CCIE Pursuit Blog

April 9, 2008

Status Update: 31 March – 06 April

I guess that it was to be expected, but I fell off of the wagon a bit this week.  Spring rolled into Minnesota this weekend (and it seems to have rolled right back out again).  Not only was I burned out by the hours that I had put in the last two weeks, but the weather and housework conspired against me.

I didn’t have enough time on Sunday to complete a full Volume II lab, so decided to do Volume III lab 5.  I usually fly through these labs (except for IGP redistribution) so I figured that I would limit myself to 4 hours and knock this sucker out.  Let’s just say that lab 5 wasn’t the sucker that got knocked out.  :-)

After 4 hours I had just reached IGP redistribution.  Ouch!!!  There wasn’t anything that I hadn’t seen before, just a lot of ‘unique’ tasks and more of them.  It was a humbling experience.

Here are my goals from last week: Review the IEATC IPv6 and BGP videos.  Redo Volume II lab 9.  Do Volume III lab 6.

I did manage to redo most of Volume II lab 9.  I found this to be a pretty tough lab as well.  I completed the IPv6 videos (I feel a lot better about my IPv6 skills now) and did (most of) Volume III lab 5, not lab 6.

Here are my goals this week: Review BGP videos.  Finish Volume III lab 5.  Redo Volume II lab 10.  Start redoing the Volume I BGP labs.

Days Until Lab: 103
Days Until Mock Lab 2: 14
Days Until Mock Lab Workshop: 68
Readiness (1 to 10): 6
Lab Hours This Week 10
Study Hours This Week (estimate): 12

Internetwork Expert Volume III: Lab 5 – Section 3

WAN Technologies - 9 Points

3.1 Hub and Spoke

Strange task:

“Configure a Frame Relay connection between r1, r2, and r5 using multipoint subinterfaces on each router.”
“Do not use Inverse-ARP or more than on frame-relay map command on each router.”

I’m having trouble with only using one frame map statement on r5 (hub).  Can I use PPPoFR?

Hellz yeah I can!!!

I eventually got this correct, but I spent a ton of time running through all of the different varations of Frame Relay in my head and I couldn’t produce on that only used one frame-relay map statement on the hub.  This is a case of me reading too little into the question (it never stated that you needed to use exacly one map, just one or less) as well as not being confident of my PPPoFR implementation.  In the end, you won’t use any frame-relay map statements on any of the routers.

3.2 PPPoFR

More fun with PPPoFR.  Much easier than the last task though.  :-) 

Your connection will not come up until you configure PPP authentication so you may as well skip ahead to task 3.4 right away.

3.3 PPP

“Configure PPP on the Serial connection between r4 and r5 using dialer interfaces.”

Wow.  I had to peek the solution on this one as I haven’t done anything with dialers for ages.

r4(config-if)#do sh run | sec l0/1|Dialer
interface Serial0/1
 no ip address
 shutdown
 dialer in-band
 dialer pool-member 1

 pulse-time 1 <-IOS throws this on by default
interface Dialer0
 ip address 128.1.45.4 255.255.255.0
 encapsulation ppp
 dialer pool 1
 dialer idle-timeout 0
 dialer persistent

In the lab I would have just used PPP encapsution on the links and moved on.  I would have tried to get the points at the end of the lab if I had time.

dialer pool

dialer persistent

dialer pool-member

dialer in-band

r5#sh dialer

Se0/1 – dialer type = IN-BAND SYNC NO-PARITY
Dialer pool 1, priority 0
Idle timer (never), Fast idle timer (20 secs)
Wait for carrier (30 secs), Re-enable (15 secs)
Dialer state is data link layer up
Interface bound to profile Di0
Time until disconnect never

Connected to <unknown phone number>

Di0 – dialer type = DIALER PROFILE
Idle timer (never), Fast idle timer (20 secs)
Wait for carrier (30 secs), Re-enable (15 secs)
Dialer state is data link layer up
Number of active calls = 1

Dial String      Successes   Failures    Last DNIS   Last status
r5#

3.4 PPP Authentication

Authenticate the PPPoFR connection we configured in task 3.2 using PAP.  r6 should not authenticate BB1.

