CCIE Pursuit Blog

January 27, 2008

Internetwork Expert Volume III: Lab 4 – Section 4

Interior Gateway Routing – 27 Points

4.1 Bridging

“Disable ip routing on r6″

r6(config)#no ip routing

“Bridge IP between the Frame Relay and Ethernet segments on r6″

That explains why fa0/0 does not have an IP address configured. :-)

After this task, I can finally ping bb1:

r6#p 54.1.10.254

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 54.1.10.254, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5),
round-trip min/avg/max = 100/286/1032 ms

4.2 Bridging

This task confused the crap out of me.  My bridging skills are pretty poor.

“Configure the IP address of 54.1.10.6/24 on r6.”

Ummmm….that’s already configured as the IP address of the Frame connection to bb1.  I guess that we’re going to use the same IP address for fa0/0 as well.

“r6 should have reachability to any address of the 54.1.10.0/24 subnet.”
“Don’t use IRB for this task.”

No IRB.  CRB?  Actually, the IE solution doesn’t use IRB or CRB.  The last two subtasks are basically red herrings.  I will need to review bridging.

r6#sh bridge 1 group

Bridge Group 1 is running the IEEE compatible Spanning Tree protocol

   Port 4 (FastEthernet0/0) of bridge group 1 is forwarding
   Port 11 (Serial0/0.1 Frame Relay) of bridge group 1 is forwarding

r6#sh ip int br | i 54.1.10.6
FastEthernet0/0            54.1.10.6       YES manual up                    up
Serial0/0.1                54.1.10.6       YES manual up                    up

r6#p 54.1.10.254

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 54.1.10.254, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5),
round-trip min/avg/max = 48/89/100 ms

r6#p 54.1.10.100

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 54.1.10.100, timeout is 2 seconds:
…..
Success rate is 0 percent (0/5)

I can’t ping r4 but I can ping bb1.  This poster has the opposite problem:

Task 4.2 can not ping 54.1.10.254

r6#sh cdp neigh
Capability Codes: R – Router, T – Trans Bridge, B – Source Route Bridge
                  S – Switch, H – Host, I – IGMP, r – Repeater

Device ID        Local Intrfce     Holdtme    Capability  Platform  Port ID
BB1              Ser 0/0.1          147       R T S I     2821      Ser 0/0/0:0.401
sw2              Fas 0/0            174         S I       WS-C3560- Fas 0/6
r6#

sw2#sh run int fa0/6
interface FastEthernet0/6 <-that’s a minimal configuration :-)
end

How did I miss this?????  Because the port on r6 was initially shut down so I didn’t see it with “show cdp neighbor” on sw2.  Arrgh!!!  I need vlan 46 assigned to this port.

sw2(config)#int fa0/6
sw2(config-if)#swit acc vl 46

r6#p 54.1.10.100

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 54.1.10.100, timeout is 2 seconds:
!!!!!

I guess that I can take solace in the fact that I was able to find my mistake.  I just barely missed going down a deep rabbit hole chasing bridging options.

4.3 RIPv2

I initially thought that there was an error in the IE lab because although r6 was shown as running RIP on the protocol diagram, there was no mention of r6 in the task.  That’s because r6 is bridging the 54.1.10.0/24 network.  I turned off ip routing in task 4.1 so I wouldn’t be able to configure RIP on r6:

r6(config)#router rip
IP routing not enabled

This means that we should be able to see the routes from bb1(54.1.10.254) on r4:

r4#sh ip route rip | i 54.1.10.254
R    212.18.1.0/24 [120/1] via 54.1.10.254, 00:00:12, FastEthernet0/0
R    212.18.0.0/24 [120/1] via 54.1.10.254, 00:00:12, FastEthernet0/0
R    212.18.3.0/24 [120/1] via 54.1.10.254, 00:00:12, FastEthernet0/0
R    212.18.2.0/24 [120/1] via 54.1.10.254, 00:00:12, FastEthernet0/0

4.4 Network Redundancy

backup interface

Hmmmm….this is the reason for the point-to-point subinterface on r4 back in task 3.2

r4#sh ip int br | i Serial
Serial0/0                  unassigned      YES NVRAM  up                    up
Serial0/0.1                unassigned      YES unset  up                    up
Serial0/1                  152.1.54.4      YES NVRAM  standby mode          down

r4#sh backup
Primary Interface   Secondary Interface   Status
—————–   ——————-   ——
Serial0/0.1         Serial0/1             normal operation

4.5 EIGRP

Basic.

