tag:blogger.com,1999:blog-30590557681802165802024-03-06T01:09:29.565+05:30Routing | Switching | Security | Network Design | Consultant | management | MonitoringA blog about the IT network and the trip of consultants. How things change in your life as an IT professional in security engineering/networks or systems and we will solve it with a new style. The exchange of knowledge is winning.Anonymoushttp://www.blogger.com/profile/10044874240885266463noreply@blogger.comBlogger359125tag:blogger.com,1999:blog-3059055768180216580.post-23124746328911040302019-11-02T22:26:00.000+05:302019-11-02T22:26:20.385+05:30Cisco Router IPSec VPN with Dynamic IP address<div dir="ltr" style="text-align: left;" trbidi="on">
<span class="tlid-translation translation" lang="en" tabindex="-1">Last month, I worked on an IPSec VPN site-to-site connection project between the Sophos XG firewall and Cisco routers that connect more than 50 branches. Where both ends have a dynamic public IP address. I am not willing to share the configuration of the Sophos XG router or firewall, but I am willing to share a dynamic IP address solution for the IP address.</span><br />
<br />
<b>Technical Details</b>: <span class="tlid-translation translation" lang="en"> Sophos XG is installed in the client's central office with a dynamic public IP address (which will resolve to FQDN) and also the Cisco router installed with a dynamic public IP address in branches. We plan to redirect all traffic in the central office for the intranet and internet for the implementation of security policies. </span><br />
<br />
<b>Issue:</b><span class="tlid-translation translation" lang="en"> Both Headoffice and remote sites have a dynamic public IP address, so routers could not connect VPN after changing the IP address in Sophos XG (Headoffice). We use a DynDNS in the central office only due to budget constraints and simplify the administrative process.</span><br />
<br />
<b>Root cause:</b><span class="tlid-translation translation" lang="en"> Cisco has a predefined method to resolve DDNS only once during configuration. If you set up IPSec VPN with an FQDN as the "set target peer" command but the show run command shows the IP address instead of the name. This is because the resolution occurs only once:</span><br />
<br />
<br />
<span class="tlid-translation translation" lang="en"><b>How we solved the problem</b>: there is a simple method to solve this problem since your router must resolve the FQDN from time to time, so we plan to use the EEM scripts. Here, the client also added some additional requirements, as it must obtain the IP address of the interface when connecting or disconnecting the VPN services of each Cisco router.</span><br />
<br />
<span class="tlid-translation translation" lang="en" tabindex="-1">Then, we had chosen an additional and fast method to detect inactive VPN and erase peer SAs and update the FQDN at a specific interval. We use the EEM and IP SLA script for the same as:</span><br />
<br />
<div class="x_MsoNormal">
<span style="color: #666666;"><i><span style="font-family: "Segoe UI",sans-serif; font-size: 12.0pt;">ip sla 2</span></i></span></div>
<span style="color: #666666;"><i>
</i></span><div class="x_MsoNormal">
<span style="color: #666666;"><i><span style="font-family: "Segoe UI",sans-serif; font-size: 12.0pt;">icmp-echo 10.100.1.90 source-ip 10.100.119.90 </span></i></span></div>
<span style="color: #666666;"><i>
</i></span><div class="x_MsoNormal">
<span style="color: #666666;"><i><span style="font-family: "Segoe UI",sans-serif; font-size: 12.0pt;">threshold 300</span></i></span></div>
<span style="color: #666666;"><i>
</i></span><div class="x_MsoNormal">
<span style="color: #666666;"><i><span style="font-family: "Segoe UI",sans-serif; font-size: 12.0pt;">timeout 600</span></i></span></div>
<span style="color: #666666;"><i>
</i></span><div class="x_MsoNormal">
<span style="color: #666666;"><i><span style="font-family: "Segoe UI",sans-serif; font-size: 12.0pt;">frequency 2</span></i></span></div>
<span style="color: #666666;"><i>
</i></span><div class="x_MsoNormal">
<span style="color: #666666;"><i><span style="font-family: "Segoe UI",sans-serif; font-size: 12.0pt;">ip sla schedule 2 life forever start-time now</span></i></span></div>
<span style="color: #666666;"><i>
</i></span><div class="x_MsoNormal">
<span style="color: #666666;"><i><span style="font-family: "Segoe UI",sans-serif; font-size: 12.0pt;">!</span></i></span></div>
<span style="color: #666666;"><i>
</i></span><div class="x_MsoNormal">
<span style="color: #666666;"><i><span style="font-family: "Segoe UI",sans-serif; font-size: 12.0pt;">track 2 ip sla 2 reachability</span></i></span></div>
<div class="x_MsoNormal">
<span style="font-family: "Segoe UI",sans-serif; font-size: 12.0pt;">!</span></div>
<div class="x_MsoNormal">
<span class="tlid-translation translation" lang="en" tabindex="-1">Here, 10.100.1.90 is the IP address of the central office and 10.100.119.90 is the IP address of the LAN interface of the branch office router.</span></div>
<div class="x_MsoNormal">
<span style="font-family: "Segoe UI",sans-serif; font-size: 12.0pt;"> </span></div>
<div class="x_MsoNormal">
<span style="color: #999999;"><span style="font-family: "Segoe UI",sans-serif; font-size: 12.0pt;">event manager environment _email_to notify@xyz.net</span></span></div>
<span style="color: #999999;">
</span><div class="x_MsoNormal">
<span style="color: #999999;"><span style="font-family: "Segoe UI",sans-serif; font-size: 12.0pt;">event manager environment _email_from notify@xyz.net</span></span></div>
<span style="color: #999999;">
</span><div class="x_MsoNormal">
<span style="color: #999999;"><span style="font-family: "Segoe UI",sans-serif; font-size: 12.0pt;">event manager environment _email_server mail.xyz.net</span></span></div>
<div class="x_MsoNormal">
<span style="color: #999999;"><span style="font-family: "Segoe UI",sans-serif; font-size: 12.0pt;">! </span></span></div>
<span style="color: #999999;">
</span><div class="x_MsoNormal">
<span style="color: #999999;"><span style="font-family: "Segoe UI",sans-serif; font-size: 12.0pt;">event manager applet IPSec_Down</span></span></div>
<span style="color: #999999;">
</span><div class="x_MsoNormal">
<span style="color: #999999;"><span style="font-family: "Segoe UI",sans-serif; font-size: 12.0pt;">event syslog pattern "%TRACK-6-STATE: 2 ip sla 2 reachability Up -> Down"</span></span></div>
<span style="color: #999999;">
</span><div class="x_MsoNormal">
<span style="color: #999999;"><span style="font-family: "Segoe UI",sans-serif; font-size: 12.0pt;">action 1.0 cli command "enable"</span></span></div>
<span style="color: #999999;">
</span><div class="x_MsoNormal">
<span style="color: #999999;"><span style="font-family: "Segoe UI",sans-serif; font-size: 12.0pt;">action 1.5 cli command "clear crypto isakmp"</span></span></div>
<span style="color: #999999;">
</span><div class="x_MsoNormal">
<span style="color: #999999;"><span style="font-family: "Segoe UI",sans-serif; font-size: 12.0pt;">action 1.6 cli command "clear crypto sa"</span></span></div>
<span style="color: #999999;">
</span><div class="x_MsoNormal">
<span style="color: #999999;"><span style="font-family: "Segoe UI",sans-serif; font-size: 12.0pt;">action 2.0 cli command "config t"</span></span></div>
<span style="color: #999999;">
</span><div class="x_MsoNormal">
<span style="color: #999999;"><span style="font-family: "Segoe UI",sans-serif; font-size: 12.0pt;">action 2.5 cli command "crypto map IPSEC-SITE-TO-SITE-VPN 10 ipsec-isakmp "</span></span></div>
<span style="color: #999999;">
</span><div class="x_MsoNormal">
<span style="color: #999999;"><span style="font-family: "Segoe UI",sans-serif; font-size: 12.0pt;">action 2.9 cli command "set peer sophos.xyz.co"</span></span></div>
<span style="color: #999999;">
</span><div class="x_MsoNormal">
<span style="color: #999999;"><span style="font-family: "Segoe UI",sans-serif; font-size: 12.0pt;">action 3.0 cli command "end"</span></span></div>
<span style="color: #999999;">
</span><div class="x_MsoNormal">
<span style="color: #999999;"><span style="font-family: "Segoe UI",sans-serif; font-size: 12.0pt;">action 4.5 syslog priority notifications msg "VPN failed at Brach1"</span></span></div>
<span style="color: #999999;">
</span><div class="x_MsoNormal">
<span style="color: #999999;"><span style="font-family: "Segoe UI",sans-serif; font-size: 12.0pt;">!</span></span></div>
<div class="x_MsoNormal">
<br /></div>
<div class="x_MsoNormal">
<span class="tlid-translation translation" lang="en" tabindex="-1">Here, you can see that we are detecting the status of the track and once it detects that it is inactive, the router will execute some commands to clear the existing Phase 1 and 2 tunnels and add a new DYDNS name under the crypto map. It will help us deactivate the VPN immediately after the IP SLA fails without the wait for a timeout.</span></div>
<div class="x_MsoNormal">
<span style="font-family: "Segoe UI",sans-serif; font-size: 12.0pt;"> </span></div>
<div class="x_MsoNormal">
<span style="color: #999999;"><span style="font-family: "Segoe UI",sans-serif; font-size: 12.0pt;">event manager applet NEW_DNS_Update</span></span></div>
<span style="color: #999999;">
</span><div class="x_MsoNormal">
<span style="color: #999999;"><span style="font-family: "Segoe UI",sans-serif; font-size: 12.0pt;">event timer watchdog time 120</span></span></div>
<span style="color: #999999;">
</span><div class="x_MsoNormal">
<span style="color: #999999;"><span style="font-family: "Segoe UI",sans-serif; font-size: 12.0pt;">action 1.0 cli command "enable"</span></span></div>
<span style="color: #999999;">
</span><div class="x_MsoNormal">
<span style="color: #999999;"><span style="font-family: "Segoe UI",sans-serif; font-size: 12.0pt;">action 1.5 cli command "config t"</span></span></div>
<span style="color: #999999;">
</span><div class="x_MsoNormal">
<span style="color: #999999;"><span style="font-family: "Segoe UI",sans-serif; font-size: 12.0pt;">action 2.0 cli command "crypto map IPSEC-SITE-TO-SITE-VPN 10 ipsec-isakmp "</span></span></div>
