Index
Numerics
blocking ports, 18
bridges, 16
broadcast frames, 17
broadcast storm, 17
CAM (Content Addressable Memory) table, 17
root bridge, 17
root port, 18
single collision domain, 16
switches, 17
unknown unicast flooding, 17
802.1w. See RSTP (Rapid Spanning Tree Protocol)
A
active open attempt, 96
adjacency table, CEF (Cisco Express Forwarding), 310–312, 316–320
application-aware routing policy, 816–824
area range command, 345
area types, OSPF, 72–76, 626–629
ARP (Address Resolution Protocol), 275
ASN (autonomous system number), 118
AS_PATH attribute, 122–123, 167–173
in confederations, 181–188–190
authentication
EIGRP, 62
B
backdoor links, OSPF and, 597–599
backup port, 22
best-path algorithm, 134–135, 138–140
in confederations, 181–188–190
determine if multiple paths exist, 233–236
external and internal paths, 240–244
locally originated path, 164–167
lowest neighbor address, 263–268
minimum cluster list length, 260–263
best-path determination, 90–91
BFD (Bidirectional Forwarding Detection), 54
BGP (Border Gateway Protocol), 120–122. See also iBGP; spoke-to-spoke tunnels
ASN (autonomous system number), 118
backdoor and conditional advertisement, 106–109
best-path algorithm, 134–135, 138–140
AS_PATH attribute, 167–173–179–181–188, 188–190
determine if multiple paths exist, 233–246
locally originated path, 164–167
lowest neighbor address, 263–268
minimum cluster list length, 260–263
building blocks of, 135
controlling routing to paths, 136–137
dynamic neighbor feature, 353
dynamic peering, 379
establishing a neighbor adjacency, 98–101
establishing a session using the correct TTL value, 95–98
internal routers, 148
limited transit capability, 147
remove-private-as all command, 126–131, 132
remove-private-as command, 119–120, 122, 123–125
suboptimal routing, 158
third-party next hop, 361
transit AS, 136
bgp always-compare-med command, 214–216
bgp bestpath as-path ignore command, 191–194, 250–252
bgp bestpath compare-routerid command, 258–260
bgp bestpath med missing-as-worst command, 209–211
bgp deterministic-med command, 217–218
bgp listen range command, 353–354
bgp redistribute-internal command, 527, 548
blocking ports, 18
bridges, 16
broadcast frames, 17
broadcast network type, 67–69, 336–340, 411–418, 617–618
broadcast storm, 17
C
CAM (Content Addressable Memory) table, 17
CEF (Cisco Express Forwarding), adjacency table, 310–312, 316–320
clear ip bgp command, 122, 153
clear ip nhrp command, 503–504, 528
Cluster Length attribute, 260–263
commands
area range, 345
bgp always-compare-med, 214–216
bgp bestpath as-path ignore, 191–194, 250–252
bgp bestpath compare-routerid, 258–260
bgp bestpath med missing-as-worst, 209–211
bgp deterministic-med, 217–218
bgp redistribute-internal, 527, 548
debug ip bgp update, 159
debug ip nhrp packet, 300
default-originate, 500
distance, 465
interface, 673
ip dhcp support tunnel unicast, 581, 583
ip helper-address, 581
ip nhrp map multicast dynamic, 280, 291, 332, 333–334
ip nhrp nhs, 286
ip nhrp nhs 100.1.1.1 nbma 15.1.1.1 multicast, 368
ip nhrp nhs fallback, 570
ip nhrp nhs nbma multicast, 304–305
ip nhrp shortcut, 388
ip ospf hello-interval, 342, 418
ip ospf network broadcast, 336–337, 372–373
ip ospf network point-to-multipoint, 341–342
ip ospf network point-to-point, 342
ip split-horizon eigrp 100, 350–351
