Professional Documents
Culture Documents
net
IEEE Standards
802.11a 802.11b 802.11g 802.11n (Draft)
Maximum Throughput 54 Mbps 11 Mbps 54 Mbps 300 Mbps
Frequency 5 GHz 2.4 GHz 2.4 GHz 2.4/5 GHz
Modulation OFDM DSSS DSSS/OFDM OFDM
Channels (FCC/ETSI) 21/19 11/13 11/13 32/32
Ratified 1999 1999 2003 N/A
Frame Types
Type Class
Association Management
Authentication Management
Probe Management
Basic Service Area (BSA) · The physical area covered by the wireless
Beacon Management signal of a BSS
Request To Send (RTS) Control Basic Service Set (BSS) · A set of stations and/or access points which
can directly communicate via a wireless medium
Clear To Send (CTS) Control
Distribution System (DS) · The wired infrastructure connecting
Acknowledgment (ACK) Control
multiple BSSs to form an ESS
Data Data
Extended Service Set (ESS) · A set of multiple BSSs connected by a DS
Client Association which appear to wireless stations as a single BSS
Independent BSS (IBSS) · An isolated BSS with no connection to a DS;
an ad hoc WLAN
DBPSK 1 Mbps Basic Service Set Identifier (BSSID) · A MAC address (typically
belonging to an AP) which serves to uniquely identify a BSS
DSSS DQPSK 2 Mbps
Service Set Identifier (SSID) · A human-friendly text string which
CCK 5.5, 11 Mbps identifies a BSS (up to 32 characters in length)
BPSK 6, 9 Mbps Carrier Sense Multiple Access/Collision Avoidance (CSMA/CA) ·
QPSK 12, 18 Mbps The mechanism which facilitates efficient communication across a shared
OFDM wireless medium (provided by DCF or PCF)
16-QAM 24, 36 Mbps
Effective Isotropic Radiated Power (EIRP) · An expression of net
64-QAM 48, 54 Mbps signal strength (transmitter power + antenna gain - cable loss)
Address Formats
Global unicast
Link-local unicast
Version (4 bits) · Always set to 6
Traffic Class (8 bits) · A DSCP value for QoS
Flow Label (20 bits) · Identifies unique flows (optional)
Multicast
Payload Length (16 bits) · Length of the payload in bytes
Next Header (8 bits) · Header or protocol which follows
Hop Limit (8 bits) · Functions as IPv4's time to live field
Source Address (128 bits) · Source IP address EUI-64 Formation
Address Types
Unicast · One-to-one communication
Multicast · One-to-many communication Step 1 · Insert 0xfffe between the two halves of the MAC
Anycast · An address configured in multiple locations Step 2 · Flip the seventh bit (universal/local flag) to 1
IKE Phases
Phase 1 · A bidirectional ISAKMP SA is
established between peers to provide a secure
management channel; IKE is performed in main
mode or agressive mode
Transport Mode · The ESP or AH header is inserted behind the IP Phase 1.5 (optional) · Xauth can optionally be
implemented to enforce user authentication
header; the IP header can be authenticated but not encrypted
Phase 2 · Two unidirectional IPsec SAs are
Tunnel Mode · A new IP header is created in place of the original; this
established for data transfer using separate
allows for encryption of the entire original packet
keys; IKE quick mode is used
Configuration Terminology
ISAKMP Policy Data Integrity · Secure hashing (HMAC) is used to ensure
data has not been altered in transit
crypto isakmp policy 10
encryption aes 256 Data Confidentiality · Encryption is used to ensure data
hash sha cannot be intercepted by a third party
authentication pre-share
group 2 Data Origin Authentication · Peer authentication
lifetime 3600
Anti-replay · Sequence numbers are used to detect and
ISAKMP Pre-Shared Secret Key block duplicate packets
crypto isakmp key 0 MySecretKey address 10.0.0.2 Hash-based Message Authentication Code (HMAC) · A
hash of the data and secret key used to provide message
IPsec Transform Set authenticity
crypto ipsec transform-set MyTS esp-aes 256 esp-sha-hmac Diffie-Hellman · A method of establishing a shared secret
mode tunnel
key over an insecure path using public and private keys
IPsec Profile
Troubleshooting
crypto ipsec profile MyProfile
set transform-set MyTS
show crypto isakmp sa
show crypto isakmp policy
Virtual Tunnel Interface
show crypto ipsec sa
interface Tunnel0
ip address 172.16.0.1 255.255.255.252 show crypto ipsec transform-set
tunnel source 10.0.0.1
tunnel destination 10.0.0.2 debug crypto isakmp
tunnel mode ipsec ipv4
tunnel protection ipsec profile MyProfile debug crypto ipsec
Ethernet Class of Service (CoS) 3-bit 802.1p field in 802.1Q header Binary Application
Frame Relay Discard Eligibility (DE) 1-bit drop eligibility flag 7 111 Reserved
ATM Cell Loss Priority (CLP) 1-bit drop eligibility flag 6 110 Routing
MPLS Experimental Field (EXP) 3-bit field compatible with 802.1p 5 101 Voice
4 100 Streaming Video
IP QoS Markings
3 011 Call Signaling
Precedence · The first three bits of the IP TOS field are evaluated; compatible with
Ethernet CoS and MPLS EXP values 2 010 Transactional
DSCP · The first six bits of the IP TOS are evaluated to provide more granular 1 001 Bulk Data
classification; backward-compatible with IP Precedence 0 000 Best Effort
QoS Flowchart DSCP Values
Binary Prec. DSCP
56 111000 7 Reserved
48 110000 6 Reserved
46 101110 5 EF
32 100000 CS4
34 100010 AF41
Terminology 4
36 100100 AF42
Per-Hop Behavior (PHB) · The individual QoS action performed at each DiffServ
38 100110 AF43
node according to its configured policy
24 011000 CS3
Trust Boundary · The perimeter beyond which QoS markings are not trusted
26 011010 AF31
Tail Drop · Occurs when a packet is dropped because its queue is full 3
28 011100 AF32
Policing · Creates an artificial ceiling on the amount of bandwidth that may be
consumed; traffic exceeding the cap and be remarked or dropped 30 011110 AF33
Shaping · Similar to policing but buffers excess traffic for delayed transmission; 16 010000 CS2
makes more efficient use of bandwidth but introduces a delay
18 010010 AF21
TCP Synchronization · Flows adjust window sizes in synch, wasting bandwidth 2
20 010100 AF22
Per-Hop Behaviors Congestion Avoidance 22 010110 AF23
Class Selector (CS) · Backward- Random Early Detection (RED) · 8 001000 CS1
compatible with IP Precedence values Packets are randomly dropped before a
10 001010 AF11
queue is full to prevent tail drop; 1
Assured Forwarding (AF) · Four classes
mitigates TCP synchronization 12 001100 AF12
with variable drop preferences
Weighted RED (WRED) · RED with the 14 001110 AF13
