• Author : Sarah Chen


IS-IS flexible algorithm

Description IS-IS flexible algorithm (FlexAlgo) provides a lightweight, simplified mechanism for performing basic traffic engineering functions within a single IS-IS area. FlexAlgo requires the cooperation of all nodes within the IS-IS area but does not require an external controller. Paths are computed by each node within the area, resulting in an MPLS switched forwarding path to nodes that are advertising a node Segment Identifier (SID) for the algorithm. The results of the path computation are placed in the colored tunnel RIB or system tunnel RIB, which simplifies route resolution. Multiple algorithms may be used concurrently, allowing for different types of...
Continue reading →

General Router ID

Description The General Router-ID configuration provides the ability to configure a common Router-ID for all routing protocols configured on the device. This implies that you do not need to configure a Router-ID for each routing protocol individually. Platform compatibility All platforms. Configuration A general router ID can be configured under the “router general” configuration mode for each address family: rtr(config)#router general rtr(config-router-general)#router-id ipv4 <A.B.C.D> rtr(config-router-general)#router-id ipv6 <A:B:C:D:E:F:G:H> For each address family, a per-VRF general router ID can be configured under the VRF submode under the “router general” configuration mode: rtr(config-router-general)#vrf RED rtr(config-router-general-vrf-RED)#router-id ipv4 <A.B.C.D> rtr(config-router-general-vrf-RED)#router-id ipv6 <A:B:C:D:E:F:G:H> Note that to...
Continue reading →

IP Source Guard

IP Source Guard (IPSG) is a security feature that can help prevent IP spoofing attacks. It filters inbound IP packets based on their source MAC and IP addresses. IPSG is supported in hardware. When IPSG is enabled on a Layer 2 port, every IP packet received on this port is verified. The packet is permitted if its source MAC and IP addresses match any of the user-configured IP-MAC binding entries on the receiving vlan and port. The packet is dropped immediately if no match is found. Platform compatibility DCS-7010 DCS-7050 DCS-7050X DCS-7250X DCS-7300X Configuration IPSG is only applied to Layer 2 ports. To enable...
Continue reading →

Static ARP inspection

Static ARP inspection is a security feature that verifies the source IP and the source MAC addresses of each received ARP packet payload based on user configured IP-MAC bindings. Static ARP inspection is enabled on a per-VLAN basis. When it is enabled on a VLAN, the switch intercepts ARP packets, both requests and responses, on all interfaces belonging to this VLAN, and verifies that each intercepted packet has a valid IP-MAC address binding in its ARP payload. On user-configured trusted interfaces, all received ARP packets are considered valid. After being inspected, ARP packets that have valid IP-MAC bindings are forwarded...
Continue reading →


Get every new post on this blog delivered to your Inbox.

Join other followers: