CCIE Pursuit Blog

September 6, 2008

Lab Tip: Get List Of All Configured VLANs

Filed under: Cisco,Cisco Certification,IOS,Lab Tips,Switching — cciepursuit @ 4:59 pm
Tags: , , ,

You have your VTP domain set up and all of your VLANs are built and propagated.  Then you run across a task like this:

“Configure sw4 as the spanning-tree root for all configured VLANs.”

Here’s a quick and dirty way to do this if your switch is running in VTP client or server mode (if you’re in transparent mode then you just need to do steps 2 and 3):

1) Set your VTP mode to “transparent”

sw4(config)#vtp mode trans
Setting device to VTP TRANSPARENT mode.

2) Issue “do show run | i vlan”

sw4(config)#do sh run | i vlan
vlan internal allocation policy ascending
vlan 7-8,28,34,46,53,58,100 <-this is what you’re looking for
 switchport access vlan 34

3) Configure your switch as the STP root for that list of VLANs (cut and paste) – ask the proctor if you should include VLAN 1:

sw4(config)#span vlan 1,7-8,28,34,46,53,58,100 root prim

4) Return your switch to the correct VTP mode:

sw4(config)#vtp mode server
Setting device to VTP SERVER mode

Voila!

sw4(config)#do sh run | i priority
spanning-tree vlan 1,7-8,28,34,46,53,58,100 priority 24576

sw4(config)#do sh span | i VLAN|root|Address
VLAN0001
             Address     000a.8a1c.c400
             This bridge is the root
             Address     000a.8a1c.c400
VLAN0007
             Address     000a.8a1c.c400
             This bridge is the root
             Address     000a.8a1c.c400
VLAN0008
             Address     000a.8a1c.c400
             This bridge is the root
             Address     000a.8a1c.c400
VLAN0028
             Address     000a.8a1c.c400
             This bridge is the root
             Address     000a.8a1c.c400

<—output truncated—>

sw4(config)#do sh span root

                                        Root    Hello Max Fwd
Vlan                   Root ID          Cost    Time  Age Dly  Root Port
—————- ——————– ——— —– — —  ————
VLAN0001         24577 000a.8a1c.c400         0    2   20  15
VLAN0007         24583 000a.8a1c.c400         0    2   20  15
VLAN0008         24584 000a.8a1c.c400         0    2   20  15
VLAN0028         24604 000a.8a1c.c400         0    2   20  15
VLAN0034         24610 000a.8a1c.c400         0    2   20  15
VLAN0046         24622 000a.8a1c.c400         0    2   20  15
VLAN0053         24629 000a.8a1c.c400         0    2   20  15
VLAN0058         24634 000a.8a1c.c400         0    2   20  15
VLAN0100         24676 000a.8a1c.c400         0    2   20  15

August 26, 2008

Lab Tip: Clear Your EIGRP Process

I spent a good chunk of my weekend going over EIGRP metric manipulation and how it affects EIGRP unequal-cost load-balancing.  More than a few times I ran into weird output like routes dropping, metric values not changing, and even this doozy:

r1#sh ip ei top 164.1.26.0 255.255.255.0
IP-EIGRP (AS 100): Topology entry for 164.1.26.0/24
  State is Passive, Query origin flag is 1, 1 Successor(s), FD is 2693120
  Routing Descriptor Blocks:
  164.1.13.3 (Serial0/1), from 164.1.13.3, Send flag is 0x0
      Composite metric is (3026432/2514432), Route is Internal
      Vector metric:
        Minimum bandwidth is 1280 Kbit
        Total delay is 40100 microseconds
        Reliability is 255/255
        Load is 1/255
        Minimum MTU is 1500
        Hop count is 2
  164.1.12.2 (Serial0/0), from 164.1.12.2, Send flag is 0x0
      Composite metric is (10514432/28160), Route is Internal
      Vector metric:
        Minimum bandwidth is 256 Kbit
        Total delay is 20100 microseconds
        Reliability is 255/255
        Load is 1/255
        Minimum MTU is 1500
        Hop count is 1

The AD of the successor is not equal to the FD????

By clearing the EIGRP process, these discrepancies go away.  You can do this the soft way:

r1#clear ip eigrp 100 neighbors soft
*Mar  2 05:22:13.522: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 100: Neighbor 164.1.12.2 (Serial0/0) is resync: manually cleared

Or the rough way:

r1#clear ip eigrp 100 neighbors
*Mar  2 05:22:48.708: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 100: Neighbor 164.1.12.2 (Serial0/0) is down: manually cleared
*Mar  2 05:22:49.782: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 100: Neighbor 164.1.12.2 (Serial0/0) is up: new adjacency

I like it rough.  :-)

In the case of EIGRP it really doesn’t matter as the protocol reconverges so quickly.

August 19, 2008

Lab Tip: Entering Large Numbers

Filed under: Cisco,Cisco Certification,IOS,Lab Tips — cciepursuit @ 4:39 pm
Tags: , , , ,

In the lab (and in real life) you may need to enter values in bits per seconds.  This is especially prevalent in QoS tasks.  You want to be careful that you don’t configure everything correctly but lose points because you added or subtracted a zero from the value. 

In this example we are asked to police to 2.5Mbps.

r5(config-pmap-c)#police ?
  <8000-2000000000>  Bits per second
  cir                Committed information rate
  rate               Specify police rate

Converting 2.5Mbps to bps is easy.  If you’re extremely paranoid, you could open up the Windows calculator and multiply 2.5 by 1,000,000.  Either way you come up with 2,500,000 bits per second.

When entering this value into IOS I put spaces or commas to break up the string of digits.  That way it’s harder for me to add or miss a zero:

r5(config-pmap-c)#police 2 500 000

Or:

r5(config-pmap-c)#police 2,500,000

Then remove the spaces or commas.  That way you’re less likely to change your bits per second value by power of ten.

r5(config-pmap-c)#police 2500000

May 22, 2008

Lab Tip: Cisco Proprietary versus Open Standard EtherChannel Protocol

Filed under: Cisco,Cisco Certification,IOS,Switching — cciepursuit @ 2:15 pm
Tags: , , ,

I’ve run across this type of question a couple of times in labs:

Configure interfaces fa0/19 – 21 into an EtherChannel using an open standards protocol.

-or-

Configure interfaces fa0/19 – 21 into an EtherChannel using a Cisco proprietary protocol.

This always throws me for some reason.  I know that the two EtherChannel protocols are PaGP and LACP, but I can never remember (probably because I never thought that it would be important) which protocol is Cisco proprietary and which is open standards.  I tried looking this up in the DOC CD one time, but did not see it mentioned.  I eventually just hit Wikipedia to get the answer, but I’m pretty sure that will not be available in the lab.

I’ve developed a simple (and most likely stupid) method of remembering this:

PaGP starts with P which is the letter  that ‘proprietary’ starts with.

It’s kind of lame, but it gets the job done for me so I thought that I would share.

 

 

 

January 14, 2008

Using Notepad In The CCIE Lab

Filed under: Cisco,Cisco Certification,Lab Tips — cciepursuit @ 4:55 pm
Tags: , , , , ,

I came across this post concerning using Notepad during the CCIE lab exam [emphasis mine]:

Rich,

You can’t save anything, no folders, no text files. You can’t save anything to flash in the routers as well, or its an auto fail. The best you can do is open up txt files, and use them as you see fit, just be careful not to close them.The kind of troubleshooting errors they put in the lab are absolutely simple. You won’t need to paste out the configs for verification if that’s what your leaning towards (IMO). Just check your IPs/masks, etc.. when you run into problems. I had a couple txt files open just to slap in and proof my changes, or have a record or note of something I did but wanted to go back to.

The proctor might spend a few minutes going over the keyboard/terminal, but once you sit down at your lab, you have 8 hours to complete it. No extra time for prep or anything.

I guess that this makes sense from a lab security standpoint as Cisco would not want configurations from previous candidates accidentally left on the desktop or in flash.

I guess that it’s not a big deal, but IE suggests saving the initial configurations so that if you cannot find all of the initial faults before you complete the lab, you can check the initial configurations rather your more lengthy final configurations for the final error(s).  I guess that you can just keep a notepad instance open all day with the initial configuration in it without saving it, but I’m very likely to accidentally close or write over it.  Oh well, good to know this before hand.

December 18, 2007

Internetwork Expert Volume II: Lab 3 – Section 3

Section 3 – HDLC/PPP – 3 Points

3.1  PPP

“Authenticate these links using the routers’ respective hostnames and the clear-text password CISCO.”

The requirement to use a “clear-text password” means that you’ll need to use PAP authentication.

Configuring Media-Independent PPP and Multilink PPP

Although this was an easy task, I did stumble at one point:

r3(config-if)#ppp pap sent-username r2 pass CISCO
PPP: Warning:  You have chosen a username/password combination that
               is valid for CHAP.  This is a potential security hole.

