Donnerstag, 1. Dezember 2011

MISSION COMPLETED

Passed in 3rd attempt


BLOG CLOSED !

Dienstag, 25. Oktober 2011

Donnerstag, 20. Oktober 2011

[OT] Install 32bit driver under 64bit debian

dpkg -x [package].deb common
dpkg --control [package].deb
nano DEBIAN/control
Löschen der Zeile "Depends: libc6 (>= 2.3.4-1)"
cp -a DEBIAN/ common/
dpkg -b common [package].deb
sudo dpkg --force-all -i [package].deb
rm -rf common DEBIAN

Montag, 17. Oktober 2011

Final countdown

After 2 weeks of hard bootcamp, it's 7 days left to my second and hopefully final attempt

Mittwoch, 21. September 2011

Lazy week

Did not much this week, been on business travel .
Just watched the mailing lists and made some VoD review

Montag, 12. September 2011

INE Vol2 - Troubleshooting Lab 9

TS9.1)permit redistribution route-map on R6 that BB1 get routes back/redistri metric - 2p
TS9.2) no area 0 range... on R5 - 2p
TS9.3) router bgp, maximum-path - 2p
TS9.4) prepend on R4/maxas-limit on R5 - 2p
TS9.5) community no-advert on R6 -2p
TS9.6) NOT POSSIBLE WITH 3350, modify eem - 2p
TS9.7) change prim/sec to sec/primary address on SW4 (INE:no validate update-source) - 2p
TS9.8) redistri connected lo0 - 0p (send version)
TS9.9) rp-accept filter/wrong ACL - 3p
TS9.10) ACL 100 on R5 - 2p

Full 21/Pass 16/My 19

Samstag, 10. September 2011

INE Vol2 - Configuration Lab 8

1. Layer 2 Technologies
1.1 Spanning-Tree Protocol -3p
1.2 Layer 2 Connectivity - 2p - used native/l2tunnel instead of dot1q
1.3 Spanning-Tree Protocol - 2p
1.4 Spanning Tree Protocol - 2p
1.5 Multilink PPP over FR - 3p

2. IPv4
2.1 OSPF - 2p
2.2 OSPF - 2p
2.3 RIP - 2p
2.4 IGP - 3p
2.5 Load Distribution - 3p (used bandwidth)
2.6 BGP Summarization -2p
2.7 BGP Next-hop processing - 2p (used real ip instead of peer-address)
2.8 BGP Bestpath Selection - 3p
2.9 BGP Filtering - 3p

3. IPv6
3.1 OSPFv3 - 2p
3.2 IPv6 Default Routing - 3p (use route-map to match on null route)
3.3 IPv6 Redistribution - 2p

5. IP Multicast
5.1 Auto-RP - 3p
5.2 Multicast Distribution - 2p
5.3 Multicast Testing - 0p (RPF issue)

6. Security
6.1 Router hardening - 3p
6.2 Traffic Filtering - 0p - used ZBFW
6.3 Traffic Filtering - 0p - used ZBFW

7. Network Serices
7.1 Default Gateways - 2p
7.2 Web Caching - 0p - DocCD was down today :D
7.3 IP SLA - 2p
7.4 Gateway Redundancy - 3p

8. QoS
8.1 FRTS - 3p
8.2 Queueing - 3p
8.3 Congestion Management - 3p
8.4 Congestion Avoidance - 3p

Full 79/Pass 64/My 68

Sonntag, 4. September 2011

INE Vol2 - Troubleshooting Lab 8

TS8.1) frame-relay map of R4s next-hop - 2p
TS8.2) wrong ip and neighbor ip on R5 (255->254) - 2p
TS8.3) ??? - already receives prefixes - 0p
TS8.4) not possible with 3550 in transit - 2p
TS8.5) wrong network statement on SW2 - 2p
TS8.6) acl on R6 (OUTSIDE_IN) - 2p
TS8.7) transport input telnet on R1 - 2p
TS8.8) change menu-exit to exit - 2p
TS8.9) removeing null-routes on SW1 - 2p
TS8.10) required/offer - 0p

Passed INE Vol 2 - TS 8 in 37 minutes :D

Full 21/Pass 16/My 16)

INE Vol2 - Configuration Lab 7

...fail :/

Montag, 29. August 2011

VoD week

As i'm a little bit sick of lab'in and to not overthrottle myself, I relax this week with some nice VoDs :)

On Saturday i will finish INE Vol2 Lab 7 and on Sunday do TS+Config Lab 8.

Time to decide when to do the Mock Lab ... hmmm. Maybe on 24th of Sept

Mittwoch, 24. August 2011

INE Vol2 - Configuration Lab 7

was just too hot to complete it, but i think it would have been a FAIL.

Difficulty level 9 (which is much more difficult than the real thing)

Montag, 22. August 2011

[OT] Create DOS boot usb-stick for BIOS update under linux

I needed to upgrade the bios of my Computer (Intel).

But how to do it without windows?

Download a FreeDOS image, i'll use Balder for now.
Prepare the usb-stick
check partition (e.g cfdisk /dev/sda)
mkfs.msdos /dev/sda1

Commands

qemu -boot a -fda balder10.img -hda /dev/sda
A:\> sys c:
A:\> xcopy /E /N a: c:

Check with

qemu -hda /dev/sda

All GRML uses should also take a look at http://wiki.grml.org/doku.php?id=biosupdate which provides a nice overview.

That's it!

Sonntag, 21. August 2011

INE Vol2 - Troubleshooting Lab 7

TS7.1) capability vrf-lite on SW1 - max-metric router-lsa - 0p
TS7.2) ? ppp encrypt mppe auto required - 0p
TS7.3) fr-map compression - 2p
TS7.4) zbfw - 2p
TS7.5) auto-cost reference-bandwidth - 2p
TS7.6) crypto key.../aaa/transport input -2p
TS7.7) remove not from object 1 / ine changed static route to track 1 - 2p
TS7.8) removed bgp passive connection / ine set to active - 2p
TS7.9) prevent recursive - 2p
TS7.10) wrong default-gateway in DHCP pool -2p
Full 21/Pass 16/My 16

Yiiihhhaaa

Sonntag, 14. August 2011

INE Vol2 - Configuration Lab 6

1. Layer 2 Technologies
1.1 Trunking - 3p
1.2 Spanning-Tree - 3p
1.3 Layer 2 Tunneling - 3p
1.4 MAC Filtering - 3p
1.5 Spanning-Tree Convergence - 0p - portfast+bpdufilter default

2. IPv4
2.1 OSPF - 3p
2.2 OSPF Filtering - 0p - area 27 nssa no-redistribution no-summary instead of area 27 nssa default-information no-summary
2.3 Conditional Default Routing - 3p
2.4 IGP Redistribution - 3p
2.5 BGP Filtering - 2p
2.6 BGP Summarization - 3p
2.7 BGP Table Stability - 2p

3. IPv6
3.1 IPv6 Addressing - 2p
3.2 RIPng - 3p
3.3 EIGRPv6 - 3p

4. MPLS VPN
4.1 PE-CE Routing - 3p
4.2 Backup Link - sham link BABY :D - 4p

5. Multicast
5.1 PIM Filtering - wooohooo... - 3p
5.2 IGMP - 2p
5.3 Multicast Testing - 2p ... yeeehha.. full points on Multicast, this would have been impossible 3-4 weeks ago

6. Security
6.1 BPDU Filtering - 3p
6.2 Traffic Filtering - 0p - missed dnamic acl missed autocmmand

7. Network Services
7.1 SNMP - 3p
7.2 RMON - 3p
7.3 CDP - 2p
7.4 UDP Echo - 0p - used ip sla responder, i think also working, they wanted to see a L4m3 ACL and udp-small-servers

8. QoS
8.1 Real Time Protocol - 3p
8.2 Congestion Avoidance - 3p - did not use NBAR match not protocol
8.3 Link Optimization - 2p


Full 79/Pass 64/My 69

INE Vol2 - Troubleshooting Lab 6

TS6.1)SW2,SW4 allowas-in to R6 - 2p
TS6.2) database-filter out on R2 - 0p
TS6.3) BGP redistribution on R5,R4 / static route to global and redistri - 2p
TS6.4) enable pim R1->R2->SW2, disable TRAFFIC_CONTROL on R2 - 0p - area range
TS6.5) missing EIGRP authentication - 2p
TS6.6) not possible with 3550 but assume ACL or nd ra problem - 2p
TS6.7) ebgp-multihop on SW2 - 2p
TS6.8) typo in "undebug all" / recurring on wrong policy-list - 2p
TS6.9) logging on on R2 ??????? - 0p - missed acl
TS6.10) R5 lmi-type / FR-policy-map - 2p
-----
Full 21/Pass 16/My 14

Sonntag, 7. August 2011

INE Vol2 - Troubleshooting Lab 5

TS5.1)no tunnel vrf / redistribute on SW2 / set tag on SW2 - 2p
TS5.2)wrong ip on SW4 fa0/14->fa0/16->ip pim sparse
R3 fa0/0 fa0/1 pim sparse-mode
oritginator lo100 SW2/SW4 - 2p
TS5.3)ebgp-multihop 255 on SW1 -2p (INE-Solution : ttl 1 on SW1)
TS5.4)R1 no ip pim sparse/ip pim bsr-border on SW4 - 2p
TS5.5)autorp listener ? - 2p
TS5.6) ? - 0p (INE-Solution : change inside/outside)
TS5.7) neighbor 50.1.104.4 activate on SW4 Bgp multicast - 2p
TS5.8) no summary - 2p
TS5.9) intf-type dce, mapping, neighbor-statement because of non-broadcast - 3p - INE Solution : change to ospf p-t-p correct mapping, no keepalive
TS5.10)CoPP port-filter added Telnet Class - 2p - INE Solution : remove CoPP

Full 21/Pass 16/My 19)

Mittwoch, 3. August 2011

Watched some VoDs

I'm a bit overloaded, so i'm watching some VoDs til Sunday when i pass INE Vol2 Lab5

INE WB Vol2 - Configuration Lab 4

1. Layer 2 Technologies
1.1 Traffic Control - 0p - pruning
1.2 Spanning-Tree Protocol - 3p
1.3 Link Failure Detection - 3p
1.4 Spanning-Tree Protocol - 2p
1.5 Rate-Limiting - 0p - storm-control instead of rate-limit (pps)
1.6 QoS - 3p
1.7 QoS - 2p

2. IPv4
2.1 OSPF - 3p
2.2 OSPF - 3p

3. IPv6
3.1 OSPFv3 - 3p
3.2 OSPFv3 Summarization- 3p

4. MPLS VPN
4.1 PE-CE Routing - 3p
4.2 VPN Tunneling - 4p
4.3 BGP - 3p

5. IP Multicast
5.1 AutoRP - 3p
5.2 Multicast Testing - 2p
5.3 Multicast Rate Limiting - 2p

6. Security
6.1 Traffic Filtering - 0p - ZBFW with connecting VRF- common INE :/
6.2 Spoof Protection - 2p
6.3 Infrastructure Security - 3p

7. Network Services
7.1 SNMP - 3p
7.2 IOS Menu - 3p
7.3 DNS - 0p - alias
7.4 Gateway Redundancy - 3p
7.5 Failure Message - 0 - busy message

8. QoS
8.1 Congestion Avoidance - 2p
8.2 Congestion Management - 3p
8.3 Rate Limiting - 2p
8.4 Link Efficiency - 2p

Full 79/Pass 64/My 65)

Mittwoch, 27. Juli 2011

Training some MQC

Hm.. why do i always get Tracebacks when i apply "service-policy" ? ;) Who has the answer ?





