Pages

network cisco ccna gns3 certification arteq

network cisco ccna gns3 certification arteq
a network runs through it

Search insearchofthecert

Wednesday, May 30, 2012

quote of the day, paul browning...

from switch simplified...

"when talking about switches, the bandwidth of the switch refers to the capacity of the switch fabric (or backplane) and not to the cumulative bandwidth of the ports, as is often mistakenly assumed..."

there's one to write home about...

read more about the history of switch fabric here:
 http://etherealmind.com/what-is-the-definition-of-switch-fabric/

why isn't vlan 0 used?

actually vlan 0 is used but is not configurable... vlan 0 is reserved for 802.1p priority tagging for voice traffic...





Monday, May 28, 2012

nice site...

http://www.networkclasses.in/2011/02/spanning-tree-enhancements/

sometimes you just need to read it a different way...

he's got some great stuff there...

hsrp quick scrape...


dls1

int vlan 1
standby 1 ip 172.16.1.5
standby 1 prio 110
standby 1 pre

int vlan 100
standby 100 ip 172.16.100.5
standby 100 pri 110
standby 100 pre

int vlan 200
standby 200 ip 172.16.200.5
standby 200 pri 110
standby 200 pre

int vlan 300
standby 255 ip 172.16.255.5
standby 255 pri 110
standby 255 pre

dls2

int vlan 1
standby 1 ip 172.16.1.5
stand 1 pri 90
stand 1 pre

int vlan 100
stan 100 ip 172.16.100.5
stan 100 pri 90
stan 100 pre

int vl 200
stan 200 ip 172.16.200.5
stan 200 pri 90
stan 200 pre

int vl 300
stan 255 ip 172.16.255.5
stan 255 pri 90
stan 255 pre


ospf vrf...

i wanted to get fancy this morning, so i added loopbacks and ospf to have multiple routing tables with ospf... r1 and r2 are ce's, r3 is the pe


r2#sh ip route
Codes: omitted

Gateway of last resort is not set

     5.0.0.0/32 is subnetted, 1 subnets
O       5.5.5.5 [110/65] via 10.1.1.1, 00:02:53, Serial0/0
     7.0.0.0/24 is subnetted, 1 subnets
C       7.7.7.0 is directly connected, Loopback7
     9.0.0.0/24 is subnetted, 1 subnets
C       9.9.9.0 is directly connected, Loopback9
     10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C       10.1.1.0/24 is directly connected, Serial0/0
C       10.1.1.1/32 is directly connected, Serial0/0
r2#ping 5.5.5.5

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 5.5.5.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms
r2#


r1#sh ip route
Codes: omitted
Gateway of last resort is not set

     1.0.0.0/24 is subnetted, 1 subnets
C       1.1.1.0 is directly connected, Loopback0
     3.0.0.0/32 is subnetted, 1 subnets
O       3.3.3.3 [110/2] via 10.1.1.1, 00:04:12, FastEthernet0/0
     10.0.0.0/24 is subnetted, 1 subnets
C       10.1.1.0 is directly connected, FastEthernet0/0
     11.0.0.0/24 is subnetted, 1 subnets
C       11.1.1.0 is directly connected, Loopback1
r1#ping 3.3.3.3

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
r1#


so i built loopbacks and ospf processes as seen below:

r3#sh run int lo3
Building configuration...

Current configuration : 83 bytes
!
interface Loopback3
 ip vrf forwarding r1
 ip address 3.3.3.3 255.255.255.0
end

r3#sh run int lo5
Building configuration...

Current configuration : 83 bytes
!
interface Loopback5
 ip vrf forwarding r2
 ip address 5.5.5.5 255.255.255.0
end

r3#
r3#sh run | begin ospf
router ospf 2 vrf r2
 log-adjacency-changes
 capability vrf-lite
 network 3.3.3.0 0.0.0.255 area 0
 network 5.5.5.0 0.0.0.255 area 0
 network 10.1.1.0 0.0.0.255 area 0
!
router ospf 1 vrf r1
 log-adjacency-changes
 capability vrf-lite
 network 3.3.3.0 0.0.0.255 area 0
 network 5.5.5.0 0.0.0.255 area 0
 network 10.1.1.0 0.0.0.255 area 0
!

as you can see i tried to route both loopbacks to both vrf's but that didn't seem to work, and i'm not that terribly interested... the router would only let me assign one address to one loopback vrf... maybe you could figure it out...
see below for the route tables per vrf...

r3#sh ip route vrf r1

Routing Table: r1
Codes: omitted

Gateway of last resort is not set

     1.0.0.0/32 is subnetted, 1 subnets
O       1.1.1.1 [110/2] via 10.1.1.2, 00:25:03, FastEthernet0/0
     3.0.0.0/24 is subnetted, 1 subnets
C       3.3.3.0 is directly connected, Loopback3
     10.0.0.0/24 is subnetted, 1 subnets
C       10.1.1.0 is directly connected, FastEthernet0/0
     11.0.0.0/32 is subnetted, 1 subnets
O       11.1.1.1 [110/2] via 10.1.1.2, 00:25:03, FastEthernet0/0
r3#

r3#sh ip route vrf r2

Routing Table: r2
Codes: omitted

Gateway of last resort is not set

     5.0.0.0/24 is subnetted, 1 subnets
C       5.5.5.0 is directly connected, Loopback5
     7.0.0.0/32 is subnetted, 1 subnets
O       7.7.7.7 [110/65] via 10.1.1.2, 00:23:17, Serial0/0
     9.0.0.0/32 is subnetted, 1 subnets
O       9.9.9.9 [110/65] via 10.1.1.2, 00:23:17, Serial0/0
     10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C       10.1.1.2/32 is directly connected, Serial0/0
C       10.1.1.0/24 is directly connected, Serial0/0
r3#

r3#ping vrf r2 9.9.9.9

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 9.9.9.9, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms
r3#ping vrf r1 1.1.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
r3#


and of course there are still no global routes, only vrf routes...

r3#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

r3#

Sunday, May 27, 2012

vrf... the road to mpls...
































this is the beginning of what would later bury frame relay...

notice the diagram... the ip addresses are the same for the clients... virtual route forwarding... see below

r1#ping 10.1.1.1                                                                                     
                                                                                                     
Type escape sequence to abort.                                                                       
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:                                    
!!!!!                                                                                                
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms                                 
r1#

r2#ping 10.1.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms
r2#

r4#ping 10.1.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms
r4#

each client router (ce, client edge) is connected to  r3 (pe, provider edge) with a virtual connection provided by vrf... like frame relay without the hassle of a frame switch... this would later give way to mpls, or frame tagging for the wan...

normally, if you try to assign the same addresses to interfaces the router complains you have overlapping ip's... with a little variable magic, and very little at that, you can change the game...

r3#ping vrf r1 10.1.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
r3#ping vrf r2 10.1.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms
r3#ping vrf r4 10.1.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/5/8 ms
r3#

first note the rd's (route-distinguishers) in the diagram in global config...
then assign them to the interfaces...

interface FastEthernet0/0
 ip vrf forwarding r1
 ip address 10.1.1.1 255.255.255.0
 speed 100
 full-duplex
!
interface Serial0/0
 ip vrf forwarding r2
 ip address 10.1.1.1 255.255.255.0
 encapsulation ppp
 no fair-queue
 clock rate 1000000
!
interface Serial0/1
 ip vrf forwarding r4
 ip address 10.1.1.1 255.255.255.0
 encapsulation ppp
 clock rate 1000000
of course, it's just the beginning... you are running a separate route table for each vrf... see below
look ma, no global route table...

r3#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

r3#

then...

r3#sh ip route vrf r4

Routing Table: r4
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C       10.1.1.2/32 is directly connected, Serial0/1
C       10.1.1.0/24 is directly connected, Serial0/1
r3#

so what's the big deal with mpls... it doesn't have to dig into the packet, it labels the packet, it tags it, and uses cef to switch the hell out of it...

anki possibilities...



michael says,

program yourself,

i like this anki shit...


Saturday, May 26, 2012

the scrape...


after having erased the switch block and the l2 switches (switch block; a pair of distribution switches that aggregate  access layer switches)  i wrote the command set on paper? and scraped the configs in one a time... it took about 20 minutes to get everything to a base config; ie passwords, vty's, domain, vtp tansparent, of course, trunks, access ports, vlans, ip addresses, svi's, etc... i won't bore you with those particulars as you should be there by now...

next step was to make all the trunks port channels... i opened 4 telnet sessions at once and scraped the below configs into each (not including the names) since i connect my nix box to dls1 using a single l3 interface, this procedure can be tricky as the channels come up; ie, lags, errdisable, crashing telnet connections, etc... i didn't lose a single telnet session, but po1 on dls1 went into errdisable... once i shut, no shut po1, all channels were good...  with a term server this would be less prone to error, no chance of a telnet disconnect...

this took about five minutes


dls1
int rang f0/7 - 8
channel-g 1 mode on
int rang f0/9 - 10
channel-g 3 mode on
int rang f0/11 - 12
channel-g 2 mode on

dls2
int rang f0/7 - 8
channel-g 1 mode on
int rang f0/9 - 10
channel-g 3 mode on
int rang f0/11 - 12
channel-g 2 mode on

als1
int rang f0/7 - 8
channel-g 1 mode on
int rang f0/9 - 10
channel-g 3 mode on
int rang f0/11 - 12
channel-g 2 mode on

als2
int rang f0/7 - 8
channel-g 1 mode on
int rang f0/9 - 10
channel-g 3 mode on
int rang f0/11 - 12
channel-g 2 mode on



after ether summ on dls1
Group  Port-channel  Protocol    Ports
------+-------------+-----------+-----------------------------------------------
1      Po1(SU)          -        Fa0/7(P)    Fa0/8(P)   
2      Po2(SU)          -        Fa0/11(P)   Fa0/12(P)  
3      Po3(SU)          -        Fa0/9(P)    Fa0/10(P)  

dls1#


a good practice...

a text editor...

if you have a home lab, or gns3, or even using rack rentals this is a good technique to get used to...

before touching the machine or machines that you want to configure, pre-configure your work using a text editor, then scrape it in and see where it succeeds or fails...

in a production environment, you will almost never have the opportunity to simply configure the machine hot, you will be tasked with pre-configuring your changes, presenting the change to the group, and then be approved (or not) for plugging in your values during the change window...

think of the time you will save, especially with rack rentals, if you pre-configure your work before logging into the system... it will force you to have a plan before beginning the tasks you want to perform... you will ultimately save money if you are on the clock...

this will get your head into the machine before your fingers get into the machine... it will also reinforce what you know, and will glaringly point out what you don't know...

this will also serve to weed out sloppiness, and decrease your time at the console, which for lab testing, is vital...

it is often fun to be sloppy on your home lab, using the ? mark often, mistakenly thinking your making progress when in reality you are only reinforcing bad habits...

try pre-configuring a l3/l2 switch block on paper? first after erasing start and reloading, from the very begiunning... don't just copy a known config, type all the commands  without the help of any reference before touching the machine and see where you screw up...

this technique will make you faster and more accurate in your head while reinforcing commands, especially lengthy commands...

consider every pre-config you write to be a test, and time yourself during the process...

Wednesday, May 23, 2012

a novel approach...

i was talking to someone today who had a bizarre thought...  he's a ccna also, and when i told him i was working on ccnp, he said his boss told him to skip ccnp and go right for ccie... i've never given any thought to such an idea... we know that you don't have to pass ccna to attempt ccie... i've always considered that is cisco simply laying down a nutty challenge... it's  crazy for someone to try ccie without ccna, and further without ccnp... but when you start digging into ccie r&s, it's really ccna on acid... so why not?

while i still believe it is only natural to get ccnp first, then attempt ccie, the thought did get me spinning...

that is not to say that will change my path, but it is a hell of an idea, and one i never even thought of...

i believe one builds on the other, but maybe that guy has something... maybe...

Wednesday, May 16, 2012

bpdu guard, filter...

on portfast enabled ports bpduguard is activated globally with:

dls1(config)#spann portfast bpduguard default
dls1(config)#

if a bpdu is received on the port (a portfast port should not be receiving bpdu's, ie. it shouldn't be connected to a switch) the port is placed in errdisable

at the interface, simply:

dls1(config-if)#spann bpduguard enable
dls1(config-if)#

here too when the port receives a bpdu it goes into errdisable...

it is the difference in the words... guard not filter, guard not filter.. the guard shuts the port down, the filter drops the offenders, however...

dls1(config)#spann portfast bpdufilter default
dls1(config)#

prevents portfast enabled ports from sending or receiving bpdu's... if it receives a bpdu, it loses it's portfast ability and bpdu filtering is disabled...

enabling bpdu filtering is the same as disabling stp on the port, which could make it susceptible to loops... why you would ever want to allow a portfast port to be enabled automatically if it receives a bpdu is beyond me... i have read some half-hearted explanations to use this between isp's and their separate spanning trees, etc... 

here is a video that might explain it better...  guard seems like a good choice for most networks; use filter at your own risk...

http://www.youtube.com/watch?v=wvF0NFIHAEs

Monday, May 14, 2012

quizlet...

you need this... http://quizlet.com/subject/ccnp/



quote of the day... according to doyle...

from routing tcpip, jeff doyle...

the data link/physical layers and the transport/network layers, as defined by the OSI model, perform very similar duties: They provide the means for conveying data from a source to a destination across some path. The difference is that the data link/physical layers provide communications across a physical path, whereas the transport/network layers provide communications across a logical or virtual path made up of a series of data links.

Sunday, May 13, 2012

eigrp, back to squares...

i've been studying switch almost exclusively since february... i am still in no rush to test; the means is always more important than the end... in that time i've been mostly avoiding route except for how it pertains to switch, and i'm getting weary of it...

routing has always been my strength; my first cisco experience was bringing up a 3640 with an atm connection to replace an existing t1 a long time ago...

in the last two weeks i've  bought pdf copies of routing tcpip by jeff doyle, and ccnp route by wendell odom... it's good to get back to wendell as i haven't been a big fan of the hucaby switch ocg...  both ebooks on sale at cisco for a greatly discounted price through what was originally ebook of the day, and is now ebook of the week... if you don't keep an eye on those bargains you are not helping yourselves...

so if you haven't noticed, i'm beginning to insinuate route into the posts... at this point there are roughly 2 hundred switch specific posts covering most of the syllabus... time to mix it up a little bit, and as always, the beginning never ends...

eigrp uses 3 basic mechanisms to add routes to its table...


neighbor discovery  eigrp sends hello messages in an effort to discover
   potential neighbors

topology exchange  when the neighborship comes up, full routing tables are
   exchanged; thereafter partial updates are in order based on topology changes

route selection   eigrp analyzes the topology table, and selects the lowest-cost
   route to reach the target subnet

update messages are sent on 224.0.0.10 for multiple routers on the same subnet

design, implementation, verification...

simply...

design: what is to be accomplished

implementation: what needs to be done, and when, to realize the design

verification: did the implemented design work; prove it...

documentation: document ALL changes effected by the above


Saturday, May 12, 2012

why certify?

i'll tell you why...

no matter how much experience you have, if you don't have ccna, you are not ccna...  those who work in the industry who don't have it secretly wish they did, wish they had the bag to get it, but tell you they don't need it, because, after all they can build a nexus, yet they don't know the difference between the data-link layer and the data-dick layer... they are monkeys whose knowledge is only locally significant... they go so far as to call themselves engineers... it's disgusting... i have 20 years experience supporting networks but that didn't mean jack until i finally got off my dead ass and got ccna... as i work ccnp i would  never dream of referring to myself as an engineer, and i never will, until i get ccie...

the only people who belittle the certs are those afraid to actually get them...

Friday, May 11, 2012

Thursday, May 10, 2012

protect, restrict, shutdown...

port-sec...

protect drops the frames...

restrict drops the frames,  generates an snmp trap and syslog message

shutdown generates an snmp trap and syslog message, errdisables the port

shut, no shut will bring the port back, or speed up the errdisable recovery interval

p before r before s...

Wednesday, May 9, 2012

cdp neighbor review...

the farther away from home you are, the closer you become...

als2#sh cdp neigh                                                                               
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge                         
                  S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone                       
                                                                                                
Device ID        Local Intrfce     Holdtme    Capability  Platform  Port ID                     
dls2                       Fas 0/7            139         R S I     WS-C3550-4Fas 0/7                     
dls2                       Fas 0/8            139         R S I     WS-C3550-4Fas 0/8                     
dls1                     Fas 0/10           135         R S I     WS-C3550-2Fas 0/10                    
dls1                       Fas 0/9            135         R S I     WS-C3550-2Fas 0/9                     
als1                      Fas 0/12           153          S I      WS-C2950-2Fas 0/12                    
als1                      Fas 0/11           153          S I      WS-C2950-2Fas 0/11                    
als2#



                                          won't you be my cdp neighbor...

the device id is the remote device name

the local interface is the local switch's interface connected to the remote device

holdtime is the number of seconds the local device will retain the last advertisement received from the remote host

capability code is what type of device the remote host is

platform is its hardware platform

port id is the directly connected remote interface

ttl...

the original intention for the time to live field in a packet was that it'd be decremented by the time in seconds the packet is queued by each router through which it is being forwarded...  that had limited practical appeal, and was never actually implemented... instead, routers decrement the packet's ttl field by one no matter the length of time it is queued... when it reaches zero it is dropped...

in  ipv6, the corresponding field known as hop limit (more aptly stated) works the same way

so in both ipv4(ttl) and ipv6(hop limit) this idea remains in effect...

