AI, ML, Development + Cisco Learning Blog Learning about Machine Learning, Artificial Intelligence, related devlopment topics and formerly Routing and Switching, Datacenter, Security and other topics, CCIE #23664, Frank Wagner

3. Oktober 2006

Order of operations on interfaces

Filed under: interfaces — ocsic @ 19:50

Here’s the order of operations for the inside-to-outside list:

  • If IPSec, then check input access list
  • Decryption—for Cisco Encryption Technology (CET) or IPSec
  • Check input access list
  • Check input rate limits
  • Input accounting
  • Policy routing
  • Routing
  • Redirect to Web cache
  • NAT inside to outside (local to global translation)
  • Crypto (check map and mark for encryption)
  • Check output access list
  • Inspect context-based access control (CBAC)
  • TCP intercept
  • Encryption

Here’s the order of operations for the outside-to-inside list:

  • If IPSec, then check input access list
  • Decryption—for CET or IPSec
  • Check input access list
  • Check input rate limits
  • Input accounting
  • NAT outside to inside (global to local translation)
  • Policy routing
  • Routing
  • Redirect to Web cache
  • Crypto (check map and mark for encryption)
  • Check output access list
  • Inspect CBAC
  • TCP intercept
  • Encryption

Source:

http://articles.techrepublic.com.com/5102-1035-6055946.html

7. Juli 2006

asyncronous / syncronous ports

Filed under: interfaces — ocsic @ 11:33

you can change a syncronous port to async with

conf t

int so

pyhsical-layer async

watch with a:

sh line

19. Mai 2006

logical interfaces

Filed under: interfaces — ocsic @ 16:07

logical interfaces are for example the loopback interface and the null interface.
The null interface is always there. if you want to drop a route you can send all packets the delta quadrant with.
ip route 192.168.1.0 255.255.255.0 null0

if you want to have an interface that is always up, maybe for your ospf routing process to stay alive you can use something like:
int loopback 0
ip add 192.168.1.1 255.255.255.0

You don’t have to use the „no shutdown“ command.

This interface will always stay tuned. 🙂

passive interface

Filed under: interfaces — ocsic @ 16:06

I you don’t want your neighbor to recive your routing updates from your ABR (Area Border Router) you can issue a passive mode on your router.

I will look like this for example RIP:

router rip
network 192.168.1.0
passive-interface e0

if Ethernet0 is the interface to your neighbor.

Powered by WordPress