CCIE Pursuit Blog

June 28, 2007

Catalyst 6500 On The CCIE Lab???

Filed under: Lab Tips — cciepursuit @ 10:50 pm

Rumor?  Follow the debate on the GroupStudy thread:

Rumor mill time – Cat 6500 on R&S lab exam?

Some of the responses:

“Not sure of the point of that in the R&S lab…. Really don’t see them starting to test on the service modules on the 6500 in the R&S.  And, in many cases the 3560 has greater feature velocity.  So, it would cost the CCIE program more money, a more rack space, but doesn’t really give them many more test topics.” – Mike Kraus

“Actually i hope they do that, because that would be the closest thing to the real world. No matter where you go these days, you see at least one 6500 series up and running. I think it would benefit the program. You may see a 3560 here and there, but you will definitely see a lot of firms having 6500 series. To be honest i typically see a mixture of 4000/4500 and a 6500 in a collapsed core design.” – Narbik Kocharians

“So you think it helps the value of the CCIE that it can produce a CCIE that knows NOTHING about a 6500? What is cisco’s top product? What are you considered if you are a CCIE. Doesn’t mesh in my mind. Totally disagree.” – Jason Plank

My favorite:

“Nope nope! Cisco has recently faced some severe budget limitations and brought back the 2500s and L2 1900 switches!! :p” – Digital Yemeni

It’s a Psychology Test

Filed under: Lab Tips — cciepursuit @ 10:34 pm

The GroupStudy email list includes quite a few folks who have passed the CCIE lab sharing their experiences and tips.  Here’s one of the more recent ones:

It’s a Psychology Test

I just want to start by saying thank you to everyone on Groupstudy,
the guys over at InternetworkExpert, and all the 50 pound brains at my
old shop.  I passed my R/S lab yesterday and now I don’t know what to
do with myself.  I think I’m in a bit of shock.

It really is all about psychology.  I know everyone always says this,
but I’m a firm believer now.  I went in for my first attempt yesterday
morning, but I’m convinced that the test really started four days ago
when I stopped studying.  I made it a point NOT to study the few days
prior to my test.  It was really hard not to go digging around in the
doc cd or try and do one or two more labs, but that may have been the
best decision I made over the course of my studies.  It REALLY helped
me keep the stress down and get a good nights sleep the night before.
Of course, the wonderful bed at the Residence Inn helped a little on
that part, too.  When I got to the testing facility in the morning at
RTP, I was refreshed and ready to go.

Now for the study stuff.  Dynamips is a godsend.  It can be really
annoying and really buggy.  But for guys on a budget like me, it’s
perfect.  Once you get the kinks worked out, you can lab anything up
in minutes.  I’ll probably keep using it from here on out for quick
testing at work.  The workbooks from InternetworkExpert are wonderful.
Their advanced technology series are a great place to start your
labbing.  The core workbooks are excellent for building your speed.
And their main workbooks are great for building technique and
developing good lab based critical-thinking.  Reading the Doc CD can’t
be stressed enough, either.  Use it as your primary source of
information.  It’s your only asset in the lab, so why not base your
studies off of it?  It helped me a lot when I was unsure of something.
It should only take 15-20 seconds to look something up for
clarification.  Lastly, don’t get overwhelmed.  It’s a lot of
material.  But, it’s not so bad if you break it up.

I guess it’s time to get back to the real world.

Thanks again for all your help.
Blaine Williams, CCIE #18316
Network Architecture Engineer
University of South Carolina

I like the advice about not studying for the last four days.  I doubt that I would have the willpower to avoid studying right before the test though.   It also looks like more people are using Dynamips for lab preparation.  I’ve loaded Dynamips on my laptop at home and on my PC at work so I can do labs (all small-scale labs at this point) without renting a rack or firing up the stack of hardware on my desk.  I’m on board with his recommedation of the Internetwork Expert COD (I just started viewing them and am very impressed).  Blaine’s final point about finding information in the Doc CD is very sound.  I am still fumbling about when using this resource.  I usually use it when trying to find information if I am labbing, but I find myself still using Google most of the time when troubleshooting at work.

LFU2 – Know Your Acronyms

Filed under: Lab Fuck Ups,Switching,VTP — cciepursuit @ 10:01 pm

This one is from my first lab rental.  I was just getting my feet wet with lab rentals (especially use reverse telnet from the access router) and decided to do a couple of old CCNP labs.  I decided to warm up with some simple VTP labs. 

For whatever reason I simply could not get the two switches to exchange VTP information.  I’ll spare you the ugly details, but an hour and a half into my “easy” lab I had exhausted my repertoire of VTP troubleshooting (“sh vtp status”, “sh vtp counters”, “debug debug sw-vlan vtp events”, etc.) and I still could not get the damned switches to exchange VTP information.  The links were up and passing frames.  VTP was configured correctly (same VTP domain, no revision conflicts, etc.).  I could not figure out what I had done wrong.

