Network Monitoring

June 4, 2026

+

+

+

+

+

+
Network Monitoring is a very important part of Networking, it can alert you of problems before they come to be major issues, it can alert you as soon as a problem occurs and helps you pinpoint the issue as long as you have your network monitoring configured properly. If you have a device that goes down and every device behind that goes down and you have over 50 alarms, it’s going to take you a lot longer troubleshooting the issue than having 1 alarm that will tell where the problem is and where to start troubleshooting.

Just a little background from my personal experience working in a NOCC with network monitoring for an ISP with 100s of locations and over 1000s of network devices, it was more than just network devices that we were saw alerts for. We would get alerts if a door opened, temperature alarms, power alarms, backup generator alarms, even if the fuel was running low in one of the fuel tanks for the generators, we would see a low fuel alarm come up. This gives you an example of the visibility you can have in to your network.

There is a large variety of different tools that do network monitoring such as SolarWinds, PRTG, and Zabbix, there are also other platforms that have their own built-in monitoring such as SD-WAN & Cisco Catalyst Center. For my own home lab, I use both PRTG and Zabbix however PRTG only allows 100 sensors for free and those can be taken up fast depending on what you’re monitoring. I’ll do a breakdown comparing PRTG vs Zabbix in another post.

The many technologies for network monitoring in my experience are SNMP, Netflow, Syslog and Cisco’s IP SLA. Each has their own purpose.

SNMP

SNMP – Simple Network Management Protocol – is one of the main protocols/technologies when it comes to network monitoring. It can be used to monitor routers, switches, firewalls, servers, and printers. SNMP operates with 3 major components. The SNMP Manager or NMS (Network manager software), SNMP Agent the software that runs on the network device, and the MIB (Management Information Base) which is a structured database of objects that can be queried via SNMP. Each object is identified by an OID (Object Identifier). There are 2 different versions of SNMP.

There are 2 different versions of SNMP. SNMP Version 2 and SNMP Version 3.

SNMPv2 sends messages in clear text over the network. SNMPV3 offers Authentication and Encryption on messages sent over the network.

SNMP uses GET and SET. It uses GET requests to pull information off the device such as hostname, system up time and other information and SET request to modify or change the configuration, such as change the hostname or even shutdown an interface, this only works if the write command is configured for the SNMP community string or account if SNMP version 3 is used. Most cases SNMP is set to read only.

Traps & informs are pushed from the agent (router, switch) to the NMS (Network manager software) when a notification happens such as an interface going down

SNMP uses 2 standard ports for sending information to the NMS agent receives requests on Port 161, and the manager receives notifications on Port 162

Netflow

Netflow – is a protocol that was developed by Cisco but has been adapted by other networking companies I think Juniper has their own version called J-Flow. Netflow does Traffic & Bandwidth Monitoring helps with troubleshooting by seeing which user/application are consuming bandwidth it also provides Security & Anomaly Detection by Identifies abnormal traffic patterns such as unusual large data transfers and spikes in network traffic.

Netflow is made up of 3 parts

Exporter: This is a router or switch that collects packets in to flows and sends data records.

Collector: This is the server that receives the data from the exported flow data.

Analyzer: Is the software that collects the data and makes it into a clear view for the network team to view all network activities. PRTG easy to setup build in analyzer.

Netflow collects the following key information
- Source and destination IP
- Source and destination Ports
- Layer 3 protocol types
- Type of services
- Input / output interfaces.
Using NetFlow summarizing traffic into flows provides a deep visibility into how networks are used without the overhead of packet capture or spend time configuring port mirroring and with packet capturing having to filter through the PCAP file if you’re on a large-scale network with a lot of traffic.

Syslog

syslog – is a protocol is used to collect system event log messages and having a syslog server to have all your log events from network devices and servers in stored in one location allows for troubleshooting issues and running audits on your network to also see any issues before they cause major problems such as a link getting congested or a CPU or RAM that is running high, which also could be sent via SNMP. Syslog server is important because some network devices such as some cisco devices store their log files in RAM and when the devices is rebooted the log files are erased making troubleshooting an issue more difficult. you’re able to pick what type of messages gets sent to the sys log server such between the Severity Level scale of 0 (Emergency) to 7 (debug).

Cisco IP SLA

Cisco IP SLA can be used to monitor network performance and track connectivity over the network. IP SLA allows monitor network performance in real time, instead of passive monitoring that the other protocols I’ve mentioned. IP SLA generates its own traffic to measure metrics such as latency, jitter, packet loss, and availability. Juniper has their own version of IP SLA called Real-time performance monitoring (RPM) I have not touched that with my few years working with Juniper hardware but that would be a good idea to spin it up in a lab one of these days.

IP SLAs can be configured on devices such as router or switches to send test data to a destination end point. This data can be used to simulate real network traffic such as ICMP response time, UDP, TCP, HTHTP, DNS and VOIP streams, which makes it very helpful with troubleshooting jitter on voice and video.

There are also other issues of IP SLA in the cisco can be used for such as monitoring a link and switching over to a back up link if it notices the primary link error threshold or jitter threshold are not met and switch over to a back up link.

Running a tier with SNMP, Netflow and syslog in network monitoring system is a great way to have overall visibility of your entire network and to have the most accurate network monitoring allowing you to quickly identify and troubleshoot your network problems and even flag them before they become a bigger issue down the road. There are other ways of network monitoring and other software, I’ve going from what I’ve seen and what I’ve used myself while working in networking. I do plan to do a post on each of these technologies and break them down one by one and show how they can be configured and show some examples of them running on my home lab.
+

+

+

+

+

+

+ CCNA, Network Lab, Studying

+ CCNA, CCNP, IP SLA, Netflow, network monitoring, Networking, SNMP, SNMPV2, SNMPv3, Syslog

+

+

+

+

+

+

+

+

+

+

+

+

EIGRP – Part 2

February 10, 2026

I’ve already done one post regarding EIGRP, but I said I was going to do a second post going over a few more advanced topics regarding EIGRP routing protocol. Check out my previous EIGRP post by clicking here.

