Posts Tagged ‘tips and tricks’

3 Tips On How to Solve The Need for Network Redundancy

Saturday, October 4th, 2008

Take a look at these tips for solving redundancy in a Cisco based network!

HSRP is the Hot Standby Router Protocol.

Most client hosts do not run any dynamic routing, and is seemingly prone to a single point of failure in the event of a router failure.

With HSRP running on two routers, the actual gateway IP address is bound to a virtual MAC address. The active HSRP router will respond to frames destined for the virtual MAC address, and redundancy is provided.

Configuration of HSRP in Cisco IOS

Enter interface configuration

Router(config)# interface fastethernet 0/0

Set an IP address

Router(config-if)# ip address 10.0.0.3 255.255.255.0

The router will still need an IP address to communicate on, for example when not elected as active.

Activate HSRP for this interface

Router(config-if)# standby 1 ip 10.0.0.1

The IP address 10.0.0.1 is the redundant virtual IP address.
This is the command that enables the HSRP process on the interface.

Tweaking the priority

Router(config-if)# standby 1 priority 100
Router(config-if)# standby 1 preemt

The router with the higher priority will become the active HSRP router when the preemt command is enabled.

Verifying HSRP configuration

Router#sh standby
FastEthernet0/0 – Group 1
State is Active
2 state changes, last state change 00:00:59
Virtual IP address is 10.0.0.1
Active virtual MAC address is 0000.0c07.ac01
Local virtual MAC address is 0000.0c07.ac01 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 0.576 secs
Preemption enabled
Active router is local
Standby router is unknown

Priority 100 (default 100)
IP redundancy name is “hsrp-Fa0/0-1” (default)

As you can see from this output, we are the active HSRP Router for HSRP standby group 1 – and the Standby router is unknown, this means the other side has not been configured.

There has been 2 state changes, because it will first automatically be in mode Speak, then it will eventually go through Standby to Active.

BGP
Using BGP is a must when it comes to redundancy, it will let you multihome with different upstream providers. I have written an article with an introduction and a Basic example BGP configuration in Cisco IOS.

If you need IPv4 addresses for your organization, you may qualify for a PI Network (Provider Independent). This will enable you to take part in the global routing and pick and choose among several upstream providers.

Rapid Spanning Tree Protocol
STP is a layer 2 protocol that detects and blocks layer 2 loops, with a very fast convergence time on link state changes. To configure spanning-tree you can use the following commands.

Enable spanning-tree

Switch(config)# spanning-tree mode rapid-pvst

This command enables the per vlan rapid spanning tree, this means one STP instance per vlan.
Be aware, there is a limit in at least Cisco 3560 and Cisco 3750 that limits it to 128 simultaneous spanning tree processes.

How STP Detects Loops and BPDU filters
The switch will flood BPDU’s (Bridge Protocol Data Units) out on all interfaces per default, and if it can see its own MAC address in an incoming BPDU it will know when a link have looped.

Switch(config)#interface GigabitEthernet 1/0/1
Switch(config-if)#spanning-tree bpdufilter enable

This will stop sending and receiving of BPDUs on the interface GigabitEthernet 1/0/1.

Switch(config-if)#spanning-tree bpduguard enable

This command will make the switch ignore BPDU’s received on the configured interface.

Change spanning tree priority

Switch(config)#interface GigabitEthernet 1/0/1
Switch(config-if)#spanning-tree vlan 100 cost 200

This will apply a cost of 200 to vlan 100 traversing over GigabitEthernet 1/0/1

Verify Spanning Tree

Switch#show spanning-tree vlan 2000

VLAN2000
Spanning tree enabled protocol rstp
Root ID Priority 27223
Address 0012.5555.0000
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 27223 (priority 24576 sys-id-ext 2000)
Address 0012.55555.0000
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300

Interface Role Sts Cost Prio.Nbr Type
—————- —- — ——— ——– ——————————–
Gi1/0/2 Desg FWD 4 128.2 P2p Peer(STP)
Gi1/0/3 Desg FWD 4 128.3 P2p Peer(STP)
Gi1/0/5 Desg FWD 4 128.5 P2p
Gi1/0/15 Desg FWD 4 128.15 P2p

This is output from the root bridge, all ports the vlan exists on are in Forwarding mode.
The protocol output in the top verifies that we are running rapid STP.

Output from Neighbor STP Switch

Switch2#show spanning-tree vlan 2000

VLAN100
Spanning tree enabled protocol rstp
Root ID Priority 27223
Address 0012.55555.0000
Cost 4
Port 1 (GigabitEthernet0/1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 35415 (priority 32768 sys-id-ext 2000)
Address 0012.0007.dddd
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300

Interface Role Sts Cost Prio.Nbr Type
—————- —- — ——— ——– ——————————–
Gi0/1 Root FWD 4 128.1 P2p
Gi0/4 Desg FWD 4 128.4 P2p
Gi0/8 Desg FWD 4 128.8 P2p Peer(STP)

We are not the root bridge, the output shows that ‘Switch’ is the root bridge for this spanning tree.

5 Magic Cisco tips & tricks aka magic IOS commands

Monday, September 15th, 2008

I have been working a lot for several years, and now I want to share some of my best tips for working faster and more efficient on Cisco routers in Cisco IOS.

I posted earlier about the ‘do’ command, but I am going to include it here because it is so darn practical.

So with no further mess – here is the list, not sorted after any specific order.

  1. ‘do’ in config mode
    This is one of the most time saving ones that few people seem to know about, use it!
    It lets you run exec commands in global configuration mode.
  2. include, exclude and begin
    Ever wanted to find something in the configuration? Or maybe you want to see some info, and not some?
    Use include or exclude, for example you can do

    Router1(config)# do show running-config | include ip_address

    This will include every occurance of ‘ip address’ in your running configuration file, the underscore works for spaces, and as such you can also do

    Router1(config)# do show running-config | exclude password

    This will exclude every line that has the word ‘password’ in it, can be usefull if you are listing the configuration file to someone, or you can even do

    Router1(config)# do show running-config | exclude (password|secret)

    This will exclude every line containing EITHER password or secret, and you can use regular expressions here.
    This means that even show interfaces | include (^Vlan|Internet_address|packets\/sec) is valid, which will give you a list of your Vlan interfaces.

  3. alias ps
    Use aliases, do you ever run the same commands a thousand times?
    I have at least these aliases in place on all my equipment:

    alias exec sb show ip int brief
    alias exec ps sh proc cpu | excl 0.00%__0.00%__0.00%

  4. time-range command

    time-range Workhours
    periodic weekdays 8:00 to 16:00
    !
    ip access-list extended permit Permission-To-Internal-Server-In-Work-Hours
    permit tcp any host 10.0.0.5 eq www time-range Workhours
    deny tcp any host 10.0.0.5 eq www
    permit ip any any

    This will allow access to 10.0.0.5 within 8am and 4pm

  5. Redistribute default gateway route into OSPF
    A lot of people are wondering about this one too.

    Router1(config-rtr)# default-information originate always

    This is done under the ‘router ospf’ in global configuration.