Tuesday, 18 February 2025

What is BGP Allowas-in Feature? How to configure BGP Allowas-in? GNS3

BGP Allowas-in is a configuration option in Border Gateway Protocol (BGP) routing that allows a router to accept routes with its own AS (Autonomous System) number in the AS_PATH attribute.
There's a risk of creating routing loops if not managed properly. It should be used cautiously and with a clear understanding of network topology.

Purpose: Normally, BGP prevents loops by rejecting routes that contain the local AS number in the AS_PATH. However, in scenarios like multi-homed environments or when dealing with MPLS VPNs, you should allow routes to come back into your AS through different paths.

Functionality: When you configure allowas-in, you specify how many times your AS number is allowed to appear in the AS_PATH. This number can be set between 1 to 10, although this varies by router vendor and model. For example, setting allowas-in 2 would allow routes with up to two instances of your AS number in the path.

Usage Scenario:

Multi-homed Networks: If you have connections to the same ISP in different locations, allowas-in can prevent unnecessary route blackholing by allowing these routes back into your network.
MPLS VPNs: In scenarios where customer routes are sent through a service provider network and back, allowas-in ensures these routes are not dropped.

Configuration Example (Cisco IOS-like syntax):

plaintext
router bgp 65100
neighbor 12.1.1.2 remote-as 65200
neighbor 12.1.1.2 allowas-in 2

end

To allow the re-advertisement of all prefixes that contain duplicate ASNs, use the neighbor allowas-in command in router configuration mode in Router

Risks:

There's a risk of creating routing loops if not managed properly. It should be used cautiously and with a clear understanding of network topology.
It can also lead to suboptimal routing if not configured correctly.

Best Practices:
Use sparingly and only where necessary.
Monitor BGP updates closely when employing this feature.
Combine with route-maps or other BGP policies to control which routes are accepted.
This configuration can significantly affect network reachability and BGP convergence, so it should be deployed with a good understanding of BGP dynamics and network design.

let's see the configuration:-

Topology:-

Goal- allow the same AS routes installed in router 1 and router 5 routing table.

configure the IP addresses as per the topology
configure EBGP IBGP protocols
verify the 10.0.0.0/8 in the router 5 routing table
verify the 50.0.0.0/8 in the router 1 routing table
configure BGP allowas-in feature on routers 1 and 5
ensure route 10.1.1.1 and 50.1.1.1 in router 1 and 5 routing table.
in the end, ensure the connectivity with ping traceroute commands