Tuesday, May 8, 2012

quote of the day, ipv6...


routing tcpip, jeff doyle, vol II second edition, pg 53...




Monday, May 7, 2012

clear arp-cache

very useful...  arp is a very strong informational, and troubleshooting tool, often overlooked... don't forget to set your service timestamps for debug and log output to datetime...  uptime is a waste of time...

dls1#clear arp-cache                                                                            
dls1#                                                                                           
May  7 18:55:50: IP ARP: sent req src 172.16.100.1 000f.8ffe.0980,                              
                 dst 172.16.100.150 e89a.8f98.a703 Vlan100                                      
May  7 18:55:50: IP ARP: sent req src 172.16.200.1 000f.8ffe.0980,                              
                 dst 172.16.200.2 000b.5fc9.0000 Vlan200                                        
May  7 18:55:50: IP ARP: sent req src 172.16.200.1 000f.8ffe.0980,                              
                 dst 172.16.200.250 984b.e1fb.2940 Vlan200                                      
May  7 18:55:50: IP ARP: sent req src 172.16.1.1 000f.8ffe.0980,                                
                 dst 172.16.1.2 000b.5fc9.0000 Vlan1                                            
May  7 18:55:50: IP ARP: sent req src 172.16.1.1 000f.8ffe.0980,                                
                 dst 172.16.1.101 0009.b73f.ce80 Vlan1                                          
May  7 18:55:50: IP ARP: sent req src 172.16.100.1 000f.8ffe.0980,                              
                 dst 172.16.100.2 000b.5fc9.0000 Vlan100                                        
May  7 18:55:50: IP ARP: sent req src 172.16.1.1 000f.8ffe.0980,                                
                 dst 172.16.1.102 0009.b752.d780 Vlan1                                          
May  7 18:55:50: IP ARP: sent rep src 172.16.1.1 000f.8ffe.0980,                                
                 dst 172.16.1.1 ffff.ffff.ffff Vlan1                                            
May  7 18:55:50: IP ARP: sent rep src 172.16.1.5 0000.0c07.ac01,                                
                 dst 172.16.1.5 ffff.ffff.ffff Vlan1                                            
May  7 18:55:50: IP ARP: sent rep src 172.16.1.5 0000.0c07.ac01,                                
                 dst 172.16.1.5 0100.0ccd.cdcd Vlan1                                            
May  7 18:55:50: IP ARP: sent rep src 172.16.100.1 000f.8ffe.0980,                              
                 dst 172.16.100.1 ffff.ffff.ffff Vlan100                                        
May  7 18:55:50: IP ARP: sent rep src 172.16.100.5 0000.0c07.ac01,                              
                 dst 172.16.100.5 ffff.ffff.ffff Vlan100                                        
May  7 18:55:50: IP ARP: sent rep src 172.16.100.5 0000.0c07.ac01,                              
                 dst 172.16.100.5 0100.0ccd.cdcd Vlan100                                        
May  7 18:55:50: IP ARP: sent rep src 172.16.200.1 000f.8ffe.0980,                              
                 dst 172.16.200.1 ffff.ffff.ffff Vlan200                                        
May  7 18:55:50: IP ARP: sent rep src 172.16.200.5 0000.0c07.ac01,                              
                 dst 172.16.200.5 ffff.ffff.ffff Vlan200                                        
May  7 18:55:50: IP ARP: sent rep src 172.16.200.5 0000.0c07.ac01,                              
                 dst 172.16.200.5 0100.0ccd.cdcd Vlan200                                        
May  7 18:55:50: IP ARP: rcvd rep src 172.16.100.150 e89a.8f98.a703, dst 172.16.100.1 Vlan100   
May  7 18:55:50: IP ARP: ignored gratuitous arp src 172.16.100.150 e89a.8f98.a703, dst 172.16.100
May  7 18:55:50: IP ARP: creating entry for IP address: 172.16.100.150, hw: e89a.8f98.a703      
May  7 18:55:50: IP ARP: rcvd rep src 172.16.200.2 000b.5fc9.0000, dst 172.16.200.1 Vlan200     
May  7 18:55:50: IP ARP: ignored gratuitous arp src 172.16.200.2 000b.5fc9.0000, dst 172.16.200.0
May  7 18:55:50: IP ARP: creating entry for IP address: 172.16.200.2, hw: 000b.5fc9.0000        
May  7 18:55:50: IP ARP: rcvd rep src 172.16.200.250 984b.e1fb.2940, dst 172.16.200.1 Vlan200   
May  7 18:55:50: IP ARP: ignored gratuitous arp src 172.16.200.250 984b.e1fb.2940, dst 172.16.200
May  7 18:55:50: IP ARP: creating entry for IP address: 172.16.200.250, hw: 984b.e1fb.2940      
May  7 18:55:50: IP ARP: rcvd rep src 172.16.1.2 000b.5fc9.0000, dst 172.16.1.1 Vlan1           
May  7 18:55:50: IP ARP: ignored gratuitous arp src 172.16.1.2 000b.5fc9.0000, dst 172.16.1.1 001
May  7 18:55:50: IP ARP: creating entry for IP address: 172.16.1.2, hw: 000b.5fc9.0000          
May  7 18:55:50: IP ARP: rcvd rep src 172.16.1.101 0009.b73f.ce80, dst 172.16.1.1 Vlan1         
May  7 18:55:50: IP                                                                             
dls1# ARP: ignored gratuitous arp src 172.16.1.101 0009.b73f.ce80, dst 172.16.1.1 000f.8ffe.09801
May  7 18:55:50: IP ARP: creating entry for IP address: 172.16.1.101, hw: 0009.b73f.ce80        
May  7 18:55:50: IP ARP: rcvd rep src 172.16.100.2 000b.5fc9.0000, dst 172.16.100.1 Vlan100     
May  7 18:55:50: IP ARP: ignored gratuitous arp src 172.16.100.2 000b.5fc9.0000, dst 172.16.100.0
May  7 18:55:50: IP ARP: creating entry for IP address: 172.16.100.2, hw: 000b.5fc9.0000        
May  7 18:55:50: IP ARP: rcvd rep src 172.16.1.102 0009.b752.d780, dst 172.16.1.1 Vlan1         
May  7 18:55:50: IP ARP: ignored gratuitous arp src 172.16.1.102 0009.b752.d780, dst 172.16.1.1 1
May  7 18:55:50: IP ARP: creating entry for IP address: 172.16.1.102, hw: 0009.b752.d780        
dls1#                                                                                           
May  7 18:56:05: IP ARP: rcvd req src 172.16.100.150 e89a.8f98.a703, dst 172.16.100.5 Vlan100   
May  7 18:56:05: IP ARP: sent rep src 172.16.100.5 0000.0c07.ac01,                              
                 dst 172.16.100.150 e89a.8f98.a703 Vlan100           