4.6  OSPF

“Use the OSPF network type that was specifically designed to handle issues with routers on the same logical IP subnet not having direct communication with each other.”

Remember that we have a multipoint subinterface on the hub (r3) and point-to-point subinterfaces on the hubs (r1 and r2).  The task calls for the point-to-multipoint OSPF network type.

r3#sh ip os nei

Neighbor ID     Pri   State           Dead Time   Address         Interface
150.1.2.2         0   FULL/  -        00:01:49    152.1.123.2     Serial0/0:0.1
150.1.1.1         0   FULL/  -        00:01:54    152.1.123.1     Serial0/0:0.1

r3#sh ip route os
     152.1.0.0/16 is variably subnetted, 5 subnets, 2 masks
O       152.1.123.2/32 [110/65] via 152.1.123.2, 00:00:07, Serial0/0:0.1
O       152.1.123.1/32 [110/65] via 152.1.123.1, 00:00:07, Serial0/0:0.1

4.7 OSPF

Basic

4.8 OSPF

In this task you need to advertise the loopbacks on r1 and r2 into area 0.  But r1 and r2 are not in area 0.  Time for a couple of virtual circuits.

4.9 OSPF Loopback Advertisement

“Advertise the Loopback0 networks of r3 and sw1 into OSPF.”
“These networks should appear in each other routing tables as intra-area routes.”

Since I’m not told which area to advertise the loopbacks into, can’t I just make this simple by advertising both loopbacks into area 37?  Answer: YES!

sw1#sh ip route | i 150.1.3.
O       150.1.3.3/32 [110/2] via 152.1.37.3, 00:00:37, Vlan37

r3#sh ip route | i 150.1.7.
O       150.1.7.7/32 [110/2] via 152.1.37.7, 00:00:00, FastEthernet0/0

4.10 IGP Redistribution

Four points of mutual redistribution.  Ugh.  The first two points are no worry (discontiguous RIP).  The other two are dangerous though.  I’ll work on those in task 4.11

4.11 Redistribution Loop Prevention

“Ensure that EIGRP extenal routes that are redistributed into OSPF on r1 and r2 do not get redistributed back into EIGRP.”
“Use AD to accomplish this.”

Here is a (simplified) view of the the two network redistribution points on r1 and r2:
                         ————(D)r1(O)———–
r4(R<->D)—r5(D)                                     (O)r3—(O<->R)sw1
                         ————(D)r2(O)———–
If we do mutual redistribution between EIGRP and OSPF on r1 and r2 we’re going to have problems with D EX routes (AD of 170) being reflected back into the EIGRP domain.  We’re given the method for preventing this.

I missed an issue on sw1 though:

Task 4.11 Redist Loop Prevention

You need to change the RIP distance or SW1 sees the routes learnt from BB3 as OSPF external routes which it uses over the correct RIP routes. if you check the routing table on SW1, the next hop for all the BB3 subnets is R3. This is resolved by changing the AD [router rip - distance 109].

Internetwork Expert Volume III: Lab 4 – Section 3

WAN Technologies – 11 Points

3.1 Hub and Spoke

For some reason I could not get my Frame Relay hub-and-spoke network to come up.  I quick look at the configuration showed the problem.  This is the fourth initial configuration error:

r3 – Hub:
interface Serial0/0:0
 no ip address
 encapsulation frame-relay
 frame-relay lmi-type ansi <- from initial configuration
interface Serial0/0:0.1 multipoint
 ip address 152.1.123.3 255.255.255.0
 frame-relay map ip 152.1.123.1 301 broadcast
 frame-relay map ip 152.1.123.2 302 broadcast

