An ISP is normally allocated a /32 block.
In Singapore, One of the block issued to Singtel is 2001:0C20::/32
| n bits | m bits | 128-n-m bits |
+-----------------------------+---------------+-------------------------------+
| global routing prefix | subnet ID | interface ID |
+-----------------------------+---------------+-------------------------------+
An organization is often allocated a /48 block of IPv6 address space.
Let's use 2001:0C20:A::/48 10th group in the subnet assigned to ISP
The remaining 16 bits of the first half 64 bits will give 65536 /64s
Let's use 0000 for loopback address
2001:0C20:A:0000:0000:0000:0000:0000/64
Router Loopback Addresses
Router loopback addresses are /128 bit host routes
2001:0C20:A:0000:0000:0000:0000:0000/64
Each router loopback address is indicated by its Router # (y):
2001:0C20:A:0000:0000:0000:0000:0001/128
2001:0C20:A:0000:0000:0000:0000:0002/128
2001:0C20:A:0000:0000:0000:0000:FFFE/128
2001:0C20:A:0000:0000:0000:0000:FFFF/128
Point-to-Point Addresses
Point-to-Point are links between only two nodes.
For such networks, we could use one specific set of networks allocated
from the prefix 2001:0C20:A:F000:0000:0000:0000:0000/52
Examples of possible Point to Point subnets:
Point-to-Point Link 1
2001:0C20:A:F001:0000:0000:0000:0001/64
2001:0C20:A:F001:0000:0000:0000:0002/64
...
Point-to-Point Link 10
2001:0C20:A:F00A:0000:0000:0000:0001/64
2001:0C20:A:F00A:0000:0000:0000:0002/64
Server, Printers Subnet Assignment (Static IP)
For such networks, we could use one specific set of networks allocated from the prefix 2001:0C20:A:E000:0000:0000:0000:0000/52
These are examples of possible server subnets:
2001:0C20:A:E001:0000:0000:0000:0000/64
2001:0C20:A:E002:0000:0000:0000:0000/64
...
2001:0C20:A:EFFE:0000:0000:0000:0000/64
2001:0C20:A:EFFF:0000:0000:0000:0000/64
General End-Node Subnets
There are a a few ways you could subnet your end node subnets:
| n bits (48) | b(8) | s(8) | 128-b-s bits (64) |
+-----------------------------+--------------+----------------------------+
| global routing prefix | bldg | Lvl | interface ID |
+-----------------------------+--------------+----------------------------+
OR
| n bits (48) | v(16) | 128-v bits (64) |
+-----------------------------+----------------+----------------------------+
| global routing prefix | VLAN ID | interface ID |
+-----------------------------+----------------+----------------------------+
Building addresses are summarized as: 2001:0C20:A:bb00:0000:0000:0000:0000/56
Level addresses are: 2001:0C20:A:bbll:0000:0000:0000:0000/64
Therefore, Building 45, Level 7 would be: 2001:0C20:A:4507::/64
Thursday, December 16, 2010
Thursday, October 14, 2010
IPv6 Type of Address
A)Link-Local (FE80::/10)
When an IPv6 stack is enabled, link-local address is automatically assigned to each interface. The IPv6 link-local prefix FE80::/10 is used and the interface identifier in Extended Unique Identifier 64 (EUI-64) format is appended as the address's low-order 64-bit. Link-local addresses are only for local-link scope and must never be routed between subnets within a site.
Example
RouterA(config-if)#ipv6 address FE80:0:0:0:1001:1234:5678:00AB link-local
The link-local address is configured here. This command with the link-local argument can be used to override the default link-local address assigned by the router.
You can also enable just IPv6 on an interface without specifying an aggregatable global unicast or site-local address by using the ipv6 enable command, as shown here:
Router(config-if)#ipv6 enable
This command also automatically configures the link-local address on the interface.B)Site-Local (FEC0::/10) - Deprecated in RFC 3879 and replaced with Unique Local IPv6 Unicast Addresses fc00::/7 - RFC 4193, fd00::/8 localli assigned ULA
A site-local address is used only within a site. Site-local addresses are not enabled by default on nodes like link-local addresses, meaning that they must be assigned.
A site-local address is similar to private address spaces in IPv4. A site-local prefix and address may be assigned to any nodes and routers within a site. However, site-local addresses must never be routed on the global IPv6 Internet.
