Wednesday, October 27, 2010

OSPF Mock Lab (Including Troubleshooting) ...Under Developement


Click Image To Inlarge

### Initials ####

^^^ R1 ^^^
------------------

en
!
conf t
!
ho R1
!
no ip domain loo
!
int f0/0
ip add 145.145.145.1 255.255.255.0
ip ospf 1 a 4589
mtu 1496
ip ospf net point-to-m 
ip ospf hello 5
ip ospf dead 20
no sh
exit
!
int f0/1
ip add 81.81.81.1 255.255.255.0
ip ospf 1 a 81
no sh
exit
!
int f1/0
ip add 19.19.19.1 255.255.255.0
ip ospf 1 a 19
no sh
exit
!
int s0/0
ip add 123.123.123.1 255.255.255.0
en f
no frame inv
frame map ip 123.123.123.2 102
frame map ip 123.123.123.3 103
ip ospf 1 a 0
no sh
exit
!
int lo0
ip add 1.1.1.1 255.0.0.0
ip ospf 1 a 4589
exit
!
int lo1
ip add 11.11.11.11 255.0.0.0
ip ospf 1 a 0
exit
!
int lo2
ip add 110.110.110.110 255.0.0.0
ip ospf 1 a 81
exit
!
int lo3
ip add 111.111.111.111 255.0.0.0
ip ospf 1 a 19
exit
!
router ospf 1
router-id 255.255.255.1 
exit
!
end
!
wr mem
!
==========================================

^^^ R2 ^^^
------------------


en
!
conf t
!
ho R2
!
no ip domain-loo
!
int s0/0
ip add 123.123.123.2 255.255.255.0
en f
no frame inv
frame map ip 123.123.123.1 201
frame map ip 123.123.123.3 201
ip ospf 1 a 0
no sh
exit
!
int f0/0
ip add 124.124.124.2 255.255.255.0
ip ospf 1 a 237 
no sh
exit
!
int lo0
ip add 2.2.2.2 255.0.0.0
ip ospf 1 a 0
exit
!
int lo1
ip add 22.22.22.22 255.0.0.0
ip ospf 1 a 237
exit
!
router ospf 1
router-id 255.255.255.2    
!
end
!
wr mem
!
==========================================

^^^ R3 ^^^
------------------
en
!
conf t
!
ho R3
!
no ip domain-loo
!
int s0/0
ip add 123.123.123.3 255.255.255.0
en f
no frame inv
frame map ip 123.123.123.1 301
frame map ip 123.123.123.2 301
ip ospf 1 a 0
no sh
exit
!
int f0/0
ip add 124.124.124.3 255.255.255.0
ip ospf 1 a 237
no sh
exit
!
int f0/1
ip add 103.103.103.3 255.255.255.0
no sh
exit
!
int lo0
ip add 3.3.3.3 255.0.0.0
ip ospf 1 a 0
exit
!
int lo1
ip add 33.33.33.33 255.0.0.0
ip ospf 1 a 237
exit
!
router ospf 1
router-id 255.255.255.3   
exit
!
router rip
v 2
no au
net 103.0.0.0
redistribute ospf 1 metric 7
exit
!
end
!
wr mem
!
==========================================

^^^ R7 ^^^
------------------
en
!
conf t
!
ho R7
!
no ip domain-loo
!
int f0/0
ip add 124.124.124.7 255.255.255.0
ip ospf 1 a 237
no sh
exit
!
int lo0
ip add 7.7.7.7 255.0.0.0
ip ospf 1 a 237
exit
!
int lo1
ip add 77.77.77.77 255.0.0.0
ip ospf 1 a 237
exit
!
router ospf 1
router-id 255.255.255.7  
!
end
!
wr mem
!
==========================================

