Adding Network Objects for Mapped Addresses on CISCO ASA

Here are some general rules for dynamic NAT, you must use an object or group for the mapped addresses. Other NAT types have the option of using inline addresses, or you can create an object or group.
For more information about configuring a network object or group see below.

Guidelines

A network object group can contain objects and/or inline addresses of either IPv4 or IPv6 addresses. The group cannot contain both IPv4 and IPv6 addresses; it must contain one type only.

Clearing, resetting or erasing configuration on Cisco ASA

There are multiple different ways to do that but I prefer this two ways to clear my configuration from ASA.

First [ciscoasa# write erase] and second [ciscoasa(config)# configure factory-default]

There is option for configure factory-default command:

configure mode commands/options:

  Hostname or A.B.C.D  Specify optional management interface IP address

Which one to use, well, both does their job quite good. Clear configuration file to the basic configuration of ASA.

OSPF Virtual Link - CISCO -

The Backbone and Area 0

OSPF has special restrictions when multiple areas are involved. If more than one area is configured, one of these areas has to be area 0. This is called the backbone.

The backbone has to be at the center of all other areas, every other areas have to be physically connected to the area 0 (backbone area). The reasoning for this is that OSPF expects all areas to inject routing information into the backbone and in turn the backbone will spread out that information into other areas. When designing networks it is good practice to start with area 0 and then expand into other areas later on. 

If it is not possible to connect area to the backbone area 0 there is solution for that, we have tool that can be used, and that would be virtual link.

Virtual links are used for two purposes: 

• Linking an area that does not have a physical connection to the backbone.              

         See Example 1.

• Patching the backbone in case discontinuity of area 0 occurs. 

         See Example 2.

Private VLANs

Private VLANs were developed to provide the ability to isolate end hosts at layer two.

Types of PVLAN:

•      Primary

•      Secondary (sub-vlans)

Secondary VLAN Types:

•     Isolated

•     Community

Port Types:

•     Promiscuous

•     Isolated

•     Community 

Configuring IPv6 on Cisco Switch 3750V2

IPv6 addressing and unicast routing are disable by default on Cisco switches, all  those features has to be enabled before we can configure them.

Here is default IPv6 configuration:

Feature	Default Setting
SDM template	Advance desktop. Default is advanced template
IPv6 routing	Disabled globally and on all interfaces
CEFv6 or dCEFv6	Disabled (IPv4 CEF and dCEF are enabled by default) Note    When IPv6 routing is enabled, CEFv6 and dCEF6 are automatically enabled.
IPv6 addresses	None configured

No, SDM is not Security Device Manager, this actually stand for Switch Database Manager.

SDM templates are used to configure system resources in the switch to optimize support for specific features and to balance resources, in this case we are going to use for IPv6. For more details about SDM template go to: Cisco doc about SDM Template

HSRP Configuration

This going to be straightforward configuration. But at beginning lets see some default values for HSRP and states of device with enabled HSRP.

Default HSRP Configuration

Feature	Default Setting
HSRP groups	None configured
Standby group number	0
Standby MAC address	System assigned as: 0000.0c07.acXX, where XX is the HSRP group number. The HSRP Version 2 uses a new MAC address range 0000.0C9F.F000 to 0000.0C9F.FFFF. Your MAC address corresponds to the standby group number
Standby priority	100
Standby delay	0 (no delay)
Standby track interface priority	10
Standby hello time	3 seconds
Standby holdtime	10 seconds

HSRP States

When in operation, HSRP devices are configured into one of many states:

• Active – This is the state of the device that is actively forwarding traffic.
• Init or Disabled – This is the state of a device that is not yet ready or able to participate in HSRP.
• Learn – This is the state of a device that has not yet determined the virtual IP address and has not yet seen a hello message from an active device.
• Listen – This is the state of a device that is receiving hello messages.
• Speak – This is the state of a device that is sending and receiving hello messages.
• Standby – This is the state of a device that is prepared to take over the traffic forwarding duties from the active device.

BGP Route Reflector – Juniper

Configuring IBGP can be very painful because every router in network has to have peering session that must be manually configured and full mash is a must for IBGP.
There is a formula that you can calculate how many sessions is needed in network. Let’s say that you have 10 routers and that you have configure peer sessions with all routers in AS.
N*(N-1)/2
N represent total number of routers in AS. For example let’s say that we have 10 routers, we come up to 45 sessions that must be configured.
There is tool that help as to reduce number of needed sessions in network and that is route reflector.
Route reflection allows creating peer relationships only with designated route reflector router.
In that case you will need only IBGP peer session between route reflector clients and selected route reflector router.
Router reflector and router reflector clients must be in the same cluster.
You can have more than one router reflector router under same AS, also to enable connectivity for router reflector client and nonclient routers under AS, route reflector router must be full meshed with all routers in AS.

BFD Bidirectional Forwarding Protocol - Juniper

Under Junos there is several HA (High Availability) features, like NSR, Graceful Restart, Graceful RE Switchover and of course BFD. I’ll be briefly write about it and I’ll configure it on two Juniper routers under OSPF process.

What the BFD is actually?

Bidirectional Forwarding Protocol is protocol that is used to detect faults between two forwarding engines connected by link.

BFD is vendor and protocol independent and operates on top of any data protocol (network layer, link layer, tunnels, etc.)  It is very light weight on resources (CPU, Memory) in compered with other protocol faults mechanism, such Hello under OSPF which is very slow compared with BFD.

The benefits of BFD are that provide a single method for managing protocol timers.

Supported protocols are:

• OSPF
• Static
• IS-IS
• RIP
• iBGP
• EBGP
• RSVP