<span style="color: #999999;">
</span><div class="x_MsoNormal">
<span style="color: #999999;"><span style="font-family: "Segoe UI",sans-serif; font-size: 12.0pt;">action 2.5 cli command "set peer </span><span style="font-family: "Segoe UI",sans-serif; font-size: 12.0pt;"><span style="font-family: "Segoe UI",sans-serif; font-size: 12.0pt;">sophos.xyz.co</span>"</span></span></div>
<span style="color: #999999;">
</span><div class="x_MsoNormal">
<span style="color: #999999;"><span style="font-family: "Segoe UI",sans-serif; font-size: 12.0pt;">action 3.0 cli command "end"</span></span></div>
<span style="color: #999999;">
</span><div class="x_MsoNormal">
<span style="color: #999999;"><span style="font-family: "Segoe UI",sans-serif; font-size: 12.0pt;">action 4.5 syslog priority notifications msg "DNS_Updated_IPSEC"</span></span></div>
<span style="color: #999999;">
</span><div class="x_MsoNormal">
<span style="color: #999999;"><span style="font-family: "Segoe UI",sans-serif; font-size: 12.0pt;">!</span></span></div>
<div class="x_MsoNormal">
<span class="tlid-translation translation" lang="en" tabindex="-1">Here, we are updating the FQDN every 120 seconds so that the router has updated the DYDNS resolution.</span></div>
<div class="x_MsoNormal">
<span style="font-family: "Segoe UI",sans-serif; font-size: 12.0pt;"> </span></div>
<div class="x_MsoNormal">
<span style="color: #999999;"><span style="font-family: "Segoe UI",sans-serif; font-size: 12.0pt;">event manager applet IP_Change_Down</span></span></div>
<span style="color: #999999;">
</span><div class="x_MsoNormal">
<span style="color: #999999;"><span style="font-family: "Segoe UI",sans-serif; font-size: 12.0pt;">event syslog pattern "%TRACK-6-STATE: 2 ip sla 2 reachability Up -> Down"</span></span></div>
<span style="color: #999999;">
</span><div class="x_MsoNormal">
<span style="color: #999999;"><span style="font-family: "Segoe UI",sans-serif; font-size: 12.0pt;">action 1.0 cli command "enable"</span></span></div>
<span style="color: #999999;">
</span><div class="x_MsoNormal">
<span style="color: #999999;"><span style="font-family: "Segoe UI",sans-serif; font-size: 12.0pt;">action 3.6 cli command "sho ip interface brief | exclude unassigned"</span></span></div>
<span style="color: #999999;">
</span><div class="x_MsoNormal">
<span style="color: #999999;"><span style="font-family: "Segoe UI",sans-serif; font-size: 12.0pt;">action
4.0 mail server "$_email_server" to "$_email_to" from "$_email_from"
subject "$_event_pub_time: VPN & IP address failed at Brach1" body "$_cli_result"</span></span></div>
<span style="color: #999999;">
</span><div class="x_MsoNormal">
<span style="color: #999999;"><span style="font-family: "Segoe UI",sans-serif; font-size: 12.0pt;">action 4.5 syslog priority notifications msg "VPN down & IP at Branch1 mail sent"</span></span></div>
<div class="x_MsoNormal">
<span style="font-family: "Segoe UI",sans-serif; font-size: 12.0pt;">!</span></div>
<div class="x_MsoNormal">
<span class="tlid-translation translation" lang="en" tabindex="-1">Somehow, if the VPN goes down, the client will receive the public IP address of the router. If necessary, you can access the router using the public IP address (do not worry, we have taken some additional steps for SSH security).</span></div>
<div class="x_MsoNormal">
<span style="font-family: "Segoe UI",sans-serif; font-size: 12.0pt;"> </span></div>
<div class="x_MsoNormal">
<span style="color: #999999;"><span style="font-family: "Segoe UI",sans-serif; font-size: 12.0pt;">event manager applet IP_Change_up</span></span></div>
<span style="color: #999999;">
</span><div class="x_MsoNormal">
<span style="color: #999999;"><span style="font-family: "Segoe UI",sans-serif; font-size: 12.0pt;">event syslog pattern " %TRACK-6-STATE: 2 ip sla 2 reachability Down -> Up"</span></span></div>
<span style="color: #999999;">
</span><div class="x_MsoNormal">
<span style="color: #999999;"><span style="font-family: "Segoe UI",sans-serif; font-size: 12.0pt;">action 1.0 cli command "enable"</span></span></div>
<span style="color: #999999;">
</span><div class="x_MsoNormal">
<span style="color: #999999;"><span style="font-family: "Segoe UI",sans-serif; font-size: 12.0pt;">action 3.6 cli command "sho ip interface brief | exclude unassigned"</span></span></div>
<span style="color: #999999;">
</span><div class="x_MsoNormal">
<span style="color: #999999;"><span style="font-family: "Segoe UI",sans-serif; font-size: 12.0pt;">action
4.0 mail server "$_email_server" to "$_email_to" from "$_email_from"
subject "$_event_pub_time: VPN up & IP address at Branch1"
body "$_cli_result"</span></span></div>
<span style="color: #999999;">
</span><div class="x_MsoNormal">
<span style="color: #999999;"><span style="font-family: "Segoe UI",sans-serif; font-size: 12.0pt;">action 4.5 syslog priority notifications msg "VPN up & IP Branch1 mail sent"</span></span></div>
<span style="color: #999999;">
</span><div class="x_MsoNormal">
<span style="color: #999999;"><span style="font-family: "Segoe UI",sans-serif; font-size: 12.0pt;">!</span></span></div>
<div class="x_MsoNormal">
<span style="color: #999999;"><span style="font-family: "Segoe UI",sans-serif; font-size: 12.0pt;"><span style="color: black;"><span style="font-family: "Segoe UI",sans-serif; font-size: 12.0pt;">Once the VPN will restore then the client will also receive the router's public IP
address. </span></span></span></span></div>
<div class="x_MsoNormal">
<span style="color: #999999;"><span style="font-family: "Segoe UI",sans-serif; font-size: 12.0pt;"><span style="color: black;"><span style="font-family: "Segoe UI",sans-serif; font-size: 12.0pt;"> </span></span> </span></span></div>
</div>
Deepak Kumarhttp://www.blogger.com/profile/01493110319668740028noreply@blogger.com0tag:blogger.com,1999:blog-3059055768180216580.post-79856758690286652762019-07-31T18:06:00.000+05:302019-07-31T18:06:11.174+05:30Sophos XG VPN issue with FortiGate and Sophos SG Devices<div dir="ltr" style="text-align: left;" trbidi="on">
<div style="text-align: justify;">
Last week, my customer has raised a case with us. He is using a site to site IPSec VPN between Sophos XG and Sophos SG devices. The tunnel was not getting up. After verifying logs on the XG device, we found the root cause as Local and Remote ID mismatch. But How? Because we can't change Local ID on the SG devices so there was no Remote ID was assigned on the XG firewall.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
I remember that same issue I faced between FortiGate and Sophos XG devices.</div>
<br />
Let's come on the issue, finding and resolution.<br />
<br />
<b><span style="color: red;">Case 1: IPSec VPN between SG and XG firewall.</span></b><br />
<b>Finding/Root Cause:</b> As XG firewall was showing Remote ID mismatch error so I started investigating the issue was found as SG firewall was sending Its LOCAL ID as It's WAN IP address but As Sophos XG firewall was having remote gateway as DYDNS address so XG was looking remote ID as the same DYDNS address.<br />
<br />
<u>Sophos SG Configuration: </u><br />
Remote Gateway: DYDNS address of the XG firewall.<br />
Local & Remote ID: not enabled.<br />
<br />
<u>Sophos XG Configuration:</u><br />
Remote Gateway: DYDNS address of the SG Firewall<br />
Local & Remote ID: not enabled.<br />
<br />
<u>Here Point to be noted we had not enabled the Remote ID/Local ID on the XG and SG firewall. But still, Sophos XG firewall was looking to match remote ID.</u><br />
<br />
I found some tricky solution as If I will assign Remote ID <b>0.0.0.0</b> on the XG firewall then tunnel getting UP. I had discussed with the Sophos tech team about remote ID 0.0.0.0 and meaning of it. He told me that avoids assigning <b>0.0.0.0</b> as remote ID it means you are going to accept any remote ID for this tunnel means you really don't care about the Remote ID (remote device local ID).<br />
<br />
I checked on the SG firewall, gone through the configuration guide and found that we can't change LOCAL IPSec VPN ID on the SG firewall and it was the default behavior of the box.<br />
<br />
<b>Issue Resolved: </b>As Customer has configured XG firewall in respond mode, So there is no such requirement to configure remote Gateway so I changed to the any. We also disabled the remote ID on the XG firewall. Due to the respect of the customer security concern, I enabled Local ID on the XG firewall and Remote ID was also enabled on the SG firewall. Wow VPN getting UP.<br />
<br />
<b>Case 2: <span style="color: red;">IPSec VPN between Fortigate and XG firewall</span></b><br />
<b>Finding/Root Cause: </b>Here, The Fortigate was having a dynamic WAN IP address but Sophos was configured with Static public IP address. So the Customer configured a DYDNS on the Fortigate and was trying to establish IPSec VPN between both devices.<br />
<br />
<u>Fortigate Configuration: </u><br />
Remote Gateway: Public IP of the XG firewall.<br />
Local & Remote ID: not enabled.<br />
<br />
<u>Sophos XG Configuration:</u><br />
Remote Gateway: DYDNS address of the Fortigate Address<br />
Local & Remote ID: not enabled.<br />
<br />
<u>Here Point to be noted we had not enabled the Remote ID/Local ID on the XG and FortiGate firewall. But still, Sophos XG firewall was looking to match remote ID with DYDNS address of the FortiGate firewall.</u><b style="text-decoration-line: underline;"> </b>But FortiGate was sending Local ID as WAN Interface IP address.<br />
<br />
<b>Issue Resolved: </b>I had login in the Fortigate device and changed Local ID as it's DYDNS address in the VPN configuration portal. Wow... The issue was resolved.<br />
<br />
Here I have a concern about Sophos XG/Strongswan VPN architecture that If you had disabled the Remote ID then why it is still looking remote ID must be matched if you had configured Remote gateway as DYDNS address of the remote device?<br />
