CCIE Pursuit Blog

January 29, 2009

Lab Tip: Finding SDM Capabilities Without Using The Documentation

Filed under: Cisco — cciepursuit @ 10:41 am

If you’ve ever come across a question in a practice lab that requires you to change the  Switch Database Management (SDM) resource allocation, then you’re probably pretty familiar with this page:

sdm prefer

Most often you’ll need to pop over and find the SDM profile that meets the requirements of the lab task.  However, if you want to skip the trip to the documentation, you can find the attributes of each profile from the CLI.

First off, check to see which SDM you are currently using and its attributes:

Rack13SW1#sh sdm prefer
The current template is “desktop default” template.
The selected template optimizes the resources in
the switch to support this level of features for
8 routed interfaces and 1024 VLANs.

number of unicast mac addresses:                  6K
number of IPv4 IGMP groups + multicast routes:    1K
number of IPv4 unicast routes:                    8K
number of directly-connected IPv4 hosts:        6K
number of indirect IPv4 routes:                 2K
number of IPv4 policy based routing aces:         0
number of IPv4/MAC qos aces:                      512
number of IPv4/MAC security aces:                 1
K

Here’s the cool part -  you can see the attributes of all of the SDMs from the CLI:

Rack13SW1#sh sdm prefer ?
access              Access bias
default             Default bias
dual-ipv4-and-ipv6  Support both IPv4 and IPv6
routing             Unicast bias
vlan                VLAN bias

|                   Output modifiers
<cr>

Let’s check out the IPv4 SDMs:

Rack13SW1#sh sdm prefer routing
“desktop routing” template:
The selected template optimizes the resources in
the switch to support this level of features for
8 routed interfaces and 1024 VLANs.

number of unicast mac addresses:                  3K
number of IPv4 IGMP groups + multicast routes:    1K
number of IPv4 unicast routes:                    11K
number of directly-connected IPv4 hosts:        3K
number of indirect IPv4 routes:                 8K
number of IPv4 policy based routing aces:         512
number of IPv4/MAC qos aces:                      512
number of IPv4/MAC security aces:                 1K

Rack13SW1#sh sdm prefer vlan
“desktop vlan” template:
The selected template optimizes the resources in
the switch to support this level of features for
8 routed interfaces and 1024 VLANs.

number of unicast mac addresses:                  12K
number of IPv4 IGMP groups:                       1K
number of IPv4 multicast routes:                  0
number of unicast IPv4 routes:                    0
number of IPv4 policy based routing aces:         0
number of IPv4/MAC qos aces:                      512
number of IPv4/MAC security aces:                 1K

Rack13SW1#sh sdm prefer access
“desktop access IPv4″ template:
The selected template optimizes the resources in
the switch to support this level of features for
8 routed interfaces and 1024 VLANs.

number of unicast mac addresses:                  4K
number of IPv4 IGMP groups:                       1K
number of IPv4 multicast routes:                  0
number of IPv4 unicast routes:                    6K
number of directly-connected IPv4 hosts:        4K
number of indirect IPv4 routes:                 2K
number of IPv4 policy based routing aces:         512
number of IPv4/MAC qos aces:                      512
number of IPv4/MAC security aces:                 2K

Rack13SW1#sh sdm prefer default
“desktop default” template:
The selected template optimizes the resources in
the switch to support this level of features for
8 routed interfaces and 1024 VLANs.

number of unicast mac addresses:                  6K
number of IPv4 IGMP groups + multicast routes:    1K
number of IPv4 unicast routes:                    8K
number of directly-connected IPv4 hosts:        6K
number of indirect IPv4 routes:                 2K
number of IPv4 policy based routing aces:         0
number of IPv4/MAC qos aces:                      512
number of IPv4/MAC security aces:                 1K

We can even check out the IPv6 SDMs:

Rack13SW1#sh sdm prefer dual-ipv4-and-ipv6 ?
default  Default bias
routing  Unicast bias
vlan     VLAN bias