DOH!!!  It’s always good to remember what router you are configuring.  :-)

Internetwork Expert Volume II: Lab 3 – Section 2

Section 2 – Frame Relay – 8 Points

2.1  Hub-and-Spoke

This section was easy.  If you’ve run through the IE Volume I Frame Relay labs you will be pretty familiar with the different Frame Relay variations.  That said, the first task threw me for a bit of a loop because I had a difficult time interpreting it: 

“Do not use dynamic layer 3 to layer 2 mappings over these Frame Relay connections.”
“Do not configure static layer 3 to layer 2 mapping between r2 and r4″

So….should we have connectivity between r2 and r4 (hubs) at all?  Does the second sub-task allow us to map r2 and r4 to r1?  Answer: no.  We are not supposed to be able to communicate from spoke to spoke.  A later OSPF task will fix this.

I had to reboot r2 and r4 because there were dynamic frame mappings on those routers already.  I’ve run into this in all of the labs with initial configurations.  I find it easiest to disable Frame Relay Inverse-ARP and then reload the router.

Before reload:

r2#sh frame map
Serial0/0/0 (up): ip 136.1.15.1 dlci 201(0xC9,0x3090), dynamic,
              broadcast,, status defined, active
Serial0/0/0 (up): ip 136.1.245.5 dlci 205(0xCD,0x30D0), static,
              broadcast,
              CISCO, status defined, active

r4#sh frame map
Serial0/0 (up): ip 136.1.245.5 dlci 405(0x195,0x6450), static,
              broadcast,
              CISCO, status defined, active
Serial0/0 (up): ip 136.1.15.1 dlci 401(0x191,0x6410), dynamic,
              broadcast,, status defined, active

For some reason (did I anger the router gods?) I still had a dynamically mapped PVC on r2 and r4 (spokes) – even though I had disabled Frame Relay Inverse-ARP and reloaded:

r2#sh frame map
Serial0/0/0(up): ip 136.1.15.1 dlci 201(0xC9,0x3090), dynamic,
              broadcast,, status defined, active
Serial0/0/0 (up): ip 136.1.245.5 dlci 205(0xCD,0x30D0), static,
              broadcast,
              CISCO, status defined, active

r2#sh ver | b uptime

r2 uptime is 3 minutes
System returned to ROM by reload at 18:47:24 UTC Sat Dec 15 2007
System image file is “flash:c2800nm-adventerprisek9-mz.124-11.T2.bin”
—output truncated—

r2#sh frame map
Serial0/0/0(up): ip 136.1.15.1dlci 201(0xC9,0x3090), dynamic,
              broadcast,, status defined, active
Serial0/0/0 (up): ip 136.1.245.5 dlci 205(0xCD,0x30D0), static,
              broadcast,
              CISCO, status defined, active

r2#sh run int s0/0/0
interface Serial0/0/0
 ip address 136.1.245.2 255.255.255.0
 encapsulation frame-relay
 frame-relay map ip 136.1.245.5 205 broadcast
 no frame-relay inverse-arp

r2#clear frame inarp

r2#sh frame map
Serial0/0/0 (up): ip 136.1.245.5 dlci 205(0xCD,0x30D0), static,
              broadcast,
              CISCO, status defined, active

That was VERY odd.  I’ve never had a dynamically mapped FR PVC remain after disabling FR Inverse-ARP and rebooting.  Furthermore, I’ve never been able to successfully clear a dynamic mapping by using “clear frame-relay inarp” [note: DOC shows "clear frame-relay-inarp" but router takes "clear frame-relay inarp" (hypen in first example, space in second)]

2.2 Point-To-Point

2.3 Point-To-Point

Other than that bit of Frame Relay oddness, the remainder of the tasks in this section were very simple.  The IE answer has nice write up on pinging with source routing.

Internetwork Expert Volume II: Lab 3 – Section 1

Section 1 –  Bridging and Switching – 18 Points

I did well on this section.  This was the first lab that they threw some spanning-tree tasks at you.  Most of the tasks were pretty basic.  As you progress through the Volume II labs, you will definitely become proficient at creating trunks and EtherChannels.  This was also the first lab that I have done in which the switches had VTP configured for you.  Although VTP is configured (sw1 is the server, sw2-4 are clients), trunking is not.  This is important to note as your first few tasks will require trunking to be enabled before you can verify those tasks.  You’ll need to decide whether you want to jump ahead and configure trunking right away or wait until the trunking task to verify your first two tasks.  Yet another great reason to read the test before beginning.

NOTE: I’m going to refer to a task as the entire list of required configurations and sub-tasks as the individual configure requests within a task.  I think that I have been using task and section to mean multiple things in my past postings.  For example:

Bridging and Switching

1.1  VTP
Create a VTP domain called PILKINGTON on switches sw1 – 4.
Use VTP password KARL on all switches.
Make sw1 the VTP server.
Make sw2 – 4 VTP clients.

The section is “Bridging and Switching”, the task is “1.1 VTP”, and the sub-tasks are the four configuration steps.  Hopefully this will clear up any confusion.

1.1 Trunking

This was a basic trunking task.  You are setting up router-on-a-stick.  This implies that you will need to hard-code the trunk to dot1q encapsulation.  The twist (for me at least) in this is that the router will have a single IP address on its physical Ethernet port instead of IP addresses (in different subnets) on the subinterfaces.  I see bridging in my future.  :-)

Configuring Routing Between VLANs with IEEE 802.1Q Encapsulation

I could not find a document in the DOC that dealt with router-on-a-stick.  I’ll search for it later this week.

If you haven’t created the trunks yet (sw2 (VTP client) is the switch that you configure the trunk on) then you will have issues when verifying this task:

sw2(config-if)#do sh run int fa0/6

interface FastEthernet0/6
 description ->r6 VLANs 16, 36 (router on a stick)
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 16,36
 switchport mode trunk

sw2#sh int fa0/6 trunk
Port        Mode         Encapsulation  Status        Native vlan
Fa0/6       on           802.1q         trunking      1

Port        Vlans allowed on trunk
Fa0/6       16,36

Port        Vlans allowed and active in management domain
Fa0/6       none

Port        Vlans in spanning tree forwarding state and not pruned
Fa0/6       none

sw2(config-if)#do sh vlan id 36
VLAN id 36 not found in current VLAN database
sw2(config-if)#do sh vlan id 16
VLAN id 16 not found in current VLAN database

My first instinct was to add the VLANs to the switch:

sw2(config)#vlan 16
%VTP VLAN configuration not allowed when device is in CLIENT mode.

Add them to the server (sw1)?  A:No.  They already exist:

sw1#sh vlan brief | i 16|36
16   VLAN0016                         active    Fa0/1
36   VLAN0036                         active

I’ll just need to wait until trunking is built between sw1 and sw2 for these VLANs to appear on sw2.  Here’s what your verification will look like after trunking has been built:

sw2(config)#do sh int fa0/6 trunk

Port        Mode         Encapsulation  Status        Native vlan
Fa0/6       on           802.1q         trunking      1

Port        Vlans allowed on trunk
Fa0/6       16,36

Port        Vlans allowed and active in management domain
Fa0/6       16,36

Port        Vlans in spanning tree forwarding state and not pruned
Fa0/6       16,36

1.2 IP Bridging

Crap.  Bridging.  I hates me some bridgin’.  :-)

“r1 and r3 are in the same IP subnet (136.1.136.0/24), but int different broadcast domains.” <-vlan 16 and 36 as per task 8.1
“Connfigure r6 to bridge IP traffic between VLAN 16 and VLAN 36.”
“Ensure that the rest of the routing domain can communicate with both r1 and r3 via IP.” <- must be able to ping from all other devices

Time to hit the DOC:

Configuring Transparent Bridging

Cisco IOS Bridging Commands

Let’s get to it:

r6(config)#bridge 1 protocol ?
  dec          DEC protocol
  ibm          IBM protocol
  ieee         IEEE 802.1 protocol
  vlan-bridge  vlan-bridge protocol

r6(config-if)#int fa0/0
r6(config-if)#bridge-group 1

r6(config)#int bv1
Integrated Routing and Bridging is not configured!

Nuts!  I forgot to enable irb:

bridge irb

bridge route

r6(config)#bridge ?
  <1-255>            Bridge Group number for Bridging.
  cmf                Constrained multicast flooding
  crb                Concurrent routing and bridging
  irb                Integrated routing and bridging
  mac-address-table  MAC-address table configuration commands

r6(config)#bridge irb
r6(config)#bridge 1 route ?
  appletalk  AppleTalk
  clns       ISO CLNS
  decnet     DECnet
  ip         IP
  ipx        Novell IPX

r6(config)#bridge 1 route ip

At this point I had everything configured and I tried to ping r1 from r3 and vice versa – no go.  What did I do wrong?

r1#p 136.1.136.3 <-r3

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 136.1.136.3, timeout is 2 seconds:
…..
Success rate is 0 percent (0/5)

Doh!!!  This isn’t going to work until sw1 and sw2 can exchange VLANs via VTP. 

