I was explaining in the previous post what is the difference between optimal and suboptimal path and how to avoid the use of not such a good path in your routed environment. Also there I presented this so call “dirty trick” you can use to force the routing protocol to choose the path that you want, based on the Administrative distance modification.
As I said there is another way (for sure more than one) to do it, using a more elegant approach and from the networking point of view more safe considering the complex routing environment. I will use the same topology like in the previous post to offer you the possibility to compare these 2 methods presented and to choose the one that you understand and fit better to your needs. Also there are some other ways to do it and please feel free to discussed them in the comments section and maybe to present them here in a future post.
We will achive the desired results by setting one community on R1 for the advertised network 192.168.82.1 and dropping the prefixes, marked with the same community, on R2. Please be aware that for this method to work you have to allowed BGP peers to send communities list with the command “neighbor xx.xx.xx.xx send-community …” under “router bgp xxx” process.
Please see the example by clicking the image below:
Great tutorial, but what if I’ll have already route-map and I’m setting the community for a number of X routes, but the one that I want to drop on the other side is X-2 routes. I hope you understand what I want to say with X and X-2.
Keep on the good work!
Hi Tido!
If you already use community to mark prefixes for different purpose, then you can use extcommunity together with SOO (Site-Of-Origin). Under route-map you can do “set extcommunity soo ASN:nn”. This is just a simple example. Of course your BGP environment has to “send community extended” to be able to use this. I will do a tutorial about this sometime in close future.
Nice one! Very useful!
your site is having lot of intersting and knowledgeable material.
regards
shivlu jain
I have configured ip ssh timeout 60 and exec-timeout 5 on VTY lines. Preferred input connection is ssh. How much time can I be idle?
Hi Techie!
ip ssh timeout = “The time interval that the router waits for the SSH client to respond. This setting applies to the SSH negotiation phase. Once the EXEC session starts, the standard timeouts configured for the vty apply.”
So, in your case this will be 5 minutes.
Useful links:
http://www.cisco.com/en/US/docs/ios/12_2/security/command/reference/srfssh.html#wp1023615
http://www.cisco.com/en/US/docs/ios/11_3/configfun/command/reference/frconban.html#wp1852
I hope this reply to your question.
Obviously one of the “certification preparation” companies put the SSH question into their materials. I’ve got the same question a few weeks ago (with exactly the same wording). Amazing :)
Ivan, I have checked your link :). I had the idea to google after this phrase and I found another site having this question which made me think for a second of another kind of spam or something…but then I saw that there was just a traceback to your blog :)
I think you’re right and this is sold as one of the possibilities for the open ended questions in the CCIE exam…
It’s super site, I was looking for something like this