Rack1R5(config-if)#service-policy output 1033
Rack1R5(config-if)#
*Jul 27 08:30:52.800: %SYS-2-INTSCHED: 'may_suspend' at level 4 -Process= "Exec", ipl= 4, pid= 88,  -Traceback= 0x816F117z 0xA728AD3z 0x9B4482Az 0x9B3A931z 0xA06F7EEz 0xA07813Bz 0xA076320z 0xA070C64z 0xA05BE2Cz 0xA069090z 0xA17F14Az 0xA0BED8Cz 0xA0B6B58z 0xA0B6920z 0xA0B90BEz 0xA1CC6A3z
*Jul 27 08:30:52.800: %SYS-2-INTSCHED: 'may_suspend' at level 4 -Process= "Exec", ipl= 4, pid= 88,  -Traceback= 0x816F117z 0xA728AD3z 0x9B4482Az 0x9B3A931z 0xA06F803z 0xA07813Bz 0xA076320z 0xA070C64z 0xA05BE2Cz 0xA069090z 0xA17F14Az 0xA0BED8Cz 0xA0B6B58z 0xA0B6920z 0xA0B90BEz 0xA1CC6A3z
Rack1R5(config-if)#

Dienstag, 26. Juli 2011

INE WB Vol1 - 10.40 MQC Class-Based Generic Traffic Shaping




FRTS by default assumes Be=0, while GTS by default assumes
Be=Bc.

Config with be = 0

policy-map 1040_67
 class class-default
    shape average 512000 10240 0

Rack1R6#show policy-map interface eth0/0.67 
 Ethernet0/0.67 

  Service-policy output: 1040_67

    Class-map: class-default (match-any)
      4 packets, 1336 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: any 
      Queueing
      queue limit 64 packets
      (queue depth/total drops/no-buffer drops) 0/0/0
      (pkts output/bytes output) 4/1520
      shape (average) cir 512000, bc 10240, be 0
      target shape rate 512000

!
Config without be

policy-map 1040_67_BE
 class class-default
    shape average 512000 10240

Rack1R6#show policy-map interface eth0/0.146
 Ethernet0/0.146 

  Service-policy output: 1040_67_BE

    Class-map: class-default (match-any)
      3 packets, 1264 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: any 
      Queueing
      queue limit 64 packets
      (queue depth/total drops/no-buffer drops) 0/0/0
      (pkts output/bytes output) 3/570
      shape (average) cir 512000, bc 10240, be 10240
      target shape rate 512000
Rack1R6#

INE WB Vol1 - 10.32 Frame-Relay Traffic Policing & Congestion Mgmt

Aha..

INE WB Vol1 - 10.20 Legacy Frame Relay Traffic Shaping

Be = Tc * (PIR - CIR)

256 kbit allowed, Peaks up to 384kbit/s , 10ms Tc

Be = 10ms * (384 - 256)
Be = 10ms * 128kbit
Be = 128000bit * 10/1000
Be = 1280bit/10ms

INE WB Vol1 - 10.18 Legacy CAR Access-Lists

A really nice one...

Good that we have DocCD -> Cisco 12.4T->Configuration Guides -> QoS -> Part 1 : Classification -> Configuring Committed Access Rate

INE WB Vol1 - 10.17 Legacy CAR for Rate Limiting




Cisco recommendation of (Bc = CIR * 1,5) and (Be = Bc * 2)

256000 / 8 * 1,5 = 48000 byte Bc -> 48000 Bc * 2 = 96000

If Be=Bc = Burst Excessive disabled.


 rate-limit input 256000 48000 96000 conform-action transmit exceed-action drop

INE WB Vol1 - 10.16 Oversubscription with Legacy CAR and WFQ



Some calculations examples from my side

- guarantee 64k
- allow upto 128k
- average time interval 200ms (Tc)


 rate-limit output access-group 145 64000 3200 3200 conform-action transmit exceed-action continue
 rate-limit output access-group 145 128000 3200 3200 conform-action transmit exceed-action drop

Who to calculate ? 128000 bit / 8 = 16000 byte/s * (200 ms) = 16000 * (200/1000) = 3200 byte


Another excample
- guarantee 64k
- allow upto 128k
- average time interval 30ms (Tc)

 rate-limit output access-group 145 64000 4800 4800 conform-action transmit exceed-action continue
 rate-limit output access-group 145 128000 4800 4800 conform-action transmit exceed-action drop
Who to calculate ? 128000 bit / 8 = 16000 byte/s * (300 ms) = 16000 * (300/1000) = 4800 byte

Montag, 25. Juli 2011

INE WB Vol1 - 10.11 Payload Compression on Serial Links



Need a Frame-Relay Map for FRF.9 compression


interface Serial0/0/0
frame-relay map ip 155.1.0.2 502 broadcast IETF payload-compression
FRF9 stac one-way-negotiation

Debug this

Rack1R2#show compress 
 Serial1/0 - DLCI: 205
  Software compression enabled
  uncompressed bytes xmt/rcv 6940/16952 
  compressed bytes   xmt/rcv 874/1599 
  Compressed bytes sent:       874 bytes   0 Kbits/sec  ratio: 7.940
  Compressed bytes recv:      1599 bytes   0 Kbits/sec  ratio: 10.601
  1  min avg ratio xmt/rcv 0.005/0.005 
  5  min avg ratio xmt/rcv 0.022/0.020 
  10 min avg ratio xmt/rcv 0.022/0.020 
  no bufs xmt 0 no bufs rcv 0
  resyncs 2
  Additional Stac Stats:
  Transmit bytes:  Uncompressed =        0 Compressed =        629
  Received bytes:  Compressed =       1165 Uncompressed =        0

Rack1R2#

INE WB Vol1 - 10.6 Legacy Random Early Detection



Routing updates contain IP Prec 6. As the hold-queue doesn't go up to 11 there will be no random-detect on routing updates.


random-detect precedence 6 11 12
hold-queue 10 out

INE WB Vol1 - 10.6 Legacy Custom Queueing with Prioritization



Oh yes i like it, when we do QoS on the floor....


queue-list 1 protocol ip 1 lt 65
queue-list 2 protocol ip 2 list 199
queue-list 2 protocol ip 3 list 198
queue-list 5 protocol ip 0 udp rip <--- Priority Queue (0)
queue-list 5 protocol ip 1 lt 65  <--- not a Priority Queue
queue-list 5 protocol ip 2 list 199
queue-list 5 protocol ip 3 list 198
queue-list 5 queue 1 byte-count 320
queue-list 5 queue 2 byte-count 640 limit 10
queue-list 5 queue 3 byte-count 104

To set Queue 1 as a Priority Queue, Round Robin to start at Queue 2

queue-list 5 lowest-custom 2

To set Queue 1,2 as a Priority Queue, Round Robin to start at Queue 3

queue-list 5 lowest-custom 3

INE WB Vol1 - 10.5 Legacy Custom Queueing




It took me ages to understand this shitty math excercise


30% VoIP (64 byte Packet = 4 Byte HDLC + 60 Byte VoIP)
60% HTTP (160 byte Packet = 4 byte HDLC + 156 Byte WWW)
10% ICMP (104 byte Packet = 4 byte HDLC + 100 byte ICMP)

%/Byte = Ratio       > normalize Ratio     = Multiplier    Mu*Byte = Bytecount
30/64  = 0,46875     > 0,46875/0,096153846 = 4,875000008 = 5 * 64  = 320
60/160 = 0,375       > 0,375/0,096153846   = 3,900000006 = 4 * 160 = 640
10/104 = 0,096153846 > 0,096153846/0,0916  = 1           = 1 * 104 = 104
45% VoIP (84 byte Packet = 4 byte HDLC + 80 byte VoIP)
25% HTTP (140 byte Packet = 4 byte HDLC + 136 byte WWW)
30% ICMP (104 byte Pakcet = 4 byte HDLC + 100 byte ICMP)

45/84  = 0,535714286     > 0,535714286/0,178571429 = 2,999999994        = 3 = 252 (252/(252+140+208) = 42 %
25/140 = 0,178571429     > 0,178571429/0,178517429 = 1                  = 1 = 140 (140/(252+140+208) = 23 %
30/104 = 0,288461538     > 0,288461538/0,178517429 = 1,615873249        = 2 = 208 (208/(252+140+208) = 34 %

I hate Custom Queueing !!

INE WB Vol1 - 10.3 Legacy RTP Reserved Queue

Rack1R4(config-if)#max-reserved-bandwidth 75
Rack1R4(config-if)#do sh run int s0/1/0 | incl max-res
Rack1R4(config-if)#max-reserved-bandwidth 76
Rack1R4(config-if)#do sh run int s0/1/0 | incl max-res
max-reserved-bandwidth 76
Rack1R4(config-if)#max-reserved-bandwidth 75
Reservable bandwidth is being reduced.
Some existing reservations may be terminated.
Rack1R4(config-if)#do sh run int s0/1/0 | incl max-res
Rack1R4(config-if)#

Max reservable bandwidth is 75, if you need to reserve 100% for QoS you need to configure max-reserved-bandwidth 100

INE WB Vol1 - 10.2 WFQ

Calculate MTU

128000bit per second -> /1000
128bit per milisecond -> /8
16byte per milisecond -> * 10
160byte per 10ms -> -4 (HDLC header) (PPP must be 8 byte, i think)
156byte IP MTU

Sonntag, 24. Juli 2011

INE WB Vol2 - Configuration Lab 3

1. Layer 2 Technologies
1.1) IP Bridging - 3p
1.2) Spanning-Tree Protocol - 3p

2. IPv4
2.1) OSPF - 4p
2.2) IGP Features - 4p
2.3) BGP Path Manipulation - 4p
2.4) BGP Attributes - 5p

3. IPv6
3.1) IPv6 Addressing - 3p
3.2) IPv6 Routing - 3p

4. MPLS VPN
4.1) Label Exchange - 3p
4.2) MPLS VPN - 3p
4.3) PE-CE Routing - 3p

5. Multicast
5.1) Multicast Forwarding - 2p
5.2) Multicast Filtering - i used pim accept-register/solution is a IP IGMP access-group - 0p
5.3) Multicast Filtering - 2p

6. Security
6.1) Traffic Filtering - used ACL no reflexive ones - 0p
6.2) DoS Prevention - 3p
6.3) DHCP Security - 3p

7. Network Services
7.1) IOS Management - 2p
7.2) File Management - 2p
7.3) Auto-Install - ip drected broadcast, ip helper,frame-relay map- 0p
7.4) Local Authorization - 3p
7.5) Local Authorization - 3p
7.6) Switch Management - 2p
7.7) GLBP - 4p

8. QoS
8.1) Frame Relay Traffic Shaping - 2p
8.2) Rate Limiting - 2p
8.3) Signaling - rsvp - 0p

(Full 79/Pass 64/My 68)

INE Vol2 - Troubleshooting Lab 3

1)wrong RT R5/R4 - 2p
2)also use peer-group on R1,update-source on R6 - 2p
3)missing auth-mode on R3 - 2p
4)acl100/101 allow udp 224.0.0.9, what about OSPF ? - 2p
5)fix frame-relay map on R1, ip ospf cost 1 - R1 and R5 - 2p
6) SoO - 0p
7) link-status - 2p
8) speed-mismatch - 2p
9) ??? mpls ldp discovery transport-address interface - 0 p
10) ??? missing d in address - 0p
--------------------------------------
solved 7 (1-5,7,8) tickets in 27 mins
(Total 21p / Pass 16p / Score 14p)

Missed by one fucking ticket .... ARGH !!!!!