After trunking is configured:

r6#sh bridge

Total of 300 station blocks, 299 free
Codes: P – permanent, S – self

Bridge Group 1:

    Address       Action   Interface       Age   RX count   TX count
0011.93b0.7640   forward   Fa0/0.16          0          1          0

r1#p 136.1.136.3

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 136.1.136.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms

r3#p 136.1.136.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 136.1.136.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
 

Booyah!!!  [this took me forever to get through]

Cool command:

show interfaces irb

r6#sh int irb | sec 0/0.16
FastEthernet0/0.16 ->VLAN 16
 Routed protocols on FastEthernet0/0.16:
  ip

 Bridged protocols on FastEthernet0/0.16:
  appletalk  clns       decnet     ip

 Software MAC address filter on FastEthernet0/0.16
  Hash Len    Address      Matches  Act      Type
  0x00:  0 ffff.ffff.ffff         6 RCV Physical broadcast
  0x2A:  0 0900.2b01.0001         0 RCV DEC spanning tree
  0x60:  0 000f.9098.cff0         0 RCV Interface MAC address
  0x60:  1 000f.9098.cff0         0 RCV Bridge-group Virtual Interface
  0xC0:  0 0100.0ccc.cccc         0 RCV CDP
  0xC1:  0 0100.0ccc.cccd       137 RCV SSTP MAC address
  0xC2:  0 0180.c200.0000         0 RCV IEEE spanning tree
  0xC2:  1 0180.c200.0000         0 RCV IBM spanning tree
  0xC2:  2 0100.0ccd.cdce         0 RCV VLAN Bridge STP

1.3 Trunking

This is a simple task to configure trunking between sw1 and sw2 and to do the same between sw1 and sw3.  Simple, except that they threw in the dreaded “minimal configuration” restriction:

“Use the MINIMUM CONFIGURATION POSSIBLE to accomplish this task”.

sw1 and sw2 are 3560s and sw3 is a 3550. 

Minimum configuration between two 3560s

The default on the 3560s is “switchport mode dynamic auto”, so they will only dynamically trunk if the other side is NOT set to auto.  We can simply configure “switchport mode dynamic desirable” on one switch (let’s use sw1)

sw1(config)#int range fa0/13 – 15
sw1(config-if-range)#switch mode dyn des
sw1(config-if-range)#no sh

sw2(config)#int range fa0/13 – 15
sw2(config-if-range)#no sh

sw1#sh int trunk

Port        Mode         Encapsulation  Status        Native vlan
Fa0/13      desirable    n-isl          trunking      1
Fa0/14      desirable    n-isl          trunking      1
Fa0/15      desirable    n-isl          trunking      1

sw2#sh int trunk

Port        Mode         Encapsulation  Status        Native vlan
Fa0/13      auto         n-isl          trunking      1
Fa0/14      auto         n-isl          trunking      1
Fa0/15      auto         n-isl          trunking      1

Minimum configuration  between a 3560 and  a 3550

This is easy because the 3550’s default is “switchport mode dynamic desirable”so it will trunk with a 3560 (default “switch mode dyn auto”) by simply opening the ports:

sw1(config)#int range fa0/15 – 16
sw1(config-if-range)#no sh

sw3(config)#int range fa0/13 – 14
sw3(config-if-range)#no sh

sw1#sh int trunk

Port        Mode         Encapsulation  Status        Native vlan
Fa0/16      auto         n-isl          trunking      1
Fa0/17      auto         n-isl          trunking      1

sw3#sh int trunk

Port        Mode         Encapsulation  Status        Native vlan
Fa0/13      desirable    n-isl          trunking      1
Fa0/14      desirable    n-isl          trunking      1

1.4 Link Aggregation

This is a simple EtherChannel task that took a bizarre turn.  I ended up having to trouble shoot some weirdness.  It started with this error:

02:54:53: %EC-5-L3DONTBNDL2: Fa0/15 suspended: LACP currently not enabled on the remote port.

sw4(config-if-range)#do sh eth sum
Number of channel-groups in use: 1
Number of aggregators:           1

Group  Port-channel  Protocol    Ports
——+————-+———–+———————————————–
14     Po14(SU)        LACP      Fa0/13(P)   Fa0/14(P)   Fa0/15(s)
sw1(config-if-range)#do sh eth sum
Number of channel-groups in use: 1
Number of aggregators:           1

Group  Port-channel  Protocol    Ports
——+————-+———–+———————————————–
14     Po14(SU)        LACP      Fa0/19(P)   Fa0/20(P)   Fa0/21(D)

sw1(config-if-range)#do sh run int fa0/21
interface FastEthernet0/21
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 14 mode passive

sw1(config-if-range)#do sh cdp neigh | i sw4
sw4                 Fas 0/20              154            S I      WS-C3550-2Fas0/14
sw4                 Fas 0/19              154            S I      WS-C3550-2Fas0/13

Strange, my configuration is correct.  Why can’t I get that one link in the EtherChannel up?