^^^ R4 ^^^
------------------
en
!
conf t
!
ho R4
!
no ip domain-loo
!
int f0/0
ip add 145.145.145.4 255.255.255.0
ip ospf 1 a 4589 
ip ospf net point-to-m 
no sh
exit
!
int lo0
ip add 4.4.4.4 255.0.0.0
ip ospf 1 a 4589
exit
!
int s0/0
ip add 64.64.64.4 255.255.255.0
no sh
exit
!
router ospf 1
router-id 255.255.255.4
exit
!
router eigrp 645
net 64.64.64.4 0.0.0.0
no au
redistribute ospf 1 metric 1 1 1 1 1 
exit
end
!
wr mem
!
==========================================

^^^ R5 ^^^
------------------
en
!
conf t
!
ho R5
!
no ip domain-loo
!
int f0/0
ip add 145.145.145.5 255.255.255.0
ip ospf 1 a 4589 
ip ospf net point-to-m 
no sh
exit
!
int lo0
ip add 5.5.5.5 255.0.0.0
ip ospf 1 a 4589
exit
!
int s0/0
ip add 65.65.65.5 255.255.255.0
no sh
exit
!
router ospf 1
router-id 255.255.255.5
exit
!
router eigrp 645
net 65.65.65.5 0.0.0.0
no au
exit
!
end
!
wr mem
!
==========================================

^^^ R8 ^^^
------------------
en
!
conf tredistribute ospf 1 metric 1 1 1 1 1 

!
ho R8
!
no ip domain-loo
!
int f0/0
ip add 81.81.81.8 255.255.255.0
ip ospf 1 a 81
no sh
exit
!
int lo0
ip add 8.8.8.8 255.0.0.0
ip ospf 1 a 81
exit
!
router ospf 1
router-id 255.255.255.8
end
!
wr mem
!
==========================================

^^^ R9 ^^^
-------------------
en
!
conf t
!
ho R9
!
no ip domain-loo
!
int f0/0
ip add 19.19.19.9 255.255.255.0
ip ospf 1 a 19
no sh
exit
!
int lo0
ip add 9.9.9.9 255.0.0.0
ip ospf 1 a 19
exit
!
router ospf 1
router-id 255.255.255.9
end
!
wr mem
!
==========================================

^^^ R10 ^^^
--------------------
en
!
conf t
!
ho R10
!
no ip domain-loo
!
int f0/0
ip add 103.103.103.10 255.255.255.0
no sh
exit
!
int lo0
ip add 200.200.0.1 255.255.255.0
!
int lo1
ip add 200.200.1.1 255.255.255.0
!
int lo2
ip add 200.200.2.1 255.255.255.0
!
int lo3
ip add 200.200.3.1 255.255.255.0
!
int lo4
ip add 200.200.4.1 255.255.255.0
!
int lo5
ip add 200.200.5.1 255.255.255.0
!
int lo6
ip add 200.200.6.1 255.255.255.0
!
int lo7
ip add 200.200.7.1 255.255.255.0
exit
!
router rip
v 2
passive-interface default 
no au
net 0.0.0.0
exit
!
end
!
wr mem
!
==========================================

^^^ R6 ^^^
------------------
en
!
conf t
!
ho R6
!
no ip domain-loo
!
int s0/0
ip add 64.64.64.6 255.255.255.0
no sh
exit
!
int s0/1
ip add 65.65.65.6 255.255.255.0
no sh
exit
!
int lo0
ip add 150.0.0.1 255.255.255.0
!
int lo1
ip add 150.0.1.1 255.255.255.0
!
int lo2
ip add 150.0.2.1 255.255.255.0
!
int lo3
ip add 150.0.3.1 255.255.255.0
exit
!
router eigrp 645
net 0.0.0.0 255.255.255.255
no au
exit
!
end
!
wr mem
!
================================================
Posted by at 1 comment:
Labels: ,

Tuesday, October 26, 2010

Things that must match in order to form OSPF Adjacency

This is going to be a real short post but still good to know and important too :-)


Here is quick list of things that must match between two OSPF Neighbors in order to form adjacency.




