rrrrrrrrrrrrrrrrrr...
look at this thing... it uses nm-esw16's of course...
you can find it here... there's 20 labs there...
http://certcana.ca/tshoot/
it'll peg your cpu's, count on it... but if you adjust the topology.net file with known good idle values, you'll be ok...
it's very exciting...
unfortunately, i can't suffer the behavior of the routers as switches... and since i have 3560's, i'm not interested... have fun with that...
Thursday, January 31, 2013
Wednesday, January 30, 2013
halabi bgp cont...
it's paint by numbers...
rtc(config)#router bgp 1
rtc(config-router)#neigh 172.16.20.2 remote-as 3
rtc(config-router)#
*Jan 30 11:58:39: %BGP-5-ADJCHANGE: neighbor 172.16.20.2 Up
rtc(config-router)#end
rtc#
*Jan 30 11:58:51: %SYS-5-CONFIG_I: Configured from console by console
rtc#sh tcp brie all
TCB Local Address Foreign Address (state)
67F17354 172.16.20.1.179 172.16.20.2.63717 ESTAB
68636BC8 0.0.0.0.179 172.16.20.2.* LISTEN
i do love that show tcp brief all command...
i hate when i'm an idiot, but i'm used to it... he gives no config for rte, he just states in the topology that it doesn't have bgp...
here is the rtd config:
rtd#sh run | b router
router ospf 10
network 192.68.0.0 0.0.255.255 area 0
!
router bgp 2
bgp log-neighbor-changes
neighbor 192.68.5.1 remote-as 3
neighbor 192.68.5.1 ebgp-multihop 2
so i configured rte thus...
rte#sh run int s1/0
Building configuration...
Current configuration : 88 bytes
!
interface Serial1/0
ip address 192.68.5.2 255.255.255.0
serial restart-delay 0
end
rte#sh run int s1/1
Building configuration...
Current configuration : 89 bytes
!
interface Serial1/1
ip address 192.68.12.2 255.255.255.0
serial restart-delay 0
end
rte#sh run | b router
router ospf 1
network 192.68.0.0 0.0.255.255 area 0
this is shalabi's output... look closely...
RTF#show ip bgp neighbor
BGP neighbor is 172.16.2.254, remote AS 3, internal link
BGP version 4, remote router ID 172.16.2.254
BGP state = Established, table version = 2, up for 22:36:09
BGP neighbor is 192.68.12.1, remote AS 2, external link
BGP version 4, remote router ID 192.68.5.2
BGP state = Established, table version = 2, up for 22:13:01
not sure how that can be... he explicitly states that rte is not running bgp... 192.68.5.2 is the other side of rtf's serial connection... i stand by my configuration...
rtf#sh ip bgp neigh | i BGP
BGP neighbor is 172.16.2.254, remote AS 3, internal link
BGP version 4, remote router ID 172.16.2.254
BGP state = Established, up for 00:43:01
BGP table version 1, neighbor version 1/0
BGP neighbor is 192.68.12.1, remote AS 2, external link
BGP version 4, remote router ID 192.68.12.1
BGP state = Established, up for 00:10:12
BGP table version 1, neighbor version 1/0
Last reset 00:12:29, due to BGP protocol initialization
External BGP neighbor may be up to 2 hops away.
somebody's lying to somebody here...
then he writes:
RTF's other neighbor 192.68.12.1 is also in an established state. This external neighbor belongs to AS2. Note that the display indicates that this neighbor is two hops away (as configured in the ebgp-multihop).
which confirms my configuration...
rtc(config)#router bgp 1
rtc(config-router)#neigh 172.16.20.2 remote-as 3
rtc(config-router)#
*Jan 30 11:58:39: %BGP-5-ADJCHANGE: neighbor 172.16.20.2 Up
rtc(config-router)#end
rtc#
*Jan 30 11:58:51: %SYS-5-CONFIG_I: Configured from console by console
rtc#sh tcp brie all
TCB Local Address Foreign Address (state)
67F17354 172.16.20.1.179 172.16.20.2.63717 ESTAB
68636BC8 0.0.0.0.179 172.16.20.2.* LISTEN
i do love that show tcp brief all command...
i hate when i'm an idiot, but i'm used to it... he gives no config for rte, he just states in the topology that it doesn't have bgp...
here is the rtd config:
rtd#sh run | b router
router ospf 10
network 192.68.0.0 0.0.255.255 area 0
!
router bgp 2
bgp log-neighbor-changes
neighbor 192.68.5.1 remote-as 3
neighbor 192.68.5.1 ebgp-multihop 2
so i configured rte thus...
rte#sh run int s1/0
Building configuration...
Current configuration : 88 bytes
!
interface Serial1/0
ip address 192.68.5.2 255.255.255.0
serial restart-delay 0
end
rte#sh run int s1/1
Building configuration...
Current configuration : 89 bytes
!
interface Serial1/1
ip address 192.68.12.2 255.255.255.0
serial restart-delay 0
end
rte#sh run | b router
router ospf 1
network 192.68.0.0 0.0.255.255 area 0
this is shalabi's output... look closely...
RTF#show ip bgp neighbor
BGP neighbor is 172.16.2.254, remote AS 3, internal link
BGP version 4, remote router ID 172.16.2.254
BGP state = Established, table version = 2, up for 22:36:09
BGP neighbor is 192.68.12.1, remote AS 2, external link
BGP version 4, remote router ID 192.68.5.2
BGP state = Established, table version = 2, up for 22:13:01
not sure how that can be... he explicitly states that rte is not running bgp... 192.68.5.2 is the other side of rtf's serial connection... i stand by my configuration...
rtf#sh ip bgp neigh | i BGP
BGP neighbor is 172.16.2.254, remote AS 3, internal link
BGP version 4, remote router ID 172.16.2.254
BGP state = Established, up for 00:43:01
BGP table version 1, neighbor version 1/0
BGP neighbor is 192.68.12.1, remote AS 2, external link
BGP version 4, remote router ID 192.68.12.1
BGP state = Established, up for 00:10:12
BGP table version 1, neighbor version 1/0
Last reset 00:12:29, due to BGP protocol initialization
External BGP neighbor may be up to 2 hops away.
somebody's lying to somebody here...
then he writes:
RTF's other neighbor 192.68.12.1 is also in an established state. This external neighbor belongs to AS2. Note that the display indicates that this neighbor is two hops away (as configured in the ebgp-multihop).
which confirms my configuration...
halabi bgp...
he starts off slow... it's like being brand new again...
rta#sh run | b router
router ospf 10
network 172.16.0.0 0.0.255.255 area 0
!
router bgp 3
bgp log-neighbor-changes
neighbor 172.16.1.2 remote-as 3
neighbor 172.16.1.2 update-source Loopback0
neighbor 172.16.20.1 remote-as 1
!
he mentions turning on ip classless and no auto-summary... somebody forgot to tell him it's not 2000 anymore... this is a very good book... it would be nice if they revised it, like doyle did for routing tcpip...
i'll give his line by line of the pertinent commands, unless of course, you already know everything...
router process
[process-id]
This is a global command that defines a process such as OSPF, RIP, or
BGP and gives the process a process ID. Some processes, such as RIP,
do not require a process ID. For example, in RTA's configuration,
router ospf 10 indicates an OSPF process with ID 10, whereas router
bgp 3 indicates a BGP process in autonomous system 3.
network
This command indicates the networks or, in the case of OSPF, the
interfaces that will participate in a specific routing process.
etc...
rtf#sh run | b router
router ospf 10
network 172.16.0.0 0.0.255.255 area 0
network 192.68.0.0 0.0.255.255 area 0
!
router bgp 3
bgp log-neighbor-changes
neighbor 172.16.2.254 remote-as 3
neighbor 192.68.12.1 remote-as 2
neighbor 192.68.12.1 ebgp-multihop 2
rtf#sh tcp brie all
TCB Local Address Foreign Address (state)
695BAA54 172.16.1.2.179 172.16.2.254.60797 ESTAB
6874F178 0.0.0.0.179 192.68.12.1.* LISTEN
695B979C 0.0.0.0.179 172.16.2.254.* LISTEN
rtf#sh ip bgp neigh | i BGP
BGP neighbor is 172.16.2.254, remote AS 3, internal link
BGP version 4, remote router ID 172.16.2.254
BGP state = Established, up for 00:04:04
BGP table version 1, neighbor version 1/0
BGP neighbor is 192.68.12.1, remote AS 2, external link
BGP version 4, remote router ID 0.0.0.0
BGP state = Idle
BGP table version 1, neighbor version 1/0
External BGP neighbor may be up to 2 hops away.
note rte isn't lit up yet... there is no configuration in the book...
In RTF's configuration, you can see the ebgp-multihop 2 command being used as part of the neighbor configuration. This indicates that the exterior BGP peer is not directly connected and can be reached at a maximum of two hops away. Remember that ebgp-multihop is applicable with only EBGP, not IBGP. Also, the value at the end (2 in this example) represents the TTL (Time To Live) value to be configured in the IP packet header.
Tuesday, January 29, 2013
quote of the day... halabi speaks...
this is a nice quote... this guy writes well...
Redundancy is achieved by providing multiple alternative paths for the traffic, usually by having multiple connections to one or more ASs. Symmetry means having traffic that leaves the AS from a certain exit point return through the same point. Load balancing is the capability to divide traffic optimally over multiple links. Putting these three requirements together, you can imagine how challenging it is to achieve an optimal routing solution.