EIGRP uses Hello packets to check that their neighbors are still active, these packets are sent out default EIGRP hello timer is 5 seconds, slower interfaces it uses 60 seconds. EIGRP uses a told time to tell the neighbor how long to wait without receiving EGIRP packets back before it declares the neighbor down, by default 3 x hello packet are send, if the router receives EIGRP packets the timer is reset. If it fails to receive any EIGRP packets the neighbor is declared down for a Ethernet interface it would take 15 seconds (3x5s) to declare the neighbor is down or 180 seconds (3x60s) on a slower interface. You can adjust these timers per interface but applying the configuration on the interface itself with the following:

R1(config-if)#ip hello-interval eigrp 100 3 – 100 is the AS of EIGRP / EIGRP hello interval to 3 seconds.

R1(config-if)#ip hold-time eigrp 100 10 – 100 is the AS of the EIGRP / 10 is holding timer.

To verify these timers with the following command.

R1# show ip eigro interface detail gi0/1 | include Hello | hold

EIGRP Route Summarization is used to reduce the size of your routing table when you have a large number of routes you can summary them with EIGRP. This creates smaller routing tables, less routing updates, and improves stability. Older routers ISO have route summarization on by default, newer routers ISO have them turned off by default you can enable automatic summarization with the command auto-summary or no auto-summary, I would advise against replying on auto summary. Example of summarizing a route when you have the following networks:

10.0.0.0/24
10.0.1.0/24
10.0.2.0/24
10.0.3.0/24

Will summarize to 10.0.0.0/22

To find this you convert the last 3 octet into binary and see which match in this example converting the 3rd octet to binary to get the following

0000 0000
0000 0001
0000 0010
0000 0011

Common bits are 000 000
To find the subnet mask you calculate the following
1st octet (10): 8 bits
Second octet (0): 8 bits
Common bits in third octet: 6 bits
Subnet mask – 8+8+6 = 22

This will allow the following networks to be summarized 10.0.0.0 – 10.0.3.255

You would apply the route summary to the EIGRP interface

R1(config-if)# ip summary eigrp 100 10.0.0.0 255.255.252.0

EIGRP Stub routers limit their participation in EIGRP which benefits the networks making more efficient, scalable and stable. It works well in a hub and spoke design. EGIRP stub routers do not advertise routes learned from other routers. Stub Routers oonly advertises specific locally relevant routes. EIGRP Stub reduces EGIRP queries from flooding the network during route failures and prevents networks from slow convergence or stuck in active state as well as preventing routing loops.

EGIRP stube routers are configured with the following options, this chart is from a cisco router.

Stub Type	Advertises
connected	Do advertise connected routes
leak-map	Allow dynamic prefixes based on the leak-map
receive-only	Set receive only neighbor
redistributed	Do advertise redistributed routes
static	Do advertise static routes
summary	Do advertise summary routes

You can configure EGIRP stub routers with the following commands

R2(config)#router eigrp 100

R2(config-router)#eigrp stub connected | Summary | static.

EIGRP Authentication

EIGRP Authentication is configured to ensure that only authorized routers are able to form neighbor adjacency. EIGRP password is included in the EIGRP packets, and the neighbor router decrypts the hash, if the password does not match the packets are discard and a neighbor adjacency does not form. EIGRP encrypts the password by using MD5 authentication and the keychain function. Keychain is used for authentication between devices, it’s like a name list for shared secret keys that are used for routing protocols to verify routing updates. You would configure EIGRP Authentication with the following commands:

R2#config t
R2(config)#key chain KEYCHAINNAME
R2(config-keychain)# key 2
R2(config-keychain-key)# Key-string PASSWORD

R2(config-keychain-key)#int gi0/0
R2(config-if)#ip authentication mode eigrp 100 md5
R2(config-if)#ip authentication key-chain eigrp 100 KEYCHAINNAME

If you’re using named EIGRP you would do the following commands

R1#config t
R1(config)#key chain KEYCHAINNAME
R1(config-keychain)# key 2
R1(config-keychain-key)# Key-string PASSWORD

R1(config)#Router eigrp EVANS-NETWORKS
R1(config-router)#address-family ipv4 unicast autonmous-system 100
R1(config-router-af)#af interface default
R1(config-router-af-interface)#authentication mode md5
R1(config-router-af-interface)#authentication key-chain KEYCHAINNAME

You should see the neighbour adjacency come up if configured correctly.

to troubleshoot your keychain, you can do the following commands

R1#show key chain

R2#show ip eigrp interface details

That’s the end of my post for EIGRP more advanced topics, let me know if you have any questions or would like me to cover something else. I do have plans in the future to do a post with route redistribution with EIGRP and OSPF. Make sure you check out my other EIGRP post here.

+ CCNA, Studying

+ CCNA, CCNP, Cisco, EIGRP, Lab, Network+, Networking

OSPF

February 3, 2026

+

+

+

+

+

+
OSPF stands for Open Shortest Path First it is an interior gateway routing protocol. OSPF is a link-state routing protocol. OSPF is my go to protocol that I like working with, OSPF is not a vendor specific protocol, a number of vendors also run OSPF on their networking devices, I’ve personally used OSPF on Juniper and Fortigate. OSPF is a link state protocol that stores the full network topology, OSPF uses autonomous system like EIGRP but also uses areas. There are 2 different versions of OSPF OSPFv2 that supports IPv4 and OSPFv3 that supports IPv6, I’m only going to be covering OSPF IPv4.

