Filtering Subnets of a Summary Using the aggregate-address Command
Manual BGP route summarization, using the aggregate-address BGP router subcommand, provides the flexibility to allow none, all, or a subset of the summary’s component subnets to be advertised out of the BGP table. By allowing some and not others, the aggregate-address command can in effect filter some routes. The filtering options on the aggregate-address command are as follows: ■ Filtering all component subnets of the summary from being advertised, by using the summary-..
Topology Change Notification and Updating the CAM
When STP reconvergence occurs, some Content Addressable Memory (CAM) entries might be invalid (CAM is the Cisco term for what’s more generically called the MAC address table, switching table, or bridging table on a switch). For instance, before the link failure shown in Figure 3-3, SW3’s CAM might have had an entry for 0200.1111.1111 (Router1’s MAC address) pointing out fa0/4 to SW4. (Remember, at the beginning of the scenario described in Figure 3-3, SW3 was blocking o..
Avoid Security Through Obscurity
When reviewing publications and commentary about security principles, you frequently encounter the postulate "security through obscurity is not security." Although it is said often, it is frequently misunderstood and is used as an excuse or justification for all sorts of security ills. Let's consider a few scenarios to better understand this axiom: • Paper currency is the basis for many of our day-to-day transactions, and counterfeiting is an ongoing concern. Nations ..
The first thing to notice is that the output includes the following line: The name for the keys will be: Router1.oreilly.com The router name and domain name are always included in the key. So it is critical to define these two values before generating the keys. If you generate the keys first and then change the router's name or domain, the keys may no longer work: Router1(config)#hostname Router1 Router1(config)#ip domain-name oreilly.com When you use the crypto key gener..
You can create a DVMRP tunnel from a Cisco router to a nonCisco DVMRP device by using the special DVMRP tunnel mode. This allows you to pass multicast traffic through a section of network that doesn't support multicast routing: Router1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router1(config)#ip multicast-routing Router1(config)#interface Tunnel0 Router1(config-if)#ip unnumbered FastEthernet0/0 Router1(config-if)#ip pim spars..
