Archive for the ‘Lab’ Category

did my lab today

Montag, April 28th, 2008

but i probably failed.

I found it more difficult than the last time. There had been a lot of questions and i wasn`t able to finish all topics. I missed about 3 to 4 and others i`m not sure. So i will probably not pass. Did not get the mail yet, but i expect it like that. Now i`m just tired and want to sleep. But i will do it again.

CCIE Written 350-001

Sonntag, Januar 20th, 2008

Will do my new Written in February. My test from 8/2006 is no longer valid for the Lab. I hope i can get a Lab date in march still. Must have some luck though. The CCIE Written is only valid for a year after you have done your last lab attempt.

Cisco Assessor Lab

Donnerstag, Januar 11th, 2007

I tried the Cisco Assessor lab from Labgear, Technology Networks, and found it very interesting. The userinterface is not really good and makes things quite difficult, but if you want to get an idea on how it could be in teh lab, this is a good starting point.

I did both labs and the secound lab also has four siwtches in the topology. Also the mixture with 3550 and 3560’s.

There is an AutoVerify you can run during the session to watch, if your answers have been correct and which part of the questions haven’t been or what is missing still.

After the four hour lab, you have two hours to check the solutions.

More details:

http://www.cisco.com/web/learning/le3/ccie/preparation/assessor_details.html

dynamips / dynagen

Donnerstag, Januar 11th, 2007

I have teste dynamips on both XP and Linux, but i starting about 10 routers is quite slow. I have not found a solution, which could speed things up. I thought about using this as a substitute for rack access, but i don’t thnik it will do it for now. Things are to slow, or maybe someone knows how to speed up things.

I have read that using a 3660 for the switching features would be better, but i haven’t tested it yet, since there is not configuration for it, for the IE setup.

New features introduced with the 3560 in the lab

Sonntag, Januar 7th, 2007

There are a couple of new thing coming into the lab with the new 3560 sincce November last year.

Check out this link for a more detailed description.

http://www.internetworkexpert.com/resources/ccie-3560-3550.htm

Lab date now sheduled for Jan

Donnerstag, Dezember 21st, 2006

I have the lab now sheduled. Currently i’m working on the ie workbook and have restarted the labs, after doing all 30 labs from volume I+II and all 10 Core Labs. I have started over with Lab1 and looking through the technologies again. I have had already times, where i could not learn any longer, since i was not longer able to sit on this chair. I could not do the easiest things. After some time now, i hope i’m back on track. 🙂

Lab news

Donnerstag, Dezember 21st, 2006

Okay, as for sure know already, there are now four switches in the lab. two 3550 and 3560 and i would suggest, it’s better to know the news 3560 features. For example the is a new queuing feature called srr-queue or fore example more options on load sharing for etherchannels.

3640 crashing and booting in a loop

Freitag, November 3rd, 2006

It’s probably these day’s you should not touch any electronic system.

Just does not having it that often, but it happens, when i did not think about it or when i expect it the least. It tried to enter an ipv6 access list:
Rack1R3(config)#ipv6 prefix-list PRE_IPV6 ?
deny Specify packets to reject
description Prefix-list specific description
permit Specify packets to forward
seq sequence number of an entry

Rack1R3(config)#ipv6 prefix-list PRE_IPV6 deny FEC0:145:1:34::/64

%ALIGN-1-FATAL: Corrupted program counter 14:27:14 UTC Mon Jan 2 2006
pc=0x0 , ra=0x62139A40 , sp=0x652884B0

%ALIGN-1-FATAL: Corrupted program counter 14:27:14 UTC Mon Jan 2 2006
pc=0x0 , ra=0x62139A40 , sp=0x652884B0

14:27:14 UTC Mon Jan 2 2006: TLB (load or instruction fetch) exception, CPU signal 10, PC = 0x0

——————————————————————–
Possible software fault. Upon reccurence, please collect
crashinfo, „show tech“ and contact Cisco Technical Support.
——————————————————————–

