Use the above topology to test/verify PIM DM features:
PIM Neighbors
PIM Join / Prune
Prune override
Graft
Graft Ack
Assert
This blog is designed to provide information about Routing, switching, Security, Data Center technologies for CCNA /CCNP/CCIE aspirants. Every effort has been made to make this blog as complete and as accurate as possible, but no warranty or fitness is implied
Application | Port | Protocol | Notes |
---|---|---|---|
HTTP | 80, 8080 | TCP | Hyptertext Transfer Protocol. Used by web browsers such as Internet Explorer, Firefox and Opera. |
HTTPS | 443 | TCP, UDP | Used for secure web browsing. |
IMAP | 143 | TCP | Email applications including Outlook, Outlook Express, Eudora and Thunderbird. |
FTP | 20 to 21 | TCP | File Transfer Protocol. |
SSH | 22 | TCP | Secure Shell protocol. Provides a secure session when logging into a remote machine. |
Telnet | 23 | TCP | Used for remote server administration. |
DNS | 53 | TCP, UDP | Domain Name System protocol for converting domain names to IP addresses. |
NNTP | 119 | TCP | Network News Transfer Protocol, used for internet discussion groups. |
NETBIOS | 137 to 139 | TCP, UDP | NETBIOS is used for file transfers between Windows machines. |
SNMP | 161 to 162 | UDP | Simple Network Management Protocol. Used by network administrators for remote statistics and information gathering. |
LDAP | 389 | TCP, UDP | Lightwight Directory Services Protocol, used for accessing centralized databases of users and computers. |
Microsoft SQL Server | 1433 to 1434 | TCP, UDP | Database application. |
MySQL | 3306 | TCP, UDP | Database application. |
Oracle SQL | 1521, 1522, 1525, 1529 | TCP | Database application. |
Microsoft Terminal Server / Citrix ICA | 1494, 1604 | UDP | Remote desktop application. |
ICQ | 4000 | UDP | Instant messenger. |
Yahoo Messenger | 5010 | TCP | Instant messenger. |
AOL Instant Messenger | 5190 | TCP, UDP | Instant messenger. |
PCAnywhere | 5632 | TCP, UDP | Remote desktop application. |
VNC | 5800, 5900 | TCP | Virtual Network Computer, allows remote desktop functionality. |
Kerberos | 88 | TCP, UDP | Used for user authentication, mainly on Windows systems. |
POP3 | 110 | TCP | Post Office Protocool. For receiving email. |
SMTP | 25 | TCP | Simple Mail Transfer Protocol, used for sending email. |
RIP | 520 | UDP | Routing Information Protocol, part of the core internet infrastructure. |
Microsoft PPTP | 1723 | TCP | Point-to-Point Tunneling Protocol, a VPN implementation. |
Windows Media Streaming | 1755, 7007 | TCP, UDP | |
Age of Empires | 2300 to 2400, 6073, 47624 | TCP, UDP | Multiplayer game. |
Call of Duty | 20500, 20510, 28960 | TCP, UDP | Multiplayer game. |
Counter-Strike | 1200, 27000 to 27015, 27020 to 27039 | TCP, UDP | Multiplayer game. |
Doom 3 | 27650, 27666 | TCP, UDP | Multiplayer game. |
Everquest | 1024, 6000, 7000 | TCP, UDP | Multiplayer game. |
Far Cry | 49001 to 49002, 49124 | TCP, UDP | Multiplayer game. |
FIFA | 3658, 10400 to 10499 | TCP, UDP | Multiplayer game. |
Microsoft Flight Simulator | 2300 to 2400, 6073, 23456, 47624 | TCP, UDP | Multiplayer game. |
Gamespy Arcade | 3783, 6515, 6500, 6667, 13139, 27900, 28900, 29900, 29901 | TCP, UDP | Game browser. |
Gnutella | 6346 | TCP, UDP | P2P file sharing application. |
GTA2 | 2300 to 2400, 47624 | TCP, UDP | Multiplayer game. |