interface Serial0/0
 no ip address
 encapsulation frame-relay
 frame-relay interface-dlci 301 ppp Virtual-Template1
!
interface Virtual-Template1
 ip address 54.1.8.6 255.255.255.0
 ppp authentication pap
 ppp pap sent-username ROUTER6 password 0 CISCO

That’s not working:

*Mar  8 03:56:12.058: Vi1 PAP: Using hostname from interface PAP
*Mar  8 03:56:12.058: Vi1 PAP: Using password from interface PAP
*Mar  8 03:56:12.058: Vi1 PAP: O AUTH-REQ id 11 len 18 from “ROUTER6″
*Mar  8 03:56:12.062: Vi1 PAP: I AUTH-REQ id 11 len 14 from “BB1″
*Mar  8 03:56:12.062: Vi1 PAP: Authenticating peer BB1
*Mar  8 03:56:12.062: Vi1 PPP: Sent PAP LOGIN Request
*Mar  8 03:56:12.062: Vi1 PPP: Received LOGIN Response FAIL
*Mar  8 03:56:12.062: Vi1 PAP: O AUTH-NAK id 11 len 26 msg is “Authentication failed”

No clue.  I looked at the solution guide and the only difference was that IE did not use ‘ppp authentication pap’

r6(config)#int virtual-tem 1
r6(config-if)#no ppp authen pap
r6(config-if)#
*Mar  8 04:28:40.518: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access1, changed state to up

*Mar  8 04:29:28.846: Vi1 PPP: Using default call direction
*Mar  8 04:29:28.846: Vi1 PPP: Treating connection as a dedicated line
*Mar  8 04:29:28.846: Vi1 PPP: Session handle[BA0003AB] Session id[934]
*Mar  8 04:29:28.846: Vi1 PPP: Authorization required
*Mar  8 04:29:44.958: Vi1 PPP: No authorization without authentication
*Mar  8 04:29:44.958: Vi1 PAP: Using hostname from interface PAP
*Mar  8 04:29:44.958: Vi1 PAP: Using password from interface PAP
*Mar  8 04:29:44.958: Vi1 PAP: O AUTH-REQ id 166 len 18 from “ROUTER6″
*Mar  8 04:29:44.962: Vi1 PAP: I AUTH-ACK id 166 len 5
*Mar  8 04:29:45.962: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access1, changed state to up

Really??? That was the issue?

Ummm….of course it was.  DOH!!!  I can’t believe that I fucked this up.  One of the requirements is that r6 should not authenticate BB1.  By configuring ‘ppp authentication pap’ on r6 that is exactly what I was trying to do.  Another time-wasting task.  This one was my fault though. 

 

Internetwork Expert Volume III: Lab 5 – Section 2

Bridging and Switching – 9 Points

2.1 Trunking

Very easy trunking task.  You just need to make sure at least one side of each trunk link is in dynamic desirable mode.

The eternal question: What to do about all of the other dynamically created trunks?

In the solution guide the other trunks (negotiated via DTP on the connections between the 3560s and the 3550s) do not appear in the verification commands.  For this lab, I went ahead and shut them all down.

2.2 VLAN Assignment

VTP is already configured (all switches are in VTP server mode in the vtp domain ‘CCIE’).  You are tasked to build all of the VLANs from the diagram.

Weird:

sw1(config-if)#do sh cdp nei f0/3
Capability Codes: R – Router, T – Trans Bridge, B – Source Route Bridge
                  S – Switch, H – Host, I – IGMP, r – Repeater, P – Phone

Device ID            Local Intrfce         Holdtme   Capability    Platform   Port ID
r3                  Fas 0/3               120           R S I     2651XM    Fas0/0
r3                  Fas 0/3               10            R S I     2651XM    Fas0/0.1

This occured soon after I configured router-on-a-stick on r3.  I’ve never seen CDP use a subinterface as a neighbor interface.  Time to clear the cdp table:

clear cdp table

sw1(config-if)#do sh cdp nei f0/3
Capability Codes: R – Router, T – Trans Bridge, B – Source Route Bridge
                  S – Switch, H – Host, I – IGMP, r – Repeater, P – Phone

Device ID            Local Intrfce         Holdtme   Capability    Platform   Port ID
r3                  Fas 0/3               178           R S I     2651XM    Fas0/0

Ah.  Much better.

