Sunday, January 11, 2015

3560 QOS Notes







Both the ingress and egress queues are serviced by SRR, which controls the rate at which packets are sent. On the ingress queues, SRR sends packets to the internal ring. On the egress queues, SRR sends packets to the egress port. 

You can configure SRR on egress queues for sharing or for shaping. However, for ingress queues, sharing is the default mode, and it is the only mode supported.

In shaped mode, the egress queues are guaranteed a percentage of the bandwidth, and they are rate-limited to that amount. Shaped traffic does not use more than the allocated bandwidth even if the link is idle. Shaping provides a more even flow of traffic over time and reduces the peaks and valleys of bursty traffic. With shaping, the absolute value of each weight is used to compute the bandwidth available for the queues. 

In shared mode, the queues share the bandwidth among them according to the configured weights. The bandwidth is guaranteed at this level but not limited to it. For example, if a queue is empty and no longer requires a share of the link, the remaining queues can expand into the unused bandwidth and share it among them. With sharing, the ratio of the weights controls the frequency of dequeuing; the absolute values are meaningless. Shaping and sharing is configured per interface. Each interface can be uniquely configured.




Selective Packet Discard is the queue management technique for interface input queueing. The SPD commands are hidden in the IOS parser, but you can see them in the running configuration once you enter them. By default SPD is enabled in Normal mode. The following is the list of SPD commands:
spd enable
spd headroom 
spd extended-headroom 
ip spd mode aggressive
ip spd queue max-threshold 
ip spd queue min-threshold  
SPD input queuing (Selective Packet Discard) is desirable for a number of reasons. The first is for control plane security. It’s possible to block the router’s input queue with a high rate of malformed packets, which effectively blocks legitimate routing traffic. The result is a control plane DoS against the router. The next reason is for layer 2 keepalive, IGP, and BGP traffic separation.
Note the important fact that SPD thresholds are global for all queues. SPD computes Min and Max thresholds based on the lowest hold-queue size in the system. Therefore if you set the hold queue size lower on some interfaces, you will affect all other interface drop thresholds.

CCIE R&S 5.0 Virtual LAB Setup via VMware and 3560 Switches and more

If you are looking for a STEP by STEP of initial install please see the excellent link below:

http://ithitman.blogspot.com/2014/11/ccie-v5-ine-home-lab-part-1-configuring.html

What you need:


1. Any PC with 32 gig of RAM [ more ram if you want to make more routers. 2.5 Gig per router is recommended although you can get away with 2Gig. ]

2. 500 Gig of hard-disk [ would suggest raid 5 if you can afford it and 3 disks of 500 gig. Typically 8 to 10 Gig per router, 110 Gig for Linux host ]

3. CPU: anything quad core, or dual core with 2.1 GHz CPU clock rate should do.

4. FOUR 3560 Switches [ The X versions is better, but too expensive, so no X will do here :-) ]

5. At least TWO Ethernet ports. [ I used 6 just to make the routers reachable via public net and create scenarios like each switch having it's own 'trunk' connection or  access vlan setup for each router, etc, to really simulate complex L2 scenarios beyond the simple trunking stories in the practice labs; hay gotta push the limits!  This is CCIE]

6. CD/DVD/USB/PXE or any external device that the PC can be booted from for installing OS on the bare bone box the first time.

7. VMware ESXi version 5.5 or later.

8. VMware Vsphere to manage the virtual hosts from a PC running Windows.

9. Linux OS in CD or ISO format for tcpdump/wireshark, tftp, telnet, ssh, tclsh, VNC and other tools that come with the OS for FREE.
You can use Windows OS if you prefer that, but you need to pay for the OS and hunt the other software yourself.

Summary of steps for the impatient:
---------------------------------------
1. install ESXi on the PC; free download.  Assign an IP, user/pass.
https://www.vmware.com/go/get-free-esxi

2. install Vsphere on a Windows machine that can reach the ESXi, aka Hypervisor box using the Assigned IP in previous step.
I believe it is licensed, but you can use a trial version for few weeks before buying it.
https://my.vmware.com/group/vmware/info?slug=datacenter_cloud_infrastructure/vmware_vsphere/5_5

3. download Cisco CSR images for VMware, aka .ova file; you'd need to have a registered user account to download this. The file name below, do a search on it to learn more and pick the version you want.  csr1000v-universalk9.03.13.01.S.154-3.S1-ext.ova

Old document with *some* relevant info, just in case you have time to look at a lot of redundant details ;-).
http://www.cisco.com/c/en/us/td/docs/routers/csr1000/software/configuration/csr1000Vswcfg/installesxi.html

4. put it all together; using Vsphere client application:

- Install the OVA file, aka CSR image for VMware guest OS. Repeat for as many routers as you want or have hardware to support it.
- Create a Virtual Switch and put the 2nd NIC card as the Gige 1 interface/vmnetwork2.
- Connect the 2nd NIC physically to one of the 3560 switches; enable cdp, dot1q trunk on the switch.
- Enable 'promiscuous' mode and 'all vlans' in Virtual Switch so everyone can see everybody. 


- I used 4 ports to connect to 4 switches for various scenarios.
- Planning to use 'ifconfig alias' on Linux interfaces so each Ethernet port on Linux can have multiple ip addresses; limit is 255 I think.  Will post any gotchas.

The final install should look something like so:

SW1#sh ver | i image
System image file is "flash:c3560-ipservicesk9-mz.150-2.SE6"
SW1#
SW1#sh int gi0/1 trunk

Port        Mode             Encapsulation  Status        Native vlan
Gi0/1       on               802.1q         trunking      1

Port        Vlans allowed on trunk
Gi0/1       1-4094

Port        Vlans allowed and active in management domain
Gi0/1       1,1000-1001,2000