-Traceback=
$0 : 00000000, AT : 644D0000, v0 : 00000000, v1 : 00000000
a0 : 65A086AC, a1 : 00000000, a2 : 6597ED7C, a3 : 00000000
t0 : 00000018, t1 : 3401FF01, t2 : 3401E100, t3 : FFFF00FF
t4 : 60636260, t5 : 6493FAD8, t6 : 6493FAD4, t7 : 6493FAD0
s0 : 6597ED7C, s1 : 65A086AC, s2 : 6597F088, s3 : 00000002
s4 : 6488A5F0, s5 : 64890000, s6 : 6488A810, s7 : 659B7CFC
t8 : 65946D14, t9 : 00000000, k0 : 649C387C, k1 : 60603E80
gp : 644D4AC0, sp : 652884B0, s8 : 64780000, ra : 62139A40
EPC : 00000000, ErrorEPC : BFC04560, SREG : 3401FF03
MDLO : 00000000, MDHI : 00000002, BadVaddr : 00000000
Cause 00000008 (Code 0x2): TLB (load or instruction fetch) exception

No fault history 0xFFFFFFFF. Need 11.1 (2) or higher ROM

Writing crashinfo to flash:crashinfo_20060102-142714

14:27:14 UTC Mon Jan 2 2006: TLB (load or instruction fetch) exception, CPU signal 10, PC = 0x0

——————————————————————–
Possible software fault. Upon reccurence, please collect
crashinfo, „show tech“ and contact Cisco Technical Support.
——————————————————————–

-Traceback=
$0 : 00000000, AT : 644D0000, v0 : 00000000, v1 : 00000000
a0 : 65A086AC, a1 : 00000000, a2 : 6597ED7C, a3 : 00000000
t0 : 00000018, t1 : 3401FF01, t2 : 3401E100, t3 : FFFF00FF
t4 : 60636260, t5 : 6493FAD8, t6 : 6493FAD4, t7 : 6493FAD0
s0 : 6597ED7C, s1 : 65A086AC, s2 : 6597F088, s3 : 00000002
s4 : 6488A5F0, s5 : 64890000, s6 : 6488A810, s7 : 659B7CFC
t8 : 65946D14, t9 : 00000000, k0 : 649C387C, k1 : 60603E80
gp : 644D4AC0, sp : 652884B0, s8 : 64780000, ra : 62139A40
EPC : 00000000, ErrorEPC : BFC04560, SREG : 3401FF03
MDLO : 00000000, MDHI : 00000002, BadVaddr : 00000000
Cause 00000008 (Code 0x2): TLB (load or instruction fetch) exception

-Traceback=

=== Flushing messages (14:27:14 UTC Mon Jan 2 2006) ===

Queued messages
*** System received a Bus Error exception ***
signal= 0xa, code= 0x8, context= 0x647b46d4
PC = 0x6063787c, Cause = 0x420, Status Reg = 0x34018002

System Bootstrap, Version 11.1(20)AA2, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)
Copyright (c) 1999 by cisco Systems, Inc.
C3600 processor with 131072 Kbytes of main memory
Main memory is configured to 64 bit mode with parity disabled

Well, and it’s repeating. It’s in a boot loop.

I had to set config register 0x2142 and then load the IOS without configuration:

*Mar 1 00:00:21.495: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel34, changed state to down
*Mar 1 00:00:21.499: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback0, changed state to up
*Mar 1 00:00:21.699: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel35, changed state to down
*** System received a Bus Error exception ***
signal= 0xa, code= 0x8, context= 0x647b46d4
PC = 0x6063787c, Cause = 0x420, Status Reg = 0x34018002

System Bootstrap, Version 11.1(20)AA2, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)
Copyright (c) 1999 by cisco Systems, Inc.
C3600 processor with 131072 Kbytes of main memory
Main memory is configured to 64 bit mode with parity disabled

telnet> send brk
PC = 0xbfc0a024, Cause = 0x2000, Status Reg = 0x3041f003

monitor: command „boot“ aborted due to user interrupt
rommon 1 > confreg 0x2142

You must reset or power cycle for new config to take effect
rommon 2 > reset

Now i can change the config.

