CCIE Pursuit Blog

June 10, 2009

Core Knowledge Question of the Day: 10 June 2009

Which Cisco-proprietary STP feature detects indirect failures in the core of the backbone?

Highlight for answer: BackboneFast.

June 9, 2009

Core Knowledge Question of the Day: 09 June 2009

The Dynamic ARP Inspection and IP Source Guard features both require which additional feature to be configured?

Highlight for answer:  DHCP Snooping must be enabled.  Both Dynamic ARP Inspection and IP Source Guard rely on the DHCP Snooping database.

June 1, 2009

Memory Tricks To Remember IEEE STP Designations

The INE(yes, I’m adapting the new abreviation of INE over IE for Internetwork Expert) blog has a nice post up about the different flavors of Spanning Tree.  What I really like about the posting is that memory tricks you can use to remember the letter designation of the IEEE specification.

802.1d(“Classic” Spanning Tree) – It’s dog-gone slow
802.1w(Rapid Spanning Tree) – Imagine Elmer Fudd saying ‘rapid’ as “wapid”
802.1s(Multiple Spanning Tree) – You add the letter ‘s‘ to nouns to make them plural(multiple)

I’ve always had trouble with tasks that refer to the flavor of STP by the IEEE designation*.  These simple memory tricks make it much easier to quickly decipher tasks that refer to the IEEE designation.

* This is a pet peeve of mine as I’ve never had someone in the “real world” say something like, “Go ahead and configure that switch to use 802.1w.”  If that ever happened I would just smile as I slowly twisted their nipples off.

January 20, 2009

Enabling Portfast On Trunks

I was working through one of the IE volume I labs and ran across a very easy task.  It simply asked you to configure portfast on all ports connected to routers.  Easy enough, just slap ‘spanning-tree portfast’ on the interfaces connected to the routers.  Easy points.  Next task.

Unfortunately I overlooked the fact that one or the ports connected to a router was trunking (part of a router-on-a-stick configuration).  I blew by the BIG FREAKING CLUE that IOS gave me:

SW2(config)#int f0/6
SW2(config-if)#spann portfast
%Warning: portfast should only be enabled on ports connected to a single host. Connecting hubs, concentrators,  switches, bridges, etc… to this interface  when portfast is enabled, can cause temporary bridging loops.
Use with CAUTION

%Portfast has been configured on FastEthernet0/6 but will only
have effect when the interface is in a non-trunking mode.

I don’t think that I’ve ever used the ‘trunk’ option with portfast before:

SW2(config-if)#spann portf ?
disable  Disable portfast for this interface
trunk    Enable portfast on the interface even in trunk mode
<cr>

spanning-tree portfast (interface configuration)
trunk – (Optional) Enable the Port Fast feature on a trunking interface.

Sure enough, even though the interface configuration showed that portfast was configured, it was not working on the trunk interface:

interface FastEthernet0/6
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
spanning-tree portfast

SW2#sh spanning-tree int f0/6 portfast
VLAN0001         disabled
VLAN0005         disabled
VLAN0007         disabled
VLAN0008         disabled
VLAN0009         disabled
VLAN0010         disabled
VLAN0022         disabled
VLAN0043         disabled
VLAN0058         disabled
VLAN0067         disabled
VLAN0079         disabled
VLAN0146         disabled

So much for those ‘easy points’.

Here’s what happens with the ‘trunk’ option enabled:

SW2(config)#int fa0/6
SW2(config-if)#spann portfast trunk
%Warning: portfast should only be enabled on ports connected to a single host. Connecting hubs, concentrators,  switches, bridges, etc… to this interface  when portfast is enabled, can cause temporary bridging loops.
Use with CAUTION

SW2#sh spanning-tree int f0/6 portfast
VLAN0001         enabled
VLAN0005         enabled
VLAN0007         enabled
VLAN0008         enabled
VLAN0009         enabled
VLAN0010         enabled
VLAN0022         enabled
VLAN0043         enabled
VLAN0058         enabled
VLAN0067         enabled
VLAN0079         enabled
VLAN0146         enabled

September 6, 2008

Lab Tip: Get List Of All Configured VLANs

Filed under: Cisco,Cisco Certification,IOS,Lab Tips,Switching — cciepursuit @ 4:59 pm
Tags: , , ,

You have your VTP domain set up and all of your VLANs are built and propagated.  Then you run across a task like this:

“Configure sw4 as the spanning-tree root for all configured VLANs.”

Here’s a quick and dirty way to do this if your switch is running in VTP client or server mode (if you’re in transparent mode then you just need to do steps 2 and 3):

1) Set your VTP mode to “transparent”

sw4(config)#vtp mode trans
Setting device to VTP TRANSPARENT mode.