Port        Vlans in spanning tree forwarding state and not pruned
Gi0/1       1,1000-1001,2000
SW1#
SW1#sh arp            
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  155.1.37.7              -   001d.a1f2.73c1  ARPA   GigabitEthernet0/3
Internet  192.1.1.1              40   000c.29d8.ba5a  ARPA   Vlan1
Internet  192.1.1.2              56   000c.2987.d997  ARPA   Vlan1
Internet  192.1.1.3              30   000c.29ee.68e2  ARPA   Vlan1
Internet  192.1.1.4             142   000c.29b7.9a6b  ARPA   Vlan1
Internet  192.1.1.5             131   000c.2993.b3c8  ARPA   Vlan1
Internet  192.1.1.6              65   000c.29a7.e3ef  ARPA   Vlan1
Internet  192.1.1.7              17   000c.2918.3a40  ARPA   Vlan1
Internet  192.1.1.8             132   000c.29fc.3bf6  ARPA   Vlan1
Internet  192.1.1.9              29   000c.2984.b56b  ARPA   Vlan1
Internet  192.1.1.10            228   000c.2923.17a7  ARPA   Vlan1
Internet  192.1.1.11             22   000c.2995.10b0  ARPA   Vlan1
Internet  192.1.1.12            140   000c.29e8.6db3  ARPA   Vlan1
Internet  192.1.1.13             58   000c.2964.64a4  ARPA   Vlan1
Internet  192.1.1.14            137   000c.29ec.800d  ARPA   Vlan1
Internet  192.1.1.15            130   000c.2991.9b22  ARPA   Vlan1
Internet  192.1.1.16            146   000c.2958.33f9  ARPA   Vlan1
Internet  192.1.1.17              1   000c.2922.7a53  ARPA   Vlan1
Internet  192.1.1.18              1   000c.299c.7e2b  ARPA   Vlan1
Internet  192.1.1.19              8   000c.2927.d87b  ARPA   Vlan1
Internet  192.1.1.20              2   000c.290e.b4c9  ARPA   Vlan1
Internet  192.1.1.21              -   001d.a1f2.73c0  ARPA   Vlan1
Internet  192.1.1.22            125   001d.e628.a240  ARPA   Vlan1
Internet  192.1.1.23            122   001d.a170.3c40  ARPA   Vlan1
Internet  192.1.1.24            142   001d.a1f2.7540  ARPA   Vlan1
Internet  192.1.1.254             1   000c.2963.d85a  ARPA   Vlan1
SW1#



Some output to match when you run into an issue:

R1#sh plat      
Chassis type: CSR1000V           

Slot      Type                State                 Insert time (ago)
--------- ------------------- --------------------- -----------------
R0        CSR1000V            ok, active            2d08h        
F0        CSR1000V            ok, active            2d08h        

R1#
R1#sh ver | i CSR
Cisco IOS Software, CSR1000V Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 15.5(1)S, RELEASE SOFTWARE (fc5)
cisco CSR1000V (VXE) processor (revision VXE) with 785444K/6147K bytes of memory.
R1#


Here is capture from the router which is exported to the Linux host over the same Gig1.

R1#monitor capture 1 control-plane both int gig1 both    
Control plane already attached in IN, changing direction to BOTH

R1#monitor capture 1 match any
R1#monitor capture 1 start
R1#
%BUFCAP-6-ENABLE: Capture Point 1 enabled.
R1#
R1#sh monitor cap 1 buffer
 buffer size (KB) : 10240
 buffer used (KB) : 128
 packets in buf   : 1017
 packets dropped  : 0
 packets per sec  : 4

R1#

R1#monit cap 1 export tftp://brick/tftp/iospcaps/control-plane-capture.pcap  
!
Exported Successfully

R1#
R1#exit
Connection closed by foreign host.
bastion:/data/tftp/iospcaps/$ ls -l
total 188
-rw-rw-rw- 1 opentftp root 188701 Jan 10 22:12 control-plane-capture.pcap
bastion:/data/tftp/iospcaps/$
bastion:/data/tftp/iospcaps/$ ifconfig eth1 | grep Bcast
          inet addr:192.1.1.254  Bcast:192.1.1.255  Mask:255.255.255.0
bastion:/data/tftp/iospcaps/$ 




 

Customizing configs

- Linux host at 192.1.1.254
- R1 through R20 at 192.1.1.1-20
-SW1 through 4 at 192.1.1.21-24
-tftp server at 192.1.1.254/tftp/*

Here is a quick 5 minutes script to convert the initial configs for various scenarios into what I need; namely, Gig1 needs an ip to be reachable from the Linux host.  Note that if Gig1 has no IP address, you lose your connection to the router which obviates running Vsphere and console connection....

You can use Virtual Serial console on ESXi, but needs a license, so telnet/ssh will do.

- using Gig1 as the management interface.
- adding my configs like ntp, ip hosts, history size, etc, [ hey Unix guy doesn't type if he/she doesn't have to ;-). ]
bastion:/data/tftp/ineconfigs/advanced.technology.labs/basic.bgp.routing/$ cat ~/bin/reconfig.sh

#!/usr/local/bin/bash
#
# add ip address for gige one so telnet would work, remove 'no ip add' and 'end' words.
# append my nifty configs
#
echo " running dos2unix removing Windowz thingy \r\n"
/usr/bin/dos2unix ./R*

echo " running sed to add vty ip address, remove no ip and add myconfig below"

MYCONFIG="
clock timezone PST -8 0
logging buffered 10000
no ip domain lookup
ip host muck 192.1.1.254
ip host brick 192.1.1.254
ip host bastion 192.1.1.254
!
ipv6 unicast-routing
!
no ip domain lookup
ip domain name cisco.com
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
 stopbits 1
line vty 0 4
 exec-timeout 0 0
 privilege level 15
 logging synchronous
 no login
 length 33
 width 0
 history size 256
!
ntp server 192.1.1.254
"
# Note the zero in sed command to replace ONLY the first occurrence; man took me some searchin ;-).

for i in `seq 10`;
    do
    sed -i -e "0,/GigabitEthernet1/s//GigabitEthernet1\n ip address 192\.1\.1\.$i 255\.255\.255\.0/" -e "s/no ip address//" -e "s/end//" R$i.txt;
    echo "$MYCONFIG" >> R$i.txt;
    done

echo " cleaning the directory and moving the fixed up configs to /data/tftp/iosconfigs/cur"
ls -l /data/tftp/iosconfigs/cur/*
rm /data/tftp/iosconfigs/cur/*
cp ./R* /data/tftp/iosconfigs/cur/
ls -l /data/tftp/iosconfigs/cur/*
pwd

#put some error checking when have time and make it more flexible!



On the router to replace the config with mine.  IOS is funny with copy command unlike XR which has much much better facilities for config management.

R10#config repl tftp://brick/tftp/iosconfigs/cur/R10.txt
This will apply all necessary additions and deletions
to replace the current running configuration with the
contents of the specified configuration file, which is
assumed to be a complete configuration, not a partial
configuration. Enter Y if you are sure you want to proceed. ? [no]: yes
Loading tftp/iosconfigs/cur/R10.txt from 192.1.1.254 (via GigabitEthernet1): !
[OK - 5040 bytes]

Loading tftp/iosconfigs/cur/R10.txt from 192.1.1.254 (via GigabitEthernet1): !
Enter configuration commands, one per line.  End with CNTL/Z.
Warning: The input license udi(CSR1000V:9Y9VCZ8B841) differs from the platform udi(CSR1000V:97F7HDB8UH1).% use 'write' command to make license boot config take effect on next boot
... output snipped ...