R1(config)#interface ethernet 5/0

R1(config-if)#ip address 10.1.1.1 255.0.0.0

R1(config-if)#no shutdown

R1(config-if)#exit

R1(config)#interface serial 4/0

R1(config-if)#ip address 12.1.1.1 255.0.0.0

R1(config-if)#no shutdown

R1(config-if)#exit

R2(config)#interface ethernet 5/0

R2(config-if)#ip address 20.1.1.1 255.0.0.0

R2(config-if)#no shutdown

R2(config-if)#exit

R2(config)#interface serial 4/0

R2(config-if)#ip address 12.1.1.2 255.0.0.0

R2(config-if)#no shutdown

R2(config-if)#exit

R2(config)#interface serial 4/1

R2(config-if)#ip address 23.1.1.1 255.0.0.0

R2(config-if)#no shutdown

R2(config-if)#exit

R3(config)#interface ethernet 5/0

R3(config-if)#ip address 30.1.1.1 255.0.0.0

R3(config-if)#no shutdown

R3(config-if)#exit

R3(config)#interface serial 4/0

R3(config-if)#ip address 34.1.1.1 255.0.0.0

R3(config-if)#no shutdown

R3(config-if)#exit

R3(config)#interface serial 4/1

R3(config-if)#ip address 23.1.1.2 255.0.0.0

R3(config-if)#no shutdown

R3(config-if)#exit

R4(config)#interface ethernet 5/0

R4(config-if)#ip address 40.1.1.1 255.0.0.0

R4(config-if)#no shutdown

R4(config-if)#exit

R4(config)#interface serial 4/0

R4(config-if)#ip address 34.1.1.2 255.0.0.0

R4(config-if)#no shutdown

R4(config-if)#exit

R4(config)#interface serial 4/1

R4(config-if)#ip address 45.1.1.1 255.0.0.0

R4(config-if)#no shutdown

R4(config-if)#exit

R5(config)#interface ethernet 5/0

R5(config-if)#ip address 50.1.1.1 255.0.0.0

R5(config-if)#no shutdown

R5(config-if)#exit

R5(config)#interface serial 4/1

R5(config-if)#ip address 45.1.1.2 255.0.0.0

R5(config-if)#no shutdown

R5(config-if)#exit

R1(config)#router bgp 65100

R1(config-router)#neighbor 12.1.1.2 remote-as 65200

R1(config-router)#network 10.0.0.0 mask 255.0.0.0

R1(config-router)#network 12.0.0.0 mask 255.0.0.0

R1(config-router)#no sync

R1(config-router)#exit

*Feb 18 12:04:32.531: %BGP-5-ADJCHANGE: neighbor 12.1.1.2 Up

R2(config)#router bgp 65200

R2(config-router)#neighbor 12.1.1.1 remote-as 65100

R2(config-router)#neighbor 23.1.1.2 remote-as 65200

R2(config-router)#network 20.0.0.0 mask 255.0.0.0

R2(config-router)#network 12.0.0.0 mask 255.0.0.0

R2(config-router)#network 23.0.0.0 mask 255.0.0.0

R2(config-router)#no sync

R2(config-router)#exit

*Feb 18 12:04:32.687: %BGP-5-ADJCHANGE: neighbor 12.1.1.1 Up

*Feb 18 12:05:30.427: %BGP-5-ADJCHANGE: neighbor 23.1.1.2 Up

R3(config)#router bgp 65200

R3(config-router)#neighbor 34.1.1.2 remote-as 65300

R3(config-router)#neighbor 23.1.1.1 remote-as 65200

R3(config-router)#network 30.0.0.0 mask 255.0.0.0

R3(config-router)#network 34.0.0.0 mask 255.0.0.0

R3(config-router)#network 23.0.0.0 mask 255.0.0.0

R3(config-router)#no sync

R3(config-router)#exit

*Feb 18 12:05:30.535: %BGP-5-ADJCHANGE: neighbor 23.1.1.1 Up

*Feb 18 12:09:19.379: %BGP-5-ADJCHANGE: neighbor 34.1.1.2 Up

R4(config)#router bgp 65300

R4(config-router)#neighbor 34.1.1.1 remote-as 65200

R4(config-router)#neighbor 45.1.1.2 remote-as 65100

R4(config-router)#network 40.0.0.0 mask 255.0.0.0

R4(config-router)#network 34.0.0.0 mask 255.0.0.0

R4(config-router)#network 45.0.0.0 mask 255.0.0.0

R4(config-router)#no sync

R4(config-router)#exit

*Feb 18 12:09:18.955: %BGP-5-ADJCHANGE: neighbor 34.1.1.1 Up

*Feb 18 12:09:56.799: %BGP-5-ADJCHANGE: neighbor 45.1.1.2 Up

R5(config)#router bgp 65100

R5(config-router)#neighbor 45.1.1.1 remote-as 65300

R5(config-router)#network 50.0.0.0 mask 255.0.0.0

R5(config-router)#network 45.0.0.0 mask 255.0.0.0

R5(config-router)#no sync

R5(config-router)#exit

*Feb 18 12:09:56.643: %BGP-5-ADJCHANGE: neighbor 45.1.1.1 Up

R1#show ip bgp

BGP table version is 9, local router ID is 12.1.1.1

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

*> 10.0.0.0 0.0.0.0 0 32768 i

* 12.0.0.0 12.1.1.2 0 0 65200 i

*> 0.0.0.0 0 32768 i

*> 20.0.0.0 12.1.1.2 0 0 65200 i

*> 23.0.0.0 12.1.1.2 0 0 65200 i

*> 30.0.0.0 12.1.1.2 0 65200 i

*> 34.0.0.0 12.1.1.2 0 65200 i

*> 40.0.0.0 12.1.1.2 0 65200 65300 i

*> 45.0.0.0 12.1.1.2 0 65200 65300 I

(as you can see router 1 does not have a 50.1.1.1/8 network in its routing table because of the loop prevention feature)

R5#show ip bgp

BGP table version is 9, local router ID is 50.1.1.1

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

*> 12.0.0.0 45.1.1.1 0 65300 65200 i

*> 20.0.0.0 45.1.1.1 0 65300 65200 i

*> 23.0.0.0 45.1.1.1 0 65300 65200 i

*> 30.0.0.0 45.1.1.1 0 65300 65200 i

*> 34.0.0.0 45.1.1.1 0 0 65300 i

*> 40.0.0.0 45.1.1.1 0 0 65300 i

* 45.0.0.0 45.1.1.1 0 0 65300 i

*> 0.0.0.0 0 32768 i

*> 50.0.0.0 0.0.0.0 0 32768 i

(as you can see router 5 does not have a 10.1.1.1/8 network in its routing table because of the loop prevention feature both routers are in the same AS 65100)

R1(config)#router bgp 65100

R1(config-router)#neighbor 12.1.1.2 allowas-in

R1(config-router)#exit

R1(config)#end

R5(config)#router bgp 65100

R5(config-router)#neighbor 45.1.1.1 allowas-in

R5(config-router)#exit

R5(config)#end

R1#show ip bgp

BGP table version is 10, local router ID is 12.1.1.1

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

*> 10.0.0.0 0.0.0.0 0 32768 i

* 12.0.0.0 12.1.1.2 0 0 65200 i

*> 0.0.0.0 0 32768 i

*> 20.0.0.0 12.1.1.2 0 0 65200 i

*> 23.0.0.0 12.1.1.2 0 0 65200 i

*> 30.0.0.0 12.1.1.2 0 65200 i

*> 34.0.0.0 12.1.1.2 0 65200 i

*> 40.0.0.0 12.1.1.2 0 65200 65300 i

*> 45.0.0.0 12.1.1.2 0 65200 65300 i

*> 50.0.0.0 12.1.1.2 0 65200 65300 65100 i

R5#show ip bgp

BGP table version is 10, local router ID is 50.1.1.1

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

*> 10.0.0.0 45.1.1.1 0 65300 65200 65100 i

*> 12.0.0.0 45.1.1.1 0 65300 65200 i

*> 20.0.0.0 45.1.1.1 0 65300 65200 i

*> 23.0.0.0 45.1.1.1 0 65300 65200 i

*> 30.0.0.0 45.1.1.1 0 65300 65200 i

*> 34.0.0.0 45.1.1.1 0 0 65300 i

*> 40.0.0.0 45.1.1.1 0 0 65300 i

* 45.0.0.0 45.1.1.1 0 0 65300 i

*> 0.0.0.0 0 32768 i

* 50.0.0.0 45.1.1.1 0 65300 65100 i

*> 0.0.0.0 0 32768 I

(as you can see after we allows-in feature both the routers installed same AS routes in to their routing table)

R1#ping 50.1.1.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 50.1.1.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 132/154/180 ms

R1#traceroute 50.1.1.1

Type escape sequence to abort.

