I lied.  I am working on IPv6 now.  I’ll do IP Services later.  I am pretty happy with IPv6.  Unfortunately the NM-16-ESWs in my 3640s on Dynamips have a fart when you try and configure an L3 Etherchannel between them.  Now I dont know if this is a Dynamips specific drama, if its the IOS I’m using, or if its the NM-16ESW itself.

*Mar  1 01:22:08.799: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/15, changed state to up

SW-1(config-if-range)#channel-group 1 mode on

SW-1(config)#interface range f0/14 - 15
SW-1(config-if-range)#no switchport
*Mar  1 01:21:46.411: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/14, changed state to up
*Mar  1 01:21:46.495: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/15, changed state to up

would not accept channel-group command with no switchport

SW-1(config-if-range)#switchport
SW-1(config-if-range)#channel-group
*Mar  1 01:22:08.763: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/14, changed state to up

Creating a port-channel interface Port-channel1

OK, L2 channel seems ok

SW-1(config-if-range)#
*Mar  1 01:22:15.135: %EC-5-BUNDLE: Interface Fa0/14 joined port-channel Po1
*Mar  1 01:22:15.171: %EC-5-BUNDLE: Interface Fa0/15 joined port-channel Po1
SW-1(config-if-range)#no switchport

Lets try making the channel group then making it L3 after

SW-1(config-if-range)#
*Mar  1 01:22:18.091: %LINEPROTO-5-UPDOWN: Line protocol on Interface Port-channel1, changed state to up
*Mar  1 01:22:18.571: %EC-5-UNBUNDLE: Interface Fa0/14 left the port-channel Po1
*Mar  1 01:22:18.575: %ESWILP_FLTMG-7-INTERNAL_ERR: Internal error: *** failure to create entry in vtable/vlan 1006/unit 0 -Traceback= 0×603C5124 0×62445AD0 0×6242F2D4 0×62435C50 0×62446340 0×6047F6C4 0×62439F9C 0×6240F680 0×624176B0 0×604057D8 0×604218B0 0×604C229C 0×604C2280

ARRRGGGGHHHHHHHHH

SW-1(config-if-range)#
*Mar  1 01:22:18.595: %EC-5-UNBUNDLE: Interface Fa0/15 left the port-channel Po1
*Mar  1 01:22:19.595: %LINEPROTO-5-UPDOWN: Line protocol on Interface Port-channel1, changed state to down

Up yours Cisco!!!

Played around with it for a bit… Traceback city no matter what I did.  Im not that fussed though, Im pretty happy with RIPng anyway.  I already know how to make L3 Etherchannels so its all good.  I might come back later and just do some inter-router RIPng stuff rather than trying to do it over L3 Etherchannels.  It’s no different really.

Narbik’s OSPFv3 labs are just router only… Let’s try those.

I spent a lot of time on BGP.  Narbik has some nasty regexps in his bootcamp book.  Hopefully they aren’t that nasty in the real lab.

My local Hungry Jacks would have me on their VIP list now.  This study stuff has increased my HJs (Burger King to the rest of the world) intake into orbit.  So much so that will be opening a HJs on the International Space Station just for me!  I have also been relaxing during down time by getting into playing Poker in the National Poker League and watching the World Poker Tour on Joost.  Vince Van Patten is a legend!

Anyway…

I will start work on IP Services now.  I always find that stuff pretty easy.  Security will be next… that’s pretty straightforward too.

So how about Spain last night?  Isn’t it amazing what Fernando Torres can do with a decent bunch of players around him.  Shame he has nothing like that at his current club… Well it’s not a shame really ;)  I was hoping Germany would win but Spain did the business.  Now all I can hope for is Christiano Ronaldo to piss off to Real and for Chelsea to sign Robinho!

Just starting on BGP now…  Thinking about the peer-session templates….

Not sure what I think… For lab purposes I prefer good old copy & paste.  Less crap to go wrong.  I mean I don’t mind peer-groups to have multiple neighbours…  Im a fan of KISS for this kind of stuff.

Onward and upward!

