Q

ip pim bsr-border

A

en la interfaz donde configuras esto, el neighbor no aprende nada sobre RP, como un filtro.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
72
Q

configure Source-specific-multicast

A

(global)#ip pim ssm default

(interface-x)# ip igmp ver 3

ssm no se usa para todos los grupos de multicast, este tiene su rango reservado 232-239

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
73
Q

ip msdp peer

A

se configura entre los RP’s para el msdp peering. Puedes ver el trafico msdp con :

sh ip msdp sa-cache.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
74
Q

sh ip msdp sa-cache

A

te muestra cuando los RP se envian sus source-active message para alcanzar un receiver.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
75
Q

1-enable RIPgn

2-disable split-horizon in ripng

A

int x
ipv6 rip test (rip process) enable

2- You have to diasable it global:

ipv6 router rip alex
no split-horizon

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
76
Q

summarize in RIPng

A

int x

ipv6 rip alex summary x.:x:x::x

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
77
Q

filter routes in RIPng and EIGRPv6?

A

prefix-list + distribute list.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
78
Q

RIPng metric manipulation ?

A

only one way, off-set list on the interface.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
79
Q

how to enable EIGRPv6 ?

A

ipv6 router eigrp 100
no shut

int x
ipv6 router eigrp 100

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
80
Q

EIGRPv6 default route redistribution?

A

summarization or redistribute static only.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
81
Q

advertise routes in ospfv3/eigrpv3/ripng

A

in interface configuration mode only.

interface x
ipv6 eigrp/ospf/rip

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
82
Q

area x range

A

en el area (x) ,debe ser el area que te esa anunciando la ruta.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
83
Q

urpf configuration

A

ip verify unicast source reachable-via rx

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
84
Q

username accesss-class

A

te permite ponerle un access-list a un user que dice para donde puedes conectarte remoto y hace override a lo que alla en el line vty.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
85
Q

limiting icmp message rate

A

no ip unreachables

ip icmp rate-limit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
86
Q

alias facts

A

puedes usar alias para configurar cualquier comando, lo importante es saber en que configuration mode debes de estar para aplicar el comando y asi haces el alias.

ej: quiero un alias para poner un threshold en sla.

alias ip-sla misla icmp-echo

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
87
Q

logging monitor

A

se refiere a line vty.

88
Q

service timestamps

A

te permite ponerle a los logs fecha en que se creo o los logs que se han creado desde que el router se prendio.

puedes configurar service sequence numbers para ver los logs que se han creado en sequencia y poner logging count para que se cuenten los logs.

89
Q

logging with access-list

A

puedes crear access-list para hacer logging de diferentes
servicios:

ip access-list extended logging
permit eigrp any any log
permit ip any any

inter eth0/1.146
ip access-group logging in

ip access-list logging interval 100
ip accss-list log-update threshold 2

90
Q

how to detect tcp keepalives and closing them?

A

service tcp-keepalives-out

service tcp-keepalives-in

91
Q

apply a local route-map

A

ip local polily route-map (x)

92
Q

make your router the authoritative ntp server with stratum 5?

A

ntp master 5

93
Q

ntp authentication, how it works

A

1-tienes que habilitar authentication en todos los equipos (ntp authenticate)

2-crear key de autenticacion que vas a usar (ntp authentication-key)

3-si para aceptar un ntp packet, lo tienes que recibir con ese key, usas el comando ntp trusted-key

94
Q

filter a pim neighbor?

A

1-create an access-list denying the neighbor you want to filter and permiting everything else

2-apply ip pim neighbor-filter on the interface

access-list 1 deny host 145.1.1.5
access-list 1 permit any

ip pim neighbor-filter

Nota: solo lo puedes hacer si tu puerto esta directamente conectado a los receivers

95
Q

how to filter RP using multicast boundary?

A

multicast boundary is use in auto-rp to filter a neighbor to not get rp announcement, you have to filter the address 224.0.1.40 (ip to send discover-messages).

access-list 1 deny host 224.0.1.40
access-l 1 permit any

int eth0/0
ip multicast boundary 1

96
Q

how to filter RP using multicast boundary?

