Thursday, December 31, 2009

New Year Surprise :)

Candidate: Deepak Arora
Cisco ID: CSCOXXXXX
Exam: 350-029: CCIE Service Provider written
Language: English
Test Center: Multirede Consultoria e Formacao, LDA
Appointment: Fri, 15 Jan 2010 / Start Time: 4:00 PM
Appointment Number: 233573281
Date/Time Appointment Created: Thu, 31 Dec 2009, at 10:44 AM GMT
Exam Total: $US 350.00
Tax: $US 0.00
Amount Paid: $US 350.00
**** **** **** 6627
Order Number: 0002-7884-8976
:)


I'll post the reason too behind this mind change in coming year :)


Happy new year and stay tunned...

Thursday, December 24, 2009

CCDE Exam Simulation From CISCO - Some Scientist Stuff :)


Couple of days back one of my friend sent me this link of CCDE exam simulation. The simulation is basically demonstration of CCDE practical lab exam, shows so many things like question pattern, tools available etc...hmmm...Scientist stuff for me :)


While doing some search, I came across a website www.ccdebootcamp.com

These guys or I should say Radu is the guy which is the instructor for the class. He was the second person after Ryan who passed the CCDE practical exam. I wish someday I will attend this bootcamp :)

Anyways...they have presented some nice demo too on their website.



Best regards,
Deepak Arora

Tuesday, December 22, 2009

IP SLA Basic Operation - It's really not that evil :)






So...here I am ...with probably my last Tech post for year 2009...hmmm...somethings were good about this year and some were quite bad...good part was my new job...bad part was local traffic in this country and of course my Malaria infection around July this year...but in total...all is well that ends well :)

So today I am gonna show some IP SLA basics...which still looks like evil stuff to many more Network Engineers out there...My personal experience is it's neither easy nor that tough...The reason I said this because most of the IP SLA configurations are straight forward...but due to it's so many features and tools inside this cool IOS tool...sometimes it takes time to figure out what is going around...

One more thing I would like to mention before diving into configuration is that IP SLA (Service Level Agreement) was also called as SAA (Service Assurance Agent) and RTR (Response Time Reporter) in older IOS versions









Okay...in my scenario we are running HSRP between R1 and R2 with virtual ip as 10.0.0.1/24...R2 is the active router here with tracking enabled for it's Ethernet interface Fa1/0...now the problem with this scenario is if Ethernet interface of R3 Fa1/0 goes down...we will loose reachability to R4...but the interesting thing is than R2 will remain as Active router for HSRP instance...that's because R2's interface Fa1/0 will remain up because it's a Ethernet interface.So R1 will never take over the load....and we will end up with big mess in our network :(

So let's put IP SLA in action to fix this issue...we will use IP SLA to track reachability to R3's ethernet interface...the IP SLA instance will keep tracking this reachability and the moment it will loose reachability...it will decrement the HSRP priority for the current router by defined factor....So here is the sample config...

!
ip sla monitor 1
 type echo protocol ipIcmpEcho 3.3.3.2
 timeout 300
 frequency 1
ip sla monitor schedule 1 life forever start-time now
!

!
track 1 rtr 1 reachability
!


!
interface FastEthernet0/0
 ip address 10.0.0.3 255.255.255.0
 duplex auto
 speed auto
 standby 1 ip 10.0.0.1
 standby 1 priority 105
 standby 1 preempt
 standby 1 track 1 decrement 50
!

!
router ospf 1
 log-adjacency-changes
 passive-interface FastEthernet0/0
 network 0.0.0.0 255.255.255.255 area 0
!



So happy new year in advance to all of you

Best Regards,
Deepak Arora
CCIE#XXXXX...Oops that number is still missing :)

Monday, December 21, 2009

Some Interesting Issues With Solarwind Free TFTP Server


Recently I encountered a IOS upgrade issue. I was trying to upgrade my 3800 Series ISR router. I was using SolarWind Free TFTP Server. But when ever I tried to kicked up the IOS upgradation process I was keep ending up with the error mentioned above.

Everything was fine including L1, L2 and L3 connectivity.