After all of the troubleshooting, the problem was PEBKAC:

sw1(config-if)#do sh int fa0/21
FastEthernet0/21 is down, line protocol is down (notconnect)

I had the cable that should have been connected to sw1 fa0/21 in sw2.  :(

This (hopefully) won’t be an issue in the lab.  I should have resolved this much more quickly by noting that the link was suspended (s) on one side and down (D) on the other.

1.5 Spanning-Tree Protocol

The first sub-task was to make sw1 the root switch for certain VLANs:

sw1(config)#spanning-tree vlan 4,44,52,63 root primary

sw1#sh spanning-tree root

[0012.018f.d580 is sw1's MAC Address]

                                        Root    Hello Max Fwd
Vlan                   Root ID          Cost    Time  Age Dly  Root Port
—————- ——————– ——— —– — —  ————
VLAN0001         32769 000a.410e.0600        19    2   20  15  Fa0/16
VLAN0003         32771 000a.410e.0600        19    2   20  15  Fa0/16
VLAN0004         24580 0012.018f.d580         0    2   20  15
VLAN0016         32768 000f.9098.cff0        38    2   20  15  Fa0/13
VLAN0029         32797 000a.410e.0600        19    2   20  15  Fa0/16
VLAN0036         32768 000f.9098.cff0        38    2   20  15  Fa0/13
VLAN0044         24620 0012.018f.d580         0    2   20  15
VLAN0052         24628 0012.018f.d580         0    2   20  15
VLAN0057         32825 000a.410e.0600        19    2   20  15  Fa0/16
VLAN0063         24639 0012.018f.d580         0    2   20  15

“All traffic between sw1 and sw2 for these VLANs should transit the trunk between sw1 and sw2’s port fa0/15″
“This configuration should be done on sw1″

So we want to make fa0/15 on sw2 the Root port.  Let’s use vlan 4 as an example:

sw2#sh span vlan 4

VLAN0004
  Spanning tree enabled protocol ieee
  Root ID    Priority    24580
             Address     0012.018f.d580
             Cost        19
             Port        15 (FastEthernet0/13)
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    32772  (priority 32768 sys-id-ext 4)
             Address     0012.009c.ca00
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time 300

Interface        Role Sts Cost      Prio.Nbr Type
—————- —- — ——— ——– ——————————–
Fa0/13           Root FWD 19      128.15   P2p
Fa0/14           Altn BLK 19        128.16   P2p
Fa0/15           Altn BLK 19        128.17   P2p

Basically we want to reverse the existing order (fa0/15 then fa0/14 then fa013) of the root port, BUT we need to make the configuration on sw1.

Port Priotity vs Cost (from Lab 3 Breakdown):

Two options: cost or port-priority.  If I am the root trying to affect how traffic comes towards me, I will use port-priority.  If I am on a non-root switch and I want to affect the way that traffic flows to the root, I will use cost.

Port-priority is looking down the spanning-tree.
Cost is looking up the spanning-tree.

Port-priority is always done closest to the root.  Port-priority only shows on the switch it is configured on.

Configuring Port Priority

sw1(config-if)#spanning-tree vlan 4,44,52,63 port-priority ?
  <0-240>  port priority in increments of 16

sw1(config)#int fa0/15
sw1(config-if)#spanning-tree vlan 4,44,52,63 port-priority 0
sw1(config-if)#int fa0/14
sw1(config-if)#spanning-tree vlan 4,44,52,63 port-priority 16
sw1(config-if)#int fa0/13
sw1(config-if)#spanning-tree vlan 4,44,52,63 port-priority 32

I would ask the proctor about the priority values.  Should we use the values above?  Should we only alter fa0/15 and fa0/14 and leave fa0/13 alone (default 128)?