Maybe it is part of the security but not sure. There are no such clear documents on the Sophos website for the same.<br />
<br />
Let's move forward and resolve the issue while I will try to get an answer from the Sophos team.<br />
<br />
<br />
<br />
<br />
<br /></div>
Deepak Kumarhttp://www.blogger.com/profile/01493110319668740028noreply@blogger.com0tag:blogger.com,1999:blog-3059055768180216580.post-8106177170755369032019-07-15T17:49:00.000+05:302019-07-15T17:50:25.960+05:30Are you planning for CCNP before February 23, 2020?<div dir="ltr" style="text-align: left;" trbidi="on">
<div style="text-align: justify;">
<span style="font-family: "georgia" , "times new roman" , serif;"><br /></span></div>
<div style="text-align: justify;">
<span style="font-family: "georgia" , "times new roman" , serif;">As we all are aware of recent changes in the Cisco certifications. This is a big change in the Cisco Education/Learning module from the last few years. If you are looking CCNP certification before this changes then you are not an alone person in the queue, I am also in the same queue. Recently I cleared CCNP Switch 300-115 certificate in the first attempt. Now I am busy in next certificate as <a href="https://www.ucertify.com/exams/ccnp-route-300-101.html" target="_blank">CCNP Route 300-101</a> and I found the best place (<a href="http://www.ucertify.com/">www.ucertify.com</a>) where everything is a well-organized, study planner, simple and easy language, Quizzes and flashcards on each topic at end of each lesson. Really I like its Exercises option and it is best for the exam preparation and interviews.</span></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh0KH5avS4J03jzF0VtQg-quP1VgjXHMVNPs9p_N-psCxYktZSLKnMSXqnnynXZnd9mC-LcsyrPJCvWaX1L0gFgbBao72oCNG1oTdI-yYVUR-1tmGvpkl8MysqyCUXDkC8UdXRageHp20A/s1600/CCNP_ROUTE_000gqA.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="352" data-original-width="915" height="151" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh0KH5avS4J03jzF0VtQg-quP1VgjXHMVNPs9p_N-psCxYktZSLKnMSXqnnynXZnd9mC-LcsyrPJCvWaX1L0gFgbBao72oCNG1oTdI-yYVUR-1tmGvpkl8MysqyCUXDkC8UdXRageHp20A/s400/CCNP_ROUTE_000gqA.png" width="400" /></a></div>
<br />
<br />
<div style="text-align: justify;">
<span style="font-family: "georgia" , "times new roman" , serif;">As you are studying CCNP so you need topics with a technical deep dive for a future interview, planning, and troubleshooting of a network. This is a negative point for this course but this course is designed for CCNP route exam so it is ok. Overall I am very happy with the course. I hope you will also enjoy this course and it is here: <a href="https://www.ucertify.com/exams/ccnp-route-300-101.html">https://www.ucertify.com/exams/ccnp-route-300-101.html</a></span></div>
<div style="text-align: justify;">
<span style="font-family: "georgia" , "times new roman" , serif;"><br /></span></div>
<div style="text-align: justify;">
<span style="font-family: "georgia" , "times new roman" , serif;">I feel that adding certifications in your resume will open more opportunity and good salary hike. Here, I do not ignore experience and knowledge of technology but certification is an addon. As <a href="http://www.ucertify.com/">www.ucertify.com</a> is simplifying things for exam and interview preparation. Best of luck for your certification and career.</span></div>
<br />
<br />
<br /></div>
Deepak Kumarhttp://www.blogger.com/profile/01493110319668740028noreply@blogger.com0tag:blogger.com,1999:blog-3059055768180216580.post-77195048216660582732019-01-03T12:22:00.000+05:302019-01-03T12:22:09.498+05:30How Sophos XG firewall handling IPSec VPN Pre-shared Keys<div dir="ltr" style="text-align: left;" trbidi="on">
<span style="font-family: "Courier New", Courier, monospace;">I am wondering that How to Sophos XG firewall is handling Preshared key for IPSec VPN. I configured more than 100 XG firewalls and VPN but never minded. Today I am going to implement 49 VPNs (Site to Site) on XG 210 on 17.5 GA version.</span><br />
<span style="font-family: "Courier New", Courier, monospace;"><br /></span>
<span style="font-family: "Courier New", Courier, monospace;"><img alt="" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAp4AAACYCAIAAADC0n7wAAAZO0lEQVR4nO3dT3AU14HHcV19ypkTqaJymPJeUt7a2kMqlZQ3VUntXramulJTrErlxStjEAwSSECK8XoxKS02GxxnseOloCxjMjEQW1HWfzAhSoyX2CBgQGACyFkDsfmzRgKPsERLGu2he3ped7/Xf2a6p6We76fmAKP+897rP7/pN2+623QAALDoPfj5z/9z86YNP9rc25Z0UQAAQARu3761cWPPpk3riXYAANLhQV9v98aNPUQ7AAApsWF9vq+vm2gHACAl1ves7d2wjmgHACAlerrXbFifJ9oBAEiJ7nVd63vWEu0AAKTEuvxqoh0AgPRYl1/d072GaAcAICWIdgAAUiW/dlX3ui6iHQCAlCDaAQBIFaIdAIBUWbvmSaIdAID0WLvmyXX51SGi/dTuLs1heceqvp1vlMbjKaGxwm1D8Sw9eAm6dp9y/WVom+IPAAAkpc5ob8//a79ha9+qjuWapmm5Ff1DV2MoIdEOAEAIdUa7Pc7GP3w5n9M0rfPF45EXkGgHACCMNV0rG492XS8PPq1pmpbfc7Y6yeMvDI8O7uxb2Z6rxvL4h8Vnule054w+/O5nBoZrF/nlsaO7C+blv7a8Y1Vh99GxsrjCbW98WHymu2O5pmm59pWF3cK8erm6Ik3Tcu0rurcLXw7UURa9PDq43ViVtryje/vgOy8HjParQ9s6NE3r2DY4VtZ1vTz29i6rT6N9Zd/OwdGyruv6xwM9mqa1P3u4XFvS+y88rmna5mIc/R4AgJby2GPtK1Z0NBztRsiZbxuTdHR0aNryju4t/fuP63r55O58TjPf2NrXuVzTNK3zhffLuq7r5SM7Osz429q/xUzVjh1HyrUV5nK5XPvKvq1bzQzP5feYJbh6YEuuOrP11959H4vFDVEW/cZb/R1GGOdrfw0Q7eZSc/ndJ8u6buW8Wam8Ua4tB67qsmw/sqNd03JPHboRfEMAABaX48ePX72qvIIbHh6+fft2JCvK51d3h7obnTzajbDSevddsSbR2rcUR6vZdePQUzlNa396sFqn8eHnOzVN23Lghl69ZDX+reu6frW4ubYOc2ldL580F3Z18Ol2TdPadxzRdV2/sq/X9tfy4Wfbrf6DOspy48AWx+qMiPaJduuCvTre4PiLnfZyjRW35DTt8Rfetwpt1kCvJvu2obJrDQCAVDh//nxvb+9TTz0lTfd33323t7f3xz/+8dTUVOPrajzayzcvvPdCXrxWNiYxQsw219ODQnYNbbMmOrsnr2la1/Pv/Ukyyt6YtRrVtVnNvvXyzU8uX758fVz+1/BlkXx0MT55eET7h8ZYA+uC3frTqpdPOtcrfoAws934NGLvoAcApMr09PSePXuk6W7kel9f38jISCTrWrt2VT3R7iYMkJdkp2ouM4GvDvWvyBmLaV+xqm/rruL7VspLhtHZwlvXx0tHBnb1WzZ2uqI9RFkk0e4zjK69oyOnaZr2T08P3nD8ScJcjNl1sOMIyQ4ALUKa7pHnul53tNd+/Nbf3/+T3cUjp26WHZPYwth4q3Njv9N+a0z9+PUPjxR3/2RLdXRbtW/bJ9qrX43LPzOEL0v4aNc0TVu+fLmmaR39b92w/cnWTIYX37qi67qQ7eWhbTlHvwIAIJ0c6R5Hrut1R7vnD76UcWq7eB6/fvny5U9uyi5Vx9/ub9fs39yrot0cmt/14gfWkiQd8iHKEr5DXsvld58cM79rt8Ld3SHv+OrAjPTnX9iWi+lngwCAhcdK982bN8eR63rTot38brk2dK18bm+PVv0K3bjCrfVIm0PhgkS7MSBNCGpzkJ1HtHuXJfwwOjO/HQPpzM8D1mLMzyu5/reqM5u1VC0bAJBS09PT27dv7+3t7e3tPXz4cOTLb1K0V3/fVv3Bmf0XbB/v67V+v9bv/AGbT4e8MRLd+Kma8cO5XC7nGe3eZZH8+M1YoP/v2u3hbquU9Ys+ocu+lu09Ax8Ha3wAQAoY/fAG1Zj5RjQr2nVdvzo8YN50xn1nmfHSGzurd3dx/NFvGJ1wgxnjvjDGHWY8ot2nLK5b1owOqm4657wbnT3cxVvpOO7DY67IyHaSHQBah/X9+okTJ1Rj5hsUOtoRHeNuALXf8wMA0s0xbs7jF3GNINqTc2p3F7egA4CWIR0PH0e6E+2JOf5iJ8kOAC3i3LlzqvHwVrpv27YtkrvREe0AADTDwYMHVb9zm56e3rdv38WLFyNZEdEOAECqEO0AAKQK0Q4AQKoQ7QAApArRDgBAqhDtAACkCtEOAECqEO0AAKQK0Q4AQKoQ7QAApArRDgBAqhDtAACkCtEOAECqEO0AAKQK0Q4AQKoQ7QAApArRDgBAqhDtAACkCtEOAECqEO0AAKQK0Q4AQKoQ7QAApArRDgBAqhDtAACkCtEOAECqNDnab8+dODzTrJUBANCCmhrtM6Ob5vcvqYyON2d1AAC0oCZG+9SJysG2+f1t8wf756aasUK4lUqlWKfHgpW+TZm+Gi1YCTY1W7k+TYv2r2aPf3d+f5v5On4p/jU6lQqZNplsUdf1Ytb8h0Mx25YpNLprWQtx/yM6qhrUlAqZUGsVp/dfenM1pTzylTSrKYpZY/8Mtsm8d62FvCnr46hR1EdTtGqb8rmmFjWaHTjseSNC6dtvm6dZ0X59/3yxrRbtxe9Xrse+TiXJvtqc/YZoj0r6oz3kalo52he6xFqcaG9hzYn223OHH6rluvE6/HZi4+lU0V6wruutv9ZOlMJFv/zUae52pUKmugtW1xPwqt2+79b+V8y2ZQpFa/Xi7l29HGjLFArC3PYOimzR/pZYUOWFoWN6Vfv4Lsej/KVCxii2Nad8UbJ31eWR1D3EupRNKt1MxjLU7ek4Gwl7iaKpxRklm9ujgh67VoSbUpjENoF0Rsd2tx9TkvfVBXCu1F0ja+pQJQlQ4Ybra9+UYlGle5rqJBD1DlxwH4/SZYpN/ZznWc6jSOE2imSuhvdb3zNLm+04tpq6utGcTRXgSElaM6J95myPM9f3t83vX1I5ezvW9Sopot3adMWseGBmCiX7ESf7+Fg7axezmUzGfpZtPNrtO577mLJNY1tOMdsmm97WBIqP5arli+0TZDle5XecZiWLkre8x/ZS1t1/XeoqO6qTLdpqEqjw8mS3LUWoiOoiRVXBcFftjWxK65OiuC/JquC1jcIUQLlSV4d8yJL4HdQR1VdctriZHIHoG+1R7sB+5xP5Mj3PckGK5Nys0uYSRLTfqs8hkkNJ/LwurtPeDH5HSvLij3Zr9Jz7ldR4Ot8OeccVc0l15NsXUN3Bs9msde6vfpHfaLQL667+V/G2pGDuQ9c5sTJ15EFj/S/QclQFtW8G1aKCdCqGqnvwdXmt2n4uUraD4xJf2sbObhjpVpdz76jBor3OTSktk7IKwfZn3wLIG0IW7WFLEuSgjqC+smi3byUhX72iPdId2PVf5Q5gP2+oznJBN5/s0FAWNc79VtUqrk9uzn8HOuklL+5o/2r22CPyXDdex87Ftmq1OqJd6IFRbMVi1tzumUKxkMkUStV3ooh2Z+9TplByVkJ2xrF3Ndk/drq4CuR/XAVbjrz8jhKrFyVtee/zgrzuvuvya1LHwqX9us52sJ0xpAtzdV1KLviVZWhz7SR1RnuQTam8JJJXIVy0B90o8hpJ8jJASXwO6ojqK4n2oJ/o7EWNbgdWnE/UB6DQ1PKznFeR5IuNJtqDn8oUG9p1KNkaUWwrc5XB1pi8mKPdMXrO/UpkPF090S78Rb4pS4WMsSdni8bubrxhW0hzot0so+sCXdGjFKiZ1MeV/3ICR7vnouwt7xUbqrr7rit4tJsf3sUuWlXhzYUoPtqHjnZVBaOIdr9NGXu0B9ko8hrVF+3CG7KDekFHe0M7cIDziXypyrNcyM3nUVPV3I2cgoSZ7OcQyaEUJNoXYJK7xBrt1+bedo2ec7/efqPZ4+kaiHbV/Ma72YKxo5eMMS/OU0/90R6gA836r2PZsmj3viSUVVNRtkDLURXUfuIJVyR1edR191+XqqTyiQK2Z6mQMYb/yCYI2yGvrGCj0R6o/aXTxNUh77nSSDrklQuMtr6SaHdspYAd8lHvwPb/KncAW8soz3LhNp9HTVWrbuQUJFum6lDyi/bwa0xGjNHuHD3363+bu/LnmVufzV4Zqvz6a0mOp6sj2sW/qz62FbPCB8JMpnYoBox28Useo9dHvBIVThPmrOL0wjTOolqFcnz6dow3rysPAi3Hq/zCIaJYlLzlAxznrrr7r0vVpK7quCrj1Q5mQeRnA3GNtvn8T8u2CjYc7YE3pStqVFUIGe3KAihX6vroHLIk/gd1JPWVRbtri9gaQXISiHgHVp5PFMusNY3yLOdZJM/N6m48sZoR7LfSDa06lHyjPdCRkrzYov3eB7bRc0MDs+KIualLlSHhgv5gYe5e9EVQquuq3TggFF/YOGezHf1Bo11cifGzEOFUmK39xdEZaL5byDqO6WpJHaVynDi8vioSpvc4Dn2Xoyq/u7tQvihZy3ueRiV1D7ouVZM6qyNsWtuZUdoO9r3BRZhRmM/rKkhSQZ9dK6JNKU4iFk5ahbDRri6AbKX2GolXlcFLEuCgjqC+0mjXbQd7ISvb38WTQLQ7sPCrM/n5pM15oLZJauPar32L1OaIRN9+iKj2W+mGlh9K/tEeaI2JiynaHaPnHqqMfuWcZHRT8uPpFgfVSX6xWOzlb5j8K0+gSvVRH6hXPNF+fcD+hfq3Kp+6pvl0j32a7yZ5f7oFbbFH42Ivf6NK1nhKwGDrxV0sA7OwmMQR7ZLRc5XTzqe9zZzuTH483eKw2KNxsZe/AUa/HadtuCyCLl0sZtFHuySzZf3ts8f+yjXZQ5XTCd2fDgCAtIg62h2j55R3jB+fOyy9P11zx9MBAJA60Ub7V3O//7r8x+sH+udsU56r/ErxM/ffn4ioMAAAtKJIo905Mk58/XBO7Gu/93ZFOeV3K5+6htMDAIBgIox273vP2QfJO4fQM54OAIBoRBbt8tFz4iD5s8K1+PmC58SMpwMAoE4RRfu9P1QOeN4ofn/b/PCH1uSy4fGO7+Y3MZ6umUolfn6DyKh2p0R2M/ZttKBIol09es72+nrlxNnZW3+ePVXweRxcXOPpor3nUwx3kErmF+CL+I4Z4l22sTCEfwZYkwoTxy3fAtx+GkhCFNHuNXqukVfk4+mIdqnFG+3FbFtbJrNYS59SCzbaY1m4/a7ipDsWisajfcz2oJdoX0P7ZyOrqR7gMRK2ZyvIn25ge0KJ6gymmNh6JINtRvtTIuSPPzL+ZM0oK7xxEitkaysuZh2FkM0ovON+bIzyUQtiXXwfm6F631kv3xVLCtKWLTrP3sGay7UYW1m9miLMYy1sc3o8uirZAsufalZr1xC7tHt3crVH0N1McTAq6+hbGPsTdCQHY7AHkCgm51EBWFAajXbf0XO118H2ysXrul6euTggv61N7OPpgj/8UfkwwWLWOjlJo91j4tpZzfG4MNmzHUX2ZwjaL0Sc51/32hxTSGotLlCxcFcd2zyzwP4fr/flJ8pgvRfVDeAoZrDmclbIdhKvPbrRaydRF1Vel2BPpUyiwLVQKmYzmYz9EXKN7NLOlYi7mayo0koGmTHg8WXVTDqx1wYKcMP3Fr6hMhaexqJ9/Kj/6LnqS7yNfIgPBAd65py3n6+bmAXiMVg9JoMcm7Yztd/Fpe9p3bFGeQHsJxPVtYLrpOf8t6rW4vIDXYgoCq2aV7lM73r5cX5GsEWdf3OpamQrnbS5Qka76l1FciRW4OqRkc1mpbuLa/Zg1bFXRNhg0qIqW0vRGL51VEa7bOJgB6l6ixDsWDgaifaAo+eMl/137aG+no