Redundancy is achieved by providing multiple alternative paths for the traffic, usually by having multiple connections to one or more ASs. Symmetry means having traffic that leaves the AS from a certain exit point return through the same point. Load balancing is the capability to divide traffic optimally over multiple links. Putting these three requirements together, you can imagine how challenging it is to achieve an optimal routing solution.
Monday, January 28, 2013
bgp origin...
routes that were learned via redistribution will give you an origin code of ? or incomplete... learned from a source other than igp...
routes learned through an igp will give you an origin code of "i" as below... these things we know...
isp#sh ip bgp | b Network
Network Next Hop Metric LocPrf Weight Path
* 172.16.0.0 192.168.1.6 0 0 64512 i
*> 192.168.1.2 0 0 64512 i
*> 192.168.1.0/30 0.0.0.0 0 32768 i
*> 192.168.1.4/30 0.0.0.0 0 32768 i
*> 192.168.100.0 0.0.0.0 0 32768 i
look ma, no routes learned through redistribution...
if you receive routes with an origin code of "e" then immediately check yourself into the EGP mental ward because you're seeing things...
however, a redistributed route that has been defined as a network in bgp, ie, network 10.1.1.0 mask 255.255.255.0, will still have as it's origin "i", not "?", even though it has been redistributed...
lay it on them habibi:
Although network X has been injected into BGP via explicit redistribution of static routes, it is also defined natively to BGP via the network command, which is why it is sent out with an ORIGIN of IGP(i). If network X had not been defined with a static network command, it would have been sent out with an ORIGIN of INCOMPLETE. It should be noted that network X did not need to be redistributed because defining it statically and listing it via the network command would suffice to inject it into BGP.
routes learned through an igp will give you an origin code of "i" as below... these things we know...
isp#sh ip bgp | b Network
Network Next Hop Metric LocPrf Weight Path
* 172.16.0.0 192.168.1.6 0 0 64512 i
*> 192.168.1.2 0 0 64512 i
*> 192.168.1.0/30 0.0.0.0 0 32768 i
*> 192.168.1.4/30 0.0.0.0 0 32768 i
*> 192.168.100.0 0.0.0.0 0 32768 i
look ma, no routes learned through redistribution...
if you receive routes with an origin code of "e" then immediately check yourself into the EGP mental ward because you're seeing things...
however, a redistributed route that has been defined as a network in bgp, ie, network 10.1.1.0 mask 255.255.255.0, will still have as it's origin "i", not "?", even though it has been redistributed...
lay it on them habibi:
Although network X has been injected into BGP via explicit redistribution of static routes, it is also defined natively to BGP via the network command, which is why it is sent out with an ORIGIN of IGP(i). If network X had not been defined with a static network command, it would have been sent out with an ORIGIN of INCOMPLETE. It should be noted that network X did not need to be redistributed because defining it statically and listing it via the network command would suffice to inject it into BGP.
bgp capabilities...
have at it... as if there wasn't enough already... this is borderline trivia...
https://tools.ietf.org/html/rfc5492
which means they're not a peer breaker...
note: route refresh appears as a capability in an open message, but it is also a message, type 5...
open, update, notification, keepalive and route refresh. in numerical order by type...
https://tools.ietf.org/html/rfc5492
This specification defines an Optional Parameter and processing rules that allow BGP speakers to communicate capabilities in an OPEN message. A pair of BGP speakers that supports this specification can establish the peering even when presented with unrecognized capabilities, so long as all capabilities required to support the peering are supported.
which means they're not a peer breaker...
note: route refresh appears as a capability in an open message, but it is also a message, type 5...
open, update, notification, keepalive and route refresh. in numerical order by type...
bgp update...
as-path, origin and next hop are well known transitive... it has to be true, it says so right in the update packet...
bgp messages...
nothing groundbreaking here...
1 open, 2 update, 3 notification 4 keepalive... and 5 route refresh (introduced in 2000, after halabi went to the presses:
http://tools.ietf.org/html/rfc2918
1 open, 2 update, 3 notification 4 keepalive... and 5 route refresh (introduced in 2000, after halabi went to the presses:
http://tools.ietf.org/html/rfc2918
null0 default bgp...
the following example is from r2 in the last tshoot lab 10... the routing is static... pay particular attention to the default route, and the advertised network in bgp... r2 below in the lab represents the isp:
R2#sh run | b router
router bgp 65502
no synchronization
bgp log-neighbor-changes
network 0.0.0.0
neighbor 192.168.1.1 remote-as 65501
neighbor 192.168.1.1 ebgp-multihop 2
neighbor 192.168.1.1 update-source Loopback0
no auto-summary!
ip route 0.0.0.0 0.0.0.0 Null0
ip route 10.1.0.0 255.255.0.0 209.165.200.225
ip route 192.168.1.1 255.255.255.255 209.165.200.225
on r1, the customer (enterprise), all 0's is the advertised bgp network... 10.1.0.0 is the internal enterprise network... r1's 192.168.1.1 is connected to 192.168.2.1...
R1#sh tcp brie all
TCB Local Address Foreign Address (state)
84D5CF00 192.168.1.1.32348 192.168.2.1.179 ESTAB
R1#sh ip bgp | b Network
Network Next Hop Metric LocPrf Weight Path
*> 0.0.0.0 192.168.2.1 0 0 65502 i
the effectiveness of the default to null0 in conjunction with the statics is clearly shown here... of course within the confines of the lab it is meaningless but we have our imagination hats on, correct?
from doyle:
Configuring a Default Route to BGP Neighbors
router bgp 100
network 0.0.0.0
neighbor 192.168.1.210 remote-as 300
neighbor 192.168.1.222 remote-as 100
neighbor 192.168.1.225 remote-as 200
!
ip route 0.0.0.0 0.0.0.0 Null0
A default route to the Null0 interface is created statically, and the route is advertised with the network command...
any destination address that cannot be matched to a more-specific route matches the static route and is dropped.
from halabi:
Less-Specific Routes of a Network’s Own Aggregate
A specific rule of routing states that, for the sake of preventing routing loops, a network must not follow a less-specific route for a destination that matches one of its own aggregated routes. A routing loop occurs when traffic circles back and forth between network elements, never reaching its final destination. Default routes 0.0.0.0/0 are a special case of this rule. A network should not follow the default route to reach destinations that are part of its aggregated advertisements. This is why routing protocols that handle aggregation of routes should always keep a bit bucket (Null0 route in Cisco parlance) to the aggregate route itself. Traffic sent to the bit bucket will be discarded, which prevents
potential looping situations.
this is wildly important...
R2#sh run | b router
router bgp 65502
no synchronization
bgp log-neighbor-changes
network 0.0.0.0
neighbor 192.168.1.1 remote-as 65501
neighbor 192.168.1.1 ebgp-multihop 2
neighbor 192.168.1.1 update-source Loopback0
no auto-summary!
ip route 0.0.0.0 0.0.0.0 Null0
ip route 10.1.0.0 255.255.0.0 209.165.200.225
ip route 192.168.1.1 255.255.255.255 209.165.200.225
on r1, the customer (enterprise), all 0's is the advertised bgp network... 10.1.0.0 is the internal enterprise network... r1's 192.168.1.1 is connected to 192.168.2.1...
R1#sh tcp brie all
TCB Local Address Foreign Address (state)
84D5CF00 192.168.1.1.32348 192.168.2.1.179 ESTAB
R1#sh ip bgp | b Network
Network Next Hop Metric LocPrf Weight Path
*> 0.0.0.0 192.168.2.1 0 0 65502 i
the effectiveness of the default to null0 in conjunction with the statics is clearly shown here... of course within the confines of the lab it is meaningless but we have our imagination hats on, correct?
from doyle:
Configuring a Default Route to BGP Neighbors
router bgp 100
network 0.0.0.0
neighbor 192.168.1.210 remote-as 300
neighbor 192.168.1.222 remote-as 100
neighbor 192.168.1.225 remote-as 200
!
ip route 0.0.0.0 0.0.0.0 Null0
A default route to the Null0 interface is created statically, and the route is advertised with the network command...
any destination address that cannot be matched to a more-specific route matches the static route and is dropped.
from halabi:
Less-Specific Routes of a Network’s Own Aggregate
A specific rule of routing states that, for the sake of preventing routing loops, a network must not follow a less-specific route for a destination that matches one of its own aggregated routes. A routing loop occurs when traffic circles back and forth between network elements, never reaching its final destination. Default routes 0.0.0.0/0 are a special case of this rule. A network should not follow the default route to reach destinations that are part of its aggregated advertisements. This is why routing protocols that handle aggregation of routes should always keep a bit bucket (Null0 route in Cisco parlance) to the aggregate route itself. Traffic sent to the bit bucket will be discarded, which prevents
potential looping situations.
this is wildly important...
quote of the day, mem halabi...
of course the first fifty pages of this book is dedicated to internet acronyms like rir, arin, iana, and internet history in general, which i actually enjoy because it is a timeline of various stages of my networking career...
and the next fifty pages is devoted to addressing, which gets old but i always suffer through in case of the occasional curve ball... rare...
thankfully, vlsm was minimal; i half expected a class on subnetting like you get with the ccie cert guide from wendell where he goes into binary for quite a few pages (WENDELL!!)... yuck... if you survived ccna and are still not using minus 256, or God forbid, a calculator at least, go get your damn head examined...
this thing is actually a good read by the way...
