This is what I will be doing next, just to recap then ts off to the land of the big bad assessor lab!
MST - not hard, but I dont get much exposure to this so I will do it again
DAI/DHCP Snooping - not something I do much either
BGP - Conditional advertisement, aggreration with leaking specific routes, communities and regexp (is there anything else left in BGP? :P)
Multicast - not difficult, but not exposed that much to it.
I lied. I am working on IPv6 now. I’ll do IP Services later. I am pretty happy with IPv6. Unfortunately the NM-16-ESWs in my 3640s on Dynamips have a fart when you try and configure an L3 Etherchannel between them. Now I dont know if this is a Dynamips specific drama, if its the IOS I’m using, or if its the NM-16ESW itself.
*Mar 1 01:22:08.799: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/15, changed state to up
SW-1(config-if-range)#channel-group 1 mode on
SW-1(config)#interface range f0/14 - 15
SW-1(config-if-range)#no switchport
*Mar 1 01:21:46.411: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/14, changed state to up
*Mar 1 01:21:46.495: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/15, changed state to up
would not accept channel-group command with no switchport
SW-1(config-if-range)#switchport
SW-1(config-if-range)#channel-group
*Mar 1 01:22:08.763: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/14, changed state to up
Creating a port-channel interface Port-channel1
OK, L2 channel seems ok
SW-1(config-if-range)#
*Mar 1 01:22:15.135: %EC-5-BUNDLE: Interface Fa0/14 joined port-channel Po1
*Mar 1 01:22:15.171: %EC-5-BUNDLE: Interface Fa0/15 joined port-channel Po1
SW-1(config-if-range)#no switchport
Lets try making the channel group then making it L3 after
SW-1(config-if-range)#
*Mar 1 01:22:18.091: %LINEPROTO-5-UPDOWN: Line protocol on Interface Port-channel1, changed state to up
*Mar 1 01:22:18.571: %EC-5-UNBUNDLE: Interface Fa0/14 left the port-channel Po1
*Mar 1 01:22:18.575: %ESWILP_FLTMG-7-INTERNAL_ERR: Internal error: *** failure to create entry in vtable/vlan 1006/unit 0 -Traceback= 0×603C5124 0×62445AD0 0×6242F2D4 0×62435C50 0×62446340 0×6047F6C4 0×62439F9C 0×6240F680 0×624176B0 0×604057D8 0×604218B0 0×604C229C 0×604C2280
ARRRGGGGHHHHHHHHH
SW-1(config-if-range)#
*Mar 1 01:22:18.595: %EC-5-UNBUNDLE: Interface Fa0/15 left the port-channel Po1
*Mar 1 01:22:19.595: %LINEPROTO-5-UPDOWN: Line protocol on Interface Port-channel1, changed state to down
Up yours Cisco!!!
Played around with it for a bit… Traceback city no matter what I did. Im not that fussed though, Im pretty happy with RIPng anyway. I already know how to make L3 Etherchannels so its all good. I might come back later and just do some inter-router RIPng stuff rather than trying to do it over L3 Etherchannels. It’s no different really.
Narbik’s OSPFv3 labs are just router only… Let’s try those.
Back in the saddle again. The past week or so I have been working on switching and frame-relay mainly. I feel I am pretty much across these topics. Trouble is, and what scares me is they (especially frame-relay) just seems a little too easy. Last thing I need is to settle into some complacent state thinking I know everything when really I am leaving something out.
I have been looking a lot at these topics because if your L2 is broken nothing else will work. I will put a similar amount of effort into OSPF/EIGRP/BGP too. If I lose (say) 5 points because I completely screw multicast then that’s too bad. If I screw IGP then I have the potential to lose a hell of a lot more. This does not mean I will ignore QoS/Multicast/IPServices, but I think these topics are a hell of a lot more granular and also don’t have the dependency that L2/L3 does.
Now… onto EIGRP for the next few days then I will drill OSPF more than a couple on their honeymoon night.
Geeze… What a long day. Apparently the easiest one of the whole course. Spent the whole morning doing basic L2/Switching stuff, and then later (probably around 8pm) moving onto Frame Relay. We just walked out of the classroom, and it is now 9:15pm. I want to go through the rest of my L2 stuff (L2 QOS and Frame-relay) after a shower. I picked up heaps today. Most of the stuff I already know, but I split hairs and went extremely pedantic to convey the dodgy rough notes follow:
IP Source guard needs to have DHCP Snooping and port-security configured first
MAC ACL - Decnet reference is always Decnet phase IV, can only be applied inbound
Switchport protect wont let ports in the same vlan talk to each other, can talk to unprotected ports.
Switchport Block stops unknown unicasts and multicasts, what defines “unknown” is if there is a MAC entry in the CAM table or not.
Private VLANs : Primary needs to be promiscuous, default gateway needs to be here. You need to configure the mapping AND the host-association for it to work. Isolated cant talk to each other, can to talk to promiscuous. Community - can talk to others in same community and to promiscuous. The switches need to be VTP transparent for PVLANs to work.
SRR queue - (before today I wanted all this to be in the “Far Queue”. Say it out loud and you will understand. Sharing = “real” shaping. Shaping = “real” policing - WTF?? QOS map is easy. Once you know the threshold and queue just keep adding to it. One line can map 8 DSCP values.
Remember to turn mls qos on or it wont work.
PPP over FR - just remember make virtual-template, then apple VT to DLCI with frame-relay interface-dlci xxx ppp virtual-template y
Shower time…. Then Ill come back and do the rest of the Switching and Frame-relay labs.
Dynamips is a great tool. Not everyone can afford to spend $15k or whatever on a rack with real routers but with Dynamips you can get most of the functionality out of a $750 PC.
I went down to MSY recently and got a PC to do the job. You need lots of RAM (4GB for my box), a beefy CPU (2.66GHz Core2Duo) and you’re on your way. Windows is a pain for Dynamips for a variety of reasons. I am using Ubuntu 7.10 as my OS. I am a Mac user normally but I couldnt be bothered trying to get OSX running on a yum-cha beige box when I can get Linux running in about 10 minutes…
GNS3 is the GUI version of Dynamips. I have made a Narbik topology in GNS3 and it does the job very well. Pitfalls are:
No Switch emulation. I run a 3640 with an NM-16ESW as a switch. It does probably half the job a real 35[56]0 does. No MST, no auto vlan creation from the interface (must use vlan database first), no vlan creation from conf t (once again use vlan database) and also cant auto detect duplex settings. I got around this by hard coding the duplex on the connected router ports.
Frame-relay wont auto-detect lmi-type. Simple… frame-relay lmi-type ansi.
3640s arent used in the real lab. No big deal. The IOS is the same (almost)… the only difference is interface numbering. What you need to watch out for though is the NM-16ESWs are only Ethernet and you cant get FE or GE blades for the 3640s. This affects spanning-tree costs and the like but its no big deal. If you are really pedantic you could manually asssign spanning-tree port costs and the like to interfaces… But I didnt bother unless my scenario asked me to.
This is my first post of my under construction CCIE blog. Speaking to Arden convinced me to start so here I go.
I am studying for my CCIE (Routing and Switching) at the moment. The materials I am using are:
InternetworkExpert Workbooks and Class on Demand. The CoDs are FANTASTIC and are a requirement if you wish to pursue your CCIE.
Narbik’s Soup-to-Nuts book
Micronics bootcamp - May 2008 in Sydney
Dynamips PC - 4 GB RAM, Ubuntu 7.10, GNS3
Feel free to post comments!