9sPJ1wHeLq4ssUSp7fy7nHy3hEu3RiyVlD0pesiHZZz2BNtTvb8zHDilqre15V3aWOBQmtJ5tXvUxHbWsTBjlDqvMwWHO5quTMR2VzBemQl9bFK36SLnAxa+4jmULReFCd+Y44W5BdOlC0K4vq+VY9dYwg2gNsEXIdC04D0T72s3BfnNeeEON4mrvv65HKWCTj6eqL9qL4LajfVbvHxNFFu/QTRVTR7v81tzra/fphPeolLl0RZ7KpJKfbYM0lL4swb0NJKa1L4GhPoMClQsbYhtmiEeol60m04XbpdEa75xYJusmAJqo72usYPfe1+d8OzJV+U/ntd0LOGNV4uro65B1nE+9o95o4QF+f+hLQP0t8o72eDnmpgB3yfgVWdfm6KuNfBPOd2ueTgNHrLExBmLWR/m15XQJFe1IFLhUy2YIR5yVjWJ88humQd/HovgOSUme0z5z8Yeh4buj1UOXktYYrax2D/gOObP2ctrOneBEmi3blxMpTj3DZJe3Xk3Vc24Lbce3tKJstwmW1FudULNxVSVuhxa+8JfN6vS+PnPDJ7uiE8G8uF3Nz1eb0aq7q+8ZMso+DkrqoZlwABTZnsHbWTEbsDAi/S/t136iKKm9EoYH8j1x1YXyj3WsDBdkiwMJRV7SHGT0X2SuC8XRi4AnfoDl7l51fkgqdv0Z3pfVhXt19L5lYdeVkrdLjx2+Od8Wv/8SzpXe0K2ttDwnZwl1VzGazsklU80rfl12CCW3nromwMEnBqifmYM3lZksNr+YSSmr8hkqSlNK6KGZcEAVWRZwefpd2feawF869m6mqKDsYFTMGKYxvtHs0lNcW4aodC1Ad0T4+d/Trzc5143X0Ax4bswAE7TJeZDy+H1iYFl2BATRL+GgPO3ouyldU4+nQiHRGe23c2CKx6AoMoGkifV47WkLqot3obV1EObnoCgyguYh2AABShWgHACBViHYAAFKFaAcAIFWIdgAAUoVoBwAgVYh2AABShWgHACBViHYAAFKFaAcAIFWIdgAAUoVoBwAgVYh2AABShWgHACBViHYAAFKFaAcAIFWIdgAAUoVoBwAgVYh2AABShWgHACBViHa0nC8mH2z9aPLvh+4tG5hI8evbh+5u/Wgy6cYGkACiHS3nP07dTzx3m/Yi3YEWRLSj5Xz70N3EE7dpr28W7ybd3gCajWhHy0k8bpv8Srq9ATQb0Y6Wk3jWEu0AYkW0o+UknrVEO4BYEe1oOYlnLdEOIFZEO1pO4llLtAOIFdGOlpN41hLtAGJFtKPlNCFNH/7N1LEvK1Nzlfuz81PTc8dKXz5s/Gl0dv4r/Qlrst/rN+fmfncs3h/jNbd1J//4zuijO0aW7RhZ+uypb+29ePSzGFd2evDMklc/iXEFwOJEtKPlxB7tr93/n+n5m9fvPzIwsWxg4pFj+s1K5dgHzmh/+PD0lQeVkdOx3xSvmW177b2zS3ddeO/TKV3X9ck7771+ZunesZuxrY5oB6SIdrSc2KP9+My9BzM/Et7591uVe5/ft0X7m1MXZioXRptxs9smNu2XA3tO5t77svbGxUva8xf+W9f1z64+t/f0smdHvrF95K+tS/nh0SWvXHxp7+mHd4wsffb08rc+LxtzWRM/O/K3ey/98a7zzUf3j52f1HWiHVAg2tFyYk9Te6/7soGJJ67Nzd+Zqv3ptcnf3p+/eW3y4fhzvbnR/vlzu052Dkv+8G5x5Du/+suEruv6xOuvjPzNob/ouq4Pjy7pP/PMmUld18ufjj224/TW07quf/na3trEh1499fAvr9renLzz+qunjCUQ7YAU0Y6Wk3C0T8387k5Fn5u/f+ur1on2ic+/+It1x9vhUTOPh0eX7PrTWfPdqddfMea99tTOM8+dr048du2XJ/7P+WZ1CUQ7IEW0o+UkHO3z8/fvTH3vzemxSuXc2ZR1yCujvXzu0vKfjiztP7nEeFnRLgTzoVeNeT/p7BdS3PRJpzWvsASiHZAi2tFyYk9T2XftX1yfNKP9wczTr00sG5j43qXZ2ZnZl95MU7S7vms/f+kff3rhXf3mzl0juXfumF+li1ftkmgPcNV+9+6Vzyd1oh1QINrRcmKP9mAj5JcN3NszXrl/Z+p76Yl25wj51189tXTv2E395s5dI48dnTDe/MUrI57Rrvyu/e8GjXF2k3/81Zml+/6sE+2AAtGOlhN7tAf+XbsxTv7ihXi75ZvburbftX//1cvG+PZrH1x4dMfI0h0j39hxZuMvznpGu3OE/AnjifOf/e/Gl06ZY+z/6+O3PtN1oh1QINrRcpoQ7QvqlXR7A2g2oh0tJ/GsJdoBxIpoR8tJPGuJdgCxItrRchLPWqIdQKyIdrScxLOWaAcQK6IdLSfxrCXaAcSKaEfLSTxriXYAscrnVxPtaC3fPhTv89EX1Oubxbv+LQIgXYh2tJytH00mnrhNe239aDLp9gbQbEQ7WlErpPs3i3c3HCt/Mfkg6cYG0GxEOwAAqUK0AwCQKvn86p6etUQ7AAApQbQDAJAq69Z1Ee0AAKQH0Q4AQKqsW9e1fn2eaAcAICW6u9cQ7QAApMTExERPz9oNG9YR7QAApMG+fa/09Kzt6+tuu3XrVtKFAQAA9SuXyz/72fPGJfvGjT1t+fzqNWue7OpauWpV56pVnU8++S/Ga+XKx1eufPyJJ1aIr87Of+bFK/HXD/7hB4mXgRcvXpG8OJw9Xo4INnLZimkjtbu6Vq5Z86RxE7r16/N9fd2bNq3/f3QQw/WkY+ERAAAAAElFTkSuQmCC" /></span><br />
<span style="font-family: "Courier New", Courier, monospace;"><br /></span>
<span style="font-family: "Courier New", Courier, monospace;"><br /></span>
It is handling based on Local and Remote gateway address.<br />
<img alt="" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAtcAAAClCAIAAAAYmUbpAAAgAElEQVR4nO3d/1NT194v8Od/2j/lchmGuXe2Y7wZKJuHGJJDK8hwI1YfT0NPa8kwaCoiaIRICEhAvtbItyZEMRJRIqjBmjYtYKXKF3uCHclzbj3B435iO+v+sHeSnW988QlsiO/X7B/qJllZwa5P3llr7e2/BQEAAADE8G9idwAAAAA+UEghAAAAIA6kEAAAABAHUggAAACIAykEAAAAxIEUAgAAAOJACkm5qfa6jqE5sXsBAACw6yVPIWu/Phi91tBgrKozVNUZTje0Nw245l5vstkXE9bB6z+kpou7yA+3O60PFqNO/Xj96vWJZeGZh72Xeu1Pd7RfAAAAe1GyFLLo6Go50zE6ucjnjt9fzty6aj7dOupd20yzPw+ZDO2uFPVx93D1V5lGZ6JOYeYDAADgPSVOIWsPhnRNI49iA8eira3pyuRmmkUKAQAAgA0kTiFT15rP2xJ8tD5/fM81u8r/YcVj6+08c8FQVWeo1rc1Ddyb51LL3OiFOkNV5Ogf55/w0j3yTb2+qarOUHWhpaF3/HtunuXV3Za6b26+irzKoqOnSj88JXjdmZGO2iFugefN/IS1qam5us5QVWc8c/ma7buX3Pl7lua6b3+M6u6au0vfZXse9zZWPENdbbrzXM9bGixRK01rz+51XW45XWeoqmvSNfVYJn/l3tZ4n/BNGS6M/Bx09QvPhAKKMJf8PGTqGJp57rTwv6jTlyINRl6upbm6zlB1vlnfO+ZemWqP/MaCvu9GW/k326Rr7Oy68/T3+L8VAACAvSlxChnvM1wY+XndJ/54ramldWxulftEff30RnfLmWvh2ZP4uZA3j4baznSP/7j6JhgMBl8vTQ51nm51zASDweALu1k4xbJ6s9NQVdd61RM+88Jubu5xB4PB4Kvxq6dbR0LrRG+Wp0caLvTYuZzhGaltuh55UjC45uo/3T0hiDecRbvZ2GD7IdTzpVt9LTqLm+/5yt2WC51XHy79HgwGg29WZ8dbG1quTIaC16bmQmJSSGtDW1+4weXpkYbzbVc9b4Lhlzvf0n4n8tPGjp7GcAp57my60Dng8XN9+33R1d7Q3PXgTRAAACAtvG8KWX7QPzz1THjm1d2W84MT/B/iUsjaVPuFq7eiEsGirY2PGoKpjmBwbar9/Dftfc2CM/fazvePrwWDwaDn1qDdE/Ux/GioteH6fDAYDAZ/vNYkzC6rt7qNreOrwVhRkw3BYDD41Nnc4XwS5HsSM6Gy9mBI13mX7/j7pBBDTIOeb9uqrz4Ihl4uEoCCwWAw6Bvrjcweufqr+oRTQsEnN3ubb87HvSMAAIA9aRMpJHrdIXk6EX66x6WQudELsZ/fwfG+0GM8I7Whn665+qs7775yD+vCj3cPR3JAnJmRjnCXotLMq4nWC3x2ifbjtaaW9olfE+6yjXQpYc/fJ4XwszgRgkbG+wwtt6Nz0tzohfCv0Xu9rqHf+QKTHwAAkJ62NhciPO/7bszM75+I3wKSKIVEPZI/Qo951KPvsS8Hg8Hg1LXmlturweCjHj3/Wf5oqLXJ8YJvZ+25c6CH31wSH4yejzWGNpS8uv1NzDRD2NrMHXNLs66hvann26GxaX6RKPQG4ztZ9d9KIXF7V6NTSILQE/k1vvE6r+n1zWdMPW0Do6MPQ+tfAAAAaWHLKYRf/ng10Xq+revekmCz5JbnQgTejPcZ211vgsFHPXp+p+rUteYmx4tgcH64NfJB7vm2TWd2fCfIDcK5kGBw0dbG7ZyIbCVJ6vVvc48fjI5c0+ubG6/Phbegrndpz06nEN7vL+enJ+8M9V7R6buGZzA1AgAAaWJL18i8sJtDn5qu/qrYVZItp5DfXy6vhC5OeXX7G921R0HPSG24WfewzuxcfHW3xTDyKNKscOdHMBibQoKLjh6dxb32fKwx8qyNrIw3hy7SSRAL1vwvfuX3h25HCllvRSaOb6w37tcOAACwVyW5X4irvzr+fiHPxxrPh3aYxqcQ7/W6yMfn6s1OQ9uE4Fv7q7stdb03VoRPWLS1CaYrlp1NhpGbIx2RxZfgox79Nzdu95+5Fo4T8Slk9VZ3U9S0zau7LfqhG9e7Yq/aDVt+0B97/9Op9jp+PejRUGvtoCfqStoHQzqzk3+8Z6S2+YY36rk/XDW0D0QFky2kkPV3py5OXu+ffBH73HBnAAAA9rik90690WEU3Dv1zerseJvB2DDCr1zErMj8vjh9taPzgiHyJf7ZaFd16w3B0smbqWstZzrG+DNr/u9Ge880DE9FPoF/HjK1nGng0wBn6lrLmYaWdlckzUStyKz5fxy7ajR1RC8erd7qNlafT34nsVdT7XrBWhJ3zbDZyV/v89zZdMHcE3lfUz1GY5Mj9Lm/5u7Shy+s5d/XPUvzmT7X88gdR7aQQuKu1B01mVp0oRTyytWvaxq6E7597eL01VZBZwAAAPa4Tf47Mk26pp6+6FtmCW6oZTxzecj5bG7IJFhKWIvcqotf41j79YHgrmUXukYfvIi95jb2i757WBd9QzNhs9X6ttYRj8/VH7OF5dXtb6raxqKuIo72+8+ursst3F3Lqi60NPSOuVdif3o6yY3CIu86kiTC90DjAsdWUkgw+Lt3jG+Qu2vZd8IVmddzd4YaGrlfsuF0Q6d51ONL/r4AAAD2ljT8N3WnrjU3ju6RCYPXvy28jP4XAmdunG91PBGpOwAAADsp7VLImrtLHz19sps9sp5pGrobWnNZW/3B1tGKNRcAAPhApFsKSXLX9l3rzfwE1lwAAOADlW4pBAAAAPYKpBAAAAAQB1IIAAAAiAMpBAAAAMSBFAIAAADiQAoBAAAAcSCFAAAAgDiQQgAAAEAcSCEAAAAgDqQQAAAAEAdSCAAAAIgDKQQAAADEkSCFsCz7atX/4te/P3u+gAMHDhw4cODAsU1HghTyn//5j19//Tv7X/9FAAAAALZNghSytPziX2/fit0xAAAASHMJUsiz5wti9woAAADSH1IIAAAAiAMpBAAAAMSBFAIAAADiQAoBAAAAcSCFAAAAgDiQQgAAAEAcSCEAAAAgDqQQAAAAEAdSCAAAAIgDKQQAAADEgRQCAAAA4kAKAQAAAHEghQAAAIA4kEIAAABAHEghAAAAIA6kEAAAABBHSlKI11DMUDSjsaW6dzYdRTNUsdn7vg087Dn7ZfXZKw9T2SkAeF98rcjIK9lfoJTQ8swC9aFa6xy7LS+2jcN/YfR89dkvDaOL29A2wAclzVOIVbs9HQOA9xFdKwIzVzQqimaya8a3I4ds4/D3mvP/e6UJADjbmUJWXIaK0gxaLpEykpxDhZXdEyuEEOKbMB8pVFBSuYSWZxac+KxvOhB1ksnIUx8xuXwkYQphH3dppTJGIpVTUmWmLPS67JNB3bFMqVwiZSipki47NzjH3qwtyZaFvngdLKl2xL70V8NPXt86l0Uz1NHeRUKIsz6LZii6epAlhLUepxlKqrO+jm/5tUOnomjmk65FQggh41W5DEV/0bXyvn8JAB+KuFrBDTr5pUnCzg2fK8iRS6RyilZkf6w1TPhCj5dnyBQSKUPRiuxj505VlGbwheLEZ1c9LCGE+CZMkbJAl+kuT/g2M/yjos+K89RhpYSWS6RMRo5SwlceYa9Cz5rpLS1QSmiGkirpgyX7T/TOCuuPrOijCvPEyvxlNUPRqionIWSx/ShD0cxHRg8h5LFRTdFMvsmToOWn3SqaoXLrxwghhCx2VVA0s6/etT1TRQC7wvalEL/lczlFM/lGD0t8jq9LKZrJ0jnZ1eFyKUPR5Rc9LFmxa/IYii46dZf7IOdOWo/nMhRdWu9OlELcxgM0Q+VWD66QwHRzPs2/Ljdcs05afYR9bCynaEby+bA/5suQ4KXZJasmj6Ho0vpJu0bKFUHiNZVTuaosWn3RQ4in9SOaoTQD3yds2VmfRTMSrZ0lfBnlXg4A1pU8hUQN7Va5lKGkWssq//isk1Yf8Vm1RRQdHsIWtZSh6HKDl/gHtBKaoYpbH7PEN1Z3gGao3HMOdhPD3x3umKBesUv9J1V85Vno/STUK9bTmk9zvYqdC3E3loY6GXAbj0loRvL5sMtUTtGM2uInrF0jVWXlMtRJK0vYwZMMRZectSVsmcsr5QYvCWUXYScB0tD2pZD7Z+Xh4RT6UC82e6cu7ROM3l/uWQeHrK5fAr8tLCz7+cQfqR1xKYQdrqZobjATQmaNh/lHsv7lhYWXAb47kQIRVYaiXzr0I3+fhqHoyr5Vf5+G2VffcJxm1Ba/31LJzXYkaXm6vpDPLpP6EopWVd7C1xWADUXVCtZ//+JhObci47NUUjRDae2Ch5UbvPxcyBc3CCExBYEbuYzGxo1BJt/E15qLH/OVZxPDP9wx7lnqix5CCCE3avi5ENa/vLDwW2j8h3oVk0IiPSFE8KOpS/toZp/+Ppm6tI+u/LpeTckvTXKFMbd+LEnLXKJSW/xkdUBNM5S6++l2/V0A7Arbl0LsGlqQQsIjM/FWD/Zxl1aWI6doJnwkTCFeU7mgVAlKyYrzVFlRhuDpCVII11r0EZpHUV/0jFflyjW2+fajzD79/bEaFd/5JC27G0sjVTL3nAMhBGBjfK0QHKqCGuscGxraUUc4hYTKSHRBCI9u7j9CKSTylM0M/5Ak9Yr4HLUnuJUdQa9iUkj8m+J+NF6Vy1AnrU+7Kqhis9dZn0VX9nl7P+GnUZO0vDpcLmUkWnvAppPQjKpjfuf+cgDEsDvmQhwdcpqhpJV9K4S811zI9Wo5RTMH9PdZstm5kMDLBX6Sw2vOp5njjc0f0RXtC8RrKqeO6k8d5qc6krVMnnaraEatv5RPMwcap7f8iwf4EAlrxXz7UTkV+qD1R82FsP5lbnZ0UynkPeZCIsOfl2QuhPuPwkuTLNnsXEi474S1auXUx83nTzJZNePcukxVbQ0/1ZGsZcI6dCpK3nBWK+dXfwDS2u7YF9LTIed3qBF2afh4btIUkmxfCJcV1BY/IQF3Y3n4WWM1qsj2Lu6lpccMHpYEps9HZnrvn5UzWbkqrgPEWZ+VW5QtZbJqxglJ2jIh85fVjEQqj5RIANhA9IrM1KUDNEPl6qyroaGdp7OuhIvAMePMplJIsn0hmxv+nCT7QrisoBnwk3DBKTd4CeH2i4T2pHP7QrK1dh9hlwars2iGOtwxy0crVVYuV0AW248y2XlFFF3RvhAKOvEtE8LeOpfFberndp4BpLVUppDoQ2fd5DUyVz0s8Tlqj2VKmQyZgqIVGbLkKSTJNTKsp/dIoYKSKjKkjESmkISftWL/SqWU0IrsgyWlnbO+W/rCvMiVOIcanD5CSCis8FMsrF0jZSharrGxhCRvOfztDQu3AJsV841F+F2FX5YNXzPy2VXPJudCEl4jQ8hmhz8v4TUyrKe9ojSDlmfI5FwRCM9YPG77W7aMkeQc2n9Qf5P1tFeUCa6k0/Vy1+7wYYWfYuFXnbj+J22ZhCaSsdsMPgh77d6p3M2CLtqfEkICrq8LGfGmIljuel21BRfHAOx53C3OzJMsIexSX6WEFm8qgrtel5uaBUh3ey2FhLZ0ZeQoBVMpYuCmTLBwC5AWWE/vEZVSws2wyoo++tToEOkOQNyUCXabwQdiz6UQAAAASBNIIQAAACAOpBAAAAAQB1IIAAAAiAMpBAAAAMSBFAIAAADiQAoBAAAAcSCFAAAAgDiQQgAAAEAcSCEAAAAgDqQQAAAAEAdSCAAAAIgDKQQAAADEgRQCAAAA4kAKAQAAAHEghQAAAIA4kEIAAABAHEghAAAAIA6kEAAAABAHUggAAACIAykEAAAAxIEUAgAAAOJACgEAAABxIIUAAACAOJBCAAAAQBxIIQAAACAOpBAAAAAQB1IIAAAAiAMpBAAAAMSBFAIAAADiSEkK8RqKGY0t5uSs+URJtSPpcx72nL3ycMvdJYQQh37/id7Z93oqIYTM9JYe1N9c5wELo+cNo4tbanPFZagozZAq6dqx9+4XwAchMN1VeSxTqsjOU0hyyg7VWufY5A9+j8G4A2w6SmuPO+s1FJcbvCJ0B2BP274UsgGrdstP2SFec36xeUvFZLbtGPUfFt92dQggbfj6NPL8+rtLXPIIzLQclR9onE768K0Pxp2AFAKQOtuXQiInfRPmI4WKjBylRFZUWOv0EXKztiRbxmTklew/yM2XsHPD5wpyFJk5ioxCrWGC+0C3a+jqi11aaZ4yU6qQVvQ+5iqXTUdxhclrzi9uuFx7LDtPmSFVFtQ6+RzAetorSjOkysy80iNdrcdpnTWqX+Z8/kyi9md6SwuUEqmSPljCz7hw8xwyZaZMWaDjv7dZtczxHsepw8rM8t6Rzi/pHDklK9p/sKS0czbyeKlCWmGeWOFe1Tdh0kpliswcRaZKe3k6EHvy8LnB9b4SAqSF1QE1Xdm3Gjnh99wavPcLISTBwNnMYHzarZLWXOfa8prz6ZKzU9wf7p+Vlxu8iZplnZW5kbjA2nSSqK8QkVokyTn21fATbliynt4jhQpJjjI778Qp3RehFOJz1B7LlCoy84pkFfXHP+aa9RqKy88Pdh8pVGaeGUtS3MJjX56Rd+LULV/MbyC7TO9Y2Z6/AoBdZgdSyP2z8pKvJ1hCCAncrZarL3oIiZkLcRsP5Fb3L7GEkMB0q1ymtawSQuwamslvnA4QQtil/pMq/juTMIXQquOD/NPOF8vLB/yEEHdjadbJYe6su7GcWi+FJGo/6uuX3/K5PPyYQW0R9xirlpEU1AzyX+iI11Qe/m40VqPiH098g6E2/QNaSXGzmztr02Xn6e9EnWSXhnXZhUb3Fn/vAHtMZPTFSjhwNjEYvYZiPnksdlVkyBT79PcJIWSh9xP5pckkzY7VqPJN3lCbCq5u8BZ6PwnVItbTmi/latF0fWGk1Fw8LOfGe+wQpsMpRJ7xf1u58Z64uE1d2idv4IviHf2+j1sfEzKpL9lX7+LOjdeWfGT0pOZ3DrC77UAK8RqKVeqe75b9Ud/1hSnEb6kUzHCGJzbtGvqYcYY/yw5X848RppDw1yBCHhvV+SYvIezgSeb4cOi1Zjrk66WQRO1HFb7QNypOaCbWqmWENUKYQgIvF34LxD5+Ul8SqnqEkF9cQ5O/xJ60a5JUZ4D0IUghVi1D0QxFM9wYSThwNjMYQ+PI36cpOWvhH++3VGbVjCdt1m08wIX+1QF17jmHsDKx/uVIqRLWosjwDNcrr6lcMITD3fMaiiMlKHFx85rzcyuvPIoqil5TeZbmm+mYQgmQ7nZiRYZdetjVUFl4sCgzp+xQg2MptKgRforXVM7XI/5IMPIjFSRqRSayZhyqCDGdift0j0ohidqPatauieoYE04hwvcrTCGsp/eISimJe7ygWvEiVZg/kEIg3cXNhYTHTsKBs5nBSJz1WZoB/+qAWn5pMvQxf71aobGxSZsl0/WFpfVu8rTjr1k6Z/Snvs9ReyJbtqlaFJ1CwpElaoNIkuLGLj2w1GlO7M9TZqoq6ka5uZelB31GdVlJdo5S9qnx+hLSCHwQdiKFRASetf0Hv26SfC4k/GXk/VLIluZCNkwh0V+/Ai8XXgbIeilk1nhYru4L1Y8tzIUEfuOaBkhjcftCHhvVkuqbyQbOZgYjYe0amW5wWHdAf58Q4m4s/aTLflbOvUqSZgl52vHXfXrrZXVpfcw66I0aSWHDBD8UhXMh1YOhoiKcCxHMiQrnQiL9TFLcIgK/dB/m130i555d+ULy+bCfAKS/HUghN7+Q/rWZ23rJzjWr5dx3lLEaVWgRlBC38UCezrpCCCHs0vDxXG6h5P1SyJb2hSRqf6H3E/qLLn5rmN/yuUJu8nCLte7Gckn1TbJBClEdH/Zx76T/pCpu/ThqX0jGYTO35TYw3SxcXQJIU/PtRyPXyAR+spTnFVU52WQDZzODkRB/n0aVnVfK70t1Gw/kFWUf7V0kJGmzhNvWKpfEX4Bzo0ZS3BoZlfzUxVb3hQjSUsLidqNGor4yyxfFKyqpzsqS69VyVRtfKGfb/irR2jEZAh+ClKWQuMWFcAph54bPFeYpJDnKDGnkMhOyYv9KpZTIiko7ZwlhH3dpZaF96Z9d5QrNe6aQqGtkOpo/3WoKIezjtr9ly+SZBfqbhJAV56myIn6P/adGbuP6Oisyvlv6ghy5JEeZmXNMuJdeeI1MO/f++LlfRWaOPKOwou4WLvWFD8CK63LlsUwpf3lI+CKUJANn48FICFnsqqBy60P36pmuL4wsgCZplhDi79Mwqo752O5x1YNWZOYopZHLXgTXyBRqDfUJrpEp0LV++XGiFJKwuLFPBnUnsmVy4ZU47Jz1q7KiDKkyUybHRXPw4UjDe6cuXjfVDvMjODDRcGAX3m8AAMTFOitzo9aGAEAUaZhC+C9MUmV21MQDAACPtekysPECYBdIxxQCAAAAewFSCAAAAIgDKQQAAADEkZoUEnz3bubn+bv3p22OcRw4cOy5w+m6//1Pc2/+9XY7qgxqBQ4caXOkvFakIIUE370bc91/Mv/s7ysv/QCwawxumt1uvzPhGr3t2tYggloBsNe9fPnbk/lnKawVKUgh3/80N/Nk/u3bt3/++WdK+gQAKTE4OLi8FXcnXN//NLd9/UGtANjr/vzzz7dv3/78y/NU1YoUpBCn6/4//vH/UtIbAEihraYQq9U6etu1ff1BrQBID//8ZyBVtSIFKcTmGP/jjz9S0hsASKGtppDBwUGbY3z7+oNaAZAe/vjjj1TVitSkkJR0BQBSaxemkO1rHAB2ElIIAGwAKQQAtglSCABsACkEALYJUggAbAApBAC2CVIIAGwAKQQAtglSCABEY/3LCwsLC8v+0D8jjRQCAFsWV0kS2rspxK6h5ZkFJfsPltA5ikyV1jDh29wTF+0Gkz3ctRXnqbKiDJkyU6qQVpgnVjZ+vt/Z/qXmxP48BUXrrJHT7NzwuYIcRWaOIqMwtjPeAf2JT9V0jpwqNnsjp30TJq1UpsjMUWQePjc4J/yL8o+1nlWXlWTLGEprF7zIk0HdsUyZMlOWqLcrLkNFaYZMmSlTysI/ZT3tFWWZMmWmTB73KgDRAjP9umOZUoaiuUMhrTCPL7F7MIWwLEu8pvJPuhYJy+J/eoAdlaSSJHzsnk4h5YbQR3pgujlfqrWsbuaJXkNx+Il+y+eKT648YQkhJOBuLM/SOTcsWIvXe9uGrGPWSx8JU4jbeCBPN7jE8p3JPecQNPRwwNw9NHrvSpUwhfgHtBmHW90BQgi7NFidpe5+KngRe1f34ND4t3q1MIW4G0uztVbuReJ6G/VeJupLDzROc0858LXTRxK+CoDAirPqL/JQ1RAceX/7rNGyx1LID20Ff6m3Xak+buwuK/ybGf/TA+yY5JWk3ZPgAzZNUgghXkOx/IsbhJCAu0MrlSkyZIrsMr1jhRBCvKby4+aBz1RF2WfGbtYeypRykyj6m2T8a9WX5plQGxMN/ytqrmJdXnO+IIV4TeX79PcFnSk5OxX/DnXCFGLVMmqLX/B2KvviUpTXVC5IIdHNes358kuTkcfe/EJaPRj+Kw68XHgZIOTpFU1JtSN0csVyOGr+BiDM16dJVDi449+/dIQSxsjISHzsiDkpfgohxP+D5XgBQ6nqHcuYCgHYMetWkkSfsGmXQu7qs4ubuQmGx0Z+tsBrKqdCExXRcyFCPsfXpRKtfbMVKy6F5JvCjXoNxYzGFveUuBQieEzM24k0G51CBI+J7gAhdg1dfbFLK8uRU7KiQp01bu2FnbtSIdl8zIIPitt4IMF3F23fT88GtUUU/e9HOn9ZXl6enZ0tKCi4fPmyMHNcvny5oKBgdnZ2F6WQB6aPCqu7WqqPG7sPF2gwFwKwQzaoJHKNLfaTKT1SCLs0rMvO1VlXo9OA15xfbPYS4jWVf2T0hJ4Yn0ICP9mNZQVySUGNNWqnhV0T+iUmiBS7MYXI5cZpboWn/6SKW5Hhfz8PLF8dUlCyE8ZEE2IAi10VFM1QshO6Kxfk0lDhmGMJIb7h6v9BM//7tI1LGDFBJD6C7IoUQgKBAPGaytUWP/aFAOyY9StJFs0IFg14ezqFhHKWVEmX6bqmA4QkTSHRESHyWc56essK5BmF2nr7TGBL3d2NKaSiPfwrt+moo72LhJAV56lDCknOsa/6HibZGwRAvKZyimY+HQwQQnwTl+QFocJhq6G5UqLpDoeMcBBJGEF2RwoBABFsXEmE11sQQvZ4Ckn8sb2VFLLYfpTJb5zeWv4IN7679oXEpRDNgJ+QsRpV1slh5A9Yn99SyX2D4WbLuOmDSOGgmf9T6xDmDC6IJIwgSCEAH6wNK4lgXYKXbikk2b4QQQrx92nkagt3JW2yPSKbEDMVse41MrzoFLLuNTKhF4lKIetfI7PYeVwhXJFRdcyT2BkXgCRWh8u5MhEqH8LCQdF/qYrbkzo7O5swgiCFAHy4NqgkpfXu2GekXQpJco2MIIUQ1tPxcY48I+9L84zXUMzfdIQ/TvTObvTC3IyT8NDYSOL7hTj0XINWbcxuHa7nCe4XMtv55f7aMW5NJ/opOitJfL+Qm7UlpZ2zhAjufSJTFoR2p1q1TEae4A0e1N/cym8ZPhjsY9MxCc2XD11jtaBwMP+z9MyjhHEjCaQQgA/VepUkW2uPv6/X3k0hAJBaPmv1IUnc/vbs4716y567axkAiCVpJXmcaG8AUggAhLFLDyynPlXTOXJJzqH9ZTqDfSaAO7gDwNYkriQJIYUAwAaQQgBgmyCFAMAGkEIAYJsghQDABpBCAGCbIIUAwAaQQgBgmyCFAMAGkEIAYJsghQDABpBCAGCb7KIU4nTdf/OvtynpDQCk0FZTiM1mG73t2r7+oFYApIfgu3epqhUpSCHf/zT3bHE5Jb0BgBTaagpx3Zuc/v7H7esPagVAeni2uJyqWpGCFBJ8987mGH++9GtKOiLBtYgAAADuSURBVAQAqTK4aTabbcJ179bE5Ot/vs+/EblJqBUAe13w3bsXvpdjrvupqhUpSCFct77/aW70tsvmGMeBA8eeO0Zvu6amPTuwXIJagQPHnj5SXitSk0IAAAAAtgopBAAAAMSBFAIAAADiQAoBAAAAcSCFAAAAgDiQQgAAAEAcSCEAAAAgDqQQAAAAEAdSCAAAAIgDKQQAAADEgRQCAAAA4kAKAQAAAHEghQAAAIA4kEIAAABAHEghAAAAIA6kEAAAABAHUggAAACIAykEAAAAxIEUAgAAAOJACgEAAABxIIUAAACAOJBCAAAAQBz/Hznjp7Ea3diwAAAAAElFTkSuQmCC" /><br />
<span style="font-family: "Courier New", Courier, monospace;"> For easy undersatding, You have configured two VPN with Local gateway is your WAN interface and Remote gateway will be * (any) for both connections. In this condition your Pre-Shared key must be same on both VPN connection configuration. There is no matter that your LOCAL ID, Remote ID, Local Subnet, Remote Subnet etc are different. If you will chenge a preshared key on one VPN tunnel configuration then it will autometically update on both VPN tunnel interfaces. </span><br />
<span style="font-family: "Courier New", Courier, monospace;"><br /></span>
<span style="font-family: "Courier New", Courier, monospace;">I think, Sophos must be think about this process. It will making more difficulty then XG firewall in only "Responder".</span><br />
<br />
<br /></div>
Anonymoushttp://www.blogger.com/profile/10044874240885266463noreply@blogger.com0tag:blogger.com,1999:blog-3059055768180216580.post-42135695366961071072018-10-24T16:24:00.001+05:302018-10-24T16:24:02.896+05:30Hon'ble Prime Minister's Interaction with IT Professionals<iframe allowfullscreen="" frameborder="0" height="270" src="https://www.youtube.com/embed/L7KFqArRRcI" width="480"></iframe>Deepak Kumarhttp://www.blogger.com/profile/01493110319668740028noreply@blogger.com0tag:blogger.com,1999:blog-3059055768180216580.post-41610896694035229532018-10-23T22:42:00.000+05:302018-10-23T22:42:27.079+05:30DHCP Server and unnecessary traffic for your DHCP server.<div dir="ltr" style="text-align: left;" trbidi="on">
<span><span class="ember-view" id="ember5404"><span>Have you ever implemented central DHCP server for all of your network (VLANS), and you used a command "IP Helper-Address? The ip helper-address will actually forward many other UDP-based broadcasts to the address specified as tft, dns, time, netbios-ns, netbios-dgm, tacacs, bootpc, bootps etc. </span></span></span><br />
<br />
<span><span class="ember-view" id="ember5404"><span>Many times it is generating unnecessary traffic for your DHCP server. Have you applied "ip forward-protocol udp ...." command to prevent this?</span></span></span></div>
Deepak Kumarhttp://www.blogger.com/profile/01493110319668740028noreply@blogger.com0tag:blogger.com,1999:blog-3059055768180216580.post-8573490648176522612018-10-13T12:11:00.003+05:302018-10-13T12:11:55.033+05:30Voice VLAN and Port Fast Combination on Cisco Switch<div dir="ltr" style="text-align: left;" trbidi="on">
<br />
The Port Fast feature is automatically enabled when voice VLAN is
configured. When you disable voice VLAN, the Port Fast feature is not
automatically disabled.<br />
<br />
Why?<br />
I will be share shortly. <br />
<br />
<br />
</div>
Deepak Kumarhttp://www.blogger.com/profile/01493110319668740028noreply@blogger.com0tag:blogger.com,1999:blog-3059055768180216580.post-48946356841052711732018-10-11T23:33:00.002+05:302018-10-11T23:33:50.778+05:30Design Tips: Guide for choose VLAN Number<div dir="ltr" style="text-align: left;" trbidi="on">
<div style="text-align: justify;">
<span class="content"><span style="color: black; font-style: italic; font-weight: normal;">Design Tip— </span>To
ensure optimal convergence for voice traffic Cisco recommends that VLAN
number assignments be mapped such that the most loss-sensitive
applications such as voice are assigned the lowest VLAN numbers on each
physical interface, as shown in table:</span></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: center;">
<br /></div>
<table border="1" cellpadding="3" cellspacing="0" id="wp1082124table1082122" style="margin-left: 0px; margin-right: 0px; text-align: left; width: 80%px;"><caption><div class="pTC_TableCap">
Table Recommendations for VLAN Assignments </div>
<div class="pTC_TableCap">
<br /></div>
</caption>
<tbody>
<tr align="left" valign="bottom"> <th scope="col" style="text-align: center;"><a href="https://www.blogger.com/null" name="wp1082128"></a><div class="pCH1_CellHead1">
VLAN Function
</div>
</th>
<th scope="col" style="text-align: center;"><a href="https://www.blogger.com/null" name="wp1082130"></a><div class="pCH1_CellHead1">
<span style="color: black; font-style: normal; font-weight: bold;">VLAN Interface</span>
</div>
</th>
</tr>
<tr align="left" valign="top"><td style="text-align: center;"><a href="https://www.blogger.com/null" name="wp1082132"></a><div class="pB1_Body1">
Wired_Voice_VLAN
</div>
</td>
<td style="text-align: center;"><a href="https://www.blogger.com/null" name="wp1082134"></a><div class="pB1_Body1">
7
</div>
</td>
</tr>
<tr align="left" valign="top"><td style="text-align: center;"><a href="https://www.blogger.com/null" name="wp1082136"></a><div class="pB1_Body1">
Wireless_Voice_VLAN
</div>
</td>
<td style="text-align: center;"><a href="https://www.blogger.com/null" name="wp1082138"></a><div class="pB1_Body1">
<span style="color: black; font-style: normal; font-weight: bold;"> </span>57
</div>
</td>
</tr>
<tr align="left" valign="top"><td style="text-align: center;"><a href="https://www.blogger.com/null" name="wp1082140"></a><div class="pB1_Body1">
Wired_Data_VLAN
</div>
</td>
<td style="text-align: center;"><a href="https://www.blogger.com/null" name="wp1082142"></a><div class="pB1_Body1">
107
</div>
</td>
</tr>
<tr align="left" valign="top"><td style="text-align: center;"><a href="https://www.blogger.com/null" name="wp1082144"></a><div class="pB1_Body1">
Wireless_Multicast_VLAN
</div>
</td>
<td style="text-align: center;"><a href="https://www.blogger.com/null" name="wp1082146"></a><div class="pB1_Body1">
157
</div>
</td>
</tr>
</tbody></table>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<span class="content">Not all VLANs trunked on a specific interface converge at the same time.