As I was quite sure I was doing it rightly (Actually After couple of months I was performing some IOS upgradation :) ), so I thought to switch over to Cisco's own TFTP server and give it a try....and guys!!!...it worked for me :)



So funny IOS issue indeed.


Regards,
Deepak Arora
CCIE#XXXXX...Oops that number is still missing :)

Friday, December 18, 2009

RIP sends Updates with TTL of 2


From my past studies I always thought that Routing Protocol updates are of Link Local scope in nature and have a TTL value of 1 without caring about that it will be using some multicast address or broadcast address for sending this out.

But things got changed when some friend from Cisco TAC told me that the TTL value for RIP update packet is 2, And I was like...........ahhh MAN...Is it ?

So finally I decided to lab this up by using GNS. I captured some RIP update packets using GNS capture feature and Man....it's true...however this can not be seen in #debug ip rip output


Just take a look at the packet  :)

Best Regards,
Deepak Arora

CCIE#XXXXX....Oops that number is still missing ;)

Wednesday, December 9, 2009

Some More Video Tutorials From NIL

Small remote site using BGP as PE-CE routing

http://wiki.nil.com/Video:Small_remote_site_using_BGP_as_PE-CE_routing_protocol 

Small site using BGP on two uplinks


Simple BGP troubleshooting

Free Video Tutorials - Private VLANs & L2 Port Security

http://www.ciscopress.com/promotions/promotion.asp?promo=137125

http://www.ciscopress.com/promotions/promotion.asp?promo=137126

All Cisco TV Episodes

https://learningnetwork.cisco.com/docs/DOC-2549

More CCIE Labs - Free CCIE Prep Stuff From Tripple CCIE Narbik K

http://www.micronicstraining.com/downloads/soup-to-nuts-free-labs.pdf

http://www.micronicstraining.com/downloads/lab03-free.zip

CCIE Full Scale Multiprotocol Lab Ver 4.0 - Free Lab From INE

http://www.internetworkexpert.com/downloads/IEWB-RS-VOL-2.lab1.v5.00.pdf

Mastering DOC CD for CCIE R&S - Video Tutorial From INE

http://classroom.internetworkexpert.com/doc-cd

Wednesday, December 2, 2009

IPV6 Downloadble Video Training

So while doing some web search yesterday I found some nice and exiting videos on IPv6 and Internet Routing. And the best part is these are downloadable and free :)

http://www.ciscoblog.com/docstore/BSCI25.wmv

http://www.ciscoblog.com/docstore/warriors-700-VBR.mpg


Tuesday, November 24, 2009

One More Handy Switching Command - Quick way to check the Root SW

So here is another handy command to find Root SW status locally.

CoreSW#show spanning-tree | inc VLAN|This 

VLAN0001
VLAN0020
             This bridge is the root
VLAN0060
             This bridge is the root
VLAN0160
             This bridge is the root
VLAN0163
             This bridge is the root



The output shows that this SW is the root bridge for all configured VLANs except for vlan 1


Regards,
Deepak Arora

Friday, November 20, 2009

Troubleshooting Layer 1 Cabling Issues - Cisco Catalyst Switches TDR Feature

Cisco TDR (Time Domain Reflectometer)

In Cisco IOS Release 12.1(19)EA1 or later, you can use the Time Domain Reflector (TDR) feature to diagnose and resolve cabling problems. When running TDR, a local device sends a signal through a cable and compares the reflected signal to the initial signal.



TDR is supported only on 10/100/100 copper Ethernet ports. It is not supported on 10/100 ports, 10-Gigabit module ports, or on SFP module ports.


TDR can detect these cabling problems: 




Open, broken, or cut twisted-pair wires—The wires are not connected to the wires from the remote device.


Shorted twisted-pair wires—The wires are touching each other or the wires from the remote device. For example, a shorted twisted pair can occur if one wire of the twisted pair is soldered to the other wire.


If one of the twisted-pair wires is open, TDR can find the length at which the wire is open.