OSPF is a very powerful routing protocol with the ability scale using areas. OSFP areas are used in a hierarchical design where all areas must connect back to area 0 the backbone area. A reason for areas was for older Cisco routers limitations with high CPU loads which would cause links to flap it was recommend for a maximum of 40 to 50 routers per area. Now of days there is no hard limit to the number of routers an OSPF area can have but it’s still a good idea to keep the number on the lower ends for troubleshooting, keeping an OSPF hierarchical design.

In order for OSPF routers to establish neighbor’s adjacency it uses hello packets from the OSPF neighbor interfaces. Routers much have the same area ID, subnet, hello and dead timers as well as the stub area flag. OSPF sends link-state advertisements (LSAs) to neighbor routers. LSAs are stored in local database called the link-state database (LSDB). Routers running OSPF will flood LSAs throughout the network, routers running OSPF will all keep an identical copy of the LSDB within the same area, which provides an overall topology of the network. There are different types of LSAs that I’ll be going over in this post.

The process of neighbor adjacency forming is sent over multicast-based updates using addresses 244.0.0.5 and 244.0.0.6.

The neighboring most common states are the following:
- Down: no information received from neighbors.
- Init: Hello is received, but bidirectional communication is not confirmed yet.
- 2-way: bidirectional communication is established
- ExStart: Database synchronization initialization
- Exchange: Database packets are exchanged
- Loading: request missing /more recent LSAs
- Full: Full adjacencies are formed – LSDBs are synchronized
Once routers become neighbors and they are on muilit-access networks such as ethernet, a election process takes place and 1 router will become the Designated Router (DR) and Backup Designated Router (BDR) are elected to reduce routing update traffic.

OSPF will have different types of Link-state advertisements such as

Type 1: Router LSA – Links of routers within an area
Type 2: Network LSA – Generated by the DR for mulit-access networks
Type 3: Summary LSA – Advertises routes between areas
Type 5: External LSA – Advertises routes redistributed from other protocols.

Once routers become neighbors and databases are synchronized, they need to determine which path is the best to take. OSPF does this by each router running the Dijkstra’s Shortest Path First algorithm to calculate the shortest path to each known network. The result of the SPF calculation will put the best route into the routing table of that local router.

OSPF uses cost as it’s metric by default, the cost is calculated with Cost = Reference Bandwidth / Interface Bandwidth. Most devices the default reference bandwidth is 100Mbps which causes high speed links to appear equal such as a 100mpb link would be the equal to 1Gbps link which is why the reference bandwidth is manually adjusted to reflect the current network link speeds.

OSPF Configuration

For this configuration I am going to be using multiple areas I’m going to configure area 0 will always be the backbone all routers from one area need to connect to area 0 via area border routers (ABR), in this case R2 and R3 will be the area border routers (ABR). The ABR is responsible for the LSDB for each area. Like my EIGRP configuration I’m going to be doing my OSPF configuration 3 different ways, one is the normal OSPF configuration, the next one configuration OSPF on the interfaces and the last way will be using a wild card mask for all networks.

Configuration for Router 1 configure using the networks

R1(config)#router ospf 1
R1(config-router)#router id 1.1.1.1
R1(config-router)#network 10.1.1.0 0.0.0.3 area 0
R1(config-router)#network 172.16.1.0 0.0.0.3 area 0

Configuration for Router 2 configure using the networks, notice that the 192.168.1.0 is configured for area 1 while network 10.1.1.0 is configured for area 0 (backbone area)

R2(config)#router ospf 1
R2(config-router)# router-id 2.2.2.2
R2(config-router)#network 10.1.1.0 0.0.0.3 area 0
R2(config-router)# network 192.168.1.0 0.0.0.3 area 1

Configuration for Router 3 configure using the interfaces that I want OSPF to be enabled on. You still need to enable OSPF and configure the AS with router ospf 1 command and configured the router id than you can configure OSPF on the interfaces. Also remember to configure the correct area for each interface you are enabling OSPF on. In this case interface gi0/1 will be in area 0 and interface gi0/0 will be in area 2.

R3(config)#router ospf 1
R3(config-router)# router-id 3.3.3.3
R3(config-if)#int gi0/1
R3(config-if)#ip ospf 1 area 0
R3(config)#int gi0/0
R3(config-if)#ip ospf 1 area 2

For R4 and R5 configurations I’m using a catch all networks with a wild card mask to match all, this configuration I won’t recommend using out side of a lab or testing environment because you don’t want to have everything advertised on your network with OSPF but it is away it can be configured so I did want to show that it does work. If you’ve seen this configure in a real world network environment let me know.

R4 – Config

R4(config)#router ospf 1
R4(config-router)# router-id 4.4.4.4
R4(config-router)# network 0.0.0.0 255.255.255.255 area 1

R5 – Config

R5(config)#router ospf 1
R5(config-router)#router-id 5.5.5.5
R5(config-router)#network 0.0.0.0 255.255.255.255 area 2

OPSF verifying and troubleshooting commands.

show ip route ospf – shows the routing table but filters the routes learned by only OSPF

show ip ospf neighbor – shows the OSPF neighbors, shows the Neighbor IDs the state Address of the interface and the interface of the neighbors.

show ip protocols – shows what protocol is running, shows the areas, shows the router ID and the networks that are being advertised and the AD for OSPF. This command helps troubleshoot all routing protocols

show ip ospf database – will show the LSDB on the Router one it will also show the different LSAs I’ll go over this command more on my next post about OSPF and the different sub commands to use with it.