Cisco IOS throttles the notifications for VLAN loss to the routing
process (EIGRP/OSPF) at a rate of one every 100 msec. As an example, if
you configure six VLANs per access switch, upon failure of an uplink,
fiber traffic on the sixth VLAN converges 500 msec after the first. </span></div>
</div>
Deepak Kumarhttp://www.blogger.com/profile/01493110319668740028noreply@blogger.com0tag:blogger.com,1999:blog-3059055768180216580.post-20518196512525368022018-07-16T13:35:00.002+05:302018-07-16T13:35:32.785+05:30Network Ready for Use Testing (NFRU) <div dir="ltr" style="text-align: left;" trbidi="on">
<div style="text-align: justify;">
<span style="font-family: Georgia, "Times New Roman", serif;">NRFU testing is often a mandatory, final step in certifying that a new network infrastructure has been implemented correctly and is ready to carry production traffic. During NRFU testing, every device is methodically checked to ensure that it has been implemented according to the design specifications and is operating error-free. Network services are verified, devices are added as elements into NMS and Operational Support Systems (OSS) systems, and a baseline of application performance is recorded.</span></div>
<div style="text-align: justify;">
<br /></div>
<span style="font-family: Georgia, "Times New Roman", serif;"></span><br />
<span style="font-family: Georgia, "Times New Roman", serif;">The testing was broken into four separate phases:</span><br />
<br />
<div class="indenthangingB">
<span style="font-family: Georgia, "Times New Roman", serif;">• <strong>Phase I:</strong> During this phase, device-level verification was done. This phase included activities such as serial number verification, line card checks, Cisco IOS level confirmation, and power checks.</span></div>
<div class="indenthangingB">
<span style="font-family: Georgia, "Times New Roman", serif;">• <strong>Phase II:</strong> This phase included logical configuration and connectivity verification. In this phase, actions such as circuit connectivity verifications, routing protocol checks, and traceroutes were performed. Multicast and QoS configurations were checked.</span></div>
<div class="indenthangingB">
<span style="font-family: Georgia, "Times New Roman", serif;">• <strong>Phase III:</strong> This included service verification and traffic testing. Service verification included features such as IP telephony, video, wireless, and common IP services (DHCP, DNS, NTP).</span></div>
<div class="indenthangingB">
<span style="font-family: Georgia, "Times New Roman", serif;">• <strong>Phase IV:</strong> This was the application testing phase. Production applications and network and security management were tested during this phase.</span></div>
<span style="font-family: Georgia, "Times New Roman", serif;">The tests performed in each phase were further broken into three different types:</span><br />
<div class="indenthangingB">
<span style="font-family: Georgia, "Times New Roman", serif;">• Tests that were performed on all Cisco routers and switches installed</span></div>
<div class="indenthangingB">
<span style="font-family: Georgia, "Times New Roman", serif;">• Platform/role-specific tests:</span></div>
<div class="indenthangingB1">
<span style="font-family: Georgia, "Times New Roman", serif;">• Access layer switches</span></div>
<div class="indenthangingB1">
<span style="font-family: Georgia, "Times New Roman", serif;">• Core layer switches</span></div>
<div class="indenthangingB1">
<span style="font-family: Georgia, "Times New Roman", serif;">• Distribution layer switches</span></div>
<div class="indenthangingB1">
<span style="font-family: Georgia, "Times New Roman", serif;">• Video distribution switches</span></div>
<div class="indenthangingB1">
<span style="font-family: Georgia, "Times New Roman", serif;">• Server farm switches</span></div>
<div class="indenthangingB">
<span style="font-family: Georgia, "Times New Roman", serif;">• Service-specific tests</span></div>
<div class="indenthangingB">
<br /></div>
<div class="indenthangingB">
<span style="font-family: Georgia, "Times New Roman", serif;">I will share reset details soon. </span></div>
<span style="font-family: Georgia, "Times New Roman", serif;"> </span></div>
Deepak Kumarhttp://www.blogger.com/profile/01493110319668740028noreply@blogger.com0tag:blogger.com,1999:blog-3059055768180216580.post-13431289694146048342018-07-11T08:18:00.000+05:302018-07-11T08:18:39.422+05:30Cisco Nexus : Executive Multiple Commands in one Go<div dir="ltr" style="text-align: left;" trbidi="on">
Executing multiple CLI's in one go<br />CLI stands for Command line Interface<br /><br />N7k-LabSW# show clock ; show switchname ; show license host-id<br />19:10:59.016 UTC Mon Apr 04 2016<br />N7k-LabSW <br />License hostid: VDH=TBM14354170<br /><br /> # Works for configuration too:<br /><br />N7k-LabSW# conf t ; hostname N7k-LabSW-DEFAULT ; end<br />Enter configuration commands, one per line. End with CNTL/Z.<br />N7k-LabSW-DEFAULT#</div>
Anonymoushttp://www.blogger.com/profile/10044874240885266463noreply@blogger.com0tag:blogger.com,1999:blog-3059055768180216580.post-52448914642512750142018-07-09T09:02:00.000+05:302018-07-09T09:02:46.236+05:30How to router prevent from ARP Strom?<div dir="ltr" style="text-align: left;" trbidi="on">
How to Router Prevent from ARP Strom?<br />
Why some ARP entry will showing in ARP Table after respective time expires?<br />
<br />
<br />
The extra time is the jitter added to each dynamic ARP entry when it is created. Random jitter is added to the ARP cache timeout in order to avoid synchronous expiration of the ARP entries, which might trigger an ARP storm. Jitter should be a random number between 0 seconds and 30 minutes, with a maximum jitter of 30 minutes.</div>
Anonymoushttp://www.blogger.com/profile/10044874240885266463noreply@blogger.com0tag:blogger.com,1999:blog-3059055768180216580.post-35733227807347852612018-07-09T01:20:00.000+05:302018-07-09T01:20:05.416+05:30Bursty Traffic Identification on Switch port<div dir="ltr" style="text-align: left;" trbidi="on">
Traffic bursts can cause output drops even when the interface output rate is significantly lower than the maximum interface capacity. By default, the output rates in the show interface command are averaged over five minutes, which is not adequate to capture any short-lived bursts. It is best to average them over 30 seconds. In this case, you can use Wireshark in order to capture egress traffic with the Switched Port Analyzer (SPAN), which is analyzed in order to identify the bursts.</div>
Anonymoushttp://www.blogger.com/profile/10044874240885266463noreply@blogger.com0tag:blogger.com,1999:blog-3059055768180216580.post-20825243541725115052018-07-03T19:21:00.001+05:302018-07-03T19:21:32.623+05:30HP 5412R Switch basic configuration - VLAN, SVI, OOBM Management Interface<iframe allowfullscreen="" frameborder="0" height="270" src="https://www.youtube.com/embed/LjjJqieK6cM" width="480"></iframe>Deepak Kumarhttp://www.blogger.com/profile/01493110319668740028noreply@blogger.com0tag:blogger.com,1999:blog-3059055768180216580.post-26175617081157191552018-07-02T16:43:00.000+05:302018-07-02T16:43:13.020+05:30OSPF Prefix Suppression<div dir="ltr" style="text-align: left;" trbidi="on">
OSPF prefix-suppression is a useful feature in order to reduce the number of Link State Advertisement (LSA) that are flooded within an area. In an OSPF area which has multiple transit links between hosts and actual communication is between the hosts. There is no need to advertise the transit link LSAs to all the routers. You can only advertise the LSAs related to end hosts. By default, OSPF advertises all the LSAs that include the transit link LSAs.<br /><br />OSPF prefix-suppression feature helps to overcome this behavior and reduces the number of Type 1(router) and Type 2(network) LSAs advertised.<br /><br />This feature can be enabled globally on a router or on per interfaces basis.<br /><br />OSPF prefix-suppression helps in faster Shortest Path First (SPF) calculation due to less number of prefixes in the database (DB). OSPF Type 3, Type 4, Type 5, or Type 7 LSAs are not suppressed.</div>
Anonymoushttp://www.blogger.com/profile/10044874240885266463noreply@blogger.com0tag:blogger.com,1999:blog-3059055768180216580.post-15045763209243267732018-07-01T08:47:00.000+05:302018-07-01T08:47:13.274+05:30Jitter timer in HSRP Protocol<div dir="ltr" style="text-align: left;" trbidi="on">
Jitter timers HSRP Protocol<br /><br />Jitter timers are used in HSRP. They are recommended for timers running on services that work realtime and scale. Jitter timers are intended to significantly improve the reliability of HSRP, and other FHRP protocols, by reducing the chance of bunching of HSRP groups operations, and thus help reduce CPU and network traffic spikes. In the case of HSRP, a given device may have up to 4000 operational groups configured. In order to distribute the load on the device and network, the HSRP timers use a jitter. A given timer instance may take up to 20% more than the configured value. For example, for a hold time set to 15 seconds, the actual hold time may take 18 seconds.<br /><br />In HSRP, the Hello timer (which sends the Hello Packet) has a negative Jitter, while the Holddown timer (which checks for failure of a peer) has a positive jitter. </div>
Anonymoushttp://www.blogger.com/profile/10044874240885266463noreply@blogger.com0tag:blogger.com,1999:blog-3059055768180216580.post-16993252132630894792018-06-27T08:37:00.000+05:302018-06-27T08:37:59.172+05:30Minor Stack Protocol Version Number Incompatibility Among Stack-Capable Switches<div dir="ltr" style="text-align: left;" trbidi="on">
Minor Stack Protocol Version Number Incompatibility Among Stack-Capable Switches<br />
<br />
<br />
Switches with the same major version number but with a different minor version number are considered partially compatible. When connected to a switch stack, a partially compatible switch enters version-mismatch (VM) mode and cannot join the stack as a fully functioning member. The software detects the mismatched software and tries to upgrade (or downgrade) the switch in VM mode with the switch stack image or with a tar file image from the switch stack flash memory. The software uses the automatic upgrade (auto-upgrade) and the automatic advise (auto-advise) features.<br />
<br />
The port LEDs on switches in version-mismatch mode will also remain off. Pressing the Mode button does not change the LED mode.</div>
Deepak Kumarhttp://www.blogger.com/profile/01493110319668740028noreply@blogger.com0tag:blogger.com,1999:blog-3059055768180216580.post-41496130834936333032018-06-21T01:52:00.000+05:302018-06-21T08:26:14.306+05:30OSPFv2 and OSPFv3 headers<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="Para1" style="background-color: #f9f9f9; border: 0px; box-sizing: border-box; color: #6c6c6c; font-family: "Antenna Regular"; font-size: 1.3rem; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; letter-spacing: 0.00135rem; line-height: 1.9rem; margin-bottom: 20px; min-width: 75px; padding: 0px; vertical-align: baseline; word-wrap: break-word;">
#DoYouKnow #OSFP #Routing</div>
<div class="Para1" style="background-color: #f9f9f9; border: 0px; box-sizing: border-box; color: #6c6c6c; font-family: "Antenna Regular"; font-size: 1.3rem; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; letter-spacing: 0.00135rem; line-height: 1.9rem; margin-bottom: 20px; min-width: 75px; padding: 0px; vertical-align: baseline; word-wrap: break-word;">
<br /></div>
<div class="Para1" style="background-color: #f9f9f9; border: 0px; box-sizing: border-box; color: #6c6c6c; font-family: "Antenna Regular"; font-size: 1.3rem; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; letter-spacing: 0.00135rem; line-height: 1.9rem; margin-bottom: 20px; min-width: 75px; padding: 0px; vertical-align: baseline; word-wrap: break-word;">
All OSPFv2 packets have a common 24-byte header, and OSPFv3 packets have a common 16-byte header, that contains all information necessary to determine whether OSPF should accept the packet. The header consists of the following fields:</div>
<ul style="background-color: #f9f9f9; border: 0px; box-sizing: border-box; color: #6c6c6c; font-family: "Antenna Regular"; font-size: 8.5px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; list-style-image: none; list-style-position: outside; margin: 5px 0px 10px; padding: 0px 0px 0px 20px; vertical-align: baseline;">
<li style="border: 0px; box-sizing: border-box; font-family: inherit; font-size: 1.3rem; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; letter-spacing: 0.00135rem; line-height: 1.9rem; margin: 4px 0px 0px; min-width: 75px; padding: 0px 0px 0px 7px; vertical-align: baseline; word-wrap: break-word;">Version number—The current OSPF version number. This can be either <span class="ExampleInline" style="border: 0px; box-sizing: border-box; color: #333333; font-family: "courier new" , "courier" , monospace; font-size: 11.05px; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; line-height: 2rem; margin: 0px; padding: 0px; vertical-align: baseline;">2</span> or <span class="ExampleInline" style="border: 0px; box-sizing: border-box; color: #333333; font-family: "courier new" , "courier" , monospace; font-size: 11.05px; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; line-height: 2rem; margin: 0px; padding: 0px; vertical-align: baseline;">3</span>.</li>
<li style="border: 0px; box-sizing: border-box; font-family: inherit; font-size: 1.3rem; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; letter-spacing: 0.00135rem; line-height: 1.9rem; margin: 4px 0px 0px; min-width: 75px; padding: 0px 0px 0px 7px; vertical-align: baseline; word-wrap: break-word;">Type—Type of OSPF packet.</li>
<li style="border: 0px; box-sizing: border-box; font-family: inherit; font-size: 1.3rem; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; letter-spacing: 0.00135rem; line-height: 1.9rem; margin: 4px 0px 0px; min-width: 75px; padding: 0px 0px 0px 7px; vertical-align: baseline; word-wrap: break-word;">Packet length—Length of the packet, in bytes, including the header.</li>
<li style="border: 0px; box-sizing: border-box; font-family: inherit; font-size: 1.3rem; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; letter-spacing: 0.00135rem; line-height: 1.9rem; margin: 4px 0px 0px; min-width: 75px; padding: 0px 0px 0px 7px; vertical-align: baseline; word-wrap: break-word;">Router ID—IP address of the router from which the packet originated.</li>