Use TDR to diagnose and resolve cabling problems in these situations:


Replacing a switch


Setting up a wiring closet


Troubleshooting a connection between two devices when a link cannot be established or when it is not operating properly 


Example:


core-switch#test cable-diagnostics tdr interface gi0/24
TDR test started on interface Gi0/24
A TDR test can take a few seconds to run on an interface
Use 'show cable-diagnostics tdr' to read the TDR results.


core-switch#show cable-diagnostics tdr interface gigabitEthernet 0/24
TDR test last run on: November 19 14:54:18

Interface Speed Local pair Pair length        Remote pair Pair status
--------     -----   ----------- --------------       -------------- ---------------
Gi0/24    1000M  Pair A     4    +/- 4  meters Pair A        Normal             
                        Pair B     4    +/- 4  meters Pair B        Normal             
                        Pair C     5    +/- 4  meters Pair D        Normal             
                        Pair D     4    +/- 4  meters Pair C        Normal



It means Gi0/24 is running on 1000 Mbps speed, All four pairs have cable length of 4 meters & corresponding remote pair side (for local pair) is working Normally.



The previous command is set to be deprecated sometime in the future and will be replaced by:

" show diagnostic result interface GigabitEthernet 0/24 "


Thanks!
Deepak Arora




Wednesday, November 18, 2009

Some more handy "show" commands for CCIE Lab students...hmmm... actually for everyone to know

So here are some quick tips from real world prospective which will definitely save up your time in production networks before you start scratching your head 
:)

1. Here is a quick tip about alias...we all know how to configure that, personally I don't use that at all but some guys prefer it....anyways keep in mind next time you just create an Alias is if you type an alias and type space after it before hitting Enter...it's not gonna work like other commands does...let me make it a bit more clear to understand...lets say for demo I am counting * as a space character and my alias is say DEEPAK for sh version


now if I type Router#DEEPAK* and hit enter...it will not work but if I type Router#DEEPAK and hit enter...it will work just fine...but this space after command does work for all normal commands and doesn't make difference in execution of it like Router#sh version* or Router#sh ver.....both will display same output and will actually work.


2. Few handy show commands for those who are aiming for CCIE R&S lab like me ...basically this helps you see what exactly you wanna see like I love 


"sh ip int br | i up"

"sh ip int br | e unassigned"



"sh ver | i IOS"


and one special switching command: switch#sh ver | i Base


and here is the killer command that I just figured out today after beating my head against the wall to figure out the correct syntax...actually took me quite a few minutes before figuring it out...but finally got it rightly :)


"sh ip int br | e unassigned|down"


Regards,
Deepak Arora

Wednesday, November 4, 2009

Another Proposed Solution for Static Route Over FR issue

Hello Everyone,

Here is an another proposed solution by me for my previous Static Routes over FR issue post. I was just trying to grab someone GRE concepts so I thought to lab up that scenario again and try to fix it with GRE keepalives this time. Although you might see different ip addressing this time, but I have attached "sh ip int b" output to simplify that for you.

Just as a side note - GRE keepalives can be enabled on one side and it will work fine. It's not like serial or Ethernet keepalives which are to be enabled on both sides.

http://deepakarora1984.blogspot.com/2008/12/static-route-issue-over-frame-relay.html



R1
---
R1(config)#do term len 0
R1(config)#do sh run
Building configuration...

Current configuration : 1171 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
no ip cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback1
 ip address 100.100.100.1 255.255.255.0
!
interface Tunnel0
 ip address 150.0.0.1 255.0.0.0
 keepalive 1 3
 tunnel source Serial0/0
 tunnel destination 1.1.1.1
!
interface Serial0/0
 ip address 1.1.1.0 255.255.255.254
 encapsulation frame-relay
 serial restart-delay 0
!
interface Serial0/1
 ip address 2.2.2.0 255.255.255.254
 serial restart-delay 0
!
interface Serial0/2
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial0/3
 no ip address
 shutdown
 serial restart-delay 0
!
ip http server
ip forward-protocol nd
ip route 3.3.3.0 255.255.255.0 2.2.2.1
ip route 200.200.200.0 255.255.255.0 150.0.0.2
ip route 200.200.200.0 255.255.255.0 2.2.2.1 10
!
!
!
access-list 101 permit ip 150.0.0.0 0.255.255.255 200.0.0.0 0.255.255.255
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
!
!
end