Samstag, 23. Juli 2011

DUMBASS SECTION - OSPF no adjacencie

rack1SW2#sh run int eth0/0
Building configuration...

Current configuration : 90 bytes
!
interface Ethernet0/0
description VLAN146
ip address 150.1.15.129 255.255.255.224
end

rack1SW2#
--------------------------------------------------------------------------------
rack1R2#sh run int eth0/1.146
Building configuration...

Current configuration : 97 bytes
!
interface Ethernet0/1.146
encapsulation dot1Q 146
ip address 150.1.15.130 255.255.255.240
end

rack1R2#

debug ip ospf hello

*Jul 23 13:38:13.047: OSPF: Rcv hello from 150.1.2.2 area 2 from Ethernet0/0 150.1.15.130
*Jul 23 13:38:13.047: OSPF: Mismatched hello parameters from 150.1.15.130
*Jul 23 13:38:13.047: OSPF: Dead R 40 C 40, Hello R 10 C 10 Mask R 255.255.255.240 C 255.255.255.224

Finished INE Vol1 IPv6

- no big surprises on IPv6
- there is no documentation how to calcualte the embedded RP on the DocCD (if there is one, please tell me)

Tomorrow i will face INE Vol2 TS3 and Lab3

Mittwoch, 20. Juli 2011

ipv6 prefix-list - A very nice implementation

Rack1R5(config)#ipv6 prefix-list ?
  sequence-number  Include/exclude sequence numbers in NVGEN

Rack1R5(config)#ipv6 prefix-list TEST ?
% Unrecognized command
Rack1R5(config)#ipv6 prefix-list TEST permit FC00:1:0:6::6/64
Rack1R5(config)#do sh run | incl prefix
 ipv6 nd prefix FC00:1:0:58::/64 14400 14400 no-autoconfig
 ipv6 nd prefix FC00:1:0:85::/64 14400 14400
ipv6 prefix-list TEST seq 5 permit FC00:1:0:6::/64
Rack1R5(config)#

Another nice one made by our favourite company 

Montag, 18. Juli 2011

INE Vol2 - Configuration Lab 2 - Crazy Redistribution

http://blog.ine.com/2008/07/19/advanced-route-redistribution-scenario-iewb-rs-v41-vol-ii-lab-2-task-411/ <----- REVIEW

INE WB Vol2 - Configuration Lab 2

After a hard weekend with lots of alcohol ->


1. Layer 2 Technologies
1.1) Link Aggregation - missing lacp system-priority 1 - 0p
1.2) 802.1x Authentication - 3p
1.3) Performance Optimaization - sdm prefer routing - 0p

2. IPv4
2.1) OSPF - missing area auth - 0p
2.2) EIGRP - 3p
2.3) RIP Filtering - 2p
2.4) IGP Redistribution - missing external ospf AD - 0p
2.5) BGP Peering - missing no prepend on local-as - 0p
2.6) BGP Filtering - 2p
2.7) BGP Summarization - missing deny to IGP neighbors - 0p
2.8) BGP Tuning - bgp nexthop trigger delay 15 - 0p

3. IPv6
3.1) IPv6 Deployment - 3p

4. MPLS VPN
4.1) L2 VPN - missing native config on R4 - interface-types must match - 0p

5. Multicast
5.1) Multicast Testing - 2p
5.2) Multicast Traffic Control - missing nbma - 0p

6. Security
6.1) Router Hardening - 2p
6.2) Zone-Based Firewall - 4p
6.3) Traffic Logging - permit instead of deny any - 0p
6.4) ICMP Filtering - 0p

7. Network Services
7.1) RMON - 3p
7.2) Remote Access - 0p
7.3) Remote Access Security - 0p
7.4) Syslog - 0p
7.5) System Management - no setup express...aha - 0p

8. QoS
8.1) Congestion Management - 0p
8.2) Policy Routing - missing ftp-data - 0p
8.3) Congestion Management - 0p
8.4) Frame Relay Traffic Shaping - 0p


(Full 79/Pass 64/My 21)

INE Vol2 - Troubleshooting Lab 2

Yeah..... PASSED !!!!

Donnerstag, 14. Juli 2011

IPv6 on 3550 - Yeah ! It's possible

Rack1SW1#show version | incl 35
Cisco IOS Software, C3550 Software (C3550-IPSERVICESK9-M), Version 12.2(44)SE6, RELEASE SOFTWARE (fc1)
ROM: Bootstrap program is C3550 boot loader
System image file is "flash:/c3550-ipservicesk9-mz.122-44.SE6.bin"
Cisco WS-C3550-24 (PowerPC) processor (revision G0) with 65526K/8192K bytes of memory.
Model number: WS-C3550-24-SMI
Rack1SW1#sh run | incl ipv6
ipv6 unicast-routing
 ipv6 address FC00:1:0:37::7/64
 ipv6 rip TEST enable 
 ipv6 enable
Rack1SW1#sh run int tun0
Building configuration...

Current configuration : 127 bytes
!
interface Tunnel0
 no ip address
 ipv6 address FC00:1:0:37::7/64
 ipv6 rip TEST enable
 tunnel source Loopback0
 tunnel destination 150.1.3.3
end

Rack1SW1#ping fc00:1:0:37::3

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to FC00:1:0:37::3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/3/4 ms
Rack1SW1#show ipv6 neigh
Rack1SW1#show ipv6 route
IPv6 Routing Table - Default - 4 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
       R - RIP, D - EIGRP, EX - EIGRP external
R   2002::/64 [120/2]
     via FE80::20E:D7FF:FE10:4700, Tunnel0
C   FC00:1:0:37::/64 [0/0]
     via Tunnel0, directly connected
L   FC00:1:0:37::7/128 [0/0]
     via Tunnel0, receive
L   FF00::/8 [0/0]
     via Null0, receive
Rack1SW1#
Rack1SW1#ping 2002::2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2002::2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/2/4 ms
Rack1SW1#

Dienstag, 12. Juli 2011

INE WB Vol1 - 8.31 Anycast RP

Lab it up again on a small scenario

msdp originator-id should be set to unique peering loopbacks not the Anycast RP Loopback !

Sonntag, 10. Juli 2011

INE WB Vol2 - Configuration Lab 1

1. Layer 2
1.1 Layer 2 Features - 0 Points
- missed VLAN on removal
- PrivateVLANs not possible on 3550

2. IGP
2.1 OSPF - 0 Points
- missed virtual link
- missed hello multiplier (speed convergence)
- missed non-broadcast neighborship for security

2.2 IGP Features - 3 Points
2.3 BGP Bestpath Selection - 4 Points
3. IPv6
3.1 IPv6 Addressing - 4 Points
3.2. IPv6 Multicast Basics - 0 Points
- R4/R5 RP/BSR mixed-up (DAMN!)

4. MPLS VPN
4.1 LDP - 3 points
4.2 VPN - 3 points

5. IP Multicast
5.1 RP Assignment - 2 Points
5.2 Multicast Testing - 3 Points
5.3 Multicast Filtering - 0 Points
- used ip multicast boundary 1 instead of ip igmp access-group 1

6. Security
6.1 Denial of Service Tracking - 3 Points
6.2 Spoof Prevention - 2 Points
6.3 Information leaking - 0 Points
- used only unreachables not mask-reply
6.4 Control Plane Protection - 0 Points
- used a control plane policy :( instead of simple ACLs

7. Network Services
7.1 RMON - 3 Points
7.2 NTP - 2 Points
7.3 NTP Authentication 3 Points
7.4 Traffic Accounting - 3 Points
7.5 Gateway Redundancy - 3 Points
7.6 Network Address Translation - 3 Points
7.7 Embedded Event Management - 0 Points
- had absolutely no clue

8. QoS
8.1 Frame Relay Traffic Shaping - 0 Points
- had no real clue
8.2 Rate Limiting - 0 Points
- made it with rate-limit not with a policy-map
8.3 CBWFQ - 0 Points
- service-policy on physical interface not on DLCIs
8.4. Catalyst QoS - 0 Points
- no clue



(Full 79/Pass 64/My 44)

INE WB Vol2 - Troubleshooting Lab 1

TS1.1) 2p nni->dce
TS1.2) 2p next-hopf-self
TS1.3) 3p wrong static def.global
TS1.4) - RIP
TS1.5) 2p ospf-dead-interval
TS1.6) - WCCP
TS1.7) 2p ip rip send version 1 -> 2
TS1.8) 2p database-filter
TS1.9) - http authentication local
TS1.10) 2p drop / control-plane
----------------------------------
15 - FAIL (Passing grade 16) - but i used only 1 h and did not verify

Donnerstag, 7. Juli 2011

[OT] TFTPD Error code 1: File not found

l33th4x0r@os390:~$ tftp 1.1.1.1
tftp> put i-hate-tftpd.txt
Error code 1: File not found
tftp>
...
my-fucking-tftpd:~# cat /etc/default/tftpd-hpa
#Defaults for tftpd-hpa
RUN_DAEMON="yes"
OPTIONS="-l -c -s /var/lib/tftpboot/"
#change to "-c" for creating files
my-fucking-tftpd:~#
my-fucking-tftpd:~# chown nobody -R /var/lib/tftpboot/
my-fucking-tftpd:~# chmod -R 777 /var/lib/tftpboot/
...
l33th4x0r@os390:~$ tftp 1.1.1.1
tftp> put i-hate-tftpd.txt
Sent 856063 bytes in 1.2 seconds
tftp>

Wow....