Half Life 2 | 1200, 27000 to 27015, 27020 to 27039 | TCP, UDP | Multiplayer game. |
iTunes | 3689 | TCP, UDP | Music sharing application. |
MSN Messenger | 1863, 5190, 6891 to 6901 | TCP, UDP | Instant messenger. |
NBA Live | 3658, 9570, 18699 to 28600 | UDP | Multiplayer game. |
Need For Speed | 80, 1030, 3658, 3659, 9442, 13505, 18210, 18215, 30900 to 30999 | TCP, UDP | Multiplayer game. |
Net2Phone | 6801 | UDP | VoIP application. |
NetFone | 10200 | TCP | VoIP application. |
Neverwinter Nights | 5120 to 5300, 6500, 6667, 27900, 28900 | UDP | Multiplayer game. |
NHL | 3658, 10300, 13505 | TCP, UDP | Multiplayer game. |
No One Lives Forever | 2300 to 2400, 7000 to 10000, 27888 | TCP, UDP | Multiplayer game. |
PhoneFree | 1034 to 1035, 2644, 8000, 9900 to 9901 | TCP, UDP | VoIP application. |
Quake | 27650, 27910, 27950, 27952, 27960, 27965 | TCP, UDP | Multiplayer game. |
Quicktime | 6970 to 7000 | TCP, UDP | Video streaming application. |
Rainbow Six | 80, 2346 to 2348, 6667, 7777 to 7787, 8777 to 8787, 40000 to 42999, 44000, 45000 | TCP, UDP | Multiplayer game. |
RealVNC | 5900 | TCP, UDP | Remote desktop application. |
Remote Desktop | 3389 | TCP, UDP | Generic remote desktop protocol. |
Shiva VPN | 2233 | TCP, UDP | Tunneling application. |
Soldier of Fortune | 28910 to 28915, 20100 to 20112 | TCP, UDP | Multiplayer game. |
Speak Freely | 2074 to 2076 | UDP | VoIP application. |
Starcraft | 6112 | TCP, UDP | Multiplayer game. |
TeamSpeak | 8767, 14534, 51234 | TCP, UDP | Online voice chat. |
Tiger Woods PGA Tour | 80, 443, 9570, 13505, 20803, 20809, 32768 to 65535 | TCP, UDP | Multiplayer game. |
Tight VNC | 5800, 5500, 5900 | TCP | Remote desktop application. |
Tribes | 28000, 28001 | TCP, UDP | Multiplayer game. |
Ultima Online | 5001 to 5010, 7775 to 7777, 7875, 8800 to 8900, 9999 | TCP | Multiplayer game. |
Unreal Tournament | 7777 to 7788, 8080, 8777, 9777, 27900, 42292 | TCP, UDP | Multiplayer game. |
Vonage | 5061, 10000 to 20000 | UDP | VoIP application. |
VPhone | 11675 | TCP, UDP | VoIP application. |
Warcraft | 6112 to 6119 | TCP, UDP | Multiplayer game. |
WebcamXP | 8080, 8090 | TCP | Video sharing application. |
Winamp Streaming | 8000 to 8001 | TCP | Audio streaming application. |
Wingate VPN | 809 | TCP, UDP | Tunneling application. |
World of Warcraft | 3724, 6112, 6881 to 6999 | TCP | Multiplayer game. |
Worms Armageddon | 80, 6667, 17010 to 17012 | TCP | Multiplayer game. |
XBox | 80, 1900, 3390, 3074, 3776, 3932, 5555, 7777 | TCP, UDP | Game appliance. |
Azureus | 6881 to 6889 | TCP, UDP | P2P file sharing application. |
DC++ | 411, 1025 to 32000 | TCP, UDP | P2P file sharing application. |
Limewire | 6346 to 6347 | TCP, UDP | P2P file sharing application. |
Value
|
Payload Type
|
Description
|
0 |
NONE |
This is the final payload |
1 |
Security Association (SA) |
Contains security attributes ([sub] payload types 2 and 3) |
2 |
Proposal (P) |
Contains information used during SA negotiation |
3 |
Transform (T) |
Contains information used for SA negotiation (for example, IKE policy information) |
4 |
Key Exchange (KE) |
Used for key exchange between peers |
5 |
Identification (ID) |
Used to exchange identification information between peers |
6 |
Certificate (CERT) |
Used to send certificates or certificate-related information |
7 |
Certificate Request (CR) |
Used to request certificates |
8 |