OSPF is very complex networking protocol, I’m going to have another post for OSPF that will go over Different types of OSPF network types such as point-to-point and broadcast, the different types of LSA in more details, and OSPF stubby areas and virtual links.
+

+

+

+

+

+

+ CCNA, Studying

+ CCNA, CCNP, Cisco, Network+, Networking, OSPF, Routing

+

+

+

+

+

+

+

+

+

+

+

+
EIGRP

January 27, 2026

+

+

+

+

+

+

EIGRP stands for Enhanced Interior Gateway Protocol, it’s a cisco proprietary protocol that is developed by cisco, however now of days it’s been open up to other platforms. I’m only going to be over IPv4 at this time.

EIGRP exchange routing information to form neighbours to dynamically learn and maintain paths within the network. EIGRP discovers and maintains neighbours by sending out multicast hello packets to the address 224.0.0.10 every 5 seconds. Once neighbour relations are formed routing information is shared and EIGRP calculate the best path primary and secondary path for quick fail over recovery. EGIRP neighbours only share information with the same AS Autonomous System number, Matching K-vaules (metric Weights), subnet and authentication settings if authentication is configured.

EIGRP uses DUAL (Diffusing Update Algorithm) which calculates the shortest path and prevents loops. DUAL uses a feasible distance (FD) the lowest metric to a destination and reported distance (RD) the metric advertised by the neighbour. A success is the next hop router with the lowest FD while a feasible successor is the neighbor whose RD is less than the current FD. DUAL prevent loops by not sending updates out the interface that receives them.

EIGRP maintains a number of different tables to maintain routing information.

Neighbor Table – All directly connected routers that have formed a neighbour relationship

Topology Table – All possible routes learned from the neighbors to calculate the Successor and Feasible successor

Routing Table – Best routes by DUAL in the routing table, only successors will appear in the routing table.

EIGRP Packet types

Hello – used to establish and maintain neighbor relations
Update – sends routing information
Query – used when a router goes down and no feasible backup path
Reply – sends in response to a query
ACK – acknowledges certain EIGRP Packets.

EGIRP calculates its metrics based off a sophisticated composite of metrics such as bandwidth, delay, reliability, load and MTU however the default metric only uses bandwidth and delay.

Cisco has an elaborate formulate to calculate its Metrics as which is the following formula.

Metric = [K1 * bandwidth + (K2 * bandwidth) / (256 – load) + K3 * delay] * [K5 / (reliability + K4)] * 256

Default K-values are K1=1, K2=0, K3=1, K4=0, K5=0, simplifying to bandwidth + delay. Bandwidth is inversely scaled: (10^7 / minimum bandwidth in kbps) * 256. For more information how this is calculated please cisco Cisco’s explanation I’m not the best at explaining the calculations of EIGRP to make enough sense.

Configuring EIGRP

To configure EIGRP you are able there are a few different approaches you can take you can configure it with an autonomous system number, or you can do named EIGRP and matching all networks using a wild card mask. Above is the topology I’m going to be using for the configuration examples.

EIGRP with autonomous system configuration

R2(config)#router eigrp 100
R2(config-router)#router-id 1.1.1.1
R2(config-router)#network 172.16.2.0 255.255.255.252
R2(config-router)#network 172.16.3.0 255.255.255.252

Named EIGRP configuration

R1(config)#router eigrp EVANS-NETWORKS
R1(config-router)#address-family ipv4 unicast autonomous-system 100
R1(config-router-af)#eigrp router-id 1.1.1.1
R1(config-router-af)#network 172.16.2.0 255.255.255.252
R1(config-router-af)#network 172.16.3.0 255.255.255.252

To configure router 3, I’m going to use a wildcard mask that will include all networks that are configured on router3

R3(config)#router eigrp 100
R3(config-router)#router-id 3.3.3.3
R3(config-router)#network 0.0.0.0 255.255.255.255

You can check your configuration by the log messages if you have them turned on to see that neighbours have been formed you can also check by issuing the show ip route command

There are some cases where you do not want EIGRP advised you can do that by using the using the passive interface command which do not send out EIGRP hellos and prevents EIGRP from forming adjacencies on those interfaces. you can also configure all interfaces to be passive and than turn on the ones you want to send out hello packets & form adjacencies, which can be done by using the passive-interface default command and the interfaces you want to enable you would issue no passive-interface gi0/1.

you add the passive interface commands under the router eigrp 100 command or if you are using named EIGRP you do it under the address family command, I’ll provide both examples

R2(config)#router eigrp 100
R2(config-router)#passive-interface gi0/2

R1(config)#router eigrp EVANS-NETWORKS
R1(config-router)#address-family ipv4 unicast autonomous-system 100
R1(config-router-af)# af-interface gi0/0
R1(config-router-af-interface)#passive-interface

Troubleshooting EIGRP

The following commands help troubleshoot EIGRP

show ip route eigrp – shows the routing table but filters the routes learned by only EIGRP

show ip eigrp neighbors – verify EIGRP neighbors which shows the interface the neighbour is using to send EIGRP hello packets, how long the routers have been neighbours.

show ip eigrp interfaces – will display the interfaces that are participating in EIGRP, and which interface has a peer. Passive interfaces will not show up in this output.

show ip protocols – shows what protocol is running and the AS, shows the router id, it will show the Internal and external AD, the networks that being routed.

debug eigrp packets – will show a live view of receiving any hello packets from EIGRP neighbours it will also show any mismatched AS numbers, and you can see if you’re not receiving any hello packets from interfaces that you should be and determine your troubleshooting systems from there. Don’t forget to turn your debugging off once you’re done troubleshooting!