A

multicast boundary is use in auto-rp to filter a neighbor to not get rp announcement, you have to filter the address 224.0.1.40 (ip to send discover-messages).

access-list 1 deny host 224.0.1.40
access-l 1 permit any

int eth0/0
ip multicast boundary 1

97
Q

si estas en “sparse-dense-mode” como haces para si un multicast-group no tiene RP, tampoco use dense mode

A

no ip pim dm-fallback

98
Q

NTP Filtering?

A

ntp access-group

99
Q

1-banner motd
2-banner login
3-banner exec

A

1-tan pronto te conectas en el router te aparece.

2-aparece despues de banner motd y antes de el user autenticar, si el user no tiene que autenticar para entrar. no aparece el mensaje.

3-aparece despues de autenticar y antes del “>”

100
Q

how to prevent banner messages for not showing on vty/console

A

line vty/consolle

no exec-banner/motd banner

101
Q

configuring msdp?

A

ip msdp (neighbor RP interface ip address) connect-source (your RP interface ip address)

102
Q

glbp 1 load-balancing

A

puedes escojer el tipo de load balance (weighted,host-dependent or round-robin)

103
Q

icmp useful commands

A

interface mode:

ip redirect
ip mask reply: si alguien te pide network mask porque no la tiene, se la das, lo recomendable es tenerlo off.
ip unreachable

global:

ip icmp rate-limit unreachable 500 ( este valor es cada cuandos msec puedo enviar un unreachable, como es 500 son 2 mensajes por segundo).

104
Q

ip accounting

A

lleva la contabilidad de los paquetes que pasan por el router, te muestra el source y el destination.

useful commands:

ip accounting-transits 1 :
ip accounting-list: solo cuenta la cantidad de paquetes que va a el address que tengas en la lista.

int x
ip accounting output-packets: cuenta inputs y outputs de esos paquetes

105
Q

enable dns on a router

A

ip dns server

106
Q

ip broadcast address

A

cambias la direccion que el router reconoce como broadcast, ej. si el default broadcast address es:

10.1.1.1.255, si uso el comando ip broadcast-address 10.1.1.10, este va a ser el nuevo broadcast y el router lo va a enviar a todos los host, estos no te van a responder porque no van reconocer el address como broadcast.

107
Q

ip directed broadcast with access-list

A

cuando el router reciba un broadcast y este comando este habilitado, solo si el source del paquete viene con el IP especificado en el access-list va a funcionar.

108
Q

ip dns server

A

enable dns in the device

109
Q

netflow userful commands:

A

netflow components:

netflow cache: es donde el router guarda la data de netflow
netflow export: es al collector que el router le envia la data.

netflow useful commands:

ip flow-export destination
ip flow-export version
ip flow ingress
ip flow egress

show ip cache flow:

110
Q

IP mtu

A

tamaño maximo de mtu que tenga los paquetes que se van a enviar en esa intefaz. Los host se dan cuenta de el tamaño maximo de este mtu por path mtu discovery.

111
Q

ip tcp path mtu discovery

A

the router tell the host the size of mtu they can send

112
Q

vrf aware preshare key?

A

crypto keyring vrf_aware_psk vrf UNDERLAY_TRANSPORT

pre-shared-key address 0.0.0.0 0.0.0.0 key 6 DMVPN_PSK

113
Q

vrf aware tunnel?

A

tunnel vrf UNDERLAY_TRANSPORT

114
Q

how to redistribute ibgp routes ?

A

bgp redistribute internal.

115
Q

summarization methods in bgp ?

A

1-create a static route of the summary pointing to null 0 and them advertise the route using the “network” command. Nota: solo se usa con rutas que te pertenecen, locally originated o sino vas a causar un black hole.

2-using “aggregate-address” , for this method, the route needs to be in the bgp routing table.

116
Q

mpls - cambia que 2 ospf neighbors las rutas no se vean como “external” sin cambiar el process-id ?

A

router ospf x

domain-id x.x.x.x (deben ser iguales en ambos neighbors)

117
Q

Multicast - know what is the RP for a multicast group in BSR?

A

show ip pim rp-hash 234.1.1.1 (example)

RP 150.1.10.10 (?), v2
Info source: 150.1.5.5 (?), via bootstrap, priority 0, holdtime 202
Uptime: 00:05:03, expires: 00:02:51
PIMv2 Hash Value (mask 255.255.255.254)
RP 150.1.10.10, via bootstrap, priority 0, hash value 989207280
RP 150.1.8.8, via bootstrap, priority 0, hash value 718054422

118
Q

bgp- default route redistribution requisites?