R1(config)#
R1(config)#do sh ip int b
Interface                  IP-Address      OK? Method Status                Prot
ocol
Serial0/0                  1.1.1.0         YES manual up                    up

Serial0/1                  2.2.2.0         YES manual up                    up

Serial0/2                  unassigned      YES unset  administratively down down

Serial0/3                  unassigned      YES unset  administratively down down

Loopback0                  10.0.0.1        YES manual up                    up

Loopback1                  100.100.100.1   YES manual up                    up

Tunnel0                    150.0.0.1       YES manual up                    up

R1(config)#
R1(config)#do sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

S    200.200.200.0/24 [1/0] via 150.0.0.2
     1.0.0.0/31 is subnetted, 1 subnets
C       1.1.1.0 is directly connected, Serial0/0
     2.0.0.0/31 is subnetted, 1 subnets
C       2.2.2.0 is directly connected, Serial0/1
     100.0.0.0/24 is subnetted, 1 subnets
C       100.100.100.0 is directly connected, Loopback1
     3.0.0.0/24 is subnetted, 1 subnets
S       3.3.3.0 [1/0] via 2.2.2.1
     10.0.0.0/24 is subnetted, 1 subnets
C       10.0.0.0 is directly connected, Loopback0
C    150.0.0.0/8 is directly connected, Tunnel0
R1(config)#
---------------------------------------------------

R2
---
R2(config)#do term len 0
R2(config)#do sh run
Building configuration...

Current configuration : 1097 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
no ip cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback1
 ip address 200.200.200.1 255.255.255.0
!
interface Tunnel0
 ip address 150.0.0.2 255.0.0.0
 keepalive 1 3
 tunnel source Serial0/0
 tunnel destination 1.1.1.0
!
interface Serial0/0
 ip address 1.1.1.1 255.255.255.254
 encapsulation frame-relay
 serial restart-delay 0
!
interface Serial0/1
 ip address 3.3.3.1 255.255.255.254
 serial restart-delay 0
!
interface Serial0/2
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial0/3
 no ip address
 shutdown
 serial restart-delay 0
!
ip http server
ip forward-protocol nd
ip route 2.2.2.0 255.255.255.0 3.3.3.0
ip route 100.100.100.0 255.255.255.0 150.0.0.1
ip route 100.100.100.0 255.255.255.0 3.3.3.0 10
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
!
!
end

R2(config)#
R2(config)#do sh ip int brief
Interface                  IP-Address      OK? Method Status                Prot
ocol
Serial0/0                  1.1.1.1         YES manual up                    up

Serial0/1                  3.3.3.1         YES manual up                    up

Serial0/2                  unassigned      YES unset  administratively down down

Serial0/3                  unassigned      YES unset  administratively down down

Loopback0                  20.0.0.1        YES manual up                    up

Loopback1                  200.200.200.1   YES manual up                    up

Tunnel0                    150.0.0.2       YES manual up                    up

R2(config)#
R2(config)#do sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

C    200.200.200.0/24 is directly connected, Loopback1
     1.0.0.0/31 is subnetted, 1 subnets
C       1.1.1.0 is directly connected, Serial0/0
     2.0.0.0/24 is subnetted, 1 subnets
S       2.2.2.0 [1/0] via 3.3.3.0
     100.0.0.0/24 is subnetted, 1 subnets
S       100.100.100.0 [1/0] via 150.0.0.1
     3.0.0.0/31 is subnetted, 1 subnets
C       3.3.3.0 is directly connected, Serial0/1
     20.0.0.0/24 is subnetted, 1 subnets
C       20.0.0.0 is directly connected, Loopback0
C    150.0.0.0/8 is directly connected, Tunnel0
R2(config)#
-----------------------------------------------------------------

R3
---
R3#term len 0
R3#sh run
Building configuration...

