gns3 impact...

not bad... all three routers are running (no lie)... what i did instead of stopping a router, setting the idlepc value and then restarting was...

turned them all off... started one  and watched it peg a cpu, then set the idlepc value to a delivered * value... i watched for the cpu to stabilize and then i suspended that one, i did not shut it off... suspend... did the same with the other two... now to figure out how to load the topology from file and make it work as well... took about ten minutes...

gns3 and a real pc...

i got a new desktop today... 8 gig ram, radeon chip, quad/core amd proc... certainly not the best for gns3, but it should be serviceable... i have my own routers and switches but it's still nice to experiment...

i also downgraded to ubu 11.04 to lose the unity garbage and because i hear it's more stable...

here is sys monitor without gns3...

and here is gns3 on hold with 3 routers...  the idlepc values are a pain in the ass but with that much ram and some tweaking this should get better...

then i turned them on and the shit hits the fan... the trick is to get  idlepc values that work (*), and set them up one at a time

i have a ways to go here...

ethernuno...

check out nuno's site below...

http://ethernuno.wordpress.com/

he's just getting started but check it out anyway..

spann and arp...

i'm in the middle of a spanning tree lab and because we are using plain old spanning tree with defaults on everything, my output is not exactly like that of the lab... the mac addresses of my switches are simply different...

we know that in spanning tree the switch with the lowest mac address will be root if the bridge priorities are the same (or in this case the default)... remember the priority is the first indicator, and in case of a tie, the mac address will determine root (the lowest wins)

big friggin deal, not much easier than that...

but now the question is, determine which switch will win the election without using  spanning tree command output, or telnet between the switches to collect and compare mac's...

the sh ver command will give us the base mac of the switch we are on as below...

Base ethernet MAC Address: 00:0B:5F:C9:00:00... ok

cdp neighbor detail is no help... and mac-address table dynamic is confusing for our purpose here...

dls2#sh mac-add dynamic
          Mac Address Table
-------------------------------------------

Vlan    Mac Address       Type        Ports
----    -----------       --------    -----
   1    0009.b73f.ce80    DYNAMIC     Fa0/9
   1    0009.b73f.ce89    DYNAMIC     Fa0/9
   1    0009.b752.d780    DYNAMIC     Fa0/9
   1    000f.8ffe.098b    DYNAMIC     Fa0/11
   1    000f.8ffe.098c    DYNAMIC     Fa0/12
Total Mac Addresses for this criterion: 5
dls2#

got it yet?


dls2#sh arp
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  10.1.1.104             24   0009.b752.d780  ARPA   Vlan1
Internet  10.1.1.102              -   000b.5fc9.0000  ARPA   Vlan1
Internet  10.1.1.103             25   0009.b73f.ce80  ARPA   Vlan1
Internet  10.1.1.101             25   000f.8ffe.0980  ARPA   Vlan1


dls2#sh spann root

                                        Root    Hello Max Fwd
Vlan                   Root ID                          Cost    Time  Age Dly  Root Port
---------------- --------------------                             --------- ----- --- ---  ------------
VLAN0001         32769 0009.b73f.ce80        19    2   20  15  Fa0/9          
dls2#

sh spann root from dls2 tells us that it's NOT the root (good command by the way)

but looking back at the arp output and since we can add and subtract, we know 10.1.1.103 is the root...

dls2#sh spann

VLAN0001
  Spanning tree enabled protocol ieee
  Root ID    Priority    32769
             Address     0009.b73f.ce80
             Cost        19
             Port        9 (FastEthernet0/9)
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    32769  (priority 32768 sys-id-ext 1)
             Address     000b.5fc9.0000
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time 300

Interface           Role Sts Cost      Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Fa0/7               Altn BLK 19        128.7    P2p
Fa0/8               Altn BLK 19        128.8    P2p
Fa0/9               Root FWD 19        128.9    P2p
Fa0/10              Altn BLK 19        128.10   P2p
Fa0/11              Desg FWD 19        128.11   P2p
Fa0/12              Desg FWD 19        128.12   P2p

sh spann from dls2 doesn't tell us it is root...  the root id, and THIS bridge id are not the same...  all ports are not designated and not forwarding....

looking at the output of spann root on als1 we see...

als1#sh spann root

                                        Root Hello Max Fwd
Vlan                   Root ID                        Cost  Time Age Dly  Root Port
----------------            --------------------                 ------ ----- --- ---  ----------------
VLAN0001         32769 0009.b73f.ce80      0    2   20  15

cost 0 means this switch must be root and...

als1#sh spann

VLAN0001
  Spanning tree enabled protocol ieee
  Root ID    Priority    32769
             Address     0009.b73f.ce80
             This bridge is the root
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    32769  (priority 32768 sys-id-ext 1)
             Address     0009.b73f.ce80
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time 300

Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/7            Desg FWD 19        128.7    P2p
Fa0/8            Desg FWD 19        128.8    P2p
Fa0/9            Desg FWD 19        128.9    P2p
Fa0/10           Desg FWD 19        128.10   P2p
Fa0/11           Desg FWD 19        128.11   P2p
Fa0/12           Desg FWD 19        128.12   P2p
             
this bridge is the root, the mac's are the same and all ports are designated and forwarding...

spanning tree very pretty...

absolute minimums...

absolute minimums for commands are good things to know and certainly testable... with that, also understand that absolute minimums for commands are fairly useless in a working environment... take the vlan command...  to make a vlan the ONLY requirement is vlan and number, and that is it... however it is useless without port memberships and more meaningful with a name assigned to it... like telnet without login and password, telnet is much more effective (and it is a good habit to get into) with password and login routinely configured along with it...


dls1(config)#vlan 100
dls1(config-vlan)#end
dls1#

get into good cofiguration habits as this will increase your speed in a pressured environment, ie, a test, a production network...  also understand the minimum requirements of commands and know why you should go farther with them...

private eyes...

a vlan is a network is a subnet is a broadcast domain... so what is a private vlan... a private vlan is a vlan within a vlan... why? to segregate traffic within vlans yet further... this comes in handy for isp's who have customers in the same subnet, but need further segmentation for security... the vlans are in the same subnet, they simply communicate in different vlans within the subnet...


types- promiscuous, (tramp) a port will send and receive to and from any other port on the vlan

          isolated, only allowed to communicate with tramps, and are stubs

          community, can communicate between themselves and tramps

for a great discussion see  petr laphukov below

http://blog.ine.com/2008/01/31/understanding-private-vlans/

and more here from the horse's mouth...

http://www.cisco.com/en/US/tech/tk389/tk814/tk840/tsd_technology_support_sub-protocol_home.html

lacp, pagp, on...

with pagp (yuck) you can set either side to desirable, to desirable and auto, but not auto-auto (sound familiar)

with lacp you can set either side to active, to active and passive, but not passive-passive...

makes perfect sense...

with mode on, and as long as both ports are configured the same, it doesn't friggin matter...

the debate rages on...

i prefer mode on... and i always configure as trunks first for a safe bailout...

minicom...

one of the beauties of nix is that it is device intensive, meaning, the operating system is hardware savvy...

windows often needs driver support when a device is added...

for a usb serial adapter to support the nix, ie, all that is required is the nix be told what device it is...

in this case it is USB0... discovering that is easy with grep (globally replace)

arteq@b:~$ sudo dmesg | grep  tty
[sudo] password for arteq:
[    0.000000] console [tty0] enabled
[    0.718578] tty ttyS4: hash matches
[    7.306285] fbcon: Remapping primary device, fb1, to tty 1-63
[    9.052698] usb 4-1: MCT U232 converter now attached to ttyUSB0
arteq@b:~$sudo minicom



at first it thinks you are trying to initialize a modem, that's why the  AT command error but...

there are a couple of setup steps for the serial port, which you can find here...

https://help.ubuntu.com/community/CiscoConsole

piece of cake

dia namic...

great stuff here from a friend in portugal, nuno, i met on cln...  he gave me a hand salvaging my xp environment and converting it to ubuntu...  and he pointed out  a network diagram creator, complete with cisco icons...

once you've installed ubuntu, go to the command line and type:

arteq@b:~$ sudo apt-get update && sudo apt-get install dia

and you can begin to make one of these....

tell nuno thanks...

over 2000 hits this month...

that is a new record... wow...

thanks for stopping by for a scrape...

unix...