Stuff to work on:

conditional advertisements

aggregation with leaking routes

remembering what community does what!

regexp

Gone through Narbik’s OSPF labs. Went all good with most of them. Not much caught me out.. Just a few obscure commands… Like these:

max-metric router-lsa ! This guy advertises the largest metric so this router is the least preferred path through the network. Never used it before!

area x range xxxxx not-advertise ! to filter route updates as opposed to distribute lists

area x nssa translate type7 suppress-fa ! when converting to type5 LSAs makes the forwarding address 0.0.0.0 as opposed to the one in the type7 LSA

That’s about it really… Like I have mentioned previously, I am finding this stuff too easy for my liking. I dont know if it is because of the methodical nature of Narbik’s books or what. I am not that comfortable with this. I think I will go further through the books and when I’m done, so the Cisco Assessor lab to get my arse into a reality check. Hopefully I balls them up totally so I can see if my fears are realised… But if I do ok with them then I know I am doing something right!

Robert Williams, CEO of Certguard, the self-proclaimed “I hate braindumps” vigilante organisation has publicly defamed Ethan Banks on this website

http://www.networkworld.com/community/node/28444

Mr Williams has claimed that Ethan has used Testkings to study for his Written Exam and as such Ethan should have his CCIE Status revoked.  Now, anyone who has pursued CCIE, is in the process of CCIE, or has otherwise supported someone in their pursuit, knows how long and arduous the process is.  Ethan has only said the content in these dumps is what the exam material is based on, not that he used it as his only study guide.

I reviewed some of the older TestKing material during my final review, although it wasn’t a major focus. The good news is that the TK stuff has a lot of the concepts you need to know. But if you’re looking for actual questions that will show up on the exam, I didn’t see that in any of the TK material I looked at.

Now…  Can anyone see in this quote where Ethan advocates using this material?  All he says are the concepts are there.  Nothing more.  If he only relied on Testking to study, as opposed to knowing the material, then he would not have been able to pass his written.  I think that is pretty simple.

The beauty of CCIE is you cant pass it by dumping.  I am sure we have seen vendors promoting their “real” labs…  But can you memorise eight hours of typing?  If one question about L3 changes, then that will ruin your whole topology!  You must know the material… Simple as that.

I can understand the crusade that Certguard are undertaking, and what the deal with dumping for exams does.  They even have a section where sites are combed to see if they promote dumps or not.  Have a look and see what he thinks of my site! :)  www.certguard.com However, I think the attack on Ethan is unjustified and is nothing more of an exercise to scapegoat a hard working individual and generate traffic/income/hits/interest in a site that people may not have known about before.

Now… on to EIGRP!

Back in the saddle again.  The past week or so I have been working on switching and frame-relay mainly.  I feel I am pretty much across these topics.  Trouble is, and what scares me is they (especially frame-relay) just seems a little too easy.  Last thing I need is to settle into some complacent state thinking I know everything when really I am leaving something out.

I have been looking a lot at these topics because if your L2 is broken nothing else will work.  I will put a similar amount of effort into OSPF/EIGRP/BGP too.  If I lose (say) 5 points because I completely screw multicast then that’s too bad.  If I screw IGP then I have the potential to lose a hell of a lot more.  This does not mean I will ignore QoS/Multicast/IPServices, but I think these topics are a hell of a lot more granular and also don’t have the dependency that L2/L3 does.

Now… onto EIGRP for the next few days then I will drill OSPF more than a couple on their honeymoon night.

To configure DHCP Snooping:

Static IP:

ip dhcp snooping

ip dhcp snooping vlan xxx

ip source binding MAC vlan xxx IP interface zzz
interface zzz

ip verify source

MAC + IP:

ip dhcp snooping

ip dhcp snooping vlan xxx

ip source binding MAC vlan xxx IP interface zzz

interface zzz

switchport port-security (etc)

ip verify source port-security

Whats the difference? Well… In the first example, the switch will not filter based on MAC address. If the wrong IP comes in on interface zzz (as specified by ip source binding) then the switch will drop the traffic. In the second example, configuring port security will drop traffic if the MAC address learned via port-security is incorrect. The second example will ALSO filter rogue IPs. The two are not mutually exclusive.

DAI:

ip arp inspection vlan xx

ip arp inspection filter ACL vlan xxx static

arp access-list ACL

permit ip host IP mac host MAC

Cheers

I still have pages of notes from the bootcamp to type out!  Been busy!