Expedited Forwarding (EF) · Provides
added capability of recognizing
priority queuing for delay-sensitive traffic 0 000000 0 BE
prioritized traffic by its marking
First In First Out (FIFO) Priority Queuing (PQ) LLQ Configuration Example
Troubleshooting
» Provides the benefits of WFQ with show policy-map
administratively configured queues
show interface
» CBWFQ with the addition of a policed
» Each queue is allocated an amount or strict priority queue show queue <interface>
percentage of bandwidth
» Highly configurable while still show mls qos
» No support for delay-sensitive traffic supporting delay-sensitive traffic
! Bridge priority
spanning-tree vlan 1-4094 priority 32768 Priority · 4-bit configurable priority (configurable from 0 to 61440
in increments of 4096)
! Timers, in seconds
spanning-tree vlan 1-4094 hello-time 2 System ID Extension · 12-bit value taken from VLAN number
spanning-tree vlan 1-4094 forward-time 15
MAC Address · 48-bit value to ensure uniqueness
spanning-tree vlan 1-4094 max-age 20
��������������������� �������������������������
0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7
Other
HTTP
DNS
FTP
�������������������� ������������������
32 bits 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7
IP Address Classes Source port: Number of the port that initiates the session (2 bytes)
Destination port: Number of the port for which the the transmision
Netnumber Host number is destined (2 bytes)
Sequence Number: Used to reconstruct the fragmented data out of
0-126 A 0 the segments (4 bytes)
Acknowledgement number: Used to acknowledge the receive of a segment (4 bytes)
128-191 B 10 Offset: Size of the TCP header (4 bits)
Reserved: Set to zero, reserved for future use (6 bits)
Flags: (6 bits) Enables the controle functions of urgent fields (URG, 1 bit)
192-223 C 110 Acknowledgment (ACK, 1 bit)
Push (PSH, 1 bit)
224-239 D 1110 Reset connection (RST, 1 bit)
Synchronisation of sequence numbers (SYN, 1 bit)
Finished sending data (FIN, 1 bit)
240-255 E 1111 Window Size: Used to exchange TCP buffer sizes (2 bytes)
Checksum: Checksum field (2 bytes)
8-bit Urgent pointer: Points to urgent data in the data field
Only valid if the urgent flag is set (2 bytes)
Number of networks Number of hosts Options and Padding:
Class A 126 16.777.214 (variable length) Options: Maximum segment size
Class B 16.384 65.534 TCP window scale
Selective acknowledgment
Class C 2.097.152 254 SACK-permited
TCP timestamps
Subnetmask
32 bits ����������������
IP Address 7 Echo 25 SMTP
9 Discard 53 DNS
NET SUBNET HOST 13 Daytime 80 HTTP
17 Qotd 110 POP3
19 Chargen 119 NNTP
Subnet Mask 20 FTP-data 179 BGP
11111111 11111111 11111111 00000000 21 FTP-control 143 IMAP ≤1023: Well known applications
22 SSH 389 LDAP >1023: Proprietary applications and
255 255 255 0 23 Telnet 443 HTTPs (s=over SSL) client applications
646 MPLS
������������������
0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7
Hardware type Protocol type Hardware type: Identifies the type of hardware interface (2 bytes)
Protocol Type: Identifies the type of protocol the
HLEN PLEN Operation sending device is using (2 bytes)
HLEN: Hardware Address Length (1 byte)
Sender HA (0-3) PLEN: Protocol Address Length (1 byte)
Sender HA (4-5) Sender IP (0-1) Operation: Request or reply (2 bytes)
Sender HA: Sender hardware address (6 bytes)
Sender IP (2-3) Target HA (0-1) Sender IP: Sender IP address (4 bytes)
Target HA: Target hardware address (6 bytes)
Target HA (2-5) Target IP: Target IP address (4 bytes)
Target IP (0-4)
V1.5
������������������ �������������������
JOHN CORDIER ACADEMY
0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7
Source port Destination port Version IHL T.O.S. Total length www.jcacademy.com
Length Checksum Identification Flags Fragment offset
Data TTL Protocols=1 Header checksum
Source Address
Source port: Number of the port that initiates the session (2 bytes) Destination Address
TCP/IP
Destination port: Number of the port for which the
the transmision is destined (2 bytes) Options and Padding
Length: Size of UDP message (2 bytes)
Checksum: Checksum field (2 bytes) ICMP TYPE ICMP CODE Header checksum (IPv4)
Unused or depending on TYPE (see notes)
���������������� IP header + 8 octets of original datagram
reference card© v.2.0
7 Echo 67 DHCP server 520 RIP
9 Discard 68 DHCP client 646 MPLS
13 Daytime 69 TFTP
17 Qotd 123 NTP
19 Chargen 161 SNMP
53 DNS 162 SNMPtrap ������������������
≤1023: Well known applications
>1023: Proprietary applications
Type Code
0 0 Echo Reply
3 Destination Unreachable
���������������� 0 Network unreachable
1 Host unreachable
DIX Ethernet v2 2 Requested protocol unreachable
3 Port unreachable
DA SA E-TYPE DATA FCS 4 Fragmentation needed, but “Don’t Fragment
flag set”
IEEE 802.3 5 Source route has failed
6 Destination network unknown
00 00 00 E-TYPE 7 Destination host unknown
4 0 Source Quench
5 Redirect
IEEE 802.2 0 Redirect datagrams for network
SNAP DSAP AA SSAP AA Control SNAP DATA
1 Redirect datagrams for host
8 0 Echo Request
9 0 Router advertisement
IEEE 802.2 DSAP 06 SSAP 06 Control DATA 10 0 Router selection
11 Time Exceeded
0 Time-to-live exceeded
DA SA Length DATA FCS 1 fragment reassembly time exceeded
12 Parameter Problem
E-Type (Hex.) 0 Pointer indicates the error
1 Missing a required option
2 Bad length
08 00: IP(v4) 08 06: ARP 86 DD: IP(v6)
Important RFC’s Interesting links
RFC 768: User Datagram Protocol Standard Internet Assigned Numbers Authority (IANA) http://www.iana.org
RFC 791: Internet Protocol v4 Standard Internet Corporation for Assigned Names and Numbers
RFC 792: Internet Control Message Protocol Standard (ICANN) http://www.icann.org
RFC 793: Transmission Control Protocol Standard Réseaux IP Européens (RIPE) http://www.ripe.net
RFC 821: Simple Mail Transfer Protocol Standard American Registry for Internet Numbers (ARIN) http://www.arin.net
RFC 826: Ethernet Address Resolution Protocol Standard Asia Pacific Network Information Center (APNIC) http://www.apnic.net
RFC 854: Telnet Protocol Specifications Standard Internet Engineering Task Force (IETF) http://www.ietf.org
RFC 959: File Transfer Protocol Standard Institute of Electrical and Electronics Engineers (IEEE) http://www.ieee.org
RFC 1157: Simple Network Management Protocol Standard InterNIC http://rs.internic.net