How to access everything:

- Install VNC SERVER,  on the Linux Virtual host.
- Install VNC VIWER on your laptop/desktop/access computer and your rack is just couple of clicks away.
- Start working on the lab scenarios and when you get tired, just close the vnc, the next time you come back to the vnc, it has kept EVERYTHING where you left it off.













Monday, March 17, 2014

Traceroute return code


c
Description
nn msec
For each node, the round-trip time in milliseconds for the specified number of probes
*
The probe timed out
A
Administratively prohibited (example, access-list)
Q
Source quench (destination too busy)
I
User interrupted test
U
Port unreachable
H
Host unreachable
N
Network unreachable
P
Protocol Unreachable
T
Timeout
?
Unknown packet type

Tuesday, September 10, 2013

Services -- archive command on 3560 switches

Note the image name which is a special tarballed file.
It won't work if you just tarball the 'bin' version.
Also note the unsaved config stops the reload option, log entry down below.

SW3#sh ver | i image
System image file is "flash:c3560-ipservicesk9-mz.122-55.SE5.bin"
SW3#
SW3#SW3#archive download-sw ?
  /allow-feature-upgrade  Allow installation of image with different feature sets
  /directory              Specify a directory for images
  /force-reload           Unconditionally reload system after successful sw upgrade
  /force-ucode-reload     Upgrade UCODE after successful sw upgrade and before an unconditional reload
  /imageonly              Load only the IOS image(s)
  /leave-old-sw           Leave old sw installed after successful sw upgrade
  /no-set-boot            Don't set BOOT -- leave existing boot config alone
  /no-version-check       skip version check that prevents incompatible image install
  /overwrite              OK to overwrite an existing image
  /reload                 Reload system (if no unsaved config changes) after successful sw upgrade
  /safe                   Always load before deleting old version
  /upgrade-ucode          Upgrade UCODE after successful sw upgrade (no reload)
  flash:                  Image file
  ftp:                    Image file
  http:                   Image file
  https:                  Image file
  rcp:                    Image file
  scp:                    Image file
  tftp:                   Image file

SW3#archive download-sw


SW3#archive download-sw /reload tftp://1.41.36.254/tftp/iosimages/c3560-ipservicesk9-tar.122-44.SE6
Loading tftp/iosimages/c3560-ipservicesk9-tar.122-44.SE6 from 1.41.36.254 (via Vlan1): !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
[OK - 12994560 bytes]

Loading tftp/iosimages/c3560-ipservicesk9-tar.122-44.SE6 from 1.41.36.254 (via Vlan1): !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
examining image...
extracting info (110 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/info (456 bytes)
extracting info (110 bytes)

System Type:             0x00000000
  Ios Image File Size:   0x00A20A00
  Total Image File Size: 0x00C62200
  Minimum Dram required: 0x08000000
  Image Suffix:          ipservicesk9-122-44.SE6
  Image Directory:       c3560-ipservicesk9-mz.122-44.SE6
  Image Name:            c3560-ipservicesk9-mz.122-44.SE6.bin
  Image Feature:         IP|LAYER_3|PLUS|SSH|3DES|MIN_DRAM_MEG=128