1. Area-ID must match.
2. Subnet Mask of interface (Except For Point-To-Point 
     interface types & Virtual-Links)
3. Authentication Type & Authentication Password
4. Stub Flag (AKA E-Bit)
5. Timers (Hello & Dead)
6. Compatible Network Types ( Broadcast Vs Non-Broadcast / P2P 
    Vs P2M Vs P2M non- broadcast)
7. MTU
8. Capability LLS (Could Be) 
9. Passive Interface


Note:- Although MTU is not part of requirements in General but it must match in order to exchange database. You can however make router not to consider it as part of negotiation by using command " ip ospf mtu-ignore". Command only needs to put on side with lower MTU supported.  Another cool new way to do it is  " system mtu routing   " for Catalyst Switches without changing System MTU for rest of operations but just for Routing Operations.


HTH...
Deepak Arora
Posted by at No comments:
Labels: , , , , ,

CCDP Passed....Next Step CCIE Lab Or CCDE ??? :-)

Passed my CCDP Arch Exam yesterday finally after 2 months of Hard work. Finally I am a CCDP now :-)

Here is quick post over IEOC for those who are interested in CCDP.

http://ieoc.com/forums/t/13466.aspx

BTW...Cisco is coming up with New Blueprint for CCDA and CCDP from 8th Nov,2010.

HTH...
Deepak Arora
Posted by at 1 comment:
Labels:

Thursday, October 21, 2010

CCIE Service Provider v3.0 Officially Announced!!!!

The word is finally out. CCIE Serviec Provider v3.0 will be effective by April 18 2011!!!
CCIE Service Provider certification written and lab exams updated to version 3.0

On October 19, 2010, Learning@Cisco announced updates to the CCIE Service Provider certification exams to version 3.0. The updated requirements are aligned to the job role of network engineers responsible for provisioning networks to support media-rich applications and services.

The updated version 3.0 exams will cover configuration and optimization of IP core technologies (including Packet over SONET, GE/10GE, BGP, IGP routing, LDP, MPLS and MPLS TE, multicast, HA, and QoS), aggregation/edge technologies (including Ethernet/FE/GE trunking, PPP, SONET/SDH, frame relay, ATM, T1/T3, and E1/E3), and remote access technologies (IP over wire line, DSL, and cable), Layer 2 and 3 VPNs, plus managed (voice, video, security) services traversing an IP core network.

The CCIE SP v3.0 written and lab exams are scheduled for release in all worldwide testing centers on April 18, 2011 and will replace version 2.0 exams at that time.

In February 2011, candidates can choose to take a beta version of the CCIE Service Provider v3.0 written exam at a discounted price of $50 USD. An announcement will be made several weeks before scheduling opens for candidates interested in taking the beta exam.

Beta exams are scheduled just like other written exams and are available at all worldwide testing centers. A passing grade on the beta exam qualifies a candidate to schedule the lab exam. Results, however, are typically not available until four to six weeks after the close of the beta. CCIEs in suspended status with an expiration date before April 18, 2011, should not recertify using the beta exam. A candidate may attempt the beta exam only once during the beta period.

Source: https://learningnetwork.cisco.com/community/certifications/ccie_service_provider/lab_exam

HTH...
Deepak Arora 
Posted by at No comments:
Labels:

Cisco Announces CCNP Security Will Replace CCSP

On October 19th, 2010, Cisco announced enhancements and upgrades to achieving the Cisco professional level security certification. In doing so, the CCSP certification will be replaced in the near future by the CCNP Security certification. The CCNP Security certification is designed to enforce the skills needed to deploy, service and support from Cisco Network Security Engineers
For more information refer to the following link:
https://learningnetwork.cisco.com/docs/DOC-9005

HTH...
Deepak Arora
Posted by at No comments:
Labels: ,

Cisco Announces CCNP Voice Will Replace CCVP

Effective October 19th, 2010, Cisco announced upgrades to the Cisco Voice Certification Track. These upgrades force the candidate to test on the enhancements being made to the convergence of data and voice on the network reflected in Unified Communications v8.0.