RFC 3232: Assigned Numbers Informational Internet Architecture Board (IAB) http://www.iab.org
http://www.iana.org/numbers.html Internet Society (ISOC) http://www.isoc.org
RFC 1771: Border Gateway Protocol v4 Draft Standard Internet Software Consortium http://www.isc.org
RFC 2131: Dynamic Host Configuration Protocol Draft Standard World Wide Web Consortium http://www.w3c.org
RFC 2328: Open Shortest Path First v2 Standard Internet Mail Consortium http://www.imc.org
RFC 2453: Routing Information Protocol v2 Standard RFC Editor http://www.rfc-editor.org
RFC 2616: Hypertext Transfer Protocol 1.1 Draft Standard Telindus High-Tech Institute (THTI) http://www.thti.telindus.be
Search for RFC’s on http://www.rfc-editor.org
JOHN CORDIER ACADEMY
��������������������� �������������������������
0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7
Other
HTTP
DNS
FTP
�������������������� ������������������
32 bits 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7
IP Address Classes Source port: Number of the port that initiates the session (2 bytes)
Destination port: Number of the port for which the the transmision
Netnumber Host number is destined (2 bytes)
Sequence Number: Used to reconstruct the fragmented data out of
0-126 A 0 the segments (4 bytes)
Acknowledgement number: Used to acknowledge the receive of a segment (4 bytes)
128-191 B 10 Offset: Size of the TCP header (4 bits)
Reserved: Set to zero, reserved for future use (6 bits)
Flags: (6 bits) Enables the controle functions of urgent fields (URG, 1 bit)
192-223 C 110 Acknowledgment (ACK, 1 bit)
Push (PSH, 1 bit)
224-239 D 1110 Reset connection (RST, 1 bit)
Synchronisation of sequence numbers (SYN, 1 bit)
Finished sending data (FIN, 1 bit)
240-255 E 1111 Window Size: Used to exchange TCP buffer sizes (2 bytes)
Checksum: Checksum field (2 bytes)
8-bit Urgent pointer: Points to urgent data in the data field
Only valid if the urgent flag is set (2 bytes)
Number of networks Number of hosts Options and Padding:
Class A 126 16.777.214 (variable length) Options: Maximum segment size
Class B 16.384 65.534 TCP window scale
Selective acknowledgment
Class C 2.097.152 254 SACK-permited
TCP timestamps
Subnetmask
32 bits ����������������
IP Address 7 Echo 25 SMTP
9 Discard 53 DNS
NET SUBNET HOST 13 Daytime 80 HTTP
17 Qotd 110 POP3
19 Chargen 119 NNTP
Subnet Mask 20 FTP-data 179 BGP
11111111 11111111 11111111 00000000 21 FTP-control 143 IMAP ≤1023: Well known applications
22 SSH 389 LDAP >1023: Proprietary applications and
255 255 255 0 23 Telnet 443 HTTPs (s=over SSL) client applications
646 MPLS
������������������
0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7
Hardware type Protocol type Hardware type: Identifies the type of hardware interface (2 bytes)
Protocol Type: Identifies the type of protocol the
HLEN PLEN Operation sending device is using (2 bytes)
HLEN: Hardware Address Length (1 byte)
Sender HA (0-3) PLEN: Protocol Address Length (1 byte)
Sender HA (4-5) Sender IP (0-1) Operation: Request or reply (2 bytes)
Sender HA: Sender hardware address (6 bytes)
Sender IP (2-3) Target HA (0-1) Sender IP: Sender IP address (4 bytes)
Target HA: Target hardware address (6 bytes)
Target HA (2-5) Target IP: Target IP address (4 bytes)
Target IP (0-4)
V1.5
������������������ �������������������
Source port Destination port Version IHL T.O.S. Total length www.jcacademy.com
Length Checksum Identification Flags Fragment offset
TCP/IP
Destination port: Number of the port for which the
the transmision is destined (2 bytes) Options and Padding
Length: Size of UDP message (2 bytes)
Checksum: Checksum field (2 bytes) ICMP TYPE ICMP CODE Header checksum (IPv4)
Unused or depending on TYPE (see notes)
���������������� IP header + 8 octets of original datagram
reference card© v.2.0
VLAN Numbers
0 Reserved 1004 fdnet
1 default 1005 trnet
VLAN Creation
1002 fddi-default 1006-4094 Extended
Switch(config)# vlan 100 1003 tr 4095 Reserved
Switch(config-vlan)# name Engineering
Terminology
Access Port Configuration
Trunking · Extending multiple VLANs over the
Switch(config-if)# switchport mode access same physical connection
Switch(config-if)# switchport nonegotiate
Native VLAN · By default, frames in this VLAN are
Switch(config-if)# switchport access vlan 100
Switch(config-if)# switchport voice vlan 150 untagged when sent across a trunk
Access VLAN · The VLAN to which an access port is
Trunk Port Configuration assigned
Voice VLAN · If configured, enables minimal
Switch(config-if)# switchport mode trunk
Switch(config-if)# switchport trunk encapsulation dot1q trunking to support voice traffic in addition to data
Switch(config-if)# switchport trunk allowed vlan 10,100-200 traffic on an access port
Switch(config-if)# switchport trunk native vlan 10
Dynamic Trunking Protocol (DTP) · Can be used
to automatically establish trunks between capable
SVI Configuration
ports; carries a security risk
Switch(config)# interface vlan100 Switched Virtual Interface (SVI) · A virtual
Switch(config-if)# ip address 192.168.100.1 255.255.255.0 interface which provides a routed gateway into and
out of a VLAN
VLAN Trunking Protocol
Switch Port Modes
Domain · Common to all switches participating in VTP
trunk · Forms an unconditional trunk
Server Mode · Generates and propagates VTP advertisements to
clients; this mode is default on unconfigured switches dynamic desirable · Actively attempts to negotiate
a trunk with the distant end
Client Mode · Receives and forwards advertisements from servers;
VLANs cannot be manually configured on switches in client mode dynamic auto · Will form a trunk only if requested
by the distant end
Transparent Mode · Forwards advertisements but does not
participate in VTP; VLANs must be configured manually access · Will never form a trunk
Pruning · VLANs not having any access ports on an end switch are
Troubleshooting
removed from the trunk to reduce flooded traffic
show vlan
VTP Configuration
show interface status
Switch(config)# vtp mode server show interface switchport
Switch(config)# vtp domain LASVEGAS
Switch(config)# vtp password Presl3y show interface trunk
Switch(config)# vtp version 2
Switch(config)# vtp pruning show vtp status
show vtp password
Router A
interface Serial1/0
description Backbone to B
ip address 172.16.0.1 255.255.255.252
!