Tracing the route to 50.1.1.1

1 12.1.1.2 20 msec 32 msec 32 msec

2 23.1.1.2 [AS 65200] 72 msec 64 msec 64 msec

3 34.1.1.2 [AS 65200] 96 msec 92 msec 104 msec

4 45.1.1.2 [AS 65300] 148 msec 116 msec 140 msec

R5#ping 10.1.1.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 120/148/180 ms

R5#traceroute 10.1.1.1

Type escape sequence to abort.

Tracing the route to 10.1.1.1

1 45.1.1.1 32 msec 32 msec 32 msec

2 34.1.1.1 [AS 65300] 64 msec 64 msec 64 msec

3 23.1.1.1 [AS 65200] 104 msec 96 msec 96 msec

4 12.1.1.1 [AS 65200] 128 msec 152 msec 132 msec

I hope you like this article if you like it please visit to our YouTube channel

https://www.youtube.com/@internetworkss

Tuesday, 11 February 2025

What is BGP route dampening? How to configure BGP route Dampening?

BGP route dampening is a mechanism used in the Border Gateway Protocol (BGP) to mitigate the negative effects of route flapping. Route flapping occurs when a BGP route is repeatedly advertised and withdrawn, causing instability in the network. This instability can lead to increased CPU load on routers, excessive BGP updates, and potential routing loops.

BGP route dampening works by assigning a penalty to a route each time it flaps. If the route continues to flap, the penalty accumulates. Once the penalty exceeds a certain threshold, the route is dampened, meaning it is suppressed and not considered for routing decisions. This prevents the flapping route from causing further disruption to the network.

After some time, the penalty for a dampened route begins to decrease. Once the penalty falls below another threshold, the route is un-dampened and can be used again. This allows the route to recover if the underlying issue causing the flapping has been resolved.

BGP route dampening helps to improve network stability and reduce the load on routers by preventing the propagation of flapping routes. However, it can also lead to temporary loss of connectivity for some destinations if routes are dampened for extended periods. Therefore, it is important to carefully configure the dampening parameters to balance stability and availability.

Note-

BGP route dampening is designed to reduce route processing load caused by unstable routes.
Each time an eBGP route flaps, it gets 1000 penalty points. we cannot modify this configuration.

*Feb 4 13:14:50.315: EvD: charge penalty 1000, new accum. penalty 1000, flap count 1

only eBGP routes are dampened.
if the penalty exceeds the suppress limit the route is dampened and no longer used but if the route penalty is dropped below the threshold the route is again in use and propagated.
a penalty is applied on the individual path in the BGP table, not on the IP prefix. you can see the unreachable routes in the table marked with h.

R2#show ip bgp

BGP table version is 20, local router ID is 192.168.4.2

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

*>i1.1.1.0/24 192.168.1.1 0 100 0 i

h 3.3.3.0/24 192.168.3.1 0 0 65300 i

*>i10.0.0.0 192.168.1.1 0 100 0 i

*> 30.0.0.0 192.168.3.1 0 0 65300 i

*> 40.0.0.0 192.168.4.1 0 0 65400 i

* i192.168.1.0 192.168.1.1 0 100 0 i

*> 0.0.0.0 0 32768 i

* 192.168.3.0 192.168.3.1 0 0 65300 i

*> 0.0.0.0 0 32768 i

* 192.168.4.0 192.168.4.1 0 0 65400 i

*> 0.0.0.0 0 32768 i

configure the topology as per the diagram
configure IP addresses as per the topology
configure iBGP and eBGP as per the topology
configure BGP dampening on router 2 AS 65100
manually flaps the route loopback 3.3.3.3 in an AS 65300
make sure 3.3.3.3/24 in h state in the routing table and dampened

