Subjects Covered On 16-17/12/07

16/12/07

Went over some IEWB Lab notes in the morning.
Went over IEWB Vol III Lab 6.  I completely messed this up.  I don’t know what planet I was on when attempting this lab, but everything I seemed to configure went wrong!!!  Especially route redistribution.  Tomorrow I’m going over Redistribution from start to finish

Amount of time studying today – 6hr 13mins
Total Studying hours so far since starting this blog – 217hrs  50mins

17/12/07

Started going over redistribution again.  This morning I flicked through the Routing TCP/IP Vol I book.  I skimmed the Route Redistribution and Filtering Chapters.  I also read the “Route Redistribution” chapter in the Odom CCIE Cisco Press book.  Whilst reading this I configured up my lab to the same scenerio in the book and went over everything in slow time.  I also listened to the first of the IEWB Route Redistribution CoD.

Amount of time studying today – 5hrs 22mins
Total Studying hours so far since starting this blog – 223hrs  12mins

Subjects Covered 14-15/12/07

Went over all my notes for Multicast on Friday 14/12/07.  Good to go over this, I also listened to the 2 “Advanced Multicast” CoD from IE.  This has helped me solidify my knowledge.  A few notes:

ip pim sparse-mode

If you don’t see any interfaces in the OIL list for group 224.1.0.40, and you are using sparse mode,  ensure that you have “ip pim auto-rp listener” enabled.  If you haven’t, this will be the reason why.

I used ntp to verify the multicast solution.  On the directly connected router to the multicast ntp server.  Before any clients had been configured, you can see that for groups 226.6.6.6 ( I used this for the ntp multicast group) and group 224.0.1.1 (this is the multicast group that is assigned to ntp according to the RFC) that the DR is continually trying to register the groups.  Because the RP hasn’t learned of any clients, it will keep sending a “Register-Stop” packet back:

(*, 226.6.6.6), 00:01:12/stopped, RP 150.1.5.5, flags: SJCF
  Incoming interface: Serial0/0, RPF nbr 155.1.0.5
  Outgoing interface list:
    FastEthernet0/0, Forward/Sparse, 00:01:12/00:02:19

(155.1.146.6, 226.6.6.6), 00:00:05/00:02:59, flags: FT
  Incoming interface: FastEthernet0/0, RPF nbr 0.0.0.0, Registering
  Outgoing interface list:
    Serial0/0, Forward/Sparse, 00:00:05/00:02:59

(*, 224.0.1.1), 00:01:29/stopped, RP 150.1.5.5, flags: SJCF
  Incoming interface: Serial0/0, RPF nbr 155.1.0.5
  Outgoing interface list:
    FastEthernet0/0, Forward/Sparse, 00:01:29/00:02:18

(155.1.146.6, 224.0.1.1), 00:00:14/00:02:51, flags: PFT
  Incoming interface: FastEthernet0/0, RPF nbr 0.0.0.0, Registering
  Outgoing interface list: Null

On the RP:

(*, 226.6.6.6), 00:03:42/00:02:45, RP 150.1.5.5, flags: S
  Incoming interface: Null, RPF nbr 0.0.0.0
  Outgoing interface list:
    Serial0/0, Forward/Sparse, 00:03:42/00:02:45

(155.1.146.6, 226.6.6.6), 00:02:35/00:01:28, flags: P
  Incoming interface: Serial0/0, RPF nbr 155.1.0.1
  Outgoing interface list: Null

(*, 224.0.1.1), 00:03:58/00:03:27, RP 150.1.5.5, flags: S
  Incoming interface: Null, RPF nbr 0.0.0.0
  Outgoing interface list:
    Serial0/0, Forward/Sparse, 00:03:59/00:03:25

(155.1.146.6, 224.0.1.1), 00:02:44/00:01:19, flags: P
  Incoming interface: Serial0/0, RPF nbr 155.1.0.1
  Outgoing interface list: Null

The RP is pruning back the traffic.