ip summary-address eigrp, 392–393, 425, 495
ip summary-address eigrp 1, 296
neighbor, 96
neighbor default-originate, 356
neighbor spokes next-hop-self, 404
neighbor spokes remote-as, 359–360
neighbor x.x.x.x weight, C02.119
network, 347, 382, 384, 470–471
network eigrp, 583
no ip next-hop-self eigrp 100, 375
no ip split-horizon eigrp, 282–283, 375, 461–462, 565
passive-interface, 337–338, 390–391
ping, 277, 285–286, 299, 306–307, 417, 422–423, 427–428, 435, 444–445, 456, 467, 476, 487–488, 497, 509, 569, 570–571, 675–676, 680–681, 728–729, 752–753, 809–810
remove-private-as, 119–120, 122
remove-private-as all, 126–131, 132
remove-private-as command, 123–125
show adjacency, 312
show dmvpn, 288, 290–291, 300, 301–302, 305, 369–370, 371–372, 515–516, 562
show interface e0/1 pruning, 10–11
show ip bgp, 120, 123, 125, 131–132, 133, 141, 145–146, 149, 160, 355, 357–359, 360, 365, 380–381, 383–384, 396–397, 401–402, 431–432, 438–439, 440–441, 444, 471–472, 479–480, 483–484, 486, 502–503, 526, 531, 554, 556
show ip bgp neighbors, 155–156
show ip bgp summary, 355, 363, 482
show ip cef, 340
show ip cef internal, 311, 321–322
show ip dhcp pool TST, 581
show ip eigrp 100 neighbor, 348, 391–392
show ip eigrp neighbors, 292–293, 303–304, 305–306, 376–377, 463–465
show ip nhrp, 277, 288, 307, 389, 561, 576–577
show ip nhrp multicast, 280, 291–292, 302–303, 370
show ip ospf, 345
show ip ospf database network, 457–459
show ip ospf database router, 459
show ip ospf interface brief, 414–415
show ip ospf neighbor, 343, 413, 452
show ip ospf neighbor command, 373–374
show ip ospf neighbor detail, 337
show ip protocols, 238
show ip route, 272, 277–278, 352, 460–461, 469
show ip route eigrp, 293, 295, 310, 315, 318, 320, 496–497, 554, 564–565–566–567, 568–570, 571, 698–700
show ip route eigrp 100, 377, 468, 490, 534, 543, 548–549, 582–583
show ip route next-hop-override, 329
show ip route nhrp, 325, 394, 398
show ip route nhrp nhs redundancy, 572
show ip route ospf, 339, 343–344, 374, 413–414, 416, 420–421, 423, 452–453, 454, 677–678, 688–690, 692–693, 701–703
show ip route vpn 100, 674–675
show ip route vrf 100, 669–671, 673–674, 676–677
show omp routes, 664–667, 683–686, 690–692
show run interface tunnel1, 295
show running-config system, 808
show sdwan control local properties, 649–650
show sdwan omp peers, 650
show sdwan omp routes, 668–669
show sdwan running-config, 643–644, 678–679
switchport trunk pruning vlan, 10, 11
traceroute, 152, 273, 316, 318–319, 320–321, 323–324, 334–335, 351, 371, 374–375, 377–379, 382, 386–387, 393, 397–398, 416–417, 455, 457, 466, 467–468, 475, 481–482, 483, 487, 490, 499, 503, 507–509–510, 529, 534–535, 544–545, 550–552, 557, 558
tunnel destination, 274, 298, 300
tunnel mode gre multipoint, 298, 331
confederation, 104–105, 148, 223–225
AS_PATH attribute and, 181–183, 188–190
D
debug ip bgp update command, 159
debug ip nhrp packet command, 300
debug nhrp detail command, 287–288
debug nhrp packet command, 287–288
default route injection, 85–86
default-originate command, 500
DHCP (Dynamic Host Configuration Protocol)
relay agent, 580
distance command, 465
distance vector protocols, 135
DMVPN (Dynamic Multipoint VPN), 269, 283. See also dual hub, single cloud design; single hub, dual cloud design; single hub, single cloud design
hub redundancy, 329
hub routers, 285
NHRP