R1(config)#interface loopback 1

R1(config-if)#ip address 1.1.1.1 255.255.255.0

R1(config-if)#no shutdown

R1(config-if)#exit

R1(config)#interface fastethernet 2/0

R1(config-if)#ip address 10.1.1.1 255.0.0.0

R1(config-if)#no keepalive

R1(config-if)#no shutdown

R1(config-if)#exit

R1(config)#interface fastethernet 0/0

R1(config-if)#ip address 192.168.1.1 255.255.255.0

R1(config-if)#no shutdown

R1(config-if)#exit

R2(config)#interface fastethernet 0/0

R2(config-if)#ip address 192.168.1.2 255.255.255.0

R2(config-if)#no shutdown

R2(config-if)#exit

R2(config)#interface serial 4/0

R2(config-if)#ip address 192.168.4.2 255.255.255.0

R2(config-if)#no keepalive

R2(config-if)#no shutdown

R2(config-if)#exit

R2(config)#interface serial 4/1

R2(config-if)#ip address 192.168.3.2 255.255.255.0

R2(config-if)#no shutdown

R2(config-if)#exit

R3(config)#interface loopback 1

R3(config-if)#ip address 3.3.3.3 255.255.255.0

R3(config-if)#no shutdown

R3(config-if)#exit

R3(config)#interface fastethernet 2/0

R3(config-if)#ip address 30.1.1.1 255.0.0.0

R3(config-if)#no keepalive

R3(config-if)#no shutdown

R3(config-if)#exit

R3(config)#interface serial 4/1

R3(config-if)#ip address 192.168.3.1 255.255.255.0

R3(config-if)#no shutdown

R3(config-if)#exit

R4(config)#interface loopback 1

R4(config-if)#ip address 4.4.4.4 255.255.255.0

R4(config-if)#no shutdown

R4(config-if)#exit

R4(config)#interface fastethernet 2/0

R4(config-if)#ip address 40.1.1.1 255.0.0.0

R4(config-if)#no keepalive

R4(config-if)#no shutdown

R4(config-if)#exit

R4(config)#interface serial 4/0

R4(config-if)#ip address 192.168.4.1 255.255.255.0

R4(config-if)#no shutdown

R4(config-if)#exit

R1(config)#router bgp 65100

R1(config-router)#neighbor 192.168.1.2 remote-as 65100

R1(config-router)#network 10.0.0.0

R1(config-router)#network 1.1.1.0 mask 255.255.255.0

R1(config-router)#network 192.168.1.0 mask 255.255.255.0

R1(config-router)#no auto-summary

R1(config-router)#no synchronization

R1(config-router)#exit

R2(config)#router bgp 65100

R2(config-router)#neighbor 192.168.1.1 remote-as 65100

R2(config-router)#neighbor 192.168.4.1 remote-as 65400

R2(config-router)#neighbor 192.168.3.1 remote-as 65300

R2(config-router)#network 192.168.1.0 mask 255.255.255.0

R2(config-router)#network 192.168.3.0 mask 255.255.255.0

R2(config-router)#network 192.168.4.0 mask 255.255.255.0

R2(config-router)#neighbor 192.168.1.1 next-hop-self

R2(config-router)#bgp log-neighbor-changes

R2(config-router)#no synchronization

R2(config-router)#no auto-summary

R2(config-router)#exit

R3(config)#router bgp 65300

R3(config-router)#neighbor 192.168.3.2 remote-as 65100

R3(config-router)#network 3.3.3.0 mask 255.255.255.0

R3(config-router)#network 30.0.0.0

R3(config-router)#network 192.168.3.0 mask 255.255.255.0

R3(config-router)#bgp log-neighbor-changes

R3(config-router)#no synchronization

R3(config-router)#no auto-summary

R3(config-router)#exit

R4(config)#router bgp 65400

R4(config-router)#neighbor 192.168.4.2 remote-as 65100

R4(config-router)#network 40.0.0.0

R4(config-router)#network 4.0.0.0 mask 255.255.255.0

R4(config-router)#network 192.168.4.0 mask 255.255.255.0

R4(config-router)#no auto-summary

R4(config-router)#no synchronization

R4(config-router)#bgp log-neighbor-changes

R4(config-router)#exit

R1#show ip bgp

BGP table version is 11, local router ID is 1.1.1.1

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

*> 1.1.1.0/24 0.0.0.0 0 32768 i

*>i3.3.3.0/24 192.168.1.2 0 100 0 65300 i

*> 10.0.0.0 0.0.0.0 0 32768 i

*>i30.0.0.0 192.168.1.2 0 100 0 65300 i

*>i40.0.0.0 192.168.1.2 0 100 0 65400 i

* i192.168.1.0 192.168.1.2 0 100 0 i

*> 0.0.0.0 0 32768 i

*>i192.168.3.0 192.168.1.2 0 100 0 i

*>i192.168.4.0 192.168.1.2 0 100 0 i

R2(config)#router bgp 65100

R2(config-router)#bgp dampening

R2(config-router)#end

R2#show ip bgp dampening parameters

dampening 15 750 2000 60 (DEFAULT)

Half-life time : 15 mins Decay Time : 2320 secs

Max suppress penalty: 12000 Max suppress time: 60 mins

Suppress penalty : 2000 Reuse penalty : 750

R2(config)#router bgp 65100

R2(config-router)#neighbor 192.168.1.1 advertisement-interval 1

R3(config)#interface loopback 1

R3(config-if)#shutdown

R3(config-if)#no shutdown

R3(config-if)#shutdown

R3(config-if)#no shutdown

*Feb 4 13:14:50.315: EvD: charge penalty 1000, new accum. penalty 1000, flap count 1

*Feb 4 13:14:50.319: BGP(0): charge penalty for 3.3.3.0/24 path 65300 with half life-time 15 reuse/suppress 750/2000

*Feb 4 13:14:50.319: BGP(0): flapped 1 times since 00:00:00. New penalty is 1000

*Feb 4 13:14:50.655: EvD: accum. penalty decayed to 1000 after 0 second(s)

R2#show ip bgp dampening flap-statistics

BGP table version is 17, local router ID is 192.168.4.2

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

Network From Flaps Duration Reuse Path

*> 3.3.3.0/24 192.168.3.1 1 00:00:39 65300

R2#show ip bgp 3.3.3.3

BGP routing table entry for 3.3.3.0/24, version 17

Paths: (1 available, best #1, table Default-IP-Routing-Table)

Flag: 0x820

Advertised to update-groups:

1 2

65300

192.168.3.1 from 192.168.3.1 (3.3.3.3)

Origin IGP, metric 0, localpref 100, valid, external, best

Dampinfo: penalty 936, flapped 1 times in 00:01:32

R2#show ip bgp

BGP table version is 20, local router ID is 192.168.4.2

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

*>i1.1.1.0/24 192.168.1.1 0 100 0 i

h 3.3.3.0/24 192.168.3.1 0 0 65300 i

*>i10.0.0.0 192.168.1.1 0 100 0 i

*> 30.0.0.0 192.168.3.1 0 0 65300 i

*> 40.0.0.0 192.168.4.1 0 0 65400 i

* i192.168.1.0 192.168.1.1 0 100 0 i

*> 0.0.0.0 0 32768 i

* 192.168.3.0 192.168.3.1 0 0 65300 i

*> 0.0.0.0 0 32768 i

* 192.168.4.0 192.168.4.1 0 0 65400 i

*> 0.0.0.0 0 32768 i

Sunday, 5 January 2025

What is uplinkfast?