Usage:Printers,Intranet servers, Network switches, bridges, gateways, wireless access points and any servers and routers that must only be reached internally for management purposes
Example
RouterA(config-if)#ipv6 address FEC0:0:0:1001::1/64
The site-local address is configured on the interface. After the completion of this command, the link-local address is automatically configured.
In the following example, the site-local prefix FEC0:0:0:1001::/64 is used to configure the address. The site-local and link-local addresses are automatically configured:
RouterA(config-if)#ipv6 address FEC0:0:0:1::/64 eui-64
***Take note that the Site-local will appear under the Global Unicast Address field same as Aggregate Global Unicast Address, the only way to know that it is site-local is by the first 4 hexadecimal value FEC0.
C)Aggregatable Global Unicast Address
Each global unicast IPv6 address has three parts:
- Prefix received from a provider— The prefix assigned to an organization by a provider should be at least a /48 prefix. The /48 prefix represents the high-order 48-bit of the network prefix.
- Site— With one /48 prefix allocated to an organization by a provider, it is possible for that organization to enable up to 65,535 subnets (assignment of 64-bit's prefix to subnets).
- Host— The host part uses each node's interface identifier. This part of the IPv6 address, which represents the address's low-order 64-bit, is called the interface ID.
Example
RouterA(config-if)#ipv6 address 2001:0c20:0:1001:0:0:0:1abc/64
The aggregatable global unicast address is configured on the interface. After the completion of this command, the link-local address is automatically configured.
In the following example, the aggregatable global unicast prefix 2001:0c20:0:1001::/64 is used to configure the address. The aggregatable global unicast and link-local addresses are automatically configured:
RouterA(config-if)#ipv6 address 2001:0c20:0:1001::/64 eui-64
Friday, July 23, 2010
RIP configuration
router rip
network
=>enable routing protocol RIP version 1 (classful, same subnet used throughout whole network)
=> routing table send out thru broadcast address 255.255.255.255
router rip
version 2
network
network
=>enable routing protocol RIP version 1 (classful, same subnet used throughout whole network)
=> routing table send out thru broadcast address 255.255.255.255
router rip
version 2
network
=>enable routing protocol RIP version 2 (classless, able to used different subnet VLSM)
=> routing table send out thru multicast address 224.0.0.9, UDP Port number 520
no auto-summary => no auto summarization
=> routing table send out thru multicast address 224.0.0.9, UDP Port number 520
no auto-summary => no auto summarization
default-information originate => generate a default route into RIP
passive-interface fa0/0 => prevent routing update out thru interface fa0/0
Load Balancing
maximum-paths
=> default 4, maximum 6
=> IOS version 12.3 onwards up to 16
By default, RIP uses broadcast or multicast to push out routing table. If there's a need, we can push update using unicast neighbor
Juniper
R2#set protocol rip group RIPGROUP2 neighbor em2.0
R3#set protocol rip group RIPGROUP3 neighbor em2.0
Group name is local significant
Be default Junos dont advertise route, need to create a policy
R2#set policy-options policy-statement RPOLICY term 1 from protocol rip
R2#set policy-options policy-statement RPOLICY term 1 from protocol direct
R2#set policy-options policy-statement RPOLICY term 1 then accept
R2#set protocol rip group RIPGROUP2 export RPOLICY
R3#set policy-options policy-statement RPOLICY term 1 from protocol rip
R3#set policy-options policy-statement RPOLICY term 1 from protocol direct
R3#set policy-options policy-statement RPOLICY term 1 then accept
R3#set protocol rip group RIPGROUP3 export RPOLICY
show route
Friday, June 18, 2010
Default route
R1(config)#ip route 0.0.0.0 0.0.0.0 s0/0/1 or
R1(config)#ip route 0.0.0.0 0.0.0.0 200.0.0.2
Send all packets destined for networks not in my routing table to 200.0.0.2 or out interface s0/0/1
**Normally used for connection to ISP
Juniper
set routing-options static route 0.0.0.0/0 next-hop 200.0.0.2
Thursday, May 13, 2010
Static route & floating Static route
Cisco
ip route
ip route local exit interface => admin distance of 0 like connected interface
e.g. on R1 router
ip route 10.10.30.0 255.255.255.0 10.10.20.2 or
ip route 10.10.30.0 255.255.255.0 s0
** Adding the permanent keyword to a static route statement will keep the static routes in the routing table even if the interface goes down
floating static route (Backup route)
ip route 10.10.30.0 255.255.255.0 s0
ip route 10.10.30.0 255.255.255.0 s0 91
when running eigrp which has a default AD of 90, eigrp route will appear in routing table and only when that route goes down will the floating static route appear. Serves as a backup route.