A

*no hay que tener default route en tu routing table.
*si vas a hacer conditional default route, solo verifica que la ruta este en tu RIB, haces un match con tu access-list.
y lo pones en tu default:

access-list 1 permit 192.168.1.0 0.0.0.255

route-map default permit 10
match ip add 1
route-map default permit 20

router bgp 100
neigh 3.3.3.3 default-information originate route-map default.

119
Q

BGP. show the routes that your neighbor has send you and have been accepted

A

show ip bgp nei 1.2.3.4 routes

120
Q

bgp timers commands:

1-cambiar cada que tiempo bgp anuncia una ruta?
2-bgp por default antes de anunciar una ruta, el las guarda todas hasta que pase el tiempo de anunciarlas y despues las anuncia, como bajo este tiempo por neighbor?

A

1-bgp scan-time

2-neighbor 1.2.3.4 advertisement-interval

121
Q

no bgp default ipv4-unicast

A

por default bgp le anuncia a cualquier neighbor con que este haciendo peering las rutas, si quitas este comando, el no las va anunciar hasta que no uses “activate”.

122
Q

neighbor 192.168.3.2 description finance

A

util para descripciones

123
Q

comando para crear port-channels

A

channel-group

124
Q

spanning-tree portfast default

A

si el puerto esta “access” lo pasa a a portfast por default. si se cambia a trunk o si recibe BPDUs, el puerto deja de ser portfast.

125
Q

difference between bpduguard and bpdufilter?

A

bpdu guard pone el puerto en error-disable, el filter lo apaga.

126
Q

bgp unequal cost load-balancing with a single router —> 2 remote peers?

A
router bgp 200
bgp maximum-path 4
bgp dmzlink-bw
neigh 155.1.0.1 dmzlink-bw
neigh 155.1.45.1 dmzlink-bw
127
Q

poner pbr a que verifique con CDP el nexthop?

A

en el route-map:
1-pongo el next-hop
2-uso verify-availability solo

route-map ale
set ip next-hop 150.1.1.1
set ip next-hop verify availability

128
Q

GRE - backup tunnel to activate when the principal is down

A

1-configuras el segundo tunnel normal como cualquier otro.
2- usas el comando “backup interface x” donde X es el tunnel interface el primario.

opcional: backup delay. en que tiempo debe de activarse el otro tunnel.

int tunn 10
backup inteface tunnel 45
backup delay 3 60 : activate 3 segundos despues que el tunnel principal se caiga, desactivate 1 minuto despues que el principal suba.

129
Q

useful debug in eigrp?

A

debug eigrp packet.

130
Q

EIGRP - eliminate null/0 summary route ?

A

1-static route with AD 1 to 4
2-summary metric - specify the route, and add 255 to AD

1-The route must be loop- free. This condition is satisfied when the reported distance is less than the total distance or when the route is a feasible successor.

2-The metric of the route must be lower than the metric of the best route (the successor) multiplied by the variance configured on the router.

131
Q

OSPF - ver costos que tiene un equipo hacia los ABR’s

A

show ip ospf border-routers

132
Q

ospf authentication per interface?

A

int eth0/0
ip ospf authenticatoin
ip ospf authentication-key

133
Q

configuring sha in ospf?

A

key chain ale
key 1
cryptographic-algorithm (selectiono el sha deseado)

int x
ip ospf 1 key-chain

134
Q

OSPF - ways to change the type 7 to type 5 lsa translator (2) ?

A

1-aumentando el router-id del que quieras que haga el translation.

2-area x nssa translate type7 always.

135
Q

OSPF - ways to change the type 7 to type 5 lsa translator (2) ?

A

1-aumentando el router-id del que quieras que haga el translation.

2-area x nssa translate type7 always.

136
Q

ip pim accept-register?

A

to prevent unauthorized sources from registering with the RP. If an unauthorized source sends a register message to the RP, the RP will immediately send back a register-stop message.

Nota: solo extended-acl allowed.

137
Q

ip pim accept-rp ?

A

when you wish to dynamically learn the RP address when using Auto-RP but wish to restrict which RP’s are accepted for which groups.

138
Q

Auto-RP - Filtering RP discoverys (2) ?

A

1- ttl

2-multicast boundary

139
Q

Multicast - como hago un trace completo para ver el rpf de todo el path que se supone que tome un source para llegar a mi y dejarlo pasar a mi multicast group?