interface Serial1/1
description Backbone to C
ip address 172.16.0.5 255.255.255.252
!
interface FastEthernet2/0
description LAN
ip address 192.168.1.1 255.255.255.0
!
router bgp 65100
no synchronization
network 172.16.0.0 mask 255.255.255.252
network 172.16.0.4 mask 255.255.255.252
network 192.168.1.0
neighbor South peer-group
neighbor South remote-as 65200
neighbor 172.16.0.2 peer-group South
neighbor 172.16.0.6 peer-group South
no auto-summary
Router B Router C
Protocol Configuration
K2 0 3 Query
! Enable EIGRP
K3 1 4 Reply
router eigrp <ASN> K4 0 5 Hello
! Add interfaces to advertise K5 0 8 Acknowledge
network <IP address> <wildcard mask>
Terminology
! Configure K values
metric weights 0 <k1> <k2> <k3> <k4> <k5> Reported Distance · The metric for a route
advertised by a neighbor
! Disable automatic route summarization
no auto-summary Feasible Distance · The distance advertised by a
neighbor plus the cost to get to that neighbor
! Designate passive interfaces
passive-interface (<interface> | <default>) Stuck In Active (SIA) · The condition when a
route becomes unreachable and not all queries are
! Enable stub routing
eigrp stub [receive-only | connected | static | summary] answered; adjacencies with unresponsive neighbors
are reset
! Statically identify a neighboring router
neighbor <IP address> <interface> Passive Interface · An interface which does not
participate in EIGRP but whose network is
Interface Configuration advertised
! Set maximum bandwidth EIGRP can consume Stub Router · A router which does not relay
ip bandwidth-percent eigrp <percentage> updates between neighbors or participate in
querying
! Configure manual summarization of outbound advertisements
ip summary-address eigrp <ASN> <IP address> <mask> [<AD>]
Troubleshooting
! Enable MD5 authentication show ip eigrp interfaces
ip authentication mode eigrp <ASN> md5
ip authentication key-chain eigrp <ASN> <key-chain> show ip eigrp neighbors
! Configure hello and hold timers show ip eigrp topology
ip hello-interval eigrp <ASN> <seconds>
ip hold-time eigrp <ASN> <seconds> show ip eigrp traffic
Type 2 Network Link · Generated by a DR; lists all routers on an adjacent 3 Init 7 Loading
segment; flooded throughout an area 4 2-Way 8 Full
Type 3 Network Summary · Generated by an ABR and sent between
areas; point of summarization Router Types
Internal Router · All interfaces reside
Type 4 ASBR Summary · Injected by an ABR into the backbone to
advertise the presence of an ASBR within the same area
Backbone Router · A router with an
Type 5 External Link · Generated by an ASBR and flooded throughout the
AS to advertise a route external to OSPF interface in area 0 (the backbone)
Area Border Router (ABR) · Connects
Type 7 NSSA External Link · Generated by an ASBR in a not-so-stubby
area; converted into a type 5 LSA by the ABR two or more areas
AS Boundary Router (ASBR) · Connects
DR/BDR Election Virtual Links to additional routing domains; typically
· The DR serves as a common point for all · Tunnel formed to join two located in the backbone
adjacencies on a multiaccess segment areas across an intermediate
Area Types
· The BDR also maintains adjacencies with · Both end routers must share a
all routers in case the DR fails common area Standard Area · Default OSPF area type
· Election does not occur on point-to-point · At least one end must reside Stub Area · External summary route (type
or multipoint links in area 0 5) LSAs are replaced by the ABR with a
default route
· Default priority (0-255) is 1; highest · Cannot traverse stub areas
priority wins; 0 cannot be elected Totally Stubby Area · A stub area which
· Temporary solution; not also replaces summary (type 3 and 4) LSAs
· DR preemption will not occur unless the considered best practice with a default route
current DR is reset
Not So Stubby Area (NSSA) · A stubby
Troubleshooting area containing an ASBR; type 5 LSAs are
converted to type 7 within the area
show ip route show ip ospf border-routers
show ip protocols show ip ospf virtual-links External Route Types
E1 · Cost of the path to the originating
show ip ospf interface debug ip packet
ASBR is added to the route cost
show ip ospf neighbor debug ip ospf events
E2 (default) · Only the cost of the route as
show ip ospf database debug ip ospf adjacency seen by the ASBR is considered
Network Types
Nonbroadcast Multipoint Multipoint Broadcast Point-to-Point
(NBMA) Broadcast Nonbroadcast
DR/BDR Eelected Yes No No Yes No
Neighbor Discovery No Yes No Yes Yes
Hello/Dead Timers 30/120 30/120 30/120 10/40 10/40
Standard RFC 2328 RFC 2328 Cisco Cisco Cisco
Supported Topology Full Mesh Any Any Full Mesh Point-to-Point
Configuration Example
RouterA
interface Serial0/0
description WAN Link
ip address 172.16.34.2 255.255.255.252
!
interface FastEthernet0/0
description Area 0
ip address 192.168.0.1 255.255.255.0
!
interface Loopback0
! Used as router ID
ip address 10.0.34.1 255.255.255.0
!
router ospf 100
! Advertising the WAN cloud to OSPF
redistribute static subnets
network 192.168.0.0 0.0.0.255 area 0
!