ip address v binary string...

we know that an ipv4 address is written in dotted decimal format so it is easier for humans to perceive it... 32 bits of 4 8 bit octets... but that is not the router's perception of the address; the router interprets the ipv4 address, not as four one byte octets, but as a single binary string...

so 10.1.1.1 is actually 167837953 in decimal and binary
00001010 00000001 00000001 00000001

the router doesn't see the dots, or the spaces, nor does it care about the decimal equivalent...

the router sees this:

00001010000000010000000100000001


bit count format v decimal (default)

 dls1#term ip netmask-format decimal                                             
dls1#sh ip route 172.16.100.0                                                   
Routing entry for 172.16.100.0 255.255.255.0                                    
  Known via "connected", distance 0, metric 0 (connected, via interface)        
  Routing Descriptor Blocks:                                                    
  * directly connected, via Vlan100                                             
      Route metric is 0, traffic share count is 1                               
                                                                
                                                                                
dls1#term ip netmask-format bit-count                                           
dls1#sh ip route 172.16.100.0                                                   
Routing entry for 172.16.100.0/24                                               
  Known via "connected", distance 0, metric 0 (connected, via interface)        
  Routing Descriptor Blocks:                                                    
  * directly connected, via Vlan100                                             
      Route metric is 0, traffic share count is 1              

switch lab cont....