A

mtrace 150.1.6.6 239.1.1.1

140
Q

NAT - como puedes hacer que el trafico que venga de afuera, pueda entrar a tu red con un nat translation que no sea static?

A

usando reversible al final del statement.

141
Q

NAT- como puedes hacer static map de un mismo IP privado a 2 IP publico?

A

usando extendable.

142
Q

NAT - ip nat outside

A

hace translation de una red que no es tuya.

143
Q

PPPOE configuration?

A

host ISP

bba-group pppoe MyGroup
virtual-template 1

interface virtual-template 1
ip add 10.0.0.1 255.255.255.0
peer default ip addrees pool Mypool
ppp authentication chap callin
mtu 1492

ip local pool Mypool 10.0.0.2 10.0.0.254

int f0/1
no ip add
pppoe enable group MyGroup

username CPE password MyPassword

interface dialer 1 
dialer pool 1
encapsulation ppp
ip address negotiated
ppp authentication chap (or pap) calling
ppp pap sent-username cisco password cisco (si quieres usr pap)
ppp chap hostname cisco
ppp chap password cisco
mtu 1492

int f0/1
pppoe enable
pppoe-client dial-pool-number 1
no shut

144
Q

tunnel vrf?

A

le dice a la interfaz del tunnel, que el source/destination ip address para formar el tunnel esta en el vrf routing table, que no vas a poner la intefaz del tunnel en el vrf, pero que si busque en el vrf para encontrarla.

Nota: si tu source/destination estan en el global vrf, no necesitas usar este comando, incluso si pones el tunnel interface en una vrf.

145
Q

using an ipsec profile in 2 different tunnels?

A

int tunn 0

tunn protection ipsec profile dmvpn_profile shared

146
Q

password in ldp neighbor?

A

mpls ldp password required

mpls ldp neigh 3.3.3.3 password ale.

147
Q

MPLS- how to filter vrf routes modifying route-targets?

A

export-map

148
Q

mpls vpn performance tunning?

A

add vpnv4 unicast
neigh x.x.x.x advertisement-interval 0

add ipv4 unicast vrf x
import path selection all.

149
Q

DMVPN- como sustituir estos comandos por 1 solo:

ip nhrp map 128.10.254.3 128.10.100.3
ip nhrp map multicast 128.10.100.3
ip nhrp nhs 128.10.254.3

A

ip nhrp nhs (overlay address) nbma (underlay address) multicast

150
Q

OSPFv3- Advertise ipv4 routes?

A

ospfv3 1 ipv4 area x

151
Q

DMVPN - enable ipv6 tunnel

2- IPsec in dmvpn with ipv6 difference ?

A

tunnel mode gre multipoint ipv6

2-crypto isakmp key v6lke address ipv6 ::/0

152
Q

DMVPN - 2 cosas que te pueden dejar sin ver nada en “show dmvpn”

A

1) tunnel mode

2) network-id

153
Q

OSPFV3 - redistribution ?

A

router ospfv3 10
address-family ipv4/v6 unicast
redistribute x

154
Q

ospf - verify area authentication?

2- verify ospf neighbor adjacency and if they have authentication?

A

1- show ip ospf | in Area

2- show ip ospf int x

155
Q

Multicast - ip igmp querier timeout?

A

se configura en el router que NO es el querier.

156
Q

routing Bridge?

A

te permite hacer un bonding de la interfaz de un router, ideal si quieres usar un mismo ip que se vean en ambas interfaz. comandos:

bridge irb
bridge 1 protocol ieee
bridge 1 route ip
interface Ethernet0/1
no ip address
!
interface Ethernet0/1.10
encapsulation dot1Q 10
bridge-group 1
!
interface Ethernet0/1.20
encapsulation dot1Q 20
bridge-group 1
!
!
interface BVI1
ip address 172.16.1.1 255.255.255.0
157
Q

DHCP - getting client-id

A

in dhcp client or server, put the host to get an address and the use “ Debug dhcp detail “

de el resultados que tengas, le añades 2 ceros a la izquierda, se supone que queden cuatro dijitos siempre, menos al final que van a quedar 2 solamente.