in the early 90's, the age of windows 3.1, my entree into the unix world began with system V, berkeley and SCO... that was just prior to dos5.0...  i learned then that i was an operating system kind of guy and that i was very comfortable at the command line... but gui was fashionable, windows was dominating, and although os2 was a better product, it couldn't muster the market share or the application support...

of course torvalds came along and began to change everything... unix on the desktop for the masses and free... he took the minix kernel and made it into linux and gave it away.. brilliant...

so along with the windows progression from 3.1 to 95,98,2000,xp, vista, 7, i also grew with redhat, suse,
fedora, and now my new best friend ubuntu...

last night i really had to dust off the old commands and permissions, and what i know is:  microsoft's greatest product was xp, and when they retired it, they forever ruined windows...

if only corporate america would come to grips with open source on the desktop across the board... it's time to finally slay the dragon...

ubuntu...

this morning my xp machine wouldn't boot... couldn't get past the windows logo, it just kept rebooting... no safe mode, no recovery and it's so old, i didn't have a recovery disk...  all kinds of stuff, notes, pdf's, so much, i thought was completely lost....

i downloaded ubuntu, burned it to a dvd and booted to it... and my xp files are intact...

whoa...

near miss that one...

thank you ubuntu... i am in...

cables...

rj-45 cables aren't difficult to make, but they are time consuming... everyone in this business should know how to make a custom length lan cable in a special need situation...  there's not much to it... see the link below for a tutorial (excellent, by the way) that will walk you through it...

in the end it's just easier to purchase them, but it doesn't hurt to know how to do it... punch downs too

http://www.lanshack.com/make-cat5E.aspx

labs...

i've been working on the ccnp switch manual that i got in the mail yesterday, the network academy official cisco blue and white, softcover, ad infinitum... about 50 bucks after shipping... the reason i got it is the switch ocg is very light on labs, in fact, it basically only has examples, not full blown labs... labs are important... labs force repetition, and we know for testing repetition is vital... you get to a point where some things you start doing automatically, without thinking, if you do them enough, and that is a good thing...

i promised i'd do every step of every lab, and it is often painful...  before you get to the next chapter, the manual insists that you delete vlan.dat and erase start and reload... yuck...  i tore my layer 3 tshoot topology completely apart, am using almost all my xover cables, and recabled the whole thing exactly as it is in the book... pain in the asssssssss...

but it's crucial that i do this...  it is easy to fall into the trap that you race through the whole smash and in doing so, you might miss something...

and of course there is the section on isl (very brief, a passing nod) vtp and dtp, and the dynamic states of trunks, dynamic desirable, etc. things that should be avoided completely... and i'm gritting my teeth now as i go through pagp (arrgh)... but in the end and as i've said before...

you have no business avoiding a technology in this journey (especially an historical one) until you understand completely how to use it first...

                                                                 HULK SMASH

loopback love...

loopback  interfaces are an absolute good...

i'm sure i've said it before but loopbacks are a great way to troubleshoot your routing protocol without a lot of effort...

when you sh ip route, loopbacks are easily spotted, especially if you've assigned contextually significant addresses... ie, r1 gets lo0 1.1.1.1, r2 gets 2.2.2.2, etc.

but you knew this and that's why whenever you build a router or a mls you always include loopbacks as part of your configuration, and you never forget to add them as networks to your routing protocol...

correct...


r1#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     1.0.0.0/24 is subnetted, 1 subnets
C       1.1.1.0 is directly connected, Loopback0
     2.0.0.0/32 is subnetted, 1 subnets
O IA    2.2.2.2 [110/2] via 10.1.1.2, 00:08:13, FastEthernet0/0
     3.0.0.0/32 is subnetted, 1 subnets
O IA    3.3.3.3 [110/66] via 10.1.1.2, 00:08:13, FastEthernet0/0
     4.0.0.0/32 is subnetted, 1 subnets
O IA    4.4.4.4 [110/130] via 10.1.1.2, 00:08:13, FastEthernet0/0
     10.0.0.0/30 is subnetted, 3 subnets
O IA    10.1.1.8 [110/129] via 10.1.1.2, 00:08:13, FastEthernet0/0
C       10.1.1.0 is directly connected, FastEthernet0/0
O IA    10.1.1.4 [110/65] via 10.1.1.2, 00:08:13, FastEthernet0/0
r1#

sh vlan internal usage...

whoops... here's a wild one...