sw1(config-if)#do sh sp v 4 | b Inter
Interface        Role Sts Cost      Prio.Nbr Type
—————- —- — ——— ——– ——————————–
Fa0/13           Desg FWD 19         32.15   P2p <-3rd pref
Fa0/14           Desg FWD 19         16.16   P2p <-2nd pref
Fa0/15           Desg FWD 19          0.17   P2p <-1st pref
Fa0/16           Desg FWD 19        128.18   P2p
Fa0/17           Desg FWD 19        128.19   P2p
Po14             Desg FWD 9         128.176  P2p
sw2#sh sp v 4 | b Inter
Interface        Role Sts Cost      Prio.Nbr Type
—————- —- — ——— ——– ——————————–
Fa0/4            Desg FWD 19        128.6    P2p
Fa0/13           Altn BLK 19        128.15   P2p
Fa0/14           Altn BLK 19        128.16   P2p
Fa0/15           Root FWD 19        128.17   P2p

The IE answer used the following:

interface FastEthernet0/13
 switchport mode dynamic desirable
!
interface FastEthernet0/14
 switchport mode dynamic desirable
 spanning-tree vlan 4,44,52,63 port-priority 32
!
interface FastEthernet0/15
 switchport mode dynamic desirable
 spanning-tree vlan 4,44,52,63 port-priority 16

From the answer key:

“There are four variable that affect the root port selection.  These are cost, bridge-ID, port priority, and port-id in that order.”

“To influence which port is elected the root port, the two user configurable values to change are port cost and port priority.  Changing port cost will affect both the local bridge and all downstream bridges.  Changing port priority will only affect the directly connected downstream bridge.”

1.6 Spanning-Tree Protocol

“Configure sw2 so that traffic continues forwarding within THREE seconds if either port fa0/15 or fa0/14 goes down.”
“This should be accomplished while running PVST.” <-default

Understanding UplinkFast
“UplinkFast unblocks the blocked interface on Switch C and transitions it to the forwarding state without going through the listening and learning states.  This change takes approximately 1 to 5 seconds.”

IE even recognizes the 1 to 5 second change time in their answer key:

“This process typically takes three to five seconds, and reduces convergence time considerably.”

Ummmm….so why not change the question to “within 6 seconds”?  :-)

sw2(config)#spanning-tree uplinkfast
sw2(config)#do sh span uplinkfast
UplinkFast is enabled

Station update rate set to 150 packets/sec.

UplinkFast statistics
———————–
Number of transitions via uplinkFast (all VLANs)            : 0
Number of proxy multicast addresses transmitted (all VLANs) : 0

Name                 Interface List
——————– ————————————
VLAN0001             Fa0/13(fwd), Fa0/14, Fa0/15
VLAN0003             Fa0/13(fwd), Fa0/14, Fa0/15
VLAN0004             Fa0/15(fwd), Fa0/13, Fa0/14
VLAN0016             Fa0/6(fwd)
VLAN0029             Fa0/13(fwd), Fa0/14, Fa0/15
VLAN0036             Fa0/6(fwd)
VLAN0044             Fa0/15(fwd), Fa0/13, Fa0/14
VLAN0052             Fa0/15(fwd), Fa0/13, Fa0/14
VLAN0057             Fa0/13(fwd), Fa0/14, Fa0/15
VLAN0063             Fa0/15(fwd), Fa0/13, Fa0/14

1.7 Switch Mangement

As a lab strategy, you can skip this task and do it later.  I managed to complete it by simply looking at the “snmp-server” options:

sw1(config)#snmp-server ? [some output truncated]
  chassis-id        String to uniquely identify this chassis
  community         Enable SNMP; set community string and access privs
  contact           Text for mib object sysContact
  location          Text for mib object sysLocation
  trap              SNMP trap options

sw1(config)#do sh run | i snmp-server
snmp-server community CISCORO RO
snmp-server community CISCORW RW
snmp-server location San Jose, CA US
snmp-server contact CCIE Lab SW1
snmp-server chassis-id 221-787878
snmp-server enable traps vtp
snmp-server host 136.1.2.100 traps CISCOTRAP vtp

Implicit in this question is that you should ONLY allow the SNMP server (136.1.2.100) to manage the router.  I forgot to create an ACL to filter out other devices:

sw1(config)#access-li 69 permit 136.1.2.100
sw1(config)#snmp-server community CISCORO RO 69
sw1(config)#snmp-server community CISCORW RW 69

[Lab Breakdown states that you could leave off the ACL and still get the points.  This is another "ask the proctor" issue.]

Verification:

sw1#sh snmp
Chassis: 221-787878
Contact: CCIE Lab SW1
Location: San Jose, CA US
—Output Truncated—

SNMP logging: enabled
    Logging to 136.1.2.100.162, 0/10, 0 sent, 0 dropped.
SNMP agent enabled

1.8 Link Aggregation

An easy task to end the section.  Just remember to watch the order of operations when configuring L3 EtherChannels.