2) Issue “do show run | i vlan”

sw4(config)#do sh run | i vlan
vlan internal allocation policy ascending
vlan 7-8,28,34,46,53,58,100 <-this is what you’re looking for
 switchport access vlan 34

3) Configure your switch as the STP root for that list of VLANs (cut and paste) – ask the proctor if you should include VLAN 1:

sw4(config)#span vlan 1,7-8,28,34,46,53,58,100 root prim

4) Return your switch to the correct VTP mode:

sw4(config)#vtp mode server
Setting device to VTP SERVER mode

Voila!

sw4(config)#do sh run | i priority
spanning-tree vlan 1,7-8,28,34,46,53,58,100 priority 24576

sw4(config)#do sh span | i VLAN|root|Address
VLAN0001
             Address     000a.8a1c.c400
             This bridge is the root
             Address     000a.8a1c.c400
VLAN0007
             Address     000a.8a1c.c400
             This bridge is the root
             Address     000a.8a1c.c400
VLAN0008
             Address     000a.8a1c.c400
             This bridge is the root
             Address     000a.8a1c.c400
VLAN0028
             Address     000a.8a1c.c400
             This bridge is the root
             Address     000a.8a1c.c400

<—output truncated—>

sw4(config)#do sh span root

                                        Root    Hello Max Fwd
Vlan                   Root ID          Cost    Time  Age Dly  Root Port
—————- ——————– ——— —– — —  ————
VLAN0001         24577 000a.8a1c.c400         0    2   20  15
VLAN0007         24583 000a.8a1c.c400         0    2   20  15
VLAN0008         24584 000a.8a1c.c400         0    2   20  15
VLAN0028         24604 000a.8a1c.c400         0    2   20  15
VLAN0034         24610 000a.8a1c.c400         0    2   20  15
VLAN0046         24622 000a.8a1c.c400         0    2   20  15
VLAN0053         24629 000a.8a1c.c400         0    2   20  15
VLAN0058         24634 000a.8a1c.c400         0    2   20  15
VLAN0100         24676 000a.8a1c.c400         0    2   20  15

June 6, 2008

Another Interesting Error

Filed under: Cisco,Cisco Certification,IOS,Switching — cciepursuit @ 10:52 am
Tags: , ,

I was configuring a routed port on a 3560 when I ran across an interesting error:

sw1(config-if)#no switch
sw1(config-if)#ip add 161.1.78.7 255.225.255.0
Bad mask 0xFFE1FF00 for address 161.1.78.7

I LOVE it when my switch speaks hex to me.  HOT!!!

I’m not sure why it pointed out my fat-fingered mistake via hex rather than decimal, but it’s pretty easy to decode this one.  My mask should have been 255.255.255.0 or FFFFFF00 in hex.

June 5, 2008

Setting STP Root Bridge for “All Active VLANs”

Filed under: Cisco,Cisco Certification,IOS,Switching — cciepursuit @ 5:13 pm
Tags: , ,

I was going through the IE Volume I v5 (Beta) labs and ran across the following task:

Configure sw1 as the STP Root Bridge for all active VLANs.

I’ve seen similar tasks on other IE labs.  The task’s scope will depend on the phrasing:

all VLANs” – ATP* as this could mean all possible VLANs (1-4094) or all active VLANs (see below)
all possible VLANs” – ATP is you are running VTP as this could mean only the VLANs possible with VTP (1-1001) or all possible VLANs (1-4094)
all active VLANs” – only the VLANs that are being used in the Layer 2 network (be sure that you have already built all of your VLANs).

* - Ask The Proctor  :-)

In this example we’re running VTP on all switches (one VTP domain).  sw1 is a VTP client and all of the VLANs are built.  We can get the VLANs by issuing the “show vlan brief” command:

Rack25SW1(config)#do sh vlan br

VLAN Name                             Status    Ports
—- ——————————– ——— ——————————-
1    default                          active    Fa0/2, Fa0/4, Fa0/6, Fa0/7
                                                Fa0/8, Fa0/9, Fa0/10, Fa0/11
                                                Fa0/12, Fa0/19, Fa0/20, Fa0/21
                                                Fa0/22, Fa0/23, Fa0/24, Gi0/1
                                                Gi0/2
5    VLAN0005                         active
7    VLAN0007                         active
8    VLAN0008                         active
9    VLAN0009                         active
10   VLAN0010                         active
22   VLAN0022                         active
43   VLAN0043                         active
58   VLAN0058                         active    Fa0/5
67   VLAN0067                         active
79   VLAN0079                         active
146  VLAN0146                         active    Fa0/1
1002 fddi-default                     act/unsup
1003 token-ring-default               act/unsup
1004 fddinet-default                  act/unsup
1005 trnet-default                    act/unsup

If there are only a handful of VLANs then you can just create a list of VLANs from this output.  If there are more then I use the following method:

1) I set the switch to VTP transparent mode.  That should create a configuration line with all of the VLANs listed in the “show vlan brief” output (except for VLAN 1):

Rack25SW1(config)#vtp mode trans
Setting device to VTP TRANSPARENT mode.