The last day to test using the previous exams is February 28, 2011.
For more information refer to the following link:
https://learningnetwork.cisco.com/community/certifications/ccvp/syllabus?view=overview

HTH...
Deepak Arora
Posted by at No comments:
Labels: ,

Monday, October 18, 2010

RIP Configuration Mock Lab - Final Version Completed

Today I proudly announce Completion of my RIP Mock Lab. It was part of an effort to bring free knowledge to people who can't afford to buy costly CCIE Lab preparation material. I started off this effort around 2 years back as an independent Technical blogger and will continue with that as long as possible.

But it's definitely not an effort against any CCIE Vendor. I truly respect them and their work. It's just my effort to bring something for people from developing countries like India where salaries don't match with Global Standards which makes life pretty tough in-case someone want to go for CCIE.


Hopefully every blog reader will like and Enjoy it. Here is the quick URL for download Lab - Tasks, Diagrams, GNS Topology for Windows & Initials.

http://www.4shared.com/file/QWaUSEhL/RIP_Mock_Lab_-_By_Deepak_Arora.html 

OR 

http://hotfile.com/dl/76776402/93ff2ff/RIP_Mock_Lab_-_By_Deepak_Arora.rar.html 
  
However for Solution Guide, I would request you spend little time to write an email to me (@ - deepakarora.1984@gmail.com) with your comments on RIP mock lab and about my blog and efforts (Good or bad).

All files are in secure pdf format with password as - deepakarora (same password for RAR file). Make sure you guys use Primo PDF Viewer software(http://www.primopdf.com/download.aspx)  to open pdf file to avoid any format issue which you may have with Adobe pdf Reader.

HTH...
Deepak Arora 
Posted by at No comments:
Labels: , , , , , , , ,

Friday, October 15, 2010

Finding EIGRP Peer's AS Number & K Values - Who's behind the mask ?

Today I am gonna show you guys a mean trick which I learned during a class way back. It's about finding EIGRP Peer's AS Number & K Values in order to form neighbor-ship.


Lets first discuss the topology and load the initial configuration for this lab.


                                                             Click Image to enlarge


so here is the quick topology, We have two routers namely R1 & R2. Router R1 is configured inside some Mysterious EIGRP AS ( like some BB router in Lab with no mention of it's EIGRP AS number in diagram). Now we need to make R2 (to which we have access) to peer with R1.


But before that lets load the initials. From Initials you may see what's the EIGRP AS number for R1 :-) but just pretend you don't know anything :-)


Although it's one of those things which might be hard for someone Vs others 
:-)


=====================
           *** Initials ***
=====================



^^^ R1 ^^^
!
en
!
conf t
!
no ip domain-lo
!
ho R1
!
int l0
ip add 1.1.1.1 255.255.255.255
exit
!
int f0/0
ip add 12.0.0.1 255.255.255.0
no sh
exit
!
router eigrp 12
no au
net 1.1.1.1 0.0.0.0
net 12.0.0.1 0.0.0.0
end
!
-------------------------------

^^^ R2 ^^^
!
en
!
conf t
!
no ip domain-lo
!
ho R2
!
int l0
ip add 2.2.2.2 255.255.255.255
exit
!
int f0/0
ip add 12.0.0.2 255.255.255.0
no sh
end
!
-------------------------------

Now lets get started

Lets first verify basic reachability to R1

R2#ping 12.0.0.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 12.0.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/5/12 ms

Hmmm....everything looks good so far.

Now lets create two ACLs to match EIGRP traffic coming from and going towards R1.

Source of this packet is although going to be 12.0.0.1 from R1's generated EIGRP packet with destination as 224.0.0.10 (Well Known All EIGRP Routers multicast address), but I am going a little less specific without any particular reason :-)

Same logic you can follow for R2

R2(config)#access-l 100 permit ip any ho 224.0.0.10 log 

Now lets move is to debug ip packet with dump keyword which is BTW a hidden keyword and basically gives you Hex Dump of packet which you can later analyze with any packet sniffer.