Current configuration : 825 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R3
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
no ip cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Serial0/0
 ip address 2.2.2.1 255.255.255.254
 no ip route-cache
 serial restart-delay 0
!
interface Serial0/1
 ip address 3.3.3.0 255.255.255.254
 no ip route-cache
 serial restart-delay 0
!
interface Serial0/2
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial0/3
 no ip address
 shutdown
 serial restart-delay 0
!
ip http server
ip forward-protocol nd
ip route 100.100.100.0 255.255.255.0 2.2.2.0
ip route 200.200.200.0 255.255.255.0 3.3.3.1
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
!
!
end

R3#
R3#sh ip int brief
Interface                  IP-Address      OK? Method Status                Prot
ocol
Serial0/0                  2.2.2.1         YES manual up                    up

Serial0/1                  3.3.3.0         YES manual up                    up

Serial0/2                  unassigned      YES unset  administratively down down

Serial0/3                  unassigned      YES unset  administratively down down

R3#
R3#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

S    200.200.200.0/24 [1/0] via 3.3.3.1
     2.0.0.0/31 is subnetted, 1 subnets
C       2.2.2.0 is directly connected, Serial0/0
     100.0.0.0/24 is subnetted, 1 subnets
S       100.100.100.0 [1/0] via 2.2.2.0
     3.0.0.0/31 is subnetted, 1 subnets
C       3.3.3.0 is directly connected, Serial0/1
R3#

Friday, October 16, 2009

Frame Relay Traffic Shapping Terms

I was reading about traffic shaping & policing and the acronyms in the book they were as clear as mud, but now Ive written them down and understand them they are really really simple. I put a few formulas on for them aswell, but havnt checked them so please correct me if im wrong, oh and I have presumed that you are attempting to traffic shape to the CIR.

Tc – This is a time interval in milliseconds when a Committed Burst (Bc) can get sent. Usually Tc = Bc / CIR

Bc – Committed Burst this is the amount of data in bits which can bet sent every Tc. Usually Bc = CIR / Tc

Be – Excess Burst is the number of bits the Bc can be exceed by if no data has been sent if no data has been sent in previous Tcs. EDIT: As commented by Jeriel Atienza the formula is Be = (Ar – CIR) * Tc/1000

CIR – Committed Information Rate this is the bandwidth of a link or VC in bps which the Service Provider guarantees to provide. Quite often the CIR is lower than the full capabilities of a link which is the main reason why traffic should be shaped & policed. CIR = Bc * Tc

Shaped Rate – This is the rate of the traffic which is being shaped in bps, it normally matches the CIR. Usually CIR = Shaped Rate!

Frame Relay LMI - In General

Frame Relay Local Management Interface (LMI) is a set of enchantments to frame relay, originally agreed upon in 1990 by a consortium consisting of Cisco, Digital Equipment Corporation (DEC), Northern Telecom, and StrataCom. Eventually ANSI and CCITT came along created standard versions but most vendors support both standard version alongside the one defined by the consortium.
There are very few differences between them, mainly Cisco LMI type use the DLCI of 1023 and also DLCI number between 16 and 1007 for usable DLCI number and the ANSI & ITU(q933a) standard use a DLCI of 0 and usable DLCI numbers between 16 and 976. The LMI type can be changed on the frame relay enabled interface with the command;
Router(config-if)#frame-relay lmi-type ?
  cisco
  ansi
  q933a
The LMI messages messages sent between Routers and Frame Relay switches provide the the following additional features;
- Inverse ARP – to find out the layer 3 address of device on the other end of the DLCI so you dont need to static map it or similar
- Signalling of Virtual Circuit status messages, therefore if a PVC becomes unreachable all nodes along its path can be aware of this failure so data can be prevented from being sent to indirect failures.
- Multicasting – This extension allows multicast groups to be used over frame relay networks, the higher DLCI numbers reserved by the LMI type are used for this
- Globally signficiant DLCIs – Brilliant!
- Retro flow control with XON/XOFF if the applications using the Frame Relay network know understand FECNs and BECNs

By default LMI messages are sent every 10 seconds, and every sixth message a full status message will be sent which contains more detailed information about each VC, the interface will fail if the interfaces does not receive an LMI message 3 times the hello time, so 30 seconds. You cant actually turn off LMI but you can disable the keepalives with the highly ambiguous command;
Router(config-if)#frame-relay lmi-n391dte ?
  <1-255>  event
 