Source:

http://www.cisco.com/en/US/products/sw/iosswrel/ps1831/products_tech_note09186a00800cdd51.shtml#more

CCIE Lab Blueprint R&S

Mittwoch, Oktober 18th, 2006

Added CBAC from the last time i checked it.

  1. Bridging and Switching
    1. Frame relay
    2. Catalyst configuration: VLANs, VTP, STP, trunk, management, features, advanced configuration, Layer 3
  2. IP IGP Routing
    1. OSPF
    2. EIGRP
    3. RIPv2
    4. IPv6: Addressing, RIPng, OSPFv3
    5. GRE
    6. ODR
    7. Filtering, redistribution, summarization and other advanced features
  3. BGP
    1. IBGP
    2. EBGP
    3. Filtering, redistribution, summarization, synchronization, attributes and other advanced features
  4. IP and IOS Features
    1. IP addressing
    2. DHCP
    3. HSRP
    4. IP services
    5. IOS user interfaces
    6. System management
    7. NAT
    8. NTP
    9. SNMP
    10. RMON
    11. Accounting
  5. IP Multicast
    1. PIM, bi-directional PIM
    2. MSDP
    3. Multicast tools, source specific multicast
    4. DVMRP
    5. Anycast
  6. QoS
    1. Quality of service solutions
    2. Classification
    3. Congestion management, congestion avoidance
    4. Policing and shaping
    5. Signaling
    6. Link efficiency mechanisms
    7. Modular QoS command line
  7. Security
    1. AAA
    2. Security server protocols
    3. Traffic filtering and firewalls
    4. Access lists
    5. Routing protocols security, catalyst security
    6. CBAC
    7. Other security features

Source:

http://www.cisco.com/web/learning/le3/ccie/rs/lab_exam_blueprint.html

CCIE lab checklist

Mittwoch, Oktober 18th, 2006

CCIE Routing and Switching Lab checklist
This checklist is an adapted version of JongSoo Kim’s popular checklist for the CCIE Routing and Switching Lab exam revised for 2006.
Exam Topics:
• Frame Relay
• Catalyst 3550
• OSPF
• RIP
• EIGRP
• Golden Moment
• BGP
• IPv6
• Multicast
• IOS/IP service
• QoS
• Security
________________________________________

