use extended ping to set TOS value

ef = dscp 46 = 101110 = tos 0xb8 (184) = ip prec 5

af31 = dscp 26 = 011010 = tos 0x68 (104) = ip prec 3

af32 = dscp 28 = 011100 = tos 0x70 (112) = ip prec 3

cs3 = dscp 24 = 011000 = tos 0x60 (96) = ip prec 3

voipgw#ping
Protocol [ip]:
Target IP address: 140.21.11.161
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: 214.25.104.116
Type of service [0]: 184
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 140.21.11.161, timeout is 2 seconds:
Packet sent with a source address of 214.25.104.116
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

SHOW VPN4 Route Targets with TCL script

proc get_rt {} {
set cmdout [exec “sh ip bgp vpnv4 all | include ^\*”]

foreach line [split $cmdout “n”] {
if [regexp {([0-9]+.[0-9]+.[0-9]+.[0-9]+/[0-9]+)} $line prefix] {
puts [exec “sh ip bgp vpnv4 all $prefix | include BGP|RT”]
}
}
}

Below is how I put it in and execute it

R1#tclsh
R1(tcl)#proc get_rt {} {
+>(tcl)# set cmdout [exec “sh ip bgp vpnv4 all | include ^\*”]
+>(tcl)#
+>(tcl)# foreach line [split $cmdout “n”] {
+>(tcl)#if [regexp {([0-9]+.[0-9]+.[0-9]+.[0-9]+/[0-9]+)} $line prefix]
{
+>(tcl)#puts [exec “sh ip bgp vpnv4 all $prefix | include BGP|RT”]
+>(tcl)# }
+>(tcl)# }
+>(tcl)#}

R1(tcl)#get_rt
BGP routing table entry for 64512:10:1.2.3.0/24, version 6
Extended Community: RT:64512:10

BGP routing table entry for 64512:10:4.3.2.0/25, version 7
Extended Community: RT:64512:10

BGP routing table entry for 64512:20:2.4.0.0/16, version 8
Extended Community: RT:64512:20

BGP routing table entry for 64512:20:8.6.4.2/32, version 9
Extended Community: RT:64512:20
R1(tcl)#

basic TCL ping script on roids!

R1#tclsh
R1(tcl)#foreach i {
+>(tcl)#1.1.1.1
+>(tcl)#2.2.2.2
+>(tcl)#3.3.3.3
+>(tcl)#4.4.4.4
+>(tcl)# } {if {[regexp “!” [exec “ping $i”]]} {
+>(tcl)# puts “$i – success”
+>(tcl)# } else {
+>(tcl)# puts “$i – failed”
+>(tcl)# }
+>(tcl)#}
1.1.1.1 – success
2.2.2.2 – success
3.3.3.3 – failed
4.4.4.4 – failed

debug EIGRP fsm (finite state machine)

R2#debug eigrp ?
Autonomous System
fsm EIGRP Dual Finite State Machine events/actions
neighbors EIGRP neighbors
nsf EIGRP Non-Stop Forwarding events/actions
packets EIGRP packets
transmit EIGRP transmission events
vrf Select a VPN Routing/Forwarding instance

R2#sh debug
EIGRP:
EIGRP FSM Events/Actions debugging is on

NO SHUT EIGRP INTERFACE:
R2(config-if)#no shut
R2(config-if)#
*Mar 1 00:08:17.687: DUAL: dest(1.1.1.0/24) not active
*Mar 1 00:08:17.687: DUAL: rcvupdate: 1.1.1.0/24 via Connected metric 281600/0
*Mar 1 00:08:17.691: DUAL: Find FS for dest 1.1.1.0/24. FD is 4294967295, RD is 4294967295 found
*Mar 1 00:08:17.691: DUAL: RT installed 1.1.1.0/24 via 0.0.0.0
*Mar 1 00:08:17.691: DUAL: Send update about 1.1.1.0/24. Reason: metric chg
*Mar 1 00:08:17.695: DUAL: Send update about 1.1.1.0/24. Reason: new if
*Mar 1 00:08:19.651: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up
*Mar 1 00:08:19.683: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 1.1.1.1 (FastEthernet0/0) is up: new adjacency
*Mar 1 00:08:20.651: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up

ADD ROUTE TO NEIGHBOR ROUTER:
R2#
*Mar 1 00:09:50.803: DUAL: dest(100.0.0.0/8) not active
*Mar 1 00:09:50.803: DUAL: rcvupdate: 100.0.0.0/8 via 1.1.1.1 metric 409600/128256
*Mar 1 00:09:50.803: DUAL: Find FS for dest 100.0.0.0/8. FD is 4294967295, RD is 4294967295 found
*Mar 1 00:09:50.807: DUAL: RT installed 100.0.0.0/8 via 1.1.1.1
*Mar 1 00:09:50.807: DUAL: Send update about 100.0.0.0/8. Reason: metric chg
*Mar 1 00:09:50.807: DUAL: Send update about 100.0.0.0/8. Reason: new if