The lab diagram does not show which ethernet port on r2 is connected to VLAN 72.  It must be 0/0 as that interface is already configured with an IP address in VLAN 72.

Weird.  All of the switches are int vtp domain CCIE and all are VTP servers.  Trunking is established between all of the switches.  Yet I am not seeing VLANs propagating via VTP:

sw1:
sw1(config-if)#do sh vtp status
VTP Version                     : 2
Configuration Revision          : 3
Maximum VLANs supported locally : 1005
Number of existing VLANs        : 11
VTP Operating Mode              : Server
VTP Domain Name                 : CCIE

VTP Pruning Mode                : Disabled
VTP V2 Mode                     : Disabled
VTP Traps Generation            : Disabled
MD5 digest                      : 0x4E 0xE7 0xBF 0xB8 0×71 0×10 0xF6 0xB4
Configuration last modified by 128.1.27.7 at 3-1-93 15:57:04
Local updater ID is 128.1.27.7 on interface Vl27 (lowest numbered VLAN interface found)

sw2:
sw2(config-if)#do sh vtp status
VTP Version                     : 2
Configuration Revision          : 3
Maximum VLANs supported locally : 1005
Number of existing VLANs        : 8
VTP Operating Mode              : Server
VTP Domain Name                 : CCIE

VTP Pruning Mode                : Disabled
VTP V2 Mode                     : Disabled
VTP Traps Generation            : Disabled
MD5 digest                      : 0x9C 0×35 0×84 0×20 0×54 0x5D 0x0C 0xEB
Configuration last modified by 128.1.48.8 at 3-1-93 16:03:37 <-Interface on sw2
Local updater ID is 128.1.48.8 on interface Vl48 (lowest numbered VLAN interface found) 

sw1(config-if)#do sh vtp pass
VTP Password: CISCO

sw2(config-if)#do sh vtp pass
VTP Password: CISC0

Sneaky IE bastards.  I looks like sw2′s password ends with a zero.  I went to each switch and set the vtp password to ‘CISCO’ and vlans started flowing again.

This lab has three “router-on-a-stick” setups to configure.

The IE solution guide shows VLAN 10 configured for some reason.  It’s not in this network though.

I later found vlan 10.  It’s on sw4.  It was not included in my initial config for sw4.  I should have caught this during my intial troubleshooting.

I am also not sure that we need to create VLAN 109 and apply it to the L2 ends of the routed links because in the next task we are using L2 tunneling to make those links think that they are directly connected.  I have full connectivity without VLAN 109, but we’ll see if that gives me issues later.

If this were the real lab, I’d just go ahead and configure VLAN 109 as there is no “minimum number of VLANs” requirement for this task.

2.3 Layer 2 Tunneling

“Configure sw2 so that sw3 and sw4 see each other as CDP neighbors across the routed link that connects them.”

I need to tunnel interfaces fa0/16 and fa0/19

Before:
sw3#sh cdp nei fa0/16
| b Dev
Device ID            Local Intrfce         Holdtme   Capability    Platform   Port ID
sw2                 Fas 0/16              178            S I      WS-C3560-4 Fas0/16

sw4#sh cdp neigh fa0/16 | b De
Device ID            Local Intrfce         Holdtme   Capability    Platform   Port ID
sw2                 Fas 0/16              151            S I      WS-C3560-4 Fas0/19

After:
sw3#sh cdp neigh fa0/16
| b De
Device ID            Local Intrfce         Holdtme   Capability    Platform   Port ID
sw4                 Fas 0/16              151            S I      WS-C3550-2 Fas0/16

sw4#sh cdp nei fa0/16 | b De
Device ID            Local Intrfce         Holdtme   Capability    Platform   Port ID
sw3                 Fas 0/16              170            S I      WS-C3550-2 Fas0/16

sw4#p 128.1.109.9

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 128.1.109.9, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms

 

Internetwork Expert Volume III: Lab 5 – Section 1

Troubleshooting – 2 Points

There are two faults in the initial configurations.  I actually found three and the one that was not listed in the IE Solution Guide was the most devious of the three.

1)  sw3 and sw4 both have an intitial configuration error on their fa0/16 interfaces:

interface FastEthernet0/16
 ip address 128.1.109.9 255.255.255.0

The “no switchport” command for is needed for these routed interfaces.  Without this command, IOS chokes on the ‘ip address’ command and you’re left with an ordinary L2 interface.