On the RP once a client had requested the multicast ntp:

(*, 226.6.6.6), 00:05:56/00:03:28, RP 150.1.5.5, flags: SJC
  Incoming interface: Null, RPF nbr 0.0.0.0
  Outgoing interface list:
    FastEthernet0/0, Forward/Sparse, 00:00:20/00:03:09
    Serial0/0, Forward/Sparse, 00:05:56/00:03:28

(155.1.146.6, 226.6.6.6), 00:04:50/00:01:34, flags:
  Incoming interface: Serial0/0, RPF nbr 155.1.0.1
  Outgoing interface list:
    FastEthernet0/0, Forward/Sparse, 00:00:21/00:03:08

If you aren’t getting any rp mappings, check the pim neighbours
If you still aren’t getting any rp mappings, check the RPF on the mapping agent address
If you are getting rp mappings but aren’t getting any traffic from the RP, check the RPF on the RP address
If traffic on the RP is being received on a NBMA interface and needs to be sent out the same interface to clients, you will need to enter the “ip pim nbma-mode”, this overrides the “split-horizon” issue.

If the Auto-RP dense groups (224.0.1.39/40) need to be sent up to a hub into a NBMA interfaace and this needs to go other spokes, the “ip pim auto-rp listenter” won’t help.  This command is only used for sparse-mode traffic.  To get other spokes to learn the rp mappings from the mapping agent when the mapping agent itself is a spoke, use tunnels to send the dense mode traffic over.

The easiest way to avoid these issues is to either statically configure the RP’s or simply use BSR.  I used BSR in this topology and it was very straightforward to configure/verify!

Amount of time studying today – 6hrs 8 mins
Total Studying hours so far since starting this blog – 203hrs  55mins

15th December 2007

Yesterday I went over my notes for the 1st 4 labs in IEWB Vol II.  It’s suprising how much you can forget within the space of a few days!!  I think every week I will make time to go over the notes of the labs that I have done.
I also completed IEWB Vol III Lab 5.  A couple of notes on the lab:

If you are asked to configure frame-relay over a WAN and to not use more than 1 frame-relay map command on any router simply use PPPoFR on all routers involved.  On the hub use the following config to point more than 1 DLCI out of the interface:

  interface Serial0/0.1 multipoint
frame-relay interface-dlci 501 ppp Virtual-Template1
frame-relay interface-dlci 502 ppp Virtual-Template1

Ensure you also configure the spoke ends with PPPoFR as well otherwise you won’t be able to ping across the WAN.

When using PPPoFR, you will NOT see any output from the show frame-relay map command

The WAN where the spokes haven’t got layer 2 reachability to one another wasn’t area 0. 
This area has to be a transit area for a virtual link configuration, but the ABR for Area 0/Transit area isn’t advertising it’s RID (loopback) interface out.  You cannot create a virtual link between the 2 ABR’s directly, as they are not OSPF neighbours and don’t know each others RID.  What you have to do is create a virtual link from the spokes to the hub; the hub will have 2 entries for the virtual link.

2 other stupid mistakes I made.  A solution called for a tunnel to be used.  I configured this, but the tunnel wouldn’t come up.  It took me at least 10 minutes before I found out that I had configured the same IP address on both ends of the tunnel!!!  Wot a prick!!

Within the lab, dialer interfaces were used.  When configuring RIPv2, i used the “passive-interface default” command and “unpassified” the interfaces I needed to run RIPv2 over.  After a good 15 minutes of trying to workout why my RIP routes weren’t being exchanged, it finally dawned on me that I had “unpassified” the physical interface and not the dialer interface!!  I was nearly headbutting the f&$%ing table in frustration!!!

Amount of time studying today – 7hrs 42mins
Total Studying hours so far since starting this blog – 211hrs  37mins

Subjects Covered 12-13/12/07

Completed the IEWB Vol II Lab IV.  The main issues that I am having is very stupid mistakes.  Putting config on a physical interface where I should be putting it on a sub-interface.  Over-reading the question and putting real world logic to the tasks.
One weird issue I ran into is that one R1, the serial interface was in a looped state.  I checked all configuration on R1 and the FR Switch.  There was nothing wrong with it at all.  I stripped of the configuration on R1 and re-applied.  Still had the issue.  I stripped of the config off of the interface on the FR switch and re-applied the exact same config……the issue was then resolved!!  Very odd!!

