Filtering Subnets of a Summary Using the aggregate-address Command
Manual BGP route summarization, using the aggregate-address BGP router subcommand, provides the flexibility to allow none, all, or a subset of the summary’s component subnets to be advertised out of the BGP table. By allowing some and not others, the aggregate-address command can in effect filter some routes. The filtering options on the aggregate-address command are as follows: ■ Filtering all component subnets of the summary from being advertised, by using the summary-..
EIGRP Configuration Options That Are Similar to RIP
Although EIGRP and RIPv2 differ quite a bit in their underlying operation, several of their features are configured almost identically. This section details these features. You can refer to Chapter 8, “RIP Version 2,” for more information on the configuration syntax for these features. ■ Authentication—EIGRP configures authentication almost exactly like RIP. EIGRP authentication commands use a keyword of eigrp asn instead of rip, using the ASN configured by the route..
When the boot field is not a hex 0 or 1, routers choose the OS through the use of the boot system configuration command. If the configuration register calls for a full-featured IOS (boot field 0x2-F), the router reads the startup-configuration file for boot system commands. If present, the router tries each boot system command, in succession, until it finds an IOS to load. If there are no boot system commands, the router takes the default action, which is to load the first fi..
NBAR classifies packets that are normally difficult to classify. For instance, some applications use dynamic port numbers, so a statically configured match command, matching a particular UDP or TCP port number, simply could not classify the traffic. NBAR can look past the UDP and TCP header, and refer to the host name, URL, or MIME type in HTTP requests. (This deeper examination of the packet contents is sometimes called deep packet inspection.) NBAR can also look past the TC..
Using Access Lists to Protect SNMP Access
You can use the following commands to restrict which IP source addresses are allowed to access SNMP functions on the router. This is the legacy method: Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#access-list 99 permit 172.25.1.0 0.0.0.255 Router(config)#access-list 99 permit host 10.1.1.1 Router(config)#access-list 99 deny any Router(config)#snmp-server community ORARO ro 99..
