MTS 3G configuration for Cisco 880G and 890G series routers

#cellular 0 gsm profile create 1 internet.mts.ru pap mts mts ipv4
!
chat-script reset_chat-script "" \d\d\d+++\d\d\d
chat-script mts_chat-script TIMEOUT 90 "" AT+CGDCONT=1,"IP","internet.mts.ru" OK ATDT*99*1# CONNECT
!

interface Cellular0
 ip address negotiated
 encapsulation ppp
 dialer in-band
 dialer string mts4
 dialer-group 1
 autodetect encapsulation ppp
 async mode interactive
 ppp authentication pap chap callin
 ppp chap hostname mts
 ppp chap password 0 mts
 ppp chap refuse
 ppp pap sent-username mts password 0 mts
!
dialer-list 1 protocol ip permit
!
line 3
 script dialer mts_chat-script
 script reset reset_chat-script
 no login
 modem InOut
 modem autoconfigure discovery
 no exec
 transport input none
 transport output all

Do you know that: redistribution and route types internal/external

Do you know how to make route internal or external during redistribution?

Look at the configuration example:

R1:

interface Loopback1
 ip address 10.20.30.40 255.255.255.255
!
interface FastEthernet1/0
 ip address 10.0.1.1 255.255.255.252
!
router eigrp 1
 network 10.0.1.1 0.0.0.0
 redistribute static metric 1000 10 10 10 1500


!
ip route 10.10.10.10 255.255.255.255 Loopback1

R1#sh ip route | b Gate
Gateway of last resort is not set

      10.0.0.0/8 is variably subnetted, 5 subnets, 2 masks
C        10.0.1.0/30 is directly connected, FastEthernet1/0
L        10.0.1.1/32 is directly connected, FastEthernet1/0
D        10.0.3.0/30 [90/30720] via 10.0.1.2, 00:05:33, FastEthernet1/0
S        10.10.10.10/32 is directly connected, Loopback1
C        10.20.30.40/32 is directly connected, Loopback1


R1#sh ip eigrp topology 10.10.10.10/32
EIGRP-IPv4 Topology Entry for AS(1)/ID(10.0.1.1) for 10.10.10.10/32
  State is Passive, Query origin flag is 1, 1 Successor(s), FD is 2562560
  Descriptor Blocks:
  0.0.0.0, from Rstatic, Send flag is 0x0
      Composite metric is (2562560/0), route is External
      Vector metric:
        Minimum bandwidth is 1000 Kbit
        Total delay is 100 microseconds
        Reliability is 10/255
        Load is 10/255
        Minimum MTU is 1500
        Hop count is 0
        Originating router is 10.0.1.1
      External data:
        AS number of route is 0
        External protocol is Static, external metric is 0
        Administrator tag is 1 (0x00000001)


As you can see here is redistributed static route is injected in eigrp topology as external. How to make it internal? It is simple: include redistributed subnet into network command under eigrp section.

R1(config)#router eigrp 1
R1(config-router)#network 0.0.0.0
R1(config-router)#do sh ip eigrp topology 10.10.10.10/32
EIGRP-IPv4 Topology Entry for AS(1)/ID(10.0.1.1) for 10.10.10.10/32
  State is Passive, Query origin flag is 1, 1 Successor(s), FD is 2562560
  Descriptor Blocks:
  0.0.0.0, from Rstatic, Send flag is 0x0
      Composite metric is (2562560/0), route is Internal
      Vector metric:
        Minimum bandwidth is 1000 Kbit
        Total delay is 100 microseconds
        Reliability is 10/255
        Load is 10/255
        Minimum MTU is 1500
        Hop count is 0
        Originating router is 10.0.1.1
        Internal tag is 1

debug ip packet rcvd explanation

From the Cisco Support Community, https://supportforums.cisco.com/thread/2111309

"rcvd 0" we've decremented ttl on input.  it's now 0 but it might be for us (like OSPF MCAST which is TTL=1 from begining)

"rcvd 1" not routing this, we're passing it to bridging code. might also see this even with bridging turned off (router config'd as an endstation)

"rcvd 2" can't route the packet. final check to see if it's for us. usually packets sent to this router where debug is done.

"rcvd 3" input & output interface is the same but we can't redirect
the packet for some reason (NAT maybe?) and it's not for us

"rcvd local pkt" it came from us originally, dropping

"rcvd 4" not sure, but looks like it's for us, just not the input
interface (one of the other ones) - loopback in you case.

"rcvd 5" can't route the packet, see if it's for us before dropping
not sure but this could be failure at the output interface such as
encapsulation failure

"rcvd 6" looks like for us if we have an IP alias entry due to NAT
or something.  Should jive with "show ip alias"

"rcvd 7" goes to one of our secondary IP addresses

pre-shared keys protection in IOS

To protect the pre-shared keys in a router use:

key config-key password-encryption

password encryption aes

http://www.cisco.com/en/US/partner/tech/tk583/tk372/technologies_configuration_example09186a00801f2336.shtml

Cisco support community in Russian

А вы в курсе что сообщество NetPro теперь и на русском?  Особо приятно, что оно третье после Испанского и Японского. Присоединяйтесь: https://supportforums.cisco.com/community/russian?view=overview

Ho to track cause of high number of connections on ASA/FWSM

Today somebody asked on cisco support cummunity how to track cause of high number of connections on ASA/FWSM. I thinked little and write down this answer, hope it will be helpful for anybody facing this issue:


TIP: If you have some kind of unix box, you can use show conn  and export it to the file. This file should be placed on unix box. Than you can use on unix box:

cat | sed -e 's/:/ /g' | awk '{print $6}' | sort | uniq -c | sort -g

The output will be like this:

      7 10.96.158.1
      7 10.96.177.1
      7 10.96.19.1
      7 10.96.198.1
      7 10.97.29.1
      7 10.97.58.1
      7 10.97.60.1
      8 10.97.30.1
      8 10.97.43.1
      9 10.96.117.1
      9 10.96.34.1
      9 10.97.10.1
     10 10.96.159.1
     18 212.248.105.74
     26 10.96.2.34

Here is the first column is count and second column is address of the inside host. For outside host count use {print $3}

OSPF E1 vs N1 vs E2 vs N2

1. N1 & E1 are preferred over N2 & E2 for the same route
2. When N1 & E1 have the same route to the destination, The one that have lower cost / Metric will win and get into the route table
3. If both N1 & E1 have the same cost, P-bit in N1 will be used to break the tide.
4. If P-bit is 0 (Then it would become E1) then we will have 2 E1 routes install into the routing table. (otherwise if maximum-path = 1, LSA with Higher Router-ID will get installed)

See rfc 3101 for details.