Chapter 22 Advanced DHCP Server Properties

Configuring Virtual Private Networks and Subnet Allocation

VPN Usage

The VPN name is used to qualify many DHCP objects in Network Registrar, such as IP addresses (leases), scopes, and subnets. For example, lease names can have this syntax:

vpn/ipaddress

For example, red/192.168.40.0

A VPN can be any unique text string except the reserved words global and all. You can use global and all when you export address or lease data. The global VPN maps to the [none] VPN; the all VPN maps to both the specific VPN and the [none] VPN.

In the CLI, if you omit the VPN or its ID in defining an object, the VPN defaults to the value set by session set current-vpn. In the Web UI, if the current VPN is not defined, it defaults to the [none] VPN, which includes all addresses outside of any defined VPNs.

These objects have associated VPN properties:

Address blocks—Define the VPN for an address block.

In the local and regional cluster Web UIs—Click Address Space, then Address Blocks. On the List/Add Address Blocks page, choose the VPN from the Select VPN drop-down list.

In the CLI—Use the dhcp-address-blockcreation and attribute setting commands. For example:

nrcmd> dhcp-address-block red create 192.168.50.0/24 nrcmd> dhcp-address-block red set vpn=blue

nrcmd> dhcp-address-block red set vpn-id=99

Clients and client-classes—In some cases it is best to provision a VPN inside of Network Registrar instead of externally, where it might have to be configured for every Cisco IOS device. To support this capability, you can specify a VPN for a client or client-class. Two attributes are provided:

default-vpn—VPN that the packet gets if it does not already have a vpn-idor vrf-namevalue in the incoming packet. You can use the attribute with clients and client-classes.

override-vpn—VPN the packet gets no matter what is provided for a vpn-idor vrf-namevalue in the incoming packet. You can use the attribute with clients and client-classes. Note that if you specify an override VPN on the client-class, and a default VPN for the client, the override VPN on the client-class takes precedence over the default VPN on the client.

In the local cluster Web UI—Click DHCP, then Client-Classes. Create or edit a client-class and enter the default-vpnand override-vpnattribute values.

In the regional cluster Web UI—Click DHCP Configuration, then Client-Classes. Create or pull, and then edit a client-class to enter the default-vpnand override-vpnattribute values.

In the CLI—Use the client-classcreation and attribute setting commands. For example:

nrcmd> client 1,6,00:d0:ba:d3:bd:3b set default-vpn=blue

nrcmd> client-class CableModem set override-vpn=blue

In a cable modem deployment, for example, you can use the override-vpnattribute to provision the cable modems. The client-class would determine the scope for the cable modem, and the scope would determine the VPN for the uBR. User traffic through the cable modem would then have the vpn-idsuboption set and use the specific VPN. The override-vpnvalue also overrides any default-vpnset for the client.

Leases—List leases, show a lease, or get lease attributes.

 

Cisco CNS Network Registrar User’s Guide

22-16

OL-6240-02

Page 16
Image 16
Cisco Systems OL-6240-02 manual VPN Usage, 22-16

OL-6240-02 specifications

Cisco Systems OL-6240-02 is a highly regarded certification exam that delves into the realm of enterprise networking, particularly focusing on the Cisco Certified Network Professional (CCNP) Routing and Switching track. This particular exam serves as a critical test for network professionals aiming to validate their skills and knowledge in advanced routing technologies and network design.

One of the main features of OL-6240-02 is its emphasis on in-depth understanding of IP routing principles. Candidates are expected to demonstrate proficiency in configuring, maintaining, and troubleshooting complex routing protocols like OSPF (Open Shortest Path First), EIGRP (Enhanced Interior Gateway Routing Protocol), and BGP (Border Gateway Protocol). This includes comprehending routing algorithms, path selection, and the implementation of route redistribution, which are essential for optimizing network performance.

The exam also covers the characteristics of network security and infrastructure, where candidates must exhibit knowledge of implementing security protocols and best practices to safeguard network communications. This includes configuring virtual private networks (VPNs), utilizing access control lists (ACLs), and applying encryption techniques to secure data in transit.

Another crucial technology tested in OL-6240-02 is Quality of Service (QoS). Professionals must be adept at configuring QoS mechanisms to prioritize traffic, ensuring that critical applications receive the necessary bandwidth and latency requirements. This is increasingly important as businesses rely on a multitude of applications that have varying performance needs.

Cisco's emphasis on network automation and programmability is also a focal point of this certification. Candidates are expected to be familiar with using Cisco's software-defined networking (SDN) solutions and automation tools, which are essential for modern network management. This involves understanding how to leverage APIs and modeling tools to streamline network operations and enhance efficiency.

To succeed in OL-6240-02, candidates should possess a solid foundation in network fundamentals and have hands-on experience with Cisco devices. The certification not only validates expertise but also prepares professionals for real-world challenges in designing, implementing, and troubleshooting enterprise networks. Overall, OL-6240-02 is a stepping stone for network professionals seeking higher-level certifications and career advancements in the ever-evolving field of networking.