AI, ML, Development + Cisco Learning Blog Learning about Machine Learning, Artificial Intelligence, related devlopment topics and formerly Routing and Switching, Datacenter, Security and other topics, CCIE #23664, Frank Wagner

It’s probably these day’s you should not touch any electronic system.

Just does not having it that often, but it happens, when i did not think about it or when i expect it the least. It tried to enter an ipv6 access list:
Rack1R3(config)#ipv6 prefix-list PRE_IPV6 ?
deny Specify packets to reject
description Prefix-list specific description
permit Specify packets to forward
seq sequence number of an entry

Rack1R3(config)#ipv6 prefix-list PRE_IPV6 deny FEC0:145:1:34::/64

%ALIGN-1-FATAL: Corrupted program counter 14:27:14 UTC Mon Jan 2 2006
pc=0x0 , ra=0x62139A40 , sp=0x652884B0

%ALIGN-1-FATAL: Corrupted program counter 14:27:14 UTC Mon Jan 2 2006
pc=0x0 , ra=0x62139A40 , sp=0x652884B0

14:27:14 UTC Mon Jan 2 2006: TLB (load or instruction fetch) exception, CPU signal 10, PC = 0x0

——————————————————————–
Possible software fault. Upon reccurence, please collect
crashinfo, „show tech“ and contact Cisco Technical Support.
——————————————————————–

-Traceback=
$0 : 00000000, AT : 644D0000, v0 : 00000000, v1 : 00000000
a0 : 65A086AC, a1 : 00000000, a2 : 6597ED7C, a3 : 00000000
t0 : 00000018, t1 : 3401FF01, t2 : 3401E100, t3 : FFFF00FF
t4 : 60636260, t5 : 6493FAD8, t6 : 6493FAD4, t7 : 6493FAD0
s0 : 6597ED7C, s1 : 65A086AC, s2 : 6597F088, s3 : 00000002
s4 : 6488A5F0, s5 : 64890000, s6 : 6488A810, s7 : 659B7CFC
t8 : 65946D14, t9 : 00000000, k0 : 649C387C, k1 : 60603E80
gp : 644D4AC0, sp : 652884B0, s8 : 64780000, ra : 62139A40
EPC : 00000000, ErrorEPC : BFC04560, SREG : 3401FF03
MDLO : 00000000, MDHI : 00000002, BadVaddr : 00000000
Cause 00000008 (Code 0x2): TLB (load or instruction fetch) exception

No fault history 0xFFFFFFFF. Need 11.1 (2) or higher ROM

Writing crashinfo to flash:crashinfo_20060102-142714

14:27:14 UTC Mon Jan 2 2006: TLB (load or instruction fetch) exception, CPU signal 10, PC = 0x0

——————————————————————–
Possible software fault. Upon reccurence, please collect
crashinfo, „show tech“ and contact Cisco Technical Support.
——————————————————————–

-Traceback=
$0 : 00000000, AT : 644D0000, v0 : 00000000, v1 : 00000000
a0 : 65A086AC, a1 : 00000000, a2 : 6597ED7C, a3 : 00000000
t0 : 00000018, t1 : 3401FF01, t2 : 3401E100, t3 : FFFF00FF
t4 : 60636260, t5 : 6493FAD8, t6 : 6493FAD4, t7 : 6493FAD0
s0 : 6597ED7C, s1 : 65A086AC, s2 : 6597F088, s3 : 00000002
s4 : 6488A5F0, s5 : 64890000, s6 : 6488A810, s7 : 659B7CFC
t8 : 65946D14, t9 : 00000000, k0 : 649C387C, k1 : 60603E80
gp : 644D4AC0, sp : 652884B0, s8 : 64780000, ra : 62139A40
EPC : 00000000, ErrorEPC : BFC04560, SREG : 3401FF03
MDLO : 00000000, MDHI : 00000002, BadVaddr : 00000000
Cause 00000008 (Code 0x2): TLB (load or instruction fetch) exception

-Traceback=

=== Flushing messages (14:27:14 UTC Mon Jan 2 2006) ===

Queued messages
*** System received a Bus Error exception ***
signal= 0xa, code= 0x8, context= 0x647b46d4
PC = 0x6063787c, Cause = 0x420, Status Reg = 0x34018002

System Bootstrap, Version 11.1(20)AA2, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)
Copyright (c) 1999 by cisco Systems, Inc.
C3600 processor with 131072 Kbytes of main memory
Main memory is configured to 64 bit mode with parity disabled

Well, and it’s repeating. It’s in a boot loop.

