Networking Archives - Page 3 of 4

Networking

Cisco IOS Logging, SNMP, and EEM: Syslog Levels, Traps, and Automation

Working reference for Cisco IOS visibility and automation. The 8 syslog severity levels (Emergency 0 through Debug 7) and how to threshold each destination, syslog config (buffered / console / host / source-interface Loopback0 for stable identity), service timestamps log datetime msec for correlation, SNMP v2c with ACL-restricted community strings vs SNMPv3 with auth+priv security level, EEM applets for event-driven automation (syslog pattern matching, time-based cron schedules, counters), example applets for interface-down alerting and auto-saving config, and the pitfalls (console at debug, missing source-interface, community without ACL, EEM runaway loops, no timestamps).

Networking

Cisco IOS File Management & Maintenance: Backup, Archive, Rollback

Working reference for Cisco IOS file management. The running vs startup config distinction (RAM vs NVRAM) and copy run start as the most-forgotten command, backing up to TFTP / FTP / SCP including credential setup, the file system layout (flash, nvram, system, tftp:, scp:, usbflash0), running the router itself as a TFTP server, the archive feature for automatic config snapshots with path / write-memory / time-period, configure replace for non-disruptive rollback (it computes the diff vs copy which is additive only), archive log config for audit logging with hidekeys redaction, verify /md5 for IOS image integrity, and the pitfalls (TFTP file-must-exist trap, plaintext FTP creds, insufficient flash before image upgrade).

Networking

Cisco IOS Basic Configuration: Interfaces, Sub-interfaces, DHCP, CDP, and Banners

Working reference for baseline Cisco IOS configuration. The hostname / domain / no ip domain-lookup trio (the latter saves 20 seconds per typo), Layer 3 interfaces with description / ip address / no shutdown, sub-interfaces for router-on-a-stick with encapsulation dot1Q including the native keyword, loopback interfaces for management and router-id, the Null0 bit-bucket, clock rate / bandwidth on serial, full DHCP server config (excluded-address, pool, default-router, dns-server, lease) and ip helper-address for relay, CDP enable/disable per-interface, MOTD/login/exec banners, clock + NTP, disabling the HTTP server, and the baseline template every new router should start from.

Networking

Cisco IOS CLI & ROMMON: Modes, Shortcuts, and Password Recovery

Working reference for the Cisco IOS command-line. The mode hierarchy (User EXEC -> Privileged EXEC -> global config -> interface/router/line config), tab-complete and command abbreviation, the navigation shortcuts (Ctrl-A/E/W/U/R), output filtering with pipe (include / exclude / begin / section / redirect), the seven ping result codes, ROMMON access via terminal break sequence, and the standard four-step password recovery procedure (confreg 0x2142 - reset - copy startup to running - enable secret - config-register 0x2102). Pitfalls: forgetting to restore config-register, break sequence not transmitting, console baud-rate mismatches in ROMMON.

Networking

Cisco IOS IPv6: Addressing, Routing Protocols, and Tunneling

Working reference for IPv6 on Cisco IOS. The 128-bit address format and compression rules, the five address scopes (loopback ::1/128, link-local fe80::/10 - automatic on every interface, ULA fc00::/7, GUA 2000::/3, multicast ff00::/8), the ipv6 unicast-routing global enable, three ways to set an interface address (manual, EUI-64 derived from MAC, SLAAC), static routing with ipv6 route, the four IPv6 routing protocols (OSPFv3 with the IPv4-format router-id quirk, EIGRPv6 which stays shutdown by default, RIPng, MP-BGP with its activate-in-address-family pattern), tunneling options (manual, GRE, 6to4, ISATAP), and the differences from IPv4 (no NAT, no ARP - replaced by NDP - no broadcast, multiple addresses per interface). Pitfalls: forgetting ipv6 unicast-routing, EIGRPv6 shutdown by default, missing BGP activate, routing protocols using link-locals you don't expect.

