Geeze… What a long day.  Apparently the easiest one of the whole course.  Spent the whole morning doing basic L2/Switching stuff, and then later (probably around 8pm) moving onto Frame Relay.  We just walked out of the classroom, and it is now 9:15pm.  I want to go through the rest of my L2 stuff (L2 QOS and Frame-relay) after a shower.  I picked up heaps today.  Most of the stuff I already know, but I split hairs and went extremely pedantic to convey the dodgy rough notes follow:

IP Source guard needs to have DHCP Snooping and port-security configured first

MAC ACL - Decnet reference is always Decnet phase IV, can only be applied inbound

Switchport protect wont let ports in the same vlan talk to each other, can talk to unprotected ports. 

Switchport Block stops unknown unicasts and multicasts, what defines “unknown” is if there is a MAC entry in the CAM table or not.

Private VLANs : Primary needs to be promiscuous, default gateway needs to be here.  You need to configure the mapping AND the host-association for it to work.  Isolated cant talk to each other, can to talk to promiscuous.  Community - can talk to others in same community and to promiscuous.  The switches need to be VTP transparent for PVLANs to work.

SRR queue - (before today I wanted all this to be in the “Far Queue”.  Say it out loud and you will understand.  Sharing = “real” shaping.  Shaping = “real” policing - WTF??  QOS map is easy.  Once you know the threshold and queue just keep adding to it.  One line can map 8 DSCP values.

Remember to turn mls qos on or it wont work.

PPP over FR - just remember make virtual-template, then apple VT to DLCI with frame-relay interface-dlci xxx ppp virtual-template y

Shower time…. Then Ill come back and do the rest of the Switching and Frame-relay labs.

OK Here I am.  Narbik is telling us what we are in for…  He expects us to work until 1am each morning and will give us his mobile number so we can call if we have any issues.

Day1

Switching

Frame Relay 60-70 pages of labs

Day 2

OSPF 

EIGRP

RIPv2 (maybe)

Day 3

BGP - 200 pages of labs

(He just told us he expects us to get 100% in the lab exam for the above topics)

RIP v2 (maybe)

Day 4

RIP v2 (if not already done)

Multicast

Day 5

QOS - 150 pages of labs

IPv6 - 150 pages of labs (includes RIPng, OSPFv3, IPv4 conversion/translation and tunneling)

NAT

IP Services (DHCP, NTP etc)

GRE

Security

Prefix-lists

Day 6

Mock labs, recaps, messing around

BEER

Nooooo… I’m not sitting the lab just yet.  I am attending Narbik’s bootcamp from Micronics training.  Anyone else going?  Leave a comment and we will see if we can catch up.

Why is when I am halfway through an 8-hour lab I always want to type:

redistribute yourself!

metric $@#@!

route-map &%^@!

My plan to use the IE CoDs to recap stuff I missed before was a prudent one. Make sure you BUY THESE! Top stuff and I’m glad I got them. I didnt miss much when going through Narbik’s book and when I did the super lab at the end I worked out I would have got 87 points* (by own calculations). The IE CoDs are great and are a worthwhile investment.  The online ones are good because they get updated for you.

*I think the “Super Lab” included in Soup-to Nuts isnt that hard.  The book appears to get you ready for the next step, not ready for the real lab.

I finished Narbik’s book today. Pretty happy with that I might add. Certainly picked up a few gotchyas on the way through there. I just hope I remember them all for the upcoming months. Tomorrow I will go over the things I had trouble with on the InternetworkExpert CoD. Then I will repeat those sections of soup-to-nuts again and see if I do better.