Old image for switch 1: unknown

Extracting images from archive into flash...
c3560-ipservicesk9-mz.122-44.SE6/ (directory)
extracting c3560-ipservicesk9-mz.122-44.SE6/c3560-ipservicesk9-mz.122-44.SE6.bin (10613867 bytes)
c3560-ipservicesk9-mz.122-44.SE6/html/ (directory)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/title.js (577 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/fpv.js (40716 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/toolbar.js (6383 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/more.txt (62 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/helpframework.js (865 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/combo.js (9353 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/layers.js (1616 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/forms.js (13756 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/graph.js (39650 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/graph_dash.js (18865 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/framework.js (24955 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/appsui.js (1749 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/sorttable.js (48234 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/sitewide.js (12467 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/ajax.js (28348 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/stylesheet.css (22059 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/topbanner.htm (38074 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/legend.htm (6645 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/smartports.shtml (81218 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/border.htm (251 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/portset.shtml (67018 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/cna_upgrade.htm (5641 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/monitordata.shtml (47817 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/reset.htm (6490 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/express-setup.htm (6825 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/bottombanner.htm (4108 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/telnet.shtml (5867 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/redirect.htm (1018 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/xhome.htm (10216 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/resettimer.htm (4366 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/archivestatus.shtml (2379 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/preflight.js (17121 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/sslhome.shtml (7174 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/homepage.htm (471 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/port.js (29 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/status.htm (8107 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/reloadstatus.shtml (846 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/resettimer.shtml (6905 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/portruntime.shtml (40479 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/reloadstatus.htm (425 bytes)
c3560-ipservicesk9-mz.122-44.SE6/html/en/ (directory)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/en/re_smartports.js (4868 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/en/charset.js (333 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/en/troubleshooting_Browser.htm (3134 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/en/re_menu.js (1281 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/en/re_xsetup.js (19856 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/en/troubleshooting_OS.htm (2569 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/en/re_portstatistics.js (1559 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/en/re_framework.js (6052 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/en/re_health.js (1893 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/en/re_portset.js (2688 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/en/troubleshooting_JavaScript.htm (8020 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/en/re_softwareupgrade.js (5872 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/en/re_preflight.js (3853 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/en/re_dashboard.js (2961 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/en/re_fpv_title.js (3700 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/en/re_portruntime.js (739 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/softwareupgrade-top.js (7179 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/menu.css (1654 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/softwareupgrade-top.shtml (38094 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/toolbar.shtml (17119 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/back.htm (515 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/empty.htm (313 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/upgradestatus.shtml (564 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/menu.shtml (8022 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/health.htm (31818 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/menu.js (9207 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/portstatistics.shtml (21548 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/softwareupgrade.htm (1804 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/dashboard.shtml (116679 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/printframe.htm (369 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/topbannernofpv.shtml (12680 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/const.htm (556 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/nsback.htm (519 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/setup_report.htm (12661 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/frmwrkResource.htm (796 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/discover.shtml (22892 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/portstats.js (8316 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/xsetup.shtml (106942 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/smartports.js (36505 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/discover.js (43809 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/xsetup.js (71251 bytes)
c3560-ipservicesk9-mz.122-44.SE6/html/help/ (directory)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/help/xsetup_help.htm (896 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/help/xsetip.htm (5226 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/help/ip_help.htm (12891 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/help/reset.htm (3124 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/help/helptoolbar.shtml (8058 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/help/help.htm (1557 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/help/support.shtml (5360 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/help/pstats.htm (12617 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/help/cna.htm (2743 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/help/toc.shtml (8618 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/help/telnet.htm (3523 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/help/about.htm (20223 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/help/xsetstd.htm (18416 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/help/psmart.htm (16121 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/help/upgrade.htm (4738 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/help/dashbrd.htm (21690 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/help/xsetinit.htm (12560 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/help/trends.htm (6302 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/help/support.htm (3696 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/help/pstatus.htm (6843 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/help/psets.htm (5259 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/help/legend.htm (25687 bytes)
c3560-ipservicesk9-mz.122-44.SE6/html/images/ (directory)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/ambergreen1pix.gif (91 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/grn_vertlines_top.gif (948 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/blackamber1pix.gif (91 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/print_on.gif (1909 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/dashboard.gif (15043 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/spMultiple.gif (1087 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/linkfaulty_bead.gif (954 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/122085.gif (0 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/sfp_side_tx_gray.gif (155 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/help_off.gif (1188 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/meter_yellow.gif (59 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/blinkgreenfast1pix.gif (91 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/toolbar_back.gif (908 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/temp.gif (1717 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/spSwitch.gif (1095 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/bar_lg.gif (1391 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/c356048_4T.gif (19492 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/toolbarButtonDownRight.gif (188 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/comboArrow.gif (881 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/dc_in.gif (835 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/spacer.gif (49 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/fatal_error_big.gif (271 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/internal_gray.gif (127 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/pngsuccess.gif (1612 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/port_label_25.gif (830 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/confirm.gif (515 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/faulty_bead.gif (324 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/temp_yellow.gif (1686 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/legend_off.gif (1158 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/10gig_gray.gif (225 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/gbic_rxr_for_legend.gif (1025 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/C3560_12D.gif (7377 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/fatal_error.gif (719 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/port_label_14.gif (828 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/blinkamber1pix.gif (91 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/141282.gif (2882 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/131081.gif (1320 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/10gb_sfp_type2_Vertical_gray.gif (257 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/10gig_empty.gif (199 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/c3580_48_PoE.gif (18279 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/pngfailure.gif (1742 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/fx_inverse_sidegray.gif (122 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/smartports.gif (637 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/top_left.gif (45 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/sfp_tx_gray.gif (155 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/port_black_label_1.gif (823 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/sfp_side_gray.gif (217 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/cna_download_splash.gif (44862 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/c356048_4p.gif (19954 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/131077.gif (975 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/fan_animation.gif (4023 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/gbic_rzr_gray.gif (132 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/question.gif (405 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/bar_green.gif (1415 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/spPressedAccess.gif (1066 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/help.gif (563 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/131075.gif (1223 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/black.gif (35 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/sitewide_print_off.gif (905 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/update.gif (596 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/tab_right_active.gif (862 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/dkgreenmask28_upright.gif (149 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/help_on.gif (1734 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/down_arrow.gif (837 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/cna_icon3.gif (1196 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/c3560_mode.gif (900 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/linkup_bead.gif (321 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/tab_right_inactive.gif (922 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/tab_left_inactive.gif (919 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/sideinverse_gray.gif (133 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/ip_fig3.gif (9178 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/fpanel.gif (6389 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/port_label_28.gif (830 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/refresh_off.gif (1329 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/bar_lg2.gif (1385 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/sfp_sideinverse_gray.gif (215 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/10gig_base.gif (303 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/spAccess.gif (1062 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/spPressedMultiple.gif (1096 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/port_label_50.gif (828 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/gray.gif (135 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/spGuest.gif (1040 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/print_off.gif (1319 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/whitemask11_botleft.gif (62 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/legend.gif (167 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/toolbar_forward.gif (906 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/icon_popup.gif (379 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/hb_gray.gif (115 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/fx_gray.gif (121 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/c3580_mode.gif (900 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/tab_bg_active.gif (827 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/fx_sidegray.gif (120 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/cwdm_led_gray.gif (91 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/mdarrow.gif (101 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/sfp_sideinverse_empty_gray.gif (165 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/sfp_side_empty_gray.gif (165 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/gbic_cwdm_gray.gif (184 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/refresh_on.gif (2041 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/cwdm_led_big_gray.gif (99 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/port_label_13.gif (828 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/blinkred1pix.gif (91 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/141281.gif (3101 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/131080.gif (1182 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/c356024g_4p.gif (23186 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/up_arrow.gif (837 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/comboPressedArrow.gif (862 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/tab_left_active.gif (852 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/spPressedServer.gif (952 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/bar_yellow.gif (1145 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/upgrade.gif (1167 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/led_gray.gif (45 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/smartports_on.gif (1918 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/sfp_gray.gif (207 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/warning_big.gif (296 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/122353.gif (3132 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/c3560G48_4TS.gif (19680 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/pixel.gif (49 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/menu_monitor.gif (1576 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/spPressedPrinter.gif (1072 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/mleaf.gif (104 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/c3580_24.gif (20670 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/port_label_49.gif (828 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/spServer.gif (937 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/cna_icon2.gif (1185 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/122338.gif (19666 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/toolbar_button_left.gif (298 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/tab_bg_inactive.gif (931 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/toolbar_print.gif (1183 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/spPressedGuest.gif (1040 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/ip_fig2.gif (7003 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/toolbar_swupgrade.gif (1194 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/port_label_27.gif (828 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/c3560g48_4p.gif (20040 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/C3560E_mode_btn.gif (916 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/spNone.gif (881 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/spPressedRouter.gif (1135 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/port_label_16.gif (828 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/toolbarButtonDownLeft.gif (187 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/sitewide_downleft.gif (53 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/toolbar_legend.gif (992 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/temp_red.gif (3928 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/redgreen1pix.gif (91 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/10gb_sfp_empty_Vertical_gray.gif (217 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/gauge_on_line.gif (827 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/spPrinter.gif (1066 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/bullet.gif (0 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/gbic_base.gif (160 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/sitewide_text_start.gif (1060 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/bottom_left.gif (45 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/toolbar_button_right.gif (295 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/menu_config.gif (1840 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/swupgrade_off.gif (1433 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/131079.gif (1187 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/port_label_2.gif (826 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/spRouter.gif (1130 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/toolbar_button_tile.gif (160 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/c3560_8_1.gif (16633 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/fan_down.gif (1861 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/toolbar_help.gif (1077 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/logo.gif (1706 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/10gb_sfp_type1_gray.gif (269 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/c356024_2T.gif (22651 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/print.gif (625 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/sfp_sideinverse_tx_gray.gif (152 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/informational16.gif (1045 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/desktop.gif (997 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/sfp_empty_gray.gif (155 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/C3560E_12SD.gif (6483 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/toolbarGradient3px.gif (519 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/toolbarButtonDownTile.gif (157 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/fwd_off.gif (1039 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/10gig_for_legend.gif (1301 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/c3580_24_PoE.gif (21101 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/gbic_lx_gray.gif (252 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/141280.gif (3053 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/inv_gray.gif (133 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/swrefresh.gif (773 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/spPressedIPPhone.gif (1125 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/sitewide_upleft.gif (52 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/port_label_52.gif (830 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/refresh.gif (902 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/mrarrow.gif (104 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/dc_out.gif (845 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/10gb_sfp_type2_gray.gif (233 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/10gb_sfp_type1_Vertical_gray.gif (266 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/gbic_empty.gif (187 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/side_gray.gif (131 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/pilsner2_mode.gif (954 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/c356024_2p.gif (23021 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/spIPPhone.gif (1120 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/warning.gif (1059 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/top_right.gif (45 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/blackgreen1pix.gif (91 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/spPressedDesktop.gif (982 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/cna_icon1.gif (1212 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/port_label_blank.gif (807 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/whitemask11_upright.gif (61 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/ip_fig1.gif (7769 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/grn_vertlines_bottom.gif (957 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/gbic_t_gray.gif (229 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/port_label_26.gif (830 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/admindown_bead.gif (922 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/swprogress.gif (12291 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/fwd_on.gif (1742 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/normal.gif (1099 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/yellow.gif (139 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/back_off.gif (1012 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/spDesktop.gif (984 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/legend_on.gif (1772 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/92908.gif (3691 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/toolbar_refresh.gif (1189 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/port_label_15.gif (827 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/10gb_sfp_empty_gray.gif (196 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/c3580_48.gif (18108 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/pngprogress.gif (5604 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/port_black_label_2.gif (830 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/yellow_bead.gif (311 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/blinkgreen1pix.gif (91 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/spPressedNone.gif (892 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/C3560E_PD_mode.gif (878 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/131078.gif (1291 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/tb_bg.gif (1070 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/port_label_1.gif (823 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/122344.gif (7077 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/toolbarGradient.gif (262 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/spPressedSwitch.gif (1106 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/c3560G24_4TS.gif (22947 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/sitewide_glossary_off.gif (914 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/swupgrade_on.gif (2335 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/back_on.gif (1681 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/131076.gif (317 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/cna_icon4.gif (1072 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/clear.gif (45 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/menu_tools.gif (1141 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/157834.gif (15224 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/bottom_right.gif (45 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/gauge_off_line.gif (827 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/smartports_off.gif (1440 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/meter_green.gif (59 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/port_label_51.gif (827 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/toolbar_smartports.gif (1237 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/html/images/nolink_bead.gif (325 bytes)
extracting c3560-ipservicesk9-mz.122-44.SE6/info (456 bytes)
extracting info (110 bytes)