Hash (HASH) |
Used to exchange data generated by hash function |
9 |
Signature (SIG) |
Used to exchange data generated by digital signature function (for nonrepudiation) |
10 |
Nonce (NONCE) |
Contains random data used to indicate liveliness and to protect against replay attacks |
11 |
Notification/Notify (N) |
Used to send informational data such as error conditions |
12 |
Delete |
Used to communicate SPIs of deleted SAs to peer |
13 |
Vendor ID (VID) |
Constant value to identify a vendor; can be used to implement vendor-specific features |
14–127 |
RESERVED |
Must be set to 0 |
128–255 |
Private Use |
Private use |
For more information on ISAKMP message structures, see RFC 2408. |
Remembering that the 172.30.32.0/24 network includes the addresses 172.30.32.0 through 172.30.32.255, and the 172.30.32.0/20 network includes the addresses 172.30.32.0 through 172.30.47.255, we can then try switching three packets through this routing table and see what the results are.router# show ip route .... 172.30.0.0/16 is variably subnetted, 2 subnets, 2 masks D 172.30.32.0/20 [90/4879540] via 10.1.1.2 D 172.30.32.0/24 [90/25789217] via 10.1.1.1 S* 0.0.0.0/0 [1/0] via 10.1.1.3
With this configuration, the hosts at the remote site can reach destinations on the Internet (through the 10.x.x.x cloud), but not destinations within the 10.x.x.x cloud, which is the corporate network. Because the remote router knows about some part of the 10.0.0.0/8 network, the two directly connected subnets, and no other subnet of 10.x.x.x, it assumes these other subnets don't exist and drops any packets destined for them. Traffic destined to the Internet, however, doesn't ever have a destination in the 10.x.x.x range of addresses, and is therefore correctly routed through the default route.interface Serial 0 ip address 10.1.2.2 255.255.255.0 ! interface Ethernet 0 ip address 10.1.1.1 255.255.255.0 ! ip route 0.0.0.0 0.0.0.0 10.1.2.1 ! no ip classless
Addresses that should never appear on a network can be dropped by entering a route to a null interface. The following command will cause all traffic received from the 10.0.0.0/8 network to be dropped even if Unicast RPF is enabled in loose mode with the allow-default option: ip route 10.0.0.0 255.0.0.0 Null0interface FastEthernet 0/0 ip verify unicast source reachable-via {rx | any} [allow-default] [allow-self-ping] [list]
router#show cef interface FastEthernet 0/0 FastEthernet0/0 is up (if_number 3) Corresponding hwidb fast_if_number 3 Corresponding hwidb firstsw->if_number 3 Internet address is 10.81.7.118/28 ICMP redirects are always sent Per packet load-sharing is disabled IP unicast RPF check is enabled Inbound access list is not set Outbound access list is not set Hardware idb is FastEthernet0/0 Fast switching type 1, interface type 18 IP CEF switching enabled IP CEF Fast switching turbo vector Input fast flags 0x0, Input fast flags2 0x0, Output fast flags 0x0, Output fast flags2 0x0 ifindex 1(1) Slot 0 Slot unit 0 Unit 0 VC -1 Transmit limit accumulator 0x0 (0x0) IP MTU 1500 router#
R4-ASA5520a# show ip verify statistics interface outside: 21 unicast rpf drops interface inside: 2738 unicast rpf drops interface vpn: 0 unicast rpf drops R4-ASA5520a#
This configuration example only covers the process of installing the SD-WAN controller software images on a VMWare ESXI instance, establish...