Jump to content

arpitpandit

Members
  • Content Count

    8
  • Joined

  • Last visited

Community Reputation

14 Good

About arpitpandit

  • Rank
    Junior Member

Profile Information

  • Gender
    Male

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Hi Anacocito, Thanks for checking it out. Actually the third video in this playlist is very useful in some of the TSHOOT questions in CCIE. Specially there is a question with double or triple NAT where at the sending router source IP is translated and on the receiving router the destination IP is translated. So in such scenarios it helps to understand how NAT decides which IP to translate and whether NAT happens before or after routing decision Cheers!
  2. Hey Guys I have created 3 videos to understand NAT technology. Please watch and let me know how you like it. Please subscribe to the channel as more videos will be coming. Thanks. CCIE#36410
  3. Hi Friends, I have created few videos (3 exactly) to understand NAT technology from start to finish. First two videos are very useful for CCNA/CCNP but last video goes into how NAT works on core level so can watch that also just to understand this technology. If you like please subscribe as more videos will be coming soon.
  4. That's correct. Relay agent wouldn't drop the request if no option-82 is found in the first place...
  5. Hi Sandeep, 1.) The DHCP snooping is a security feature which makes sure that any rogue DHCP server wouldn't be able to hijack the DHCP Client/Server message exchange and assign the IP from itself to the Client (Basically it is the man in the middle attack) So when you activate DHCP snooping for a VLAN, all ports in that VLAN are "untrusted" and then you can configure one of the ports as "Trusted". What it means is that the trusted port is the only one which can REPLY to the DHCPDISCOVER messages from clients basically making sure this is the only port which can have a connected DHCP server or Relay agent. So now if some rogue DHCP server connected to some untrusted port, even tries to reply to client requests, it will be dropped. Moreover DHCP snooping switch also creates a database of IP addresses assigned by DHCP server to which interfaces/mac-addresses and VLANs which can be used by other security features as well like Dynamic ARP inspection and IP source guard. This is just a summary of what DHCP snooping does but I hope you got the idea. 2.) For the second question I think the first answer would give you the idea. We may need Snooping switch between Client and Relay agent for the same reason that only the legitimate Relay agent would be able to send you the replies back. 3.) This question needs a little background on DHCP options: DHCP has a concept of Options which is additional configurations apart from IP addressing, which can be sent to client depending on option value. A client can request IP along with specific Option code which will tell DHCP server to treat the client according to some predefined rules for that option e.g. DHCP server can provide the information about the TFTP server in the network, assigning some QOS markings, can keep track of the actual physical location of the client. In fact that's what option-82 helps in exactly, helping DHCP server to keep the track of exact physical location (interface and vlan) a client is connected to. Option-82 has 2 sub-options (or 3, depending on vendor) called "Circuit-ID" and "Remote-ID" Circuit-ID is the interface or vlan, the client send the DHCPDISCOVER request on. Remote-ID is the switch mac address where the request has been received. The DHCP snooping switch or Relay agent can insert this information, which DHCP server can use to assign IP address from a class defined on it and also keep track of the physical location of the client. This helps prevent the spoofing attacks where a rogue client can send packets from a different location. But for this feature to be utilised, DHCP server should also be configured to respond to Option-82 otherwise it would just ignore it. I hope it gives you some basic idea what is the importance of DHCP snooping switch and Option-82 (Information Option) Cheers!
  6. Hey guys, The relationship between DHCP snooping switch and DHCP relay agent maybe a little confusing so I wrote this article just to clarify the connection and the role of Option-82. Hope this will help. First we need to understand the difference between a DHCP snooping switch and RELAY AGENT switch. DHCP Snooping switch is on layer 2 level and it just reads the DHCPDISCOVER broadcast and then forward them to all other ports in the VLAN. In this process it may associate the option 82 (Information Option) to it as well. Relay Agent is the first Layer 3 device which receives the DHCPDISCOVER message. And this devices associates the "giaddr" with Discover message as the IP address of the interface which received the Discover message. Now the catch is, that Relay agent expects the DISCOVER message to be received directly from the client but instead it receives it via Snooping switch and hence sees the option-82 already there and drops the message! So if you are using a DHCP snooping switch between Relay agent and client and the snooping switch is inserting option 82 (which it does by default) then you must configure the following command on relay agent: globally for all interfaces : ip dhcp relay information trust-all in individual interface: ip dhcp relay information trusted One assumption: If the DHCP snooping switch has ANY ip address configured (even loopback), it will insert that in the giaddr field and relay agent wouldn't drop it at the first place (checked it myself twice, but this maybe because of some other reason...couldn't check it thoroughly) Cheers!
  7. @pehhboy77 The IOU is available on routereflector.com and the tutorial as well. I don't own anything just used it.
  8. Hey Guys, We get only 2 hours in troubleshooting section so how should we approach for it so that we can do it in less than 2 hours? So we have got IOUs to practice with but here I have created some pdfs with step-by-step procedure for troubleshooting MPLS, MSDP, IPv6 any Control Plane AND Data Plane troubleshooting. It has got the steps and the commands. Remember there is no shortcut in troubleshooting but there certainly is a structure. Enjoy! troubleshooting.zip
×
×
  • Create New...