Monday, November 22, 2010

Does ACL "deny any" deny all?

First of all i'd like to thank David Bombal from (configureterminal.com) on that note and i bet many people don't know it, so

Trick question for you:

If the following access list is applied to an interface, does it deny all traffic:

Router#conf t
Router(config)#access-list 100 deny ip any any
Router(config)#interface fastethernet 0/0
Router(config-if)#ip access-group 100 out

Is all traffic now denied?

Well, lets test:

Network Diagram:




Read more »
Posted by at No comments:

BGP Route Dampening

Route dampening is a BGP feature designed to minimize the propagation of flapping routes across an internetwork. A route is considered to be flapping when its availability alternates repeatedly. Since BGP routing tables are huge, you don’t want that many routing updates to be traveling all over the place every time a route flaps.
BGP Route Dampening Terms:
  • Flap—A route whose availability alternates repeatedly
  • History state—After a route flaps once, it is assigned a penalty and put into history state, meaning the router does not have the best path, based on historical information.
  • Penalty—Each time a route flaps, the router configured for route dampening in another autonomous system assigns the route a penalty of 1000. Penalties are cumulative. The penalty for the route is stored in the BGP routing table until the penalty exceeds the suppress limit. At that point, the route state changes from history to damp.
  • Damp state—In this state, the route has flapped so often that the router will not advertise this route to BGP neighbors
  • Suppress limit—A route is suppressed when its penalty exceeds this limit. The default value is 2000
  • Half-life—Once the route has been assigned a penalty, the penalty is decreased by half after the half-life period (which is 15 minutes by default). The process of reducing the penalty happens every 5 seconds.
Read more »
Posted by at No comments:

Sunday, November 21, 2010

1st beta Post

hi everybody ,

This is my 1st post in the blog, i just wanna make sure that every thing is all right here .
it will be a useful blog for me and for cisco geeks out there :D
Posted by at No comments:
Subscribe to: Posts (Atom)