! Static route to the WAN cloud
ip route 172.16.0.0 255.255.192.0 172.16.34.1
RouterB RouterC
IOS Filename
Recommended IOS
800, 1700, 2600, 2800, 3700, 3800 12.4 / 12.4T
Catalyst 2960, 3560, 3750 12.2SE
Catalyst 4500 and 4900 12.2SG
Catalyst 6500 12.2SX
7200, 7301 routers 12.4 / 12.4T / 12.2SB
7304 routers 12.2SB
7500 routers 12.4 / 12.0S
10000 routers 12.2SB
7600 routers 12.2SR
IOS Verification
Router# show version
Router# dir <filesystem>:
Router# verify <filesystem>:<image>
! Legacy syntax
access-list <number> {permit | deny} <protocol> <source> [<ports>] <destination> [<ports>] [<options>]
! Modern syntax
ip access-list extended {<number> | <name>}
[<sequence>] {permit | deny} <protocol> <source> [<ports>] <destination> [<ports>] [<options>]
RJ-45
ST (Straight Tip)
1000Base-SX/LX
RJ-11
SC (Subscriber Connector)
1000Base-T
RJ-21 (25-pair)
LC (Local Connector)
Cisco GigaStack
MT-RJ
1000Base-SX/LX SFP
DB-25 (Male)
RP-SMA
DB-60 (Male)
X2 (10Gig)
Terminology
CIDR · Classless interdomain routing was developed to VLSM · Variable length subnet masks are an arbitrary length
provide more granularity than legacy classful addressing; between 0 and 32 bits; CIDR relies on VLSMs to define routes
masks expressed in the form /XX are in CIDR notation
Ethernet ARP
eth.addr eth.len eth.src arp.dst.hw_mac arp.proto.size
eth.dst eth.lg eth.trailer arp.dst.proto_ipv4 arp.proto.type
eth.ig eth.multicast eth.type arp.hw.size arp.src.hw_mac
arp.hw.type arp.src.proto_ipv4
IEEE 802.1Q
arp.opcode
vlan.cfi vlan.id vlan.priority
vlan.etype vlan.len vlan.trailer TCP
tcp.ack tcp.options.qs
IPv4
tcp.checksum tcp.options.sack
ip.addr ip.fragment.overlap.conflict
tcp.checksum_bad tcp.options.sack_le
ip.checksum ip.fragment.toolongfragment
tcp.checksum_good tcp.options.sack_perm
ip.checksum_bad ip.fragments
tcp.continuation_to tcp.options.sack_re
ip.checksum_good ip.hdr_len
tcp.dstport tcp.options.time_stamp
ip.dsfield ip.host
tcp.flags tcp.options.wscale
ip.dsfield.ce ip.id
tcp.flags.ack tcp.options.wscale_val
ip.dsfield.dscp ip.len
tcp.flags.cwr tcp.pdu.last_frame
ip.dsfield.ect ip.proto
tcp.flags.ecn tcp.pdu.size
ip.dst ip.reassembled_in
tcp.flags.fin tcp.pdu.time
ip.dst_host ip.src
tcp.flags.push tcp.port
ip.flags ip.src_host
tcp.flags.reset tcp.reassembled_in
ip.flags.df ip.tos
tcp.flags.syn tcp.segment
ip.flags.mf ip.tos.cost
tcp.flags.urg tcp.segment.error
ip.flags.rb ip.tos.delay
tcp.hdr_len tcp.segment.multipletails
ip.frag_offset ip.tos.precedence
tcp.len tcp.segment.overlap
ip.fragment ip.tos.reliability
tcp.nxtseq tcp.segment.overlap.conflict
ip.fragment.error ip.tos.throughput
tcp.options tcp.segment.toolongfragment
ip.fragment.multipletails ip.ttl
tcp.options.cc tcp.segments
ip.fragment.overlap ip.version
tcp.options.ccecho tcp.seq
IPv6 tcp.options.ccnew tcp.srcport
ipv6.addr ipv6.hop_opt tcp.options.echo tcp.time_delta
ipv6.class ipv6.host tcp.options.echo_reply tcp.time_relative
ipv6.dst ipv6.mipv6_home_address tcp.options.md5 tcp.urgent_pointer
ipv6.dst_host ipv6.mipv6_length tcp.options.mss tcp.window_size
ipv6.dst_opt ipv6.mipv6_type tcp.options.mss_val
ipv6.flow ipv6.nxt
UDP
ipv6.fragment ipv6.opt.pad1
udp.checksum udp.dstport udp.srcport
ipv6.fragment.error ipv6.opt.padn
udp.checksum_bad udp.length
ipv6.fragment.more ipv6.plen
udp.checksum_good udp.port
ipv6.fragment.multipletails ipv6.reassembled_in
ipv6.fragment.offset ipv6.routing_hdr Operators Logic
ipv6.fragment.overlap ipv6.routing_hdr.addr eq == and && Logical AND
ipv6.fragment.overlap.conflict ipv6.routing_hdr.left ne != or || Logical OR
ipv6.fragment.toolongfragment ipv6.routing_hdr.type gt >
xor ^^ Logical XOR
ipv6.fragments ipv6.src lt <
not ! Logical NOT
ipv6.fragment.id ipv6.src_host ge >=
ipv6.hlim ipv6.version le <= [n] [...] Substring operator
MPLS BGP
mpls.bottom mpls.oam.defect_location bgp.aggregator_as bgp.mp_reach_nlri_ipv4_prefix
mpls.cw.control mpls.oam.defect_type bgp.aggregator_origin bgp.mp_unreach_nlri_ipv4_prefix
mpls.cw.res mpls.oam.frequency bgp.as_path bgp.multi_exit_disc
mpls.exp mpls.oam.function_type bgp.cluster_identifier bgp.next_hop
mpls.label mpls.oam.ttsi bgp.cluster_list bgp.nlri_prefix
mpls.oam.bip16 mpls.ttl bgp.community_as bgp.origin
bgp.community_value bgp.originator_id
ICMP
bgp.local_pref bgp.type
icmp.checksum icmp.ident icmp.seq
bgp.mp_nlri_tnl_id bgp.withdrawn_prefix
icmp.checksum_bad icmp.mtu icmp.type
icmp.code icmp.redir_gw HTTP
http.accept http.proxy_authorization
DTP
http.accept_encoding http.proxy_connect_host
dtp.neighbor dtp.tlv_type vtp.neighbor
http.accept_language http.proxy_connect_port
dtp.tlv_len dtp.version
http.authbasic http.referer
VTP http.authorization http.request
vtp.code vtp.vlan_info.802_10_index http.cache_control http.request.method
vtp.conf_rev_num vtp.vlan_info.isl_vlan_id http.connection http.request.uri
vtp.followers vtp.vlan_info.len http.content_encoding http.request.version
vtp.md vtp.vlan_info.mtu_size http.content_length http.response
vtp.md5_digest vtp.vlan_info.status.vlan_susp http.content_type http.response.code
vtp.md_len vtp.vlan_info.tlv_len http.cookie http.server
vtp.seq_num vtp.vlan_info.tlv_type http.date http.set_cookie
vtp.start_value vtp.vlan_info.vlan_name http.host http.transfer_encoding
vtp.upd_id vtp.vlan_info.vlan_name_len http.last_modified http.user_agent
vtp.upd_ts vtp.vlan_info.vlan_type http.location http.www_authenticate
vtp.version http.notification http.x_forwarded_for
http.proxy_authenticate
useradd, userdel, create, delete, modify an new user or update ifconfig PRINTER Environment variable of default printer.
