21 nov. 2011

Protocol Independent Routing commands


Configuring Static Routes
Router(config)# ip route prefix mask {ip-address | interface-type interface-number [ip-address]} [distance] [name] [permanent | track number] [tag tag]

Specifying a Default Network
If a router has a directly connected interface onto the specified default network, the dynamic routing protocols running on that device will generate or source a default route. In the case of RIP, the router will advertise the pseudonetwork 0.0.0.0. In the case of EIGRP, the network itself is advertised and flagged as an external route.
Router(config)# ip default-network network-number

Changing the Maximum Number of Paths
Most IP routing protocols install a maximum of four parallel routes in a routing table. Static routes always install six routes. The exception is BGP, which by default allows only one path (the best path) to a destination.
In router configuration mode:
Router(config-router)# maximum-paths number-paths

Preventing Routing Updates Through an Interface
You can keep routing update messages from being sent through a router interface.
In OSPF, the passive interface appears as a stub network. OSPF routing information is neither sent nor received.
In IS-IS, the specified IP addresses are advertised without actually running IS-IS on those interfaces.

Router(config-router)# passive-interface interface-type interface-number
To set all interfaces as passive by default:
Router(config-router)# passive-interface default

Controlling the Advertising of Routes in Routing Updates
Suppress routes from being advertised in routing updates using:

Router(config-router)# distribute-list {access-list-number | access-list-name} out [interface-name | routing-process | as-number]

OSPF: cannot specify an interface name, applies only to external routes (E1, E2).

Controlling the Processing of Routing Updates
To avoid processing certain routes listed in incoming updates.
Router(config-router)# distribute-list {access-list-number | access-list-name} in [interface-type interface-number]

Does not apply to OSPF or IS-IS.

Filtering Sources of Routing Information
Router(config-router)# distance ip-address wildcard- mask [ip-standard-acl | ip-extended-acl | access-list-name]

Enabling Policy-Based Routing
Router(config-if)# ip policy route-map map-tag

Define the criteria by which packets are examined:
Router(config)# route-map map-tag [permit | deny] [sequence-number]
Router(config-route-map)# match length minimum-length maximum-length
Router(config-route-map)# match ip address {access-list-number | access-list-name} [access-list-number | access-list-name]

To set the precedence and specify where the packets (that pass) are output:
Router(config-route-map)# set ip precedence {number | name}
Router(config-route-map)# set ip next-hop ip-address [ip-address]
Router(config-route-map)# set interface interface-type interface-number [... interface-type interface-number]
Router(config-route-map)# set ip default next-hop ip-address [ip-address]
Router(config-route-map)# set default interface interface-type interface-number [... interface-type interface-number

The set ip next-hop and set ip default next-hop commands are similar but have a different order of operation:
  • Configuring the set ip next-hop command causes the system to use policy routing first and then use the routing table.
  • Configuring the set ip default next-hop causes the system to use the routing table first and then policy-route the specified next hop.

To display the cache entries in the policy route cache, use the show ip cache policy command.

Enabling Fast-Switched Policy Routing
Fast-switched policy routing supports all of the match commands and most of the set commands, except for the following restrictions:
The set ip default command is not supported.
The set interface command is supported only over point-to-point links
Router(config-if)# ip route-cache policy

Enabling Local Policy Routing
All packets originating on the router will then be subject to local policy routing.
Router(config)# ip local policy route-map map-tag

QoS Policy Propagation via BGP Configuration

Configuring QoS Policy Propagation Based on Community Lists
Router(config)# route-map route-map-name [permit | deny [sequence-number]]
Router(config-route-map)# match community-list community-list-number [exact]
Router(config-route-map)# set ip precedence [number | name]
Router(config-route-map)# exit

Router(config)# router bgp autonomous-system
Router(config-router)# table-map route-map-name
Router(config-router)# ip community-list community-list-number {permit | deny} community-number
Router(config-router)# exit
Router(config)# interface interface-type interface-number
Router(config-if)# bgp-policy {source | destination} ip-prec-map

Configuring QoS Policy Propagation Based on the Autonomous System Path Attribute
Router(config)# route-map route-map-name [permit | deny [sequence-number]]
Router(config-route-map)# match as-path path-list-number
Router(config-route-map)# set ip precedence [number | name]
Router(config-route-map)# exit
Router(config)# router bgp autonomous-system
Router(config-router)# table-map route-map-name
Router(config-router)# ip as-path access-list access-list-number {permit | deny} as-regular-expression
Router(config-router)# exit
Router(config)# interface interface-type interface-number
Router(config-if)# bgp-policy {source | destination} ip-prec-map

Configuring QoS Policy Propagation Based on an Access List - INCOMPLETE
Router(config)# route-map route-map-name [permit | deny [sequence-number]]
Router(config-route-map)# match ip address access-list-number
Router(config-route-map)# set ip precedence [number | name]
Router(config-route-map)# exit
Router(config)# router bgp autonomous-system
Router(config-router)# table-map route-map-name
Router(config-router)# exit
Router(config)# access-list access-list-number {permit | deny} source
Router(config)# interface interface-type interface-number

Table-map: Modifies the metric and tag values when the IP routing table is updated with BGP learned routes.

Examples:
Router A learns routes from autonomous system 10 and autonomous system 60. QoS policy is applied to all packets that match the defined route maps. Any packets from Router A to autonomous system 10 or autonomous system 60 are sent the appropriate QoS policy, as the numbered steps indicate.



Managing Authentication Keys
Router(config)# key chain name-of-chain
Router(config-keychain)# key number
Router(config-keychain-key)# key-string text
Router(config-keychain-key)# accept-lifetime start-time {infinite | end-time | duration seconds}
Specifies the time period during which the key can be received.

Router(config-keychain-key)# send-lifetime start-time {infinite | end-time | duration seconds}
Specifies the time period during which the key can be sent.

Examples:
Router(config)# key chain trees
Router(config-keychain)# key 1
Router(config-keychain-key)# key-string willow
Router(config-keychain-key)# key 2
Router(config-keychain-key)# key-string chestnut
Router(config-keychain-key)# accept-lifetime 00:00:00 Dec 5 2004 23:59:59 Dec 5 2005
Router(config-keychain-key)# send-lifetime 06:00:00 Dec 5 2004 18:00:00 Dec 5 2005
Router(config-keychain-key)# exit
Router(config-keychain)# exit
-
Libellés : ,

NTP - ACL

NTP - Network Time Protocol Packet types: -  Control messages : don't bother with this. -  NTP request/update messages: used for time sy...

  • Create a loopback Interface on MacOS
    Create a loopback Interface on MacOS X: ifconfig lo0 alias 172.16.123.1  will add an alias IP 172.16.123.1 to the loopback adapter ifconf...
  • Unicast Reverse Path Forwarding (uRPF)
    Unicast Reverse Path Forwarding (uRPF) uRPF est une feature permettant d'éviter l'IP Spoofing. Lorsque urpf est activé sur une in...
  • OSPF Authentication #1
    Three authentication modes: 0 - null, no authentication 1 - clear-text 2 - md5 Per interface authentication r1(config)# interface s1/...