r3#sh frame lmi | i TYPE
LMI Statistics for interface Serial0/0:0 (Frame Relay DTE) LMI TYPE = ANSI

r2 – Spoke:
r2#sh run | sec Serial0/0/0
interface Serial0/0/0
 no ip address
 encapsulation frame-relay
interface Serial0/0/0.1 point-to-point
 ip address 152.1.123.2 255.255.255.0
 frame-relay interface-dlci 203

r2#sh frame lmi | i TYPE
LMI Statistics for interface Serial0/0/0 (Frame Relay DTE) LMI TYPE = CISCO

r1 – Spoke
r1#sh run | sec Serial0/0
interface Serial0/0
 no ip address
 encapsulation frame-relay IETF
 frame-relay lmi-type cisco <- from initial configuration
interface Serial0/0.1 point-to-point
 ip address 152.1.123.1 255.255.255.0
 frame-relay interface-dlci 103

r1#sh frame lmi | i TYPE
LMI Statistics for interface Serial0/0 (Frame Relay DTE) LMI TYPE = CISCO

I set the LMI type on r3 to cisco (default) as that’s what my Frame Relay switch is running.

frame-relay lmi-type

r3(config-if)#frame lmi-type ?
 cisco
  ansi
  q933a

Nicely played IE.  :-)

task 3.1 : lmi type missing in SG?

3.2 PPPoFR

Crap.  This is another of those subjects that I am weak in.  Luckilly, the IE blog had a recent post that gives a very good overview of how to configure PPPoFR:

Understanding PPP over Frame Relay (PPPoFR)

frame-relay interface-dlci

interface virtual-template

This was actually a very easy configuration as the task did not require PPP authentication.

r4(config)#int virtual-template1
r4(config-if)#ip address 152.1.45.4 255.255.255.0
r4(config-if)#int s0/0
r4(config-if)#frame interface-dlci 405 ?
  ppp       Use RFC1973 Encapsulation to support PPP over FR
  switched  Define a switched DLCI
  <cr>

r4(config-if)#frame interface-dlci 405 ppp ?
  Virtual-Template  Virtual Template interface

r4(config-if)#frame interface-dlci 405 ppp virtual-Template ?
  <1-200>  Virtual-Template interface number

r4(config-if)#frame interface-dlci 405 ppp virtual-Template 1 ?
  <cr>

r4(config-if)#frame interface-dlci 405 ppp virtual-Template 1

r4#show interface virtual-template1
Virtual-Template1 is down, line protocol is down <-expected behavior

  Hardware is Virtual Template interface
  Internet address is 152.1.45.4/24
  MTU 1500 bytes, BW 100000 Kbit, DLY 100000 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation PPP, LCP Closed, loopback not set
  Keepalive set (10 sec)
  DTR is pulsed for 5 seconds on reset
  Last input never, output never, output hang never
  Last clearing of “show interface” counters 00:14:45
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     0 packets input, 0 bytes, 0 no buffer
     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     0 packets output, 0 bytes, 0 underruns
     0 output errors, 0 collisions, 0 interface resets
     0 output buffer failures, 0 output buffers swapped out
     0 carrier transitions

r4#sh int virtual-access1
Virtual-Access1 is up, line protocol is up
 
  Hardware is Virtual Access interface
  Internet address is 152.1.45.4/24
  MTU 1500 bytes, BW 100000 Kbit, DLY 100000 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation PPP, LCP Open
  Open: IPCP
  PPPoFR vaccess, cloned from Virtual-Template1
  Vaccess status 0×44
  Bound to Serial0/0 DLCI 405, Cloned from Virtual-Template1, loopback not set
  Keepalive set (10 sec)
  DTR is pulsed for 5 seconds on reset
  Last input 00:00:02, output never, output hang never
  Last clearing of “show interface” counters 00:03:54
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 2000 bits/sec, 2 packets/sec
  5 minute output rate 2000 bits/sec, 2 packets/sec
     153 packets input, 151680 bytes, 0 no buffer
     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     157 packets output, 151616 bytes, 0 underruns
     0 output errors, 0 collisions, 0 interface resets
     0 output buffer failures, 0 output buffers swapped out
     0 carrier transitions

r4#p 152.1.45.5

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 152.1.45.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5),
round-trip min/avg/max = 4/6/8 ms

r4#sh ip route 152.1.45.5
Routing entry for 152.1.45.5/32
  Known via “connected”, distance 0, metric 0 (connected, via interface)
  Routing Descriptor Blocks:
  * directly connected, via Virtual-Access2
      Route metric is 0, traffic share count is 1