There’s number of other features you can do with EIGRP I can do more of an advanced post about more advance topics such as authentication, summarization EIGRP Stub router, EIGRP Route manipulation.

+

+

+

+

+

+

+ CCNA, Network Lab, Studying

+ CCNA, CCNA STUDY, Cisco, EIGRP

+

+

+

+

+

+

+

+

+

+

+

+
Cisco Unified Communications Manager & Cisco Unity Connection

December 11, 2025

+

+

+

+

+

+

Cisco enterprise phone system is known as Cisco Unified Communications Manager combine with Cisco Unity Connection. I will admit I’m no expert at either of these systems, but I have worked with both Call Manager and Cisco Unity out in the real world, and I’ve had some training on them. But hey let’s learn more about them together and see what we can come up with. Cisco also has Cisco Webex calling but I’ve only had a little bit experience with that. The only other call manager I’ve been trained on but haven’t touched outside of a lab is BroadSoft which is also owned by Cisco. I only have older versions of Call manager and Cisco Unity things might look a little dated. I would like to get new versions but maybe one day.

Cisco call manager is in a nutshell is a PBX, it is where the IP phones, softphones, users, gateways and video endpoints are configured. Call manager handles the call routing, dial plans, voicemail integration (Cisco Unity), call admission control and media resources such as your hold music. Example if you make a call to someone and they don’t answer the phone could be configured to send the call to another number or send it to voicemail.

Cisco Unity does voicemail, voicemail recording, voicemail features, message storage and well as IVR features such as your auto-attendant & call candlers for example if you call a company and they say for Sales press 1 for IT support press 2 and so on is configured in Cisco Unity.

Cisco call manager and Cisco Unity can be setup and installed on-premises in a virtual environment or on a Cisco UCS server or it can be setup in a cloud as Cisco Unified Communications Manager Cloud.

My voice Lab

The way I have my call manager and Cisco unity lab setup is that I have both call manager and Cisco unity installed on my Dell power edge R630server that is running VMware ESXI and I have that connected to a 2960 switch my two Cisco 7940 VOIP phones are connected to which provides the POE to the phones. To access my voice map, I have USB Ethernet adapter with the same subnet as my voice lab.

My overall goal with my lab is to setup an enterprise system where you call a number it goes to an auto-attendant and route calls to different departments, setup voicemail, call forwarding and so on my plan is to also post on here my process. I don’t think I’m going to be making big jump in building this out till after the holidays,

+

+

+

+

+

+

+ Network Lab, Studying

+ Cisco, Lab, Networking, voice, VOIP

+

+

+

+

+

+

+

+

+

+

+

+
Routes

December 9, 2025

+

+

+

+

+

+

Routes! Routes tell network packets how to traffic across the network to get to their required destination by picking the best path. There are three different types of routes such as default routes, static routes and dynamic routes. Each one has its own pros and cons. Routes are stored in the routing table of routers and layer 3 switches and other layer 3 devices.

There’s a different way to routers pick the best route to send packets one way is using the administrative distance static routes and dynamic routes all have their own administrative distance is a way that Cisco makes a trustworthy decision to select the best path. Routes can also be manipulated by changing administrative distances, route maps and conditional forwarding. Here is the list the route source and the administrative distances for the most common route sources.

Route Source Administrative Distances
Connected interface 0
Static route 1
External BGP (eBGP) 20
EIGRP 90
OSPF 110
External EIGRP 170
Internal BGP (iBGP) 200

Let’s talk about each route type

Default routes

Default routes are mainly manually configured, if the router is not aware of the of the destination in the routing table the router sends the packets out to the default route, example of a use case would be to send all internet traffic out to one interface or to a core router.

Default route configuration follows the following syntax

R1(config)#ip route 0.0.0.0 0.0.0.0.0 10.1.1.1

Or

R1(config)#ip route 0.0.0.0 0.0.0.0 gi0/0

The 0s tell the router to send all unmatched traffic to 10.1.1.1 or out interface gi0/0

Default routes help simplify routing tables however default routes can hide routing issues when troubleshooting networking issues and not ideal for large networks.

Static routes

Static routes are manually configured by the network engineer and tell the router which path to

send packets, they can be configured to sent to a specific network or to a specific host. Static is straight forward to configure and do not require any constant communication like dynamic routing protocols. Static routes do have a limitation when it comes to having to configure on large networks which would require a heavy workload on anyone on the networking team, there is also no automatic fail over unless configured as a floating static link. Static routes have some pros such are they are predicable admin know where traffic is going to go, static routes lower CPU usage not constantly sending updates like dynamic routing protocols, they are good for small networks or point to point links, They also provide a layer of security as they do not advise routing information with other routers on the network.

Static route configuration follows a similar syntax is default route starting with ip route followed by the Destination | Destination mask | forwarding router’s address

R1(config)#ip route 10.1.0.0 255.255.0.0 172.16.1.1

Or for a host

R1(config)#ip route 10.1.1.10 255.255.0.0 172.16.1.1

Or

R1(config)#ip route 10.1.0.0 255.255.0.0 gi0/0

Dynamic routes

There are different routing protocols for dynamic routes EIGRP, OSPF and BGP just to name the most common ones, there is also internal and external routing protocols, both EGIRP and OSPF are internal routing protocols and BGP is an external routing protocol. EIGRP, OSPF and BGP all have their different ways of determining how to choose the best path and how they calculate the best path to send packets to reach its destination.

