Monday, May 7, 2012

JNCIS FWV Study Guide - Free



While reading through some article at packetlife.net, I found this free JNCIS FWV study guide/notes from Gavrilo. Looks like some decent cliff notes. Planning to take JNCIS-FWV by June end.


Here is the download URL:


http://packetlife.net/forums/thread/863/


HTH...
Deepak Arora
Evil CCIE

Sunday, May 6, 2012

MPLS Troubleshooting - The Saga Continues



While reading about Daniel Dib's (CCIE Candidate) 2nd CCIE attempt, I found that he posted a nice MPLS troubleshooting scenario at his blog. It looked challenging, so I loaded the initials on my rack and tried to fix it. There were few reasons I would say behind that.


1. I love to solve technical challenges


2. I wanted to see if the MPLS troubleshooting approach I developed during my CCIE R&S Lab attempt about an year ago is still helpful. Which can be found here:


http://deepakarora1984.blogspot.in/2011/06/mpls-layer-3-vpn-troubleshooting-my.html


I must say I'll be taking some time again to add few more things into it since Daniel's MPLS Challenge had few hidden challenges which were not covered into my approach.  


Here is the URL to challenge:


http://lostintransit.se/2012/04/23/mpls-troubleshooting-scenario/


Also the original post didn't include details, which I personally like to be documented to make life easier. So my personally updated diagram can be find below:






Total time taken to fix the issues : 9 Mins


HTH...
Deepak Arora
Evil CCIE

Thursday, May 3, 2012

Quick Way Of Checking MAC Address Of Local Swtch Used In STP (IOS)


Switch#sh ver | i bia|Base
Base ethernet MAC Address       : 00:64:40:C3:E0:00

HTH...
Deepak Arora
Evil CCIE

Tuesday, May 1, 2012

IP Netmask Format - Good To Know For Troubleshooting

Last weekend around 2 AM I got a call from a Help Desk guy stating that one of Unix Server is not reachable from certain parts of my client network. And my first reaction was :






but it's all part of job and entertainment. So few minutes later I logged into the network using my VPN access to see what's going on. So as I logged in into the network, I found ..... "Nothing". I mean everything was looking ok and there wasn't any log into the ACS (Used For AAA based Access) suggesting someone made changes into the network on Friday. Also no log into local log of concerned devices stating any reason.


So after this initial investigation I was pretty sure now that there wasn't any change made in the network since Friday. Which leads to conclusion that it's either problem with the Unix server itself or there is some configuration issues with the server.


Next I dropped any email back to unix guy stating I didn't find anything unusual, please confirm if:


> Any changes were made into the configuration of Unix Server recently ?
> Restart the network Services of the Unix Server
> Send me "ifconfig -a" command output from Unix Server command prompt.


BTW... "ifconfig -a" is equivalent to "sh protocols" in Cisco IOS world and "ipconfig /all" from Windows OS world.


and just a minute later the Unix guy replied me back stating:


> There were no changes made into the configuration since last few days
> Restarting network services didn't help
> ifconfig -a results attached



# ifconfig -a
lo0: flags=2001000849LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
        inet 127.0.0.1 netmask ff000000
bge0: flags=1000843BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
        inet 10.136.110.149 netmask ff000000 broadcast 10.255.255.255
        ether 0:3:ba:f8:2e:39
bge1: flags=1000843BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 3
        inet 172.17.1.132 netmask ffff0000 broadcast 172.17.255.255
        ether 0:3:ba:f8:2e:3a


So as you guys can see, the E0 Ethernet interface is Running fine and even IP was looking good from my prospective since I already had checked the VLAN subnet for it. But did you see the mask highlighted with YELLOW color ? Isn't that looking weird ? I mean did you ever know that there are some devices out there which takes netmask/subnet mask into Hexadecimal format ?


At-least I didn't....


So next step was to determine the subnet mask into Decimal format to see if it matches my network device configuration. So I quickly took the windows calculator and tried to conver ff000000 into binary. Though It took a min or two to figure out how many digits from Hex needs to be picked up for each decimal block. And the answer was "Two"








so finally I had answer that subnet mask was put by unix administrator was "255.0.0.0" where my vlan subnet configuration was configured for different subnet mask. So I quickly replied unix administrator suggesting to change the subnet mask to the correct one and of course that fixed the issue.