636973636F2D616162622E636330302E
303930302D4574302F30 =

luego que lo modificas:

0063.6973.636F.2D61.6162.622E.6363.3030.2E3.0393.0302.D457.4302.F30

158
Q

Services - disable bootp

2- disable dhcp

A

ip dhcp bootp ignore

2- no service dhcp

159
Q

services - monitorea las secciones de tcp para ver si por error estan abiertas

A

service tcp-keepalives-in

service tcp-keepalives-out

160
Q

negar routing basado en source

A

no ip source-route

161
Q

EIGRP - only receive updates, not send

A

eigrp stub receive-only

162
Q

ospf - advertise your adjacency link as host-route?

A

ip ospf network point-to-multipoint.

163
Q

port security - packets are drop, and notification is sent d.

A

switchport port-security violation restrict.

164
Q

port security - packets are drop, and no notification is sent d.

A

switchport port-security violation protect.

165
Q

port-security - recover an error-disabled port

A

errdisable recovery cause psecure-violation

166
Q

telnet rotary ?

A

To get started, let’s talk about a few basics of the “rotary” command. This command is entered in line configuration mode and has a parameter. The parameter is simply a number. Once the command is entered, the router listens for telnet connections on an additional TCP port. The router determines which port to open by adding 3000 to the number entered after the “rotary” command.

167
Q

memory monitoring - low memory notification

A

memory free low-watermark x

168
Q

memory monitoring - reserve memory for critical operations?

A

memory reserve critical x.

169
Q

route-map - source protocol ?

A

puedes permitir/negar rutas en base a esto, incluyendo “connected”

170
Q

configuring threshold for cpu

A

snmp-server enable traps cpu threshold
snmp-server host 150.1.1.1 public

process cpu process cpu threshold type total rising 50 interval 5 falling 10

reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/bsm/configuration/15-mt/bsm-15-mt-book/bsm-cpu-thresh-notif.html

171
Q

ssh - changing to version 2

A

ip ssh version 2

172
Q

Switching - load balance in etherchannel ?

A

port-channel load-balance x)

173
Q

BGP - advertise a classfull route without using summarization/static route?

A

router bgp 10

auto-summary

174
Q

ip directed broadcast

A

deshabilitado by default, te permite enviar un broadcast a un segmento de red fuera del tuyo. viene deshabilitado por seguridad (smurf attack)

175
Q

route-map - set ip precedence

A

te deja asignar un ToS field de los que tienen nombre (network,critical, etc)

176
Q

how to match a packet size ?

A
route-map size
match length (min bytes )  (maximum bytes)
177
Q

URPF - Configuring strict mode ?

A

ip cef
int se1/0
ip verify unicast reverse-path ( or verify-source any)

nota: si al final pones un access-list con “permit statement” los source address que te lleguen con ese IP van a ser permitidos.

178
Q

URPF - Configuring loose mode ?

A

ip cef
int se1/0
ip verify unicast source reachable-via any

179
Q

ACL - how to control number of hits needed for an access-list to activate?

2-access-list logs are generate after every hit, how you control after how much time a hit is generated?

A

1-ip access-l log-update threshold
2-ip access-list logging interval (estos paquetes son process-switches, por lo tanto, cargan el router, por eso es importante este comando).

180
Q

syslog - set syslog logging level

A

logging trap

181
Q

ios services - en que parte de doc-cd encontrarlo ?

A

en system management–>configuration fundamentals.

182
Q

ntp -en que parte de doc-cd encontrarlo ?

A

network management –>Basic System Management Configuration Guide

183
Q

banners -en que parte de doc-cd encontrarlo ?

A

system management –> Cisco IOS configuration fundamental.

184
Q

difference between motd and Exec banner?

A

Message of the day: tan pronto entras al router, el hace display del mensaje.

Exec-banner: aparece despues que te logeas en el equipo.

185
Q

SNMP - trap community note

A

Los snmp traps tienen la opcion para usar su propio community.

186
Q

snmp- difference between snmp trap and inform?

A

inform: is reliable because use acknowledgment, but less preferred because consume more resources.
traps: no acknowledgment but preferred.

187
Q

cpu threshold -en que parte de doc-cd encontrarlo ?

A

network management–>basic system management configuration guide.

188
Q

Remote shell Protocol.

A

Rsh and rcp give users the ability to execute commands remotely and copy files to and from a file system residing on a remote host or server on the network.