Spanning tree UplinkFast is a Cisco-specific enhancement to the Spanning Tree Protocol (STP). It's designed to improve the convergence time in the event of a direct link failure, especially in access-layer switches with redundant links to the distribution layer.

Here's how it works:

Quick Recovery: When the primary uplink fails, UplinkFast allows the switch to quickly transition the blocked port to forwarding, bypassing the usual listening and learning states.

Preventing Loops: It modifies the Bridge Protocol Data Units (BPDUs) to prevent loops by increasing the path cost and setting the local bridge priority.

Immediate Restoration: This feature ensures that connectivity is restored almost immediately, reducing downtime significantly.

UplinkFast is typically used in access-layer switches and should be deployed carefully to avoid potential issues with MAC address tables.

Key points:-

legacy/cisco proprietary feature
uplinkfast is for speeding convergence when a direct link to an upstream switch fails.
when uplinkfast is enabled, it is enabled for the entire switch and all VLANs.

this feature is not allowed on the root bridge switch.
when uplinkfast is configured, the bridge priority is changed to 49,152 so that this switch will not be selected as root.

We have three switches. Switch-1 is our Root, and two others are non-root switches. Switch-1's ports are Desg FWD because it's a root. Switch-2's gig0/0 port is a Root FWD, and gig 0/1 is a Desg FWD. Switch-3's gig0/0 is Root FWD, and gig1/0 is an Altn BLK state port. so that's what we have, now switch-3 uses gig0/0 to reach the root bridge, what if the port shuts down? how long does it take for switch-3 to make a transition? let's see.

switch-1#show spanning-tree vlan 1
VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 24577
Address 0c58.a85e.0000
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 24577 (priority 24576 sys-id-ext 1)
Address 0c58.a85e.0000
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi0/0 Desg FWD 4 128.1 Shr
Gi0/1 Desg FWD 4 128.2 Shr

switch-2#show spanning-tree vlan 1
VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 24577
Address 0c58.a85e.0000
Cost 4
Port 1 (GigabitEthernet0/0)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 0c2e.adf7.0000
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi0/0 Root FWD 4 128.1 Shr
Gi0/1 Desg FWD 4 128.2 Shr

switch-3#show spanning-tree vlan 1
VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 24577
Address 0c58.a85e.0000
Cost 4
Port 1 (GigabitEthernet0/0)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 0c33.c353.0000
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi0/0 Root FWD 4 128.1 Shr
Gi0/1 Altn BLK 4 128.2 Shr

switch-3#debug spanning-tree events

Spanning Tree event debugging is on

switch-3(config)#interface gigabitEthernet 0/0

switch-3(config-if)#shutdown

*Jan 5 08:15:36.684: STP: VLAN0001 new root port Gi0/1, cost 8

*Jan 5 08:15:36.684: STP: VLAN0001 Gi0/1 -> listening

*Jan 5 08:15:36.684: STP[1]: Generating TC trap for port GigabitEthernet0/0

*Jan 5 08:15:36.685: STP: VLAN0100 we are the spanning tree root

*Jan 5 08:15:38.685: STP: VLAN0001 sent Topology Change Notice on Gi0/1

*Jan 5 08:15:51.686: STP: VLAN0001 Gi0/1 -> learning

*Jan 5 08:16:06.686: STP[1]: Generating TC trap for port GigabitEthernet0/1

*Jan 5 08:16:06.686: STP: VLAN0001 Gi0/1 -> forwarding

switch-3#show spanning-tree vlan 1
VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 24577
Address 0c58.a85e.0000
Cost 8
Port 2 (GigabitEthernet0/1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 0c33.c353.0000
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi0/1 Root FWD 4 128.2 Shr

after a long time of listening and learning forwarding. our previous Gig0/1 Altn BLK port is now Root FWD. This process takes time. now we have configure the Cisco Uplinkfast feature.

switch-3(config)#interface gigabitEthernet 0/0

switch-3(config-if)#no shutdown

switch-3(config-if)#exit

switch-3(config)#do show spanning-tree vlan 1
VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 24577
Address 0c58.a85e.0000
Cost 4
Port 1 (GigabitEthernet0/0)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 0c33.c353.0000
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 15 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi0/0 Root FWD 4 128.1 Shr
Gi0/1 Altn BLK 4 128.2 Shr

switch-3(config)#spanning-tree uplinkfast

switch-3(config)#end

switch-3#debug spanning-tree events

Spanning Tree event debugging is on

*Jan 5 08:22:15.071: STP: VLAN0001 new root port Gi0/1, cost 3008

*Jan 5 08:22:15.071: %SPANTREE_FAST-7-PORT_FWD_UPLINK: VLAN0001 GigabitEthernet0/1 moved to Forwarding (UplinkFast).

wooo no listening no learning direct forwarding) this is Uplinkfast....

switch-3#show spanning-tree vlan 1
VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 24577
Address 0c58.a85e.0000
Cost 3008
Port 2 (GigabitEthernet0/1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 49153 (priority 49152 sys-id-ext 1)
Address 0c33.c353.0000
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Uplinkfast enabled
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi0/1 Root FWD 3004 128.2 Shr

you see after we configure the Uplinkfast feature this switch means switch-3 bridge ID priority is changed. now this switch will never be a root bridge. unless we disable uplink fast. so never configure Uplink fast on the root switch.

Saturday, 7 September 2024

What is layer 3 etherchannel? How to configure layer 3 etherchannel?

EtherChannel technology allows us to bundle multiple physical links into one logical link. It is used to increase the bandwidth and provide redundancy between multiple layer 2 / layer 3 interfaces. Layer 2 EtherChannel operates on the data link layer, but layer 3 EtherChannel operates at the network layer, allowing it to route traffic. Ether-channel load balances traffic over all the links in the bundle. We can use a maximum 8 physical interfaces to configure the bundle into a single logical link.