Rack25SW1(config)#do sh run | i vlan
vlan internal allocation policy ascending
vlan 5,7-10,22,43,58,67,79,146
 switchport access vlan 146
 switchport access vlan 58

2) Copy that line (adding VLAN 1 if necessary) :

Rack25SW1(config)#spanning-tree vlan 1,5,7-10,22,43,58,67,79,146 root primary

3) Put the switch back into VTP client mode:

Rack25SW1(config)#vtp mode client
Setting device to VTP CLIENT mode.

Rack25SW1(config)#do sh run | i vlan
spanning-tree vlan 1,5,7-10,22,43,58,67,79,146 priority 24576
vlan internal allocation policy ascending
 switchport access vlan 146
 switchport access vlan 58

To verify:

Rack25SW1(config)#do sh spannnig vlan 1 | i Address
             Address     001b.d490.7c00
             Address     001b.d490.7c00

Both MAC Addresses are the same (the local switch’s MAC and the root bridge’s MAC) so this is the root bridge for that VLAN.  Now issue “show spanning-tree root”

Rack25SW1#sh spanning-tree root

                                        Root    Hello Max Fwd
Vlan                   Root ID          Cost    Time  Age Dly  Root Port
—————- ——————– ——— —– — —  ————
VLAN0001         24577 001b.d490.7c00         0    2   20  15
VLAN0005         24581 001b.d490.7c00         0    2   20  15
VLAN0007         24583 001b.d490.7c00         0    2   20  15
VLAN0008         24584 001b.d490.7c00         0    2   20  15
VLAN0009         24585 001b.d490.7c00         0    2   20  15
VLAN0010         24586 001b.d490.7c00         0    2   20  15
VLAN0022         24598 001b.d490.7c00         0    2   20  15
VLAN0043         24619 001b.d490.7c00         0    2   20  15
VLAN0058         24634 001b.d490.7c00         0    2   20  15
VLAN0067         24643 001b.d490.7c00         0    2   20  15
VLAN0079         24655 001b.d490.7c00         0    2   20  15
VLAN0146         24722 001b.d490.7c00         0    2   20  15

All of the the Root MAC Addresses are the same AND they match the local switch’s MAC address so we’re golden.

 

June 3, 2008

Configuring VLAN Assignments from the Network Diagram

Filed under: Cisco,Cisco Certification,IOS,Lab Tips,Switching — cciepursuit @ 8:58 am
Tags: , ,

In many of the Internetwork Expert labs you are asked to create VLAN assignments based on the information in the network diagram.  Here is my two step process for accomplishing that task.

1) Issue ‘show ip int br | e ass’ command and look for SVIs and routed ports. 

Rack22SW1#sh ip int br | e ass
Interface              IP-Address      OK? Method Status                Protocol
Vlan7                  155.22.7.7      YES manual down                  down
Vlan67                 155.22.67.7     YES manual down                  down
Vlan79                 155.22.79.7     YES manual down                  down
FastEthernet0/13
        155.22.37.7     YES manual up                    up
Loopback0              150.22.7.7      YES manual up                    up

For SVIs, if they are down then add the appropriate VLANs:

Rack22SW1(config)#vlan 7,67,79
Rack22SW1(config-vlan)#exit

Wait a bit while STP comes up and then verify that the SVIs come up (you should be using this time to start on step 2):

00:37:29: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan7, changed state to up
00:37:29: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan67, changed stateto up
00:37:29: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan79, changed stateto up

Rack22SW1(config-if)#do sh ip int br | e ass
Interface              IP-Address      OK? Method Status                Protocol
Vlan7                  155.22.7.7      YES manual up                    up
Vlan67                 155.22.67.7     YES manual up                    up
Vlan79
                 155.22.79.7     YES manual up                    up
FastEthernet0/13        155.22.37.7     YES manual up                    up
Loopback0              150.22.7.7      YES manual up                    up

For the routed ports, find out what port the other side of the link terminates on (‘show cdp neighbor’ or check physical wiring diagram).  If it is a router or another routed switchport, then just verify the IP address and make sure that the port is up.  IF it is a layer 2 switchport, then you will need to add the VLAN to that switchport.  For instance, if sw1 fa0/13 is a routed switchport in VLAN 123:

Rack22SW1(config)#do sh run int fa0/13
Building configuration…

Current configuration : 88 bytes
!
interface FastEthernet0/13
 no switchport
 ip address 155.22.123.7 255.255.255.0

end

Rack22SW1(config)#do sh cdp neigh fa0/13
Capability Codes: R – Router, T – Trans Bridge, B – Source Route Bridge
                  S – Switch, H – Host, I – IGMP, r – Repeater, P – Phone

