CCIE Pursuit Blog

March 17, 2008

Internetwork Expert Volume II: Lab 8 – Section 2

Frame Relay – 9 Points

2.1 Hub-and-Spoke

Easy

2.2 Multilink PPP over Frame-Relay

This is the first PPP multilink over FR task I’ve encountered.  Luckily this is a technology that I use on the job so this was fairly easy.

2.3 Point-to-Point

Easy.  Because we’re using Frame inarp, just need to explicitly turn it off for the other PVCs.

I wasted a ton of time trying to reverse engineer the DLCIs on the CCOnlinelabs equipment.  DLCIs 100 and 62 (the DLCI that they supposed use) do not exist.

I finally had to strip the entire BB1 config off and then just turn on FR with an IP address on s0/0 and do the same on r6.  Frame inarp did it’s magic and you can see the results:

r6:
Serial0/0/0 (up): ip 54.1.2.254 dlci 629(0x275,0x9C50), dynamic,
              broadcast,
              CISCO, status defined, active

bb1:
Serial0/0 (up): ip 54.1.2.6 dlci 926(0x39E,0xE4E0), dynamic,
              broadcast,
              CISCO, status defined, active

So….I have DLCI 629 on r6 with 926 on bb1.  I’ve used CCOnlinelabs before and never had an issue like this.  My guess is that that the pod was set up for another vendor’s workbook.

2.4 Frame Relay Traffic Shaping

This seemed to be a very easy FRTS task. 

Bc = CIR * Tc/1000

Bc = 128000 * 125/1000
Bc = CIR * .125
BC = 16000

Without Bc configured:

r5#sh traffic | i Inter|Acc|VC|501
Interface   Se0/0/0
       Access Target    Byte   Sustain   Excess    Interval  Increment Adapt
VC     List   Rate      Limit  bits/int  bits/int  (ms)      (bytes)   Active
501           128000    2000   128000    0         125       2000      –

With Bc set to 16000:

r5#sh traffic | i Inter|Acc|VC|501
Interface   Se0/0/0
       Access Target    Byte   Sustain   Excess    Interval  Increment Adapt
VC     List   Rate      Limit  bits/int  bits/int  (ms)      (bytes)   Active
501           128000    2000   16000     0         125       2000      –

IE guide says to see explanation for FRTS task in lab 1.

I’ll have to review to find out why we needed to explicitly set the Bc.

Task 2.4

Internetwork Expert Volume II: Lab 8 – Section 1

Bridging and Switching – 20 Points

“There are no faults in the initial configurations.”
“Do not alter the commands in the initial configurations.”

1.1 Trunking

First things first, CCOnlinelabs does not use fa0/24 to connect to the bbs

On sw2 they use fa0/10:

sw2#sh run int fa0/24
interface FastEthernet0/24
 switchport access vlan 52
end

sw2#sh run int fa0/10
interface FastEthernet0/10
end

That means I need to move the config from fa0/24 to fa0/10.  After altering the configuration to match the CCOnlinelabs topology, I finished the easy trunking tasks.

I did notice something odd though:

sw1(config-if-range)#do sh vtp status
VTP Version                     : running VTP1 (VTP2 capable)
Configuration Revision          : 0
Maximum VLANs supported locally : 1005
Number of existing VLANs        : 15
VTP Operating Mode              : Transparent
VTP Domain Name                 : CCIELAB
VTP Pruning Mode                : Disabled
VTP V2 Mode                     : Disabled
VTP Traps Generation            : Disabled
MD5 digest                      : 0x99 0x68 0x38 0x79 0xE4 0x3B 0x99 0xFF
Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00

All of the switches are configured this way.

sw2(config)#vtp version ?
  <1-2>  Set the adminstrative domain VTP version number

I looked through the initial configs and I don’t see anything that sets these to VTP version 1.  This may be something leftover on the rental switches.  It should not matter as all switches are in VTP Transparent mode.  Transparent mode in VTP version 1 drops all VTP advertisments.  In VTP version 2 the Transparent switches pass the advertisement on but do not install them.

Weird:

r5#sh vlan 52
% Ambiguous command:  “sh vlan 52”

r5#sh vlans 52

Virtual LAN ID:  52 (IEEE 802.1Q Encapsulation)

   vLAN Trunk Interface:   FastEthernet0/1.52

   Protocols Configured:   Address:              Received:        Transmitted:
           IP              192.10.1.5                 905                  88
        Other                                           0                   1

   913 packets, 60196 bytes input
   89 packets, 5450 bytes output

r5#sh vlan?
vlan-range  vlan-switch  vlans

“show vlans”????

show vlans

To view virtual LAN (VLAN) subinterfaces, use the show vlans command in privileged EXEC mode.

1.2 Trunking

This task required that you configure trunks between sw3 and sw1  (both are 3560s in this rack) by using DTP.  Should I set ‘dyn des’ on both sides or just one?

I did both sides.  IE only did it on one side.

1.3 Trunking

“use minimal conf poss on sw1 to accomplish this task”

sw1 = 3560 – switchport mode dynamic auto
sw4 = 3550 – switchport mode dynamic desirable

sw4(config)#do sh run | b 0/13
interface FastEthernet0/13
 switchport mode dynamic desirable
 shutdown
!
interface FastEthernet0/14
 switchport mode dynamic desirable
 shutdown
!
interface FastEthernet0/15
 switchport mode dynamic desirable
 shutdown

I should be able to just no shut both sides to dynamically create 3 ISL trunks:

sw4(config)#int range fa0/13 – 15
sw4(config-if-range)#no sh

sw1(config-if-range)#int range fa0/19 – 21
sw1(config-if-range)#no sh

sw1:
sw1(config-if-range)#do sh int trun | i 0/19|0/20|0/21
Fa0/19      auto             n-isl          trunking      1
Fa0/20      auto             n-isl          trunking      1
Fa0/21      auto             n-isl          trunking      1

sw4:
sw4(config-if-range)#do sh int trunk | i 0/13|0/14|0/15
Fa0/13      desirable        n-isl          trunking      1
Fa0/14      desirable        n-isl          trunking      1
Fa0/15      desirable        n-isl          trunking      1

1.4 Spanning-Tree Protocol

Create root switches for batches of VLANs.

“Use the fewest commands needed to accomplish this task.”

This is where reading ahead pays off.  Task 1.7 is going to require that we use MST.  I need to set up MST before I start making root switches.  Hop ahead to task 1.7

*IE even combines these tasks in the solution guide.

1.7 Spanning-Tree Protocol

Set up a single instance of spanning-tree for 4 sets of VLANs.  Time for MST.

Specifying the MST Region Configuration and Enabling MSTP (required)

You need to remember that you’ll have to cut and paste this configuration on each switch.

sw1(config)#spanning-tree mst config
sw1(config-mst)#instance 1 vlan 3-7
sw1(config-mst)#instance 2 vlan 13-45
sw1(config-mst)#instance 3 vlan 52-67
sw1(config-mst)#instance 4 vlan 1,1001
sw1(config-mst)#name MYMST
sw1(config-mst)#revision 1
sw1(config-mst)#exit
sw1(config)#spanning-tree mode mst

Very cool/odd command.  A show command from within MST configuration mode:

sw1(config-mst)#show pending
Pending MST configuration
Name      [MYMST]
Revision  1     Instances configured 5

Instance  Vlans mapped
——–  ———————————————————————
0         2,8-12,46-51,68-1000,1002-4094
1         3-7
2         13-45
3         52-67
4         1,1001
——————————————————————————-

Remember that instance 0 is created by default and includes any VLANs not explicitly assigned to other instances.

Tip:  If you do “do show history” in configuration mode, this will show your last x configuration entries.  I use this if I need to cut and paste a configuration on a bunch of devices.

sw1(config)#do sh hist
  do sh run int fa0/18
  do sh int trunk
  int range fa0/19 – 21
  no sh
  do sh int trun | i 0/19|0/20|0/21
  do wr
  exit
  spanning-tree mst con
  instance 1 vlan 3-7
  instance 2 vlan 13-45
  instance 3 vlan 52-67
  instance 4 vlan 1,1001
  name MYMST
  revision 1

  do sh pending
  show pending
  exit
  spanning-tree mode mst

I can now paste this on the rest of the switches:

  spanning-tree mst con
  instance 1 vlan 3-7
  instance 2 vlan 13-45
  instance 3 vlan 52-67
  instance 4 vlan 1,1001
  name MYMST
  revision 1
  exit
  spanning-tree mode mst

sw2(config)#  spanning-tree mst con
sw2(config-mst)#  instance 1 vlan 3-7
sw2(config-mst)#  instance 2 vlan 13-45
sw2(config-mst)#  instance 3 vlan 52-67
sw2(config-mst)#  instance 4 vlan 1,1001
sw2(config-mst)#  name MYMST
sw2(config-mst)#  revision 1
sw2(config-mst)#  exit
sw2(config)#  spanning-tree mode mst
sw2(config)#^Z

Nice command to get a quick look at MST:

sw4#sh spann mst | i MST
##### MST0    vlans mapped:   2,8-12,46-51,68-1000,1002-4094
##### MST1    vlans mapped:   3-7
Root          this switch for MST1
##### MST2    vlans mapped:   13-45
Root          this switch for MST2
##### MST3    vlans mapped:   52-67
Root          this switch for MST3
##### MST4    vlans mapped:   1,1001
Root          this switch for MST4
sw4#

This will show you the vlans mapped for each instance and whether or not you’re the root for the instance [if you’re not on the root switch, the “Root” output will not show up, only the VLAN mappings]

Back to 1.4

1.4 Spanning-Tree Protocol

Okay.  NOW we can start setting roots (copy tasks from above).

Configuring the MST Root Switch

sw1#sh span mst 1

##### MST1    vlans mapped:   3-7
Bridge        address 0019.56db.aa80  priority      32769 (32768 sysid 1)
Root          address 000d.65a3.bf00  priority      32769 (32768 sysid 1)  <-sw4
              port    Fa0/19          cost          200000    rem hops 19

Interface        Role Sts Cost      Prio.Nbr Type
—————- —- — ——— ——– ——————————–
Fa0/1            Desg FWD 200000    128.3    P2p
Fa0/3            Desg FWD 200000    128.5    P2p
Fa0/9            Desg FWD 2000000   128.11   Shr
Fa0/11           Desg FWD 2000000   128.13   Shr
Fa0/13           Desg FWD 200000    128.15   P2p
Fa0/14           Desg FWD 200000    128.16   P2p
Fa0/15           Desg FWD 200000    128.17   P2p
Fa0/16           Desg FWD 200000    128.18   P2p
Fa0/17           Desg FWD 200000    128.19   P2p
Fa0/18           Desg FWD 200000    128.20   P2p
Fa0/19           Root FWD 200000    128.21   P2p
Fa0/20           Altn BLK 200000    128.22   P2p
Fa0/21           Altn BLK 200000    128.23   P2p

sw1(config)#spanning-tree mst 1 root primary

sw1(config)#do sh span mst | i MST
##### MST0    vlans mapped:   2,8-12,46-51,68-1000,1002-4094
##### MST1    vlans mapped:   3-7
Root          this switch for MST1
##### MST2    vlans mapped:   13-45
##### MST3    vlans mapped:   52-67
##### MST4    vlans mapped:   1,1001

sw1(config)#do sh spann mst 1

##### MST1    vlans mapped:   3-7
Bridge        address 0019.56db.aa80  priority      24577 (24576 sysid 1)
Root          this switch for MST1
—output truncated—

NOTE:  Here’s where the “minimal command” issue needs clarification.  Since sw4 is ALREADY the root for MST instance 4 (vlans 1 and 1001), then I shouldn’t need to do any configuration to make it the root. 

sw4(config)#do sh span mst | i MST
##### MST0    vlans mapped:   2,8-12,46-51,68-1000,1002-4094
##### MST1    vlans mapped:   3-7
##### MST2    vlans mapped:   13-45
##### MST3    vlans mapped:   52-67
##### MST4    vlans mapped:   1,1001
Root          this switch for MST4

BUT there is another requirement:

“No switch should be the elected root based upon a lower MAC address.”

sw4 is elected based on the lowest MAC address (priorities are the same on all switches in MST instance 4) so we DO need to explicitly configure sw4 as the root bridge.

1.5 Layer 2 Tunneling

r2 fa0/0 -> sw2 fa0/2
r6 fa0/1 -> sw4 fa0/6

I have to tunnel sw2 fa0/2 to sw4 fa0/6.  That way the router can trunk directly to each other?

Configuring IEEE 802.1Q Tunneling

vlan dot tag native
!
int fa0/6
 swit mode dot1
 l2protocol-tunnel stp
 l2protocol-tunnel cdp

[sw2 and sw4 already had their MTU set to 1504]

r2#sh cdp neigh fa0/0 | b Dev
Device ID        Local Intrfce     Holdtme    Capability  Platform  Port ID
r6               Fas 0/0            127        R S I      2811      Fas 0/1

r2#ping 174.1.26.6

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 174.1.26.6, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms

1.6 Spanning-Tree Protocol

The task requires you to force MST instance 1 VLANs (3-7) to prefer to forward traffic to sw1 (the root) over the highest numbered DIRECTLY connected port.  If a port fails, prefer the next highest numbered port.  Complete this configuration on sw1.