One thing that has an incredibly high suck factor is the fact IPv6 does NOT WORK over frame-relay on my lab setup.  I tried various methods of configuring (point-to-point, multipoint, frame maps) and nothing.  I’m not that fussed though…  I went through the answers thinking “I would type this line here” and there they were were I wanted them.  A few things were different but thats all good.  I havent done enough testing to see if it is a problem with the IOS I am using or if it is something else.  My guess is IOS rather than being a dynamips/GNS3 problem because the frame mappings work fine with IPv4, as well as running IP across the links.  So Im saying IPv6 IOS bug…

Im going to be generous once again and include the startup-configs I rewrote to work on my dynamips setup.  I improved the configs as I went through the lab so some of them might not be a straight copy and paste, also some labs I did not edit as they had the same initial config as a previous lab.  You will find these here and there.  So if these things save you about 15-30 mins on the start of 90% of the labs I am sure you wont be complaining to me too much

initial-configs

Now to open a bottle of some fine Barossa Valley Shiraz.  mmmm

Right now I am working on the IP Services section of the Soup-to-Nuts book.

When you think about it… Any day on the job says, “go and configure xxx” “set the network up to yyy” or you might think, “something would work better if I did zzz” Normally you go away for a couple of hours and come back and its done and everyone is happy… You normally get it right too.

You might even get presented something you havent seen before. I just finished the lab on DRP in the IP Services section of Narbik’s book. I have never seen DRP before. All you need to do is press the ? key a few times and the answer is in front of you. Check the answer guide and all the work I did was right.

I think we can carry this on to how a medical professional would work.. A doctor could patch someones bleeding up. A doctor could reset a broken arm. A (specialist) doctor can perform open heart surgery.  Just like a specialist network professional can configure OSPF, tweak BGP peerings and halt a nasty DoS attack.

Now… Can a doctor reset a broken arm, do some nasal surgery, remove a cancerous growth and combat a cardiac arrest all at once and sort it all out within eight hours and have the patient mobile, living and otherwise fully  at the end of the operation?

CCIE is easy!  All you need is the ? key.  Who am I kidding?

A few people have asked for my .net file for Narbik’s topology. Be easier to put it here than email everyone who wants it. This topology matches the Soup-to-nuts topology with a few differences:

Switches are really 3640s with NM-16ESWs in them - remember hard code duplex settings, and lacking all switch features
All of Narbik’s FE interfaces are now Ethernet, so when you copy the startup configs, just edit them to reflect E0/[01] rather than F0/[01]
Serial interfaces are in S1/0 rather than S0/0. Once again modify startup configs to suit, also remember to hard code lmi-type to ansi for it to work.

Remember to set the idle-pc values for your own setup so your CPU doesnt go through the roof.

Feel free to use the file, and let me know what you think!

narbik.net

Probably wont get much study done this weekend. My friend is getting married and I have his stag do to go to today. Shooting each other at paintball then doing other male-tough-guy things is on the cards today…

Tomorrow is Mother’s Day. Miss at your own peril. Mother does not stand aside for CCIE.

Have a top weekend!

Dynamips is a great tool. Not everyone can afford to spend $15k or whatever on a rack with real routers but with Dynamips you can get most of the functionality out of a $750 PC.

I went down to MSY recently and got a PC to do the job. You need lots of RAM (4GB for my box), a beefy CPU (2.66GHz Core2Duo) and you’re on your way. Windows is a pain for Dynamips for a variety of reasons. I am using Ubuntu 7.10 as my OS. I am a Mac user normally but I couldnt be bothered trying to get OSX running on a yum-cha beige box when I can get Linux running in about 10 minutes…

GNS3 is the GUI version of Dynamips. I have made a Narbik topology in GNS3 and it does the job very well. Pitfalls are:

No Switch emulation. I run a 3640 with an NM-16ESW as a switch. It does probably half the job a real 35[56]0 does. No MST, no auto vlan creation from the interface (must use vlan database first), no vlan creation from conf t (once again use vlan database) and also cant auto detect duplex settings. I got around this by hard coding the duplex on the connected router ports.

Frame-relay wont auto-detect lmi-type. Simple… frame-relay lmi-type ansi.

3640s arent used in the real lab. No big deal. The IOS is the same (almost)… the only difference is interface numbering. What you need to watch out for though is the NM-16ESWs are only Ethernet and you cant get FE or GE blades for the 3640s. This affects spanning-tree costs and the like but its no big deal. If you are really pedantic you could manually asssign spanning-tree port costs and the like to interfaces… But I didnt bother unless my scenario asked me to.