If you encounter problems with the tftpd-hpa package on Debian systems... here's the solution

Samstag, 2. Juli 2011

DUMBASS SECTION - BGP communities

 route-map COM, permit, sequence 10
  Match clauses:
    community (community-list filter): 200:200
  Set clauses:
    local-preference 200
  Policy routing matches: 0 packets, 0 bytes
route-map COM, permit, sequence 20
  Match clauses:
  Set clauses:
  Policy routing matches: 0 packets, 0 bytes
Rack1R3#
Rack1R3#show ip bgp 112.0.0.0
BGP routing table entry for 112.0.0.0/8, version 9
Paths: (3 available, best #1, table Default-IP-Routing-Table)
  Advertised to update-groups:
     1          2          3        
  100 54 50 60
    155.1.13.1 from 155.1.13.1 (150.1.1.1)
      Origin IGP, localpref 100, valid, external, best
      Community: 200:200
  300 100 54 50 60
    155.1.37.7 from 155.1.37.7 (150.1.7.7)
      Origin IGP, localpref 100, valid, external
  100 54 50 60
    155.1.45.4 (metric 27262976) from 155.1.0.5 (150.1.5.5)
      Origin IGP, metric 0, localpref 100, valid, internal
Rack1R3#
...
Hm.. community arrives at R3 but the route-map doesn't care. Still localpref 100 not 200.
Minutes passing by....
....
AHH not the community itself, sure... i need a community-list
....
Rack1R3(config)#ip community-list standard 200:200 permit 200:200 ?
Rack1R3#show ip bgp regexp _60$
BGP table version is 25, local router ID is 150.1.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 112.0.0.0        155.1.13.1                    200      0 100 54 50 60 i
*                   155.1.37.7                             0 300 100 54 50 60 i
*> 113.0.0.0        155.1.13.1                    200      0 100 54 50 60 i
*                   155.1.37.7                             0 300 100 54 50 60 i
Rack1R3#s

Mittwoch, 29. Juni 2011

bgp bestpath as-path ignore - Wow a hidden command to freak network engineers

Rack1SW1(config-router)#bgp bestpath ?
  compare-routerid  Compare router-id for identical EBGP paths
  cost-community    cost community
  med               MED attribute

Rack1SW1(config-router)#bgp bestpath as-path ignore
Rack1SW1(config-router)#end
Rack1SW1#sh run | i
*Mar  1 02:13:46.567: %SYS-5-CONFIG_I: Configured from console by console
Rack1SW1#sh run | incl ignore
 bgp bestpath as-path ignore <-- a command like test crash :D
Rack1SW1#

Rack1SW1#test crash
WARNING: Command selections marked with '(crash router)' will crash
         router when issued. However a selection 'C' will need to
         be issued IMMEDIATELY before these selections to enable them.


Type the number for the selected crash:
--------------------------------------
 1  (crash router) Bus Error, due to invalid address access
 2  (crash router) Bus Error, due to parity error in Main memory
 3  (crash router) Bus Error, due to parity error in I/O memory
 4  (crash router) Address Error, due to fetching code from odd address
 5  (crash router) Jump to zero
 6  (crash router) Software forced crash
 7  (crash router) Illegal read of address zero
 8  (crash router) Divide by zero
 9  (crash router) Corrupt memory
 A  (crash router) Test assert() failure
 C  Enable crash router selection marked with (crash router)
 P  (crash router) Test assert_production() failure
 R  (crash router) User enter read bus error address
 U  (crash router) User enter write bus error address
 W  (crash router) Software watchdog timeout (*** Watch Dog Timeout ***)
 w  (crash router) Process watchdog timeout (SYS-2-WATCHDOG)
 d  Disable crashinfo collection
 e  Enable crashinfo collection
 i  Display contents of current crashinfo flash file
 m  Write crashinfo on crashinfo RAM
 n  Change crashinfo flash file name
 q  Exit crash menu
 s  Save crashinfo to current crashinfo flash file
 c  Close current crashinfo flash file
 t  Write crashinfo on console TTY
 x  Exit crash menu
?

Donnerstag, 23. Juni 2011

INE WB Vol1 - 6.42 OSPF Database Filtering

Never seen this one in reallife :/


CoolRouter
router ospf 99
neighbor 1.2.3.4 database-filter all out
CoolSwitch:
interface Vlan12
ip ospf database-filter all out

Dienstag, 21. Juni 2011

INE WB Vol1 - 6.38 OSPF Summarization and Discard Routes

Rack1R5#sh ip route 150.1.2.2
Routing entry for 150.1.0.0/22
  Known via "ospf 1", distance 110, metric 65, type intra area
  Routing Descriptor Blocks:
  * directly connected, via Null0
      Route metric is 65, traffic share count is 1

Rack1R5#conf t 
Enter configuration commands, one per line.  End with CNTL/Z.
Rack1R5(config)#router ospf 1
Rack1R5(config-router)#no dis
Rack1R5(config-router)#no disca
Rack1R5(config-router)#no discard-route i
Rack1R5(config-router)#no discard-route internal
Rack1R5(config-router)#end
Rack1R5#sh ip route 150.
*Jun 21 13:19:52.114: %SYS-5-CONFIG_I: Configured from console by console
Rack1R5#sh ip route 150.1.2.2
% Subnet not in table
Rack1R5#sh ip route 150.1.2.2
% Subnet not in table
Rack1R5#sh ip route de
Rack1R5#sh ip route  
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is 155.1.45.4 to network 0.0.0.0

     51.0.0.0/32 is subnetted, 1 subnets
O E2    51.51.51.51 [110/20] via 155.1.0.2, 00:00:10, Serial0/0/0
O E2 204.12.1.0/24 [110/20] via 155.1.45.4, 00:00:10, Serial0/1/0
                   [110/20] via 155.1.0.4, 00:00:10, Serial0/0/0
     155.1.0.0/16 is variably subnetted, 19 subnets, 2 masks
O IA    155.1.146.0/24 [110/65] via 155.1.45.4, 00:00:10, Serial0/1/0
                       [110/65] via 155.1.0.4, 00:00:10, Serial0/0/0
                       [110/65] via 155.1.0.1, 00:00:10, Serial0/0/0
O IA    155.1.23.0/24 [110/128] via 155.1.0.2, 00:00:10, Serial0/0/0
O       155.1.10.0/24 [110/3] via 155.1.58.8, 00:00:10, FastEthernet0/0
O       155.1.8.0/24 [110/2] via 155.1.58.8, 00:00:10, FastEthernet0/0
O IA    155.1.9.0/24 [110/67] via 155.1.0.3, 00:00:10, Serial0/0/0
O IA    155.1.13.0/24 [110/128] via 155.1.0.1, 00:00:10, Serial0/0/0
         
Rack1R5#

Sonntag, 19. Juni 2011

INE WB Vol1 - 6.36 OSPF Reliable Conditional Default Routing

Hm... aha a placeholder-route to null0 with tracking-option and then match with a prefix-list on a route-map to originate the default route.


 But what the INE guys are missing that they don't state you can impelement a new IP subnet to the requirements.

My first try was to add a normal default-route to the backbone-device add a track statement on this route, and everything is fine !?!
A more "straightforward" solution thatn INE, it's not necessary to do it with a 169...-whatever !?!

What do you think ?

Freitag, 17. Juni 2011

[SOLVED] WTF ? OSPF FULL ROUTING = TROUBLESHOOTING LAB

AutoInstall Using Frame Relay

If the new router is connected by a Frame Relay-encapsulated serial interface, AutoInstall will send a BOOTP request over the lowest numbered serial or HSSI interface. (The attempt to run AutoInstall over Frame Relay is performed only after attempts are made using SLARP over HDLC, DHCP, and RARP.)

The broadcast BOOTP request sent by the new router will contain the MAC address of the new router's interface. The staging router should be configured to forward the request using a helper address. A DHCP or BOOTP server will then return the IP address assigned to that MAC address. (Note that either a DHCP or BOOTP service can respond to the BOOTP request.)

AutoInstall using Frame Relay can be initiated over only the first serial interface on the new router. Specifically, Autoinstall over Frame Relay can be initiated over Serial 0 (S0), or Serial 1/0 (S1/0). For example, if the new router has serial interfaces S1/0 through S1/3 and S4/0 through S4/3, AutoInstall will be attempted over S1/0 only and cannot be forced to be initiated from S4/0. If AutoInstall over S1/0 fails, an Frame Relay attempt will not be made from any other serial port.

Only a helper address and a Frame Relay map need to be configured on the staging router. No MAC-to-IP address map is needed on the staging router. For configuration details, see the "Configuring a Frame Relay-Encapsulated Serial Interface Connection" section.

http://www.cisco.com/en/US/docs/ios/12_2/configfun/configuration/guide/fcf002.html#wp1011965

http://blog.ine.com/2008/06/29/understanding-frame-relay-mappings-to-0000/


Nice one :)

WTF ? OSPF FULL ROUTING = TROUBLESHOOTING LAB

Rack1R2#debug frame-relay pack
*Mar  1 04:20:12.473: %OSPF-5-ADJCHG: Process 1, Nbr 150.1.3.3 on Serial0/0 from EXSTART to DOWN, Neighbor Down: Too many retransmissions
Rack1R2#debug frame-relay pack
*Mar  1 04:21:12.475: %OSPF-5-ADJCHG: Process 1, Nbr 150.1.3.3 on Serial0/0 from DOWN to DOWN, Neighbor Down: Ignore timer expired
Rack1R2#debug frame-relay pack
*Mar  1 04:22:32.498: %OSPF-5-ADJCHG: Process 1, Nbr 150.1.3.3 on Serial0/0 from EXSTART to DOWN, Neighbor Down: Dead timer expired
Rack1R2#debug frame-relay packshow
Rack1R2#sh
*Mar  1 04:24:57.881: %OSPF-5-ADJCHG: Process 1, Nbr 150.1.3.3 on Serial0/0 from EXSTART to DOWN, Neighbor Down: Too many retransmissions

R3#
*Mar  1 04:25:23.947: Serial1/0(i): dlci 302(0x48E1), pkt type 0x800, datagramsize 88
*Mar  1 04:25:23.979: Serial1/0:Encaps failed--no map entry link 7(IP)
R3#

Rack1R3#show frame-relay map
Serial1/0 (up): ip 0.0.0.0 dlci 304(0x130,0x4C00)
              broadcast,
              CISCO, status defined, active
Serial1/0 (up): ip 0.0.0.0 dlci 302(0x12E,0x48E0)
              broadcast,
              CISCO, status defined, active
Serial1/0 (up): ip 0.0.0.0 dlci 301(0x12D,0x48D0)
              broadcast,
              CISCO, status defined, active
Serial1/0 (up): ip 155.1.0.5 dlci 305(0x131,0x4C10), static,
              broadcast,
              CISCO, status defined, active
Rack1R3#
Rack1R2#show frame-relay map
Serial0/0 (up): ip 0.0.0.0 dlci 213(0xD5,0x3450)
              broadcast,
              CISCO, status defined, inactive
Serial0/0 (up): ip 0.0.0.0 dlci 204(0xCC,0x30C0)
              broadcast,
              CISCO, status defined, active
Serial0/0 (up): ip 0.0.0.0 dlci 203(0xCB,0x30B0)
              broadcast,
              CISCO, status defined, active
Serial0/0 (up): ip 0.0.0.0 dlci 201(0xC9,0x3090)
              broadcast,
              CISCO, status defined, active
Serial0/0 (up): ip 155.1.0.5 dlci 205(0xCD,0x30D0), static,
              broadcast,
              CISCO, status defined, active
Rack1R2#
*Mar  1 04:34:42.315: OSPF: Rcv hello from 150.1.3.3 area 5 from Serial0/1 155.1.23.3
*Mar  1 04:34:42.315: OSPF: End of hello processing
*Mar  1 04:34:42.795: OSPF: Rcv hello from 192.10.1.254 area 51 from FastEthernet0/0 192.10.1.254
*Mar  1 04:34:42.795: OSPF: End of hello processing
Rack1R2#
*Mar  1 04:34:43.721: OSPF: Send hello to 224.0.0.5 area 5 on Serial0/1 from 155.1.23.2
Rack1R2#
*Mar  1 04:34:44.751: OSPF: Send hello to 224.0.0.5 area 51 on FastEthernet0/0 from 192.10.1.2
*Mar  1 04:34:44.755: OSPF: Send hello to 224.0.0.5 area 0 on Serial0/0 from 155.1.0.2
Rack1R2#wr
Building configuration...