Do the same on r5 (different IP address and DLCI obviously) et voila!

The IE solution show that they used a point-to-point subinterface on r4 (no idea why) but not on r5 for this task.  Again, no idea why?

3.3 Point-To-Point

Basic….except that I expected to be able to ping bb1 (54.1.10.254) after this step.  I’ll need to wait until I do some bridging in section 4.

Task 3.3

3.4 PPP

Basic.

3.5 PPP Authentication

Easy task because you are asked to authenticate each other using a hash (CHAP).
 

January 26, 2008

Internetwork Expert Volume III: Lab 4 – Section 2

Bridging and Switching – 9 Points

2.1 Trunking

Speed tip -Use ‘interface range’ to configure multiple, non-contiguous interfaces at one time:

sw3(config)#int range fa0/13, fa0/16, fa0/17, fa0/19, fa0/21

sw4(config-if-range)#do sh int trunk

Port        Mode         Encapsulation  Status        Native vlan
Fa0/13      desirable    n-isl          trunking      1
Fa0/14      desirable    n-isl          trunking      1
Fa0/15      desirable    n-isl          trunking      1
Fa0/16      desirable    n-isl          trunking      1
Fa0/17      desirable    n-isl          trunking      1
Fa0/18      desirable    n-isl          trunking      1
Fa0/19      on           802.1q         trunking       1
Fa0/20      desirable    n-isl          trunking      1
Fa0/21      on           802.1q         trunking       1 

The eternal question: to shut or not to shut the dynamically negotiated trunks?  Since the  IE solution does not show these trunks in the “show int trunk” output I went ahead and shut them down (on one side at least).

2.2 Etherchannel

WTF?

sw3(config-if-range)#channel-group 23 mode active
% Interface range command failed for FastEthernet0/17

00:55:00: %EC-5-ERRPROT: Channel protocol mismatch for interface Fa0/17 in group 23: the interface can not be added to the channel group

sw3(config-if-range)#do sh run int fa0/17
interface FastEthernet0/17
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 125
 switchport mode trunk
 switchport nonegotiate
 channel-protocol pagp  <-where did that come from?

sw3(config-if-range)#do sh start | b 0/17
interface FastEthernet0/17
 switchport mode dynamic desirable
 channel-protocol pagp

Yet another initial config error.

task 2.2 : command is missing in SG

Fix:

sw3(config-if-range)#int fa0/17
sw3(config-if)#no channel-protocol pagp
sw3(config-if)#channel-g 23 mode active

sw3(config-if)#do sh eth sum | b Group
Group  Port-channel  Protocol    Ports
——+————-+———–+———————————————–
23     Po23(SU)        LACP      Fa0/16(P)   Fa0/17(P)

2.3 VTP

“Configure the VTP domain CCIE on all four switches.”

Should I put only one of the switches in VTP Server mode?  sw3 would be the obvious candidate to be the VTP server.  I did that.  IE did not.  They left all switches as VTP servers.

“Configure VLAN assignments per the diagram”

Crap! I usually miss some VLANs when I do this.  This time was no exception.

“Filter traffic on the 802.1q trunk links so that only necessary VLAN traffic is sent over them.”

Easy enough…vtp pruning.  BUT if you are told not to shut down the dynamically negotiated trunks then those trunks will negotiate to ISL by default.  This would make this task a lot more difficult and time-consuming because VTP pruning cannot be enabled for dot1q encapsulation and not ISL or vice versa.