I had to set config register 0x2142 and then load the IOS without configuration:

…

*Mar 1 00:00:21.495: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel34, changed state to down
*Mar 1 00:00:21.499: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback0, changed state to up
*Mar 1 00:00:21.699: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel35, changed state to down
*** System received a Bus Error exception ***
signal= 0xa, code= 0x8, context= 0x647b46d4
PC = 0x6063787c, Cause = 0x420, Status Reg = 0x34018002

System Bootstrap, Version 11.1(20)AA2, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)
Copyright (c) 1999 by cisco Systems, Inc.
C3600 processor with 131072 Kbytes of main memory
Main memory is configured to 64 bit mode with parity disabled

telnet> send brk
PC = 0xbfc0a024, Cause = 0x2000, Status Reg = 0x3041f003

monitor: command „boot“ aborted due to user interrupt
rommon 1 > confreg 0x2142

You must reset or power cycle for new config to take effect
rommon 2 > reset

Now i can change the config.

Source:

http://www.cisco.com/en/US/products/sw/iosswrel/ps1831/products_tech_note09186a00800cdd51.shtml#more

Added CBAC from the last time i checked it.

1. Bridging and Switching
   1. Frame relay
   2. Catalyst configuration: VLANs, VTP, STP, trunk, management, features, advanced configuration, Layer 3
2. IP IGP Routing
   1. OSPF
   2. EIGRP
   3. RIPv2
   4. IPv6: Addressing, RIPng, OSPFv3
   5. GRE
   6. ODR
   7. Filtering, redistribution, summarization and other advanced features
3. BGP
   1. IBGP
   2. EBGP
   3. Filtering, redistribution, summarization, synchronization, attributes and other advanced features
4. IP and IOS Features
   1. IP addressing
   2. DHCP
   3. HSRP
   4. IP services
   5. IOS user interfaces
   6. System management
   7. NAT
   8. NTP
   9. SNMP
   10. RMON
   11. Accounting
5. IP Multicast
   1. PIM, bi-directional PIM
   2. MSDP
   3. Multicast tools, source specific multicast
   4. DVMRP
   5. Anycast
6. QoS
   1. Quality of service solutions
   2. Classification
   3. Congestion management, congestion avoidance
   4. Policing and shaping
   5. Signaling
   6. Link efficiency mechanisms
   7. Modular QoS command line
7. Security
   1. AAA
   2. Security server protocols
   3. Traffic filtering and firewalls
   4. Access lists
   5. Routing protocols security, catalyst security
   6. CBAC
   7. Other security features

Source:

http://www.cisco.com/web/learning/le3/ccie/rs/lab_exam_blueprint.html

CCIE Routing and Switching Lab checklist
This checklist is an adapted version of JongSoo Kim’s popular checklist for the CCIE Routing and Switching Lab exam revised for 2006.
Exam Topics:
• Frame Relay
• Catalyst 3550
• OSPF
• RIP
• EIGRP
• Golden Moment
• BGP
• IPv6
• Multicast
• IOS/IP service
• QoS
• Security
________________________________________