*Mar  1 04:34:48.425: OSPF: Rcv hello from 150.1.5.5 area 0 from Serial0/0 155.1.0.5
*Mar  1 04:34:48.425: OSPF: End of hello processing
*Mar  1 04:34:52.319: OSPF: Rcv hello from 150.1.3.3 area 5 from Serial0/1 155.1.23.3
*Mar  1 04:34:52.319: OSPF: End of hello processing
*Mar  1 04:34:52.796: OSPF: Rcv hello from 192.10.1.254 area 51 from FastEthernet0/0 192.10.1.254
*Mar  1 04:34:52.796: OSPF: End of hello processing
*Mar  1 04:34:53.721: OSPF: Send hello to 224.0.0.5 area 5 on Serial0/1 from 155.1.23.2
*Mar  1 04:34:54.751: OSPF: Send hello to 224.0.0.5 area 51 on FastEthernet0/0 from 192.10.1.2
*Mar  1 04:34:54.755: OSPF: Send hello to 224.0.0.5 area 0 on Serial0/0 from 155.1.0.2
*Mar  1 04:34:55.685: OSPF: Rcv LS UPD from 150.1.5.5 on Serial0/0 length 56 LSA count 1
*Mar  1 04:34:55.737: OSPF: Rcv LS UPD from 150.1.5.5 on Serial0/0 length 56 LSA count 1
*Mar  1 04:34:55.793: OSPF: Rcv LS UPD from 150.1.5.5 on Serial0/0 length 84 LSA count 2
*Mar  1 04:34:57.431: OSPF: Rcv hello from 150.1.5.5 area 0 from Serial0/0 155.1.0.5
*Mar  1 04:34:57.431: OSPF: End of hello processing[OK]
Rack1R2#
*Mar  1 04:35:02.315: OSPF: Rcv hello from 150.1.3.3 area 5 from Serial0/1 155.1.23.3
*Mar  1 04:35:02.315: OSPF: End of hello processing
*Mar  1 04:35:02.796: OSPF: Rcv hello from 192.10.1.254 area 51 from FastEthernet0/0 192.10.1.254
*Mar  1 04:35:02.796: OSPF: End of hello processing
Rack1R2#
*Mar  1 04:35:03.722: OSPF: Send hello to 224.0.0.5 area 5 on Serial0/1 from 155.1.23.2
Rack1R2#
*Mar  1 04:35:04.751: OSPF: Send hello to 224.0.0.5 area 51 on FastEthernet0/0 from 192.10.1.2
*Mar  1 04:35:04.755: OSPF: Send hello to 224.0.0.5 area 0 on Serial0/0 from 155.1.0.2
Rack1R2#
*Mar  1 04:35:07.332: OSPF: Rcv hello from 150.1.5.5 area 0 from Serial0/0 155.1.0.5
*Mar  1 04:35:07.332: OSPF: End of hello processing
Rack1R2#
*Mar  1 04:35:12.316: OSPF: Rcv hello from 150.1.3.3 area 5 from Serial0/1 155.1.23.3
*Mar  1 04:35:12.316: OSPF: End of hello processing
*Mar  1 04:35:12.805: OSPF: Rcv hello from 192.10.1.254 area 51 from FastEthernet0/0 192.10.1.254
*Mar  1 04:35:12.809: OSPF: End of hello processing
Rack1R2#
*Mar  1 04:35:13.722: OSPF: Send hello to 224.0.0.5 area 5 on Serial0/1 from 155.1.23.2
Rack1R2#
*Mar  1 04:35:14.752: OSPF: Send hello to 224.0.0.5 area 51 on FastEthernet0/0 from 192.10.1.2
*Mar  1 04:35:14.756: OSPF: Send hello to 224.0.0.5 area 0 on Serial0/0 from 155.1.0.2
Rack1R2#
*Mar  1 04:35:17.236: OSPF: Rcv hello from 150.1.5.5 area 0 from Serial0/0 155.1.0.5
*Mar  1 04:35:17.240: OSPF: End of hello processing
Rack1R2#
*Mar  1 04:35:22.316: OSPF: Rcv hello from 150.1.3.3 area 5 from Serial0/1 155.1.23.3
*Mar  1 04:35:22.316: OSPF: End of hello processing
*Mar  1 04:35:22.809: OSPF: Rcv hello from 192.10.1.254 area 51 from FastEthernet0/0 192.10.1.254
*Mar  1 04:35:22.809: OSPF: End of hello processing
Rack1R2#
*Mar  1 04:35:23.722: OSPF: Send hello to 224.0.0.5 area 5 on Serial0/1 from 155.1.23.2
Rack1R2#
*Mar  1 04:35:24.752: OSPF: Send hello to 224.0.0.5 area 51 on FastEthernet0/0 from 192.10.1.2
*Mar  1 04:35:24.756: OSPF: Send hello to 224.0.0.5 area 0 on Serial0/0 from 155.1.0.2
Rack1R2#
*Mar  1 04:35:26.435: OSPF: Rcv hello from 150.1.5.5 area 0 from Serial0/0 155.1.0.5
*Mar  1 04:35:26.439: OSPF: End of hello processing
Rack1R2#
*Mar  1 04:35:32.317: OSPF: Rcv hello from 150.1.3.3 area 5 from Serial0/1 155.1.23.3
*Mar  1 04:35:32.317: OSPF: End of hello processing
*Mar  1 04:35:32.966: OSPF: Rcv hello from 192.10.1.254 area 51 from FastEthernet0/0 192.10.1.254
*Mar  1 04:35:32.966: OSPF: End of hello processing
Rack1R2#
*Mar  1 04:35:33.723: OSPF: Send hello to 224.0.0.5 area 5 on Serial0/1 from 155.1.23.2
Rack1R2#
*Mar  1 04:35:34.753: OSPF: Send hello to 224.0.0.5 area 51 on FastEthernet0/0 from 192.10.1.2
*Mar  1 04:35:34.757: OSPF: Send hello to 224.0.0.5 area 0 on Serial0/0 from 155.1.0.2
Rack1R2#
*Mar  1 04:35:36.035: OSPF: Rcv hello from 150.1.5.5 area 0 from Serial0/0 155.1.0.5
*Mar  1 04:35:36.035: OSPF: End of hello processing
Rack1R2#debug f
*Mar  1 04:35:42.317: OSPF: Rcv hello from 150.1.3.3 area 5 from Serial0/1 155.1.23.3
*Mar  1 04:35:42.317: OSPF: End of hello processing
*Mar  1 04:35:42.970: OSPF: Rcv hello from 192.10.1.254 area 51 from FastEthernet0/0 192.10.1.254
*Mar  1 04:35:42.970: OSPF: End of hello processing
Rack1R2#debug fram
Rack1R2#debug frame-relay packet
*Mar  1 04:35:43.723: OSPF: Send hello to 224.0.0.5 area 5 on Serial0/1 from 155.1.23.2
Rack1R2#debug frame-relay packet
Frame Relay packet debugging is on
Rack1R2#
*Mar  1 04:35:44.753: OSPF: Send hello to 224.0.0.5 area 51 on FastEthernet0/0 from 192.10.1.2
*Mar  1 04:35:44.757: OSPF: Send hello to 224.0.0.5 area 0 on Serial0/0 from 155.1.0.2
*Mar  1 04:35:45.735: Serial0/0(i): dlci 205(0x30D1), pkt type 0x800, datagramsize 96
*Mar  1 04:35:45.735: OSPF: Rcv hello from 150.1.5.5 area 0 from Serial0/0 155.1.0.5
*Mar  1 04:35:45.735: OSPF: End of hello processing
Rack1R2#
Rack1R2#
Rack1R2#
Rack1R2#
Rack1R2#
Rack1R2#
Rack1R2#
*Mar  1 04:35:52.317: OSPF: Rcv hello from 150.1.3.3 area 5 from Serial0/1 155.1.23.3
*Mar  1 04:35:52.317: OSPF: End of hello processing
*Mar  1 04:35:52.970: OSPF: Rcv hello from 192.10.1.254 area 51 from FastEthernet0/0 192.10.1.254
*Mar  1 04:35:52.974: OSPF: End of hello processing
Rack1R2#
Rack1R2#
*Mar  1 04:35:53.724: OSPF: Send hello to 224.0.0.5 area 5 on Serial0/1 from 155.1.23.2
*Mar  1 04:35:54.753: OSPF: Send hello to 224.0.0.5 area 51 on FastEthernet0/0 from 192.10.1.2
*Mar  1 04:35:54.757: OSPF: Send hello to 224.0.0.5 area 0 on Serial0/0 from 155.1.0.2
*Mar  1 04:35:54.757: Serial0/0: broadcast search
*Mar  1 04:35:54.757: Serial0/0: Broadcast on DLCI 204  link 7
*Mar  1 04:35:54.757: Serial0/0(o): dlci 204(0x30C1), pkt type 0x800(IP), datagramsize 84
*Mar  1 04:35:54.757: Serial0/0: Broadcast on DLCI 203  link 7
*Mar  1 04:35:54.757: Serial0/0(o): dlci 203(0x30B1), pkt type 0x800(IP), datagramsize 84
*Mar  1 04:35:54.757: Serial0/0: Broadcast on DLCI 201  link 7
*Mar  1 04:35:54.761: Serial0/0(o): dlci 201(0x3091), pkt type 0x800(IP), datagramsize 84
*Mar  1 04:35:54.761: Serial0/0: Broadcast on DLCI 205  link 7
*Mar  1 04:35:54.761: Serial0/0(o): dlci 205(0x30D1), pkt type 0x800(IP), datagramsize 84
*Mar  1 04:35:54.761: DLCI 213 is either deleted or i
Rack1R2#nactive
*Mar  1 04:35:54.781: broadcast dequeue
*Mar  1 04:35:54.781: Serial0/0(o):Pkt sent on dlci 204(0x30C1), pkt type
0x800(IP), datagramsize 84
*Mar  1 04:35:54.781: broadcast dequeue
*Mar  1 04:35:54.781: Serial0/0(o):Pkt sent on dlci 203(0x30B1), pkt type
0x800(IP), datagramsize 84
*Mar  1 04:35:54.781: broadcast dequeue
*Mar  1 04:35:54.781: Serial0/0(o):Pkt sent on dlci 201(0x3091), pkt type
0x800(IP), datagramsize 84
*Mar  1 04:35:54.882: broadcast dequeue
*Mar  1 04:35:54.882: Serial0/0(o):Pkt sent on dlci 205(0x30D1), pkt type
0x800(IP), datagramsize 84
*Mar  1 04:35:55.034: Serial0/0(i): dlci 205(0x30D1), pkt type 0x800, datagramsize 96
*Mar  1 04:35:55.034: OSPF: Rcv hello from 150.1.5.5 area 0 from Serial0/0 155.1.0.5
*Mar  1 04:35:55.034: OSPF: End of hello processing
Rack1R2#
*Mar  1 04:36:02.318: OSPF: Rcv hello from 150.1.3.3 area 5 from Serial0/1 155.1.23.3
*Mar  1 04:36:02.318: OSPF: End of hello processing
*Mar  1 04:36:02.975: OSPF: Rcv hello from 192.10.1.254 area 51 from FastEthernet0/0 192.10.1.254
