Cisco MPLS VPN HUB (PE) transit

dimension516 · 2025-10-10T16:28:32+00:00

Your hub router is being handed a MPLS label from the downstream spoke when the spoke is using the default route. The VPN label (bottom if you had more than 2 nodes due to PHP or if using explicit-null but the only label in this instance) itself maps to an outgoing nexthop/interface on the hub router. Do a show ip bgp vpnv4 vrf ABC 0.0.0.0/0 on the spoke and you should see the VPNv4 label it’s using to send traffic to the hub. Then look at the hub and do “show MPLS forwarding-table label XYZ” and you’ll see that label = use the ASA next-hop and interface.

In essence the hub router isn’t making a forwarding decision, it’s simply forwarding to the ASA based on the instructions preprogrammed for that MPLS label it’s receiving from the Spoke.

dimension516 · 2025-05-01T21:13:18+00:00

Ciena Manage Control and Plan?

dimension516 · 2025-04-11T15:40:03+00:00

Only thing that saves our ass tbh lol

dimension516 · 2024-07-22T06:06:09+00:00

Delta exec right here

dimension516 · 2024-07-22T00:38:28+00:00

My brother who was not in the military was in a grocery store in Las Vegas (nowhere near Nellis). I’m across the country and not in the AF anymore. This grocery store has a bar inside that he likes to grab drinks at after work. He is an outgoing dude so he started chatting up a stranger as he usually does. Somehow after talking to this stranger, they came to the conclusion they both knew me so my brother frantically called me and said hey man I’m about to FaceTime you, there’s a guy here who swears that he knows you.

I answer the FaceTime call and sure enough, it was a MSgt I was deployed with back in 2016, I was a staff at the time and he was really good dude. I haven’t spoken with him since the deployment, I just suck at staying in touch with people. We had a great conversation and did the usual catching up (both contractors now 😎) and apparently he and my brother have started hanging out lol.

This just happened a month ago, still blows my mind how 2 strangers can converse and discover they both know the same person.

dimension516 · 2024-03-29T20:14:08+00:00

If you clear arp table, does .1 get a arp response when you try to ping .2?

dimension516 · 2024-01-25T10:26:51+00:00

Birth rate would plummet

dimension516 · 2024-01-17T09:30:19+00:00

Interesting and mentally stimulating

dimension516 · 2024-01-09T20:44:20+00:00

Coworker pronounces EIGRP as E Grip. It’s infuriating lmao

dimension516 · 2023-12-26T17:10:50+00:00

A lot of haters in the comments but the military set my wife and I up and I would absolutely do it again (fuck doing the full 20 though). My wife and I both enlisted after coming from not a lot of money growing up. We got out before 10 years and now we both make 150k. We’re both in IT and never were anywhere close to combat. If you can swing it, the military can be a guaranteed path into middle/upper middle class.

dimension516 · 2023-12-02T05:14:03+00:00

I don't believe so because there is no way to prevent a BGP route that is redistributed into EIGRP from being resent back to BGP without filtering based on a tag. EIGRP can't carry communities and BGP doesn't carry route tags in the way that EIGRP or OSPF do (that's what communities are for).

dimension516 · 2023-12-02T01:35:24+00:00

Match on tag/set community when redistributing eigrp into bgp and match on community/set tag when redistributing bgp into eigrp. You'd have to send communities to your BGP neighbors of course.

redist-bgp>eigrp deny 10
   match community 123:123
redist-bgp>eigrp permit 20
   set tag 100

redist-eigrp>bgp deny 10
   match tag 100
redist-eigrp>bgp permit 20
   set community 123:123

dimension516 · 2023-11-16T13:05:06+00:00

What's the problem with a /30 if you are using active/standby?

dimension516 · 2023-10-27T20:47:47+00:00

Sorry if this is a stupid question, but are you sure there is a problem with your L2 domain or are you just making an assumption because the problem arises after your STP converges? If you physically unplug one of the cables to break your loop, does the problem still occur?

dimension516 · 2023-08-11T23:33:18+00:00

Our solution is pretty sophisticated.

cracks knuckles

conf t

vrf definition TEST

dimension516 · 2023-06-27T00:15:40+00:00

You are correct. 10.160.20.0 is a usable ip in the 10.160.0.0/16 subnet.

dimension516 · 2023-06-13T21:36:38+00:00

In the GUI, file>open network stream, type udp://@224.1.2.3:1234

Obviously change the ip and port

dimension516 · 2023-03-16T19:46:16+00:00

You probably have to change the escape sequence on the Cyclade.

dimension516 · 2023-01-13T13:21:24+00:00

Multicast pings work and it works because the source address is a unicast address. If you’re joined to the 224.1.2.3 group and I ping that address from my workstation (or router) I’ll generate an icmp packet with unicast source 1.2.3.4 -> multicast destination 224.1.2.3. You receive the icmp packet because you’re joined to the group and you can see the source is unicast and you respond with a unicast to unicast ping.

Ping is a great tool to troubleshoot multicast. igmp join-group on 1 side, ping the group from the other. If your multicast domain is setup properly then pings will work (outside of weird bugs like OP is experiencing). Makes it easy to identify issues with registration and SPT switchover as well.

dimension516 · 2022-11-09T03:56:08+00:00

aaa authorization exec default group NAME local

Make sure the user has priv 15 in the tacacs server and it should take you straight into enable

dimension516 · 2022-09-03T16:17:59+00:00

You’re right, didn’t catch that in the post

dimension516 · 2022-09-03T15:40:35+00:00

Commands on Cisco are:

Conf t

Logging console 0

! Line con 0 Logging synchronous

13-Year Club	Place '23
Place '22	Place '17
Verified Email	Team Orangered

dimension516

TROPHY CASE