WITH DEBUG IP ROUTING just for kicks:
R2#debug ip routing
IP routing debugging is on
R2#sh deb
R2#sh debugging
IP routing:
IP routing debugging is on
EIGRP:
EIGRP FSM Events/Actions debugging is on

R2#
*Mar 1 00:12:12.895: DUAL: dest(10.0.0.0/8) not active
*Mar 1 00:12:12.895: DUAL: rcvupdate: 10.0.0.0/8 via 1.1.1.1 metric 409600/128256
*Mar 1 00:12:12.895: DUAL: Find FS for dest 10.0.0.0/8. FD is 4294967295, RD is 4294967295 found
*Mar 1 00:12:12.899: RT: add 10.0.0.0/8 via 1.1.1.1, eigrp metric [90/409600]
*Mar 1 00:12:12.899: RT: NET-RED 10.0.0.0/8
*Mar 1 00:12:12.899: DUAL: RT installed 10.0.0.0/8 via 1.1.1.1
*Mar 1 00:12:12.903: DUAL: Send update about 10.0.0.0/8. Reason: metric chg
*Mar 1 00:12:12.903: DUAL: Send update about 10.0.0.0/8. Reason: new if

ZBFW example INSIDE/OUTSIDE/DMZ

ZBFW

ZBFW on R2 acting as firewall:

class-map type inspect match-all CM_ICMP
match protocol icmp
class-map type inspect match-all CM_HTTP
match protocol http
class-map type inspect match-all CM_TELNET
match protocol telnet
!
!
policy-map type inspect PM_INSIDE2OUTSIDE
class type inspect CM_TELNET
inspect
class type inspect CM_ICMP
inspect
class class-default
policy-map type inspect PM_OUTSIDE2INSIDE
class type inspect CM_ICMP
inspect
class class-default
policy-map type inspect PM_OUTSIDE2DMZ
class type inspect CM_HTTP
inspect
class type inspect CM_ICMP
inspect
class class-default
!
zone security ZONE_OUTSIDE
zone security ZONE_INSIDE
zone security ZONE_DMZ
zone-pair security ZP_INSIDE2OUTSIDE source ZONE_INSIDE destination ZONE_OUTSIDE
service-policy type inspect PM_INSIDE2OUTSIDE
zone-pair security ZP_OUTSIDE2INSIDE source ZONE_OUTSIDE destination ZONE_INSIDE
service-policy type inspect PM_OUTSIDE2INSIDE
zone-pair security ZP_OUTSIDE2DMZ source ZONE_OUTSIDE destination ZONE_DMZ
service-policy type inspect PM_OUTSIDE2DMZ

interface FastEthernet0/0
ip address 129.53.12.2 255.255.255.0
zone-member security ZONE_INSIDE
!
interface FastEthernet0/1
ip address 129.53.23.2 255.255.255.0
zone-member security ZONE_OUTSIDE
!
interface FastEthernet1/0
ip address 129.53.24.2 255.255.255.0
zone-member security ZONE_DMZ

SHOW the ZBFW policys in action and see traffic flows inspect/drop/pass:

R2#sh policy-map type inspect zone-pair sessions
Zone-pair: ZP_INSIDE2OUTSIDE

Service-policy inspect : PM_INSIDE2OUTSIDE

Class-map: CM_TELNET (match-all)
Match: protocol telnet
Inspect

Class-map: CM_ICMP (match-all)
Match: protocol icmp
Inspect
Established Sessions
Session 66FF68B0 (129.53.12.1:8)=>(3.3.3.3:0) icmp SIS_OPEN
Created 00:00:02, Last heard 00:00:02
ECHO request
Bytes sent (initiator:responder) [360:360]

Class-map: class-default (match-any)
Match: any
Drop (default action)
5 packets, 400 bytes
Zone-pair: ZP_OUTSIDE2INSIDE

Service-policy inspect : PM_OUTSIDE2INSIDE

Class-map: CM_ICMP (match-all)
Match: protocol icmp
Inspect

Class-map: class-default (match-any)
Match: any
Drop (default action)
4 packets, 96 bytes
Zone-pair: ZP_OUTSIDE2DMZ

Service-policy inspect : PM_OUTSIDE2DMZ

Class-map: CM_HTTP (match-all)
Match: protocol http
Inspect
Established Sessions
Session 66FF6B78 (129.53.23.3:25019)=>(4.4.4.4:80) http SIS_OPEN
Created 00:00:09, Last heard 00:00:09
Bytes sent (initiator:responder) [0:0]

Class-map: CM_ICMP (match-all)
Match: protocol icmp
Inspect

Class-map: class-default (match-any)
Match: any
Drop (default action)
4 packets, 96 bytes
R2#