DHCP Client on Cisco IOS

DHCP server is often used on Cisco IOS routers so you supply hosts with an IP address. We can also use DHCP client on our routers which is useful if your ISP uses dynamic IP addresses for customers.

In this blog, we’ll take a look how to configure your router as DHCP client.

Continue reading

Introduction to NAT and PAT

Without network address translation (NAT) or port address translation (PAT) you probably wouldn’t be able to access the internet from your computer or at least you’ll be the only one in the house having internet access…in this blog, we’ll discuss why and how we use NAT/PAT for Internet access.

Continue reading

Cisco PPPoE Server Configuration Example

PPP (Point to Point Protocol) was originally used on serial interfaces for point-to-point interfaces. Back in the 90s, PPP was also commonly used for internet dial-up connections. One of the advantages of PPP is that you can use it to assign an IP address to the other end. The most important advantage however, is that you can use CHAP authentication. This allows an ISP to check the username/password of a remote user.

Continue reading

How to configure GRE Tunnel on Cisco IOS Router

Tunneling is a concept where we put ‘packets into packets’ so that they can be transported over certain networks. We also call this encapsulation.

A good example  is when you have two sites with IPv6 addresses on their LAN but they are only connected to the Internet with IPv4 addresses.Normally it would be impossible for the two IPv6 LANs to reach each other but by using tunneling the two routers will put IPv6 packets into IPv4 packets so that our IPv6 traffic can be routed on the Internet.

Continue reading

GRE Tunnel Recursive Routing Error

If you configured GRE tunneling before you might have encountered the following error:

%TUN-5-RECURDOWN: Tunnel0 temporarily disabled due to recursive routing

What happened is that your router has learned the destination IP address for the tunnel interface through the tunnel itself. As a result it removed the previous entry for the tunnel destination IP address from the routing table. Now the tunnel destination is no longer reachable and it collapses.

Continue reading

IPsec (Internet Protocol Security)

IPsec (Internet Protocol Security) is a framework that helps us to protect IP traffic on the network layer. Why? because the IP protocol itself doesn’t have any security features at all. IPsec can protect our traffic with the following features:

Continue reading

Encrypted GRE Tunnel with IPSEC

GRE tunnels allow to tunnel unicast, multicast and broadcast traffic between routers and are often used for routing protocols between different sites. The downside of GRE tunneling is that it is clear text and offers no form of protection. On Cisco IOS routers however we can use IPSEC to encrypt the entire GRE tunnel, this allows us to have a safe and secure site-to-site tunnel. In this blog we will discuss how to configure an encrypted GRE tunnel with IPSEC. This is the topology that we will use:

Continue reading

VRF Lite Configuration on Cisco IOS

In this blog we will discuss about VRFs (Virtual Routing and Forwarding). By default a router uses a single global routing table that contains all the directly connected networks and prefixes that it learned through static or dynamic routing protocols.

VRFs are like VLANs for routers, instead of using a single global routing table we can use multiple virtual routing tables. Each interface of the router is assigned to a different VRF.

Continue reading

Cisco EVN (Easy Virtual Network)

In a previous blog we discuss how we can use VRF lite to create multiple virtual routing tables. EVN (Easy Virtual Network) has some “enhancements” to make configuration and management of VRF lite a bit simpler. Let’s take a look at an example topology:

Continue reading

MPLS LDP (Label Distribution Protocol)

LDP is a protocol that automatically generates and exchanges labels between routers. Each router will locally generate labels for its prefixes and will then advertise the label values to its neighbors.

It’s a standard, based on Cisco’s proprietary TDP (Tag Distribution Protocol). It’s pretty much the same story as 802.1Q/ISL or PaGP/LACP. Cisco created a protocol and a standard was created later. Nowadays almost everyone uses LDP instead of TDP.

Continue reading

MPLS Layer 3 VPN

In this blog we will look at MPLS L3 VPNs and we will build upon the things you learned in previous blogs. By now we should know what MPLS is about. What about the L3 VPN part? Here’s what it is about:

Continue reading

Introduction to DMVPN

DMVPN (Dynamic Multipoint VPN) is a routing technique we can use to build a VPN network with multiple sites without having to statically configure all devices. It’s a “hub and spoke” network where the spokes will be able to communicate with each other directly without having to go through the hub. Encryption is supported through IPsec which makes DMVPN a popular choice for connecting different sites using regular Internet connections. It’s a great backup or alternative to private networks like MPLS VPN.

There are four pieces to the DMVPN puzzle:

Continue reading

DMVPN Phase 1 Basic Configuration

IIn this blog, we’ll discuss how to configure DMVPN phase 1. We will then use this configuration in some other examples where we try to run RIP, OSPF, EIGRP and BGP on top of it. Here’s the topology that we will use:

Continue reading

DMVPN Phase 1 EIGRP Routing

In the first DMVPN blog we discussed the basics and the three different phases. I also showed you how to create a basic DMVPN phase 1 configuration. In this blog we’ll use that basic configuration and configure EIGRP on top of it. Here’s the topology we will use:

Continue reading

DMVPN Phase 1 OSPF Routing

OSPF is not the best solution when it comes to DMVPN. Because it’s a link-state protocol, each spoke router has to have the complete LSDB of the DMVPN area. Since we use a single subnet on the multipoint GRE interfaces, all spoke routers have to be in the same area.

Continue reading

DMVPN Phase 2 Basic Configuration

In this blog we discuss how you can configure DMVPN phase 2. Once we have a basic configuration then we can try to run RIP, EIGRP, OSPF and BGP on top of it.

The configuration of DMVPN phase 1 and 2 is similar except for two key items:

Continue reading

DMVPN Phase 2 RIP Routing

In the previous blog about DMVPN I discussed how to create a basic DMVPN phase 2 configuration, we’ll use this configuration and configure RIP on top of it. Here’s the topology we will use:

Continue reading

DMVPN Phase 2 OSPF Routing

As we discussed before, OSPF is not the best solution for DMVPN. It’s a link state protocol so all spoke routers have to be in the same area. When something changes on one spoke router then it will trigger SPF on the other spoke routers.

When we use DMVPN phase 2, spoke-to-spoke traffic will be direct and doesn’t go through the hub.

Continue reading