1. Spend a few minutes to understand the point of distribution between core requirement (L2, IGP, and BGP) and non-core (IOS, Service, Security, and Multicast)
2. Spend a few minutes to understand the topology. Figure out the core network, stub network, BB, et cetera.
3. Create Alias commands in notepad and copy/paste them to all routers. One of my favourite Alias is „show run | b Se“
4. Frame Relay (10~15 min.)
Configure router by router rather than interface by interface. Always configure interfaces in the following order
1) enc frame-relay
2) no frame inverse
3) no shut
Check to see if spoke-to-spoke connectivity is required by checking the core IGP section. Ping from spoke-to-spoke if possible. Not from hub-to-spoke.
If PPP over FR is required, then always create VT first, user/password
5. Catalyst 3550 (15~20 min.)
5.1. Read task and create VLAN table as listed below
VL Router CAT1 CAT2 Router VL
10 R1 f0/0——f0/1 f0/2——f0/0 R2 10
20 R3 f0/1——f0/3 f0/4——f0/0 R4 30
40 R5 f0/0——f0/5
40 R6 f0/1——f0/6
f0/23—f0/23
f0/24—f0/24
vl 10 vl 40
client vtp server vtp
5.2. Configure CAT1 and CAT2 and validate configuration
5.3. Read task once again and make sure nothing is missed.
5.4. Ping vlan by vlan. Select only one device and ping all others on a specific vlan. There is no need to ping from multiple interfaces on the same vlan. Don’t wait for ARP resolution.
L2 is over between 30~50 min. (Worst case = 60 min.)
6. OSPF (25~45 min.)
6.1. Draw a diagram to configure OSPF router by router rather than area by area. (10 min.)
Check if authentication is required, stub or NSSA areas’s need to be configured and if the nescessity of a virtual link is present. Make notes for route redistribution, summarization and aggregation. Pay attention to DR/BDR election and OSPF network type.
6.2. Configure OSPF router by router based on drawing in Black w/ green high-lighter (10~30 min.)
6.2.1. Always configure interface in this order
1) OSPF network type based on DR/BDR, hello interval, et cetera
2) authentication
3) priority
4) Loop interface ospf network type.
6.2.2. Configure OSPF process in this order
1) router-id
2) network (copy past from interface address)
3) neighbor
6.2.3. Validate everything is working (5 min.)
6.3. Do redistribute, summary, area range (5 min.)
6.4. Avoid any engagement with giant beasts. Instead make a note.
OSPF takes about 25~45 min. (total 55 ~1:45)
7. RIP (20~30 min.)
Warning: It is very tricky!
7.1. Draw RIP topology next to the OSPF drawing in blue (2 min.)
7.2. Check if interfaces are active or passive. Pay attention to RIP update method (multicast, broadcast or unicast), version and authentication. Never assume the default version is 2, no auto-summary, multicast, et cetera. This selection can be applied to each direction of the interface.
7.3. Configure router by router (5 min.) per drawing
7.4. validate everything is working (3 min.)
7.5. Spend enough time to be absolutely correct on route-filter, summary, et cetera (5 min.)
7.6. If mutual-redistribution is required, make sure multi-exit point to single-exit point. Don’t forget metric. If it is multi-exit point, write down „rip subnets“ on notepad and do the following (5 min.)
7.6.1. „redistribute ospf“ under „router rip“
Pitfal: Protect RIP routes re-entering from OSPF: „Deny rip routes and permit all“ route-map for „redistribute ospf“ to rip Don’t wait after „clear ip route * “ is issued.
7.6.2. „redistribute rip subnets“ under „router ospf“
Pitfal: Protect OSPF external routes re-entering from RIP: „Permit only rip routes“ route-map for „redistribute rip subnets“ to OSPF Don’t wait after „clear ip route * “ is issued.
7.6.3. distance 121 0.0.0.0 255.255.255.255 11 under „router OSPF“
Pitfal: Fix redistributing router’s AD for RIP routes: distance 121 0.0.0.0 255.255.255.255 11 „access-list 11 permit rip routes“ I saw sometimes this takes quite a few second. Don’t do „clear ip OPSF“ or I will end up spending more time just for watching.
RIP is over 20 ~30 min (total 1:15 ~ 2:15)
8. EIGRP (20~30 min.)
8.1. Draw EIGRP topology into OPSF drawing in black w/o high lighter (2 min.)
8.2. Determine non/passive/active-eigrp interface. Be open minded that BB can be multicast/unicast. Load-balance, authentication, stub, summary address (5 min.)
8.3. Configure router by router (5 min) per drawing
8.4. validate (5 min.)
8.5. Spend enough time to be absolutely correct on route-filter, summary, etc (5 min.)
8.6. If mutual-redistribution is required, make sure multi-exit point to single-exit point. If it is multi-exit point, write down „eigrp subnets“ on notepad ( 5 min) 8-6-1″redistribute ospf“ under „router eigrp“
Protect EIGRP external route re-entering from OSPF
„Deny eigrp routes and permit all“ route-map for „redistribute ospf“ to eigrp Make sure metric is configured.
8.6.2. „redistribute eigrp subnet“ under „router ospf“
Protect OSPF external routes re-entering from EIGRP
„Only permit eigrp routes“ route-map for „redistribute ospf“ to eigrp Make sure metric is configured.
8.6.3 distance 121 0.0.0.0 255.255.255.255 11 under „router OSPF“
Fix redistributing router’s AD for eigrp external routes
distance 121 0.0.0.0 255.255.255.255 11 „access-list 11 permit eigrp routes“
I saw sometimes this takes quite a few second. Don’t do „clear ip OPSF“ or I will end up spending more time just for watching. Technically, only eigrp external route needs to be applied but eigrp route won’t hurt and make it simple.
EIGRP is over in 20~30 min. (1:35 ~2:45 min.)
9. Golden Moment (5~30 min.)
Check the Golden moment per NMC meaning the exciting moment when you get ping response from every router to every router.
9.1. Run tclsh script
„foreach addr {
1.1.1.1