Note:- when we configure the port channel (layer 3) we must configure No switchport command before using the command port-channel. if we do not configure no switchport command. the port channel will be the default layer 2 channel and we can not change it. To avoid this, configure no switchport command.

let's see the configuration of layer 3 EtherChannel:-

Topology:-

Goal: configure layer 3 port-channel verify with show commands and configure routing verify with ping.

configure the topology as per the diagram
configure the IP addresses as per the topology
configure portchannel
verify port-channel
configure routing EIGRP
configure IP on VLAN 1
verify with show commands.
ping

IOU1(config)#interface range ethernet 0/0-3
IOU1(config-if-range)#no switchport

IOU1(config-if-range)#channel-group 10 mode on
Creating a port-channel interface Port-channel 10
IOU1(config-if-range)#exit

IOU1(config)#interface port-channel 10
IOU1(config-if)#ip address 192.168.10.1 255.255.255.0
IOU1(config-if)#no shutdown
IOU1(config-if)#exit

%LINEPROTO-5-UPDOWN: Line protocol on Interface Port-channel10, changed state to up

IOU2(config)#interface range ethernet 0/0-3
IOU2(config-if-range)#no switchport
IOU2(config-if-range)#channel-group 10 mode on
Creating a port-channel interface Port-channel 10
IOU2(config-if-range)#exit

IOU2(config)#interface port-channel 10

IOU2(config-if)#ip address 192.168.10.2 255.255.255.0
IOU2(config-if)#no shutdown
IOU2(config-if)#exit

%LINEPROTO-5-UPDOWN: Line protocol on Interface Port-channel10, changed state to up

IOU1#show etherchannel port-channel
                Channel-group listing:
                ----------------------

Group: 10
----------
                Port-channels in the group:
                ---------------------------

Port-channel: Po10
------------

Age of the Port-channel   = 0d:00h:29m:12s
Logical slot/port   = 16/0          Number of ports = 4
GC                  = 0x00000000      HotStandBy port = null
Passive port list   = Et0/0 Et0/1 Et0/2 Et0/3
Port state          = Port-channel L3-Ag Ag-Inuse
Protocol            =    -
Port security       = Disabled

Ports in the Port-channel:

Index   Load   Port     EC state        No of bits
------+------+------+------------------+-----------
0     00     Et0/0    On                 0
0     00     Et0/1    On                 0
0     00     Et0/2    On                 0
0     00     Et0/3    On                 0

Time since last port bundled:    0d:00h:29m:12s    Et0/3

IOU2#show etherchannel
                Channel-group listing:
                ----------------------

Group: 10
----------
Group state = L3
Ports: 4   Maxports = 4
Port-channels: 1 Max Port-channels = 1
Protocol:    -
Minimum Links: 0

IOU1(config)#ip routing

IOU1(config)#router eigrp 100
IOU1(config-router)#network 10.0.0.0
IOU1(config-router)#network 192.168.10.0
IOU1(config-router)#no auto-summary
IOU1(config-router)#exit

IOU2(config)#ip routing

IOU2(config)#router eigrp 100
IOU2(config-router)#network 20.0.0.0
IOU2(config-router)#network 192.168.10.0
IOU2(config-router)#no auto-summary
IOU2(config-router)#exit

%DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 192.168.10.1 (Port-channel10) is up: new adjacency

%DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 192.168.10.2 (Port-channel10) is up: new adjacency

IOU1(config)#interface ethernet 1/0
IOU1(config-if)#switchport
IOU1(config-if)#switchport mode access
IOU1(config-if)#switchport access vlan 1
IOU1(config-if)#exit

IOU1(config)#interface vlan 1
IOU1(config-if)#ip address 10.1.1.1 255.0.0.0
IOU1(config-if)#no shutdown
IOU1(config-if)#exit

%LINK-3-UPDOWN: Interface Vlan1, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up

IOU2(config)#interface ethernet 1/0
IOU2(config-if)#switchport
IOU2(config-if)#switchport mode access
IOU2(config-if)#switchport access vlan 1
IOU2(config-if)#exit

IOU2(config)#interface vlan 1
IOU2(config-if)#ip address 20.1.1.1 255.0.0.0
IOU2(config-if)#no shutdown
IOU2(config-if)#exit

%LINK-3-UPDOWN: Interface Vlan1, changed state to up
\%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up

IOU2#ping 10.1.1.1 source 20.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
Packet sent with a source address of 20.1.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/6 ms

IOU2#traceroute 10.1.1.1
Type escape sequence to abort.
Tracing the route to 10.1.1.1
VRF info: (vrf in name/id, vrf out name/id)
1 192.168.10.1 1 msec 5 msec 0 msec

Thursday, 29 August 2024

What is PPP PAP and CHAP? How to configure PPP PAP CHAP authentication?

WAN Protocols

Higher level Data Link Control Protocol HDLC is a Cisco proprietary WAN protocol that provides reliable delivery of data frames over a network or communication link. HDLC does not support authentication like PPP. HDLC is the default protocol on serial links.

PPP Point-to-Point Protocol is used in serial links, ethernet, frame Relay, atm, etc. PPP is a standard protocol that supports authentication, compression & error correction. PPP is not enabled by default we need to configure this on the serial link.

Password Authentication Protocol PAP provides a simple and easiest method for a remote node simply to establish and develop its identity. PAP is done only upon initial link establishment. PAP is not a strong authentication protocol because the username and password are sent across the link in clear text. PPP PAP supports almost all the network products in the market today and on different systems. but PAP has some disadvantages like a security risk because username are sent in clear text meaning that they can be easily accessed. PPP PAP offers no protection against replay attacks.