(the) terms aggregate, CIDR block, and supernet are often used interchangeably. Generally, these terms all indicate that a group of contiguous IP networks has been summarized into one route announcement. More precisely, CIDR is represented by the notation, supernets have a prefix length
shorter than the natural mask, and aggregates represent any summary route.
and the above has NOTHING TO DO WITH VLSM on your nasty little enterprise network...
good, we can relax now...
and the next fifty pages is devoted to addressing, which gets old but i always suffer through in case of the occasional curve ball... rare...
thankfully, vlsm was minimal; i half expected a class on subnetting like you get with the ccie cert guide from wendell where he goes into binary for quite a few pages (WENDELL!!)... yuck... if you survived ccna and are still not using minus 256, or God forbid, a calculator at least, go get your damn head examined...
this thing is actually a good read by the way...
(the) terms aggregate, CIDR block, and supernet are often used interchangeably. Generally, these terms all indicate that a group of contiguous IP networks has been summarized into one route announcement. More precisely, CIDR is represented by the
shorter than the natural mask, and aggregates represent any summary route.
and the above has NOTHING TO DO WITH VLSM on your nasty little enterprise network...
good, we can relax now...
time for halabi...
it never stops... i've mentioned it before, i like to buy my books as pdf from cisco press because in the event of disaster, your account is also your library... they also watermark your pdf's with your name... that's probably a better security feature for them than any other...
it's old, but the word is, it's a must read... it's what we do...
if they are less than 500 pages, it's like a gift...
it's old, but the word is, it's a must read... it's what we do...
if they are less than 500 pages, it's like a gift...
Sunday, January 27, 2013
ccie and switch...
it's right here... all of it... don't tell anybody...
and you can download the whole damn pdf for your very own... the contents page is basically a blueprint map for switch on the ccie lab... shhhhhhhhhhhhh...
http://www.cisco.com/en/US/docs/switches/lan/catalyst3750e_3560e/software/release/12.2_55_se/configuration/guide/3750escg.html
and you can download the whole damn pdf for your very own... the contents page is basically a blueprint map for switch on the ccie lab... shhhhhhhhhhhhh...
http://www.cisco.com/en/US/docs/switches/lan/catalyst3750e_3560e/software/release/12.2_55_se/configuration/guide/3750escg.html
deepak aurora...
i've seen this guy posting on the INE ccie forums... here's a link to his stuff... he passed the lab about a year or so ago...
http://deepakarora1984.blogspot.com/2010/03/ccie-r-switching-study-plan.html
he has some interesting ideas about switch prep for ccie...
his first idea about reading hucaby (again, anyway) is the first idea i'd reject flat... yes i read it and yes i don't recommend it (of course if you haven't passed switch yet, you MUST read it)... i thought his switch book was abyssmal, but you still have to go through it... paul browning would be my recommendation there, and absolutely, the ccnp net acad switch lab manual... and better still, you must download the complete pdf from the cisco doccd for 3560/3750 switch... if you have to ask where the location of the doccd is, please just go away now...
here is his list of links on switch...
http://www.cciecandidate.com/?p=490
note; my view on fallback bridging here:
tp://insearchofthecert.blogspot.com/2012/04/fallback-bridging.html
http://blog.ipexpert.com/l2-tunneling/
http://blog.ipexpert.com/explaining-etherchannel/
http://blog.ipexpert.com/old-ccie-myths-storm-control/
http://blog.ipexpert.com/2010/04/07/old-ccie-myths-vtp/
http://blog.ipexpert.com/2010/07/12/etherchannel-over-dot1q-tunnels/
http://blog.ine.com/2009/02/04/solving-for-the-physical-topology-using-a-logical-topology/
http://blog.ine.com/2008/02/05/turning-switch-into-hub/
http://blog.ine.com/2008/07/05/udld-modes-of-operation/
http://blog.ine.com/2008/07/14/private-vlans-revisited/
http://blog.ine.com/2008/01/31/understanding-private-vlans/
http://blog.ine.com/2008/07/08/8023x-flow-control/
http://blog.ipexpert.com/private-vlans/
http://blog.ine.com/2008/07/08/8023x-flow-control/
http://blog.ine.com/2008/07/17/pvst-explained/
http://blog.ine.com/2008/07/27/mstp-tutorial-part-i-inside-a-region/
http://blog.ine.com/2008/09/24/mstp-tutorial-part-ii-outside-a-region/
http://blog.ine.com/2010/02/22/understanding-mstp/
http://blog.ine.com/2009/03/07/understanding-stp-convergence-part-i/
http://blog.ine.com/2009/03/14/understanding-stp-conv-2/
http://blog.ine.com/2009/09/07/rstp-and-fast-convergence/
http://blog.ine.com/2009/08/10/vlan-access-control-lists-vacls-tiers-1/
http://blog.ine.com/2010/01/07/ccie-l2-security-a-frame-of-reference/
http://blog.ipexpert.com/spanning-tree-direct-vs-indirect-link-failures/
http://blog.ipexpert.com/2010/12/06/bpdu-filter-and-bpdu-guard/
yeah it's a lot of work... just shut up and do it... waaaahhh
http://deepakarora1984.blogspot.com/2010/03/ccie-r-switching-study-plan.html
he has some interesting ideas about switch prep for ccie...
his first idea about reading hucaby (again, anyway) is the first idea i'd reject flat... yes i read it and yes i don't recommend it (of course if you haven't passed switch yet, you MUST read it)... i thought his switch book was abyssmal, but you still have to go through it... paul browning would be my recommendation there, and absolutely, the ccnp net acad switch lab manual... and better still, you must download the complete pdf from the cisco doccd for 3560/3750 switch... if you have to ask where the location of the doccd is, please just go away now...
here is his list of links on switch...
http://www.cciecandidate.com/?p=490
note; my view on fallback bridging here:
tp://insearchofthecert.blogspot.com/2012/04/fallback-bridging.html
http://blog.ipexpert.com/l2-tunneling/
http://blog.ipexpert.com/explaining-etherchannel/
http://blog.ipexpert.com/old-ccie-myths-storm-control/
http://blog.ipexpert.com/2010/04/07/old-ccie-myths-vtp/
http://blog.ipexpert.com/2010/07/12/etherchannel-over-dot1q-tunnels/
http://blog.ine.com/2009/02/04/solving-for-the-physical-topology-using-a-logical-topology/
http://blog.ine.com/2008/02/05/turning-switch-into-hub/
http://blog.ine.com/2008/07/05/udld-modes-of-operation/
http://blog.ine.com/2008/07/14/private-vlans-revisited/
http://blog.ine.com/2008/01/31/understanding-private-vlans/
http://blog.ine.com/2008/07/08/8023x-flow-control/
http://blog.ipexpert.com/private-vlans/
http://blog.ine.com/2008/07/08/8023x-flow-control/
http://blog.ine.com/2008/07/17/pvst-explained/
http://blog.ine.com/2008/07/27/mstp-tutorial-part-i-inside-a-region/
http://blog.ine.com/2008/09/24/mstp-tutorial-part-ii-outside-a-region/
http://blog.ine.com/2010/02/22/understanding-mstp/
http://blog.ine.com/2009/03/07/understanding-stp-convergence-part-i/
http://blog.ine.com/2009/03/14/understanding-stp-conv-2/
http://blog.ine.com/2009/09/07/rstp-and-fast-convergence/
http://blog.ine.com/2009/08/10/vlan-access-control-lists-vacls-tiers-1/
http://blog.ine.com/2010/01/07/ccie-l2-security-a-frame-of-reference/
http://blog.ipexpert.com/spanning-tree-direct-vs-indirect-link-failures/
http://blog.ipexpert.com/2010/12/06/bpdu-filter-and-bpdu-guard/
yeah it's a lot of work... just shut up and do it... waaaahhh
Saturday, January 26, 2013
jeff doyle and bgp fsm...
this gives me brain flotsam... jeff doyle had igor whiteboard this mess... sorry dr. frankenstein, but the absurdity of it will make us look smarter than them...
the above is for Will Hunting... jeff, that's a swing and a miss for the human's on the planet...
below, is for the outpatients...
you can follow this one... see the excellent link for more...
http://www.inetdaemon.com/tutorials/internet/ip/routing/bgp/operation/finite_state_model.shtml
R3# sh ip bgp neigh 1.1.1.1
BGP neighbor is 1.1.1.1, remote AS 123, internal link
BGP version 4, remote router ID 1.1.1.1
BGP state = Established, up for 01:05:12
the above is for Will Hunting... jeff, that's a swing and a miss for the human's on the planet...
below, is for the outpatients...
you can follow this one... see the excellent link for more...
http://www.inetdaemon.com/tutorials/internet/ip/routing/bgp/operation/finite_state_model.shtml
R3# sh ip bgp neigh 1.1.1.1
BGP neighbor is 1.1.1.1, remote AS 123, internal link
BGP version 4, remote router ID 1.1.1.1
BGP state = Established, up for 01:05:12
quote of the day... netcerts.net...
bgp... live it, breathe it, hate it...
http://netcerts.net/bgp-path-attributes-and-the-decision-process/
this guy, amit, belongs in your bookmarks... bookmark him NOW...
a BGP Speaker will add its AS number to the AS_Path only when an Update message is being sent to the neighbor which means only when BGP is advertising the route to the peer it will prepend its AS number to the AS_Path attribute.
repetition makes the heart grow fonder... arghh... of course there are a million little rules for bgp because you have to do everything for it... it should be called a no-routing protocol...
it's articles like his that speak to how far you have to go... the never ending story...
http://netcerts.net/bgp-path-attributes-and-the-decision-process/
this guy, amit, belongs in your bookmarks... bookmark him NOW...
a BGP Speaker will add its AS number to the AS_Path only when an Update message is being sent to the neighbor which means only when BGP is advertising the route to the peer it will prepend its AS number to the AS_Path attribute.
repetition makes the heart grow fonder... arghh... of course there are a million little rules for bgp because you have to do everything for it... it should be called a no-routing protocol...
it's articles like his that speak to how far you have to go... the never ending story...