IE solution did not use VTP pruning.  They explicitly configured that allowed VLANs on each trunk. This might be a result of the the “802.1q trunk links” verbiage – VTP pruning would work – but on all trunks regardless of the encapsulation type used.  Pretty tricky putting this task under the VTP section.  :-)

Task 2.3, VTP

vtp (global configuration)

Follow these guidelines when setting VTP pruning:

•VTP pruning removes information about each pruning-eligible VLAN from VTP updates if there are no stations belonging to that VLAN.

If you enable pruning on the VTP server, it is enabled for the entire management domain for VLAN IDs 1 to 1005.

•Only VLANs in the pruning-eligible list can be pruned.

•Pruning is supported with VTP Version 1 and Version 2.

VTP Pruning with ISL trunk:

sw1(config-if)#do sh vtp status | i run
VTP Pruning Mode                : Enabled
sw1(config-if)#do sh int trunk

Port        Mode         Encapsulation  Status        Native vlan
Fa0/16      on           isl            trunking      1

Port        Vlans allowed on trunk
Fa0/16      1-4094

Port        Vlans allowed and active in management domain
Fa0/16      1,3-5,37,46,72-73,125

Port        Vlans in spanning tree forwarding state and not pruned
Fa0/16      1,3-5,46,72-73,125

VTP Pruning with dot1 q trunk: 

sw1(config-if)#do sh vtp stat | i run
VTP Pruning Mode                : Enabled
sw1(config-if)#do sh int trunk

Port        Mode         Encapsulation  Status        Native vlan
Fa0/16      on           802.1q         trunking      125

Port        Vlans allowed on trunk
Fa0/16      1-4094

Port        Vlans allowed and active in management domain
Fa0/16      1,3-5,37,46,72-73,125

Port        Vlans in spanning tree forwarding state and not pruned
Fa0/16      1,3-5,46,72-73,125
sw1, 2, 4

Hmmmm…..can’t ping bb2 from sw1 (VLAN 72):

sw1(config-if)#do p 192.10.1.254

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.10.1.254, timeout is 2 seconds:
…..
Success rate is 0 percent (0/5)

Route: sw1 fa0/16 (trunk) -> (trunk) fa0/13 sw3 po23 (trunk) -> (trunk) po23 sw2 int fa0/24 (vlan 72) -> (vlan 72) gi1/0/1 bb2

Start at last hop before bb2:

sw2#sh int fa0/24 status

Port      Name               Status       Vlan       Duplex  Speed Type
Fa0/24                       notconnect   72           auto   auto 10/100BaseTX 

Problem = dead port on my bb2 router (actually 3750 switch.  ARGGH!!!!

Shut/no shut fixed it…..weird!!!

sw1#ping 192.10.1.254

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.10.1.254, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5),
round-trip min/avg/max = 1/202/1006 ms

Internetwork Expert Volume III: Lab 4 – Section 1

Troubleshooting – 2 Points

There are supposedly two faults in the initial configurations.  There are at least four faults and as many as six – depending on how you count them.  I’ll just list the two (I counted this as four because there were four misaddressed IP addresses) that IE shows in the solution guide.  I will point out the other two in the sections that I discovered them.

1) VLAN 3 is configured with the wrong subnet (sw3 and r3)

r3#sh ip int br | i net0/1
Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0/1            152.1.39.3      YES manual up                    up

r3(config)#int fa0/1
r3(config-if)#ip add 152.1.3.3 255.255.255.0

sw3#sh ip int br | e ass
Interface              IP-Address      OK? Method Status                Protocol
Vlan39                 152.1.39.9      YES manual down                  down

sw3(config)#no int vlan39
sw3(config)#no vlan39
sw3(config)#vlan 3
sw3(config)#int vlan 3
sw3(config-if)#ip add 152.1.3.9 255.255.255.0

