Default route and RIB/FIB entries
If a router has multiple routes to a network over multiple routing protocols, it stores all routing information in the RIB. This information may not be necessarily used when determining best path to the network. To determine best path to the network, CEF uses the FIB. I understand this.
Consider a network where:
R2 ------- R1 ------- R3
R2 (10.0.0.2/24) connects to R1 (10.0.0.1/24)
R1 (192.168.0.1/24) connects to R3 (192.168.0.2/24)
On R2, R3: I have default routes pointing to R1:
R2: ip route 0.0.0.0 0.0.0.0 10.0.0.1
R3: ip route 0.0.0.0 0.0.0.0 192.168.0.1
Now, from R2, I can ping R3 fine.
R2#ping 192.168.0.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.0.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/39/44 ms
So, I try to see the route entry for 192.168.0.2
R2#sh ip route 192.168.0.2
% Network not in table
I don't see it. So I look at the CEF/FIB.
Cisco IP Phone switchport voice vlan and CDP
I was under the wrong impression for quite a long time that Cisco IP phones require a 'switchport voice vlan ' command on the switchport that they connect to for the Phones to show up in cdp neighbors. The 'sw voice vlan ' command associates an auxilary VLAN to the port that is known as VVID (VLAN ID) for voice service. This VVID is associated with the phone during a cdp neighbor lookup.
I thought if I didn't use 'sw voice vlan ' then my phone would not show up as a cdp neighbor on the switch. But I guess I was wrong. I set up the switchport as 'sw access vlan 80' where 80 was the Voice VLAN and I could see the phone come up, register, grab the right IP though DHCP and show up on cdp neighbors.
I had to do this because of a Cisco small business SG300 switch that we had to install in one of the maintenance offices that does not support the 'sw voice vlan id' command.
As always, comments and feedback much appreciated!
ASA 5515-X ASDM/SSH fix
If you are planning on installing a new Cisco ASA 5515-X, or any other ASA from their 55X5-X line of ASAs, running 8.6 or above, you might run into a situation where you cannot SSH into the ASA or access ASDM.
Start off by verifying if you have activated the 3DES license. If not, grab the 3DES license key from cisco product license registration. Once Cisco emails you the activation key, console into your ASA and type 'activation-key ' under the global configuration mode. This will allow SSH version 2 on the ASA. You can verify this by doing a 'show version' on the ASA and checking the status next to 'VPN-3DES-AES'.
Next, create a username and password like you would.
username admin password cisco encrypted privilege 15
Then allow SSH on the inside and/or outside on all/specific subnets. Configure SSH version 2.
ssh 10.0.10.0 255.255.255.0 inside
ssh timeout 5
ssh version 2
And finally allow LOCAL authentication.
aaa authentication ssh console LOCAL
Next, you need to add an ssl encryption standard to the ASA. Most browsers and SSH/Telnet clients will reject the cipher that is present on the ASA by default.
ssl Continue reading
Cisco 4500-X
At a recent new install, I had the opportunity to configure a 4500-X switch for the Data Center. It is a good alternative to a Nexus 5000 if you want 10G uplinks and are tight on budget. Of course, you will miss out on vPC and FEX which I configure are the most important features of the Nexus switches in the Data Center. But if you have 2 4500-X as redundant uplink switches, you can connect downstream devices such as UCS and SAN fabric over 10G uplinks.
Even though the 4500-X data sheets say the switch is a 32 10G SFP+ port, you have the option of using 1G or 10G GLC/SFP modules. I used a variety of copper/fiber modules to connect to routers, servers, switches and an ASA. The switch uses auto negotiation to drop down to 1G in case of copper connections. This link lists all compatible hardware for the Cisco 4500-X switch.
I had to set up a temporary fiber connection between this switch and HQ which routes to remote offices over MPLS. So for the time being, I set up a L3 port on the 4500 and set up basic static routing (ipbase does not support Continue reading
Frozen Menubar on Mountain Lion fix
Ever noticed how the menubar just hangs since you upgraded to Mountain Lion? It gets very frustrating when you want to access one of the application icons on your menubar and you see the Mac spinning wheel or the beach spinning wheel or the rainbow wheel of death, as Mac haters would call it.
You'll see all menubar icons disappear and reappear and you will now be able to access menubar application icons.