*Mar  1 04:36:02.975: OSPF: End of hello processing
Rack1R2#
*Mar  1 04:36:03.724: OSPF: Send hello to 224.0.0.5 area 5 on Serial0/1 from 155.1.23.2
*Mar  1 04:36:04.233: Serial0/0(i): dlci 205(0x30D1), pkt type 0x800, datagramsize 96
*Mar  1 04:36:04.233: OSPF: Rcv hello from 150.1.5.5 area 0 from Serial0/0 155.1.0.5
*Mar  1 04:36:04.233: OSPF: End of hello processing
*Mar  1 04:36:04.754: OSPF: Send hello to 224.0.0.5 area 51 on FastEthernet0/0 from 192.10.1.2
*Mar  1 04:36:04.762: OSPF: Send hello to 224.0.0.5 area 0 on Serial0/0 from 155.1.0.2
*Mar  1 04:36:04.762: Serial0/0: broadcast search
*Mar  1 04:36:04.762: Serial0/0: Broadcast on DLCI 204  link 7
*Mar  1 04:36:04.762: Serial0/0(o): dlci 204(0x30C1), pkt type 0x800(IP), datagramsize 84
*Mar  1 04:36:04.762: Serial0/0: Broadcast on DLCI 203  link 7
*Mar  1 04:36:04.762: Serial0/0(o): dlci 203(0x30B1), pkt type 0x800(IP), datagramsize 84
*Mar  1 04:36:04.762: Serial0/0: Broadcast on DLCI 201  link 7
*Mar  1 04:36:04.766: Serial0/0(o): dlci 201(0x3091), pkt type 0x800(IP),
Rack1R2# datagramsize 84
*Mar  1 04:36:04.766: Serial0/0: Broadcast on DLCI 205  link 7
*Mar  1 04:36:04.766: Serial0/0(o): dlci 205(0x30D1), pkt type 0x800(IP), datagramsize 84
*Mar  1 04:36:04.766: DLCI 213 is either deleted or inactive
*Mar  1 04:36:04.798: broadcast dequeue
*Mar  1 04:36:04.798: Serial0/0(o):Pkt sent on dlci 204(0x30C1), pkt type
0x800(IP), datagramsize 84
*Mar  1 04:36:04.798: broadcast dequeue
*Mar  1 04:36:04.798: Serial0/0(o):Pkt sent on dlci 203(0x30B1), pkt type
0x800(IP), datagramsize 84
*Mar  1 04:36:04.798: broadcast dequeue
*Mar  1 04:36:04.798: Serial0/0(o):Pkt sent on dlci 201(0x3091), pkt type
0x800(IP), datagramsize 84
*Mar  1 04:36:04.898: broadcast dequeue
*Mar  1 04:36:04.898: Serial0/0(o):Pkt sent on dlci 205(0x30D1), pkt type
0x800(IP), datagramsize 84
Rack1R2#
*Mar  1 04:36:12.082: Serial0/0(o): dlci 205(0x30D1), pkt type 0x800(IP), datagramsize 80
*Mar  1 04:36:12.118: Serial0/0(o): dlci 205(0x30D1), pkt type 0x800(IP), datagramsize 80
*Mar  1 04:36:12.162: Serial0/0(i): dlci 205(0x30D1), pkt type 0x800, datagramsize 80
*Mar  1 04:36:12.162: OSPF: Rcv LS UPD from 150.1.5.5 on Serial0/0 length 56 LSA count 1
*Mar  1 04:36:12.202: Serial0/0(i): dlci 205(0x30D1), pkt type 0x800, datagramsize 80
*Mar  1 04:36:12.206: OSPF: Rcv LS UPD from 150.1.5.5 on Serial0/0 length 56 LSA count 1
*Mar  1 04:36:12.318: OSPF: Rcv hello from 150.1.3.3 area 5 from Serial0/1 155.1.23.3
*Mar  1 04:36:12.318: OSPF: End of hello processing
Rack1R2#
*Mar  1 04:36:13.051: OSPF: Rcv hello from 192.10.1.254 area 51 from FastEthernet0/0 192.10.1.254
*Mar  1 04:36:13.051: OSPF: End of hello processing
*Mar  1 04:36:13.724: OSPF: Send hello to 224.0.0.5 area 5 on Serial0/1 from 155.1.23.2
*Mar  1 04:36:14.029: Serial0/0(i): dlci 205(0x30D1), pkt type 0x800, datagramsize 96
*Mar  1 04:36:14.033: OSPF: Rcv hello from 150.1.5.5 area 0 from Serial0/0 155.1.0.5
*Mar  1 04:36:14.033: OSPF: End of hello processing
Rack1R2#
*Mar  1 04:36:14.662: Serial0/0(i): dlci 205(0x30D1), pkt type 0x800, datagramsize 88
*Mar  1 04:36:14.754: OSPF: Send hello to 224.0.0.5 area 51 on FastEthernet0/0 from 192.10.1.2
*Mar  1 04:36:14.766: OSPF: Send hello to 224.0.0.5 area 0 on Serial0/0 from 155.1.0.2
*Mar  1 04:36:14.766: Serial0/0: broadcast search
*Mar  1 04:36:14.766: Serial0/0: Broadcast on DLCI 204  link 7
*Mar  1 04:36:14.766: Serial0/0(o): dlci 204(0x30C1), pkt type 0x800(IP), datagramsize 84
*Mar  1 04:36:14.766: Serial0/0: Broadcast on DLCI 203  link 7
*Mar  1 04:36:14.766: Serial0/0(o): dlci 203(0x30B1), pkt type 0x800(IP), datagramsize 84
*Mar  1 04:36:14.770: Serial0/0: Broadcast on DLCI 201  link 7
*Mar  1 04:36:14.770: Serial0/0(o): dlci 201(0x3091), pkt type 0x800(IP), datagramsize 84
*Mar  1 04:36:14.770: Serial0/0: Broadcast on DLCI 205  link 7
*Mar  1 04:36:14.770: Serial0/0(o): dlci 205(0x30D1), pkt type 0x800(IP), datagramsize 84
*Mar  1 04:36:14.770: DLCI 213 is either deleted or ina
Rack1R2#ctive
*Mar  1 04:36:14.866: broadcast dequeue
*Mar  1 04:36:14.866: Serial0/0(o):Pkt sent on dlci 204(0x30C1), pkt type
0x800(IP), datagramsize 84
*Mar  1 04:36:14.866: broadcast dequeue
*Mar  1 04:36:14.866: Serial0/0(o):Pkt sent on dlci 203(0x30B1), pkt type
0x800(IP), datagramsize 84
*Mar  1 04:36:14.866: broadcast dequeue
*Mar  1 04:36:14.866: Serial0/0(o):Pkt sent on dlci 201(0x3091), pkt type
0x800(IP), datagramsize 84
*Mar  1 04:36:14.966: broadcast dequeue
*Mar  1 04:36:14.966: Serial0/0(o):Pkt sent on dlci 205(0x30D1), pkt type
0x800(IP), datagramsize 84
Rack1R2#
*Mar  1 04:36:22.323: OSPF: Rcv hello from 150.1.3.3 area 5 from Serial0/1 155.1.23.3
*Mar  1 04:36:22.323: OSPF: End of hello processing
*Mar  1 04:36:23.052: OSPF: Rcv hello from 192.10.1.254 area 51 from FastEthernet0/0 192.10.1.254
*Mar  1 04:36:23.052: OSPF: End of hello processing
Rack1R2#
*Mar  1 04:36:23.725: OSPF: Send hello to 224.0.0.5 area 5 on Serial0/1 from 155.1.23.2
*Mar  1 04:36:24.029: Serial0/0(i): dlci 205(0x30D1), pkt type 0x800, datagramsize 96
*Mar  1 04:36:24.029: OSPF: Rcv hello from 150.1.5.5 area 0 from Serial0/0 155.1.0.5
*Mar  1 04:36:24.033: OSPF: End of hello processing
*Mar  1 04:36:24.755: OSPF: Send hello to 224.0.0.5 area 51 on FastEthernet0/0 from 192.10.1.2
*Mar  1 04:36:24.771: OSPF: Send hello to 224.0.0.5 area 0 on Serial0/0 from 155.1.0.2
*Mar  1 04:36:24.771: Serial0/0: broadcast search
*Mar  1 04:36:24.771: Serial0/0: Broadcast on DLCI 204  link 7
*Mar  1 04:36:24.771: Serial0/0(o): dlci 204(0x30C1), pkt type 0x800(IP), datagramsize 84
*Mar  1 04:36:24.771: Serial0/0: Broadcast on DLCI 203  link 7
*Mar  1 04:36:24.771: Serial0/0(o): dlci 203(0x30B1), pkt type 0x800(IP), datagramsize 84
*Mar  1 04:36:24.771: Serial0/0: Broadcast on DLCI 201  link 7
*Mar  1 04:36:24.775: Serial0/0(o): dlci 201(0x3091), pkt type 0x800(IP),
Rack1R2# datagramsize 84
*Mar  1 04:36:24.775: Serial0/0: Broadcast on DLCI 205  link 7
*Mar  1 04:36:24.775: Serial0/0(o): dlci 205(0x30D1), pkt type 0x800(IP), datagramsize 84
*Mar  1 04:36:24.775: DLCI 213 is either deleted or inactive
*Mar  1 04:36:24.783: broadcast dequeue
*Mar  1 04:36:24.783: Serial0/0(o):Pkt sent on dlci 204(0x30C1), pkt type
0x800(IP), datagramsize 84
*Mar  1 04:36:24.783: broadcast dequeue
*Mar  1 04:36:24.783: Serial0/0(o):Pkt sent on dlci 203(0x30B1), pkt type
0x800(IP), datagramsize 84
*Mar  1 04:36:24.783: broadcast dequeue
*Mar  1 04:36:24.783: Serial0/0(o):Pkt sent on dlci 201(0x3091), pkt type
0x800(IP), datagramsize 84
*Mar  1 04:36:24.883: broadcast dequeue
*Mar  1 04:36:24.883: Serial0/0(o):Pkt sent on dlci 205(0x30D1), pkt type
0x800(IP), datagramsize 84
Rack1R2#
Rack1R2#
Rack1R2#
Rack1R2#
Rack1R2#sh fram
Rack1R2#sh frame-relay map
Rack1R2#sh frame-relay map
Serial0/0 (up): ip 0.0.0.0 dlci 213(0xD5,0x3450)
              broadcast,
              CISCO, status defined, inactive
Serial0/0 (up): ip 0.0.0.0 dlci 204(0xCC,0x30C0)
              broadcast,
              CISCO, status defined, active
Serial0/0 (up): ip 0.0.0.0 dlci 203(0xCB,0x30B0)
              broadcast,
              CISCO, status defined, active
Serial0/0 (up): ip 0.0.0.0 dlci 201(0xC9,0x3090)
              broadcast,
              CISCO, status defined, active
Serial0/0 (up): ip 155.1.0.5 dlci 205(0xCD,0x30D0), static,
              broadcast,
              CISCO, status defined, active
Rack1R2#