<li style="border: 0px; box-sizing: border-box; font-family: inherit; font-size: 1.3rem; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; letter-spacing: 0.00135rem; line-height: 1.9rem; margin: 4px 0px 0px; min-width: 75px; padding: 0px 0px 0px 7px; vertical-align: baseline; word-wrap: break-word;">Area ID—Identifier of the area in which the packet is traveling. Each OSPF packet is associated with a single area. Packets traveling over a virtual link are labeled with the backbone area ID, 0.0.0.0. .</li>
<li style="border: 0px; box-sizing: border-box; font-family: inherit; font-size: 1.3rem; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; letter-spacing: 0.00135rem; line-height: 1.9rem; margin: 4px 0px 0px; min-width: 75px; padding: 0px 0px 0px 7px; vertical-align: baseline; word-wrap: break-word;">Checksum—Fletcher checksum.</li>
<li style="border: 0px; box-sizing: border-box; font-family: inherit; font-size: 1.3rem; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; letter-spacing: 0.00135rem; line-height: 1.9rem; margin: 4px 0px 0px; min-width: 75px; padding: 0px 0px 0px 7px; vertical-align: baseline; word-wrap: break-word;">Authentication—(OSPFv2 only) Authentication scheme and authentication information.</li>
<li style="border: 0px; box-sizing: border-box; font-family: inherit; font-size: 1.3rem; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; letter-spacing: 0.00135rem; line-height: 1.9rem; margin: 4px 0px 0px; min-width: 75px; padding: 0px 0px 0px 7px; vertical-align: baseline; word-wrap: break-word;">Instance ID—(OSPFv3 only) Identifier used when there are multiple OSPFv3 realms configured on a link.</li>
</ul>
</div>
Deepak Kumarhttp://www.blogger.com/profile/01493110319668740028noreply@blogger.com0tag:blogger.com,1999:blog-3059055768180216580.post-44591805541723979612018-06-19T09:11:00.000+05:302018-06-19T09:11:49.215+05:30Cisco router load balancing and CEF (Cisco Express Forwarding)<div dir="ltr" style="text-align: left;" trbidi="on">
<br />
<div dir="ltr" style="text-align: justify;">
<b>#</b><b>DoYouKnow</b> <b>#CiscoTips</b> <b>#Cisco</b> </div>
<div dir="ltr" style="text-align: justify;">
<b><br /></b></div>
<div dir="ltr" style="text-align: justify;">
Per-destination or per-packet load-balancing depends on the type of switching scheme used for IP packets. By default, on most Cisco routers, fast switching is enabled under interfaces. This is a demand caching scheme that does per-destination load-balancing. To set per-packet load-balancing, enable process switching (or disable fast switching), use these commands:</div>
<div dir="ltr" style="text-align: justify;">
<br /></div>
<div dir="ltr" style="text-align: justify;">
Router(config-if)# no ip route-cache</div>
<div dir="ltr" style="text-align: justify;">
<br /></div>
<div dir="ltr" style="text-align: justify;">
Now the router CPU looks at every single packet and load balances on the number of routes in the routing table for the destination. This can crash a low-end router because the CPU must do all the processing.</div>
<div dir="ltr" style="text-align: justify;">
<br /></div>
<div dir="ltr" style="text-align: justify;">
Newer switching schemes such as Cisco Express Forwarding (CEF) allow you to do per-packet and per-destination load-balancing more quickly. However, it does imply that you have the extra resources to deal with maintaining CEF entries and adjacencies.</div>
<div dir="ltr" style="text-align: justify;">
<br /></div>
<div dir="ltr" style="text-align: justify;">
When you work with CEF, you could ask: Who does the load balancing, CEF or the routing protocol used? The way in which CEF works is that CEF does the switching of the packet based on the routing table which is being populated by the routing protocols. </div>
<div dir="ltr" style="text-align: justify;">
I like cef...</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
#Extra tips for my blog readers:</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<span style="background-color: white; color: #58585b; font-family: CiscoSans, Arial, sans-serif; font-size: 14px; text-align: start;">, CEF performs the load-balancing once the routing protocol table is calculated.</span></div>
</div>
Deepak Kumarhttp://www.blogger.com/profile/01493110319668740028noreply@blogger.com0tag:blogger.com,1999:blog-3059055768180216580.post-83194045237427717332018-06-16T02:01:00.002+05:302018-06-16T02:01:46.350+05:30Block "Botnet and Control & Command Servers" on Fortigate<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="feed-shared-update__description feed-shared-inline-show-more-text feed-shared-inline-show-more-text--expanded ember-view" id="ember19137" style="-webkit-box-orient: vertical; -webkit-line-clamp: initial; background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: 0px 0px; background-repeat: initial; background-size: initial; border: 0px; box-sizing: inherit; color: rgba(0, 0, 0, 0.9); font-family: -apple-system, system-ui, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", "Fira Sans", Ubuntu, Oxygen, "Oxygen Sans", Cantarell, "Droid Sans", "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Emoji", "Segoe UI Symbol", "Lucida Grande", Helvetica, Arial, sans-serif; font-size: 16px; line-height: 20px; margin: 0px 16px; max-height: none; max-width: 928px; outline: 0px; overflow: hidden; padding: 0px; position: relative; vertical-align: baseline;">
<div class="feed-shared-update-v2__commentary Sans-15px-black-70% feed-shared-text ember-view" dir="ltr" id="ember19138" style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: 0px 0px; background-repeat: initial; background-size: initial; border: 0px; box-sizing: inherit; color: rgba(0, 0, 0, 0.75); font-size: 14px; line-height: 20px; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiKUNCSrKUx_qpN_Uer64gXK17CyIEeWACb0DvMliqlN9rvWynsAiHSaG2txnhyphenhyphen0ub6W-mlGK4IGZdGKuMcPpI3CG_RwxF-CQnFuqO0_8mjLyKiR68GStWXoB5E_CWGqv749QQ2-qZjTL8/s1600/Botnet+scanning.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="128" data-original-width="762" height="53" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiKUNCSrKUx_qpN_Uer64gXK17CyIEeWACb0DvMliqlN9rvWynsAiHSaG2txnhyphenhyphen0ub6W-mlGK4IGZdGKuMcPpI3CG_RwxF-CQnFuqO0_8mjLyKiR68GStWXoB5E_CWGqv749QQ2-qZjTL8/s320/Botnet+scanning.jpg" width="320" /></a></div>
<div class="feed-shared-text__text-view feed-shared-text-view white-space-pre-wrap break-words ember-view" id="ember19139" style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: 0px 0px; background-repeat: initial; background-size: initial; border: 0px; box-sizing: inherit; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline; white-space: pre-wrap; word-break: break-word; word-wrap: break-word;">
<span aria-hidden="false" style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: 0px 0px; background-repeat: initial; background-size: initial; border: 0px; box-sizing: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><span class="ember-view" id="ember19142" style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: 0px 0px; background-repeat: initial; background-size: initial; border: 0px; box-sizing: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><span style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: 0px 0px; background-repeat: initial; background-size: initial; border: 0px; box-sizing: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">Are you making same "big" mistake in Fortigate firewall configuration? Are you blocking "Botnet & C&C Servers"?
He (My friend, Security Implementation Engineer) is unaware or ignoring about configuration changes onward Forti OS 5.4. This is called "Scan Outgoing Connections to Botnet Sites". Previously it was (5.2) "Detect Connections to Botnet C&C Servers" in Security Profiles -> AntiVirus. but today this is available "Scan Outgoing Connections to Botnet Sites" in Network->Interfaces->Edit Interface (WAN).
</span><a class="hashtag-link ember-view" data-control-name="update_hashtag" href="https://www.linkedin.com/feed/topic/?keywords=%23securities" id="ember19145" style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: 0px 0px; background-repeat: initial; background-size: initial; border: 0px; box-sizing: inherit; color: #665ed0; font-weight: 700; margin: 0px; padding: 0px; text-decoration-line: none; touch-action: manipulation; vertical-align: baseline;" target="_self">#securities</a><span style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: 0px 0px; background-repeat: initial; background-size: initial; border: 0px; box-sizing: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"> </span><a class="hashtag-link ember-view" data-control-name="update_hashtag" href="https://www.linkedin.com/feed/topic/?keywords=%23Fortigate" id="ember19148" style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: 0px 0px; background-repeat: initial; background-size: initial; border: 0px; box-sizing: inherit; color: #665ed0; font-weight: 700; margin: 0px; padding: 0px; text-decoration-line: none; touch-action: manipulation; vertical-align: baseline;" target="_self">#Fortigate</a><span style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: 0px 0px; background-repeat: initial; background-size: initial; border: 0px; box-sizing: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"> </span><a class="hashtag-link ember-view" data-control-name="update_hashtag" href="https://www.linkedin.com/feed/topic/?keywords=%23fortinet" id="ember19151" style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: 0px 0px; background-repeat: initial; background-size: initial; border: 0px; box-sizing: inherit; color: #665ed0; font-weight: 700; margin: 0px; padding: 0px; text-decoration-line: none; touch-action: manipulation; vertical-align: baseline;" target="_self">#fortinet</a><span style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: 0px 0px; background-repeat: initial; background-size: initial; border: 0px; box-sizing: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"> </span><a class="hashtag-link ember-view" data-control-name="update_hashtag" href="https://www.linkedin.com/feed/topic/?keywords=%23securityawareness" id="ember19154" style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: 0px 0px; background-repeat: initial; background-size: initial; border: 0px; box-sizing: inherit; color: #665ed0; font-weight: 700; margin: 0px; padding: 0px; text-decoration-line: none; touch-action: manipulation; vertical-align: baseline;" target="_self">#securityawareness</a><span style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: 0px 0px; background-repeat: initial; background-size: initial; border: 0px; box-sizing: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"> </span><a class="hashtag-link ember-view" data-control-name="update_hashtag" href="https://www.linkedin.com/feed/topic/?keywords=%23DoYouKnow" id="ember19157" style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: 0px 0px; background-repeat: initial; background-size: initial; border: 0px; box-sizing: inherit; color: #665ed0; font-weight: 700; margin: 0px; padding: 0px; text-decoration-line: none; touch-action: manipulation; vertical-align: baseline;" target="_self">#DoYouKnow</a></span></span></div>
<div class="feed-shared-text__text-view feed-shared-text-view white-space-pre-wrap break-words ember-view" id="ember19139" style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: 0px 0px; background-repeat: initial; background-size: initial; border: 0px; box-sizing: inherit; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline; white-space: pre-wrap; word-break: break-word; word-wrap: break-word;">
<span aria-hidden="false" style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: 0px 0px; background-repeat: initial; background-size: initial; border: 0px; box-sizing: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><br /></span></div>
<div class="feed-shared-text__text-view feed-shared-text-view white-space-pre-wrap break-words ember-view" id="ember19139" style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: 0px 0px; background-repeat: initial; background-size: initial; border: 0px; box-sizing: inherit; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline; white-space: pre-wrap; word-break: break-word; word-wrap: break-word;">
<span aria-hidden="false" style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: 0px 0px; background-repeat: initial; background-size: initial; border: 0px; box-sizing: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><br /></span></div>
</div>
</div>
</div>
Deepak Kumarhttp://www.blogger.com/profile/01493110319668740028noreply@blogger.com0tag:blogger.com,1999:blog-3059055768180216580.post-35447843038084281922018-06-12T20:18:00.000+05:302018-06-12T20:55:22.874+05:30Multicast OSPF LSA (Type 6) on Cisco router<div dir="ltr" style="text-align: left;" trbidi="on">
<span style="background-color: white; color: #58585b; font-family: "ciscosans" , "arial" , sans-serif; font-size: 14px;">Cisco routers do not support LSA Type 6 Multicast OSPF (MOSPF), and they generate syslog messages if they receive such packets. If the router is receiving many MOSPF packets, you might want to configure the router to ignore the packets and thus prevent a large number of syslog messages.</span><br />
<span style="background-color: white; color: #58585b; font-family: "ciscosans" , "arial" , sans-serif; font-size: 14px;"><br /></span> <span style="background-color: white; color: #58585b; font-family: "ciscosans" , "arial" , sans-serif; font-size: 14px;"></span><br />
<span style="background-color: white; color: #58585b; font-family: "ciscosans" , "arial" , sans-serif; font-size: 14px;">Commands:</span><br />
<span style="color: #58585b; font-family: ciscosans, arial, sans-serif;"><span style="background-color: white; font-size: 14px;"><b>#Router ospf 0.0.0.1</b></span></span><br />
<span style="color: #58585b; font-family: ciscosans, arial, sans-serif;"><span style="background-color: white; font-size: 14px;"><b>#ignore lsa mospf</b></span></span><br />
<span style="color: #58585b; font-family: ciscosans, arial, sans-serif;"><span style="background-color: white; font-size: 14px;"><br /></span></span>
<pre class="codeblock" style="background-color: white; border: 0px; color: #58585b; font-size: 1.6rem; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin-bottom: 20px; max-width: 100%; overflow-x: auto; overflow-y: visible !important; padding: 0px; vertical-align: baseline;">
</pre>
</div>
Deepak Kumarhttp://www.blogger.com/profile/01493110319668740028noreply@blogger.com0tag:blogger.com,1999:blog-3059055768180216580.post-90797826645071432122018-06-12T08:50:00.001+05:302018-06-12T08:55:11.229+05:30Does ospf having backup path?<p dir="ltr"> OSPF uses the SPF algorithm. The information contained in a router’s OSPF link state database is the “MAP” that is used to calculate the best path to a remote network. However, unlike EIGRP, OSPF does not keep backup paths to routes, rather, when a route to a network goes down, the SPF algorithm is run again to determine a backup or alternate path.<br>