Challenge Handshake Authentication Protocol CHAP is an encrypted authentication method that is required to verify the identity of the peer. Once the PPP link establishment phase is complete. the local router sends a unique "challenge" message to the remote node. the remote node responds with a value (MD5) the local router checks the response against its own calculation of the expected hash value. clear text username MD5 hashed password and also CHAP has the replay protection.

lets see the configuration of PAP and CHAP:-https://youtu.be/ZXOXJLSXCG4?si=9qrXCMT8GRDlX8pJ

Topology:

Goal: first we configure CHAP authentication between router-1 and router-2, second we configure PAP between router-2 and router-3. in extra, we configure routing between routers.

Configure the topology as per the diagram
Configure the IP addresses as per the topology
make sure interfaces and the default line protocol are UP
Configure PPP on serial 5/0
Configure CHAP authentication between router-1 and router-2 Serial link 5/0
verify with show commands before and after applying CHAP
Configure PAP authentication between router-2 and router-3
verify with show commands before and after results.

Site-A-R-(config)#interface serial 5/0
Site-A-R-(config-if)#ip address 192.168.1.1 255.255.255.0
Site-A-R-(config-if)#no shutdown
Site-A-R-(config-if)#exit

Site-A-R-(config)#interface fastethernet 0/0
Site-A-R-(config-if)#ip address 10.1.1.1 255.0.0.0
Site-A-R-(config-if)#no shutdown
Site-A-R-(config-if)#exit

Headoffice-R-(config)#interface serial 5/0
Headoffice-R-(config-if)#ip address 192.168.1.2 255.255.255.0
Headoffice-R-(config-if)#no shutdown
Headoffice-R-(config-if)#exit

Headoffice-R-(config)#interface serial 5/1
Headoffice-R-(config-if)#ip address 192.168.2.1 255.255.255.0
Headoffice-R-(config-if)#no shutdown
Headoffice-R-(config-if)#exit

Site-B-R-(config)#interface serial 5/1
Site-B-R-(config-if)#ip address 192.168.2.2 255.255.255.0
Site-B-R-(config-if)#no shutdown
Site-B-R-(config-if)#exit

Site-B-R-(config)#interface fastethernet 0/0
Site-B-R-(config-if)#ip address 30.1.1.1 255.0.0.0
Site-B-R-(config-if)#no shutdown
Site-B-R-(config-if)#no keepalive
Site-B-R-(config-if)#exit

Site-A-R-(config)#router eigrp 1
Site-A-R-(config-router)#network 10.0.0.0
Site-A-R-(config-router)#network 192.168.1.0
Site-A-R-(config-router)#no auto-summary
Site-A-R-(config-router)#exit

Site-B-R-(config)#router eigrp 1
Site-B-R-(config-router)#network 30.0.0.0
Site-B-R-(config-router)#network 192.168.2.0

Site-B-R-(config-router)#no auto-summary
Site-B-R-(config-router)#exit

*Aug 28 17:44:41.883: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 192.168.2.1 (Serial5/1) is up: new adjacency

Site-A-R-#show ip interface brief
Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0/0            10.1.1.1        YES manual up                    up
Serial5/0                  192.168.1.1     YES manual up                    up

Headoffice-R-#show ip interface brief
Interface                  IP-Address      OK? Method Status                Protocol
Serial5/0                  192.168.1.2     YES manual up                    up
Serial5/1                  192.168.2.1     YES manual up                    up

Site-A-R-#show interfaces serial 5/0

Serial5/0 is up, line protocol is up

Hardware is M4T

Internet address is 192.168.1.1/24

MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,

reliability 255/255, txload 1/255, rxload 1/255

Encapsulation HDLC, crc 16, loopback not set

Keepalive set (10 sec)

Restart-Delay is 0 secs

Last input 00:00:04, output 00:00:01, output hang never

Last clearing of "show interface" counters never

Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0

Queueing strategy: weighted fair

Output queue: 0/1000/64/0 (size/max total/threshold/drops)

Conversations 0/1/256 (active/max active/max total)

Reserved Conversations 0/0 (allocated/max allocated)

Available Bandwidth 1158 kilobits/sec

5 minute input rate 0 bits/sec, 0 packets/sec

5 minute output rate 0 bits/sec, 0 packets/sec

212 packets input, 14595 bytes, 0 no buffer

Received 140 broadcasts, 0 runts, 0 giants, 0 throttles

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

242 packets output, 16267 bytes, 0 underruns

0 output errors, 0 collisions, 2 interface resets

0 output buffer failures, 0 output buffers swapped out

3 carrier transitions DCD=up DSR=up DTR=up RTS=up CTS=up

Site-A-R-(config)#interface serial 5/0
Site-A-R-(config-if)#encapsulation PPP

Site-A-R-(config-if)#PPP authentication ?
chap        Challenge Handshake Authentication Protocol (CHAP)
eap         Extensible Authentication Protocol (EAP)
ms-chap     Microsoft Challenge Handshake Authentication Protocol (MS-CHAP)
ms-chap-v2 Microsoft CHAP Version 2 (MS-CHAP-V2)
pap         Password Authentication Protocol (PAP)

Site-A-R-(config-if)#PPP authentication chap
Site-A-R-(config-if)#exit

Site-A-R-(config)#username Headoffice-R- password internetworks
Site-A-R-(config)#end

*Aug 28 17:52:18.371: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 192.168.1.2 (Serial5/0) is down: interface down
*Aug 28 17:52:21.099: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial5/0, changed state to down
*Aug 28 17:54:43.275: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial5/0, changed state to up
*Aug 28 17:54:44.035: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 192.168.1.2 (Serial5/0) is up: new adjacency