/sbin/route add -net ${NETWORK} netmask
usermod default new user information.. ${NETMASK} eth0 /dev/lp0 parallel port.
newusers update and create new users (batch mode).
/sbin/route add default gw ${GATEWAY} netmask Commands
groupadd, groupdel, add, delete or modify group. 0.0.0.0 metric 1
groupmod line printer control program, print queue
lpc, lpq, lprm maintain
host lookup host name or IP (similar to nslookup).
modify account policy (password length,
expire data etc.) or finger information (full dnsdomainname show DNS domain name.
chage. ch fn, chsh
name, phone number etc.) change default login arping; arp find out Ethernet address by first arping then arp. Sendmail
shell.
ipchains firewall and NAT (/etc/sysconfig/ipchains on Redhat) Files
gain root access during boot prompt without
linux init=/bin/sh rw iptables firewall and NAT (/etc/sysconfig/iptables on Redhat)
password, can be used to fix some problems. “sendmail.cf” is the configuration file. “sendmail.mc” is
mount –w -n –o remount / sendmail.cf a macro file which can be used to generate “sendmail.cf”
sendmail.mc by: m4 sendmail.mc > sendmail.cf
Redhat files in /etc/sysconfig
mail aliases, must run “newaliases” after change. use
Network Configuration Configuration Files aliases :include: to include external list in a file.
Files keyboard map, e.g., mail access control, FEATURE(access_db) should be set
keyboard KEYBOARD=”/usr/lib/kdb/keytables/us.map” in sendmail.mc. For example, in /etc/mail/access
/etc/rc.d/rc.inet1
(Slackware) IP address, Network mask, Default gateway cyberpromo.com REJECT
Mouse type, e.g.,
/etc/sysconfig/nework- are in these files. May edit manually to access mydomain.com RELAY
mouse MOUSETYPE=Microsoft spam@somewhere.com DISCARD
scripts/ifcfg-eth0 (Redhat) modify network parameters. XEMU3=yes
network settings, contains makemap hash /etc/mail/access < /etc/mail/access
/etc/HOSTNAME hostname is set by “/bin/hostname” during network NETWORKING=yes
/etc/mail/relay- list all host/domain accepted for relaying.
domains Manage Modules crontab show or edit cron jobs.
Files /etc/shells allowed login shells save a man page as a text file and remove control
man cmd | col –b
characters.
/etc/ftpusers user names NOT allowed to use ftp. >cmd.txt
httpd.conf Apache web server configuration file.
/etc/host.allow
smb.conf Samba server (file and print for Windows).
/etc/host.deny
TCP wrapper host control files. Configure Apache 2.0 with SSL
lilo.conf LILO boot loder configuration file. mod_ssl
/etc/sysconfig contains system configuration files.
syslog.conf System log daemon (syslogd) configuration. (redhat) (1) when compile apache, specify –enable-ssl for configure script.
ssh_config SSH client and server configuration files. /dev/fd0 floppy drive A By default, ssl is not enabled. After compiling, use “httpd –l”
sshd_config to list the modules. “mod_ssl” should be in them.
/etc/inittab system run level control file. (2) generate private key with command:
ld.so.conf default dynamic library search path (run /etc/init.d openssl genrsa -out server.key 1024
ldconfig).
mtool configuration file (access DOS file).
Commands (3) generate certificate request
mtools.conf
fromdos, todos openssl req -new -key server.key -out server.csr
named.conf DNS name server (BIND).
(Slackware)
sysctl.conf kernel parameters by sysctl (Redhat). dos2unix, convert text file from/to linux format. (4) generate self-signed certificate
unix2dos openssl x509 -req -days 60 -in server.csr -signkey server.key -out
ntp.conf net time server. server.crt
(Redhat)
inetd.conf Internet super server.
pwck, grpck verify integrity of password and group files. (5) modify “ssl.conf” which is included in “httpd.conf”. Note,
Xinetd.conf, Xinet.d Extended inetd configuration. specify “httpd –DSSL”, otherwise, commented out <IfDefine SSL>
pwconv,
directory in ssl.conf.
pwunconv, convert to and from shadow passwords and groups.
proftpd.conf proftpd FTP server. grpconv,
amanda.conf network backup server. grpuncov
shadowconfig toggle shadow passwords on and off.
Syslog.conf
/etc/pine.conf PINE mail client system wide settings.
/etc/pine.conf.fixed quota, Each line consists of a selector and an action. A selector has two parts:
edquota, facilities and priorites, separated by a period (.),You may precede every
quotacheck, priority with an equation sign (``='') to specify only this single priority
Manage disk quota.
Rebuild Kernel quotaon, and not any of the above. You may also (both is valid, too) precede the
quotaoff, priority with an exclamation mark (``!'') to ignore all that priorities, either
Configure Kernel Parameters repquota, exact this one or this and any higher priority.
make config Configuring the kernel with interactive, menu lilo -D dos set LILO default OS (default=dos in lilo.conf) Example:
make menuconfig mail.notice /var/log/mail # log to a file
or X window interface. ldd find out shared library dependencies. *.emerg @myhost.mydomain.org # log to remote host
make xconfig
lsof list opened files.
Compile Kernel Source auth, auth-priv, cron, daemon, kern, lpr, mail, mark,
fuser filename show processes that using the file.
facilities news, syslog, user, uucp, local0 – local7.
make dep
ifdown bring up/down a network interface (Redhat)
make zImage priorities debug, info, notice, warning, err, crit, alert, emerg.
Building and installing a new kernel. ifup
make zdisk
make zlilo sysctl configure kernel parameters (Redhat). Regular File:
action File with full pathname beginning with “/”.
make bzImage list opened socked.
socklist
Compile Modules Terminal and Console:
shutdown [–r|h] Specify a tty, same with /dev/console.
now reboot / halt computer
make modules Building and installing modules. Remote Machine:
make modules_install @myhost.mydomain.org
nmap scan a host for opened ports.
IPtables (Netfilter) -insert | -I Inserts a rule in a chain at a particular point. X Window (XFree86)
Command Syntax Other commands: Files
(1) --new | -N (2) --delete | -D (3) --replace | -D (4) --zero | -Z To set screen resolution, in “Screen” section and Subsection “Display”,
iptables [-t <table >] <command > <chain > <parameters> (5) –check | -C (6) delete-chain | -X (7) rename-chain | -E specify a mode. For example: Modes “1024x768”
Save and Restore rules
/sbin/iptables-save > /etc/sysconfig/iptables Parameters To specify screen refresh rate, in “Monitor” section, specify vertical rate.