Installing (renaming): `flash:update/c3560-ipservicesk9-mz.122-44.SE6' ->
                                       `flash:/c3560-ipservicesk9-mz.122-44.SE6'
New software image installed in flash:/c3560-ipservicesk9-mz.122-44.SE6


All software images installed.
Requested system reload skipped due to unsaved config changes.
SW3#

Monday, July 29, 2013

OSPF Notes

OSPF:
·       Uses it’s own transport protocol 89.
·       OSPF multicast packets use TTL of 1.
·       Sees secondary networks as stub networks. no adjacencies will form using secondary network.
·       if the network statement  matches the IP address of primary interface, the primary interface and IP unnumbered will have OSPF enabled.
·       Elects DR and BDR on broadcast and NBMA networks.
·       To establish adjacencies the following values must match:
o    Area ID.
o    Authentication.
o    Network mask, point-to-point links are exception.
o    Hello and Dead Intervals.
o    MTU.
o    Options.
·       Hello Intervals for broadcast network 10 seconds, non-broadcast networks 30 seconds.
·       Hello Intervals can be configured per interface basis with ip ospf hello-interval
·       Dead Interval is 4 times the Hello Interval and configured with ip ospf dead-interval command.
·       Changing Hello Interval automatically adjusts the Dead Interval to 4 times the new value.
·       Fast Hello, multiple Hellos in less than 1 second.
#ip ospf dead-interval min hello-multiplier 5     # 5 hellos in 1 second, 200 msec interval.
·       Three ways to advertise routes using OSPF
o    Network Area command.  It serves two purposes
       defines the interfaces on which OSPF runs
       defines the area membership of the interface.
       configured with network {IP} {wildcard} area {area id} under OSPF process.
       The IP address and wildcard arguments together allow you to define one or more interfaces to advertise.
       The matched interfaces’ IP/subnet is advertised by OSPF, not the IP/wildcard of network command.
o    Interface command.  does the same thing as network command.
       switches do not support this command.
       configured with ip ospf {ID} area {area-id} under the interface.
o    redistribution command. see REDISTRIBUTION: section for detailed info.
·       Network Types.   OSPF defines 6 network types.
o    Broadcast Network
       default network type on Ethernet and elects DR/BDR. Hello 10 seconds, Dead Interval 40 seconds.
       uses 224.0.0.5 (0100.5E00.0005), AllSPFRouter and 224.0.0.6 (0100.5E00.0006,) AllDRouters
       no next-hop modification. it remains the IP address of the originating router.
       layer 3 to 2 resolution is required.
       can NOT configure neighbor command.
o    Non-Broadcast Network  [NBMA Needs Neighbor]
       can connect multiple routers, but has no broadcast capability. Hello 30 sec, Dead interval 120 seconds.
       defaults to NBMA network type on multipoint frame-relay interface, same as main Serial interface.
       elects DR, BDR by using unicast between configured neighbors.
       next-hop IP is not changed and remains the IP address of the originating router.
       default priority is 1, disabled 0, should be zero on all spokes, to prevent black-hole; becoming DR/BDR.
o    Point-to-Point Network
       Default on T1 and DS-3, SONET links and on P2P sub-interface on frame-relay
        no DR/BDR election, uses multicast to AllSPFRouters, 224.0.0.5, except retransmitted LSAs uses unicast.
       OSPF ignores subnet mask mismatch on P2P links, Hello 10 seconds and Dead interval 40 seconds.
o    Point-to-multipoint Network
       Cisco proprietary, not a default but best solution for NBMA networks.
       special configuration of NBMA, networks treated like a collection of P2P links.
       no DR/BDR election and OSPF packets use multicast 224.0.0.5 to reach neighbor.
       next-hop is that of the advertising neighbor, and end points of the link is advertised as /32, host route.
       L3 to L2 resolution is only needed for directly connected neighbors.
       Non directly connected neighbors use recursive L3 routing to reach each other.
       Hellos 30 seconds, Dead intervals 120 seconds.
o    Point-to-multipoint NON-BROADCAST Network
       Cisco proprietary, same as P2M, but configured with additional non-broadcast keyword.
       no DR/BDR, uses unicast to reach each manually configured neighbor.
       It’s adequate to configure neighbor only one side, but configure it on both sides of the link.
       the next-hop is that of advertising neighbor and IP routing is used to reach L2 non-adjacent neighbors.
       was created to allow cost per neighbor rather than interface cost.
       cost is based on the incoming interface bandwidth and not the bandwidth of neighbor’s interface.
       Hello 30 seconds, Dead interval 120 seconds.
o    Virtual Links
       used to link an area to the backbone through non-backbone, transit area. or disjointed backbone areas.
       must be configure between 2 ABRs, one of them must connect to area 0
       transit area must not be a stub network, and must have full routing information.
       virtual link is seen as an interface in area 0, transitions to a full P2P interface when neighbor ABR is in RIB
       area 0 attributes are inherited by virtual-link routers, including authentication and summarization.
       virtual-link cost is the cost of route to the neighbor’s interface via transit area.
o    OSPF over GRE
       OSPF virtual-link may not transit stub areas.
       If a virtual-link over a stub area is required, the only solution is GRE tunnel.
       the tunnel interface must have an IP address with a matching network statement in area 0.