Device ID            Local Intrfce         Holdtme   Capability    Platform   Port ID
Rack22SW2           Fas 0/13              161            S I      WS-C3560-2Fas0/13

Rack22SW2(config)#int fa0/13
Rack22SW2(config-if)#switch access vlan 123
% Access VLAN does not exist. Creating vlan 123

2) Using the physical wiring diagram and/or CDP, find the ports that connect to the routers:

Rack22SW1(config)#do sh cdp neigh | e SW
Capability Codes: R – Router, T – Trans Bridge, B – Source Route Bridge
                  S – Switch, H – Host, I – IGMP, r – Repeater, P – Phone

Device ID            Local Intrfce         Holdtme   Capability    Platform   Port ID
Rack22R1            Fas 0/1               169           R S I     2610XM    Fas0/0
Rack22R3            Fas 0/3               170           R S I     2611XM    Fas0/0
Rack22R5            Fas 0/5               169           R S I     2611XM    Fas0/0

Using the network topology find out which VLAN each router port is in and assign the appropriate VLAN to the interface [NOTE: I like to look at the configuration of each switchport before configuring them just in case there is something funky from the initial configuration].  In this case, r1 fa0/0 is in VLAN 146 and r5 fa0/0 is in VLAN 58. sw1 fa0/3 is a routed IP interface so we can leave it alone.]

Rack22SW1(config)#int fa0/1
Rack22SW1(config-if)#sw ac vla 146
% Access VLAN does not exist. Creating vlan 146

Rack22SW1(config-if)#do sh run int fa0/3
Building configuration…

Current configuration : 86 bytes
!
interface FastEthernet0/3
 no switchport
 ip address 155.22.37.7 255.255.255.0

end

Rack22SW1(config-if)#int fa0/5
Rack22SW1(config-if)#sw ac vla 58
% Access VLAN does not exist. Creating vlan 58

Once you are done you should verify your layer 2 configuration by pinging across each VLAN (assuming that all trunking has been built).  If your pings fail, check your layer 2 transit path as well as the other endpoint’s interface (I’ve wasted much labtime troubleshooting my L2 network only to discover that the router port is shutdown).  You can also verify your access VLAN configuration with the following command (assuming all links are FastEthernet):

Rack22SW1#sh vlan br | i Fa
1    default                          active    Fa0/2, Fa0/4, Fa0/6, Fa0/7
                                                Fa0/8, Fa0/9, Fa0/10, Fa0/11
                                                Fa0/12, Fa0/22, Fa0/23, Fa0/24
58   VLAN0058                         active    Fa0/5
146  VLAN0146                         active    Fa0/1

Anyhoo…I hope that this helps.  I’ll return to “full blogging mode” tonight.

June 1, 2008

My Switch Cares About Me

Filed under: Cisco,IOS,Switching — cciepursuit @ 6:44 am
Tags: ,

I received the following warning from a 3550 the other day:

Rack13SW4(config-if)#ip add 158.13.34.0 255.255.255.254
% Warning: use /31 mask on non point-to-point interface cautiously

Fuck you Juniper!  You may have a lot of the same “features” as Cisco products, but do you program each of your devices with love?  Yeah, I didn’t think so.  My Cisco switch knows that I am going to engage in risky behavior.  He doesn’t judge me; rather he tells me to let my freak flag fly, but to “stay safe” in the process.  My switch then went on to caution me about unprotected sex and sharing needles.  I guess that it’s not a good idea to run with scissors either.  Who knew?  Thanks for looking out for me 3550! 

“The Cisco 3550: It’s more than a switch – it’s a life coach.” 

:-)

May 22, 2008

Lab Tip: Cisco Proprietary versus Open Standard EtherChannel Protocol

Filed under: Cisco,Cisco Certification,IOS,Switching — cciepursuit @ 2:15 pm
Tags: , , ,

I’ve run across this type of question a couple of times in labs:

Configure interfaces fa0/19 – 21 into an EtherChannel using an open standards protocol.

-or-

Configure interfaces fa0/19 – 21 into an EtherChannel using a Cisco proprietary protocol.

This always throws me for some reason.  I know that the two EtherChannel protocols are PaGP and LACP, but I can never remember (probably because I never thought that it would be important) which protocol is Cisco proprietary and which is open standards.  I tried looking this up in the DOC CD one time, but did not see it mentioned.  I eventually just hit Wikipedia to get the answer, but I’m pretty sure that will not be available in the lab.

I’ve developed a simple (and most likely stupid) method of remembering this:

PaGP starts with P which is the letter  that ‘proprietary’ starts with.

It’s kind of lame, but it gets the job done for me so I thought that I would share.

 

 

 

Next Page »

The Rubric Theme Blog at WordPress.com.

Follow

Get every new post delivered to your Inbox.

Join 109 other followers