timers shold match

area no
area type
check if the acl is not blocking ssh
you can also check if ssh is allowed on vty lines by default transport input
show line to check which protocols are enbaled
ifwe need to kick some connection s
show line
clear line
mak sure correct ssh version and packeet size is there
so do check acls if ssh is not blobked there
also do check if ssh is nenabled on vty line as trasport input is going to limit
the protocols
show line to check what is enables
if the lines are busy and we want to clear the lines show line and clear line is
used then
make sure correct version if ssh is running and that correct packet size has bee
n set as well
if wrong authentication
virtula ip ar ewrogn then there be log messages about them
the different versions of hsrp are not compatible with each other
if wring group configured then dulicate addresees
if the wrong group config then the duplicate address problem will happen
if authen wrong then message will appear
wrong setting of the hsrp group log message will appear
two versions 1 and 2 are not compatible with each other
show standby is going to show a lot of info
line active ip mac adres
active router timers etc
incorrect routing information could be sourced from either the wrong devive atta
ched or it could also be sorced from normal device but its acting starange at th
e moment

its always better to manually configure the nrighbors instead of leaving this to
a routing protocol
so automatic discovery of neihbors on protocold try to dsiable that
and then manually config the neighbor and when done in eigrp then eifrp will do
the neighbor communication through unicast instead of
errored rouitng info can be generated from a peer which is falsly attaced from a
good peer for some reason propaagting wrong information
in ospf twomethids of auth eitehr teh whole area or the interfaces indi
eigrp and rip are doing auth on per interfaces base
in bgp we have to soecify the auth on the router config level for the whole devi
ce
so ospf will either have auth on the area base or it could also be on the interf
ace base
on eigrp and rip its always the interface base auth
bgp the auth is applied on the router config level so for the whole router at on
ce
vrrp problems coould be very similar to hsrp
there is virtal ip which could have been applied wrong
there is group id which could have been applied wrong
authentication is wrong
advert timers are wrong
acls blockage
virtual ip wrong
groupp id wrong
advert timers wrong
authe problems
acl
show vrrp brief a concise view of all the interfaces on the vrrp and config
show vrrp int on per int basis and what config on per interface
debug vrrp events , debug vrry errors, debug vrry state
debug vrrp all
debug vrrp pacekts and debug vrrp events
show vrrp brief show vrrp int

debug vrrp events debug vrry errors debug vrrp state debug vrrp all
debug vrrp packets debug vrrp events
debug vrrp auth
trunk mode
allowe vlan
native vlan
encap
state negotiation protocols for etherchannels are
pagp which is cosco
lacp open standard
no protcol
staes which will form etherchannel are
for pagp desi desi des auto
for lacp act act act pass
for no pro on on
for
link nego titation pro for ether
paggp lacp no
desir desi desi auto
active active
active passive
on on
hsrp and glbp that they will not allow virtual ip to be assigned to one of the r
outers while vrrp will do that and thats master router
vrrp will preempt default other two not
glbp can use four routers simu to forwars hence load blanacing
hsrp and glbp had longer timers and vrrp has shorter timers
so vrrp will allow virua; ip to be assigned to the router
but glbp and hsrp wll not and vrrp that will be the master router
vrrp will preempt fdeault other two wont
glbp will allow upto 4 routers forward simu therefore load balancing other ttw d
ont

timers on vrrp are shorter while the timers on otehr two longer
glbp is cisco pro as well
it have got inbuilt load means up 4 routers cab forward for each group
common proble
virtal ip wrong
group wron
auth wrong
preemt not done pro
acls blockin
so glbp is cisco pro just like fhrp
has built in load sharing and is going to allow 4 routers to foewar for each gro
up
wtong group assif
wrng ip assigned
auth pro
prempt prob
acls block
to get to know wjhts going
show glbp brief
show glbp stat
debug glbp paclet evern error all terse
show glbp breif
show glbp int
debug glbp pac een erro all terse
is enable per vlan basis
is a securitymeasure to aoid rouge dhcp servers to participate in the dhcp proce
ss
so certain
on trusted
and on non
ay so they

interfaces are trusted and no trusted

all dhcp messages can pass
trusted only discover and request can pass which client messages anyw
are not

so trusted itefaces are the towards sereer uplink towards the server
dhcp snoopong will also built a binding database which will include the port no,
ip address assigned, mac address, vlan, host associated with, lease time, bindi
ng type
and then this all information is used to other security as arp inspection dynami
c
dhcp can also be used to limit dhcp messages maybe to lower the traffic of the n
etwork
dhcp snoping will keep a binding databse port host ip mac vlan bind type lease a
nd this can be used by other security tools
it cam also be used to limit the messages travelling in the network

ip dhcp snooping vlan vlan 10

ip dhcp snooping
ip dhcp snooping vlan ...
ip dhcp snooping trust
ip dhcp snooping limit rate ...
ip dhcp snooping
ip dhcp snooping vlan ..
ip dhcp snooping trust
ip dhcp snooping limit rate ...
ip dhcp snooping limit rate
...
eigrp ip could be wring subnet could be wrong
physical problem
network wrong config
k values are different on the neigh ki 1nad k3 equal to 1 are 0
acl could be blocking
passive interafce on wrong interface
incorrect as
so it could be the wrong network statemet
mismatch k values
as mismatch
ip subnet
physical
acl
passive interface on wrong inter
auth mismatch
show ip protocols
show ip eigrp int
show ip eigrp neighbors