/sbin/iptables-restore < /etc/sysconfig/iptables For example: VertRefresh 70-120
--proto | -p [!] name protocol: by number or name, including tcp,
Firewall script sample udp, icmp or all. /etc/X11/xinit/xinitrc clients to run after X server started
http://tiger.la.asu.edu/iptables_examples.htm $HOME/.xinitrc
--source | -s [!] addr/mask source IP address.
/etc/X11/fs/config configure X11 font path (font server).
Build-in Table --destination | -d addr/mask destination IP address.
filter This is the default table for handling network packets. Build- --in-interface | -i incoming interface name, e.g. eth0 or ppp0. Commands
in chains are: outgoing interface name. startx start X window system.
--out-interface | -o
1. INPUT — This chain applies to packets received
via a network interface. --jump | -j jump to a particular target when matching a Xconfigurator
2. OUTPUT — This chain applies to packets sent rule. Standard options: ACCEPT, DROP, (Redhat)
out via the same network interface which received QUEUE, RETURN, REJECT. May jump xfree86setup setup X server and generate XF86config.
the packets. to a user defined chain. (Slackware)
3. FORWARD — This chain applies to packets xf86config
--fragment | -f match second or further fragments only.
received on one network interface and sent out on XFreee86 auto configuration (Plug-n-Play),
XFree86 -configure
Options for TCP and UDP protocol
another. generate a template named “XF86Config.new”
nat This table used to alter packets that create a new connection. Ctrl+Alt+Del stop X server (on some system Ctrl+Alt+ESC).
Build-in chains: --sport | --source-port source and/or destination port. Can specify a
1. PREROUTING — This chain alters packets Ctrl+Alt+F1 F1 temporary switch to text mode, F7 switch
--dport | destination-port range like 0:65535, use exclamation back to graphic mode.
received via a network interface when they arrive. Ctrl+Alt+F7
character (!) to NOT match ports.
2. OUTPUT — This chain alters locally -generated SuperProbe detect graphic hardware.
packets before they are routed via a network
interface.
Options for TCP only xvidtune adjust X server origin and size.
3. POSTROUTING — This chain alters packets --syn Match SYN packets. xmodmap modifying key map and mouse button map.
before they are sent out via a network interface. xhost server access control program for X.
## Masquerade everything out ppp0. --tcp-flags Match TCP packets with specific bits set. For example, -p
iptables -t nat -A POSTROUTING -o ppp0 -j tcp –tcp-flags ACK,FIN,SYN SYN will only match TCP xsetroot root window parameter setting utility for X.
MASQUERADE packets that have the SYN flag set and the ACK and FIN
flags unset. xlsfonts server font list displayer for X.
## Change source addresses to 1.2.3.4. xset ser preference utility for X.
iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to Options for ICMP only
1.2.3.4
--icmp-type [!] type Match specified ICMP type. Valid ICMP type can be XF86Config
mangle This table is used for specific types of packet alteration. list by
Build-in chains:
iptables –p icmp -h
1. PREROUTING — This chain alters packets
ServerLayout Section
ServerLayout section binds a Screen section and one or more InputSection
to form a complete configuration. The active ServerLayout section is
specified in ServerFlags. If not, the first ServerLayout section is active. If no
ServerLayout sections are present, the single active screen and two active
(core) input devices are selected as described in the relevant sections.
Unix/Linux Command Reference .com
File Commands System Info
ls – directory listing date – show the current date and time
ls -al – formatted listing with hidden files cal – show this month's calendar
cd dir - change directory to dir uptime – show current uptime
cd – change to home w – display who is online
pwd – show current directory whoami – who you are logged in as
mkdir dir – create a directory dir finger user – display information about user
rm file – delete file uname -a – show kernel information
rm -r dir – delete directory dir cat /proc/cpuinfo – cpu information
rm -f file – force remove file cat /proc/meminfo – memory information
rm -rf dir – force remove directory dir * man command – show the manual for command
cp file1 file2 – copy file1 to file2 df – show disk usage
cp -r dir1 dir2 – copy dir1 to dir2; create dir2 if it du – show directory space usage
doesn't exist free – show memory and swap usage
mv file1 file2 – rename or move file1 to file2 whereis app – show possible locations of app
if file2 is an existing directory, moves file1 into which app – show which app will be run by default
directory file2
ln -s file link – create symbolic link link to file Compression
touch file – create or update file tar cf file.tar files – create a tar named
cat > file – places standard input into file file.tar containing files
more file – output the contents of file tar xf file.tar – extract the files from file.tar
head file – output the first 10 lines of file tar czf file.tar.gz files – create a tar with
tail file – output the last 10 lines of file Gzip compression
tail -f file – output the contents of file as it tar xzf file.tar.gz – extract a tar using Gzip
grows, starting with the last 10 lines tar cjf file.tar.bz2 – create a tar with Bzip2
compression
Process Management tar xjf file.tar.bz2 – extract a tar using Bzip2
ps – display your currently active processes gzip file – compresses file and renames it to
top – display all running processes file.gz
kill pid – kill process id pid gzip -d file.gz – decompresses file.gz back to
killall proc – kill all processes named proc * file
bg – lists stopped or background jobs; resume a
stopped job in the background Network
fg – brings the most recent job to foreground ping host – ping host and output results
fg n – brings job n to the foreground whois domain – get whois information for domain
File Permissions dig domain – get DNS information for domain
dig -x host – reverse lookup host
chmod octal file – change the permissions of file
wget file – download file
to octal, which can be found separately for user,
wget -c file – continue a stopped download
group, and world by adding:
● 4 – read (r) Installation
● 2 – write (w) Install from source:
● 1 – execute (x) ./configure
Examples: make
chmod 777 – read, write, execute for all make install
chmod 755 – rwx for owner, rx for group and world dpkg -i pkg.deb – install a package (Debian)
For more options, see man chmod. rpm -Uvh pkg.rpm – install a package (RPM)
SSH
ssh user@host – connect to host as user Shortcuts
ssh -p port user@host – connect to host on port Ctrl+C – halts the current command
port as user Ctrl+Z – stops the current command, resume with
ssh-copy-id user@host – add your key to host for fg in the foreground or bg in the background
user to enable a keyed or passwordless login Ctrl+D – log out of current session, similar to exit
Ctrl+W – erases one word in the current line
Searching Ctrl+U – erases the whole line
grep pattern files – search for pattern in files Ctrl+R – type to bring up a recent command
grep -r pattern dir – search recursively for !! - repeats the last command
pattern in dir exit – log out of current session
command | grep pattern – search for pattern in the
output of command
locate file – find all instances of file * use with extreme caution.