2) VLAN 5 is configured with the wrong subnet (sw4 and r5)

r5#sh ip int br | i net0/1
FastEthernet0/1            152.1.105.5     YES manual up                    up

r5(config)#int fa0/1
r5(config-if)#ip add 152.1.5.5 255.255.255.0

sw4#sh ip int br | e ass
Interface              IP-Address      OK? Method Status                Protocol
Vlan105                152.1.105.10    YES manual down                  down

sw3(config)#no int vlan105
sw3(config)#no vlan 105
sw3(config)#vlan 5
sw3(config)#int vlan 5
sw3(config-if)#ip add 152.1.3.9 255.255.255.0

January 25, 2008

Internetwork Expert Blog: Highlights From Cisco’s Recent Ask The Expert Session

I missed this blog entry when it was intially posted.  Wow!  This is full of great information about the Routing and Switching CCIE Lab [emphasis mine]:

The “Ask the Expert” sessions are open question and answer sessions with the an actual CCIE lab proctor. The excerpts below were taken from the most recent session.

In regards to security topics on the exam:
The security topics listed below are defined by the R&S lab blueprint and make up about 6-8% of the exam:

1. AAA
2. Security server protocols
3. Traffic filtering and firewalls
4. Access lists
5. Routing protocols security, catalyst security
6. CBAC
7. Other security features

In regards to IP Services topics on the exam:
Cisco is not testing Mobile IP. VRRP and GLBP will fall under IP/IOS Features. The total points for this section are around 8 points which includes all other content.

In regards to DVMRP on the lab:
Learn the basics of DVMRP as this topic is not explored in depth on the exam.

In regards to adding extra configurations and aliases:
You are not penalized for adding extra configurations as long as this will not break a specific restriction. Aliases don’t need to removed if they do not interfere with accessing the device when the exam is over.

In regards to the cabling of the network and diagrams:
The physical connections are pre-cabled so you don’t need to touch them. In some lab locations the racks are remote so you will not even see them. If you suspect you have a physical problem, ask the proctor to verify it for you. The lab document has L1/L2 diagrams for the physical connectivity as well as an IP or topology diagram and an IP Routing diagram.

In regards to any upcoming lab changes:
There are currently no expected changes regarding the CCIE R&S lab exam. Both the lab blueprint and hardware specifications are expected to stay the same for the next year. Any changes will be announced 5 to 6 months in advance.

In regards to how points are awarded in the exam:
You are marked down points for incorrect questions, not for entire sections. Suppose you have 4 questions within the QoS section with point totals of 2, 2, 2, and 3 for a total of 9 points. If you get the first 3 correct for this section you would receive 6 points or around a 66% for that section.

What items are allowed or not allowed in the lab environment?
All personal items must be removed from your person before entering the lab environment, but make sure to bring your identification, as it will be required to register at the reception area prior to the exam. Pen, pencils, scratch papers, etc will be available for you at the lab location. Food and drinks are generally not allowed, unless they are pre-approved by the proctor.

What types of questions may be asked of the proctor?
You can ask any question that you feel you need clarification on. Proctors are there to help you understand the questions and requirements presented by the test material.

What will happen if tasks within the test conflict with another section of the exam?
If you find that you must configure a device in a way that would affect a previous task restriction, make sure to bring up your concern with the proctor, who will be able to advise you regarding the situation.

—Read The Rest Here—

January 24, 2008

Internetwork Expert Blog: Three Flavors Of Traffic Shaping

The Internetwork Expert Blog has three posts covering different ways to configure traffic-shaping.  This is a topic that you must master for the lab.  You’ll need to be familiar with each of the different versions in case they eliminate one or more methods in the task.

Frame-Relay Traffic Shaping with GTS (Generic Traffic Shaping)

Legacy Frame-Relay Traffic Shaping

MQC-based Frame-Relay Traffic-Shaping

IPexpert: Free IPexpert vLecture Today – Layer 2 Tunneling Techniques

I completely forgot about IPexpert’s series of free vLectures.  They have been running one free vLecture per week since the beginning of the year.  I will be viewing today’s lecture (as much as I can while at work).  Here is the remaining schedule of vLectures:

Jan 31 3:00 PM EST  Online 
Instructor: Marvin Greenlee
Topic: DMVPN
Track: Security