Configuring Layer 3 EtherChannels

IE anwswer guide has typo (sw1 and sw2 rather than sw3 and sw4).  I also don’t understand why they require “channel-protocol pagp” under the port-channel interfaces???  That issue is discussed in the IE forums:

LAB 3 Task 1.8

[Lab Breakdown doesn't mention this either.  I think that it's a typo/default]

December 11, 2007

Internetwork Expert Volume II: Lab 2 – Wrap Up

General lab suggestions:

1)  When reading tasks keep an eye out for characteristics that will determine which method you use.  One of the CCIE mantras is “If there are two ways to do something, you had better know all three ways.” :-)  Look for words or phases that describe differences between methods.  For instance, if you are asked to configure a trunk that encapsulates frames, you’re talking about ISL.  If you are asked not to tag frames on VLAN x, then your talking about dot1q (with VLAN x configured as a native VLAN).

2)  Know the default characteristics of the technologies.  These are easy points that can lead you on a wild goose chase if you don’t know that what the task is asking is already included in your solution.  For instance, if you have configured an EtherChannel and are tasked with “Load balance based on the source-MAC address of the incoming packet.”, you should know that this is the default for etherChannels (you should also know how to verify this with “show etherchannel load-balance“).  If you don’t, you will waste time searching for a method to configure this instead of just smiling and moving on to the next task.

3)  Know the DOC.  If you run across a technology that you’re not 100% sure how to configure or one that you don’t know; you’re going to need to rely on the DOC to get those points.  I’m still not very good at finding things in the DOC (it took me forever to find the PPP documentation).  One thing that I am doing is going back over the lab and finding the appropriate DOC document for each task, regardless of whether I know the technology or not.  Consider this a practice exam to test you DOC skills.

4)  If you’re not doing the practice lab as a mock lab, then don’t worry about the time.  If you want to record your overall time, then that is fine.  But don’t worry about time.  Especially if these are your first practice labs.  I started noting my start and end times for each section in order to see which ones took me the most time so that I could develop methods to cut down that time.  That was the wrong way to go; save it for your timed, mock labs.  I don’t know if I have a “competitive chip”, but soon I was trying to speed through the easy tasks and (especially) the verification commands to get a better time.  This was stupid and led to a couple of stupid mistakes.  Get your basics down and verify your configurations.  You’ll have plenty of time to work on your speed.

5)  I initially balked at Ethan Bank’s suggestion of writing your configurations in notepad and then pasting them into the routers.  I have since come to embrace this.  I don’t do this for all tasks, but for tasks like “Configure the Frame Relay links on routers 1 – 6 in OSPF area 0, then advertise each router’s lo0 in area 1.” you can save a lot of time and potential errors with this method because the configurations are going to be very similar.  I would configure r1 on the router so that IOS could “spell check” me and then take that configuration and paste it into notepad.  I would then make the minor tweaks for each device, then paste the configurations into the devices.

Internetwork Expert Volume II Lab 2 Posts:

Lab 2 – Difficulty 6

Internetwork Expert Volume II: Lab 2 – Section 1
Internetwork Expert Volume II: Lab 2 – Section 2
Internetwork Expert Volume II: Lab 2 – Section 3
Internetwork Expert Volume II: Lab 2 – Section 4
Internetwork Expert Volume II: Lab 2 – Section 5
Internetwork Expert Volume II: Lab 2 – Section 6
Internetwork Expert Volume II: Lab 2 – Section 7
Internetwork Expert Volume II: Lab 2 – Section 8
Internetwork Expert Volume II: Lab 2 – Section 9
Internetwork Expert Volume II: Lab 2 – Section 10
Internetwork Expert Volume II: Lab 2 – Section 11

December 10, 2007

Quick QoS Tip

If you use the same name for all of your (MQC) QoS elements (class-map, policy-map, service-policy, etc), then you can easily see all of these elements with the section filter:

r3(config-cmap)#do sh run | sec FROM_FTP
class-map match-all FROM_FTP_SERVER
 match access-group name FROM_FTP_SERVER
policy-map FROM_FTP_SERVER
 class FROM_FTP_SERVER
  bandwidth 256
 service-policy output FROM_FTP_SERVER
ip access-list extended FROM_FTP_SERVER
 permit tcp host 132.1.33.33 132.1.6.0 0.0.0.255 eq ftp

« Previous PageNext Page »

The Rubric Theme. Blog at WordPress.com.

Follow

Get every new post delivered to your Inbox.

Join 114 other followers