Rack13SW1#sh sdm prefer dual-ipv4-and-ipv6 default
“desktop IPv4 and IPv6 default” template:
The selected template optimizes the resources in
the switch to support this level of features for
8 routed interfaces and 1024 VLANs.

number of unicast mac addresses:                  2K
number of IPv4 IGMP groups + multicast routes:    1K
number of IPv4 unicast routes:                    3K
number of directly-connected IPv4 hosts:        2K
number of indirect IPv4 routes:                 1K
number of IPv6 multicast groups:                  1152
number of directly-connected IPv6 addresses:      2K
number of indirect IPv6 unicast routes:           1K
number of IPv4 policy based routing aces:         0
number of IPv4/MAC qos aces:                      512
number of IPv4/MAC security aces:                 1K
number of IPv6 policy based routing aces:         0
number of IPv6 qos aces:                          510
number of IPv6 security aces:                     510

Rack13SW1#sh sdm prefer dual-ipv4-and-ipv6 routing
“desktop IPv4 and IPv6 routing” template:
The selected template optimizes the resources in
the switch to support this level of features for
8 routed interfaces and 1024 VLANs.

number of unicast mac addresses:                  1536
number of IPv4 IGMP groups + multicast routes:    1K
number of IPv4 unicast routes:                    2816
number of directly-connected IPv4 hosts:        1536
number of indirect IPv4 routes:                 1280
number of IPv6 multicast groups:                  1152
number of directly-connected IPv6 addresses:      1536
number of indirect IPv6 unicast routes:           1280
number of IPv4 policy based routing aces:         256
number of IPv4/MAC qos aces:                      512
number of IPv4/MAC security aces:                 512
number of IPv6 policy based routing aces:         255
number of IPv6 qos aces:                          510
number of IPv6 security aces:                     510

Rack13SW1#sh sdm prefer dual-ipv4-and-ipv6 vlan
“desktop IPv4 and IPv6 vlan” template:
The selected template optimizes the resources in
the switch to support this level of features for
8 routed interfaces and 1024 VLANs.

number of unicast mac addresses:                  8K
number of IPv4 IGMP groups:                       1K
number of IPv4 multicast routes:                  0
number of unicast IPv4 routes:                    0
number of IPv6 multicast groups:                  1152
number of directly-connected IPv6 addresses:      0
number of indirect IPv6 unicast routes:           0
number of IPv4 policy based routing aces:         0
number of IPv4/MAC qos aces:                      512
number of IPv4/MAC security aces:                 1K
number of IPv6 policy based routing aces:         0
number of IPv6 qos aces:                          510
number of IPv6 security aces:                     510

This should save you a trip to the documentation during your lab.

January 28, 2009

Free Retakes On Cisco Exams

UPDATE: Well……you might be able to use this promotion to take an exam that is not part of regaining an expired recertification.  See details here: http://routemyworld.com/2009/01/28/free-retake-of-cisco-exams/

UPDATE:  Aragoen Celtdra writes: “I spoke with Pearson Vue about this and the person I spoke with said that it’s only valid for re-certification.”

Oh poo!  That does explains this line though: “All exams needed for a certification must be taken to gain back your certification.”

Cisco and Vue have brought back their free retake promotion:

“Come Back 2009” Promotion

Here’s how to redeem your Cisco “Come Back 2009” Exam:

Register for an exam at full price. If you fail the exam, you may schedule a free retake of the same exam by entering the promotion code: COMEBACK2009 at the time of registration.

Offer only valid for Career Certifications and Specialization Exams (not valid on online exams or the CCDE Practical Exam – 352-011). NOTE: All exams needed for a certification must be taken to gain back your certification.

Unfortunately the CCIE lab exam is not covered, but if you’re taking your CCIE written or any of the CCNx exams, then this is a great promotion to take advantage of.