2)  Incorrect IP addresses on SVIs on sw1:

sw1(config)#do sh ip int br | e ass
Interface              IP-Address      OK? Method Status                Protocol
Vlan27                 128.1.27.7      YES manual up                    up
Vlan72                 192.10.1.7      YES manual up                    up
Loopback0              150.1.7.7       YES manual up                    up

You just need to swap the IP addresses.

3)  VTP password on sw2 is CISC0 (last character is a zero) rather than CISCO.  This is the fault that is not listed in the solution guide.  I occurs on only one switch, and that switch is the only one that has trunking to the other three switches, so if this was an unintended fault, it was a doozy.   :-)

 

Question Of The Day: 09 April, 2008

 Topic: IP Prefix Lists

Write a single line IP prefix list called “MY_SUBNETS” that will only allow the following subnets:

10.1.1.118/26
10.1.1.118/27
10.1.1.118/28
10.1.1.118/29
10.1.1.118/30

Click Here For Answer


Yesterday’s Question

Question Of The Day: 08 April, 2008 

Topic: IPv6

Router r1 is running OSPFv3:

r1#show ip interface brief | e ass
Interface                  IP-Address      OK? Method Status                Protocol
Serial1/0.12               10.1.12.1       YES NVRAM  up                    up     
Serial1/0.13               10.1.13.1       YES NVRAM  up                    up     
Loopback0                  1.1.1.1         YES NVRAM  up                    up     
Loopback1                  11.11.11.11     YES NVRAM  up                    up     
Loopback2                  12.12.12.12     YES NVRAM  up                    up     
Loopback3                  13.13.13.13     YES NVRAM  up                    up   

r1#show ip interface brief
Serial1/0                  [up/up]
Serial1/0.12               [up/up]
    FE80::CE00:20FF:FE78:0
    2001:10:1:12:CE00:20FF:FE78:0
Serial1/0.13               [up/up]
    FE80::CE00:20FF:FE78:0
    2001:10:1:13:CE00:20FF:FE78:0
Loopback0                  [up/up]
    FE80::CE00:20FF:FE78:0
    2001:1:1:1::1
Loopback1                  [up/up]
    FE80::CE00:20FF:FE78:0
    2001:11:11:11::11
Loopback2                  [up/up]
    FE80::CE00:20FF:FE78:0
    2001:12:12:12::12
Loopback3                  [up/up]
    FE80::CE00:20FF:FE78:0
    2001:13:13:13::13

r1#show ip protocols summary
Index Process Name
0     connected
1     static

r1#show ipv6 protocols summary
Index Process Name
0      connected
1      static
2      ospf 100

r1#show ipv6 ospf interface
Serial1/0.12 is up, line protocol is up
  Link Local Address FE80::CE00:20FF:FE78:0, Interface ID 15
  Area 0, Process ID 100, Instance ID 0, Router ID ????
  Network Type POINT_TO_POINT, Cost: 64
  Transmit Delay is 1 sec, State POINT_TO_POINT,
  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
    Hello due in 00:00:00
  Index 1/1/1, flood queue length 0
  Next 0×0(0)/0×0(0)/0×0(0)
  Last flood scan length is 0, maximum is 0
  Last flood scan time is 0 msec, maximum is 0 msec
  Neighbor Count is 0, Adjacent neighbor count is 0
  Suppress hello for 0 neighbor(s)

r1#show run | sec ipv6 ospf|router-id
 ipv6 ospf 100 area 0

What is the OSPFv3 router-id of r1?

Answer: 13.13.13.13

r1#sh ipv6 ospf data

            OSPFv3 Router with ID (13.13.13.13) (Process ID 100)

                Router Link States (Area 0)

ADV Router      Age         Seq#        Fragment ID  Link count  Bits
13.13.13.13     642         0×80000001  0            0           None
—output truncated—

OSPFv3 will use an IPv4 address as its router-id.  The usual IPv4 router-id selection rules apply.  In this case 13.13.13.13 is the highest IPv4 loopback address.  Since we did not manually specify an OSPFv3 router-id, this address will be used.

The Rubric Theme Blog at WordPress.com.

Follow

Get every new post delivered to your Inbox.

Join 109 other followers