The switches are currently using the lowest numbered directly connected port as the root port:

sw2#sh spann mst 1

##### MST1    vlans mapped:   3-7
Bridge        address 0019.56db.d900  priority      32769 (32768 sysid 1)
Root          address 0019.56db.aa80  priority      24577 (24576 sysid 1)
              port    Fa0/13          cost          200000    rem hops 19

Interface        Role Sts Cost      Prio.Nbr Type
—————- —- — ——— ——– ——————————–
Fa0/4            Desg FWD 200000    128.6    P2p
Fa0/13           Root FWD 200000    128.15   P2p
Fa0/14           Altn BLK 200000    128.16   P2p
Fa0/15           Altn BLK 200000    128.17   P2p
Fa0/19           Altn BLK 200000    128.21   P2p

I can change this two ways on the root switch (sw1) by lowering the port-priority to prefer different ports.

sw2 fa0/15 is connected to sw1 fa0/15
sw2 fa0/14 is connected to sw1 fa0/14
sw2 fa0/13 is connected to sw1 fa0/13

We need to remember that we’re running MST:

spanning-tree mst instance-id port-priority priority

sw1(config)#int fa0/15
sw1(config-if)#spanning-tree mst 1 port-priority 0
sw1(config-if)#int fa0/14
sw1(config-if)#spanning-tree mst 1 port-priority 16

sw1#sh spann mst 1 det | b net0/13
FastEthernet0/13 of MST1 is designated forwarding
Port info             port id         128.15  priority    128  cost      200000
Designated root       address 0019.56db.aa80  priority  24577  cost           0
Designated bridge     address 0019.56db.aa80  priority  24577  port id   128.15
Timers: message expires in 0 sec, forward delay 0, forward transitions 5
Bpdus (MRecords) sent 3196, received 861

FastEthernet0/14 of MST1 is designated forwarding
Port info             port id          16.16  priority     16 cost      200000
Designated root       address 0019.56db.aa80  priority  24577  cost           0
Designated bridge     address 0019.56db.aa80  priority  24577  port id    16.16
Timers: message expires in 0 sec, forward delay 0, forward transitions 5
Bpdus (MRecords) sent 4032, received 3364

FastEthernet0/15 of MST1 is designated forwarding
Port info             port id           0.17  priority      0  cost      200000
Designated root       address 0019.56db.aa80  priority  24577  cost           0
Designated bridge     address 0019.56db.aa80  priority  24577  port id     0.17
Timers: message expires in 0 sec, forward delay 0, forward transitions 5
Bpdus (MRecords) sent 4032, received 3364

sw2#sh spann mst 1

##### MST1    vlans mapped:   3-7
Bridge        address 0019.56db.d900  priority      32769 (32768 sysid 1)
Root          address 0019.56db.aa80  priority      24577 (24576 sysid 1)
              port    Fa0/15          cost          200000    rem hops 19

Interface        Role Sts Cost      Prio.Nbr Type
—————- —- — ——— ——– ——————————–
Fa0/4            Desg FWD 200000    128.6    P2p
Fa0/13           Altn BLK 200000    128.15   P2p
Fa0/14           Altn BLK 200000    128.16   P2p
Fa0/15           Root FWD 200000    128.17   P2p  <-booyah
Fa0/19           Altn BLK 200000    128.21   P2p

1.8 Etherchannel

Create a couple of L3 EtherChannels.