dsw2#sh vlan int usage

VLAN Usage
---- --------------------
1025 FastEthernet0/5
1027 Port-channel1

more on these two in a minute


the range of standard vlans on a switch is 1-1001 (1002-1005 are reserved for dinosaurs)
the extended vlan range is 1006-4094
would any enterprise need more than 1000? maybe...

by default the extended range is allocated by vlan allocation policy in ascending order...
from 1006 up to 4094... i just created vlan 4094 (vtp mode has to be globally transparent to use the extended range)

dsw2#sh vlan

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
4094 VLAN4094                         active

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1    enet  100001     1500  -      -      -        -    -        0      0
10   enet  100010     1500  -      -      -        -    -        0      0
20   enet  100020     1500  -      -      -        -    -        0      0
99   enet  100099     1500  -      -      -        -    -        0      0
100  enet  100100     1500  -      -      -        -    -        0      0
1002 fddi  101002     1500  -      -      -        -    -        0      0
1003 trcrf 101003     4472  1005   3276   -        -    srb      0      0
1004 fdnet 101004     1500  -      -      -        ieee -        0      0
1005 trbrf 101005     4472  -      -      15       ibm  -        0      0
4094 enet  104094     1500  -

as for the internal usage vlans above, i have/can find no other explanation besides:

f0/5 is i know an ipv6 capable port, and therefore special
and port-channel1 is special, because, it's special...

all i can figure is that the vlan allocation policy of  a given switch mandates that special usage ports are given a special extended vlan identifier...

because they are special

extended system id...

a fixed switch shares it's mac address with it's ports...

Base ethernet MAC Address: 00:09:B7:52:D7:80
the mac address of port 1 on this switch is:


asw2#sh int f0/1
FastEthernet0/1 is up, line protocol is up (connected)
  Hardware is Fast Ethernet, address is 0009.b752.d781 (bia 0009.b752.d781)

if your comfortable with hex, you can easily determine the rest of the ports mac addresses by counting up...


asw2#sh int f0/10
FastEthernet0/10 is down, line protocol is down (notconnect)
  Hardware is Fast Ethernet, address is 0009.b752.d78a (bia 0009.b752.d78a) = 10 hex

you knew that...

the default switch priority is 32768...

we know that the combination of priority and mac address gives us the BID
because 1 or many ports may belong to a vlan, we need more distinction...

the extended system id makes that yet more granular...


asw2#sh spann vlan 20

VLAN0020
  Spanning tree enabled protocol ieee
  Root ID    Priority    32788
             Address     0009.b73f.ce80 (base ethernet)
             Cost        38
             Port        2 (FastEthernet0/2)
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    32788  (priority 32768 sys-id-ext 20) 32768 + 20

the extended system id allows the vlan for the switch to have a unique BID

graphic below from http://adelzalok.wordpress.com/2011/09/29/anatomy-of-a-mac-address-bpdu-bid-and-the-802-1q-ethernet-frame-tag/  great site by the way... you haven't clicked on it yet?

tcpip...

routing tcpip volumes 1 and 2, jeff doyle, cisco press are expensive but everyone loves them

tcpip illustrated by douglas comer is also expensive, and everybody raves...

the ocg's and flg's are also expensive but vital

this link is free:

http://www.tcpipguide.com/free/t_PPPGeneralFrameFormat.htm

can you get your certifications without all these expensive books, without all the expensive videos?

you bet your ass you can, it's just more difficult and you have to try twice as hard, ten times as hard...

do books, videos, equipment, gns3 facilitate your quest?

you bet your ass they do

there is no magic formula... you provide your own formula...

STAY MOTIVATED

packet traversing, mac changing...

the source ip will be that of the pc sending... the destination ip will be that of the destination host receiving... the source mac will be that of the router... the last router in the chain will be the source mac, and the destination mac will be that of the receiving host... the important thing to remember is that the ip of the sender and receiver never changes...  the source mac will be the last router forwarding to the destination hosts mac...

now, what was the question originally asked above...  leave comments...

debugs...

debugs are great... FOR YOUR LAB OR GNS3 AT HOME...

if your lucky enough to work in IT, don't practice debugs on a production device

bad, bad, bad...