After that next morning I did some research on Subnet mask in Hex format and found that some old Unix box use to support it in that format only.


But one interesting thing I found was that our very own Cisco IOS also supports that format. And I was like :






Yes. So I quickly did some test and here are results:



R1#sh ver | i IOS
Cisco IOS Software, 3700 Software (C3725-ADVENTERPRISEK9-M), Version 12.4(15)T5, RELEASE SOFTWARE (fc4)


R1#sh ip int brief | e una|do
Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0/0            20.20.20.20     YES manual up                    up
FastEthernet0/1            30.30.30.30     YES manual up                    up
Loopback0                   10.10.10.10      YES manual up                    up


R1#sh protocols
Global values:
  Internet Protocol routing is enabled
FastEthernet0/0 is up, line protocol is up
  Internet address is 20.20.20.20/8
FastEthernet0/1 is up, line protocol is up
  Internet address is 30.30.30.30/16
Loopback0 is up, line protocol is up
  Internet address is 10.10.10.10/30


R1#terminal ip netmask-format ?
  bit-count    Display netmask as number of significant bits
  decimal      Display netmask in dotted decimal
  hexadecimal  Display netmask in hexadecimal


R1#terminal ip netmask-format hexadecimal

R1#sh protocols
Global values:
  Internet Protocol routing is enabled
FastEthernet0/0 is up, line protocol is up
  Internet address is 20.20.20.20 0xFF000000
FastEthernet0/1 is up, line protocol is up
  Internet address is 30.30.30.30 0xFFFF0000
Loopback0 is up, line protocol is up
  Internet address is 10.10.10.10 0xFFFFFFFC

R1#sh run int f0/0
Building configuration...

Current configuration : 92 bytes
!
interface FastEthernet0/0
 ip address 20.20.20.20 255.0.0.0
 duplex auto
 speed auto
end


R1#terminal ip netmask-format decimal

R1#sh protocols
Global values:
  Internet Protocol routing is enabled
FastEthernet0/0 is up, line protocol is up
  Internet address is 20.20.20.20 255.0.0.0
FastEthernet0/1 is up, line protocol is up
  Internet address is 30.30.30.30 255.255.0.0
Loopback0 is up, line protocol is up
  Internet address is 10.10.10.10 255.255.255.252

R1#sh run int f0/0
Building configuration...

Current configuration : 92 bytes
!
interface FastEthernet0/0
 ip address 20.20.20.20 255.0.0.0
 duplex auto
 speed auto
end


R1#terminal ip netmask-format bit-count

R1#sh protocols
Global values:
  Internet Protocol routing is enabled
FastEthernet0/0 is up, line protocol is up
  Internet address is 20.20.20.20/8
FastEthernet0/1 is up, line protocol is up
  Internet address is 30.30.30.30/16
Loopback0 is up, line protocol is up
  Internet address is 10.10.10.10/30

R1#sh run int f0/0
Building configuration...

Current configuration : 92 bytes
!
interface FastEthernet0/0
 ip address 20.20.20.20 255.0.0.0
 duplex auto
 speed auto
end

Few other interesting facts I found were :

> If you ever change the netmask format from global mode, it never shows up into the running config

R1#terminal ip netmask-format hexadecimal


R1#sh run | i terminal
R1#

> You can change the format for particular line (VTY Vs Aux Vs Con) And this time it will reflect into the running configuration.

R1(config)#line con 0
R1(config-line)#ip netmask-format ?
  bit-count    Display netmask as number of significant bits
  decimal      Display netmask in dotted decimal
  hexadecimal  Display netmask in hexadecimal

R1(config-line)#ip netmask-format hexadecimal
R1(config-line)#end


R1#sh run | b netmask
 ip netmask-format hexadecimal
line aux 0
line vty 0 4
!

HTH...
Deepak Arora
Evil CCIE