debug ip nhrp packet command, 300
enabling multipoint GRE on spokes, 298–306
forming spoke-to-spoke tunnels, 306–309
ip nhrp nhs nbma multicast command, 304–305
show dmvpn command, 300, 301–302, 305
show ip eigrp neighbors command, 303–304, 305–306
show ip nhrp command, 307
show ip nhrp multicast command, 302–303
show ip route eigrp command, 294–295
show run interface tunnel1 command, 295–296
spoke-to-spoke tunnels, 296–298
triggering NHRP resolutions, 309
tunnel destination command, 300
CEF adjacency table, 310–312, 316–320
show adjacency command, 312
show ip cef internal command, 311, 321–322
show ip route eigrp command, 310, 315, 318, 320
spoke-to-spoke tunnel caveats, 315–322
overriding next hop information, 325–329
show ip route eigrp command, 328
show ip route next-hop-override command, 329
show ip route nhrp command, 325
tunnel configuration, 388
verifying tunnel configuration, 388–389
dual hub, dual cloud design, 537–538
DMVPN Phase 3
dual hub, single cloud design, 511–513
DMVPN Phase 3
E
DMVPN Phase 1 configuration, 359–367
spokes in different autonomous systems, 359–361, 436–441
spokes in the same autonomous system, 362–367
DMVPN Phase 2 configuration, 382–387
spokes in different autonomous systems, 477–485
spokes in the same autonomous system, 485–488
DMVPN Phase 3 configuration
spokes in different autonomous systems, 402–405, 507–510, 532–536, 555–558
spokes in the same autonomous system, 399–402, 504–507, 530–531, 552–554
edge ports, 23
authentication, 62
BFD (Bidirectional Forwarding Detection) and, 54
DMVPN Phase 1 configuration, 347–351, 424–428
DMVPN Phase 2 configuration, 375–379, 461–470
DMVPN Phase 3 configuration, 390–394, 495–500, 518–523, 541–545
F
feature template, 703–729–753–782
filtering
full-mesh topology, 297
G-H-I
GRE (Generic Routing Encapsulation) tunnels, 270–272–273
hub-and-spoke topology, 283–285. See also spoke-to-spoke tunnels
DMVPN Phase 1 configuration, 352–359, 428–436
DMVPN Phase 2 configuration, 379–382, 470–477
DMVPN Phase 3 configuration, 395–398, 500–504, 524–529, 546–552
inter-area routes, 345
interface command, 673
interface tunnel 100 command, 331
internal networks, summarization, 615–616
internal routers, 148
Internet access, partial internet routes, 606–607
ip dhcp support tunnel unicast command, 581, 583
ip helper-address command, 581
ip nhrp map multicast dynamic command, 280, 291, 332
ip nhrp network id 1 command, 276–277
ip nhrp network-id 100 command, 332, 333–334
ip nhrp nhs 100.1.1.1 nbma 15.1.1.1 multicast command, 368
ip nhrp nhs command, 286
ip nhrp nhs fallback command, 570
ip nhrp nhs nbma multicast command, 304–305, 567–568
ip nhrp shortcut command, 388
ip ospf hello-interval command, 342, 418
ip ospf network broadcast command, 336–337, 372–373
ip ospf network point-to-multipoint command, 341–342
ip ospf network point-to-point command, 342
ip ospf priority 0 command, 372–373
ip split-horizon eigrp 100 command, 350–351
ip summary-address eigrp 1 command, 296
ip summary-address eigrp command, 392–393, 425, 495
IPv6
J-K-L
labs
Acquiring an IPv6 address, 609–611
Backdoor links and OSPF, 597–599
BGP backdoor and conditional advertisement, 106–109
BGP best-path algorithm, 134–135, 138–140, 223–225
AS_PATH attribute, 167–173–179–181–188, 188–190
building blocks of BGP, 135
controlling routing to paths, 136–137