Finally it dawned on me…what does VTP stand for?  VLAN Trunking Protocol.  Well, I had VLANS.  Did I have trunking?  After a quick “show int trunk” I discovered the reason that my switches weren’t passing VTP information.  My links were up, but they were not trunking.  The reason for this was another misunderstanding on my part.  I assumed (always dangerous) that DTP (Dynamic Trunking Protocol) had hooked me up with trunks between these two 3560s.  Wrong!!!  As I mentioned in an earlier post, the default DTP configuration on the 3560 is “switchport mode dynamic auto”.  A connection between two 3560s will NOT form a trunk by default.  The 3550’s default DTP setting is “switchport mode dynamic desirable” which means that it will from a trunk with another switch unless that other switch’s port is in “switchport mode access” or “switchport nonegotiate”.

Even with my confusion over whether DTP would create the trunks for me automatically, I should have verified that trunking was working very early on in my troubleshooting rather than 1.5 hours later. 😦

Fun With VTP Passwords

Filed under: Home Lab,Switching,Tech Tips,VTP — cciepursuit @ 9:34 pm

As I mentioned earlier, I did a ton of VTP labbing last weekend.  I’ll be posting some of the more interesting/strange results.  A lot of this will not be applicable to the lab, but you may come across some of this in real life.  I’ve never worked on a network that actually ran VTP except for using the domain name to identify LANs for CiscoWorks (all of the switches were in transparent mode).  I’ve never run VTP server/client in a production network and my only experience with that type of setup was during my CCNP studies.  ‘Nuff said, on to my adventures with the VTP password.

1) The VTP password can be set from the privileged exec mode:

sw4#sh vtp pass
The VTP password is not configured.
sw4#vtp pass MYPASSWORD
Setting device VLAN database password to MYPASSWORD
sw4#sh vtp pass
VTP Password: MYPASSWORD

2) It makes sense that the VTP password can be removed from privileged exec mode as well:

sw4#sh vtp password
VTP Password: MYPASSWORD
sw4#no vtp password
Clearing device VLAN database password.
sw4#sh vtp password
The VTP password is not configured.

3) You cannot set a VTP password without first configuring a VTP domain.  This makes sense,  you couldn’t really authenticate another switch if it wasn’t in the same VTP domain:

No VTP domain, no VTP password:
sw4#vtp pass MYPASSWORD
 %The VTP password cannot be set for NULL domain
sw4#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
sw4(config)#vtp domain CISCO
Changing VTP domain name from NULL to CISCO
sw4(config)#^Z
*Mar  1 12:58:08: %SYS-5-CONFIG_I: Configured from console by console

We can set the VTP password after setting the VTP domain 
sw4#vtp pass MYPASSWORD
Setting device VLAN database password to MYPASSWORD
sw4#sh vtp password
VTP Password: MYPASSWORD

4) The MD5 hash of a null (default) password and a cleared (“no vtp password”) VTP password are different:

Default switch VTP status:
sw4#sh vtp statu
VTP Version                     : 2
Configuration Revision          : 0
Maximum VLANs supported locally : 1005
Number of existing VLANs        : 5
VTP Operating Mode              : Server
VTP Domain Name                 :
VTP Pruning Mode                : Disabled
VTP V2 Mode                     : Disabled
VTP Traps Generation            : Disabled
MD5 digest                      : 0x57 0xCD 0x40 0x65 0x63 0x59 0x47 0xBD
Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00
Local updater ID is 0.0.0.0 (no valid interface found)

VTP status after VTP password cleared (“no vtp pass”):
sw4#sh vtp status
VTP Version                     : 2
Configuration Revision          : 0
Maximum VLANs supported locally : 1005
Number of existing VLANs        : 5
VTP Operating Mode              : Server
VTP Domain Name                 : CISCO
VTP Pruning Mode                : Disabled
VTP V2 Mode                     : Disabled
VTP Traps Generation            : Disabled
MD5 digest                      : 0xD3 0x78 0x41 0xC8 0x35 0x56 0x89 0x97
Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00
Local updater ID is 0.0.0.0 (no valid interface found)

MD5 digest(default)                      : 0x57 0xCD 0x40 0x65 0x63 0x59 0x47 0xBD
MD5 digest(password cleared)    : 0xD3 0x78 0x41 0xC8 0x35 0x56 0x89 0x97

I think that the reason for this is that the switch uses the VTP domain name in its calculation of the VTP MD5 hash.  I think a way to prove this would be to set up two (default) switches in different VTP domains with the same password and then compare the MD5 hashes.  I’ll try this tomorrow and drop the results into this entry.

Update: I was right about the MD5 hash using the VTP domain name in its calculation.

5) This one is obvious from the above entries, but anyone in privileged exec mode can see the VTP password with “show vtp password” command.  Since a switch in VTP server or client mode does not keep the VTP configuration in the running-configuration (more on that later), this is the only way to verify the VTP password on switches running in those VTP modes (switches in VTP transparent mode will show the VTP configuration in the running-configuration)

Cisco Documentation:

Configuring VTP

Create a free website or blog at WordPress.com.