Finally you can check the status of LMI with the command;
Router#sh frame lmi

LMI Statistics for interface Serial1/0 (Frame Relay DTE) LMI TYPE = CISCO
  Invalid Unnumbered info 0             Invalid Prot Disc 0
  Invalid dummy Call Ref 0              Invalid Msg Type 0
  Invalid Status Message 0              Invalid Lock Shift 0
  Invalid Information ID 0              Invalid Report IE Len 0
  Invalid Report Request 0              Invalid Keep IE Len 0
  Num Status Enq. Sent 18               Num Status msgs Rcvd 0
  Num Update Status Rcvd 0              Num Status Timeouts 18
  Last Full Status Req 00:00:03         Last Full Status Rcvd never
 
Finally pretty much every command on the interface beings with frame-relay;
Router(config-if)#frame-relay ?
  accounting             Special accounting instruction
  address-reg            ELMI address registration
  broadcast-queue        Define a broadcast queue and transmit rate
  class                  Define a map class on the interface
  congestion-management  Enable Frame Relay congestion management
  de-group               Associate a DE group with a DLCI
  fragment               Enable end-to-end fragmentation for all PVCs
  fragmentation          Adaptive fragmentation

PROXY ARP - In General

The command no ip proxy-arp was one of those things which I saw in IOS configs and wasn’t to sure what proxy arp is used for or why it exists. Proxy ARP is where a router will respond on behalf of another device, it was used heavily in networks before the days of DHCP & default gateways where a host would ARP for an address that wasn’t on its subnet (modern networks just send the packets to the default gateway instead of arping for the address), the router on the local network would then act as a “proxy” and respond on behalf of the device outside of the subnet.

Proxy ARP isn’t used if hosts are set with default gateways or have routing intelligence, setting a default gateway instead of using proxy ARP is a much better option. Using Proxy ARP instead of a default gateway results in higher ARP traffic & the ARP tables of the hosts get very large as they maintain an IP/MAC binding for every single address the communicate with.

Wednesday, October 14, 2009

CCIE R&S 4.0 Troubleshooting Section Details

Recently there was video prodcast happened on CCIE R&S 4.0 Troubleshooting Section. So below are the little details announced by Maurilio who is the content designer for CCIE R&S Lab:

    * we may have 9 -12 tickets on troubleshooting
    * each ticket will be independent in configuration prospects. i.e. it will not  

       effect any other trouble tickets configuration or working
    * one can expect from 6, 15 upto 30 routers in troubleshooting section.
    * No layer 2 switching tickets will be presented in troubleshooting section.
    * Troubleshooting section may end up with 20 to 25 points.
    * 2 nos. of layer 2 switching troubleshooting will be there in configuration 

       section.

 It is mandatory to pass each section.....

OEQ == 4 Ques... answer 3 to pass

Troubleshooting == 80 %

Configuration == 80%


Thanks!
Deepak Arora

Friday, October 2, 2009

Filtering ALL Even Subnets With Single ACL....Solution

So finally...the moment has arrived when I am gonna reveal this gotcha of my ACL filtering post. Today I am just gonna post the solution of my previous post...although you can see the solution but I am still giving you some more time to figure out why it's the correct solution. So many CCNPs, CCNAs went though this post and were not able to figure out the correct solution. So for them I'll soon reveal the dilemma of calculating ACL Wildcard Masks...

So Stay tuned and Enjoy the solution...happy studying :)

Best Regards,
Deepak Arora
CCIE#XXXXX...Oops that number is still missing :)

---------------------------
R1#sh run
Building configuration...