Friday, January 25, 2013
radix tree redux...
i forgot to remember that i passed the 800 post marker this morning...
i noticed some of you looking at this old post about radix trees...
http://insearchofthecert.blogspot.com/2012/09/radix-tree.html
when i bumped into mtrie the other day digging into cef i thought of resurrecting it, but then went onto something else...
however:
http://www.google.com/patents/US7149216
a trie data structure is used to map a multicast packet header by a sequence of nodes that match on destination address or source address.
or
A device for switching packets at high speed. For each packet, the A device matches packet data with protocols, to determine how to switch the packet.
Inventor: David R. Cheriton
Original Assignee: Cisco Technology, Inc.
cisco has quite a storied history of patents with this...
and yet another book i should read one day:
http://books.google.com/books?id=IDmpiQd5FwwC&pg=PA60&lpg=PA60&dq=mtrie+cisco&source=bl&ots=q6uuTZMdWE&sig=RrpCrfEfMZJOmPcO8CiQKFAQwCQ&hl=en&sa=X&ei=VHICUYvFL6LC0QG4-4C4BQ&ved=0CEMQ6AEwAQ#v=onepage&q=mtrie%20cisco&f=false
i noticed some of you looking at this old post about radix trees...
http://insearchofthecert.blogspot.com/2012/09/radix-tree.html
when i bumped into mtrie the other day digging into cef i thought of resurrecting it, but then went onto something else...
however:
http://www.google.com/patents/US7149216
a trie data structure is used to map a multicast packet header by a sequence of nodes that match on destination address or source address.
or
A device for switching packets at high speed. For each packet, the A device matches packet data with protocols, to determine how to switch the packet.
Inventor: David R. Cheriton
Original Assignee: Cisco Technology, Inc.
cisco has quite a storied history of patents with this...
and yet another book i should read one day:
http://books.google.com/books?id=IDmpiQd5FwwC&pg=PA60&lpg=PA60&dq=mtrie+cisco&source=bl&ots=q6uuTZMdWE&sig=RrpCrfEfMZJOmPcO8CiQKFAQwCQ&hl=en&sa=X&ei=VHICUYvFL6LC0QG4-4C4BQ&ved=0CEMQ6AEwAQ#v=onepage&q=mtrie%20cisco&f=false
max-metric router-lsa on-startup wait-for-bgp...
o yeah, it's real, you should say something...
an infinite cost can be advertised by an ospf transit router until bgp comes up...
benefit: http://www.cisco.com/en/US/products/ps6599/products_white_paper09186a00800ade18.shtml
this is very exciting...
It can be desirable to have a router in a network that is not a transit router. A "transit router" forwards traffic that is not destined for networks directly connected to the router. A router that only forwards packets destined to its directly connected links is known as a "stub router". In OSPF networks, a router could become a stub router by advertising large metrics for its connected links, so that the cost of a path through this router becomes larger than that of an alternative path. It does not matter what specific metrics are advertised in a stub network that is connected to the router, because data must reach the network via the stub router itself.
and you thought it was safe to go back in the water...
infinity is 16,777,215 in ospf...
that's 2^24 = 16,777,216
this is better than coffee first thing in the morning...
an infinite cost can be advertised by an ospf transit router until bgp comes up...
benefit: http://www.cisco.com/en/US/products/ps6599/products_white_paper09186a00800ade18.shtml
- Graceful removal of an OSPF router from
networks (i.e. to upgrade software or to perform maintenance) and
reduction in packet drop
- Reduce black-hole packet dropping when interacting with BGP
this is very exciting...
It can be desirable to have a router in a network that is not a transit router. A "transit router" forwards traffic that is not destined for networks directly connected to the router. A router that only forwards packets destined to its directly connected links is known as a "stub router". In OSPF networks, a router could become a stub router by advertising large metrics for its connected links, so that the cost of a path through this router becomes larger than that of an alternative path. It does not matter what specific metrics are advertised in a stub network that is connected to the router, because data must reach the network via the stub router itself.
and you thought it was safe to go back in the water...
infinity is 16,777,215 in ospf...
that's 2^24 = 16,777,216
this is better than coffee first thing in the morning...
quote of the day... ospf auth...
you have been warned...
NOTE
OSPF authentication is a good place for tricky CCIE lab questions—ones that can be solved in a few minutes if you know all the intricacies.
of course... authentication can create havoc with routing protocols... and yes, the configuration for eigrp, ospf and bgp are unique to each routing protocol...
so what's the plan... you hate it so much that you love it... like frame relay, dtp, vtp, or whatever your particular hateful protocol might be...
bring the hate and you will find the love...
the devil's in the details, baby...
NOTE
OSPF authentication is a good place for tricky CCIE lab questions—ones that can be solved in a few minutes if you know all the intricacies.
of course... authentication can create havoc with routing protocols... and yes, the configuration for eigrp, ospf and bgp are unique to each routing protocol...
so what's the plan... you hate it so much that you love it... like frame relay, dtp, vtp, or whatever your particular hateful protocol might be...
bring the hate and you will find the love...
the devil's in the details, baby...
Thursday, January 24, 2013
ccie... concentrate...
this is a companion to an earlier post...
i've heard complaints about wendell's cert guide for ccie r&s... regardless of the complaints it is a must read... end of story there...
it is very long but so is this adventure... by contrast the ccie quick reference is only 250 pages... i have to laugh as i look at that... quick ref, only 250 pages, there's some irony in that...
here's the thing; yeah i'm gonna tell you the thing... this stuff is not meant to be read like normal human's would read... you have to dissect this shit with a microscope...
here's an example:
i have read various articles about the elusive lsa type 4, and i'm pretty sure i have a good handle on that one... elaborate articles, with configuration examples, output, all that...
if you are simply reading, which means, looking, you will miss this:
When an ABR then floods the type 5 LSA into another area, the ABR creates a type 4 LSA, listing the ABR’s metric to reach the ASBR that created the type 5 LSA.
it is frightening how you can convince yourself you got it when you read it when in fact you missed the whole thing...
the ABR creates a type 4 LSA, listing the ABR’s metric to reach the ASBR that created the type 5 LSA.
now that's the thing
the ABR creates a type 4 LSA, listing the ABR’s metric to reach the ASBR that created the type 5 LSA.
the ABR creates a type 4 LSA, listing the ABR’s metric to reach the ASBR that created the type 5 LSA.
i've heard complaints about wendell's cert guide for ccie r&s... regardless of the complaints it is a must read... end of story there...
it is very long but so is this adventure... by contrast the ccie quick reference is only 250 pages... i have to laugh as i look at that... quick ref, only 250 pages, there's some irony in that...
here's the thing; yeah i'm gonna tell you the thing... this stuff is not meant to be read like normal human's would read... you have to dissect this shit with a microscope...
here's an example:
i have read various articles about the elusive lsa type 4, and i'm pretty sure i have a good handle on that one... elaborate articles, with configuration examples, output, all that...
if you are simply reading, which means, looking, you will miss this:
When an ABR then floods the type 5 LSA into another area, the ABR creates a type 4 LSA, listing the ABR’s metric to reach the ASBR that created the type 5 LSA.
it is frightening how you can convince yourself you got it when you read it when in fact you missed the whole thing...
the ABR creates a type 4 LSA, listing the ABR’s metric to reach the ASBR that created the type 5 LSA.
now that's the thing
the ABR creates a type 4 LSA, listing the ABR’s metric to reach the ASBR that created the type 5 LSA.
the ABR creates a type 4 LSA, listing the ABR’s metric to reach the ASBR that created the type 5 LSA.
quote of the day... odom
wendell, you have the floor:
Neighbors—Two routers that share a common data link, that exchange Hello messages, and the Hellos must match for certain parameters.
Adjacent (fully adjacent)—Two neighbors that have completed the process of fully exchanging DD and LSU packets directly between each other.
and further (this is the big one)
if a DR is elected, the election occurs after the routers have become
neighbors, but before they send DD packets and reach the ExStart neighbor state. When an OSPF router reaches the 2-way state with the first neighbor on an interface, it has already received at least one Hello from that neighbor.
translation:
after neighbors but before adjacency:
hellos begin at init...
two-way is established upon hello reception NEIGHBORS
exstart determines master/slave
exchange (exchange dd)
loading compare dd... bring lsa's up to speed with lsr's... ACKNOWLEDGE
full = synchronization
Neighbors—Two routers that share a common data link, that exchange Hello messages, and the Hellos must match for certain parameters.
Adjacent (fully adjacent)—Two neighbors that have completed the process of fully exchanging DD and LSU packets directly between each other.
and further (this is the big one)
if a DR is elected, the election occurs after the routers have become
neighbors, but before they send DD packets and reach the ExStart neighbor state. When an OSPF router reaches the 2-way state with the first neighbor on an interface, it has already received at least one Hello from that neighbor.
translation:
after neighbors but before adjacency:
hellos begin at init...
two-way is established upon hello reception NEIGHBORS
exstart determines master/slave
exchange (exchange dd)
loading compare dd... bring lsa's up to speed with lsr's... ACKNOWLEDGE
full = synchronization
eigrp/ospf packet types...