January 27, 2009

Internetwork Expert: Free Cisco Documentation Video

Internetwork Expert has new (free!) class-on-demand session called ‘Understanding the Cisco Documentation’ about navigating the DOCCD UniverCD Whatever-The-Hell-It’s-Now-Called.  This session addresses the new version of the Cisco documentation.  It’s well worth your time to watch the session and even more worthwhile to get very well acquainted with the structure and content of this documentation.

January 26, 2009

Poll: Can The CCIE Lab Be Passed By Cheating?

Filed under: Cisco — cciepursuit @ 2:03 pm

January 25, 2009

New CCIE Lab Short-Answer Questions Will Be Computer-Based

Filed under: Cisco,Cisco Certification — cciepursuit @ 5:34 pm
Tags: , , , ,

Cisco recently announced a couple of big changes to the CCIE test.  The change that has made the most waves is the introduction of some short open-ended questions prior to the start of the CCIE lab exam.  This seems to be consistent with a recent pilot that began in August in the Beijing lab location.  While the pilot specifically mentioned that the questions would be part of a verbal interview, I noticed that Cisco made no explicit mention about the new questions being delivered verbally.   I’ve now seen a couple of sources (Vue and the IE forum) validate that the new questions will be computer-based:

Cisco Announces Updates to the CCIE Lab and Written Exam

Effective February 1, 2009, Cisco will introduce a new type of question format to CCIE Routing and Switching lab exams. In addition to the live configuration scenarios, candidates will be asked a series of four or five open-ended questions on the computer screen, drawn from a pool of questions based on the material covered on the lab blueprint. No new topics are being added.

Dear Jehanzeb,

Thank you for contacting Certification Support.

They’re computer-base questions, and will be graded by the CCIE lab proctors.

If you have further questions regarding the CCIE Certification Program, please visit www.cisco.com/go/ccie or visit the CCIE Instant Answers at www.cisco.com/go/certsupport.

Kind regards,

Certification Support Center

This makes sense as the Beijing pilot email advised that candidates could expect their lab session to be an hour longer to accommodate each candidate receiving an oral interview.  The global rollout specified that your lab session would not be extended and also mentioned that you could request a reread which included the ‘interview’ portion of the lab.

You’ll most likely answer four or five questions (short essay form?) on a computer.  I would imagine that you will need to complete this portion before you are allowed to begin the lab.

While I commend Cisco for (presumably) trying to crack down on cheating in the lab(although they claim that is a ‘secondary’ effect of this change), I have a feeling that if someone can braindump/get copies of the lab, they won’t have much problem collecting these questions.

Anyhoo….now the speculation is whether or not you’ll have access to the DOCCD during this portion of the exam.  I would think not, but I’m sure we’ll find out after this goes live next month.

January 24, 2009

Monkey See, Monkey Doo-Doo

Filed under: Cisco,Cisco Certification,IOS — cciepursuit @ 4:03 pm
Tags: , , , ,

The IE blog has a great post up about the ‘show parser dump’ command.  I was connected to a production 6500 at work while I was reading this, so I decided to follow along with the blog post and run the commands on the switch.  They’re just ‘show’ commands so there shouldn’t be any problems right?

I had entered ‘show parser dump interface | include ^15_(.*)ospf’ and looked through the first screen of output.  I hit the spacebar to get the next page……and nothing happened.  I hit the spacebar a couple more times and still nothing happened.  The switch was locked up.  Nooooooooo!!!!!  Suddenly sick to my stomach I waited helplessly, hoping that the switch would return.  It finally did many (loooooooong) seconds later.