<-----------after------reload------------------------>
Rack1R2#show frame-relay map
Serial0/0 (up): ip 155.1.0.5 dlci 205(0xCD,0x30D0), static,
              broadcast,
              CISCO, status defined, active
Rack1R2#
Rack1R2#sh ip ospf nei

Neighbor ID     Pri   State           Dead Time   Address         Interface
150.1.5.5         0   FULL/  -        00:00:39    155.1.0.5       Serial0/0
150.1.3.3         0   FULL/  -        00:00:33    155.1.23.3      Serial0/1
192.10.1.254      1   FULL/DR         00:00:32    192.10.1.254    FastEthernet0/0
Rack1R2#
Rack1R3#sh ip ospf nei

Neighbor ID     Pri   State           Dead Time   Address         Interface
150.1.5.5         0   FULL/  -        00:00:39    155.1.0.5       Serial1/0
150.1.7.7         1   FULL/DR         00:00:36    155.1.37.7      FastEthernet0/0
150.1.1.1         0   FULL/  -        00:00:35    155.1.13.1      Serial1/2
150.1.2.2         0   FULL/  -        00:00:33    155.1.23.2      Serial1/3
Rack1R3#
 

Hm...

Mittwoch, 15. Juni 2011

INE WB Vol1 - 6.15 OSPF Demand Circuit

This feature is enabled with the interface level command ip ospf demand-
circuit, and is negotiated as part of the neighbor adjacency establishment. One side is sufficient.
The show command below output outlines the change in the adjacency between
R4 and R5 once the demand circuit feature is enabled.
Rack1R5#sh ip ospf int s0/1/0 | incl demand
  Configured as demand circuit.
  Run as demand circuit.
Rack1R5#

INE WB Vol1 - 6.14 OSPF Path Selection with Virtual-Links

6.14 OSPF Path Selection with Virtual-Links

Rack1R2#sh run | begin router
router ospf 1
router-id 150.1.2.2
log-adjacency-changes
auto-cost reference-bandwidth 30000
area 5 virtual-link 150.1.3.3
network 155.1.0.0 0.0.0.255 area 0
!
Rack1R2#sh ip ospf virtual-links
Virtual Link OSPF_VL2 to router 150.1.3.3 is down
  Run as demand circuit
  DoNotAge LSA allowed.
  Transit area 5, Cost of using 65535
  Transmit Delay is 1 sec, State DOWN,
  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Rack1R2#sh ip ospf virtual-links
Virtual Link OSPF_VL2 to router 150.1.3.3 is down
  Run as demand circuit
  DoNotAge LSA allowed.
  Transit area 5, Cost of using 65535
  Transmit Delay is 1 sec, State DOWN,
  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Rack1R2#sh ip ospf interface | incl Area
  Internet Address 155.1.0.2/24, Area 0
  Internet Address 0.0.0.0/0, Area 0
  Internet Address 150.1.2.2/24, Area 0
  Internet Address 155.1.23.2/24, Area 5
  Internet Address 192.10.1.2/24, Area 51
Rack1R2#sh run



Rack1R3#sh run | begin router
router ospf 1
router-id 150.1.3.3
log-adjacency-changes
auto-cost reference-bandwidth 30000
area 5 virtual-link 150.1.2.2
network 155.1.0.0 0.0.0.255 area 0
!
Rack1R3#sh ip ospf virtual-links
Virtual Link OSPF_VL1 to router 150.1.2.2 is up
  Run as demand circuit
  DoNotAge LSA allowed.
  Transit area 5, via interface Serial1/3, Cost of using 65535
  Transmit Delay is 1 sec, State POINT_TO_POINT,
  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
    Hello due in 00:00:07
Rack1R3#
Rack1R3#sh ip ospf int | incl Area
  Internet Address 150.1.3.3/24, Area 0
  Internet Address 155.1.0.3/24, Area 0
  Internet Address 155.1.37.3/24, Area 2
  Internet Address 155.1.13.3/24, Area 4
  Internet Address 155.1.23.3/24, Area 5
Rack1R3#

Fucking Virtual Links !!!!!!!!!!!!!!!

Dienstag, 14. Juni 2011

INE WB Vol1 - 6.11 OSPF Path Selection with Per-Neighbor Cost

Rack1R4(config-if)#bandwidth 768
Rack1R4(config-if)#do sh ip ospf int s0/0/0 | incl Cost
  Process ID 1, Router ID 223.255.255.255, Network Type POINT_TO_MULTIPOINT, Cost: 39062
Rack1R4(config-if)#no bandwidth
Rack1R4(config-if)#router ospf 1

R5(config)#router ospf 1
R5(config-router)#neighbor cost 39062

...yeah

Samstag, 11. Juni 2011

INE WB Vol1 - 5.22. EIGRP Filtering with Extended Access-Lists

Like RIP, extended access-lists when called as a distribute-list in IGP have a
different meaning than in redistribution or as in BGP. With BGP and
redistribution the “source” field in the ACL represents the network address, and
the “destination” field represents the subnet mask. In IGP distribute-list
application the “source” field in the ACL matches the update source of the route,
and the “destination” field represents the network address. This implementation
allows us to control which networks we are receiving, but more importantly who
we are receiving them from. Before the filter is applied, R5 routes as follows.

INE WB Vol1 - 5.17 EIGRP Stub Routing

Easy stuff.. just to remember
The EIGRP stub feature is used to limit the scope of EIGRP query messages,
and to limit what routes a neighbor advertises.

INE WB Vol1 - 5.15 EIGRP Unequal Cost Load Balancing

REVIEW !

Samstag, 7. Mai 2011

INE WB Vol1 - 5.8.EIGRP Summarization

!
router eigrp 100
redistribute rip metric 100000 10 255 1 1500

RSRack1R4(config-router)#redistribute rip metric 10 ?
  <0-4294967295>  EIGRP delay metric, in 10 microsecond units

RSRack1R4(config-router)#end

FastEthernet Delay 100ms
https://learningnetwork.cisco.com/thread/6116

Donnerstag, 5. Mai 2011

INE WB Vol1 - 5.1 EIGRP Network Statement

My solution was "passive-interface default" not just adding net network statements with host wildcard mask

Hm...

INE WB Vol1 - 4.22 RIPv2 Source Validation

Review

INE WB Vol1 - 4.16 RIPv2 Default Routing


SW1
router rip
distribute-list prefix DEF in
!
ip prefix-list DEF seq 5 deny 0.0.0.0/0
ip prefix-list DEF seq 10 permit 0.0.0.0/0 le 32
!
 
!
router rip
default-information originate route-map INT
!
route-map INT permit 10
set interface FastEthernet0/0.146
!
!

INE WB Vol1 - 4.12 RIPv2 Filtering with Extended Access-Lists


access-list 188 permit ip 155.1.9.0 0.0.0.255 host 155.1.0.1
access-list 188 deny   ip 155.1.9.0 0.0.0.255 any
access-list 188 permit ip 155.1.7.0 0.0.0.255 host 155.1.0.1
access-list 188 deny   ip 155.1.7.0 0.0.0.255 any
access-list 188 permit ip 155.1.1.0 0.0.0.255 host 155.1.0.3
access-list 188 deny   ip 155.1.1.0 0.0.0.255 any

INE WB Vol1 - 4.11 RIPv2 Filtering with Standard Access-Lists


Rack1R6#sh ip access-lists EVEN 
Standard IP access list EVEN
    10 permit 0.0.1.0, wildcard bits 255.255.254.255 (14 matches)
Rack1R6#sh run | incl distribute
distribute-list EVEN in Serial0/0/0
Rack1R6#

INE WB Vol1 - 4.10 RIPv2 Filtering with Prefix-Lists


RIP does not
generate a route to Null0 when generating summaries.

Mittwoch, 20. April 2011

INE WB Vol1 - 3.16 OER Measure Phase

My solution

key chain OER
 key 0
   key-string CISCO
oer master
 policy-rules ACTIVE
 logging
 !
 border 150.1.5.5 key-chain OER
  interface FastEthernet0/0 internal
  interface Serial0/0/0.1 internal
  interface Serial0/1/0 external
 !
 border 155.1.0.2 key-chain OER
  interface Serial0/0 internal
  interface Serial0/1 internal
  interface FastEthernet0/0 external
 !       
 border 155.1.0.3 key-chain OER
  interface FastEthernet0/0 external
  interface Serial1/2 external
  interface Serial1/3 internal
  interface Serial1/0 internal
 !       
 learn   
  throughput
  delay  
  protocol 1
  protocol tcp port 80
  protocol udp port range 16384 32767
  periodic-interval 5
  monitor-period 3
  prefixes 10
  aggregation-type bgp
 mode monitor passive
 !       
 active-probe tcp-conn 150.1.4.4 target-port 23
 active-probe tcp-conn 150.1.6.6 target-port 23
 active-probe tcp-conn 150.1.1.1 target-port 23
!        
oer border
 local Loopback0
 master 150.1.5.5 key-chain OER
!        
!        
oer-map ACTIVE 10
 match traffic-class prefix-list R4
 set mode monitor active
!

I think the I_NE solution is not 100% correct, the oer-map isn't attached to the oer master config in the workbook. and if i don't configure "mode monitor passive". R2,R3,R4 are active probed.

With "mode monitor passive"
Rack1R5#show oer master active-probes
        OER Master Controller active-probes
Border   = Border Router running this Probe
State    = Un/Assigned to a Prefix
Prefix   = Probe is assigned to this Prefix
Type     = Probe Type
Target   = Target Address
TPort    = Target Port
How      = Was the probe Learned or Configured
N - Not applicable

The following Probes exist:

State      Prefix             Type     Target          TPort   How     Codec
Assigned   150.1.4.0/24       tcp-conn 150.1.4.4          23  Cfgd         N
Assigned   150.1.6.0/24       tcp-conn 150.1.6.6          23  Cfgd         N
Assigned   150.1.1.0/24       tcp-conn 150.1.1.1          23  Cfgd         N
Assigned   150.1.6.0/24       echo     150.1.6.6           N  Lrnd         N
Assigned   150.1.1.0/24       echo     150.1.1.1           N  Lrnd         N

The following Probes are running:

Border          State    Prefix             Type     Target          TPort
155.1.0.3       ACTIVE   150.1.4.0/24       tcp-conn 150.1.4.4          23
150.1.5.5       ACTIVE   150.1.4.0/24       tcp-conn 150.1.4.4          23


Rack1R5#






Without "mode monitor passive"
Rack1R5#show oer master active-probes
        OER Master Controller active-probes
Border   = Border Router running this Probe
State    = Un/Assigned to a Prefix
Prefix   = Probe is assigned to this Prefix
Type     = Probe Type
Target   = Target Address
TPort    = Target Port
How      = Was the probe Learned or Configured
N - Not applicable

The following Probes exist:

State      Prefix             Type     Target          TPort   How     Codec
Assigned   150.1.4.0/24       tcp-conn 150.1.4.4          23  Cfgd         N
Assigned   150.1.6.0/24       tcp-conn 150.1.6.6          23  Cfgd         N
Assigned   150.1.1.0/24       tcp-conn 150.1.1.1          23  Cfgd         N
Assigned   150.1.6.0/24       echo     150.1.6.6           N  Lrnd         N
Assigned   150.1.1.0/24       echo     150.1.1.1           N  Lrnd         N

The following Probes are running:

Border          State    Prefix             Type     Target          TPort
155.1.0.3       ACTIVE   150.1.4.0/24       tcp-conn 150.1.4.4          23
150.1.5.5       ACTIVE   150.1.4.0/24       tcp-conn 150.1.4.4          23
155.1.0.3       ACTIVE   150.1.1.0/24       echo     150.1.1.1           N
150.1.5.5       ACTIVE   150.1.1.0/24       echo     150.1.1.1           N


Rack1R5#

What do you think ?

