Feeds:
Posts
Comments

Archive for August, 2011

EIGRP Lab#2

Posted in cisco ios, information technology, infrastructure, knowledge on 21 August 2011| Leave a Comment »

Yep. i’m officially preparing myself for CCNP, and my sequence is to get the Route 1st, Switch 2nd, and 3rd last, TShoot. and today i’m practicing myself with EIGRP and POC’d the 1st rule of routing..  more specific route is preferable compared to summarized route with better administrative distance and metric…

in this case, my R4’s S1/0 and S1/1 is configured as a serial link (more or less same feasible distance), and R5’s f1/0 is a better administrative distance as it’s a fastE (100Mbps) compared to R6’s Ethernet (10Mbps) to reach R7’s LAN (10.1.2.4). EIGRP summary on R4:

R4# sh run | s rou
router eigrp 90
 passive-interface default
 no passive-interface Serial1/0
 no passive-interface Serial1/1
 network 10.1.24.1 0.0.0.0
 network 10.1.34.1 0.0.0.0
 network 172.30.0.0 0.0.7.255
 network 192.168.1.0
 no auto-summary

adjacency built for both serial links, and the loopbacks are advertised as well (172.30.0.0/21) so the R4’s sh ip eigrp topo shows that to go to 10.1.2.4 most preferred is through R4 S1/1 (FD/AD):


R4# sh ip eigrp top
P 10.1.2.0/24, 1 successors, FD is 2172416
        via 10.1.34.2 (2172416/28160), Serial1/1
        via 10.1.24.2 (2195456/281600), Serial1/0

Route from R6 / R5 to R4’s loopback is through their own S0/0

R5#sh ip route
<<input omitted>
     172.30.0.0/24 is subnetted, 7 subnets
D       172.30.2.0 [90/2297856] via 10.1.34.1, 00:05:11, Serial0/0
D       172.30.3.0 [90/2297856] via 10.1.34.1, 00:05:11, Serial0/0
D       172.30.1.0 [90/2297856] via 10.1.34.1, 00:05:11, Serial0/0
D       172.30.6.0 [90/2297856] via 10.1.34.1, 00:05:11, Serial0/0
D       172.30.7.0 [90/2297856] via 10.1.34.1, 00:05:11, Serial0/0
D       172.30.4.0 [90/2297856] via 10.1.34.1, 00:05:12, Serial0/0
D       172.30.5.0 [90/2297856] via 10.1.34.1, 00:05:12, Serial0/0

R6#sh ip route
<<input omitted>>
     172.30.0.0/24 is subnetted, 7 subnets
D       172.30.2.0 [90/2297856] via 10.1.24.1, 00:06:04, Serial0/0
D       172.30.3.0 [90/2297856] via 10.1.24.1, 00:06:04, Serial0/0
D       172.30.1.0 [90/2297856] via 10.1.24.1, 00:06:04, Serial0/0
D       172.30.6.0 [90/2297856] via 10.1.24.1, 00:06:04, Serial0/0
D       172.30.7.0 [90/2297856] via 10.1.24.1, 00:06:04, Serial0/0
D       172.30.4.0 [90/2297856] via 10.1.24.1, 00:06:05, Serial0/0
D       172.30.5.0 [90/2297856] via 10.1.24.1, 00:06:05, Serial0/0

but after i’ve performed a summarization on R4’s serial (either s1/0 or s1/1)

R4(config)#int s1/0
R4(config-if)#ip summary-address eigrp 90 172.30.0.0 255.255.248.0

the route for R6 to reach 172.30.0.0.21 subnet is through 10.1.2.3 (which is more specific)

