Ethan Banks Not writing about IT.

NMC DOiT Vol.2 Scenario 21 – ip accounting precedence + IOS menu + RIPng port & multicast-group + 3550 Minimal Configuration Load Balancing + Pragmatic General Multicast

N

Continued from the previous post.

  • Using the “ip accounting precedence” interface command will instruct the router to increment counters in response to IP packets with precedence values.

    R5#show run interf s1/0
    !
    interface Serial1/0
    ip accounting precedence input
    ip accounting precedence output

    end

    R5#show run interf s1/1
    !
    interface Serial1/1
    ip accounting precedence input
    ip accounting precedence output

    end
    !
    R5#show interfaces s1/0 precedence
    Serial1/0
    Input
    Precedence 0: 103 packets, 13818 bytes
    Precedence 2: 7 packets, 616 bytes
    Precedence 6: 34499 packets, 4191542 bytes
    Output
    Precedence 0: 5 packets, 520 bytes
    Precedence 5: 5 packets, 520 bytes
    Precedence 6: 34476 packets, 4429712 bytes
    !
    R5#show interfaces s1/1 precedence
    Serial1/1
    Input
    Precedence 0: 254 packets, 26416 bytes
    Precedence 6: 34545 packets, 3951719 bytes
    Output
    Precedence 0: 83 packets, 8632 bytes
    Precedence 2: 80 packets, 3930 bytes
    Precedence 6: 40279 packets, 5016810 bytes

  • You can build an IOS menu, so that when users login, they are presented with a menu instead of the CLI. This example sets up a menu system that presents the user with a 2 item menu upon successful telnet login with the “admin” account. I telnet from R1 CLI to the R1 loopback to demonstrate the menu, then hit “2” to exit.

    R1#show run
    !
    username admin password 0 cisco
    username admin autocommand menu menu1
    !
    menu menu1 title ^C
    Admin’s Menu ^C
    menu menu1 text 1 Display Routes
    menu menu1 command 1 show ip route
    menu menu1 text 2 Exit
    menu menu1 command 2 exit
    menu menu1 default 2

    line vty 0 4
    exec-timeout 0 0
    privilege level 15
    login local
    line vty 5 15
    privilege level 15
    login local
    !
    !
    end
    !
    R1#telnet 141.37.101.1
    Trying 141.37.101.1 … Open

    User Access Verification

    Username: admin
    Password:
    Admin’s Menu

    1 Display Routes

    2 Exit

    [Connection to 141.37.101.1 closed by foreign host] R1#

  • I got a weird little task to configure 2 serial links on the same router using no explicit IPv6 addresses, but with the serial links ending up with the same effective IPv6 address. This was another one of those tasks that sounds complicated, but isn’t really that hard. All the task wanted was for “ipv6 unnumbered” to be used on the serial links, referencing the same loopback address.

    R5#show run interf lo1051
    !
    interface Loopback1051
    ipv6 address FEC0::105:1/125
    end

    R5#show run interf s1/0
    !
    interface Serial1/0
    ipv6 unnumbered Loopback1051
    end

    R5#show run interf s1/1
    !
    interface Serial1/1
    ipv6 unnumbered Loopback1051
    end

    R5#show ipv6 interface brief | e admin
    Serial1/0 [up/up] FE80::20D:EDFF:FEE3:1C30
    unnumbered (Loopback1051)
    Serial1/1 [up/up] FE80::20D:EDFF:FEE3:1C30
    unnumbered (Loopback1051)
    Loopback1051 [up/up] FE80::20D:EDFF:FEE3:1C30

  • You can configure RIPng to use a specific UDP port and multicast group with the port command in the ipv6 router rip paragraph. This example shows the RIPng process set to UDP port 9999 and multicast-gropu FF02::9999.

    R3#show run | b ipv6 router rip
    ipv6 router rip RIPNG
    port 9999 multicast-group FF02::9999

  • A switching task asked to load-balance VLANs 20 and 30 across 2 interswitch links using the minimal number of configuration statements. This was one of those cases where the task was a little vague. Load balance VLANs 20 and 30…so VLAN20 has to be load-balanced across both links, and VLAN30 has to also be load-balanced across both links, right? That’s how I took it, but that was wrong. I was thinking there was no way to solve the problem other than an etherchannel. In reality, it was acceptable to push VLAN20 across one link, and VLAN30 across the other. That being the case, the correct way to solve the problem was to tweak port-priority (or another STP parameter you like) to force one of the VLANs across one link and not the other – one line. One configuration statement is about as minimal as you can get. I guess I should have realized that when they only cared about VLANs 20 and 30, and not the other VLANs on the switches, that they weren’t looking for an etherchannel.
  • I don’t understand the ins and outs well enough to blog in detail about Pragmatic General Multicast. However, I can say that the commands to configure the routers to support PGM “host” and “router assist” were simple. Doing a quick read on the topic to make yourself aware of it is probably a good idea.

1 comment

  • This lab was quite hard for me. Especially BGP and RIP sections.
    From the non-core sections the DHCP Snooping+ Arp inspection sections were very interesting for me:

    1. I was surprised that IOS DHCP server with basic configuration does not understand DHCP Requests with inserted Option 82. In other hand, if you enable DHCP snooping on switch, it automatically adds Option 82 information to all received DHCP Requests.
    So it is desired to disable option 82 on DHCP snooping enabled switch, unless IOS DHCP server does not give addresses to DHCP clients.

    2. Second issue, which I had with DHCP snooping was following.
    Early I thought for enable DHCP snooping per switch I can use only one command ‘ip dhcp snooping’ global config.
    But also you must explicitly specify for which vlans DHCP snooping must be enabled (‘ip dhcp snooping vlan ‘x’’ command). I don’t do this and had very big problem with ARP inspection later, because DHCP snooping binding database didn’t filed with MAC/IP entries.

By Ethan Banks
Ethan Banks Not writing about IT.

You probably know Ethan Banks because he writes & podcasts about IT. This site is his, but covers other stuff.

Get the details on his about page.