1.9 Interface Negotiation

Hard code all ports in vlan 3 to 100/Full

sw1#sh vlan br | i VLAN0003
3    VLAN0003                         active    Fa0/3, Fa0/9, Fa0/10, Fa0/11

sw1(config)#int range fa0/3, fa0/9 – 11
sw1(config-if-range)#speed 100
sw1(config-if-range)#duplex full

Remember that you need to hard-code BOTH sides of the link to avoid speed/duplex mismatches:

04:47:14: %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on FastEthernet0/3(not half duplex), with r3 FastEthernet0/0 (half duplex).

sw1#sh cdp nei f0/3
Capability Codes: R – Router, T – Trans Bridge, B – Source Route Bridge
                  S – Switch, H – Host, I – IGMP, r – Repeater, P – Phone

Device ID        Local Intrfce     Holdtme    Capability  Platform  Port ID
r3               Fas 0/3           153          R S I     2811      Fas 0/0

r3(config)#int fa0/0
r3(config-if)#speed 100
r3(config-if)#duplex full

sw1#sh int status | i 3
Fa0/3                        connected    3            full    100 10/100BaseTX
Fa0/9                        notconnect   3            full    100 10/100BaseTX
Fa0/10                       notconnect   3            full    100 10/100BaseTX
Fa0/11                       notconnect   3            full    100 10/100BaseTX

Fa0/13                       connected    trunk      a-full  a-100 10/100BaseTX
Fa0/23                       notconnect   1            auto   auto 10/100BaseTX

DOH!!!!  The IE solution did not include fa0/3 on sw1 (connected to r3 fa0/0).  This is a matter of question interpretation.  The task states the Windows machines are getting network errors.  Then it states:

“In order to resolve this problem, ensure that all ports in VLAN 3 are hard coded to 100Mbps Full-Duplex.”

In order to meet the last requirement you would need to hard code fa0/3 to 100/Full.  BUT the problem is NOT with network devices, but with hosts.  Another “ask the proctor” moment.  🙂

CCIE Salaries Redux

Filed under: Cisco,Cisco Certification,Work — cciepursuit @ 7:12 am
Tags: , , , , ,

I recently blogged about a NetworkWorld article about declining CCIE pay.  To be fair, the NetworkWorld article did not actually say that CCIE salaries were declining.  It said that in a salary survey, Routing and Switching CCIEs had average salaries that were less than the average salary for some other certifications (“Is CCIE pay slipping compared to other certifications?”).  The “slipping” refereed to the average salary of CCIEs compared to some other certifications.  Confused?  So was I.  🙂

The NW article showed that the average (US) CCIE earns $93,500.  I think that’s a livable wage.  🙂  It does, however, seem to be lower than numbers I have seen quoted before as well as the “as soon as you get your digits the money fairy descends from the heavens and hits you with her $100K wand” myth.

I looked for some other CCIE salary resources on the mighty, might Interwebs.

Certification Magazine echoes the NW articles findings in that the CCIE is not the #1 salaried certification, but their numbers show a higher average salary along with a nice increase over the last 3 years:

CertMag’s 2007 Salary Survey
Cisco CCIE, which dominated the Salary Survey in ’03 and ’04 but slipped out of the top five thereafter, came in third this year with $111,090.

CertMag’s 2006 Salary Survey
The top five certification programs saw a bit of a shake-up this year with the Cisco Certified Internetwork Expert (CCIE) falling out of the top five to sixth place with an average salary of $105,560.

CertMag’s 2005 Salary Survey: Monitoring Your Net Worth
… the Cisco Certified Internetwork Expert (CCIE), with $104,020.

Sounds good.  Well here’s a survey that shows that the median income for a US CCIE with 1 – 4 years experience is a little less than $69,000 (there were 72 respondents).

Median Salary by Years Experience – Certification: Cisco Certified Internetwork Expert (CCIE) (United States)

Brad Reese (via TCPmag.com) has a salary survey that shows US CCIEs averaging six-figures:

2008 Cisco Salary Rates

Why the wide discrepency in average CCIE salaries?  Is this a case of “lies, damn lies, and statistics”?  Maybe.  I don’t have the time nor the desire to look into the methodologies behind these surveys.  I can tell you that there are a number of variables that affect ANY salary.  If you’re a recently minted CCIE in Duluth, Minnesota then you’re very likely to be making less than a CCNP (or CCNA for that matter) in Silicon Valley or Manhattan.  Secondly, “salary” can mean different things to different people.  I think of my salary as my base salary.  I don’t include bonuses, training budget, vacation, benefits, etc. in my salary.  I remember seeing the dollar value for an FTE (Full Time Equivalent/Employee) for my current position and thinking that my employer was WAY underpaying me.  The FTE value was twice my base salary.  Of course, the FTE included ALL of my employer’s costs for that position.

Anyhoo….I still think that getting your CCIE will allow you to put clothes on your back and food on the table.  Your salary may double or it may stay the same.  If you’re doing this for money, then you have much better ROI options than the CCIE.

Blog at WordPress.com.