Routing protocols are configured by the network team once configured they automatically discover, share and update routes between routers. Dynamic routing protocol work really well for large networks. Dynamic routing protocols provide fault tolerance if a link fails re routes traffic with minimum down time, they also reduce workload for the network team not having to manually added each route one by one. The cons of dynamic routing protocols use more resources on the router such as RAM, CPU and bandwidth updating, maintaining routing tables. If not configured properly there is a chance of creating a routing loop and security concerns allowing someone to intercept routing updates.

There are different ways to configure EIGRP, OSPF and BGP, there is also way to get these protocols to talk to each other using route redistribution. I’ll do a deep dive in to each of these protocols going forward and how to configure them and different ways of troubleshooting each protocol.

Troubleshooting static routes and default routes

here are some of the commands that I would use, along with the normal troubleshooting commands such as ping, trace route, checking interface status, and interface configuration, make sure the interface is not shutdown and has the correct IP address.

R1#show ip route – show the routing table and see your static routes and the default route that is configured

R1#show run | ip route – will show the configuration of the static routes and default routes that are configured on the router.

R1#show run | ip route 0.0.0.0 – will bring up the configuration of the default route.

+

+

+

+

+

+

+ CCNA, Studying

+ CCNA, Network+, Networking

+

+

+

+

+

+

+

+

+

+

+

+
Network Topology Architectures

December 4, 2025

+

+

+

+

+

+

Network Topology Architectures has a few different designs such as three-tier, two-tier / collapsed core, spine-leaf mainly for data centers, small office/home office (SOHO), and on-premises/cloud. One of the reasons these make complicated large networks less completed and give them more of a hierarchy design.

Three-Tier Architecture

Three-Teir Architecture design works well for large enterprise networks as well as ISP environments,

They help make complex networks easier to manage, allow easier scalability making adding devices/upgrading easier. Also, more reliable with more layers of redundancy and better performance. The draw backs are cost, and it does make the network more complex. The Three-Teir consist of 3 layers the core, distribution and access layers

Core Layer – the core layer is the backbone of the network, connects to the ISP, connects to other branch offices. Core Layer would be configured with Routing Standby protocols. The Core layer has multiple connection to the distribution layer This is where high end devices would operate.

Distribution layer – This layer provides communication between the access layer and the core layer. This layer has redundancy build in for the access layer switches and to the core layer. The distribution layer applies access-lists and QoS policies.

Access Layer – The access layer is where all the users and end devices such as computers, phones, printers, servers, access points, etc., are connect to the network. This layer allows users to share data and resources within internal the network through the distribution layer. Network segmentation happens at the access layer with VLANs.

Two-Tier

The two-tier design also known as a collapsed core, the core and the distribution layers are combined. This design good for smaller networks and is more cost efficient with eliminating the core layer. The Core and distribution layer functions as both the core and distribution layers in the two-tier design. Two-tier design still allowed scalability and easier expansion as well as redundancy.

Spine-Leaf Architecture

Spine-Leaf Architecture – is modern design that is for data centers, AI, and cloud environments, this is for very high bandwidth and high performance, with little hop count between devices. This design creates a full mesh allowing for easy scalability allowing to add more spine and leaf switches if as needed. This design is more costly and is normally managed by Cisco DNA center now called Cisco Catalyst Center using an overlay and underlay network. You will see mostly Cisco nexus devices at the spine and leaf design.

small office/home office is a flat network sometimes just the internet modem/router that your ISP provides, in other cases with a firewall/router and switch and a device that provides wireless. SO/HO have a small number of end users and devices such as computers, laptops printers. SO/HO are not as costly and can be plug and play and does not require much administration.

on-premises is when all networking, servers, storage, and software is located locally on site. Everything falls on the local IT team to manage. Start up costs are higher such as space for networking devices, power, cooling and maintenance, physical security is required as well as Disaster recovery. This is used a lot for sensitive data such as healthcare or financial.

Cloud is hosted at places such as AWS or Azure and can be based on a pay as you need allowing to spin up and turn down different services during high traffic times if required. Disaster recovery is done by the cloud provider, also security relies on the provider as well leaving a chance for some risk.

+

+

+

+

+

+

+ Uncategorized

+

+

+

+

+

+

+

+

+

+

+

+
Spanning tree protocol

December 2, 2025

+

+

+

+

+

+
With the scaling of today’s networks switches end up connecting to each other, sometimes a switch is connected to a switch to for more access ports in a growing office or connected for redundancy between switches, if a link fails traffic can go through one of the other links that the switch is connected to, however could create a huge problem know as a switching loop. If you have 3 switches connected into each other link in my diagram, SW1 would send a broadcast to switch SW2 and send same broadcast in to SW3 and would send it back in to SW1 and the loop would start. Switch CPU would go to 100%, connectivity will be very slow or drop and there will be endless broadcast frames going out the interfaces, bandwidth gets fully consumed. We are talking about full network apocalypse!! To stop this switching loop from occurring Spanning Tree Protocol (STP) is used. STP is an older protocol but there are newer versions that I will cover during the post, I just wanted to go over why we needed STP in the first place, STP is an old protocol, I wanted to go over why it needed and how it is used today, I will go over the different modes in this post.

Spanning Tree Protocol creates a loop free network STP is defined as IEEE 802.1D. STP blocks/disables ports to stop the loop from happening, only allowing one to be active along the network path between 2 switches. If there is a failure on a link between the switches STP will auto reconfigure the topology and active ports that were blocked and restore connectivity.