WS-C6509#sh hist
  show parser dump route-map | include ^15_
  show parser dump interface | include ^15_(.*)ospf

WS-C6509#sh proc cpu hist
              111111111111111111111111111111111111111111
         5555500000000000000000000000000000000000000000066666
    3333366666000000000000000000000000000000000000000000111114
100           ******************************************
 90           ******************************************
 80           ******************************************
 70           ******************************************
 60      ****************************************************
 50      ****************************************************
 40      ****************************************************
 30      ****************************************************
 20      ****************************************************
 10      ****************************************************
   0....5....1....1....2....2....3....3....4....4....5....5....
             0    5    0    5    0    5    0    5    0    5
               CPU% per second (last 60 seconds)

The CPU was pegged for about 45 seconds.  If I had read the whole post I would have seen that these commands can be ‘CPUHogs’ but I had not read ahead.

Lesson learned!  Don’t experiment on production gear.  Save it for the lab…and save your job.  :-)

January 21, 2009

Use Your GI Bill Benefits To Pay For Cisco Certification Exams

Filed under: Cisco,Cisco Certification — cciepursuit @ 1:00 pm
Tags: , ,

US veterans can now apply their GI Bill benefits towards Cisco Certification exams.

Cisco (NASDAQ: CSCO) today announced that its award-winning certification program is now authorized for use with the Department of Defense’s education program DANTES (Defense Activity for Non-Traditional Education Support). U.S. military veterans and their eligible dependents may use their GI Bill benefits to cover the full cost of any current Cisco® information technology (IT) certification exam.

“We believe that this collaboration with Cisco will be widely adopted by soldiers and sailors reentering the workforce after their military service,” said Dr. Jeffrey Cropsey, director of DANTES. “By providing access to Cisco’s certification portfolio, DANTES clients will be able to develop the skills and competencies in networking and IT that will open up lucrative and fulfilling career opportunities for our nation’s military veterans.”

Nice move on the part of Cisco.  Too bad I used my benefits on college alread.  :-(  The article doesn’t have a lot of detail (are you compensated for failed attempts, is the CCIE lab exam covered, etc), but if you are a veteran who is pursueing Cisco certification then definitely follow up with DANTES for more information.

Also in the article (well, press release really) is some good news for networking professionals during this recession:

According to recently released data from IDC, the projected supply of skilled networking professionals is not expected to keep pace with demand, resulting in an 8 percent gap, or 60,000 full-time skilled workers each year by 2011.(1) The need for qualified IT workers is particularly acute in advanced networking fields such as wireless, security and voice. DANTES strives to support military personnel to achieve their professional and personal educational objectives following discharge from active duty.

(1) IDC White Paper sponsored by Cisco Learning Institute, Networking Skills in North America: Trends Gaps, and Strategies, Doc # 210587, May 2008

I have no idea if those numbers are still accurate, but I’ll take any piece of good news I can at this point.

CCBootcamp: New CCDE Written Bootcamp

Filed under: Cisco,Cisco Certification — cciepursuit @ 9:08 am
Tags: , , ,

CCBootcamp has a new offering for those maschochists who are interested in the CCDE:

The newest in Cisco Expert Level Certification takes the name of CCDE. Cisco Certified Design Expert (CCDE™) assesses advanced network infrastructure design principles and fundamentals for large networks. A CCDE can demonstrate the ability to develop solutions which address planning, design, integration, optimization, operations, security and ongoing support focused at the infrastructure level for customer networks. CCBOOTCAMP offers the only Cisco Approved training for CCDE on the market today. Join us and get your CCDE now!

The CCDE, like the CCIE, has both written and lab components.  This bootcamp is for those taking the first step in the CCDE certification process: the CCDE written exam.

January 20, 2009

Enabling Portfast On Trunks

I was working through one of the IE volume I labs and ran across a very easy task.  It simply asked you to configure portfast on all ports connected to routers.  Easy enough, just slap ‘spanning-tree portfast’ on the interfaces connected to the routers.  Easy points.  Next task.