R3#sh ip eigrp traff
IP-EIGRP Traffic Statistics for AS 1
Hellos sent/received: 55475/55473
Updates sent/received: 26/29
Queries sent/received: 3/0
Replies sent/received: 0/1
Acks sent/received: 13/17
Input queue high water mark 2, 0 drops
SIA-Queries sent/received: 0/0
SIA-Replies sent/received: 0/0
DLS2#sh ip ospf traff
OSPF statistics:
Rcvd: 50040 total, 0 checksum errors
47851 hello, 35 database desc, 8 link state req
979 link state updates, 1167 link state acks
Sent: 53573 total
50795 hello, 49 database desc, 8 link state req
2154 link state updates, 570 link state acks
OSPF Router with ID (10.1.212.1) (Process ID 1)
OSPF queue statistics for process ID 1:
InputQ UpdateQ OutputQ
Limit 0 200 0
Drops 0 0 0
Max delay [msec] 17 210 0
Max size 3 3 2
Invalid 0 0 0
Hello 0 0 1
DB des 1 1 1
LS req 1 1 0
LS upd 1 1 0
LS ack 0 0 0
and let's not forget bgp messaging
IP-EIGRP Traffic Statistics for AS 1
Hellos sent/received: 55475/55473
Updates sent/received: 26/29
Queries sent/received: 3/0
Replies sent/received: 0/1
Acks sent/received: 13/17
Input queue high water mark 2, 0 drops
SIA-Queries sent/received: 0/0
SIA-Replies sent/received: 0/0
DLS2#sh ip ospf traff
OSPF statistics:
Rcvd: 50040 total, 0 checksum errors
47851 hello, 35 database desc, 8 link state req
979 link state updates, 1167 link state acks
Sent: 53573 total
50795 hello, 49 database desc, 8 link state req
2154 link state updates, 570 link state acks
OSPF Router with ID (10.1.212.1) (Process ID 1)
OSPF queue statistics for process ID 1:
InputQ UpdateQ OutputQ
Limit 0 200 0
Drops 0 0 0
Max delay [msec] 17 210 0
Max size 3 3 2
Invalid 0 0 0
Hello 0 0 1
DB des 1 1 1
LS req 1 1 0
LS upd 1 1 0
LS ack 0 0 0
and let's not forget bgp messaging
1 | OPEN message | Used to open BGP sessions |
2 | UPDATE message | Carries route updates for established BGP sessions |
3 | NOTIFICATION message | Notifies a peer router of an error condition |
4 | KEEPALIVE message | Sent between BGP peering routers to verify BGP session |
5 | ROUTE-REFRESH message | An optional message (negotiated during capability advertisement) that is sent to request dynamic BGP route updates from the Adj-RIB-Out table of a remote BGP speaker |
eigrp rtp...
this one never goes away...
http://insearchofthecert.blogspot.com/2012/11/rtp-in-eigrp.html
In order to ensure that routing updates and queries are not lost, we need a way to make certain other routers have received these multicast packets intact and to recover from errors if they haven’t. For these reasons, updates and queries are handled by the reliable multicast transport in EIGRP.
like ospf, eigrp uses a protocol, 88 (ospf uses 89) and unlike bgp which uses tcp port 179...
these numbers are often referred to as ports in ospf and eigrp... they are protocols, not tcp or udp ports...
then of course, wendell has his say...
RTP allows the Updates to be sent as multicasts. If any neighbors fail to acknowledge receipt of the multicasted update, RTP resends Updates as unicasts just to those neighbors.
this is a fine point, but russ and wendell appear to be agreeing here; differently...
http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xml
http://insearchofthecert.blogspot.com/2012/11/rtp-in-eigrp.html
In order to ensure that routing updates and queries are not lost, we need a way to make certain other routers have received these multicast packets intact and to recover from errors if they haven’t. For these reasons, updates and queries are handled by the reliable multicast transport in EIGRP.
like ospf, eigrp uses a protocol, 88 (ospf uses 89) and unlike bgp which uses tcp port 179...
these numbers are often referred to as ports in ospf and eigrp... they are protocols, not tcp or udp ports...
then of course, wendell has his say...
RTP allows the Updates to be sent as multicasts. If any neighbors fail to acknowledge receipt of the multicasted update, RTP resends Updates as unicasts just to those neighbors.
this is a fine point, but russ and wendell appear to be agreeing here; differently...
http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xml
Wednesday, January 23, 2013
you will authenticate everything...
it's one of those things you just have to suck up... authenticate everything...
you can't fight it... can't afford to take a hit on something like that in time pressure...
the above video is a work of art...
md5 is the only authentication type available for eigrp... but don't trust me... put your faith in the doccd...
but arteq, why on earth then does md5 need to be specified in the configuration command...
right.........................................................................................................................
gre tunnel config...
in the ccie r&s cert guide wendell uses a configuration example whereby the source is a source interface, and the destination is an ip address... i can't imagine that this is some kind of best practice situation... at the end of this chapter he restates the configuration commands where again, the source for the tunnel is an interface, ie, loopback 0 (as if there are no other choices, see below), and the destination is an ip address... i'm not clear why he is insistent on this point...
perhaps you save some typing, i don't know... i like to always use an ip address for both source and destination...
these are the facts...
DLS1(config-if)#tunn source ?
A.B.C.D ip address
Async Async interface
Auto-Template Auto-Template interface
BVI Bridge-Group Virtual Interface
CTunnel CTunnel interface
Dialer Dialer interface
FastEthernet FastEthernet IEEE 802.3
Filter Filter interface
Filtergroup Filter Group interface
GigabitEthernet GigabitEthernet IEEE 802.3z
GroupVI Group Virtual interface
Lex Lex interface
Loopback Loopback interface
Null Null interface
Port-channel Ethernet Channel of interfaces
Portgroup Portgroup interface
Pos-channel POS Channel of interfaces
Tunnel Tunnel interface
Vif PGM Multicast Host interface
Virtual-Template Virtual Template interface
Virtual-TokenRing Virtual TokenRing
Vlan Catalyst Vlans
X:X:X:X::X IPv6 address
fcpa Fiber Channel
so given a configuration task would it be incorrect if the question stated "use the loopback" as the tunnel source, and you used the ip address of the loopback instead...
for me they are equivalent...
perhaps you save some typing, i don't know... i like to always use an ip address for both source and destination...
these are the facts...
DLS1(config-if)#tunn source ?
A.B.C.D ip address
Async Async interface
Auto-Template Auto-Template interface
BVI Bridge-Group Virtual Interface
CTunnel CTunnel interface
Dialer Dialer interface
FastEthernet FastEthernet IEEE 802.3
Filter Filter interface
Filtergroup Filter Group interface
GigabitEthernet GigabitEthernet IEEE 802.3z
GroupVI Group Virtual interface
Lex Lex interface
Loopback Loopback interface
Null Null interface
Port-channel Ethernet Channel of interfaces
Portgroup Portgroup interface
Pos-channel POS Channel of interfaces
Tunnel Tunnel interface
Vif PGM Multicast Host interface
Virtual-Template Virtual Template interface
Virtual-TokenRing Virtual TokenRing
Vlan Catalyst Vlans
X:X:X:X::X IPv6 address
fcpa Fiber Channel
so given a configuration task would it be incorrect if the question stated "use the loopback" as the tunnel source, and you used the ip address of the loopback instead...
for me they are equivalent...
classful, classless and default routing...
a whiter shade of pale...
does it ever piss you off that you know, or are supposed to know some of these ridiculous distinctions...
for instance, you know the difference between classful and classless... one has it's basis in the iron age and the other is the modern day default... the age of vlsm has made classful routing completely irrelevant...
with classless routing if there is not a prefix match in the routing table, the default route will be used... that's very nice... can you say gateway of last resort...
with classful routing, if the classful network does not exist in the routing table, the default route will be used... good, however, if any part of that classful network exists in the routing table, and the route doesn't match a subnet in that classful network, the default route will not be used; the packet will be dropped...
so much for the default friggin route in classful routing...
i'm very sorry i know this...
does it ever piss you off that you know, or are supposed to know some of these ridiculous distinctions...
for instance, you know the difference between classful and classless... one has it's basis in the iron age and the other is the modern day default... the age of vlsm has made classful routing completely irrelevant...
with classless routing if there is not a prefix match in the routing table, the default route will be used... that's very nice... can you say gateway of last resort...
with classful routing, if the classful network does not exist in the routing table, the default route will be used... good, however, if any part of that classful network exists in the routing table, and the route doesn't match a subnet in that classful network, the default route will not be used; the packet will be dropped...
so much for the default friggin route in classful routing...
i'm very sorry i know this...