Spanning Tree Protocol goes through an election process to select a Root bridge which exchanges bridge protocol data units (BPDUs) which messages the switches to determine which switch ports should be blocked and which should forward traffic. The root bridge is elected based on the bridge IDs, the bridge with the lowest BID is elected as the root bridge. If there is a tie with the BIDs the switch with the lowest MAC address with be elected as the root bridge. The non root switches will determine which port is the root port, designated port and the blocked port.

Root port – The lowest cumulative path cost to the root bridge only non root switches have a root port.

Designated Port – Each network the port with the lowest cost to the root becomes the designated port the switch wit the s port forwards traffic to the root.

Blocked port – All other ports that would cause a switching loop are blocked they receive BPDUs updates but do not forward them.

During STP convergence ports going through the following states:
Blocking – does not forward data, does not learn MAC Addresses
Listening – Does not forward data, does not learn MAC Addresses
Learning – does not forward data, does learn MAC Addresses
Forwarding – Does forward data, does learn MAC Addresses
Disabled – does not forward data, does not learn MAC addresses

There are restraints with spanning tree protocol such as slow convergence time taking up to 50 seconds which is not acceptable for voice or video, single root bridge all traffic flows through the root bridge could cause network bottlenecks and only one path per VLAN. Modern switches don’t support STP and see it as legacy even in my lab with my old Cisco 2960 does not have the older STP version. Cisco switches come the default of PVST+ or RPVST.

To deal with the above issues with STP and with changing technology there are different versions of STP such as the following
- PVST+ – Cisco Proprietary – Per-VLAN Spanning Tree, load balancing across VLANs
- RSTP – convergence in 3–6 seconds
- RPVST – Cisco Proprietary – Combination of the rapid convergence of RSTP and the per-VLAN control of PVST+
- MSTP – Multiple STP instances mapped to VLAN groups
Configuring Spanning-Tree Protocol

Configuring Spanning-tree is done in the global configuration mode in the switch using the following commands depending on which mode you want to use.

SW1(config)#spanning-tree mode (mst | pvst | rapid-pvst)

When configuring spanning-tree it’s a good idea to configure BPDU Guard on access ports to protect against rouge devices, if an interface with BPDU Guard enabled will go into err-disable if it receives any BPDUs.

BPDU Guard is configured under the interface mode using the following command.

SW1(config-if)#spanning-tree bpduguard enable

Another good idea when configuring spanning tree is to configure spanning tree port fast which allows interfaces to skip the learning and listening stages of STP this is used to stop end devices waiting for the STP stages and allow for DHCP processes from timing out and VOIP phones to register quickly with the voice gateway/ Cisco Unified Communications Manager. To configure port fast it is also done under interface mode with the following command.

SW1(config-if)#spanning-tree portfast edge

Configuring Spanning-Tree Protocol MST

To configure Configuring Spanning-Tree Protocol MST Multiple Spanning Tree, each you VLAN are configured as it’s own instance you also configuration revision number that allows for easier updates when making changes to your STP MST configuration, to show how to configure this I’ll be using the following topology with 4 VLANs configured.

The example I use is in my above topology with the following commands on both SW1 & SW2.

SW1(config)#spanning-tree mode mst
SW1(config)#spanning-tree mode mst configuration
SW1(config-mst)#name MST-LAB
SW1(config-mst)#revision 1
SW1(config-mst)#instance 1 vlan 90
SW1(config-mst)#instance 2 vlan 100
SW1(config-mst)#instance 3 vlan 110
SW1(config-mst)#instance 4 vlan 120

Verify Spanning-tree MST configuration with the command show spanning-tree mst or Show spanning-tree mst 2

You can see the different MST instances are broken up and witch they belong to and you can see how MST0 by default has all the VLANs that have not been assigned to it.

Troubleshooting Spanning tree Protocol Commands

show spanning-tree summary

show spanning-tree detail

show spanning-tree root

show spanning-tree interface

show spanning-tree vlan

Spanning tree is a great protocol, in my years of networking I haven’t really had to touch it or configure it the most I’ve the only thing I’ve had to do was for troubleshooting is remove the spanning-tree bpduguard command off an interface and add spanning-tree portfast edge to an interface I’m sure everyone has different experiences I’m just speaking for myself.
+

+

+

+

+

+

+ CCNA, Network Lab

+ CCNA, CCNP, Network+, Networking

+

+

+

+

+

+

+

+

+

+

+

+
VLANS

November 25, 2025

+

+

+

+

+

+
VLANS stands for Virtual Local Area Network they are configured to break up networks in to logically segments into multiple broadcast domains. VLANS can be used to group like devices together such as end user devices, VOIP/Video devices, printers, services or separate traffic from different departments, in some ISP environments VLANs assigned to each customer to separate traffic from other customers, You would have a customer VLAN (C-TAG) and another VLAN know as a outer VLAN or service VLAN (S-TAG) is added this could be for town or neighborhood this is known as double tagging in the ISP world.

VLANs are configured on network switches and operate at the layer 2 level of the OSI mode. VLANS tag ethernet frames with VLAN ID which is a 12-bit field in the 802.1Q header. VLAN ID ranges from 1 to 4094. Normal range from 1-1001 and the extended range from 1006 to 4094. VLANs 1002-2005 are Cisco reserved for legacy tech and can not be used. Issuing a Show VLAN command will show those 4 VLANs are used 1002 – Fiber Distributed Data Interface (FDDI), 1003 is used for token-ring, etc.

Traffic can only send between the same VLAN this is done by when switches examining the VLAN Tag and forward out the interface that are assigned the VLAN, if the frame does not have an Untagged frame is received it is set interfaces with the default/native VLAN. In order for VLANs to communicate with other VLANs with different IDs require a layer 3 device such as a layer 3 switch or a router and Inter VLAN routing must be configured.