THE ONE PAGE LINUX MANUAL
A summary of useful Linux commands
Version 3.0 May 1999 squadron@powerup.com.au
mount -t vfat /dev/hda1 Mount hard disk “a” as a tail -20 filetoview Display the last 20 lines of the file
VFAT file system and call it called filetoview
/mnt/cdrive
cdrive under the /mnt
directory Installing software for Linux
umount /mnt/cdrom Unmount the cdrom
rpm -ihv name.rpm Install the rpm package called name
Finding files and text within files rpm -Uhv name.rpm Upgrade the rpm package called
name
find / -name fname Starting with the root directory, look
rpm -e package Delete the rpm package called
for the file called fname package
find / -name ”*fname*” Starting with the root directory, look
rpm -l package List the files in the package called
for the file containing the string fname package
locate missingfilename Find a file called missingfilename
rpm -ql package List the files and state the installed
using the locate command - this version of the package called
assumes you have already used the package
command updatedb (see next)
rpm -i --force package Reinstall the rpm package called
updatedb Create or update the database of files name having deleted parts of it (not
on all file systems attached to the linux deleting using rpm -e)
root directory
tar -zxvf archive.tar.gz or Decompress the files contained in
which missingfilename Show the subdirectory containing the tar -zxvf archive.tgz the zipped and tarred archive called
executable file called missingfilename archive
grep textstringtofind Starting with the directory called dir , ./configure Execute the script preparing the
/dir look for and list all files containing installed files for compiling
textstringtofind
Moving, copying, deleting & viewing files Little known tips and tricks
ifconfig List ip addresses for all devices on
ls -l List files in current directory using
long format the machine
ls -F List files in current directory and apropos subject List manual pages for subject
indicate the file type usermount Executes graphical application for
ls -laC List all files in current directory in mounting and unmounting file
long format and display in columns systems
/sbin/e2fsck hda5 Execute the filesystem check utility
on partition hda5
File permissions
fdformat /dev/fd0H1440 Format the floppy disk in device fd0
tar -cMf /dev/fd0 Backup the contents of the current
directory and subdirectories to
multiple floppy disks
tail -f /var/log/messages Display the last 10 lines of the system
log.
cat /var/log/dmesg Display the file containing the boot
time messages - useful for locating
problems. Alternatively, use the
dmesg command.
* wildcard - represents everything. eg.
cp from/* to will copy all files in the
from directory to the to directory
? Single character wildcard. eg.
cp config.? /configs will copy all files
beginning with the name config. in
the current directory to the directory If the command ls -l is given, a long list of file names is
named configs. displayed. The first column in this list details the permissions
applying to the file. If a permission is missing for a owner,
[xyz] Choice of character wildcards. eg.
group of other, it is represented by - eg. drwxr-x—x
ls [xyz]* will list all files in the current
directory starting with the letter x, y, Read = 4 File permissions are altered by giving the
or z. Write = 2 chmod command and the appropriate
octal code for each user type. eg
linux single At the lilo prompt, start in single user Execute = 1
mode. This is useful if you have chmod 7 6 4 filename will make the file
forgotten your password. Boot in called filename R+W+X for the owner,
single user mode, then run the R+W for the group and R for others.
passwd command. chmod 7 5 5 Full permission for the owner, read and
ps List current processes execute access for the group and others.
kill 123 Kill a specific process eg. kill 123 chmod +x filename Make the file called filename executable
to all users.
1 Area Addresses Hello, LSP 6 IS Neighbors Hello, L2 LSP 128 IP Internal Reach. LSP
2 IS Neighbors LSP 8 Padding Hello 129 Protocols Supported Hello, LSP
3 ES Neighbors L1 LSP 9 LSP Entries SNP 131 IDRPI SNP, L2 LSP
5 Prefix Neighbors L2 LSP 10 Authentication All 132 IP Interface Address Hello, LSP
Configuration Example
Area 1 Router A2
192.168.1.0/24 interface FastEthernet0/0
description Area 1
ip address 192.168.1.2 255.255.255.0
A3 ip router isis
A2 isis circuit-type level-1
!
router isis
A1 net 49.0001.0000.0000.00a2.00
10
0
/3
.0
Router B2
.0
.0
Area 2 Area 3
0
.4/
interface FastEthernet0/0
.0.
192.168.2.0/24 192.168.3.0/24
10
30
description Area 2
ip address 192.168.2.2 255.255.255.0
ip router isis
B2 C2 isis circuit-type level-1
10.0.0.8/30 !
B1 C1 router isis
B3 net 49.0002.0000.0000.00b2.00
C3
Router A1 Router B1
interface FastEthernet0/0 interface FastEthernet0/0
description Area 1 description Area 2
ip address 192.168.1.1 255.255.255.0 ip address 192.168.2.1 255.255.255.0
ip router isis ip router isis
isis circuit-type level-1 isis circuit-type level-1
! !
interface Serial1/0 interface Serial1/0
no ip address no ip address
encapsulation frame-relay encapsulation frame-relay
! !
interface Serial1/0.1 point-to-point interface Serial1/0.1 point-to-point
description To Area 2 description To Area 1
ip address 10.0.0.1 255.255.255.252 ip address 10.0.0.2 255.255.255.252
ip router isis ip router isis
isis circuit-type level-2-only isis circuit-type level-2-only
! MD5 authentication (keychain not shown) ! MD5 authentication (keychain not shown)
isis authentication mode md5 isis authentication mode md5
isis authentication key-chain <keychain> isis authentication key-chain <keychain>
frame-relay interface-dlci 101 frame-relay interface-dlci 101
! !
interface Serial1/0.2 point-to-point interface Serial1/0.2 point-to-point
description To Area 3 description To Area 3
ip address 10.0.0.5 255.255.255.252 ip address 10.0.0.9 255.255.255.252
ip router isis ip router isis
isis circuit-type level-2-only isis circuit-type level-2-only
frame-relay interface-dlci 102 frame-relay interface-dlci 103
! !
router isis router isis
net 49.0001.0000.0000.00a1.00 net 49.0002.0000.0000.00b1.00
Traffic Class (3 bits) · CoS-mapped QoS marking Hello Address 224.0.0.2 255.255.255.255
Bottom of Stack (1 bit) · Indicates label is last in the stack Hello Port UDP/646 UDP/711
Time To Live (8 bits) · Hop counter mapped from IP TTL Adjacency Port TCP/646 TCP/711
Terminology
Provider Network
Label Distribution Protocol (LDP)
PE P PE Standards-based label distribution protocol
P
defined in RFC 3036
Troubleshooting
show mpls interfaces show mpls ldp bindings [detail] (LIB) show ip cef [detail] (FIB)
show mpls ldp neighbors show mpls forwarding-table [detail] (LFIB) debug mpls […]