Labels:
classful,
classless,
defaulr route
quest...
if you've come here looking for answers, you took a wrong turn in albuquerque...
there are no answers here, just more questions...
this is a quest, and the red knight lurks at every corner to slaughter you...
the answer you seek is in the mirror...
just ask Cord the Seeker...
there are no answers here, just more questions...
this is a quest, and the red knight lurks at every corner to slaughter you...
the answer you seek is in the mirror...
just ask Cord the Seeker...
kim ninja...
he's definitely worth a look...
http://noc-ninja.com/2013/01/
he's correct when he says it takes "balls of steel" to attempt this... someone somewhere once said this is a marathon... it is...
i'm still delighted and impressed with the net academy lab manual... i went through a lot of pain to make the manual and the labs work for me, and they did to the nth degree... i don't give a shit if you're sick of hearing it; go somewhere else... in all of ccnp that has been the best thing i've tortured myself with, bar none...
so i've been taking a breather from tshoot since yesterday, reading through the ccie cert guide, catching up on anki's and digging around the doccd...
what i mean by reading through is just that; a first pass as a yard stick measure... i actually bought the ccie pdf as a present for passing route, but i've been sitting on it... i'm in no rush to the tshoot exam as i'm discovering a lot of integration here... just like route and switch, tshoot is getting it's due from me...
and just like i did with switch and route, i peek into the abyss from time to time...
last night it dawned on me just how valuable the tshoot labs have been when i looked at wendell's services chapter... it started to make sense how some say that the ccie cert guide has it all... it also made sense that others think of it as an outline, or elaborate blueprint... my early take on it is this; it is a broad brush stroke... it is a pointer... it is an indicator...
the chapter on services is 20 pages and includes the following:
Hot Standby Router Protocol (HSRP)
Gateway Load Balancing Protocol (GLBP)
Virtual Router Redundancy Protocol (VRRP)
Dynamic Host Configuration Protocol (DHCP)
Network Time Protocol (NTP)
Web Cache Communication Protocol (WCCP)
Network Management
Logging and Syslog
Troubleshoot Network Services
Implement IP Service Level Agreement (IP SLA)
Implement NetFlow
Implement Router IP Traffic Export (RITE)
Implement SNMP
Implement Cisco IOS Embedded Event Manager
(EEM)
Implement Remote Monitoring (RMON)
Implement FTP
Implement TFTP
Implement TFTP Server on Router
Implement Secure Copy Protocol (SCP)
Implement HTTP and HTTPS
Implement Telnet
Implement SSH
yeah, twenty pages... shit...
but back to the tshoot manual... almost all of the above is covered in the labs... i was thrilled... also most of that i have real world experience with over the years... but that's not enough...
so something like RITE is 2 pages... that ain't getting it... try looking up RITE in the doccd... in fact, look for each of the topics above on the doccd as an exercise... they are a bit scattered; it takes some effort
for me the ccie cert guide will not be enough... if you think it will be for you, good for you and have a nice day...
by the way, I couldn't find RITE in the configuration guide... i found it here:
http://www.cisco.com/en/US/docs/ios/12_4t/12_4t11/ht_rawip.html
as they say, good luck with your search...
http://noc-ninja.com/2013/01/
he's correct when he says it takes "balls of steel" to attempt this... someone somewhere once said this is a marathon... it is...
i'm still delighted and impressed with the net academy lab manual... i went through a lot of pain to make the manual and the labs work for me, and they did to the nth degree... i don't give a shit if you're sick of hearing it; go somewhere else... in all of ccnp that has been the best thing i've tortured myself with, bar none...
so i've been taking a breather from tshoot since yesterday, reading through the ccie cert guide, catching up on anki's and digging around the doccd...
what i mean by reading through is just that; a first pass as a yard stick measure... i actually bought the ccie pdf as a present for passing route, but i've been sitting on it... i'm in no rush to the tshoot exam as i'm discovering a lot of integration here... just like route and switch, tshoot is getting it's due from me...
and just like i did with switch and route, i peek into the abyss from time to time...
last night it dawned on me just how valuable the tshoot labs have been when i looked at wendell's services chapter... it started to make sense how some say that the ccie cert guide has it all... it also made sense that others think of it as an outline, or elaborate blueprint... my early take on it is this; it is a broad brush stroke... it is a pointer... it is an indicator...
the chapter on services is 20 pages and includes the following:
Hot Standby Router Protocol (HSRP)
Gateway Load Balancing Protocol (GLBP)
Virtual Router Redundancy Protocol (VRRP)
Dynamic Host Configuration Protocol (DHCP)
Network Time Protocol (NTP)
Web Cache Communication Protocol (WCCP)
Network Management
Logging and Syslog
Troubleshoot Network Services
Implement IP Service Level Agreement (IP SLA)
Implement NetFlow
Implement Router IP Traffic Export (RITE)
Implement SNMP
Implement Cisco IOS Embedded Event Manager
(EEM)
Implement Remote Monitoring (RMON)
Implement FTP
Implement TFTP
Implement TFTP Server on Router
Implement Secure Copy Protocol (SCP)
Implement HTTP and HTTPS
Implement Telnet
Implement SSH
yeah, twenty pages... shit...
but back to the tshoot manual... almost all of the above is covered in the labs... i was thrilled... also most of that i have real world experience with over the years... but that's not enough...
so something like RITE is 2 pages... that ain't getting it... try looking up RITE in the doccd... in fact, look for each of the topics above on the doccd as an exercise... they are a bit scattered; it takes some effort
for me the ccie cert guide will not be enough... if you think it will be for you, good for you and have a nice day...
by the way, I couldn't find RITE in the configuration guide... i found it here:
http://www.cisco.com/en/US/docs/ios/12_4t/12_4t11/ht_rawip.html
as they say, good luck with your search...
Labels:
ccie,
ccnp,
kim ninja,
net acad tshoot
Tuesday, January 22, 2013
sh run...
hit it wendell...
As in all CCIE exams, you should expect that the easiest or most direct ways to a solution might be unavailable to you. In troubleshooting, perhaps the easiest way to the source of most problems is through the show run command or variations on it. Therefore, we’ll institute a simple “no show run” rule in this section that will force you to use your knowledge of more in-depth troubleshooting commands in the Cisco IOS portion of this section.
and he's right...
sh run is for pussy's...
As in all CCIE exams, you should expect that the easiest or most direct ways to a solution might be unavailable to you. In troubleshooting, perhaps the easiest way to the source of most problems is through the show run command or variations on it. Therefore, we’ll institute a simple “no show run” rule in this section that will force you to use your knowledge of more in-depth troubleshooting commands in the Cisco IOS portion of this section.
and he's right...
sh run is for pussy's...
tshoot lab manual...
i thought i'd avoid much commentary about the tshoot net acad lab manual, but this is worth a mention...
look at this:
DLS1#sh run int f0/5
Building configuration...
Current configuration : 163 bytes
!
interface FastEthernet0/5
description FE to R1
no switchport
ip address 10.1.2.1 255.255.255.252
speed 100
duplex full
spanning-tree bpduguard enable
end
note this is a distribution switch... note it is connected to a router... it is a routed port and it has bpduguard on it... i remember a long time ago watching an anthony sequiera (sic) video where he demonstrates how to errdisable a switchport using a router... about a week ago i was watching jeremy cioara vids on tshoot, where he had to troubleshoot a situation just like this...
like chucky says to the interviewers in Good Will Hunting, "you're suspect..."
DLS1#sh int f0/5 sw
Name: Fa0/5
Switchport: Disabled
DLS1#sh spann int f0/5
no spanning tree info available for FastEthernet0/5
DLS1#sh int f0/5
FastEthernet0/5 is up, line protocol is up (connected)
Hardware is Fast Ethernet, address is 0016.c706.96c2 (bia 0016.c706.96c2)
Description: FE to R1
Internet address is 10.1.2.1/30
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, media type is 10/100BaseTX
input flow-control is off, output flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:02, output 00:00:03, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
26086 packets input, 2944859 bytes, 0 no buffer
Received 10943 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 10899 multicast, 0 pause input
0 input packets with dribble condition detected
23227 packets output, 2507991 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 PAUSE output
0 output buffer failures, 0 output buffers swapped out
i hate to say it but sh run int f0/5 is your only detection...
this is how you do it...
R1(config)#bridge 1 protocol ieee
R1(config)#int f0/0
R1(config-if)#bridge-group 1
DLS1#sh int f0/5
FastEthernet0/5 is up, line protocol is up (connected)
Hardware is Fast Ethernet, address is 0016.c706.96c2 (bia 0016.c706.96c2)
Description: FE to R1
DLS1(config)#int f0/5
DLS1(config-if)#sw
DLS1(config-if)#
.Jan 22 16:48:07.180: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/5, changed state to down
DLS1(config-if)#do
.Jan 22 16:48:09.202: %LINK-3-UPDOWN: Interface FastEthernet0/5, changed state to up
.Jan 22 16:48:10.208: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/5, changed state to up
DLS1(config-if)#do
.Jan 22 16:48:10.619: %SPANTREE-2-BLOCK_BPDUGUARD: Received BPDU on port Fa0/5 with BPDU Guard enabled. Disabling port.
DLS1(config-if)#do
.Jan 22 16:48:10.619: %PM-4-ERR_DISABLE: bpduguard error detected on Fa0/5, putting Fa0/5 in err-disable state
DLS1(config-if)#do
.Jan 22 16:48:11.634: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/5, changed state to down
DLS1(config-if)#do
.Jan 22 16:48:12.632: %LINK-3-UPDOWN: Interface FastEthernet0/5, changed state to down
DLS1#sh int f0/5
FastEthernet0/5 is down, line protocol is down (err-disabled)
Hardware is Fast Ethernet, address is 0016.c706.9687 (bia 0016.c706.9687)
Description: FE to R1
that ain't nice...
look at this:
DLS1#sh run int f0/5
Building configuration...
Current configuration : 163 bytes
!
interface FastEthernet0/5
description FE to R1
no switchport
ip address 10.1.2.1 255.255.255.252
speed 100
duplex full
spanning-tree bpduguard enable
end
note this is a distribution switch... note it is connected to a router... it is a routed port and it has bpduguard on it... i remember a long time ago watching an anthony sequiera (sic) video where he demonstrates how to errdisable a switchport using a router... about a week ago i was watching jeremy cioara vids on tshoot, where he had to troubleshoot a situation just like this...
like chucky says to the interviewers in Good Will Hunting, "you're suspect..."