INE WB Vol1 - 3. IP Routing

Did all the tasks without a mistake :)

Now preparation for the OER (Optimized Edge Routing) Tasks

Montag, 4. April 2011

INE WB Vol1 - 2.10 Back-to-Back Frame Relay

R4:
interface Serial0/1
ip address 123.1.1.4 255.255.255.0
encapsulation frame-relay
no keepalive
frame-relay map ip 123.1.1.5 514 broadcast
R5:
interface Serial0/1
ip address 123.1.1.5 255.255.255.0
encapsulation frame-relay
no keepalive
clock rate 64000
frame-relay map ip 123.1.1.4 514 broadcast

INE Lab with 3550 limitations

Whats not possible with 3550s instead of 3560s
- Vol1 1.47 Private VLANs
- Vol1 9.2 IPv6 Unique Local Addressing (with tunnel/gre its possible)
- Vol1 9.5 IPv6 Auto-Configuration (with tunnel/gre its possible)
- Vol1 9.17 OSPFv3 - process doesn't come up on SW1-3550 (no solution yet)

INE WB Vol1 - 1.45 Flex Links

NOTE Spanning Tree Protocol is disabled on Flex Link interfaces

INE WB Vol1 - 1.43 IP Phone Trust and CoS Extend

Switchport priority extend 1

Rack1SW1(config-if)#switchport priority extend 1
Rack1SW1(config-if)#switchport priority ?
extend Set appliance 802.1p priority

Rack1SW1(config-if)#switchport priority e
Rack1SW1(config-if)#switchport priority extend ?
cos Override 802.1p priority of devices on appliance
trust Trust 802.1p priorities of devices on appliance

Rack1SW1(config-if)#switchport priority extend co
Rack1SW1(config-if)#switchport priority extend cos ?
<0-7> Priority for devices on appliance

Rack1SW1(config-if)#switchport priority extend cos 1
Rack1SW1(config-if)#

INE WB Vol1 - 1.41 RSPAN

Reflector-Port on 3550 ?


Rack1SW2(config)#$sion 1 destination remote vlan 500 reflector-port ?
FastEthernet FastEthernet IEEE 802.3
GigabitEthernet GigabitEthernet IEEE 802.3z

Rack1SW2(config)#$sion 1 destination remote vlan 500 reflector-port

Characteristics of Reflector Port

The reflector port is the mechanism that copies packets onto an RSPAN VLAN. The reflector port forwards only the traffic from the RSPAN source session with which it is affiliated. Any device connected to a port set as a reflector port loses connectivity until the RSPAN source session is disabled.

The reflector port has these characteristics:

*

It is a port set to loopback.
*

It cannot be an EtherChannel group, it does not trunk, and it cannot do protocol filtering.
*

It can be a physical port that is assigned to an EtherChannel group, even if the EtherChannel group is specified as a SPAN source. The port is removed from the group while it is configured as a reflector port.
*

A port used as a reflector port cannot be a SPAN source or destination port, nor can a port be a reflector port for more than one session at a time.
*

It is invisible to all VLANs.
*

The native VLAN for looped-back traffic on a reflector port is the RSPAN VLAN.
*

The reflector port loops back untagged traffic to the switch. The traffic is then placed on the RSPAN VLAN and flooded to any trunk ports that carry the RSPAN VLAN.
*

Spanning tree is automatically disabled on a reflector port.
*

A reflector port receives copies of sent and received traffic for all monitored source ports.

Donnerstag, 10. März 2011

Dienstag, 8. März 2011

INE WB Vol1 - 1.11 VTP Prune-Eligible List

Review VTP pruning
http://www.cisco.com/en/US/tech/tk389/tk689/technologies_tech_note09186a0080094c52.shtml

Mittwoch, 23. Februar 2011

INE WB Vol1 - 1.5 802.1q Native VLAN

This is happening if you have native VLAN mismatch, and receive a BPDU where the PVID and dot1q-field doesn't match

*Mar 1 01:32:07.467: %SPANTREE-2-RECV_PVID_ERR: Received BPDU with inconsistent peer vlan id 1 on FastEthernet0/20 VLAN146.
*Mar 1 01:32:07.467: %SPANTREE-2-BLOCK_PVID_PEER: Blocking FastEthernet0/20 on VLAN0001. Inconsistent peer vlan.
*Mar 1 01:32:07.467: %SPANTREE-2-BLOCK_PVID_LOCAL: Blocking FastEthernet0/20 on VLAN0146. Inconsistent local vlan.
*Mar 1 01:32:07.471: %SPANTREE-2-RECV_PVID_ERR: Received BPDU with inconsistent peer vlan id 1 on FastEthernet

Cisco statement ->
Port VLAN ID (PVID) inconsistencyA per−VLAN spanning tree (PVST+) Bridge Protocol Data
Unit (BPDU) is received on a different VLAN than it was originated: (Port VLAN ID Mismatch
or *PVID_Inc).


Rack1SW1#show spanning-tree vlan 1

VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 32769
Address 000b.5f70.0580
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 000b.5f70.0580
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300

Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Fa0/1 Desg FWD 19 128.1 P2p
Fa0/5 Desg FWD 19 128.5 P2p
Fa0/13 Desg BKN*19 128.13 P2p *PVID_Inc
Fa0/14 Desg BKN*19 128.14 P2p *PVID_Inc
Fa0/15 Desg BKN*19 128.15 P2p *PVID_Inc
Fa0/16 Desg BKN*19 128.16 P2p *PVID_Inc
Fa0/17 Desg BKN*19 128.17 P2p *PVID_Inc
Fa0/18 Desg BKN*19 128.18 P2p *PVID_Inc
Fa0/19 Desg BKN*19 128.19 P2p *PVID_Inc
Fa0/20 Desg BKN*19 128.20 P2p *PVID_Inc
Fa0/21 Desg BKN*19 128.21 P2p *PVID_Inc

Rack1SW1#

Montag, 14. Februar 2011

Spanning-tree loopguard



Spanning-Tree Loopguard is a often misunderstood technology. Let's have a look how it works ->


RSRack1SW3#sh run | incl loop
spanning-tree loopguard default
RSRack1SW3#
RSRack1SW3#show spanning-tree loop
RSRack1SW3#sh cdp nei fa0/15
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
                  S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone

Device ID        Local Intrfce     Holdtme    Capability  Platform  Port ID
RSRack1SW1       Fas 0/15          126          R S I     WS-C3550- Fas 0/18
RSRack1SW3#
RSRack1SW3#show spanning-tree 

VLAN0001
  Spanning tree enabled protocol ieee
  Root ID    Priority    24577
             Address     000b.5f70.0580
             Cost        19
             Port        13 (FastEthernet0/13)
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    32769  (priority 32768 sys-id-ext 1)
             Address     000b.5f70.b880
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time 300

Interface           Role Sts Cost      Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Fa0/13              Root FWD 19        128.13   P2p 
Fa0/15              Altn BLK 19        128.15   P2p 

          
RSRack1SW3#
...
RSRack1SW1(config)#int fa 0/18
RSRack1SW1(config-if)#spanning-tree bpdufilter enable 
RSRack1SW1(config-if)#
...
RSRack1SW3#
*Mar  1 00:25:55.363: %SPANTREE-2-LOOPGUARD_BLOCK: Loop guard blocking port FastEthernet0/15 on VLAN0001.
RSRack1SW3#                   
RSRack1SW3#show spanning-tree 

VLAN0001
  Spanning tree enabled protocol ieee
  Root ID    Priority    24577
             Address     000b.5f70.0580
             Cost        19
             Port        13 (FastEthernet0/13)
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    32769  (priority 32768 sys-id-ext 1)
             Address     000b.5f70.b880
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time 300

Interface           Role Sts Cost      Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Fa0/13              Root FWD 19        128.13   P2p 
Fa0/15              Desg BKN*19        128.15   P2p *LOOP_Inc 

          
          
RSRack1SW3#


We just filter BPDU from the remote side of the Blocking-Port. SW3 fa0/15 no longer receives BPDUs from the Root Bridge. The normal behaviour would be to transition from Blocking to Listening to Learning and finally to Forwarding, which would create a nice L2-Loop (never say Spanning-Tree Loop, more like Stupid-Administrator-loop). The loopguard feature sets the port into loop-incosistency state.

But what happens in a Loop-Free-Topology where the Root-Port no longer receives BPDUs ?

RSRack1SW1(config)#int fa 0/18
RSRack1SW1(config-if)#spanning-tree bpdufilter enable
RSRack1SW1(config-if)#
RSRack1SW1#sh cdp nei
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
                  S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone

Device ID        Local Intrfce     Holdtme    Capability  Platform  Port ID
RSRack1SW3       Fas 0/18          144          R S I     WS-C3550- Fas 0/15
RSRack1SW1#
...
RSRack1SW3#show spanning-tree 

VLAN0001
  Spanning tree enabled protocol ieee
  Root ID    Priority    24577
             Address     000b.5f70.0580
             Cost        19
             Port        15 (FastEthernet0/15)
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    32769  (priority 32768 sys-id-ext 1)
             Address     000b.5f70.b880
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time 300

Interface           Role Sts Cost      Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Fa0/15              Root FWD 19        128.15   P2p 

          
RSRack1SW3#  
*Mar  1 00:38:41.363: %SPANTREE-2-LOOPGUARD_BLOCK: Loop guard blocking port FastEthernet0/15 on VLAN0001.
RSRack1SW3#

Aha, now we see that if we don't receive any further BPDUs on a loopguard enabled Non-Designated Port, the port transitions to the Loop-Incosistency state.

BTW: Obviously iff we shut/no shut the port on this loop-free topology between SW1 and SW3 both switches will be Root and no loop is formed, but that would be no design for productive environments. The example should just show the operation of loopguard.

Dienstag, 18. Januar 2011

Failed First CCIE LAB attempt

...damn it...
Troubleshooting PASS
Configuration FAILED

i wasn' that prepared. i only did INE VOL I til EIGRP section ;)
So it's no surprise that i failed :/
But now i know what the real lab is like :)