1. Spend a few minutes to understand the point of distribution between core requirement (L2, IGP, and BGP) and non-core (IOS, Service, Security, and Multicast)
2. Spend a few minutes to understand the topology. Figure out the core network, stub network, BB, et cetera.
3. Create Alias commands in notepad and copy/paste them to all routers. One of my favourite Alias is „show run | b Se“
4. Frame Relay (10~15 min.)
Configure router by router rather than interface by interface. Always configure interfaces in the following order
1) enc frame-relay
2) no frame inverse
3) no shut
Check to see if spoke-to-spoke connectivity is required by checking the core IGP section. Ping from spoke-to-spoke if possible. Not from hub-to-spoke.
If PPP over FR is required, then always create VT first, user/password
5. Catalyst 3550 (15~20 min.)
5.1. Read task and create VLAN table as listed below
VL Router CAT1 CAT2 Router VL
10 R1 f0/0——f0/1 f0/2——f0/0 R2 10
20 R3 f0/1——f0/3 f0/4——f0/0 R4 30
40 R5 f0/0——f0/5
40 R6 f0/1——f0/6
f0/23—f0/23
f0/24—f0/24
vl 10 vl 40
client vtp server vtp
5.2. Configure CAT1 and CAT2 and validate configuration
5.3. Read task once again and make sure nothing is missed.
5.4. Ping vlan by vlan. Select only one device and ping all others on a specific vlan. There is no need to ping from multiple interfaces on the same vlan. Don’t wait for ARP resolution.
L2 is over between 30~50 min. (Worst case = 60 min.)
6. OSPF (25~45 min.)
6.1. Draw a diagram to configure OSPF router by router rather than area by area. (10 min.)
Check if authentication is required, stub or NSSA areas’s need to be configured and if the nescessity of a virtual link is present. Make notes for route redistribution, summarization and aggregation. Pay attention to DR/BDR election and OSPF network type.
6.2. Configure OSPF router by router based on drawing in Black w/ green high-lighter (10~30 min.)
6.2.1. Always configure interface in this order
1) OSPF network type based on DR/BDR, hello interval, et cetera
2) authentication
3) priority
4) Loop interface ospf network type.
6.2.2. Configure OSPF process in this order
1) router-id
2) network (copy past from interface address)
3) neighbor
6.2.3. Validate everything is working (5 min.)
6.3. Do redistribute, summary, area range (5 min.)
6.4. Avoid any engagement with giant beasts. Instead make a note.
OSPF takes about 25~45 min. (total 55 ~1:45)
7. RIP (20~30 min.)
Warning: It is very tricky!
7.1. Draw RIP topology next to the OSPF drawing in blue (2 min.)
7.2. Check if interfaces are active or passive. Pay attention to RIP update method (multicast, broadcast or unicast), version and authentication. Never assume the default version is 2, no auto-summary, multicast, et cetera. This selection can be applied to each direction of the interface.
7.3. Configure router by router (5 min.) per drawing
7.4. validate everything is working (3 min.)
7.5. Spend enough time to be absolutely correct on route-filter, summary, et cetera (5 min.)
7.6. If mutual-redistribution is required, make sure multi-exit point to single-exit point. Don’t forget metric. If it is multi-exit point, write down „rip subnets“ on notepad and do the following (5 min.)
7.6.1. „redistribute ospf“ under „router rip“
Pitfal: Protect RIP routes re-entering from OSPF: „Deny rip routes and permit all“ route-map for „redistribute ospf“ to rip Don’t wait after „clear ip route * “ is issued.
7.6.2. „redistribute rip subnets“ under „router ospf“
Pitfal: Protect OSPF external routes re-entering from RIP: „Permit only rip routes“ route-map for „redistribute rip subnets“ to OSPF Don’t wait after „clear ip route * “ is issued.
7.6.3. distance 121 0.0.0.0 255.255.255.255 11 under „router OSPF“
Pitfal: Fix redistributing router’s AD for RIP routes: distance 121 0.0.0.0 255.255.255.255 11 „access-list 11 permit rip routes“ I saw sometimes this takes quite a few second. Don’t do „clear ip OPSF“ or I will end up spending more time just for watching.
RIP is over 20 ~30 min (total 1:15 ~ 2:15)