DLS1#sh int f0/5 sw
Name: Fa0/5
Switchport: Disabled
DLS1#sh spann int f0/5
no spanning tree info available for FastEthernet0/5
DLS1#sh int f0/5
FastEthernet0/5 is up, line protocol is up (connected)
Hardware is Fast Ethernet, address is 0016.c706.96c2 (bia 0016.c706.96c2)
Description: FE to R1
Internet address is 10.1.2.1/30
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, media type is 10/100BaseTX
input flow-control is off, output flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:02, output 00:00:03, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
26086 packets input, 2944859 bytes, 0 no buffer
Received 10943 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 10899 multicast, 0 pause input
0 input packets with dribble condition detected
23227 packets output, 2507991 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 PAUSE output
0 output buffer failures, 0 output buffers swapped out
i hate to say it but sh run int f0/5 is your only detection...
this is how you do it...
R1(config)#bridge 1 protocol ieee
R1(config)#int f0/0
R1(config-if)#bridge-group 1
DLS1#sh int f0/5
FastEthernet0/5 is up, line protocol is up (connected)
Hardware is Fast Ethernet, address is 0016.c706.96c2 (bia 0016.c706.96c2)
Description: FE to R1
DLS1(config)#int f0/5
DLS1(config-if)#sw
DLS1(config-if)#
.Jan 22 16:48:07.180: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/5, changed state to down
DLS1(config-if)#do
.Jan 22 16:48:09.202: %LINK-3-UPDOWN: Interface FastEthernet0/5, changed state to up
.Jan 22 16:48:10.208: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/5, changed state to up
DLS1(config-if)#do
.Jan 22 16:48:10.619: %SPANTREE-2-BLOCK_BPDUGUARD: Received BPDU on port Fa0/5 with BPDU Guard enabled. Disabling port.
DLS1(config-if)#do
.Jan 22 16:48:10.619: %PM-4-ERR_DISABLE: bpduguard error detected on Fa0/5, putting Fa0/5 in err-disable state
DLS1(config-if)#do
.Jan 22 16:48:11.634: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/5, changed state to down
DLS1(config-if)#do
.Jan 22 16:48:12.632: %LINK-3-UPDOWN: Interface FastEthernet0/5, changed state to down
DLS1#sh int f0/5
FastEthernet0/5 is down, line protocol is down (err-disabled)
Hardware is Fast Ethernet, address is 0016.c706.9687 (bia 0016.c706.9687)
Description: FE to R1
that ain't nice...
speaking of wendell & co...
here is a video of the three authors of ccie cert guide v4, wendell, denise and russ... pay particular attention as they detail the challenges of writing it, vis a vis, their imposed limitations on content...
http://www.pearsonitcertification.com/podcasts/episode.aspx?e=343fb0d3-43f8-4b32-88be-fef8610829bf
i have heard many well placed individuals emphatically declare that for the written, cert guide v4 is all that's needed... that may well be, but i ain't buying it... i have a whole other plan that includes many supplements over the next year or so...
to my point:
if they were so fearful of their limitations why did they waste valuable pages on VTP... there are even several mentions of ISL sprinkled in there, to include a diagram of it's encapsulation!
for the most part i'm enjoying the read, but my eyes just glaze over when confronted with VTP... they also mention Lan Switching as a reference... hello? 1999, CatOs, bye bye... but to give CatOs some credit, those guys had the presence of mind to allow for actually shutting VTP off, unlike IOS where the best you can do is transparent...
urf...
http://www.pearsonitcertification.com/podcasts/episode.aspx?e=343fb0d3-43f8-4b32-88be-fef8610829bf
i have heard many well placed individuals emphatically declare that for the written, cert guide v4 is all that's needed... that may well be, but i ain't buying it... i have a whole other plan that includes many supplements over the next year or so...
to my point:
if they were so fearful of their limitations why did they waste valuable pages on VTP... there are even several mentions of ISL sprinkled in there, to include a diagram of it's encapsulation!
for the most part i'm enjoying the read, but my eyes just glaze over when confronted with VTP... they also mention Lan Switching as a reference... hello? 1999, CatOs, bye bye... but to give CatOs some credit, those guys had the presence of mind to allow for actually shutting VTP off, unlike IOS where the best you can do is transparent...
urf...
altn, bkup, rapid-...
it is paramount to note that rapid-pvst+ not only defined a discarding port role to replace the ineffective blocking and listening port states from 802.1d (pvst+ for cisco indoctrinates) but also the port roles of alt and bkup...
altn is simply an alternate root port on a non root switch that will take over in case of root port failure...
backup is the same idea for the dp of a segment...
this is an important distinction which allows for quick replacement in case of failure...
it's also worth noting that the fast's are built into the protocol (portfast, backbonefast and uplinkfast)
this was actually a segue to this seemingly silly command:
spanning-tree link-type point-to-point
what the hell is that?
by definition a full duplex port is point-to-point, and when would you ever need to declare something that is already declared by default... when connecting to a shared (half duplex port) or mst port perhaps...
here are some thoughts on this, er, thing:
http://cciepursuit.wordpress.com/2008/03/07/spanning-tree-link-type/
i find it very interesting that wendell and company blast through this in:
CCIE Routing and Switching
Certification Guide
Fourth Edition
Configuring RPVST+ is straightforward. In global configuration mode, issue the spanning-tree mode rapid-pvst command. Then, optionally, on an interface (VLAN, physical, or PortChannel), configure the spanning-tree link-type point-to-point command. This configures the port for fast changeover to the forwarding state.
this leads me to believe that the ccie cert guide v4 bears meticulous viewing for such loaded weapons...
altn is simply an alternate root port on a non root switch that will take over in case of root port failure...
backup is the same idea for the dp of a segment...
this is an important distinction which allows for quick replacement in case of failure...
it's also worth noting that the fast's are built into the protocol (portfast, backbonefast and uplinkfast)
this was actually a segue to this seemingly silly command:
spanning-tree link-type point-to-point
what the hell is that?
by definition a full duplex port is point-to-point, and when would you ever need to declare something that is already declared by default... when connecting to a shared (half duplex port) or mst port perhaps...
here are some thoughts on this, er, thing:
http://cciepursuit.wordpress.com/2008/03/07/spanning-tree-link-type/
i find it very interesting that wendell and company blast through this in:
CCIE Routing and Switching
Certification Guide
Fourth Edition
Configuring RPVST+ is straightforward. In global configuration mode, issue the spanning-tree mode rapid-pvst command. Then, optionally, on an interface (VLAN, physical, or PortChannel), configure the spanning-tree link-type point-to-point command. This configures the port for fast changeover to the forwarding state.
this leads me to believe that the ccie cert guide v4 bears meticulous viewing for such loaded weapons...
Monday, January 21, 2013
tshoot net acad lab man...
that was impressive, tedious, very time consuming, but worth it...
33 labs in about two weeks... you will be amazed what you take away from the experience of this... i haven't posted much about these labs, and i'm glad i refrained... another great point is there are no answer sheets... this thing is all about discovery... you owe this to yourself...
if you are going through tshoot, you don't want to forget about this one... this is essential... in fact if you are going through ccnp, you should do each section's lab manual, switch and route included, no question...
you've seen the tshoot topologies; you can bet your ass their guts are based on this... the last lab is a very pleasant surprise by the way... i was actually moved by it... if you go through this you will understand what i'm talking about...
rest assured, i'll be doing these in the near future:
we'll see what ole marty brings...
33 labs in about two weeks... you will be amazed what you take away from the experience of this... i haven't posted much about these labs, and i'm glad i refrained... another great point is there are no answer sheets... this thing is all about discovery... you owe this to yourself...
if you are going through tshoot, you don't want to forget about this one... this is essential... in fact if you are going through ccnp, you should do each section's lab manual, switch and route included, no question...
you've seen the tshoot topologies; you can bet your ass their guts are based on this... the last lab is a very pleasant surprise by the way... i was actually moved by it... if you go through this you will understand what i'm talking about...
rest assured, i'll be doing these in the near future:
we'll see what ole marty brings...
whoa... INE and agnostic books...
INE often touts books that are not cisco, because, well, they are not cisco... their point is valid; reading vendor agnostic books is probably a good thing because you are not stuck with a single vendor's idea's and gear, and ideas about their gear, and gear about their ideas, and, ad nauseum... it is a valid point...
so here is a link to their recommended reading list:
http://www.ine.com/resources/cciebooks.htm
and because i do, i ventured over there to have a look... one of the agnostic books featured is this:
http://www.amazon.com/gp/product/0201398613
this is not a joke... look closely...
that's right... look again... that is one thousand fifty seven dollars and seventy six cents...
for a new copy... well since it's a new copy, of course... and it was written in 2001 which makes it almost modern for an industry that changes every eleven seconds... that's a little more than a buck a page... just for reference, the ccna program was 3 years old at the publication of this book...
i think the reason it costs so much is that it comes with an original floppy disk chock full of word perfect documents...as an extra added bonus there's lots of chapters devoted to IPX...
so here is a link to their recommended reading list:
http://www.ine.com/resources/cciebooks.htm
and because i do, i ventured over there to have a look... one of the agnostic books featured is this:
http://www.amazon.com/gp/product/0201398613
this is not a joke... look closely...
that's right... look again... that is one thousand fifty seven dollars and seventy six cents...
for a new copy... well since it's a new copy, of course... and it was written in 2001 which makes it almost modern for an industry that changes every eleven seconds... that's a little more than a buck a page... just for reference, the ccna program was 3 years old at the publication of this book...
i think the reason it costs so much is that it comes with an original floppy disk chock full of word perfect documents...as an extra added bonus there's lots of chapters devoted to IPX...
