The command “clear ip route” clears one or more routes from both the unicast RIB (IP routing table) and all the module Forwarding Information Bases (FIBs).
The prefix-list “ip prefix-list name permit 10.8.0.0/16 ge 24 le 24” means
+ Check the first 16 bits of the prefix. It must be 10.8
+ The subnet mask must be greater or equal 24
+ The subnet mask must be less than or equal 24
-> The subnet mask must be exactly 24
Therefore the suitable prefix that is matched by above ip prefix-list should be 10.8.x.x/24
This is a new user (client) that has not been configured to accept SSL VPN connection. So that user must open a web browser, enter the URL and login successfully to be authenticated. A small software will also be downloaded and installed on the client computer for the first time. Next time the user can access file shares on that network normally.
“Increase the logging history” here is same as “increase the logging buffer”. The default buffer size is 4096 bytes. By increasing the logging buffer size we can see more history logging messages. But do not make the buffer size too large because the access point could run out of memory for other tasks. We can write the logging messages to a outside logging server instead.
A core dump is a file containing a process’s address space (memory) when the process terminates unexpectedly to identify the cause of the crash
The “show memory allocating-process table” command displays statistics on allocated memory with corresponding allocating processes. This command can be also used to find out memory leaks. A memory leak occurs when a process requests or allocates memory and then forgets to free (de-allocate) the memory when it is finished that task.
Note: In fact the correct command should be “show memory allocating-process totals” (not “table”)
The “show memory summary” command displays a summary of all memory pools and memory usage per Alloc PC (address of the system call that allocated the block). An example of the output of this command is shown below:
+ Total: the total amount of memory available after the system image loads and builds its data structures.
+ Used: the amount of memory currently allocated.
+ Free: the amount of memory currently free.
+ Lowest: the lowest amount of free memory recorded by the router since it was last booted.
+ Largest: the largest free memory block currently available.
Note: The show memory allocating-process totals command contains the same information as the first three lines of the show memory summary command.
An example of a high memory usage problem is large amount of free memory, but a small value in the “Lowest” column. In this case, a normal or abnormal event (for example, a large routing instability) causes the router to use an unusually large amount of processor memory for a short period of time, during which the memory has run out.
The show memory dead command is only used to view the memory allocated to a process which has terminated. The memory allocated to this process is reclaimed by the kernel and returned to the memory pool by the router itself when required. This is the way IOS handles memory. A memory block is considered as dead if the process which created the block exits (no longer running).
The command show memory events does not exist.
Reference: http://www.cisco.com/c/en/us/td/docs/ios/12_2/configfun/command/reference/ffun_r/frf013.html and http://www.cisco.com/c/en/us/support/docs/ios-nx-os-software/ios-software-releases-121-mainline/6507-mallocfail.html
If the DHCP Server is not on the same subnet with the DHCP Client, we need to configure the router on the DHCP client side to act as a DHCP Relay Agent so that it can forward DHCP messages between the DHCP Client & DHCP Server. To make a router a DHCP Relay Agent, simply put the “ip helper-address <IP-address-of-DHCP-Server>” command under the interface that receives the DHCP messages from the DHCP Client.
Fragmentation and Path Maximum Transmission Unit Discovery (PMTUD) is a standardized technique to determine the maximum transmission unit (MTU) size on the network path between two hosts, usually with the goal of avoiding IP fragmentation. PMTUD was originally intended for routers in IPv4. However, all modern operating systems use it on endpoints.
Note: IP fragmentation involves breaking a datagram into a number of pieces that can be reassembled later.
Both RADIUS (Remote Authentication Dial-in User Service) and TACACS+ (Terminal Access Controller Access-Control System) Plus) are the main protocols to provide Authentication, Authorization, and Accounting (AAA) services on network devices.
Both RADIUS and TACACS+ support accounting of commands. Command accounting provides information about the EXEC shell commands for a specified privilege level that are being executed on a network access server. Each command accounting record includes a list of the commands executed for that privilege level, as well as the date and time each command was executed, and the user who executed it.
For example, to send accounting messages to the TACACS+ accounting server when you enter any command other than show commands at the CLI, use the aaa accounting command command in global configuration mode
Note: TACACS+ was developed by Cisco from TACACS.
Bandwidth-delay product (BDP) is the maximum amount of data “in-transit” at any point in time, between two endpoints. In other words, it is the amount of data “in flight” needed to saturate the link. You can think the link between two devices as a pipe. The cross section of the pipe represents the bandwidth and the length of the pipe represents the delay (the propagation delay due to the length of the pipe).
Therefore the Volume of the pipe = Bandwidth x Delay. The volume of the pipe is also the BDP.
Return to our question, the formula to calculate BDP is:
BDP (bits) = total available bandwidth (bits/sec) * round trip time (sec) = 64,000 * 3 = 192,000 bits
-> BDP (bytes) = 192,000 / 8 = 24,000 bytes
Therefore we need 24KB to fulfill this link.
For your information, BDP is very important in TCP communication as it optimizes the use of bandwidth on a link. As you know, a disadvantage of TCP is it has to wait for an acknowledgment from the receiver before sending another data. The waiting time may be very long and we may not utilize full bandwidth of the link for the transmission.
Based on BDP, the sending host can increase the number of data sent on a link (usually by increasing the window size). In other words, the sending host can fill the whole pipe with data and no bandwidth is wasted.
RADIUS combines authentication and authorization. The access-accept packets sent by the RADIUS server to the client contain authorization information. This makes it difficult to decouple authentication and authorization.
TACACS+ uses the AAA architecture, which separates AAA. This allows separate authentication solutions that can still use TACACS+ for authorization and accounting. For example, with TACACS+, it is possible to use Kerberos authentication and TACACS+ authorization and accounting. After a NAS authenticates on a Kerberos server, it requests authorization information from a TACACS+ server without having to re-authenticate. The NAS informs the TACACS+ server that it has successfully authenticated on a Kerberos server, and the server then provides authorization information.
During a session, if additional authorization checking is needed, the access server checks with a TACACS+ server to determine if the user is granted permission to use a particular command. This provides greater control over the commands that can be executed on the access server while decoupling from the authentication mechanism.