R2#debug ip pack detail 100 dump
IP packet debugging is on (detailed) (dump) for access list 100

Now next step is to listen to EIGRP packets and for that we gonna enable EIGRP on router with some dummy AS number for a moment.

R2(config)#router eigrp 1  
R2(config-router)#no au
R2(config-router)#net 2.2.2.2 0.0.0.0
R2(config-router)#net 12.0.0.2 0.0.0.0
R2(config-router)#end

As soon as we do this we start getting following debug messages on screen:

*Mar  1 00:18:13.323: IP: s=2.2.2.2 (local), d=224.0.0.10 (Loopback0), len 60, sending broad/multicast, proto=88
0C600850:                   45C0003C 00000000          E@.<....
0C600860: 0258D39C 02020202 E000000A 0205EECB  .XS.....`.....nK
0C600870: 00000000 00000000 00000000 00000001  ................
0C600880: 0001000C 01000100 0000000F 00040008  ................
0C600890: 0C040102                             ....            

*Mar  1 00:18:14.111: IP: s=12.0.0.1 (FastEthernet0/0), d=224.0.0.10, len 60, rcvd 2, proto=88
0C9CA8A0:                       0100 5E00000A            ..^...
0C9CA8B0: C2000607 00000800 45C0003C 00000000  B.......E@.<....
0C9CA8C0: 0158CC9F 0C000001 E000000A 0205EEC0  .XL.....`.....n@
0C9CA8D0: 00000000 00000000 00000000 0000000C  ................
0C9CA8E0: 0001000C 01000100 0000000F 00040008  ................
0C9CA8F0: 0C040102                             ....            

Okay...don't get scared right now :-)


Lets Analyze the debug output and see how we can find AS number in that.

All you have to do is that first of all find the following keyword in Hex dump - 
E000000A" , now from there count 5 blocks of Hex characters which in first hex dump is going to be "00000001" & in second hex dump it's "0000000C", now next thing to watch out for is direction or more importantly source of packet. In first dump it's "2.2.2.2" which is loopback of local router on R2. So which means its locally generated packet. Now lets get back to 5th Hex block for this packet "00000001". Now as I said It's in Hex format. Now convert this back to Decimal and you will find value as "1". Which is telling us that local AS number configured is "1". So far so good...

Now lets take a look at 5th Hex block from next Hex dump which is "0000000C". Convert this back to Decimal using Windows calculator and you will find out the value comes as "12".

Now lets remove the old config and put EIGRP AS 12 on R2 and see if magically peering comes up.

R2#sh ip ro e

R2#             <- No Neighbor

R2(config)#no router eigrp 1

R2(config)#router eigrp 12  
R2(config-router)#no au
R2(config-router)#net 2.2.2.2 0.0.0.0
R2(config-router)#net 12.0.0.2 0.0.0.0
R2(config-router)#exit
R2(config)#

*Mar  1 00:21:43.627: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 12: Neighbor 12.0.0.1 (FastEthernet0/0) is up: new adjacency

Gr8...

R2#sh ip eigrp nei
IP-EIGRP neighbors for process 12
H   Address                 Interface       Hold Uptime   SRTT   RTO  Q  Seq
                                            (sec)         (ms)       Cnt Num
0   12.0.0.1                Fa0/0             13 00:00:25    9   200  0  3

R2#sh ip ro e     
     1.0.0.0/32 is subnetted, 1 subnets
D       1.1.1.1 [90/409600] via 12.0.0.1, 00:00:50, FastEthernet0/0


R2#ping 1.1.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/8 ms
**********************************************************

Now Next mean trick is to find K-Values of neighbor in order in-case we need to peer with Any EIGRP neighbor which has different K-Values instead of default one.

Let's Change Local K Values over R2 now and see if we can figure it out sitting over R1.