Feb 07 3:00 PM EST  Online 
Instructor: Marvin Greenlee
Topic: Basic Multicast Design/Operations
Track: R&S

Feb 12 3:00 PM EST  Online 
Instructor: Vik Malhi
Topic: CUE
Track: Voice

Feb 28 3:00 PM EST  Online 
Instructor: Mark Snow
Topic: IPSec Basics
Track: Security

Mar 13 3:00 PM EST  Online 
Instructor: Scott Morris
Topic: Spanning-Tree
Track: R&S

Mar 20 3:00 PM EST  Online 
Instructor: Marvin Greenlee
Topic: IPv6
Track: R&S

Mar 27 3:00 PM EST  Online 
Instructor: Vik Malhi
Topic: SRST
Track: Voice

January 23, 2008

Network Device Naming Conventions

Filed under: Cisco,Personal,Work — cciepursuit @ 8:09 pm
Tags: , ,

I stumbed across this posting by Michael Morris concerning naming conventions:

When I started working on global enterprise networks it got much more interesting. Now you had thousands of routers at hundreds of sites in different rooms and closets/IDFs in all parts of the world. Now naming conventions became very important. A very large bank network I worked on was terrible: 5,000 routers with a cryptic naming convention that was (1) hard to understand and (2) not well followed. Adding to the problem was the city name of the router was often not an actual city. It was a name the bank liked to refer to the site as. Good luck trying to remember all those names. The rest of the name had some good points, but also several bad ones. It was not something I enjoyed.

The government network I worked on was minimalist. It was [city]-r1. For example, BUF-R1. Really boring and really useless. Some small company networks like to be cute and name devices after beer brands or rock bands or cartoon characters. That starts to fail quickly when the small company gets just a tad larger.

—Read The Rest Here—

My previous job was supporting an international WAN with over 3000 routers.  Not only did we have a ton of routers, but nearly 30 separate business divisions -  each of which had their own naming convention.  To add even more fun, most of the router “hostnames” were not the same as their FQDN names.  We kept a database with circuit IDs mapped to router names.  Of course, there were many deleted circuits and typos in the database.  This always made it fun when a vendor called to report a circuit down and we could not find out which device it terminated on.  Not to mention all of the tiny sites that we supported that shared a city name with a more famous, larger city.  A router named “miami” goes down and you start looking at Florida…wrong!  It’s in Miami, Oklahoma.  We had three Pittsburgh sites – none of which were in Pennsylvania.  And (as Michael Morris mentioned) there were a bunch of places (including our corporate headquarters) that were referred to by any number of local cities.  This lead to a lot of lost “support cycles” just trying to narrow down what device was being affected. 

My current job supports a uniform naming convention and it is an absolute joy to work with.  There are still the occasional anomalies, but it’s infinitely better than the mess I came from.  Our naming convention is similar to the one mention in Michael Morris’ post.  We have unique five-character real estate codes.  Prepended to that is a code for the device type.  At the end is the floor and IDF that the device is located in.  Very little time is lost trying to determine where a device is located.

I’m sure that there are a number of readers who do/did server support and have MUCH worse naming stories.  :-)

Cisco Certified Design Expert (CCDE) Goes Live

I received an email from Cisco today stating that the CCDE program has gone live [emphasis mine]:

Recognizing the Sr. Level Network Designer

Introducing Cisco Certified Design Expert (CCDE) Certification
Responding to strong customer demand to assess and recognize Sr. Level Network Architecture skills in the market, Cisco is introducing a new premiere knowledge based certification focused on Network Infrastructure Design. – The Cisco Certified Design Expert (CCDE). The CCDE is an expert-level certification with content emphasis on expertise in network architecture, which is the capstone for Cisco’s design curriculum. In addition, passing the CCDE certification demands competencies of an experienced, seasoned, networking professional with a proven ability to interface with customers at the executive-level to ensure that business requirements are incorporated into successful designs.
 
What is a CCDE?
The successful CCDE-certified individual must have a demonstrated an ability to analyze and develop solutions which address planning, design, integration, optimization, operations, security and on-going support focused at the infrastructure of large 1000+ node customer networks. 
 
