Žilinská univerzita > Fakulta riadenia a informatiky > Katedra informačných sietí

CCNA

STP - Loop itself with BPDUfilter

We investigate a special topology condition, where a switch is connected itself on ports Faa0/1 and Fa0/2, and one of the port has BPDUFilter feature applied (i.e. simulating STP is switched off). Both ports are in the same vlan (vlan 1 here). The question is: Is there a topology loop?

Initial state

We check first interfaces status, where we should see that both ports are connected and operational

VTP (+DTP) security threat - myth or fact?

There is some confusion and misunderstanding regarding VTP (VLAN Trunking Protocol)+DTP (Dynamic Trunking Protocol) and this article will hopefully make it all clear. Most of the confusion comes from the statement that VTP is always a security threat to your network. There are even some CCIE material which I find to be wrong on this topic so my advice here is to test everything by yourself.

 

I assume that you have sufficient knowledge about VTP and DTP, if not or you would like to refresh your memory take a look here:

 

VTP

Loki - L3 packet generation and manipulation tool

Notes: Loki is a Python based framework implementing many packet generation and attack modules for Layer 3 protocols, including BGP, LDP, OSPF, VRRP and quite a few others.

Web:

How to find a right server - nslookup and dig dns command line tools

 A simple comparison of the nslookup command, the Microsoft DNS tool, and dig, the linux/win based command alternative.

 

Configuring reflexive ACL (IP session filtering)

In this article I will configure reflexive ACL. This technique is described during CCNA4 Exploration, and I'm using it during the lab exercises.

About Reflexive ACL (IP session filtering)

Description from the cisco web, regarding IOS 15.1.

DHCP configuration using SDM

The flash animation explains how to configure DHCP server on a cisco router using the SDM. Where to find and how to install the SDM is described in this article.

 

Cisco Catalyst 2960 switch IOS recovery

Sometimes in my lab happens that students delete IOS of the switch from its flash. Unfortunately switches does not have rommon to realize quick IOS recovery over tftp. Only one way is over Xmodem.

Cat 2960 switchIOS recovery

To speed up the process of the recovery we may setup Xmodem speed to higher rate as default 9600 bits:

Set the speed rate to 115200 baud on the switch prompt of the switch:

Configuring complex dynamic ACL (Lock-and-Key)

In this article I will configure dynamic complex ACL (Lock and Key). This technique is described during CCNA4 Exploration.

About Lock and Key

Description from the cisco web

Configuration of the RIPv2 authentication

In this article I will configure, debug and shows the process of RIPv2 authentication.

 

Authentication methods

  1. Plain text
  2. MD5

 

Note 1: When using plain text authentication mode, make sure that the following parameters are matching on neighboring routers for successful authentication.

  • Key-string

  • Authentication mode



Possible bugs/limitations encountered in Cisco's RIP implementation


  1. Default route origination not working reliably.
  2. Automatic summarization turned on causes major networks to be propagated throughout the RIP domain with a metric of 1.
  3. Using RIPv2 on NBMA hub-and-spoke topology causes the hub router to rewrite the next hop field in the RIPv2 update to the IP address of the spoke router advertising the originalupdate, thereby creating reachability issues
Syndicate content