Documente Academic
Documente Profesional
Documente Cultură
Packet Types
Hello Field
Neighborship Failure Reason
How It Works
Advantage
Disadvantage
Distance Cost
(256*10^7/Bandwith+Delay) (100/Bw in mbps)
Load, Reliability, MTU
Trigger update with Delay Trigger LSA with max age 60 Minute
60
Weight (Highest)
Local Preference
(Highest)
Self Originated
AS Path
Origin
MED
External
IGP Cost
EBGP Peering
Roter ID
Unicast
Idle
Active
Connect
Open Sent
Open confirm
Established
Open
Update
Keepalive
Notification
sh ip eigrp neighbors
sh ip eigrp neighbor detail
sh ip eigrp topology
sh ip eigrp interfaces
sh ip protocols
To configure authentication
OSPF states
DOWN - No Hello sent or recived by R1 & R2
ATTEMPT - R1 sent an unicast hello on NBMA network but
no
INIThello
- R1 received
sent a hello to R2, or R2 received a hello from R1, which causes R2 to move into Init state
2-WAY - R2 reply with its own hellow by putting R1 router ID in it, which causes R1 to move into 2-way
Ex-START - Master slave election happens and DBD sequence no. is negotiated
EXCHANGE - DBD (LSDB) Packets are exchanged by R1 & R2
LOADING - LSR and LSU packets are sent if required by R1 or and R2
FULL - Adjacency established and database synchronized
Area Type
Backbone Area (Area 0)
Non-backbone Area (Non Transit Area)
Stub Area
Not so Stuby Area
Totally Stuby Area
LSA Types
Type 1 - Router LSA - Generated by Drother, Advertise Intra Area routes (connected routes), Denoted b
Not flooded outside of area that it originates
Type 2 - Network LSA - Generated by DR, Advertise Intra Area routes, Denoted by O
Not flooded outside of area that it originates
Type 3 - Network Summary LSA - Generated by ABR, Advertise Inter Area routes, Denoted by O IA
Flooded from Area 0 to Non-Transit area and Vice-Vers
Type 4 - ASBR Summary LSA - Generated by ABR, Advertise Inter Area routes, Denoted by O IA
Type 5 - External LSA - Generated by ASBR, Advertise external routes like redistributed routes or
RIP routes into ospf, Denoted by E1/E2, Flooded to all the Area except stub area
Type 6 - Multicast LSA
Type 7 - NSSA External LSA - Generated by , Advertise external routes like redistributed routes or
RIP routes, Denoted by N1/N2
Type 8 - Opeque LSA
Type 9 - Opeque LSA
Type 10 - Opeque LSA
Type 11
To configure ospf
To configure on newer version or or enable ospf on a interface
To configure passive interface
To Disable ospf on R1
To configure virtual-links
sh interface inside
2745 overrun indicates packet drop due to brust of traffic or other reason, Rx ring is full
sh interface inside
2745 underrun indicates packet drop due to high cpu or other reason, Tx ring is full
show traffic - To check historical average packet rates and last 1 min packet rate, This is useful to de
GigabitEthernet1/0:
received (in 25788 secs): 39580 pkts/sec 52128831 bytes/sec
1 minute input rate 144028 pkts/sec, 25190735 bytes/sec
same-security-traffic permit intra-interface - Allow connections to be establish between two host attac
show process cpu-usage sorted non-zero - To check the amount of CPU used on a per-process basis s
PC Thread 5Sec 1Min 5Min Process
0x08dc4f6c 0xc81abd38 14.4% 8.2% 8.0% S SNMP Notify Thread
show conn address 10.50.5.182 - To check Connection flags or connection state, uptime and timeout i
show conn detail - To check Connection flags or connection state, uptime and timeout information, B
show access-list | include elements - To check how many ACEs we have configured on ASA
show local-host detail connection tcp 50 - To check hosts that have more than 50 active TCP connectio
show access-list | grep 10.50.9.15 - To check all the configured access-list that contains 10.50.5.182
capture drops type asp-drop all buffer 1000000 - Capture all frames dropped in the ASP (Accelerated
show capture asp | include 10.50.5.182
show log | include 10.50.5.182
capture drop type asp-drop acl-drop - Capture all frames with a specific drop reason
Packet Tracer - Inject a simulated packet to analyse the behaviour in respect to the associated configu
packet-tracer input inside tcp 10.50.9.15 6517 212.48.7.18 80 detailed - Show detailed internal flow a
packet-tracer input outside tcp 61.16.247.10 1234 10.50.5.85 3389
capture ABC interface inside match ip 10.50.5.182 any host 212.8.6.2 - Displays what packet flowing b
capture XYZ interface outside match ip 10.50.5.182 any host 212.8.56.12
show capture ABC
no capture ABC - To remove capture
TCP Ping - Verify bi-directional TCP connectivity from an ASA to a Server by Injecting a simulated TCP S
ping tcp
Interface: inside
Target IP address: 226.54.5.8
Target IP port: 80
Specify source? [n]: y
Source IP address: 10.50.9.15
Source IP port: 27533
Look for TCP flags or connection state to isolate where communication is gettting stuck
Connection Establishment or build up intiated from Inside host
PC1 send TCP SYN to Google through asa - saA (awaiting SYN ACK, ACK) which means Permit flow and
Google responded with SYN-ACK to client - A (awaiting inside ACK), so asa here matches conn entry, a
PC1 send Acknwledgement to Google - U (up), so asa here create full conn, and update flags to U
PC1 send first data packet to Google - UI (inside data seen), asa here apply stateful checks, and updat
Google send data in response to PC1 - UIO (inside and outside data seen), asa here apply stateful che
Connection Termination Initiated from Inside
PC1 send FIN message or packet to Google via asa - Uf (inside FIN seen), asa apply stateful checks, an
Google responded with FIN ACK to PC1 - UfFR (inside FIN ack, outside FIN seen) asa Transition conn to
PC1 send final ACK to google - UfFRr , asa passes this TCP ACK to server and remove that statefull con
If there is aconnection issue between two host attached with inside and outside of ASA, Th
Check connection Table - To ensure Connections are built and passing traffic through the ASA o these t
Check any kind of packet drop in ASP for these two host
Use packet trace and inject a simulated packet to check if anything is getting blocked by ASA flow
Use packet capture to analyse the traffic passing between these two host
use cisco CLI Analyzer to update the sh tech and look for the result / errors
Object NAT or Auto NAT Configuration 8.3 +
Static NAT
object network COPAL_PROXYSERVER
host 10.50.5.122
nat (inside,outside) static 61.16.247.3
Dynamic PAT (Intercae Overload)
Object Network COPAL_GGN
Subnet 10.50.0.0 255.255.0.0
nat (inside,outside) dynamic interface
Configure the session prompt to indicate failover unit and its state
prompt hostname state priority