when practicing with debugs, even at home get into this habit:

when you telnet to a device be sure to use terminal monitor in that session to see the output to the screen...
before issuing the debug, first issue un all, and hit enter
after launching the debug, hit up arrow twice to recall the un all and hit enter to stop the debugs...

it may take a minute to catch up, but the debugs will stop if the recall of un all was successful...

you can see the state of the terminal session by using:


dsw2#sh term
Line 14, Location: "", Type: ""
Length: 24 lines, Width: 80 columns
Baud rate (TX/RX) is 9600/9600
Status: PSI Enabled, Ready, Active, No Exit Banner, Ctrl-c Enabled
  Automore On
Capabilities: Receives Logging Output

minus 256 subnetting technique...

i wrote this a long time ago, but it still holds up for those struggling with subnetting

the minus 256 technique

this presupposes knowledge of binary and ip addressing conventions

rule 1. remember that the first octet only ever designates the class

of ip, ie. a b or c

rule 2. the first octet that contains a zero bit, is always the octet

where the action occurs, ie, 255.255.255.0, calculation happens in 4th

octet; or 255.255.0.0, calculation happens in third octet; or

255.255.248.0, calculation occurs in 3rd octet, and so on.

rule 3. see rule number 1. The first octet always tells you the class

of address no matter the octet where subnetting occurs.  Subnetting

calculation always happens in the octet of the ip address that the

subnet mask designates with its first instance of less than 255, or

more simply, the first instance of a zero bit.

therefore, given 172.16.10.10 mask of 255.255.248.0, we know that the

calculation will happen in the ip's 3rd octet.  The mask designates

that with 248.  it is imperative that this is understood.

another way of looking at it in the above example is; the octet in the

subnet mask with the first instance of less than 255, or the first

zero bit, is the multiplier.

rule 4.  when the multiplier (first zero bit octet or octet with first

instance of less than 255) is determined always subtract it from 256

to determine the ranges.

ie. 256-248=8, hence 8 is the multiplier.

using 172.16.10.10 with 255.255.248.0, it is determined that we have a

class b address 172, our calculation must happen in the 3rd octet, and

we must subtract 256 from 248 to get 8.

the rest is academic:

the multiplier ( has determined our first subnet range

8 16 24 32 40, etc

the first range (excepting the use of subnet zero) begins with 8 and

ends with 15, the second range begins with 16 and ends with 31, next

range begins with 32, and so on up to 255.

Important: there are 256 numbers total comprising the range 0-255,

including the zero.

in the ip 172.16.10.10 /21 (notice the use of bit count; this equals

248 as well.  to determine the number to subtract from 256 in  bit

count form, you need to add the bits...

1st octet 8 bits, second octet 8 bits, third octet 5 bits, hence 8 + 8

+ 5 =/21 or 248 or

172.16.10.10 /21 = 172.16.10.10 255.255.248.0

our calculation takes place in the octet designated by the first

instance of a zero, or in our example, /21 or 255.255.248.0.  we

determine that 10 is the number occupying the third octet in our

example, and our multiplier has determined the first possible subnet

is 8 (excepting subnet zero)

so, since 10 falls between 8 and 15 (16 begins the next subnet or

network), our valid range for the address has been determined.

8    16   32...

9    17

14   30

15   31

so our octet 3 number, which is 10 in the example, can only fall

between the range of 8 (the  network), 9 our first valid host, 14 our

last valid host, and 15 which is the broadcast address for the network

our number ten resides in.

if we changed our third octet number to 172.16.20.10 /21 or

255.255.248.0, we know that our calculation still takes place in the

3rd octet, but the number 20 falls between the network 16, the

broadcast 31, and within the valid range of hosts which is 17-30...

one more example:

192.168.100.100 255.255.255.192

the class of address is C

the action takes place in octet 4

subtract 192 from 256 which equals 64 and we can determine the

network, the broadcast and the valid range of hosts because 64 is our

multiplier

hence:

64     128    192

65     129    193

126    190    254

127    191    255

our number in octet 4 is 100, our number 100 falls between 64 (the

first network) and 128 (the second network).  the subnet address is

192.168.100.64

   the first valid host is 192.168.100.65

   the last valid host in the range is 192.168.100.126

   and the broadcast address is 192.168.100.127

it takes a little time and effort, and a lot of practice, but you'll

eventually be able to do it without paper.