This lab was testing quite a lot of knowledge on spanning-tree and how to configure traffic engineering at Layer 2.  Where and when to use either “spanning-tree vlan cost” or “spanning-tree vlan port-priority”.

The IGP’s, there wasn’t anything too bad there, redistribution was the easiest I have ever seen on a lab, there were no mutual points of redistribution.  The scenerio asked for one of the routes to have a metric of 100 inside the OSPF routing domain, and the other to have a culmatalive metric.  This was referring to E1 and E2 routes.

Multicast was ok, just that it took me an age to realise that a GRE tunnel that was configured need “sparse-mode” enabled on it.

Again, I made a stupid mistake on an eBGP connection.  It was going over a non-BGP router.  It took me an age to finally remember that an eBGP establishment packet will only have a TTL of 1!!!  It’s stupid mistakes like this that get me really pissed off with myself as I know that these sort of things shouldn’t be causing me an issue at all!!  I suppose its better to make these stupid mistakes now and not in the LAB but its still bloody annoying.

Tomorrow I’m going to go over multicast again, and read my extensive notes on the Labs I have taken so far!!!

Amount of time studying yesterday- 9hrs 22mins
Amount of time studying today – 7hrs 48 mins
Total Studying hours so far since starting this blog – 197hrs 47mins

Subjects Covered Thur 6th – Tue 11/12/07

On Thursday 6/12 I completed the IEWB Vol III Lab 3.

Amount of time studying today – 2hrs 0mins
Total Studying hours so far since starting this blog – 151hrs 57mins

On Friday I started the IEWB Vol III Lab 4.  I only put in 2 hours here as I had my works Xmas doo.

Amount of time studying today – 2hrs 0mins
Total Studying hours so far since starting this blog – 153hrs 57mins

On Saturday I finished the IEWB Vol III Lab 4.  Then I decided to do nothing else as I had drunk a fair bit on Friday night!!  The lab wasn’t too bad at all, nothing really jumps out.  It had some Integrated Routing and Bridging in, this is the 1st time i’ve done this in a lab and it wasn’t too bad at all

Amount of time studying today – 2hrs 0mins
Total Studying hours so far since starting this blog – 155hrs 57mins

On Sunday, I pulled my finger out and completed IEWB Vol II Lab III.

Amount of time studying today – 8hrs 45mins
Total Studying hours so far since starting this blog – 164hrs 42mins

On Monday I went through the entire solution guide for Lab III.  This took as long as the Lab itself

Amount of time studying today – 8hrs 17mins
Total Studying hours so far since starting this blog – 172hrs 59mins

On Tuesday 11/12, I went through IP services again as I am quite weak on that area.  There is a lot more to it than first meets the eye, such as menus/auto install etc etc.  Tomorrow I am going to start IEWB Vol II Lab IV!!

Amount of time studying today – 7hrs 38mins
Total Studying hours so far since starting this blog – 180hrs 37mins

Subjects Covered on 05/12/07

Back2Back FR

Topology used:

 R1 -> R3 -> R2
The interfaces must be sub-interfaces otherwise this won’t work.
If not using LMI’s turn this off under the main interface.
If using LMI’s, on the hub use:

frame-relay switching – global command
frame-relay intf-type dce – under the main interface.