determine if multiple paths exist, 233–246
locally originated path, 164–167
lowest IGP metric to the next hop, 226–232
lowest neighbor address, 263–268
minimum cluster list length, 260–263
Building the SDA campus fabric, 855–868
Configuring an application-aware routing policy, 816–824
Configuring cEdge using a BR-2-specific vManage feature template, 753–782
Configuring EtherChannels, 13–14
Configuring Label Distribution Protocol, 585–588
Configuring segmentation in all sites using VRF 100 and VRF 200, 682–686
Configuring the SDA policy engine, 826–834
show interfaces trunk command, 8
Configuring vEdge using a feature template, 703–729
Configuring vEdge using a vManage feature template, 729–753
Configuring vEdge using a vManage feature template and ZTP, 782–805–816
Default route injection, 85–86
Dual hub, single cloud design, 511–536
EIGRP and Bidirectional Forwarding Detection (BFD), 54
EIGRP authentication, 62
EIGRP routing in a VPN, 591–593
Establishing a BGP session using the correct TTL value, 95–98
Establishing neighbor adjacency using different methods, 98–101
Exploring unicast routing, 664–682
Internet access methods: Partial internet routes, 606–607
Introducing Spanning Tree Protocol, 14–16. See also Spanning Tree Protocol
RSTP (Rapid Spanning Tree Protocol), 20–28
Multiple Spanning Tree Protocol, 28–48
Onboarding WAN edge devices
vEdge cloud router onboarding, 655–662
OSPF best-path determination, 90–91
OSPF broadcast networks, 67–69
OSPF non-broadcast networks, 69–70
OSPF point-to-multipoint and point-to-multipoint non-broadcast networks, 71–72
OSPF point-to-point networks, 70–71
OSPF routing in a VPN, 595–597
OSPFv3 authentication, 629–631
OSPFv3 broadcast networks, 617–618
OSPFv3 cost and auto-cost, 622–623
OSPFv3 non-broadcast networks, 618–619
OSPFv3 point-to-multipoint networks, 621–622
OSPFv3 point-to-point networks, 620
Remove-private-AS: A walkthrough, 116–132
Route targets, import maps, and export maps, 603–605
Running OSPF on the interfaces, 65–67
Single hub, dual cloud design
Single hub, single cloud design
Static and RIPv2 routing in a VPN, 589–590
Summarization of internal and external networks, 615–616
Virtual links and GRE tunnels, 83–85
LDP (Label Distribution Protocol), 585–588
limited transit capability, 147
link-state protocols, 135
M
manual pruning, 8
maximum-paths command, 234–235
MED attribute, 198–199, 201–207, 209–211, 214–216, 218–220
deterministic evaluation, 217–218
modifying the evaluation, 211–214
mGRE (multipoint Generic Routing Encapsulation) tunnels, 274–283, 285
MPLS (Multiprotocol Label Switching), NAT and, 601–602
MST (Multiple Spanning Tree Protocol), 28–30
instances, 31
regions, 32
multicast IP addresses, 279
multicasting, 47
N
NBMA (non-broadcast multiple-access) networks, 275–276
neighbor command, 96
neighbor default-originate command, 356
neighbor spokes next-hop-self command, 404
neighbor spokes remote-as command, 359–360
neighbor x.x.x.x weight command, C02.119
network command, 347, 382, 384, 470–471
network eigrp command, 583
NHC (next hop client), 275
NHRP (Next Hop Resolution Protocol), 275–279
domain, 276
multicast mapping table, 291
NHC (next hop client), 275
NHS (next hop server), 275
pseudo-multicasting, 279
registration message, 275
resolution, 306–309, 313–315, 381–390
shortcut switching enhancements, 323