R6#sh ip route
<<input omitted>>
     172.30.0.0/16 is variably subnetted, 8 subnets, 2 masks
D       172.30.2.0/24 [90/2323456] via 10.1.2.3, 00:00:39, Ethernet1/0
D       172.30.3.0/24 [90/2323456] via 10.1.2.3, 00:00:39, Ethernet1/0
D       172.30.0.0/21 [90/2297856] via 10.1.24.1, 00:00:40, Serial0/0
D       172.30.1.0/24 [90/2323456] via 10.1.2.3, 00:00:39, Ethernet1/0
D       172.30.6.0/24 [90/2323456] via 10.1.2.3, 00:00:39, Ethernet1/0
D       172.30.7.0/24 [90/2323456] via 10.1.2.3, 00:00:41, Ethernet1/0
D       172.30.4.0/24 [90/2323456] via 10.1.2.3, 00:00:41, Ethernet1/0
D       172.30.5.0/24 [90/2323456] via 10.1.2.3, 00:00:41, Ethernet1/0

so, i’ll need to ensure that another S1/1 is configured the same summary-address as well.. and uh.. i can configure load balancing through eigrp’s variance command:

R4(config-router)#var 2
R4(config-router)#do sh ip route
<<input omitted>>
D       10.1.2.0/24 [90/2172416] via 10.1.34.2, 00:00:04, Serial1/1
                    [90/2195456] via 10.1.24.2, 00:00:04, Serial1/0

Read Full Post »

Heimdallr

Posted in cisco ios, knowledge, operating system, personal, self improvement, software on 7 August 2011| 1 Comment »

This weekend i’ve ventured the world of ScreenOS.. after registering myself to get the latest firmware upgrade (frm 5.1.0r2 to 5.4.0r21.0), i’ve decided to turn off my built-in firewall in my wireless router.. and replaced it with NS5GT.. although the product is EOS/EOL since 2008, but it’s essential for me to grasp the overall concept.. anyway..

after plugged in ISP connection to untrust port, ScreenOS will function as NATting & Routing (trust-vr) for my home env. at that moment i was thinking to further downgrade my wireless router to become a pure AP with DHCP enable without routing, but i guess i’ll just leave it as a layer 3 atm. (so total 2NAT occured in between..) the firewall will see all traffic from 192.168.100.0/24 are coming from 10.100.100.2 (router ip), and ISP will see 10.100.100.0/24 are all coming from my public IP assigned by DHCP…

next is to setup port forwarding / VIP for my web & ssh but i decided to set up a MIP instead. setting up a MIP is more or less similar like putting my server into a DMZ (Global Zone) – (set interface “untrust” mip 222.164.118.xx host 10.100.100.2 netmask 255.255.255.255 vr “trust-vr”) on the untrusted interface and setting up a policy from untrust to trust (set policy id 3 name “MIP” from “Untrust” to “Trust”  “Any” “MIP(222.164.118.24)” “ANY” permit log) and that’s it..

sadly there’s no option for me to bind the MIP on untrust interface instead of defining the specific untrust IP… that means everytime my modem restarted / ISP assigned me with another IP, i’ll need to change the mapping manually : (

what i found next is a few critical alarms indicating: Dst IP session limit!, Src IP session limit! and Fragmented traffic! …. alot of it.. need some time to read on to understand what are these alerts are for..

http://www.juniper.net/techpubs/software/screenos/screenos5.4.0/index.html

Mapped IP* (MIP) is a direct one-to-one mapping of one IP address to another. The security device forwards incoming traffic destined for a MIP to the host with the address to which the MIP points. Essentially, a MIP is static destination address translation, mapping the destination IP address in an IP packet header to another static IP address. When a MIP host initiates outbound traffic, the security device translates the source IP address of the host to that of the MIP address…

Read Full Post »

Bots.. a.k.a EA for MT4

Posted in economics, entertainment, finance, investment, knowledge, personal on 3 August 2011| Leave a Comment »

Today i’ve installed 3 EAs on my VM3, although the version is kinda outdated but wth.. newer versions also can’t guarantee future outcomes..  so i’ve decided to test it for a week or two.. i didn’t know i had 69 different EAs all this while (i installed MegaDroid, FapTurbo, IvyBot, so far) .. frankly speaking i just came to know abt automated MT4 bots (and how to install them) a few weeks back.. but at least i’ve started somwhere :s

hopefully it can bring me nice profits, but i feel kinda detached and don’t really expect it to earn me a living.. maybe it’s just a mere curiosity?… 

Read Full Post »