The dlci’s have to match either end of the link.
Configuration used:

HUB: (This link is using LMI’s)

interface Serial1/2
 no ip address
 encapsulation frame-relay
 serial restart-delay 0
 clock rate 64000
 frame-relay intf-type dce
end

interface Serial1/2.313 point-to-point
 ip address 155.1.13.3 255.255.255.0
 frame-relay interface-dlci 131  
end

SPOKE:

interface Serial0/1
 no ip address
 encapsulation frame-relay
end
!
interface Serial0/1.131 point-to-point
 ip address 155.1.13.1 255.255.255.0
 frame-relay interface-dlci 131 
HUB (This link isn’t using LMI’s)

interface Serial1/3
 no ip address
 encapsulation frame-relay
 no keepalive
 serial restart-delay 0
 clock rate 64000
!
interface Serial1/3.323 point-to-point
 ip address 155.1.23.3 255.255.255.0
 frame-relay interface-dlci 323

SPOKE

interface Serial0/1
 no ip address
 encapsulation frame-relay
 no keepalive
end
!
interface Serial0/1.323 point-to-point
 ip address 155.1.23.2 255.255.255.0
 frame-relay interface-dlci 323
The pvc not using LMI’s will show up as “STATIC”

R2#show frame-relay pvc 323

PVC Statistics for interface Serial0/1 (Frame Relay DTE)

DLCI = 323, DLCI USAGE = LOCAL, PVC STATUS = STATIC, INTERFACE = Serial0/1.323
TRANSPARENT BRIDGING

Basic config on the router that will be doing the bridging:

no ip routing
!
bridge 1 protocol ieee
!
interface FastEthernet0/0
 bridge group 1
!
interface FastEthernet0/1
 bridge group 1

Use “show bridge (no)” to see the mac-addresses of the directly connected devices

CONCURRENT-ROUTING-BRIDGING

This allows you to bridge on interfaces and route on others, but this CANNOT be done on the same interface.
To configure the bridging domain:

bridge crb
!
ip routing
!
bridge 1 protocol ieee
!
interface FastEthernet0/0
 bridge group 1
!
interface FastEthernet0/1
 bridge group 1
!
interface s0/1
 ip address 1.2.3.4 255.255.255.0

If you configure a dynamic routing protocol on the bridged side and the interface with the ip address on, routes WON’T be

exchanged between the bridged and routed domains

INTEGRATED-ROUTING-BRIDGING

You can route and bridge the same protocol stack on the same interface.
You create a BVI interface, and the IP address you assign it will belong to the same range as the bridged domain.  You will

be now be able to exchange routes between the 2 domains:

bridge irb
!
ip routing
!
bridge 1 protocol ieee
!
interface FastEthernet0/0
 bridge group 1
!
interface FastEthernet0/1
 bridge group 1
!
interface bvi 1
 ip address 192.168.10.3 255.255.255.0
!
interface s0/1
 ip address 1.2.3.4 255.255.255.0

I’ve also gone through my Routing TCP/IP Volume I and the Odom 2nd Edition CCIE Cisco Press Book notes on OSPF.

Amount of time studying today – 3hrs 0mins
Total Studying hours so far since starting this blog – 145hrs 57mins

Subjects Covered On 04/12/07

Went through the IEWB Vol III Lab III today:

 Inverse-Arp 

• If asked to use frame-relay inverse-arp just for one dlci and not any others.  Don’t use “no frame-relay inverse-arp” on the interface the “frame-relay inverse-arp ip 105”.  Look under “show frame-relay pvc” and use “no frame-relay inverse-arp ip [dlci]” under the dlci’s that you don’t want inverse-arp to be on.

 Offset-List 

• If asked to increase ALL routes from a router use:
  • offset-list 0 in 13 [interface]
• 0 means “all” routes

   Advertisement of OSPF Loopback interfaces 

• To advertise a loopback and not be associated with any area, use the “redistribute connected route-map” command
• To advertise a loopback, that needs to show as a /24 mask, be associated with an OSPF area and you can’t use the “ip ospf network-type point-to-point” command.  Use :

  router ospf 1
  network (loopback address) area 3
  area 3 range 150.1.3.0 255.255.255.0

  This will now show up as a /24 without the use of the “ip ospf network-type point-to-point” command.  Ensure that you are advertising the subcomponent subnets otherwise the summary will not be advertised.

• To advertise a loopback with a /24 mask, not be associated with any area AND you can’t use “redistribute connected”.  Advertise it via another protocol.  Then, create a route-map that matches the loopback.  Redistribute the protocol into OSPF with the route-map that only matches the loopback interface

  Amount of time studying today – 5hrs 30mins
  Total Studying hours so far since starting this blog – 142hrs 57mins

Subjects Covered On 02-03/12/07

Yesterday and today I went over the IEWB Lab Breakdown CoD and the IEWB Vol II Solutions Guide.