Juniper
set routing-options static route 10.10.30.0/24 next-hop 10.10.20.2
IPv6
Cisco - ipv6 route 2001:db8::/32 s0 fe80::1/64
Juniper - set routing-options rib inet6.0 static route 2001:200:20:1::1/128 next-hop 2001:200:30:2::2
Juniper
set routing-options static route 10.10.30.0/24 next-hop 10.10.20.2
IPv6
Cisco - ipv6 route 2001:db8::/32 s0 fe80::1/64
Juniper - set routing-options rib inet6.0 static route 2001:200:20:1::1/128 next-hop 2001:200:30:2::2
Thursday, April 15, 2010
Show Version
Cisco Internetwork Operating System Software IOS (tm) 3600 Software (C3640-J-M), Version 11.2(6)P, SHARED PLATFORM, RELEASE SOFTWARE (fc1) Copyright (c) 1986-1997 by cisco Systems, Inc. Compiled Mon 12-May-97 15:07 by tej Image text-base: 0x600088A0, data-base: 0x6075C000 ROM: System Bootstrap, Version 11.1(7)AX [kuong (7)AX], EARLY DEPLOYMENT RELEASE SOFTWARE (fc2) Router uptime is 1 week, 1 day, 38 minutes System restarted by power-on System image file is "flash:c3640-j-mz_112-6_P.bin", booted via flash Host configuration file is "3600_4-confg", booted via tftp from 171.69.83.194 cisco 3640 (R4700) processor (revision 0x00) with 107520K/23552K bytes of memory. Processor board ID 03084730 R4700 processor, Implementation 33, Revision 1.0 Bridging software. SuperLAT software copyright 1990 by Meridian Technology Corp). X.25 software, Version 2.0, NET2, BFE and GOSIP compliant. TN3270 Emulation software. Primary Rate ISDN software, Version 1.0. 2 Ethernet/IEEE 802.3 interface(s) 97 Serial network interface(s) 4 Channelized T1/PRI port(s) DRAM configuration is 64 bits wide with parity disabled. 125K bytes of non-volatile configuration memory. 16384K bytes of processor board System flash (Read/Write) Configuration register is 0x2102
IOS image version and features => c3640-j-mz_112-6_P.bin
Dynamic(Volatile) RAM => 107520K/23552K bytes total = 107520k + 23552k = 131072k
NVRAM => 125K
Flash memory => 16384K
Thursday, March 18, 2010
Show command with pipe
show ip interface brief | exclude unassigned
=> show interface with IP address
show running-config | begin router
=> show routing protocol configuration
show ip protocols
=> show the various routing protocols configured, its participating network and its various running timer
show interface trunk
=> show the interface which are configured as trunk and using 802.1q or ISL encapsulation
show ip route
=>show the routing table
R => RIP
O => OSPF
D => EIGRP
B => BGP
C => connected
S => static
* => default route
=> show interface with IP address
show running-config | begin router
=> show routing protocol configuration
show ip protocols
=> show the various routing protocols configured, its participating network and its various running timer
show interface trunk
=> show the interface which are configured as trunk and using 802.1q or ISL encapsulation
show ip route
=>show the routing table
R => RIP
O => OSPF
D => EIGRP
B => BGP
C => connected
S => static
* => default route
Thursday, February 11, 2010
Enable Port security
configure terminal
interface fast ethernet (port)
switchport mode access =>change dynamic to access mode
switchport port-security =>enable port security
switchport port-security =>enable port security
switchport port-security mac-address sticky =>remember mac-address
switchport port-security maximum 1 =>only allow 1 mac address
switchport port-security violation shutdown =>shutdown if detect other mac
Thursday, January 21, 2010
Enable faster convergence of switch
For port assign to PC, remember to enable portfast so that it will not be involve in the spanning tree re-calculation
configure terminal
interface fast ethernet (port)
spanning-tree portfast
Subscribe to:
Posts (Atom)