Unfortunately I overlooked the fact that one or the ports connected to a router was trunking (part of a router-on-a-stick configuration).  I blew by the BIG FREAKING CLUE that IOS gave me:

SW2(config)#int f0/6
SW2(config-if)#spann portfast
%Warning: portfast should only be enabled on ports connected to a single host. Connecting hubs, concentrators,  switches, bridges, etc… to this interface  when portfast is enabled, can cause temporary bridging loops.
Use with CAUTION

%Portfast has been configured on FastEthernet0/6 but will only
have effect when the interface is in a non-trunking mode.

I don’t think that I’ve ever used the ‘trunk’ option with portfast before:

SW2(config-if)#spann portf ?
disable  Disable portfast for this interface
trunk    Enable portfast on the interface even in trunk mode
<cr>

spanning-tree portfast (interface configuration)
trunk – (Optional) Enable the Port Fast feature on a trunking interface.

Sure enough, even though the interface configuration showed that portfast was configured, it was not working on the trunk interface:

interface FastEthernet0/6
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
spanning-tree portfast

SW2#sh spanning-tree int f0/6 portfast
VLAN0001         disabled
VLAN0005         disabled
VLAN0007         disabled
VLAN0008         disabled
VLAN0009         disabled
VLAN0010         disabled
VLAN0022         disabled
VLAN0043         disabled
VLAN0058         disabled
VLAN0067         disabled
VLAN0079         disabled
VLAN0146         disabled

So much for those ‘easy points’.

Here’s what happens with the ‘trunk’ option enabled:

SW2(config)#int fa0/6
SW2(config-if)#spann portfast trunk
%Warning: portfast should only be enabled on ports connected to a single host. Connecting hubs, concentrators,  switches, bridges, etc… to this interface  when portfast is enabled, can cause temporary bridging loops.
Use with CAUTION

SW2#sh spanning-tree int f0/6 portfast
VLAN0001         enabled
VLAN0005         enabled
VLAN0007         enabled
VLAN0008         enabled
VLAN0009         enabled
VLAN0010         enabled
VLAN0022         enabled
VLAN0043         enabled
VLAN0058         enabled
VLAN0067         enabled
VLAN0079         enabled
VLAN0146         enabled

January 19, 2009

Lab Tip: Finding Port Numbers For Common Protocols

I stumbled across a couple of very cool resources for finding the ports of common protocols during the CCIE lab.  The first comes from GroupStudy and is a link to the Addresses, Protocols, and Ports section of the ASA 5580 configuration guide:

You’ll probably want to practice finding this page in the DOCCD.

You can get there via:

Security
Firewall Appliances
Cisco ASA 5500 Series Adaptive Security Appliances
Configuration Guides
Cisco ASA 5580 Adaptive Security Appliance Command Line Configuration Guide, Version 8.1
Reference
Addresses, Protocols, and Ports

This page has a very good list of the TCP and UDP port numbers for a multitude of different protocols.

If you want a quick and dirty port list, then this tip from CCIE2Be (I found it via GlobalConfig.net) is a great choice.

I had a filtering task that said to allow H323 Traffic to a specific vlan. Well…what ports does H323 use? I could not find it on the DocCD but I remembered a show command that will let us know:

r1#sh ip nbar port-map h323

 

port-map h323                     udp 1300 1718 1719 1720 11720
port-map h323                     tcp 1300 1718 1719 1720 11000 – 11999

Some other examples:

r6# sh ip nbar port-map sip
port-map sip                      udp 5060
port-map sip                      tcp 5060

r6#sh ip nbar port-map skinny
port-map skinny                   tcp 2000 2001 2002

r6# sh ip nbar port-map snmp
port-map snmp                     udp 161 162
port-map snmp                     tcp 161 162

r6# sh ip nbar port-map bgp
port-map bgp                      udp 179
port-map bgp                      tcp 179

r6#sh ip nbar port-map rip
port-map rip                      udp 520

show ip nbar port-map

 

Next Page »

The Rubric Theme. Create a free website or blog at WordPress.com.

Follow

Get every new post delivered to your Inbox.

Join 109 other followers