189
Q

ntp access control

A

1) Peer – permits router to respond to NTP requests and accept NTP updates. NTP control queries are also accepted. This is the only class which allows a router to be synchronized by other devices.
2) Serve – permits router to reply to NTP requests, but rejects NTP updates (e.g. replies from a server or update packets from a peer). Control queries are also permitted.
3) Serve-only – permits router to respond to NTP requests only. Rejects attempt to synchronize local system time, and does not access control queries.
4) Query-only – only accepts NTP control queries. No response to NTP requests are sent, and no local system time synchronization with remote system is permitted.
reference: http://blog.ine.com/2008/07/28/ntp-access-control/

190
Q

ntp messages ?

A

NTP access-control divides NTP messages into two categories, control messages and update/request messages. Control messages are those needed to extract
specific management information, such as the peer status or set a management parameter.

NTP control messages are not needed for proper time synchronization. NTP update/request messages are those messages needed for time synchronization.

191
Q

dhcp client ID ?

A

Es lo que usan los dhcp servers para identificar los host a los que le dan las mac address. por default en los host son los mac, pero en el router cisco no. si quieres que en el router cisco lo sea, tienes que usar el comando “ ip address dhcp client-id + la interfaz.

http://blog.ipspace.net/2007/08/default-dhcp-client-id.html

192
Q

IPCP?

A

protocol that ppp use to assing an ip address automatically (like DHCP)

193
Q

IRDP ?

A

protocolo para reduncancia que se basa usando ICMP, ell host que va a usar un equipo con IRDP para redundancia no necesita IP routing.

en doccd, se encuentra en “first hop redundancy protocol:

194
Q

nat with ip alias?

A

when we enable nat with aliasing and the global address is an unused ip from attached subnet then the ip appears in the alias table which is used for replying arp requests.

if Alias is not used, NAT will still work but no ping will be replied.

195
Q

logging -en que parte de doc-cd encontrarlo ?

A

Embedded Management

196
Q

IP protocol numbers -en que parte de doc-cd encontrarlo ?

A

security–>firewall–>adaptive security appliance–>config guides–> ctrl+f ports

198
Q

Bridging -en que parte de doc-cd encontrarlo ?

A

en la parte donde selecionas “configuration guide o command reference” selecciona bridging command reference

199
Q

netflow aggregation

A

The Netflow aggregation cache is an additional flow cache used to store aggregated prefix information. A special Netflow packet format that was first supported in version 8, and more recently in version 9, is used to export the aggregated information to a collector.

The aggregation cache is based on the main (normal) flow cache, and flow aggregation is based on the routing table contents. For example, when a flow is
exported from the main cache to the aggregation cache, the flow’s source and/or destination IP addresses (based on the configured scheme) are logically ANDed bitwise with the network masks of its corresponding route in the routing table.

The resulting “masked” (less-specific) flow entry is merged with the aggregation cache. This will result in multiple flow entries with source or destination IP addresses belonging to the same prefix in the IP routing table looking the same in aggregation cache, with the bytes and/or packet count being the sum of all specific flows. Additionally, the number of merged flows for each aggregated entry is stored in aggregation cache.

An additional feature, called the minimum aggregation mask, allows preserving a specified level of granularity even when widely scoped summary routes are installed in the routing table. For example, if the router has the prefix 10.0.0.0/8 in its routing table, you may still want to know detailed flow information about the subnets 10.X.X.0. By setting the minimum aggregation mask to /24, the aggregation cache will choose the longer of the two masks when creating an entry. If a flow source with the IP address 10.1.2.3 is about to be aggregated, the routing table mask of /8 is compared against the minimum aggregation mask of /24, and the result is that the router installs the aggregate entry as 10.1.2.0.

200
Q

Troubleshooting DMVPN ?

A

show ip nhrp nhs detail: te muestra si tu spoke se esta registrando en el hub:

si te sale, “ req-failed x “ hay problemas en el spoke, normalmente con el comando “ip nhrp nhs”

si vez que puedes llegar al underlay IP del hub pero no al de los spokes:

verifica que puedas llegar al overlay IP de los spokes.

201
Q

Filtering using extended access list - BGP vs IGP ?

A

en IGP, cuando usas extended access-list, esto:

access-list 110 permit host 1.1.1.1 155.1.0.0 0.0.255.255

significa. permite la red 155 si viene del host 1.1.1.1

En BGP significa, permite la red 1.1.1.1 valla a la red 155.