Keep in mind no backup link.. if there are any dual active paths to any destination with same metric then load <u>balancing</u> will work (default up to 4 Path).<br></p>
Deepak Kumarhttp://www.blogger.com/profile/01493110319668740028noreply@blogger.com0tag:blogger.com,1999:blog-3059055768180216580.post-23059103203715643102018-06-11T15:23:00.001+05:302018-06-11T15:23:05.283+05:30What Do We Mean by Link-States?<div align="left" ><p dir="ltr"><span style="font-size:1.30em;"><b>What Do We Mean by Link-States?</b></span><br>
</p>
</div><p dir="ltr"><br>
</p>
<div align="left" ><p dir="ltr">OSPF is a link-state protocol. We could think of a link as being an interface on the router. The state of the link is a description of that interface and of its relationship to its neighboring routers. A description of the interface would include, for example, the IP address of the interface, the mask, the type of network it is connected to, the routers connected to that network and so on. The collection of all these link-states would form a link-state database.<br>
</p>
</div><p dir="ltr"><br>
</p>
Deepak Kumarhttp://www.blogger.com/profile/01493110319668740028noreply@blogger.com0tag:blogger.com,1999:blog-3059055768180216580.post-22641856457159249312018-06-11T00:34:00.000+05:302018-06-12T11:45:12.434+05:30OSPF LSA in Details<div dir="ltr" style="text-align: left;" trbidi="on">
<div style="text-align: justify;">
<span style="font-family: "trebuchet ms" , sans-serif;">Somedays before (last year), I have published a post about the OSPF LSAs types and definitions. Today I am going to share some more details about the SLAs as which router will generate the which LSAs:</span></div>
<div style="text-align: justify;">
<span style="font-family: "trebuchet ms" , sans-serif;"><br /></span></div>
<div style="text-align: justify;">
<span style="font-family: "trebuchet ms" , sans-serif;">1. </span></div>
<div style="text-align: justify;">
<span style="font-family: "trebuchet ms" , sans-serif;"><b>SLA Name:</b> Router LSA </span></div>
<div style="text-align: justify;">
<span style="font-family: "trebuchet ms" , sans-serif;"><b>Link-State ID:</b> </span><span style="text-align: left;"><span style="font-family: "trebuchet ms" , sans-serif;">Originating router ID of the router</span></span></div>
<div style="text-align: justify;">
<span style="font-family: "trebuchet ms" , sans-serif;"><b>Generated By:</b> Router LSAs are generated by every router. </span></div>
<div style="text-align: justify;">
<span style="font-family: "trebuchet ms" , sans-serif;"><br /></span></div>
<div style="text-align: justify;">
<span style="font-family: "trebuchet ms" , sans-serif;">2. </span></div>
<div style="text-align: justify;">
<span style="font-family: "trebuchet ms" , sans-serif;"><b>SLA Name:</b> Network LSA </span></div>
<div style="text-align: left;">
<span style="font-family: "trebuchet ms" , sans-serif;"><b>Link-State ID:</b> </span><span style="text-align: left;"><span style="font-family: "trebuchet ms" , sans-serif;">Interface IP address of the DR</span></span></div>
<div style="text-align: justify;">
<span style="font-family: "trebuchet ms" , sans-serif;"><b>Generated By:</b> </span><span style="text-align: left;"><span style="font-family: "trebuchet ms" , sans-serif;">Network LSAs are generated by the DR on a multi-access segment. They are the representation of the multi-access segment and all the routers attached to the segment. Segments that do not have a DR, such as point-to-point, will not have a network LSA.</span></span></div>
<div style="text-align: justify;">
<span style="text-align: left;"><span style="font-family: "trebuchet ms" , sans-serif;"><br /></span></span></div>
<div style="text-align: justify;">
<span style="text-align: left;"><span style="font-family: "trebuchet ms" , sans-serif;">3.</span></span></div>
<div style="text-align: justify;">
<span style="font-family: "trebuchet ms" , sans-serif;"><b>SLA Name:</b> </span><span style="text-align: left;"><span style="font-family: "trebuchet ms" , sans-serif;">Network summary LSA</span></span></div>
<div style="text-align: left;">
<span style="font-family: "trebuchet ms" , sans-serif;"><b>Link-State ID:</b> </span><span style="text-align: left;"><span style="font-family: "trebuchet ms" , sans-serif;">Destination network number</span></span></div>
<div style="text-align: justify;">
<b style="font-family: "Trebuchet MS", sans-serif;">Generated By:</b><span style="font-family: "trebuchet ms" , sans-serif;"> </span><span style="text-align: left;"><span style="font-family: "trebuchet ms" , sans-serif;">Network summary LSAs are generated by ABRs. </span></span></div>
<div style="text-align: justify;">
<span style="text-align: left;"><span style="font-family: "trebuchet ms" , sans-serif;"><br /></span></span></div>
<div style="text-align: justify;">
<span style="text-align: left;"><span style="font-family: "trebuchet ms" , sans-serif;">4.</span></span></div>
<div style="text-align: left;">
<span style="font-family: "trebuchet ms" , sans-serif;"><b>SLA Name:</b> </span><span style="text-align: left;"><span style="font-family: "trebuchet ms" , sans-serif;">ASBR summary LSA</span></span></div>
<span style="font-family: "trebuchet ms" , sans-serif;"><b>Link-State ID:</b> Router ID of AS boundary router</span><br />
<div style="text-align: left;">
<b style="font-family: "Trebuchet MS", sans-serif;">Generated By:</b><span style="font-family: "trebuchet ms" , sans-serif;"> </span><span style="text-align: left;"><span style="font-family: "trebuchet ms" , sans-serif;">ASBR summary LSAs are also generated by the ABR. This LSA describes the location of an ASBR, not a network. </span></span></div>
<div style="text-align: left;">
<span style="text-align: left;"><span style="font-family: "trebuchet ms" , sans-serif;"><br /></span></span></div>
<div style="text-align: left;">
<span style="text-align: left;"><span style="font-family: "trebuchet ms" , sans-serif;">5. </span></span></div>
<div style="text-align: left;">
<span style="font-family: "trebuchet ms" , sans-serif;"><b>SLA Name:</b> </span><span style="text-align: left;"><span style="font-family: "trebuchet ms" , sans-serif;">AS external LSA</span></span></div>
<span style="font-family: "trebuchet ms" , sans-serif;"><b>Link-State ID:</b> External network number</span><br />
<div style="text-align: left;">
<b style="font-family: "Trebuchet MS", sans-serif;">Generated By:</b><span style="font-family: "trebuchet ms" , sans-serif;"> </span><span style="text-align: left;"><span style="font-family: "trebuchet ms" , sans-serif;">Autonomous System (AS) External LSAs are originated by the ASBRs and describe a network outside of the AS.</span></span></div>
<div style="text-align: left;">
<span style="text-align: left;"><span style="font-family: "trebuchet ms" , sans-serif;"><br /></span></span></div>
<div style="text-align: left;">
<span style="font-family: "trebuchet ms" , sans-serif;">7. </span></div>
<span style="font-family: "trebuchet ms" , sans-serif;"><b>SLA Name:</b> NSSA external LSA</span><br />
<span style="font-family: "trebuchet ms" , sans-serif;"><b>Link-State ID:</b> External network number</span><br />
<b style="font-family: "Trebuchet MS", sans-serif;">Generated By:</b><span style="font-family: "trebuchet ms" , sans-serif;"> </span><span style="font-family: "trebuchet ms" , sans-serif;">Not-So-Stubby Area (NSSA) external LSAs are originated by the ASBR within the NSSA. These types of LSAs are flooded only throughout the NSSA.</span><br />
<span style="font-family: "trebuchet ms" , sans-serif;"><br /></span> <span style="font-family: "trebuchet ms" , sans-serif;">I hope it will very helpful for you!</span></div>
Anonymoushttp://www.blogger.com/profile/10044874240885266463noreply@blogger.com0tag:blogger.com,1999:blog-3059055768180216580.post-24411330882789536972018-06-01T13:54:00.000+05:302018-06-01T13:54:27.659+05:30OSPF Tips - Summarization of Network<div dir="ltr" style="text-align: left;" trbidi="on">
<br />
#CiscoTips #OSPF #DoYouKnow<br />
<div style="text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: 12px;"><br /></span></div>
<div style="text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: 12px;">An internal summary route is generated if at least one subnet within the area falls in the summary address range and the summarized route metric is equal to the lowest cost of all the subnets within the summary address range. Interarea summarization can only be done for the intra-area routes of connected areas, and the ABR creates a route to Null0 to avoid loops in the absence of more specific routes.</span></div>
<div style="text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: 12px;"><br /></span></div>
</div>
Anonymoushttp://www.blogger.com/profile/10044874240885266463noreply@blogger.com0tag:blogger.com,1999:blog-3059055768180216580.post-26819971781625051142018-06-01T11:15:00.002+05:302018-06-01T11:15:45.597+05:30OSPF network planning tips - Summarization of network<div dir="ltr" style="text-align: left;" trbidi="on">
<a class="hashtag-link ember-view" data-control-name="update_hashtag" href="https://www.linkedin.com/search/results/content/?keywords=%23CiscoTips&origin=HASH_TAG_FROM_FEED" id="ember30158" style="background: 0px 0px rgb(255, 255, 255); border: 0px; box-sizing: inherit; color: #0084bf; font-family: -apple-system, system-ui, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", "Fira Sans", Ubuntu, Oxygen, "Oxygen Sans", Cantarell, "Droid Sans", "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Emoji", "Segoe UI Symbol", "Lucida Grande", Helvetica, Arial, sans-serif; font-size: 14px; font-weight: 700; margin: 0px; padding: 0px; text-decoration-line: none; touch-action: manipulation; vertical-align: baseline; white-space: pre-wrap;" target="_self">#CiscoTips</a><span style="background: 0px 0px rgb(255, 255, 255); border: 0px; box-sizing: inherit; color: rgba(0, 0, 0, 0.75); font-family: -apple-system, system-ui, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", "Fira Sans", Ubuntu, Oxygen, "Oxygen Sans", Cantarell, "Droid Sans", "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Emoji", "Segoe UI Symbol", "Lucida Grande", Helvetica, Arial, sans-serif; font-size: 14px; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline; white-space: pre-wrap;"> </span><a class="hashtag-link ember-view" data-control-name="update_hashtag" href="https://www.linkedin.com/search/results/content/?keywords=%23DoYouKnow&origin=HASH_TAG_FROM_FEED" id="ember30161" style="background: 0px 0px rgb(255, 255, 255); border: 0px; box-sizing: inherit; color: #0084bf; font-family: -apple-system, system-ui, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", "Fira Sans", Ubuntu, Oxygen, "Oxygen Sans", Cantarell, "Droid Sans", "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Emoji", "Segoe UI Symbol", "Lucida Grande", Helvetica, Arial, sans-serif; font-size: 14px; font-weight: 700; margin: 0px; padding: 0px; text-decoration-line: none; touch-action: manipulation; vertical-align: baseline; white-space: pre-wrap;" target="_self">#DoYouKnow</a><span style="background: 0px 0px rgb(255, 255, 255); border: 0px; box-sizing: inherit; color: rgba(0, 0, 0, 0.75); font-family: -apple-system, system-ui, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", "Fira Sans", Ubuntu, Oxygen, "Oxygen Sans", Cantarell, "Droid Sans", "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Emoji", "Segoe UI Symbol", "Lucida Grande", Helvetica, Arial, sans-serif; font-size: 14px; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline; white-space: pre-wrap;"> </span><a class="hashtag-link ember-view" data-control-name="update_hashtag" href="https://www.linkedin.com/search/results/content/?keywords=%23OSPF&origin=HASH_TAG_FROM_FEED" id="ember30164" style="background: 0px 0px rgb(255, 255, 255); border: 0px; box-sizing: inherit; color: #0084bf; font-family: -apple-system, system-ui, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", "Fira Sans", Ubuntu, Oxygen, "Oxygen Sans", Cantarell, "Droid Sans", "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Emoji", "Segoe UI Symbol", "Lucida Grande", Helvetica, Arial, sans-serif; font-size: 14px; font-weight: 700; margin: 0px; padding: 0px; text-decoration-line: none; touch-action: manipulation; vertical-align: baseline; white-space: pre-wrap;" target="_self">#OSPF</a><span style="background: 0px 0px rgb(255, 255, 255); border: 0px; box-sizing: inherit; color: rgba(0, 0, 0, 0.75); font-family: -apple-system, system-ui, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", "Fira Sans", Ubuntu, Oxygen, "Oxygen Sans", Cantarell, "Droid Sans", "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Emoji", "Segoe UI Symbol", "Lucida Grande", Helvetica, Arial, sans-serif; font-size: 14px; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline; white-space: pre-wrap;"> </span><a class="hashtag-link ember-view" data-control-name="update_hashtag" href="https://www.linkedin.com/search/results/content/?keywords=%23Design&origin=HASH_TAG_FROM_FEED" id="ember30167" style="background: 0px 0px rgb(255, 255, 255); border: 0px; box-sizing: inherit; color: #0084bf; font-family: -apple-system, system-ui, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", "Fira Sans", Ubuntu, Oxygen, "Oxygen Sans", Cantarell, "Droid Sans", "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Emoji", "Segoe UI Symbol", "Lucida Grande", Helvetica, Arial, sans-serif; font-size: 14px; font-weight: 700; margin: 0px; padding: 0px; text-decoration-line: none; touch-action: manipulation; vertical-align: baseline; white-space: pre-wrap;" target="_self">#Design</a><span style="background: 0px 0px rgb(255, 255, 255); border: 0px; box-sizing: inherit; color: rgba(0, 0, 0, 0.75); font-family: -apple-system, system-ui, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", "Fira Sans", Ubuntu, Oxygen, "Oxygen Sans", Cantarell, "Droid Sans", "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Emoji", "Segoe UI Symbol", "Lucida Grande", Helvetica, Arial, sans-serif; font-size: 14px; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline; white-space: pre-wrap;">
Summarization design is a process of network planning: One step fails, Network fail:::
If the OSPF design includes many ABRs or ASBRs, suboptimal routing is possible. This is one of the drawbacks of summarization.
Route summarization requires a good addressing plan—an assignment of subnets and addresses that are based on the OSPF area structure and lends itself to aggregation at the OSPF area borders.</span></div>
Anonymoushttp://www.blogger.com/profile/10044874240885266463noreply@blogger.com0