o    Stub/Loopback Network
       default for loopback interfaces.
       assumes only a single attached router. OSPF advertises stub network as host /32 network.
       NOT a stub area.
·       DR and BDR 
o    Addressing
       will be elected on broadcast and NBMA networks.
       broadcast link itself is a pseudo-node, same concept as in ISIS.
       the cost from an attached router to the pseudo-node is the outgoing cost of that interface to broadcast link.
       the cost from the pseudo-node to any attached router is zero.
       the DR is a property of a router’s interface and NOT the entire router.
       on broadcast segments traffic doesn’t flow through DR, only updates are sent to DR and BDR.
       DR/BDR must have layer2 connectivity to all neighbors.
o    Router Interface Priority
       influences the election process between DR and BDR, but will not override an active DR or BDR.
       OSPF elections do not support pre-emption. Highest priority, 255, wins. Default priority is 1. No DR/BDR participation 0.
       can be changed per multi-access interface with ip ospf priority.
o    Router ID
       will be used as tie-breaker when router priorities are equal.
       Is the highest loopback IP in an UP state. If no loopbacks are configured, highest interface IP in UP state.
       can be statically set.
·       OSPF State Machine
o    Down
       initial state that indicates no hellos are seen from the neighbor in the last dead-interval.
       link state retransmission, database summary, and link-state request list is cleared.
o    Attempt
       only applies to NBMA networks where neighbors are manually configured.
o    Init
       Hello packets are seen from the neighbor, however, 2-way communication has not been setup yet.
o    2-way
       Router has seen it’s own router-id in the hello packets coming from the neighbor.
       on multi-access networks, the routers must be in this state or higher to participate in DR/BDR election.
o    ExStart
       the router and it’s neighbor will establish master/slave relationship & exchange Data Descriptor Packets.
       The neighbor with the higher router-ID becomes master.
o    Exchange
       the router sends DDP describing in summary it’s entire link state database.
       the router may also send link state request packets, requesting more recent LSAs.
o    Loading
       the router sends link state request, asking for more LSAs that it has not received yet.
o    Full
       routers are fully adjacent and adjacencies appear in router LSA and network LSA.
·       OSPF Packet Types.
The adjacency building process uses four OSPF packet types.
o    DDP (type 2) Database Description Packet
       carry a summary description of each LSA in the originating router’s link state database.
       these descriptions are not complete LSA.
       I-bit, initial bit, when the bit is set, indicates the first DDP is sent.
       M-bit, more bit, when the bit is set, indicates this is not the last DDP; more to come.
       MS-bit, master/slave bit, indicates which router is master.
o    LSR (type 3) Link State Request packet.
o    LSU (type 4) Link State Update packet.
o    LSAck (type 5) Link State acknowledgement packets.
·       LSA types, Link State Advertisement
o    LSA is the OSPF data structure used to describe topology information.
o    MaxAge, 1 hour, the LSA is flushed from the database if not updated.
o    LSARefreshTime, 30 minutes, originating router will flood a new copy of it’s LSA with an age of zero.
o    Router LSA, type 1
-        generated by each router for ALL it’s own connected interfaces, links, state and outgoing cost of each link and any known OSPF neighbors on the link
-        have intra-area flooding scope. displayed as O in RIB and describes intra-area routes.
-        show ip ospf database router.
o    Network LSA, type 2.
-        generated by DR on multi-access networks.
-        lists all attached routers including the DR itself.
-        have intra-area flooding scope.
-        identifies the designated router on a segment.
-        show ip ospf database network.
o    Network Summary LSA, type 3.
-        generated by ABR and are flooded into a single area to advertise destination outside that area, in same AS.
-        advertises default routes external to the area, still in the same AS though.
-        have inter-area flooding scope, displayed by O*IA in the RIB.
-        show ip ospf database summary.
o    ASBR Summary LSA, type 4.
-        generated by ABR and are identical to Network Summary LSA, except the destination they advertise is an ASBR route/router and not a network.
-        have inter-area flooding scope, and describes which router is doing the redistribution.
-        show ip ospf database asbr-summary.
o    AS External LSA, type 5.
-        generated by ASBR, and are the only LSAs that are not associated with a particular area.
-        advertise either a destination external to the OSPF AS or default route external to the AS.
-        an OSPF external route can not use another OSPF external route as it’s next hop.
-        have Autonomous System-wide flooding scope.
-        show ip ospf database external.
o    MOSPF, type 6.
-        Cisco doesn’t support it, generates syslog message, and to ignore, configure ospf ignore lsa mospf.
o    NSSA External LSA, type 7.
-        generated by ASBR within NSSA areas, similar to External LSA, except flooded only within originating NSSA.
-        describes redistributed routes within a NSSA area.
-        show ip ospf database nssa-external.
o    Opaque LSA, type 10.
-        used for traffic engineering parameters for MPLS network interaction.
·       Area Types.
o    Stub Area. (single area could be 0 or 1000, only 2 or more areas need to have backbone, area 0 attached).
-        no type 4 or 5 LSAs are allowed to flood in this area.
-        receives type 3 LSA and ABR generates it to advertise a single default route into Stub area with AD 1.
-        default cost can be change with area default-cost command.
-        is configured on ALL routers in the stub area with area stub command.
-        All routers in the stub area must agree.  If E bit in hello packets is set to 0, then stub else rejects E=1.
-        No redistribution can occur in stub area including static and connected.
o    Totally Stubby Areas.
-        uses default-route to reach external as well as outside the area.
-        ABR of totally stubby area will block all type 3 LSA except single LSA 3 advertising default route, 0/0.
-        Configured with area stub no-summary on the ABR, internal routers in stub area use stub configuration.
o    NSSA, Not So Stubby Area.
-        Area that allows redistribution while retaining the characteristics of a stub area to the rest of AS.
-        Type 4 and 5 are not allowed, but redistributed AS-external are allowed; type 7.
-        ASBR generates type 7, flooded into the NSSA area, and highest IP ABR converts them to type 5.
-        If ABR receives type 7 and P-bit is set to 1, then translation to type 5 takes place.
-        If ABR receives type 7 and p-bit is set to 0, then no translation and no advertisement outside of NSSA.
-        Configured with area nssa on all routers in that area.
-        ABR does not originate default-route as in stub/totally stub area automatically.
-        To inject default-route into NSSA area, on ABR configure area nssa default-originate.
o    Totally NSSA.
-        Same as NSSA area but also block type 3 summary LSA, so types 3, 4, 5 not allowed, but type 7 is.
-        ABR defines NSSA as totally stubby and originates a default as O*IA.
-        Configured with area nssa no-autosummary on ABR and internal routers follow NSSA configuration.