202
Q

EIGRP - Filtering Null0 routes using distance

A

summary-metric + network + AD

203
Q

eigrp authentication notes?

A

the lowest key in the key chain is preferred.
debug eigrp packets can you show you problems.

interface authentication got priority over af-interface default authentication

204
Q

MPLS troubleshooting?

A

debug mpls ldp transport events: puedes ver los hellos in/out, si no recibes nada, puedes ser que hay trafico bloqueando LDP.

am I sending the hellos? am I receiving the hellos? is ldp session authenticated (mpls ldp neighbor x.x.x.x password x?)

2-has un traceroute y ve si teienes un end to end lsp del loopback. Cuando hagas un “show mpls ldp neighbors”, asegurate que donde dice “tcp connection” tengas la ip del neighbor.

3-verificar que este comando no este: no mpls ldp advertise-label

4-hay que verificar si el problema esta en el sending site o receiving site?

show bgp vpnv4 unicast all neighbors 150.1.7.7 advertised-routes : verifica si estas anunciando las rutas

205
Q

EIGRP - Filtering Null0 routes using distance

A

summary-metric + network + AD

206
Q

EIGRP - calcular metrica de delay para unequal cost load balance ?

A

suma de delays hacia el destino, /10 * 256

207
Q

MPLS - ldp transport address

A

ldp transport address: cuando vallamos a iniciar la seccion de LDP, esta es la direccion que tienes que usar para pasarme los labels. (update-source)

Nota: si el ldp transport address no es alcansable por el neighbor, no van a poder hacer adjacencia. 99% no te tienes que preocupar por esto, ya que el lo hace automatico. el ospf id loopback, se vuelve el loopback de LDP automatico si no lo cambio.

208
Q

MPLS troubleshooting?

A

debug mpls ldp transport events: puedes ver los hellos in/out, si no recibes nada, puedes ser que hay trafico bloqueando LDP.

am I sending the hellos? am I receiving the hellos? is ldp session authenticated (mpls ldp neighbor x.x.x.x password x?)

2-has un traceroute y ve si teienes un end to end lsp del loopback.

show mpls ldp neighbor: verifica que el tcp connection sea la loopbacks

3-verificar que este comando no este: “no mpls ldp advertise-label”

4-hay que verificar si el problema esta en el sending site o receiving site?

show bgp vpnv4 unicast all neighbors 150.1.7.7 advertised-routes : verifica si estas anunciando las rutas

si no sabemos donde esta el error?

debug bgp vpnv4 unicast updates
clear bgp vpnv4 unicast * in

verificamos a ver si vemos un DENIED en los route-targes

209
Q

OSPF - capability transit

A

OSPF area capability transit is enabled by default, allowing the OSPF Area Border Router to install better-cost routes to the backbone area through the transit area instead of the virtual links. If you want to retain a traffic pattern through the virtual-link path, you can disable capability transit by entering the no capability transit command. If paths through the transit area are discovered, they are most likely to be more optimal paths, or at least equal to, the virtual-link path.

210
Q

BGP - default information originate (2 types)

A

BGP - default information originate:

a redistribution statement of the route 0.0.0.0 must be configure to complete or the default route will not be advertise.

Neighbor default information originate: always advertise a default route.

211
Q

snmp- link up /down traps?

A

snmp-server enable traps snmp link

212
Q

MPLS - BGP site of origin

A

funciona de la misma forma, a diferencia que en lugar de crear route-maps y ponerlos en las interfaces, se hace con el comando neighbor x.x.x.x soo x.

213
Q

ip multicast-boundary filter-autorp

A

filter autorp message on a interface comming in/out for the group specified in the access-l. only works with standard acl.

214
Q

control plane policy configuration?

A

1-class-map
2-policy map
3-control-plane
service policy input/output x

215
Q

bgp, installing multiple routes in rip if the as-path are different?

A

bgp bestpath as-path multipath-relax

216
Q

IPv6 - Stateless autoconfiguration?

A

client:

ipv6 address autoconfiguration

Server:

ipv6 nd prefix x

217
Q

backup interface?

A

tracks the local line protocol of the primary interface. If the line is up, the backup interface is in standby mode.

configuration:

interface {primary interface}
backup {backup interface}

218
Q

bgp - match regular expression for confederation?

A

^(65001)$