Networking

Cisco IOS Site-to-Site IPsec VPN with GRE: Full Configuration Walkthrough

Working reference for a GRE-over-IPsec site-to-site VPN on Cisco IOS. Why GRE-inside-IPsec instead of plain IPsec (multicast and routing-protocol support), the two-phase IKE/IPsec negotiation (Phase 1 ISAKMP - authentication / encryption / hash / DH group / lifetime; Phase 2 - transform-set / interesting traffic / lifetime), full symmetric configuration on both endpoints (isakmp policy, pre-shared key, transform-set, ACL for interesting traffic that matches GRE between tunnel endpoints, crypto map applied to physical interface NOT tunnel, GRE Tunnel0 with MTU and TCP-MSS clamping), running EIGRP through the tunnel, and the verification order (show crypto isakmp sa, show crypto ipsec sa, show crypto map, tunnel ping, routes). Pitfalls: crypto map on wrong interface, ACL points at LANs instead of GRE, MTU not lowered, NAT-T not allowed, asymmetric configuration.

Networking

Configure BGP on Cisco IOS: Peering, Path Selection, and Route Manipulation

Working reference for BGP on Cisco IOS. eBGP vs iBGP and the iBGP full-mesh problem, peering setup over physical interfaces vs loopbacks (with update-source and next-hop-self), the network statement and its requirement that the prefix be in the IP routing table, the nine-step path-selection process (Weight - Local Pref - AS-Path - Origin - MED - eBGP/iBGP - IGP cost - Router ID), the four most-used manipulations (local-pref for outbound preference, AS-Path prepend for inbound, MED for same-peer multilink, communities for ISP-coordinated traffic engineering), prefix-list filtering on all neighbors, peer groups, soft vs hard reset, and pitfalls (missing IP route, iBGP next-hop, communities not sent, outbound prefix-list omitted).

Networking

Configure EIGRP on Cisco IOS: Metrics, DUAL, Stub, and Authentication

Working reference for EIGRP on Cisco IOS. The composite metric (bandwidth + delay, with K-values), DUAL and the feasibility condition (Successor and Feasible Successor for sub-second convergence), basic configuration with no auto-summary and explicit router-id, passive-interface default + selective unpassive pattern, per-interface summarization, EIGRP stub for branch routers (bounding query scope and avoiding Stuck-In-Active), MD5 authentication via key-chain, the five verification commands, and the pitfalls (auto-summary trap, K-value mismatches, SIA, AS-number agreement).

Networking

Cisco IOS NAT and PAT: Static, Dynamic, and Overload Configuration

Working reference for the four NAT modes on Cisco IOS. The inside-local / inside-global / outside-global vocabulary that confuses everyone the first time, the ip nat inside / ip nat outside interface markings (most common cause of broken NAT), Static NAT with full IP and port-specific variants, Dynamic NAT with a public pool, PAT (overload) with the WAN interface IP and with a pool, the show ip nat translations and statistics commands, clear ip nat translation, and the pitfalls (missing markers, ACL gaps, PAT port exhaustion, NAT/IPsec interaction).

Networking

Cisco IOS Access Control Lists: Standard, Extended, Named, Reflexive, Time-Based

Working reference for the five Cisco IOS ACL types. How an ACL processes a packet (top-down, first-match-wins, implicit deny), where the order of operations relative to NAT matters (in: ACL before NAT, out: NAT before ACL), Standard vs Extended vs Named ACLs with full configuration examples, Reflexive ACLs for basic return-traffic state, Time-based ACLs with absolute and periodic schedules, application to interfaces vs VTY lines (ip access-group vs access-class), placement rules (Standard close to destination, Extended close to source), and the pitfalls (implicit deny, numbered-ACL edit gotcha, wildcard vs subnet mask, NAT-order trap, missing VTY restriction).

Networking

Configure OSPFv2 on Cisco IOS: From Single Area to Multi-Area

Working reference for OSPFv2 on Cisco IOS - the cost metric, hello/dead timers, the six LSA types, the five area types (Backbone, Normal, Stub, TSA, NSSA), router roles (ABR, ASBR, IR), basic configuration with both the network statement and ip ospf interface command, multi-area design, summarization at the ABR (area range vs summary-address), virtual links, MD5 authentication, the five verification commands, and the pitfalls (reference bandwidth mismatch, wildcard vs subnet mask, EXSTART MTU loops, implicit router-id changes).

Networking

SD-WAN vs Traditional MPLS: What’s Actually Right for Your Business?

The SD-WAN vs MPLS conversation has been running in enterprise IT circles for the better part of a decade. Both technologies have real strengths. This guide cuts through the vendor marketing and gives you a practical decision framework.