} { ping $ addr}“
Just copy/paste after tclsh (it is really cool when you see pings go through from everywhere to everywhere). To quit,type “tclq“.
9.2. when ping has no response, write down ip address and troubleshoot. Drawing will be the excellent tool for troubleshooting.
Full reachability is done in 5~30 min. (2:05~4:00)
10. BGP (20~40 min.)
10.1 Drawing a BGP topology on a separate paper. (3 min.)
10.2 Determine RR or CON or both to do full-mesh iBGP. See if neighbor peer-group is required, decide ip address to use bgp session.
10.3. Configure router by router not BGP session-by-session always put no sync and no auto-summary if allowed.
10.4. Spend enough time to be absolutely correct on route-filtering (ACL, prefix-list, as-path filter), route-aggregate (w/ as-set, summary-only, suppress-map, attribute-map, advertise-map), route-manipulation (w/as-pretending, med, local-pref, weight, next-hop, advertise-map/non/existing-map, origin, community, etc) route-dampening, et cetera.
10.5. validate config. Don’t wait for route updates after „clear ip bgp *“. It takes longer than a minute to complete.
BGP is over in 20~40 min. (2:25 ~ 4:40) My target is before lunch!
11. IPv6 (10 min.)
11.1. Draw a simple diagram (1 min.)
11.2. Watch out link local address over FR multilink.
SLA ID is 4th 16bit
16bit:16bit:16bit:SLA ID(16 bit) : interface ID( 64 bits)
site-local = FEC0::
link-local = fe80::
11.3. Check full reachability using tcl script or just manual ping depending on the number of routers.
IPv6 is over 10 min. (total 2:35 ~ 4:50)
Core routing is done. You should have at least three hours to go. Strategy will depend on much time you have left at this moment.
12. Multicast (15 min.)
12.1. Mark a Mcast topology with red high lighter on OSPF drawing.
12.2. Determine mcast topology (dense-mode, static RP pim sparse, Auto-rp/MA, pim V2 bsr, Auto-rp/MA/MSDP).
12.3. Configure router-by-router
12.4. validate config
12.5. If second part is difficult, skip by making a note.
13. IOS/IP service
Warning: Be careful not to block or drop any IGP updates
13.1 just check quickly and do easy one first.
13.2. skip difficult task by making a note.
14. QoS
Warning: Be careful not to block or drop any IGP updates
14.1. Draw a flow on paper instead of in brain.
14.2. Always determine classification method (ACL, NBAR) and direction.
14.3. Determine shaping vs. policing
14.4. Consider all options for queuing (legacy custom/priority, bandwidth/priority, shape average/peak, FRTS/GTS)
14.5. consider all options for policing (police, rate-limit, ip multicast rate-limit, aggregate police (3550))
14.6. If frame-relay, don’t forget adaptive-shaping.( becn, fecn, foresight)
14.7. Consider all dropping mode (random detect, ecn, tail drop, marking, etc)
15. Security
Warning: Be careful not to block or drop any IGP updates
15.1. Draw a flow on paper instead of in brain.
15.2. Consider all options for classification std/ext/reflexive/dynamic ACL, IP inspect, tcp intercept, unicast RFP, ip accounting output packet /access-violation/precedence
18.3. When configuring Switchport port-security mac-address, be careful to include virtual and physical mac if HSRP is running.