NHS (next hop server), 275
no ip next-hop-self eigrp 100 command, 375
no ip split-horizon eigrp, 375
no ip split-horizon eigrp command, 282–283, 461–462, 565
O
onboarding WAN edge devices
vEdge cloud router onboarding, 662–664
OSPF (Open Shortest Path First), 47, 335
authentication, 87–89, 629–631
best-path determination, 90–91
broadcast network type, 67–69, 336–340, 411–418, 617–618
DMVPN Phase 1 configuration, 411–423
DMVPN Phase 2 configuration, 372–375, 450–461
DMVPN Phase 3 configuration, 389–390
inter-area routes, 345
LSAs (link-state advertisement), 344, 624–625
non-broadcast networks, 69–70, 618–619
point-to-multipoint network type, 71–72, 341–344, 621–622
point-to-point network type, 70–71, 341–344, 418–423, 620
outer header, 270
overlay network, 270
P
partial internet routes, 606–607
partial-mesh topology, 297–298
passive-interface command, 337–338, 390–391
ping command, 277, 285–286, 299, 306–307, 417, 422–423, 427–428, 435, 444–445, 456, 467, 476, 487–488, 497, 509, 569, 570–571, 675–676, 680–681, 728–729, 752–753, 809–810
point-to-multipoint network type, 71–72, 341–344, 621–622
point-to-point network type, 70–71, 341–344, 418–423, 620
private IP addressing, 270
protocol analyzers, 270
pseudo-multicasting, 279
public IP addressing, 270
Q-R
redundancy, hub and transport, 329–330
registration, NHRP (Next Hop Resolution Protocol), 285–289
remove-private-as all command, 126–131, 132
remove-private-as command, 119–120, 122, 123–125
RFC 6793, 118
VPN (virtual private network) and, 589–590
root bridge, 17
root port, 18
route maps, prefix lists and, 144
routing protocols, 135
RSTP (Rapid Spanning Tree Protocol), 20–28
backup port, 22
edge ports, 23
link type, 23
port roles, 21
states, 21
S
SD-Access
building the campus fabric, 855–868
configuring the policy engine, 826–834
SD-WAN
application-aware routing policy, 816–824
configuring vEdge
using a feature template, 703–729
using a vManage template, 729–753–782
using a vManage template and ZTP, 782–816
onboarding WAN edge devices
vEdge cloud router onboarding, 655–662
set origin code command, 196–197
show adjacency command, 312
show dmvpn command, 288, 290–291, 300, 301–302, 305, 369–370, 371–372, 515–516, 562
show interface e0/1 pruning command, 10–11
show interfaces trunk command, 8, 10
show ip bgp command, 120, 123, 125, 131–132, 133, 141, 145–146, 149, 160, 355, 357–359, 360, 365, 380–381, 383–384, 396–397, 401–402, 431–432, 438–439, 440–441, 445, 471–472, 479–480, 483–484, 486, 502–503, 526, 531, 554, 556
show ip bgp neighbors command, 155–156
show ip bgp summary command, 355, 363, 482
show ip bp command, 444
show ip cef command, 340
show ip cef internal command, 311, 321–322
show ip dhcp pool TST command, 581
show ip eigrp 100 neighbor command, 348, 391–392, 463–465
show ip eigrp neighbors command, 292–293, 303–304, 305–306, 376–377
show ip nhrp command, 277, 288, 307, 389, 561, 576–577
show ip nhrp multicast command, 280, 291–292, 302–303, 370
show ip ospf command, 345
show ip ospf database network command, 457–459
show ip ospf database router command, 459
show ip ospf int brief command, 672–673
show ip ospf interface brief command, 414–415, 453–454
show ip ospf neighbor command, 343, 373–374, 413, 452
show ip ospf neighbor detail command, 337
show ip protocols command, 238
show ip route bgp command, 356, 381
