Khawars Boot Camp after 2nd Class

Khawars Boot Camp after 2nd Class


Warning: Undefined variable $match_no_and in /home/kennie/www/www/wordpress/wp-content/plugins/crp-taxonomy/includes/filters.php on line 245

Sharing is caring!

I’ve attended two of Khawar’s boot camp sessions and I have been impressed.  For an example of his training method he has actually allowed Router Gods to upload one of his VPN Series here.   I really like his method of interaction.  He uses mostly the chat window for making sure we are following along or have questions.  He does a wonderful job of answering pretty much every single question.  So far there are a few key knowledge gaps that I wanted to document in this blog below.

*****RIP*****

  1. With RIP Auto Summary is on by default so it is critical to do no auto-summary unless it is required to be on.
  2. RIP’s Network command will accept any part of the network statement but it will only apply the actual Major Network.  For example, if you enter 10.1.10.0 and 10.0.0.0 they will both show up in the command line as 10.0.0.0.  So it does not matter if you do the more specific network statement.
  3. EACH Major Network must be entered.  So if you have the Subnets 192.168.1.0, 192.168.2.0 you must enter both of these.  You cannot just enter 192.168.0.0.  That would ONLY advertise 192.168.0.0/24 network.
  4. With Auto-summary on, if the connecting network between two routers is the same major subnet then it will send the more specific subnets.  If it is an entirely different network it will summarize at the major network point.  R1 with 10.100.1.1/24 as Loopback 0 and Ethernet 0/0 is 10.1.1.1/24.  If this is connected to R2, R2 would see 10.100.1.0/24 and 10.1.1.0/24.  If instead, the Ethernet network was 200.1.1.1/24 then with auto-summary on, R2 would only see 10.0.0.0/8.
  5. When it comes to using manual summarization there are actually two significant things to know.
    1. You can NOT summarize a supernet.  Meaning you cannot manually summarize 192.168.1.0 and 192.168.2.0 as 192.168.0.0 255.255.0.0 in RIP.
    2. You can NOT use multiple summaries in the same range to allow more specific.  In other words if you had 10.100.1.0, 10.100.2.0, 10.100.3.0, and 10.100.16.0.  If you summarized these as 10.100.0.0 255.255.224.0, you could not do another summary route of 10.100.2.0 255.255.254.0.  It would take the command but the 10.100.0.0 255.255.224.0 would take priority.
  6. Offset is primarily used by RIP.  It can be used to filter routes both inbound and outbound.  It could also be used to modify the preferred route.
  7. Offset list with a 0 in the ACL value is all routes.
  8. Offset list can cause Asynchronouse paths so be VERY careful.
  9. In RIP “Passive-interface” is slightly different than some of the other protocols
    1. Great to use to reduce Network Traffic/Multicast on a link
    2. Stops Multicast updates from sending, it can still send and receive unicast messages
    3. Used in conjunction with Neighbor to configure unicast updates to a single neighbor
    4. If you ONLY use neighbor command in RIP and do NOT use the passive-interface RIP will actually send BOTH Unicast and Multicast updates.
  10. With RIP it is a good idea to ALWAY enter” ip rip authentication mode text” but this is the default.
    1. This does not show in the running configuration
  11. Not covered in class but the key ID does not have to match with Clear Text but it MUST match with MD5
  12. When using an Access list for RIP distribute-list the wildcard is ONLY looking at the prefix and NOT the subnet. To filter on subnet mask we must use a Prefix-list.
  13. With RIP ALWAYS use “clear ip route*”
  14. With a Prefix list, the command “ip prefix-list TEST permit 192.168.1.0/24″  is ACTUALLY ip prefix-list TEST permit 192.168.1.0/24 eq 24”  The eq 24 is not written but that is how it functions.

 

***EIGRP****

  1. Auto-summary is OFF by default with EIGRP in version 15 of IOS.
  2. With EIGRP you can summarize both supernets and also you can use multiple summaries to “leak routes”.
  3. The Hello’s are multicast but the Update and most of the other messages are actually Unicast.  However, they all use Protocol 88.
  4. Unlike RIP, EIGRP can be configured with Network Commands for each specific IP or a larger subnet.
  5. With EIGRP the Passive-interface is a LOT more powerful.  It will block any Unicast or Multicast from being sent or received on an interface.
  6. When you use the neighbor x.x.x.x command this will disabled sending multicast updates on the interface.  Passive-interface will still override this though and prevent any updates.
  7. Authentication requires the “Mode” to be configured.
  8. Different format then rip.
    1. RIP is ip rip authentication mode mode md5, ip rip authentication key-chain AAA
    2. EIGRP is ip authentication mode eigrp 100 md5, ip authentication key-chain eigrp 100 AAA
  9. Applying ONLY the key under an interface in EIGRP has no effect on operation. The mode configuration is what turns on the authentication.  With RIP it should default to mode text.
  10. For SHA authentication requires Named mode and the command is under the af-interface command.  authentication mode hmac-sha-256 thisispass123

 

Commonalities:

Both support MD5

Both allow the same exact function of ACL and Prefix with the distribute-list command

Both use key-chains for MD5 authentication and in fact you can use the same key-chain for both.

Leave a Reply

Your email address will not be published. Required fields are marked *