-        When an ABR is also an ASBR AND connected to NSSA, the default behavior is to advertise redistributed routes into NSSA.  This can be turned off with area nssa no-redistribution command.
-        Suppressing OSPF Forwarding Address in translated type 5 LSA, used when an NSSA ABR translates type 7 to type 5 LSA. 0.0.0.0/0 must be used as Forwarding Address instead of address specified in the type 7 LSA.
-        Routers which are configured not to advertise Forwarding Addresses into backbone will directly forward traffic to the translating NSSA ASBRs.
-         
·       Filtering OSPF prefix advertisement.
o    ABR filtering type 3 LSA into or out of the area.
-        In-Lists filter LSAs before they are sent into an Area.
-        Out-Lists filter LSAs leaving an area to prevent those LSAs entering any other areas attached to the router.
o    Distribute-list Filtering.
-        Only prevents the prefixes entering the RIB and has no effect on LSA propagation.
-        Distribute-list out has no effect since all routers in that area must have the same database.
-        Using route-map, the match-route-type can be used with OSPF.
§  External type E1 and E2.
§  Internal inter and intra routes.
§  Local locally generated route on the router.
§  NSSA-external types N1 and N2.
·       Summarization.
o    Inter-Area Route Summarization.
-        Used on ABR to summarize inter-area prefixes.
-        A route to NULL0 will get created automatically, but  can be disabled with no discard-route.
-        Area range command specifies the area to which the summary address belongs.
-        Default behavior for area range is to advertise more specific routes along with summary route and can be suppressed with no-advertise keyword.
-        Summarizes type 3 LSAs.
o    External Route Summarization.
-        Summarizes external routes at ASBR, redistributed into OSPF, configured with summary-address CLI.
-        Summarizes type 5 and 7 LSAs and more specific routes will not be advertised.
·       Stub Router Advertisement (max-metric).
Two benefits:
o    Router injected into OSPF domain will not immediately route traffic.
o    Router reload is graceful since other routers will route around the reloaded unit as it marks max-metric high.
Advertises a maximum metric for all the routes that the particular router does not originate.
Also is used to allow BGP to converge.
Typical scenario for use is when multiple links exists between 2 areas and one of the link should be used as last resort.
#router ospf 1
  #max-metric router-lsa on-startup {sec}   #advertises maximum metric on startup, no default value.
  #max-metric router-lsa on-startup {sec} wait-for-bgp 
     # lets BGP decide when to generate LSA with normal metric.  default 600 seconds.
#router ospf 1    
  #max-metric router-lsa
   # configure OSPF to advertise it, so other neighbors to route around it. Sets it for self originated router LSAs.
     #max-metric router-lsa [summary-lsa | include-stub | external-lsa | onstart-up]
     # overrides summary-lsa metric with max-metric.
     # sets max-metric for stub-links in router LSAs.
     # overrides external-lsa metric with max-metric value.
     # sets maximum metric on start-up; booting, rebooting.
·       Passive Interface
o    No hello packets on configured interface in passive mode, no adjacency or neighbor-ship forms.
o    This is different from vector protocols like RIP which will still receive routes, but not send any.
o    To simulate the same behavior as RIP use ip ospf database-filter all out under interface.
·       Originating default-route
o    Default-route is announced as an IP prefix 0.0.0.0/0 in OSPF.
o    Unlike other protocols, default-route can not be redistributed, needs manual configuration in OSPF.
o    Default-route can be inserted into OSPF only as an external or inter-area summary, no intra-area route.
o    Methods to originate a default route within OSPF:
-        Unconditional default-route.
§  Inject the route regardless of local router being able to reach the areas outside of OSPF domain or not.
§  Advertised as E2, metric 1, configured with default-information originate always under OSPF process.
-        Conditional default-route.
§  Advertises a default-route into OSPF domain only if the advertising router has a non-ospf default-route in its routing table.
§  Non-ospf default route could be a static default route with next-hop pointing outside of OSPF domain.
§  Non-ospf default route could be a static route based on IP SLA measurements.
§  Non-ospf default route could be a BGP advertised default route.
§  Configured with default-information originate.
#ip route 0.0.0.0 0.0.0.0 serial1.1    # static default route via serial 1.1 which is non-ospf route.
#router ospf 1
  #default-information originate metric 10
# ospf advertises default route with metric of if the route 0.0.0.0/0 is up and reachable else withdraws.
-        Conditional default-route with a route-map.
§  Route-map can check IP prefix, next-hop and metrics to inject default-route into OSPF.
§  Configured with default-information originate route-map <NAME>.
-        OSPF stub area default-route.
§  ABR injects default-route into stub area as inter-area summary route with OSPF metric of 1.
§  When multiple exit point out of the stub area exits, the nearest one will be chosen.
§  Inter-area default-route for stub can be changed with default-cost command.
#router ospf 1
  #area 1 stub
  #area 1 default-cost 300  #change stub default-route cost to 300.
-        OSPF NSSA default-route.
§  Cisco routers do not advertise external default-routes into NSSA area even when configured with default-information originate always.
§  ABR can be configured to do so either with manual advertisement, type 7, NSSA external default-route by area nssa default-information-originate OR configure the NSSA area as totally NSSA area and generate inter-area, type 3, default route by area nssa no-summary.
·       Path Selection:
o    OSPF routes are classified according to a destination type; network or router.
o    show ip route ospf displays these routes
o    show ip ospf border-routers displays the ABR and ASBR router entries.
o    Route lookups:
-        O Intra-area          paths are destinations within one of route’s attached Areas.
-        OIA inter-area    paths are destinations in another Area, but within the same OSPF AS.
-        E1(N1)            paths are external to the AS; external cost + cost to ASBR
-        E2(N2)            paths are external to the AS; external cost only; default type.
-        Use E1 metrics when packet should exit from the closest exit point in the network
-        Use E2 metrics when packet should exit from the closest exit to the external destination.
-        Lowest cost metric, unless ECMP exists.
o    Default Cost is OSPF metric calculated from 10^8/int. bandwidth, between 1-65535 can be modified:
-        Interface bandwidth
-        Interface ip ospf cost
-        Process auto-cost reference-bandwidth
-        Process neighbor 1.2.2.1 cost on P2M non-broadcast areas.
·       Authentication:
o    if area authentication is configured, it must be configured for ALL the routers in the area.
o    Don’t forget virtual-links, one leg is in area 0.
o    Interface passwords do not have to match, but neighbors do, default is NULL and types are:
-        type 0, null authentication
-        type 1, clear-text password
-        type 2, MD5 cryptographic checksum.
o    Authentication keys are locally significant to an interface, so can be different for each interface.
o    when doing keychain changes, first remove it from the interface.