show ip route command, 272, 277–278, 352, 460–461, 469
show ip route eigrp 100 command, 377, 468, 490, 534, 543, 548–549, 582–583
show ip route eigrp command, 293, 295, 310, 315, 318, 320, 496–497, 554, 564–565–566–567, 568–569–570, 571, 698–700
show ip route next-hop-override command, 329
show ip route nhrp command, 325, 394, 398
show ip route nhrp nhs redundancy command, 572
show ip route ospf command, 339, 343–344, 346, 374, 413–414, 416, 420–421, 423, 452–453, 454, 677–678, 688–690, 692–693, 701–703
show ip route vpn 100 command, 674–675
show ip route vrf 100 command, 668, 669–671, 673–674, 676–677
show ip routes omp command, 681–682
show omp routes command, 664–667, 683–686, 690–692
show run interface tunnel1 command, 295
show running-config system command, 808
show sdwan control local properties command, 649–650
show sdwan omp peers command, 650
show sdwan omp routes command, 668–669
show sdwan running-config command, 643–644, 678–679
single collision domain, 16
single hub, dual cloud design, 404, 445
DMVPN Phase 1
DMVPN Phase 2
DMVPN Phase 3
implement eBGP, spokes in the same autonomous system, 441–445
potential solutions to problems, 488–492
single hub, single cloud design
DMVPN Phase 1
summarization with OSPF, 344–346
DMVPN Phase 2
DMVPN Phase 3
Spanning Tree Protocol. See also MST (Multiple Spanning Tree Protocol)
blocking ports, 18
bridges, 16
broadcast frames, 17
broadcast storm, 17
CAM (Content Addressable Memory) table, 17
convergence, 27
root bridge, 17
root port, 18
single collision domain, 16
switches, 17
unknown unicast flooding, 17
instances, 31
regions, 32
RSTP (Rapid Spanning Tree Protocol), 20–28
backup port, 22
edge ports, 23
link type, 23
port roles, 21
states, 21
spokes
adding to DMVPN cloud, 290–291
enabling multipoint GRE on, 298–306
spoke-to-spoke tunnels, 296–298
static routing, VPN (virtual private network) and, 589–590
summarization
T
TCP
active open attempt, 96
sessions, 95
three-way handshake, 353
third-party next hop, 361
three-way handshake, 353
topologies
full-mesh, 297
traceroute command, 152, 273, 316, 318–319, 320–321, 323–324, 334–335, 340, 371, 374–375, 377–379, 382, 386–387, 393, 397–398, 416–417, 455, 457, 466, 467–468, 475, 481–482, 483, 487, 490, 499, 503, 507–509–510, 517–518, 529, 534–535, 544–545, 550–551–552, 557, 558
transparent bridge, 16
trunks
show interface e0/1 pruning command, 10–11
show interfaces trunk command, 8, 10
switchport trunk pruning vlan command, 10, 11
VMA (VTP membership advertisement), 8
tunnel destination command, 274, 298, 300
tunnel mode gre multipoint command, 298, 331
tunnels, 270
DMVPN Phase 1 configuration, 331–335
DMVPN Phase 2 configuration, 368–372, 446–449
DMVPN Phase 3 configuration, 388–389, 492–494, 513–518, 539–541
GRE (Generic Routing Encapsulation), 270–272–273
mGRE (multipoint Generic Routing Encapsulation), 274–283
overlay network, 270
spoke-to-spoke, 296–298, 306–309
underlay network, 270
U
underlay network, 270
unknown unicast flooding, 17
V
verifying, DMVPN Phase 3 tunnel configuration, 388–389
virtual links, GRE tunnels and, 83–85
virtual network, 270
VMA (VTP membership advertisement), 8
VPN (virtual private network)
static and RIPv2 routing in a, 589–590
show interfaces trunk command, 8, 10
switchport trunk pruning vlan command, 10, 11
VMA (VTP membership advertisement), 8