Sunday, January 20, 2013
port channel and interfaces...
this is a bit of a repeat from an earlier post, but it bears repeating... so i'm gonna repeat... and i don't care if you care... so there...
if you make a change to the hardware interfaces that are members of a portchannel they will fall out, or rather, get suspended...
it is too bad that the show interfaces command on a physical interface does not mention which portchannel they are members of... the show interfaces command on a port channel, however does show the member interfaces...
DLS2#sh int f0/2
FastEthernet0/2 is up, line protocol is up (connected)
Hardware is Fast Ethernet, address is 0016.479e.5f84 (bia 0016.479e.5f84)
Description: Channel to ALS1
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, media type is 10/100BaseTX
input flow-control is off, output flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:43, output 00:00:04, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
4685 packets input, 563671 bytes, 0 no buffer
Received 2721 broadcasts (2465 multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 2465 multicast, 0 pause input
0 input packets with dribble condition detected
17440 packets output, 1375217 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 PAUSE output
0 output buffer failures, 0 output buffers swapped out
see it anywhere? no... good...
DLS2#sh int po10
Port-channel10 is up, line protocol is up (connected)
Hardware is EtherChannel, address is 0016.479e.5f85 (bia 0016.479e.5f85)
Description: Channel to DLS1
MTU 1500 bytes, BW 200000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, link type is auto, media type is unknown
input flow-control is off, output flow-control is unsupported
Members in this channel: Fa0/3 Fa0/4
ARP type: ARPA, ARP Timeout 04:00:00
can't have everything... sh int trunk and etherchann summ is your antidote...
you love them...
DLS2#sh int trunk
Port Mode Encapsulation Status Native vlan
Po2 on 802.1q trunking 900
Po10 on 802.1q trunking 900
Port Vlans allowed on trunk
Po2 10,20,30,100
Po10 10,20,30,50,100,200
Port Vlans allowed and active in management domain
Po2 10,20,30,100
Po10 10,20,30,50,100,200
Port Vlans in spanning tree forwarding state and not pruned
Po2 10,20,30,100
Po10 10,20,30,50,100,200
DLS2#sh etherch summ
Flags: D - down P - bundled in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
U - in use f - failed to allocate aggregator
M - not in use, minimum links not met
u - unsuitable for bundling
w - waiting to be aggregated
d - default port
Number of channel-groups in use: 2
Number of aggregators: 2
Group Port-channel Protocol Ports
------+-------------+-----------+-----------------------------------------------
2 Po2(SU) - Fa0/1(P) Fa0/2(P)
10 Po10(SU) - Fa0/3(P) Fa0/4(P)
some bozack issued the command:
DLS2(config)#int rang f0/3 - 4
DLS2(config-if-range)#no sw noneg
DLS2(config-if-range)#end
DLS2#sh int trunk
Port Mode Encapsulation Status Native vlan
Po2 on 802.1q trunking 900
Port Vlans allowed on trunk
Po2 10,20,30,100
Port Vlans allowed and active in management domain
Po2 10,20,30,100
Port Vlans in spanning tree forwarding state and not pruned
Po2 10,20,30,100
that didn't sit too well with po10, so it bounced them...
DLS2#sh etherch summ
Number of channel-groups in use: 2
Number of aggregators: 2
Group Port-channel Protocol Ports
------+-------------+-----------+-----------------------------------------------
2 Po2(SU) - Fa0/1(P) Fa0/2(P)
10 Po10(SD) - Fa0/3(s) Fa0/4(s)
he wasn't finished...
DLS2#sh int f0/3 sw
Name: Fa0/3
Switchport: Enabled
Administrative Mode: dynamic auto
Operational Mode: down (suspended member of bundle Po10)
Administrative Trunking Encapsulation: negotiate
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 999 (UNUSED)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk associations: none
Administrative private-vlan trunk mappings: none
Operational private-vlan: none
Trunking VLANs Enabled: 10,20,30,50,100,200
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
the quick fix is to set everything good on the portchannel... that will insure uniformity across the interfaces...
DLS2(config)#int po10
DLS2(config-if)#sw trunk encap dot1q
DLS2(config-if)#sw mode trunk
DLS2(config-if)#sw trunk native vlan 900
DLS2(config-if)#sw noneg
DLS2(config-if)#end
DLS2#sh etherch summ
Number of channel-groups in use: 2
Number of aggregators: 2
Group Port-channel Protocol Ports
------+-------------+-----------+-----------------------------------------------
2 Po2(SU) - Fa0/1(P) Fa0/2(P)
10 Po10(SU) - Fa0/3(P) Fa0/4(P)
you can use the interface range command with portchannels too...
if you make a change to the hardware interfaces that are members of a portchannel they will fall out, or rather, get suspended...
it is too bad that the show interfaces command on a physical interface does not mention which portchannel they are members of... the show interfaces command on a port channel, however does show the member interfaces...
DLS2#sh int f0/2
FastEthernet0/2 is up, line protocol is up (connected)
Hardware is Fast Ethernet, address is 0016.479e.5f84 (bia 0016.479e.5f84)
Description: Channel to ALS1
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, media type is 10/100BaseTX
input flow-control is off, output flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:43, output 00:00:04, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
4685 packets input, 563671 bytes, 0 no buffer
Received 2721 broadcasts (2465 multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 2465 multicast, 0 pause input
0 input packets with dribble condition detected
17440 packets output, 1375217 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 PAUSE output
0 output buffer failures, 0 output buffers swapped out
see it anywhere? no... good...
DLS2#sh int po10
Port-channel10 is up, line protocol is up (connected)
Hardware is EtherChannel, address is 0016.479e.5f85 (bia 0016.479e.5f85)
Description: Channel to DLS1
MTU 1500 bytes, BW 200000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, link type is auto, media type is unknown
input flow-control is off, output flow-control is unsupported
Members in this channel: Fa0/3 Fa0/4
ARP type: ARPA, ARP Timeout 04:00:00
can't have everything... sh int trunk and etherchann summ is your antidote...
you love them...
DLS2#sh int trunk
Port Mode Encapsulation Status Native vlan
Po2 on 802.1q trunking 900
Po10 on 802.1q trunking 900
Port Vlans allowed on trunk
Po2 10,20,30,100
Po10 10,20,30,50,100,200
Port Vlans allowed and active in management domain
Po2 10,20,30,100
Po10 10,20,30,50,100,200
Port Vlans in spanning tree forwarding state and not pruned
Po2 10,20,30,100
Po10 10,20,30,50,100,200
DLS2#sh etherch summ
Flags: D - down P - bundled in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
U - in use f - failed to allocate aggregator
M - not in use, minimum links not met
u - unsuitable for bundling
w - waiting to be aggregated
d - default port
Number of channel-groups in use: 2
Number of aggregators: 2
Group Port-channel Protocol Ports
------+-------------+-----------+-----------------------------------------------
2 Po2(SU) - Fa0/1(P) Fa0/2(P)
10 Po10(SU) - Fa0/3(P) Fa0/4(P)
some bozack issued the command:
DLS2(config)#int rang f0/3 - 4
DLS2(config-if-range)#no sw noneg
DLS2(config-if-range)#end
DLS2#sh int trunk
Port Mode Encapsulation Status Native vlan
Po2 on 802.1q trunking 900
Port Vlans allowed on trunk
Po2 10,20,30,100
Port Vlans allowed and active in management domain
Po2 10,20,30,100
Port Vlans in spanning tree forwarding state and not pruned
Po2 10,20,30,100
that didn't sit too well with po10, so it bounced them...
DLS2#sh etherch summ
Number of channel-groups in use: 2
Number of aggregators: 2
Group Port-channel Protocol Ports
------+-------------+-----------+-----------------------------------------------
2 Po2(SU) - Fa0/1(P) Fa0/2(P)
10 Po10(SD) - Fa0/3(s) Fa0/4(s)
he wasn't finished...
DLS2#sh int f0/3 sw
Name: Fa0/3
Switchport: Enabled
Administrative Mode: dynamic auto
Operational Mode: down (suspended member of bundle Po10)
Administrative Trunking Encapsulation: negotiate
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 999 (UNUSED)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk associations: none
Administrative private-vlan trunk mappings: none
Operational private-vlan: none
Trunking VLANs Enabled: 10,20,30,50,100,200
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
the quick fix is to set everything good on the portchannel... that will insure uniformity across the interfaces...
DLS2(config)#int po10
DLS2(config-if)#sw trunk encap dot1q
DLS2(config-if)#sw mode trunk
DLS2(config-if)#sw trunk native vlan 900
DLS2(config-if)#sw noneg
DLS2(config-if)#end
DLS2#sh etherch summ
Number of channel-groups in use: 2
Number of aggregators: 2
Group Port-channel Protocol Ports
------+-------------+-----------+-----------------------------------------------
2 Po2(SU) - Fa0/1(P) Fa0/2(P)
10 Po10(SU) - Fa0/3(P) Fa0/4(P)
you can use the interface range command with portchannels too...
Subscribe to:
Posts (Atom)