Things learnt from IEWB Lab 2

With routing, the 3560 switch can handle 6000 directly connected routes or 2000 non-directly connected routes.
To enable the switch to accept more use “sdm prefer routing”

OSPF

To enable type 1 authentication under the interface ensure you add the following NOT just the keys otherwise the router will think type “null” is being used:

ip ospf authentication – under the interface
area [id] authentication – under the routing process

Obviously configure the keys also.
To verify use “show ip ospf” or “show ip ospf interface”

BGP

To make a neighbour think that the router belongs to another AS use:

neighbor 1.2.3.4 local-as 100

This is used when transitioning networks over but you don’t want to interupt the traffic flow.  This is only a temporary solution.

Multicast

“ip pim nbma-mode” under the interface tells the router to include the IP address of the PIM neighbour(s) that are reachable out of the multiaccess interface.  This can be seen from the output of “show ip mroute”.  This is used so multicast traffic doesn’t flow over DLCI’s that have no members for the multicast group.

IPv6

With the issues that I was having with the tunnel not establishing over a full mesh FR topology.  The tunnel wasn’t needed!!  Again I read too much into the question.  All that was needed was for the IPv6 address to go onto the FR interfaces, and a static route set up so each router could contact each others loopback IPv6 address.  No mapping of the link local address was required as it was the routing that got the packets to the final destination.

QoS

When asked to reserve bandwidth, I used “shape” instead of “bandwidth”!!!  Why??  I honestly don’t know, it was a stupid mistake that lead to me not picking up any points in the QoS section.  With the ACLs that classified the traffic, I also got the source and destination tcp ports the wrong way round!!  Again, stupid mistakes!!

System Mgt

If asked to configure a SYSLOG server, use “logging 1.2.3.4”.  Because I was doing SNMP at the same time as the SYSLOG task, I actually configured an SNMP server instead!!
All in all it was a good lab.  Just stupid mistakes that dropped me the valuable points.  I suppose it’s better to do the mistakes now rather than the actual lab.  It’s just annoying when I go through the solutions then see what I’ve put and I KNOW that I shouldn’t of configured it the way I had!!  Still much to learn!!

Amount of time studying yesterday – 7hrs 30mins
Amount of time studying today – 4hrs 15mins
Total Studying hours so far since starting this blog – 137hrs 27mins

Subects Covered On 1/12/07

Today I tackled the 2nd Lab in IEWB Vol II.
All in all it went well.  Well I think it did, i’ll be going over the CoD Breakdown and the solutions guide tomorrow.
The one area I need to think about is redistribution.  I managed to see a couple of issues before they happened.  But the one that took me a bit of time to work out is when one of the links goes down and a backup kicks in and EIGRP re-converges.  You have to think about how the topology will reconverge and spot the issues.  I managed to sort the issues out, and I’m getting pretty good at typing out the tcl scripts!
The multicast/QoS/Security/IP Services weren’t to bad.  One thing that I couldn’t get working was IPv6 over the IPv4 network.  The IPv4 network is  fully meshed and I just couldn’t get the tunnel to come up!!  I will investigate this tomorrow.

Amount of time studying today – 9hrs 20 mins
Total Studying hours so far since starting this blog – 135hrs 22mins

Subjects Covered On 29/30/11/2007

Still going through QoS:

Configured and tested per-port/per-port-per-vlan and per-vlan QoS
Configured and tested mls qos overide configured on the interface

Practice DSCP mutation-map – done I configured:

mls qos map dscp-mutation TELNET 48 to 8
!
interface GigabitEthernet 1/0/16
 mls qos dscp-mutation TELNET

This changes DSCP 48 (IPP/CoS 6) to DSCP 8 (IPP/CoS 1)

Topology was SW2 -> SW3 -> R3

On SW2 i noted the IPP of telnet packets going out of the trunk to SW3:

SW2#show inter pre
Vlan100
  Output
    Precedence 6:  13 packets, 789 bytes

Then I telnetted to R3 and had a look to see if the mutation-map worked:

As you can see, the telnet packets have changed from IPP 6 to IPP 1:

R3#show inter pre
Ethernet0/1
  Input
    Precedence 1:  11 packets, 660 bytes
Serial1/2
  Input
    Precedence 5:  5 packets, 520 bytes
R3#show inter pre
Ethernet0/1
  Input
    Precedence 1:  16 packets, 960 bytes
Serial1/2
  Input
    Precedence 5:  5 packets, 520 bytes
R3#show inter pre
Ethernet0/1
  Input
    Precedence 1:  21 packets, 1260 bytes
Serial1/2
  Input
    Precedence 5:  5 packets, 520 bytes

Police Aggregate:

I used:

mls qos aggregate-policer ICMP 64000 8000 exceed-action drop
!
access-list 100 permit icmp any any
!
class-map ICMP
 match access-group 100
!
policy-map ICMP
 class ICMP
  police aggregate ICMP
 class class-default
  police aggregate ICMP
!
interface GigabitEthernet 1/0/3
 description Connection to R3
 service-policy input ICMP

To test I pinged from R3 to vlan 100 on SW2:

R3#ping 200.0.0.8 size 400 re 10000 ti 0

Type escape sequence to abort.
Sending 10000, 400-byte ICMP Echos to 200.0.0.8, timeout is 0 seconds:
..!………………………………………………………….
…………………………………………………………….
…………………………………………………………….

You can see on SW3 that packets that aren’t conforming to the policed rate are dropped:

SW3#show mls qos interface gig 1/0/3 st
GigabitEthernet1/0/3
!!!Output Omitted!!!
Policer: Inprofile:          246 OutofProfile:         9799

So out of the 10000 packets I sent, only 246 conformed

IPP to DSCP mapping:

On SW3 I used the following config:

mls qos map ip-prec-dscp 0 8 16 24 32 40 8 56
!
interface GigabitEthernet 1/0/16
 mls qos trust ip-precedence

Again I telnetted from SW2 to R3:

SW2#show inter pre
Vlan100
  Output
    Precedence 0:  206 packets, 83784 bytes
    Precedence 6:  444 packets, 26676 bytes

SW2#telnet r3    
Trying R3 (10.0.0.3)… Open

R3#show inter prec
Ethernet0/1
  Input
    Precedence 1:  35 packets, 2100 bytes
Serial1/2
  Input
    Precedence 5:  5 packets, 520 bytes
R3#show inter prec
Ethernet0/1
  Input
    Precedence 1:  41 packets, 2460 bytes
Serial1/2
  Input
    Precedence 5:  5 packets, 520 bytes

Amount of time studying yesterday – 2hrs
Amount of time studying today – 3hrs 40 mins
Total Studying hours so far since starting this blog – 126hrs 12mins

Subjects Covered on 28/11/07

Today I have started QoS again.
I’m going through the blueprint and making sure I go through and understand each subject.
I went through the Shaping Terms such as Bc/Be/Tc etc etc as these are fundamental to understanding.  I think the following sentence is the best description of Excessive Burst:

Be = Be is the difference between what the Shaped Rate is (Bc per Tc or CIR per second) to what the maximum supported output is (Bc+Be per Tc or Actual Rate (AR) per second)

 I’ve been through the queuing techniques et all.  I’m going to plunder on with it.
I’ve also been through the 2nd Lab of IEWB Vol III.  I think the lesson this lab was trying to teach was what happens when you redistribute connected interfaces into a routing protocol.    And when you later redistribute a routing protocol into this protocol some of the routes won’t be redistributed in.  I think it tests you on this on 4 seperate occassions, its a very good thing to know as it could cause hugh confusion!  If you are having issues with this, watch the IEWB redistribution CoDs.  You will soon get the hang of it

Amount of time studying today – 5hrs 38 mins
Total Studying hours so far since starting this blog – 120hrs 32mins