Current configuration : 943 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback1
 ip address 10.0.0.1 255.255.255.0
!
interface Serial0/0
 ip address 1.1.1.1 255.255.255.252
 ip access-group 101 in
 no ip unreachables
 serial restart-delay 0
!
interface Serial0/1
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial0/2
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial0/3
 no ip address
 shutdown
 serial restart-delay 0
!
router eigrp 100
 network 0.0.0.0
 no auto-summary
!
ip http server
ip forward-protocol nd
!
!
!
access-list 101 deny   ip 192.168.0.0 0.0.6.255 any log-input
access-list 101 permit ip any any log-input
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
!
!
end

R1#
R1#
R1#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     1.0.0.0/30 is subnetted, 1 subnets
C       1.1.1.0 is directly connected, Serial0/0
D    192.168.4.0/24 [90/2297856] via 1.1.1.2, 00:22:38, Serial0/0
D    192.168.5.0/24 [90/2297856] via 1.1.1.2, 00:22:21, Serial0/0
     10.0.0.0/24 is subnetted, 1 subnets
C       10.0.0.0 is directly connected, Loopback1
D    192.168.6.0/24 [90/2297856] via 1.1.1.2, 00:22:08, Serial0/0
D    192.168.7.0/24 [90/2297856] via 1.1.1.2, 00:19:10, Serial0/0
D    192.168.0.0/24 [90/2297856] via 1.1.1.2, 00:23:26, Serial0/0
D    192.168.1.0/24 [90/2297856] via 1.1.1.2, 00:23:13, Serial0/0
D    192.168.2.0/24 [90/2297856] via 1.1.1.2, 00:23:00, Serial0/0
D    192.168.3.0/24 [90/2297856] via 1.1.1.2, 00:22:48, Serial0/0
R1#
------------------------------------------------------------------
R2#sh run
Building configuration...

Current configuration : 1216 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
 ip address 192.168.0.1 255.255.255.0
!
interface Loopback1
 ip address 192.168.1.1 255.255.255.0
!
interface Loopback2
 ip address 192.168.2.1 255.255.255.0
!
interface Loopback3
 ip address 192.168.3.1 255.255.255.0
!
interface Loopback4
 ip address 192.168.4.1 255.255.255.0
!
interface Loopback5
 ip address 192.168.5.1 255.255.255.0
!
interface Loopback6
 ip address 192.168.6.1 255.255.255.0
!
interface Serial0/0
 ip address 1.1.1.2 255.255.255.252
 serial restart-delay 0
!
interface Serial0/1
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial0/2
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial0/3
 no ip address
 shutdown
 serial restart-delay 0
!
router eigrp 100
 network 0.0.0.0
 no auto-summary
!
ip http server
ip forward-protocol nd
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
!
!
end

R2#
R2#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     1.0.0.0/30 is subnetted, 1 subnets
C       1.1.1.0 is directly connected, Serial0/0
C    192.168.4.0/24 is directly connected, Loopback4
C    192.168.5.0/24 is directly connected, Loopback5
     10.0.0.0/24 is subnetted, 1 subnets
D       10.0.0.0 [90/2297856] via 1.1.1.1, 00:26:49, Serial0/0
C    192.168.6.0/24 is directly connected, Loopback6
C    192.168.7.0/24 is directly connected, Loopback7
C    192.168.0.0/24 is directly connected, Loopback0
C    192.168.1.0/24 is directly connected, Loopback1
C    192.168.2.0/24 is directly connected, Loopback2
C    192.168.3.0/24 is directly connected, Loopback3
R2#
R2#ping 10.0.0.1 sou loop0

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds:
Packet sent with a source address of 192.168.0.1
.....
Success rate is 0 percent (0/5)
R2#
R2#ping 10.0.0.1 sou loop1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds:
Packet sent with a source address of 192.168.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/36/80 ms
R2#
-------------------------------------------------------------------
R3# Hmmm ...I used loopback 1 on R1 to emulate it's Ethernet Segment :), Also on R2 I configured Loopback 8 to make sure rest of Even subnets can reach to R1


One more thing...I disabled IP Unreachable on S0/0 of R1 so that even if ping fails sent by R2, you won't see Unreachable message which normally appears as U.U.U.... and so on. Because this feature allows evil minds to find out that ACL is blocking the traffic. But what if they don't see U messages...hmmm ....they don't know than what's blocking the ping on the other side :)



R2(config)#do sh run int lo8
Building configuration...

Current configuration : 65 bytes
!
interface Loopback8
 ip address 192.168.8.1 255.255.255.0
end

R2(config)#do ping 10.0.0.1 sou lo8

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds:
Packet sent with a source address of 192.168.8.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/28/64 ms








-------------------------------------------------------------------