Headoffice-R-(config)#interface serial 5/0
Headoffice-R-(config-if)#encapsulation PPP
Headoffice-R-(config-if)#PPP authentication chap
Headoffice-R-(config-if)#exit

Headoffice-R-(config)#username Site-A-R- password internetworks

*Aug 28 17:53:15.747: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial5/0, changed state to up
*Aug 28 17:53:16.727: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 192.168.1.1 (Serial5/0) is up: new adjacency

Site-A-R-# show interface serial 5/0
Serial5/0 is up, line protocol is up
Hardware is M4T
Internet address is 192.168.1.1/24
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,
     reliability 255/255, txload 1/255, rxload 1/255
Encapsulation PPP, LCP Open
Open: IPCP, CDPCP, crc 16, loopback not set
Keepalive set (10 sec)
Restart-Delay is 0 secs
Last input 00:00:01, output 00:00:00, output hang never
Last clearing of "show interface" counters 00:02:55
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: weighted fair
Output queue: 0/1000/64/0 (size/max total/threshold/drops)
     Conversations 0/1/256 (active/max active/max total)
     Reserved Conversations 0/0 (allocated/max allocated)
     Available Bandwidth 1158 kilobits/sec
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
     179 packets input, 5542 bytes, 0 no buffer
     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     177 packets output, 4729 bytes, 0 underruns
     0 output errors, 0 collisions, 30 interface resets
     0 output buffer failures, 0 output buffers swapped out
     30 carrier transitions     DCD=up DSR=up DTR=up RTS=up CTS=up

How to configure the DHCP server on a Cisco ASA device?

DHCP (Dynamic Host Configuration Protocol) servers provide all the basic information the client wants to operate on the network, including DNS address, Default Gateway, IP addresses, and subnet. masks and many more.

In this blog, we configure the Cisco ASA firewall to act as a DHCP (Dynamic Host Configuration Protocol) server. DHCP simplifies the process of IP address assignment in your network. In this scenario, we’ll set up the ASA to provide IP addresses to internal LANs using different DHCP scopes.

let's see the configuration:

Topology:-

configure the topology as per the diagram
configure the IP addresses on ASA and configure security
configure DHCP server on ASA
verify the configuration with show commands and ping.

ciscoasa(config)# interface gigabitEthernet 0

ciscoasa(config-if)# ip address 192.168.1.1 255.255.255.0

ciscoasa(config-if)# security 100

ciscoasa(config-if)# nameif inside

ciscoasa(config-if)# no shutdown

ciscoasa(config-if)# exit

ciscoasa(config)# dhcpd address 192.168.1.2-192.168.1.240 inside

ciscoasa(config)# dhcpd dns 8.8.8.8

ciscoasa(config)# dhcpd domain internetworks

ciscoasa(config)# dhcpd option 3 ip 192.168.1.1

ciscoasa(config)# dhcpd lease 3000

ciscoasa(config)# dhcpd enable inside

ciscoasa(config)# exit

ciscoasa# show dhcpd binding

IP address Client Identifier Lease expiration Type

192.168.1.2 0100.5079.6668.00 2399 seconds Automatic

192.168.1.3 0100.5079.6668.01 2941 seconds Automatic

192.168.1.4 0100.5079.6668.02 2949 seconds Automatic

192.168.1.5 0100.5079.6668.03 2956 seconds Automatic

192.168.1.6 0100.5079.6668.04 2963 seconds Automatic

192.168.1.7 0100.5079.6668.05 2970 seconds Automatic

192.168.1.8 0100.5079.6668.06 2977 seconds Automatic

ciscoasa# show dhcpd statistics

DHCP UDP Unreachable Errors: 0

DHCP Other UDP Errors: 0

Address pools 1

Automatic bindings 7

Expired bindings 0

Malformed messages 0

Message Received

BOOTREQUEST 0

DHCPDISCOVER 7

DHCPREQUEST 14

DHCPDECLINE 0

DHCPRELEASE 0

DHCPINFORM 0

Message Sent

BOOTREPLY 0

DHCPOFFER 7

DHCPACK 14

DHCPNAK 0

ciscoasa# show dhcpd state

Context Configured as DHCP Server

Interface inside, Configured for DHCP SERVER

PC2> ip dhcp

DORA IP 192.168.1.3/24 GW 192.168.1.1

PC2> show ip

NAME : PC2[1]

IP/MASK : 192.168.1.3/24

GATEWAY : 192.168.1.1

DNS : 8.8.8.8

DHCP SERVER : 192.168.1.1

DHCP LEASE : 2565, 3000/1500/2625

DOMAIN NAME : internetworks

MAC : 00:50:79:66:68:01

LPORT : 10017

RHOST:PORT : 127.0.0.1:10018

MTU: : 1500

Internetworks

Pages

Tuesday, 18 February 2025

What is BGP Allowas-in Feature? How to configure BGP Allowas-in? GNS3

Tuesday, 11 February 2025

What is BGP route dampening? How to configure BGP route Dampening?

Sunday, 5 January 2025

What is uplinkfast?

Here's how it works:

Saturday, 7 September 2024

What is layer 3 etherchannel? How to configure layer 3 etherchannel?

Thursday, 29 August 2024

What is PPP PAP and CHAP? How to configure PPP PAP CHAP authentication?

WAN Protocols

Wednesday, 10 July 2024

How to configure the DHCP server on a Cisco ASA device?

How to configure the DHCP server on a Cisco ASA device?

What is BGP Allowas-in Feature? How to configure BGP Allowas-in? GNS3