1. set up hsrp on this network...



dls1#sh standby brie                                                                      
                     P indicates configured to preempt.                                   
                     |                                                                    
Interface   Grp Prio P State    Active          Standby         Virtual IP                
Vl1              1   110  P Active   local           172.16.1.2        172.16.1.5                
Vl100          1   110  P Active   local           172.16.100.2    172.16.100.5              
Vl200          1   110  P Active   local           172.16.200.2    172.16.200.5              
dls1#

what is the gateway ip?

have i mentioned yet today that i dislike acl's? from a philosophical standpoint, i'm in this business to provide connectivity, not to limit it or take it away... but things as they are, there are countless reasons to inhibit connections. this is the life we have chosen, but i don't have to agree with all of it...

2. create an acl to disallow users from 200 to 100, but 100 can access 200


dls1#sh access-list                                                                       
Extended IP access list 101                                                               
    10 permit tcp 172.16.200.0 0.0.0.255 172.16.100.0 0.0.0.255 established               
    20 permit icmp 172.16.200.0 0.0.0.255 172.16.100.0 0.0.0.255 echo-reply               
    30 deny ip 172.16.200.0 0.0.0.255 172.16.100.0 0.0.0.255                              
    40 permit ip any any (166 matches)                                                    
dls1#sh ip int vlan 100                                                                   
Vlan100 is up, line protocol is up                                                        
  Internet address is 172.16.100.1/24                                                     
  Broadcast address is 255.255.255.255                                                    
  Address determined by setup command                                                     
  MTU is 1500 bytes                                                                       
  Helper address is not set                                                               
  Directed broadcast forwarding is disabled                                               
  Multicast reserved groups joined: 224.0.0.2                                             
  Outgoing access list is not set                                                         
  Inbound  access list is 101                                                             
  Proxy ARP is enabled                           

  omitted

dls1#sh run int vlan 200                                                                  
Building configuration...                                                                 
                                                                                          
Current configuration : 158 bytes                                                         
!                                                                                         
interface Vlan200                                                                         
 ip address 172.16.200.1 255.255.255.0                                                    
 ip access-group 101 in                                                                   
 standby 1 ip 172.16.200.5                                                                
 standby 1 priority 110                                                                   
 standby 1 preempt                                                                        
end

3. do the same for dls2

4. set up a host for 200 on als2, and a host for 100 on als1... ensure conectivity for hosts first, then pull the plug... be sure to set the gateway addresses as the hsrp virtual gateways




                   

Sunday, May 6, 2012

anki screenshot...

you must help yourself in this...

if you are not using anki, you are not participating in what you study...

http://ankisrs.net/

what i've done lately is make anki's by scraping the q&a's for chapters, as well as glossaries, and any other vital information i come across... rate the cards and review as per the anki schedule... become what you read, don't just read it... it truly helps with things that you thought you knew well, but didn't... reading for comprehension lasts for the short term, anki will provide you with the long term...

become the concept... make it automatic...




quote of the day...

from routing tcpip, vol 1 second edition, jeff doyle...

A subnet is a subgrouping of a class A, B, or C IP address. Without subnetting, the network part of a major class A, B, or C IP address can only identify a single data link. Subnetting uses some of the host bits of a major IP address as network bits, allowing the single major address to be “subdivided” into multiple network addresses.



Saturday, May 5, 2012

udld...

smoke em if you got em...

dls1(config)#int rang g0/1 - 2                                                           
dls1(config-if-range)#sw trunk encap dot1q                                               
dls1(config-if-range)#sw mode trunk                                                      
dls1(config-if-range)#no shut  

dls1(config)#udld enable                                                                  
dls1(config)#int rang g0/1 - 2                                               
dls1(config-if-range)#udld port aggressive    

unidirectional link detection...

when bidirectional links go uni, udld will detect this behavior and shut the link down...                           
                                                                                        
dls1#sh udld g0/1                                                                        
                                                                                         
Interface Gi0/1                                                                          
---                                                                                      
Port enable administrative configuration setting: Enabled / in aggressive mode           
Port enable operational state: Enabled / in aggressive mode                              
Current bidirectional state: Unknown                                                     
Current operational state: Advertisement                                                 
Message interval: 7                                                                      
Time out interval: 5                                                                     
No neighbor cache information stored                                                     
dls1#

aggressive means after eight failed  attempts to prove the link is yet bi, the port will be errdiabled

note that sh udld g0/1, does not use interface as an argument...       

                                           i prefer bidirectional... links