#router ospf 20
    #area 10 authentication                                                      # type 1 auth clear-text password for area 10
    #area 20 authentication {message-digest}             # type 2 MD5 authentication for area 20
  #area 30 virtual-link 1.1.1.10 auth {key}                        # type 1 authentication for virtual-link
  #area 40 virtual-link 2.2.2.20 message-digest-key {key-id} md5 {key}   # type 2 MD5 auth.

o    By default routes redistributed into OSPF flagged E2 with the cost of 20, except EBGP which is 1.
o    Order of preference: O, O*IA, E1, E2 and subnet keyword required if classless desired, else will be classfull.
o    O Intra-area, O*IA inter-area, E1 internal and external cost, E2 external cost only.
o    E1 used for multi-exit out of AS, E2 used for single exit.
o    Router bit set, show ip ospf datab means the routes are sent to rib, but may not be installed due to another best path.
o    P = 0 -> this router is an NSSA ABR+ASBR; no translation or advertisement outside of the NSSA area.
o    P = 1 -> this router is an NSSA ASBR; ABR will do type 7 translation

·       Miscallaneous:
o    Backbone                                  type 1, 2, 3, 4, 5 LSAs
o    Non-Backbone                            type 1, 2, 3, 4, 5 LSAs
o    Stub Area                                  type 1, 2, 3, 4 LSAs 
o    Totally Stubby Area                    type 1, 2 LSAs
o    Not So Stubby Area                    type 1, 2, 3, 4, 7 NO type 5 LSAs 
o    Totally Not So Stubby Area          type 1, 2, 7 NO Type 3, 4, 5 LSAs

o    OSPF cost of an Interface == (Ref bandwidth)100Mbs / bandwidth.
o    Paranoid or periodic update interval == 30 minutes.
o    area range translated by ABR uses type 5 LSA.
o    summary-address translated by ASBR injects type 7 LSA
o    default-information-originate on ASBR injects type 7 LSA; default route must exist unless always is used.
o    Periodic LSA refreshes that take place every 30 minutes do not occur with OSPF demand circuit. When a demand circuit link is established a unique option bit (the DC bit) is exchanged between neighboring routers. If two routers negotiate the DC bit successfully they make a note of it and set a specific bit in the LSA Age called the DoNotAge bit (DNA). The DNA bit is the most significant bit in the LS Age field. By setting this bit the LSA stops aging, and no periodic updates are sent.

ECMP:
Per destination load balancing using fast switching:
Router(config)# interface Ethernet 0
Router(config-if)# ip route-cache

Per packet load balancing using process switching:
Router(config)# interface Ethernet 0
Router(config-if)# no ip route-cache
 
·       Newer switching schemes such as Cisco Express Forwarding (CEF) allow you to do per-packet and per-destination load-balancing more quickly. However, it does imply that you have the extra resources to deal with maintaining CEF entries and adjacencies.
·       The OSPF Forwarding Address Suppression in Translated Type-5 LSAs feature causes a not-so-stubby area (NSSA) area border router (ABR) to translate Type-7 link state advertisements (LSAs) to Type-5 LSAs, but use the address 0.0.0.0 for the forwarding address instead of that specified in the Type-7 LSA. This feature causes routers that are configured not to advertise forwarding addresses into the backbone to directly forward traffic to the translating NSSA ABRs.

·       The OSPF Inbound Filtering Using Route Maps with a Distribute List feature allows users to define a route map to prevent Open Shortest Path First (OSPF) routes from being added to the routing table. In the route map, the user can match on any attribute of the OSPF route; distribute-list route-map tag-filter in. This feature can be useful during redistribution if the user tags prefixes when they get redistributed on ASBRs and later uses the tag to filter the prefixes from being installed in the routing table on other routers.
·       Users can define a route map to prevent OSPF routes from being added to the routing table. This filtering happens at the moment when OSPF is installing the route in the routing table. This feature has no effect on LSA flooding. In the route map, the user can match on any attribute of the OSPF route. That is, the route map could be based on the following match options: match interface, match ip address, match ip next-hop, match ip route-source, match metric, match route-type and match tag.