The CCDE certification recognizes those with expert-level knowledge and skills in Infrastructure Design. The CCDE program is parallel to the CCIE program in terms of the expertise required and certification exam difficulty. It emphasizes network design principles and architectural theory of the network infrastructure and recognizes designers with the knowledge to assess network business requirements and translate them into technical specifications for successful designs.
 
Why Cisco Created the CCDE Program
Cisco created the CCDE program to respond to market demand in recognizing existing senior-level Network Designers and Architects while simultaneously providing senior Operations Engineers and Support Engineers with a validated professional development path into an Architectural role.

Cisco has found that organizations employing strong Network Designers and Architects consistently develop networks that are easier to maintain and troubleshoot. Properly executed, a well-designed network infrastructure aligned with a network-centric corporate business strategy leads to greater levels of efficiency and effectiveness – as well as potential competitive advantages like increased up-time, easier troubleshooting, increased performance, and simpler enhancements.
 
What are the exam requirements to attain CCDE?
To attain a CCDE certification a candidate will be tasked with passing two exams; a Qualification Exam, and a Practical exam.
Similar to the CCIE program, there are no prerequisites to taking the Qualification exam and it is a 2 hour multiple-choice exam available at any worldwide Pearson VUE testing center. The Qualification exam, (ADVDESIGN) 352-001, assesses fundamental knowledge of networking theories, principles, protocols and technology.
 
Visit the CCDE program site for more details regarding the Qualification Exam (www.cisco.com/go/ccde)
 
The second exam, the practical exam, is still currently in development.  It will be an eight-hour, practical scenario-based exam available in late 2008.Bookmark the CCDE programs page as more details are expected to follow as the development team progresses.
 
The qualification exam is now available at Pearson VUE testing facilities worldwide.

More questions? Access the latest information on CCDE at www.cisco.com/go/ccde.

There has been a lot of speculation about this certification since Networkers.  I initially heard that the second step to qualification would be for sponsored candidates to go before a board and pitch/defend a network design.  It looks that has been scrapped in favor of an exam more in line with the CCIE lab.  We’ll need to wait until the end of the year to find out for sure though.

How long before we start seeing Monster posting requiring CCDE certification?   :-)

January 22, 2008

Status Update: 14 – 20 January

Last week was a pretty good week.  I redid a couple of labs and watched a couple of the IEATC videos.  I don’t have a lot to report.  I think that redoing labs is a good idea, but I was surprised (and disappointed) that I fell for a couple of the same pitfalls the second time around.

I got a new laptop.  It has 2 Gigs of RAM and a duo-core CPU.  I loaded up the entire IE Dynamips lab.  The processor usage fluctuated between 60 – 90%.  I will try out a full-scale Volume III lab (minus some Layer 2 bits) this week to see if this laptop can handle the load.  I’m probably going to buy a CPU/Mobo combo for one of my desktops and drop Linux on it if this Windows laptop can’t handle the load.  I’ll probably end up buying the Dynamips version of the IE Volume II labs (only $99 because I already own the workbook – not sure if that’s $99 for each 10 lab installment or $99 for all 20 labs).  I really need to get cracking on more full-scale labs.  I am thinking about redoing a lab during the week (spread out over a couple of nights) and using the weekend for new labs.  I am probably going to do my first “mock lab” the weekend after this one.

Here are my goals from last week: 

Redo Volume II lab 3.  Redo Volume III lab 2.  Do 4 random labs from each of Volume I OSPF, EIGRP, RIP (12 total).

I managed to complete all of my goals this week.

Goals for this week:  Do Volume II lab 6.  Do Volume III lab 4.  Do 4 random labs from each of Volume I OSPF, EIGRP, RIP (12 total).

Days Until Lab: 131
Readiness (1 to 10): 2
Lab Hours This Week 20
Study Hours This Week (estimate): 2
« Previous PageNext Page »

The Rubric Theme Blog at WordPress.com.

Follow

Get every new post delivered to your Inbox.

Join 109 other followers