TCP Startup Connection Process The TCP startup connection process begins with a handshake between two hosts. One host initiates the handshake to another host. To ensure that the destination host is available. To ensure that the destination host is listening on the destination port number. Inform the destination host of the initiator’s sequence number so that the two sides can track data as it is transferred. Step #1 Computer_X sends a TCP packet to WebServer_X. Computer_X initiates a TCP request to WebServer_X on TCP port 2023. Computer_X will use a randomly generated source port. Th ..read more

ARP stands for Address Resolution Protocol. It is a communication protocol used in computer networks to map an IP address (Internet Protocol address) to a physical MAC (Media Access Control) address. ARP is essential for the proper functioning of Ethernet networks and is used to discover the hardware address of a device (such as a computer or a router) on the same local network segment when its IP address is known. Here’s how ARP works: When a device on a local network wants to communicate with another device using its IP address, it first checks its ARP cache (a table that stores recently re ..read more

show-profile-hierarchy-2Download High-Level Groups and Profiles AP Groups An AP group is a set of APs to which the same configuration is applied. There is an AP group called “default,” to which all APs discovered by the controller are assigned. By using the “default” AP group, you can configure features that are applied globally to all APs. I prefer creating new AP groups based on specific needs/requirements. In the Aruba user-centric network, each AP has a unique name and belongs to an AP group. It is important to know that you can create additional AP groups and assign APs to that new gro ..read more

Part 1 show-profile-hierarchy-1Download Destination Alias Network aliases can reference internal networks, groups of servers, or external servers. Example Destination Aliases Create the network destination rule. netdestination corp-internal network 10.15.0.0 255.255.254.0 network 10.15.2.0 255.255.255.0 network 10.15.3.0 255.255.255.128 network 10.15.3.128 255.255.255.192 network 10.15.3.192 255.255.255.224 network 10.15.3.224 255.255.255.224 Create a firewall policy. ip access-list session ACL-PERMIT-INTERNAL-NETWORKS user alias corp-internal any permit Associa ..read more

Aruba’s configuration can be a bit confusing at times. The focus of the Aruba Campus Access Fundamentals, Implementing Aruba Campus Access, and ACMP building blocks is to bridge the basic configuration gaps. Policy Enforcement Firewall A firewall policy is a set of rules that examines where the packet is coming from,s destination, and what type of packet it is. Firewall policies can allow or deny traffic based on user type or flows. After the firewall policy is created, the user role can be created. User roles are a set of firewall policies, along with other non-firewall-related items. Examp ..read more

R5 ! interface Tunnel2023 ip address 172.16.0.5 255.255.255.0 no ip redirects ip mtu 1476 ip nhrp map multicast dynamic ip nhrp network-id 555 ip nhrp registration timeout 10 ip nhrp redirect ip tcp adjust-mss 1436 tunnel source Ethernet0/0.100 tunnel mode gre multipoint end router eigrp CWNE387 ! address-family ipv4 unicast autonomous-system 387 ! af-interface Tunnel2023 no split-horizon exit-af-interface ! topology base exit-af-topology network 5.1.1.5 0.0.0.0 network 5.1.2.5 0.0.0.0 network 150.1.5.5 0.0.0.0 network 172.16.0.5 0.0.0.0 exit-address-famil ..read more

Phase 3 requires mGRE tunnels similar to Phase 2, with tunnels on the hub and spokes of the DMVPN. Adding an NHRP redirect allows the data plan of the spoke-to-spoke conversations to join the spokes directly without going through the hub. This eliminates the requirements to conduct IP CEF resolution. Phase 3 allows the spokes to support NHRP resolution requests, meaning that the hub is NOT the only device that contains the NHRP database. High-Level Operations The spokes register their mappings with the hub. This allows the hub and spokes to discover and establish adjacencies dynamically ..read more

For dynamic spoke-to-spoke tunnels to form, the spokes require multipoint tunnels. Static entries for the hub are required on the spoke. Without the static entries, the NHRP registration cannot be sent. DMVPN Phase 2 with static mapping restrictions: Summarization is not allowed on the hub. Default routing is not allowed on the hub. The spoke must always maintain next-hope reachability. R5 Hub R5(config-if)#do show run int t2023 interface Tunnel2023 ip address 172.16.0.5 255.255.255.0 no ip redirects ip mtu 1476 ip nhrp map 172.16.0.1 169.1.100.1 ip nhrp map 172.16.0.2 169.1.100.2 ..read more

The hub router must be configured with multipoint. The spokes must be configured with point-to-point. The hub router must be configured to perform dynamic mappings. Dynamic mappings allow for a much more scalable configuration. How does this work? When a spoke initially connects to the DMVPN network, it registers its tunnel-IP-address-to-NBMA-IP (PUBLIC IP) mapping with the hub router. The hub will acknowledge the registration by sending back the registration message that was initiated by the spoke with a success code. The registration enables the mGRE interface on the hub router to build a ..read more

Network Type DB/BDR Hello Type Unicast/Multicast Hello/Dead/Wait Intervals Point-to-Point NO Multicast 10/40/40 Point-to-Multipoint NO Multicast 30/120/120 Point-to-Multipoint Non-broadcast NO Unicast 30/120/120 Broadcast YES Multicast 10/40/40 Non-Broadcast YES Unicast 30/120/120 Point-to-Point R6(config-subif)#do show ip ospf int e0/1.146 Ethernet0/1.146 is up, line protocol is up Internet Address 155.1.146.6/24, Area 0, Attached via Interface Enable Process ID 1, Router ID 150.1.6.6, Network Type POINT_TO_POINT, Cost: 10 Topology-MTID Cost Disabled Shutdo ..read more