debug ip eigrp packets

show ip protocols
show ip eigrp int
show ip eigrp neighbors
debug ip eigrp packets
neighbor .... distribute-list .... in\out
they are eitehr standard for prefix only or extended for prefix and mask both
prefix list
neighbor ... distribute-list ...... in \ out
prefixes are used instead of regular ip on acl tehrefroe more easily handled by
cisco devices
neighbor ... route-map .... in\out
they are there to filter the information also on the base of bgp attributes
neighbor ... filter-lst ....
to filter the bgp updates coming from other neighbors
distribute list
nei .. dis-lis acl
standard ad entended stan is for just prefix an extended for prefic and mask bot
h
neih .. dis -list ...
they are gonto have pre instea ip in al therfeore more effecien
nei .. rout-ma ...
neig .. filer-list as acl
show ip bgp is the whole table
show ip bgp summary
and its going to show the details about the neighbors which are connected and wi
ll also show details about teh particular sessions which have been going on
show ip bgp neighbors ... routes or advertise-routes routes are the ones going t
hrougb ths neighbor and advert are the ones which are advert by us
debug ip bgp updates
debug ip bgp events
show ip bgp
show ip bgp summary

show ip bgp neighbor ... routes | advert routes

debug ip bgp updates and events
server is going to sync time with a tused source
client is going t sync with the sever
packet auth is enabled and theerfore we have to be careful about mismatch
clock timezone for timezone
clock summer-time ... recurring for daylight
clock summer-time ... recurring for daylight
if
so building an easy to understand disaster plan
smae with rest of the documentation and it has to be up to date as well
redundancy at critical ponts in the network so that there is no one device failu
re in the network
network disgrams physical yoplogy and the logical topoly
equipment information devices \names, serial numbers, specs , license ,
path level , software version ,
layout circuits, isp connections, patch information
devices configs
baseline information
ip addressing information
ip addressing scheme with ip addresses and subnet masks
ip addressing has to be up to date with all current ip addresses
and subnetting and subnets
inter vlan routing is done on the mutilayer switch
whenn its done on the router which is connected through a trunk to layer 2 switc
h then its router on a stick
we can convert physical ports on mutolayer switch to routing ports through no sw
itchport command
we can have layer 3 interfaces associted with the vlans in order to do that we i
nt vlan ...
and the layer 3 int wil be up as long as there is only one port active in the vl
an
so svi is the layer 3 interface attached to the vlan
int vlan ...
up as long as there is just one the svi will keep up
routing has to be enabled through ip routing

show vlan brief

show vlan
show interface trunk
show ip int
show vlan
show vlan brief
show ip int
show int trunk
show vlan
show vlan brief
ip name-server ....
is going to translate whole we names to ip
no ip domain-lookup to start or stop domain translations
problems could be there no dns ser er setup
there is wrong wrong ip config
we can confirm if the server is there through running config
there could be no dns server installed find through running config
there could be wrong ip configured
can check dns status on a client pc through ip config all
if ip domain list is configured then default domian name is not going to be used
dns deafult is not going to be usd ip domain list has brrn configured
if certain dns addresses are failing then it could be the dns server problem
if dns server is reachable but still its not resolving the addresses then there
could be an acl blocking dns traffic whih is port 53
so if certain domains are failing then it could be the dns server issue
if dns server is reachable but resolution os failing then its most probab acls b
locking dns traffic
if ip domain lists are configured they will change the default domain names
there are two commands copy and configure replace
so coy is going to merge with the source and destination both and tehrefore does
n not necessarily need to be a complete config

configure replace is going to compare the two configs and then start copying and
therefore it has to be a complete config file with all the configs already been
there
it may replace the whole thing
so copy and configure replace are two different ways of copying the configs to t
he other device
copy doesn not ned to be a complete config as its going to merge the two things
so does not need to complete config
configure replace is going to to do the comaprison before its going to cpy te th
ing from source to the destination therefore has to be a complete config all tog
ether no matte what terfore two commands are diffeent from each other
automatic fallback methods are used to return the device back to a state which w
as workignand stable and was changed due to some change on the device
so as long as changes are not saved when reload will hit it will change the sett
ings back to the stable ones two commnads
reload in this much time and reload at this time
even if the changes made connection loss still when the reload hits it will retu
rn the connectivity back to the device
automatic fallback methods are reload in this much time
reload at ... this time
when we set this before making chnages to the device and the confg has made unde
sirable changes then when reload hits the device will get back to the stable pos
ition
even if the connectivity is lost due to config the device when hit the reload wi
ll get the connectivity back
if config is successful thenwe can defintely try reload cancel to cancel reload
using configure replace with fallback
configure replace url time ....
we use this whe we donot want startup config to replace instead this file locate
d at this location
in this much time
if config is successfull then we can use configure confirm
if we need that earlier then we use configure revert now