There are different types of VLANS
- Data VLAN: used to carry data traffic mostly from end users
- Voice VLAN: Configured for voice traffic, they tag voice traffic and separate from data traffic and ensure QoS and reduce jitter.
- Management VLAN: Used to separate management traffic from the rest of the network such as SNMP, SSH, syslog traffic.
- Default/Native VLAN: Default or Native VLANs are interfaces that are all in VLAN 1 by default with out any configuration on a management switch. It’s always a good idea to change the Default/Native VLAN to a different VLAN ID than 1.
- NULL VLAN: Are VLANs sometimes configured to assign interface that are not in use, instead of them being assigned to a default/native VLAN.
VLANs are configured on switch interfaces as access ports and interfaces that connect to other switches or routers are configured as a trunk port. Trunk ports are used to carry multiple VLANs over a link between other switches, routers or firewalls. Trunks can be configured to carry all VLANS, or you can configure pacific VLANs that you want to allow on the trunk at which point you have to be careful when adding and removing that you do not remove all VLANs and risk losing connection to the switch, I’m sure we have all made that mistake or if you haven’t it’s just a matter of time. VLAN information is stored in the VLAN database on the switch under the file vlan.dat in the flash memory on a switch. See my example below of a trunk carrying a VLANs.

Creating a VLAN on a cisco switch is done with the following commands, it’s also a good idea to name your VLANs to for organization and letting others know what those VLANS are for.

SW1_L2(config)#vlan 90
SW1_L2(config-vlan)#name MANAGEMENT-VLAN
SW1_L2(config)#vlan 100
SW1_L2(config-vlan)#name DATA-VLAN
SW1_L2(config)#vlan 110
SW1_L2(config-vlan)#name VOICE-VLAN
SW1_L2(config)#vlan 120
SW1_L2(config-vlan)#name GUEST-VLAN

Assigning a VLAN and voice VLAN to interfaces

SW1_L2(config-if)#switchport mode access <- Making the interface an access port
SW1_L2(config-if)#switchport access vlan 100 <- Assigning VLAN 100 to the interface
SW1_L2(config-if)#switchport voice vlan 66 <- assigning voice VLAN to the interface

If you haven’t created the VLAN and named it before you assign an interface to it in some switches the VLAN will be automatically created but it will not be named, you will see a log message that the switch is creating the VLAN for you in the following example.

SW1_L2 (config-if)#switchport access vlan 120
% Access VLAN does not exist. Creating vlan 120

VLANS can be removed with the following command

SW1_L2 (config)#no vlan 100
Trunk ports can be configured with the following commands
SW1_L2(config)#int gi0/2
SW1_L2(config-if)#switchport trunk encapsulation dot1q
SW1_L2(config-if)#switchport mode trunk

To allow certain VLANs to be allowed on a trunk you must issue the following commands

SW1_L2(config-if)#switchport trunk allowed vlan 90,100,110,120

To add VLANs to a trunk is where you have to use cation, you must use the add keyword or all the VLANs that are assigned to that trunk interface will be removed and you may lose connectivity to the switch

SW1_L2(config-if)#switchport trunk allowed vlan add 120

To remove you must use the keyword remove
SW1_L2(config-if)#switchport trunk allowed vlan remove 120

Some troubleshooting commands for VLANs are the following

Show vlan – shows the VLAN database
show interfaces status – shows the status of the interface and which VLAN they belong to.

Show interface switchport – Shows if the interface is set to access or trunk shows the VLAN the interface belongs to, shows if there is a voice VLAN. This command will show you all interfaces you can also do show int gi1/0 switchport.

Show interface trunk – will show what interfaces are configured as a trunk and which vlans are allowed to pass over that trunk.

I didn’t cover anything about VTP (VLAN Trunking Protocol) in during this post but I might do a post about that in the next few weeks.
+

+

+

+

+

+

+ CCNA, Studying

+ CCNA, Network+, Networking

+

+

+

+

+

+

+

+

+

+

+

+
Home Labs – Hardware Vs software

November 20, 2025

+

+

+

+

+

+

Home Lab Setup for CCNA/CCNP/Networking

There is always “the great debate” when you’re studying for your certification exams if you should build your lab with hardware or software. In my opinion, what I have done is gone with both. I think you should have 2-3 routers, 2 switches and sometime of server or your own pc to run some virtual labs either you pick something like EVE-NG, GNS3 or Cisco Modeling Labs.

My reason for having some hardware in your lab is to simply be able to touch it, plug in to it, console into it, be able to see the different interfaces it has, perform a password reset, connect 2 routers together see how the link lights react when you turn up an interface. There are some cheaper options to pick up some older routers and switches on E-Bay, that is where I got all my networking equipment from.

I do understand not everyone is going to be able to buy hardware. There are different options for running a software networking lab such as EVE-NG, GNS3, and Cisco Modeling Labs, each has their free version and paid version. In my opinion I prefer EVE-NG, which I’ve been using for over 5 years now. I have used all 3 however I keep turning back to EVE-NG unless I’m taking a course online that has a YAML file for a lab on Cisco Modeling Labs. The one downfall I do find with software is sometime there are bugs and sometimes you can spend a little bit more time troubleshooting the software than studying for your certification.

I’m not familiar with setting up lab environments on cloud options I will not be getting into those.

+

+

+

+

+

+

+ CCNA, Network Lab, Studying

+ CCNP, Network+, Networking

+

+

+

+

+

+

+

+

+

+

+

+

Route Source	Administrative Distances
Connected interface	0
Static route	1
External BGP (eBGP)	20
EIGRP	90
OSPF	110
External EIGRP	170
Internal BGP (iBGP)	200