R2(config)#router eigrp 12
R2(config-router)#metric weights 0 0 0 1 0 0 

As soon as we run this command we see following messages over R2's console:

R2(config-router)#
*Mar  1 00:23:53.607: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 12: Neighbor 12.0.0.1 (FastEthernet0/0) is down: metric changed
*Mar  1 00:23:58.191: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 12: Neighbor 12.0.0.1 (FastEthernet0/0) is down: Interface Goodbye received
*Mar  1 00:24:21.139: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 12: Neighbor 12.0.0.1 (FastEthernet0/0) is down: K-value mismatch

Now Lets take a look at R1:

R1#
*Mar  1 00:24:02.983: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 12: Neighbor 12.0.0.2 (FastEthernet0/0) is down: K-value mismatch
*Mar  1 00:24:07.695: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 12: Neighbor 12.0.0.2 (FastEthernet0/0) is down: K-value mismatch
*Mar  1 00:24:12.339: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 12: Neighbor 12.0.0.2 (FastEthernet0/0) is down: Interface Goodbye received

Ok...

In order to do some debugs over R1 first of all I must turn this logging off to make life easier else I'll keep getting these messages all the time.

R1(config)#router eigrp 12
R1(config-router)#no eigrp log-neighbor-changes 
R1(config-router)#end

Now Lets create same kind of ACL we made earlier over R2 but being more specific this time :-)

R1(config)#access-l 100 per ip ho 12.0.0.2 ho 224.0.0.10 log

R1#debug ip pack detail 100 dump
IP packet debugging is on (detailed) (dump) for access list 100
R1#
*Mar  1 00:29:55.959: %SEC-6-IPACCESSLOGRP: list 100 permitted eigrp 12.0.0.2 -> 224.0.0.10, 1 packet 
*Mar  1 00:29:55.959: IP: s=12.0.0.2 (FastEthernet0/0), d=224.0.0.10, len 60, rcvd 2, proto=88
0C9CB7A0:                       0100 5E00000A            ..^...
0C9CB7B0: C2010607 00000800 45C0003C 00000000  B.......E@.<....
0C9CB7C0: 0158CC9E 0C000002 E000000A 0205EFC0  .XL.....`.....o@
0C9CB7D0: 00000000 00000000 00000000 0000000C  ................
0C9CB7E0: 0001000C 00000100 0000000F 00040008  ................
0C9CB7F0: 0C040102         

BTW... Did I tell you guys that EIGRP does have it's own transport protocol which is RTP and defined as IP Protocol number 88 ? :-)

Ok...Getting back to idea of finding K-Values.

In this hex dump we need to leave last two block of hex characters (from bottom side this time ) completely, from 3rd block we just need to use "two" most significant characters and need to pick entire "4th" block from bottom.

Now in this case each "two" digits in hex specifies one K value. let me break it further for significance of you guys.

00 -> 0 -> K1
00 -> 0 -> K2
01 -> 1 -> K3
00 -> 0 -> K4
00 -> 0 -> K5

So from this it's clear that all other K values are set to zero except K3 being as 1.

Lets configure these K-Values locally on R1 and see if magical peering comes up back.

R1(config)#router eigrp 12
R1(config-router)#eigrp log-neighbor-changes 
R1(config-router)#metric weights 0 0 0 1 0 0

R1(config-router)#
*Mar  1 00:34:13.259: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 12: Neighbor 12.0.0.2 (FastEthernet0/0) is up: new adjacency

R1#sh ip ei n    
IP-EIGRP neighbors for process 12
H   Address                 Interface       Hold Uptime   SRTT   RTO  Q  Seq
                                            (sec)         (ms)       Cnt Num
0   12.0.0.2                Fa0/0             14 00:00:23    8   200  0  15

R1#sh ip ro e
     2.0.0.0/32 is subnetted, 1 subnets
D       2.2.2.2 [90/153600] via 12.0.0.2, 00:00:34, FastEthernet0/0

R1#ping 2.2.2.2 r 3 so lo0

Type escape sequence to abort.
Sending 3, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
Packet sent with a source address of 1.1.1.1 
!!!
Success rate is 100 percent (3/3), round-trip min/avg/max = 4/5/8 ms

HTH...
Deepak Arora
Posted by at 7 comments:
Labels: , , , , ,
Subscribe to: Posts (Atom)