8. EIGRP (20~30 min.)
8.1. Draw EIGRP topology into OPSF drawing in black w/o high lighter (2 min.)
8.2. Determine non/passive/active-eigrp interface. Be open minded that BB can be multicast/unicast. Load-balance, authentication, stub, summary address (5 min.)
8.3. Configure router by router (5 min) per drawing
8.4. validate (5 min.)
8.5. Spend enough time to be absolutely correct on route-filter, summary, etc (5 min.)
8.6. If mutual-redistribution is required, make sure multi-exit point to single-exit point. If it is multi-exit point, write down „eigrp subnets“ on notepad ( 5 min) 8-6-1″redistribute ospf“ under „router eigrp“
Protect EIGRP external route re-entering from OSPF
„Deny eigrp routes and permit all“ route-map for „redistribute ospf“ to eigrp Make sure metric is configured.
8.6.2. „redistribute eigrp subnet“ under „router ospf“
Protect OSPF external routes re-entering from EIGRP
„Only permit eigrp routes“ route-map for „redistribute ospf“ to eigrp Make sure metric is configured.
8.6.3 distance 121 0.0.0.0 255.255.255.255 11 under „router OSPF“
Fix redistributing router’s AD for eigrp external routes
distance 121 0.0.0.0 255.255.255.255 11 „access-list 11 permit eigrp routes“
I saw sometimes this takes quite a few second. Don’t do „clear ip OPSF“ or I will end up spending more time just for watching. Technically, only eigrp external route needs to be applied but eigrp route won’t hurt and make it simple.
EIGRP is over in 20~30 min. (1:35 ~2:45 min.)
9. Golden Moment (5~30 min.)
Check the Golden moment per NMC meaning the exciting moment when you get ping response from every router to every router.
9.1. Run tclsh script
„foreach addr {
1.1.1.1
…
} { ping $ addr}“
Just copy/paste after tclsh (it is really cool when you see pings go through from everywhere to everywhere). To quit,type “tclq“.
9.2. when ping has no response, write down ip address and troubleshoot. Drawing will be the excellent tool for troubleshooting.
Full reachability is done in 5~30 min. (2:05~4:00)
10. BGP (20~40 min.)
10.1 Drawing a BGP topology on a separate paper. (3 min.)
10.2 Determine RR or CON or both to do full-mesh iBGP. See if neighbor peer-group is required, decide ip address to use bgp session.
10.3. Configure router by router not BGP session-by-session always put no sync and no auto-summary if allowed.
10.4. Spend enough time to be absolutely correct on route-filtering (ACL, prefix-list, as-path filter), route-aggregate (w/ as-set, summary-only, suppress-map, attribute-map, advertise-map), route-manipulation (w/as-pretending, med, local-pref, weight, next-hop, advertise-map/non/existing-map, origin, community, etc) route-dampening, et cetera.
10.5. validate config. Don’t wait for route updates after „clear ip bgp *“. It takes longer than a minute to complete.
BGP is over in 20~40 min. (2:25 ~ 4:40) My target is before lunch!
11. IPv6 (10 min.)
11.1. Draw a simple diagram (1 min.)
11.2. Watch out link local address over FR multilink.
SLA ID is 4th 16bit
16bit:16bit:16bit:SLA ID(16 bit) : interface ID( 64 bits)
site-local = FEC0::
link-local = fe80::
11.3. Check full reachability using tcl script or just manual ping depending on the number of routers.
IPv6 is over 10 min. (total 2:35 ~ 4:50)
Core routing is done. You should have at least three hours to go. Strategy will depend on much time you have left at this moment.
12. Multicast (15 min.)
12.1. Mark a Mcast topology with red high lighter on OSPF drawing.
12.2. Determine mcast topology (dense-mode, static RP pim sparse, Auto-rp/MA, pim V2 bsr, Auto-rp/MA/MSDP).
12.3. Configure router-by-router
12.4. validate config
12.5. If second part is difficult, skip by making a note.
13. IOS/IP service
Warning: Be careful not to block or drop any IGP updates
13.1 just check quickly and do easy one first.
13.2. skip difficult task by making a note.
14. QoS
Warning: Be careful not to block or drop any IGP updates
14.1. Draw a flow on paper instead of in brain.
14.2. Always determine classification method (ACL, NBAR) and direction.
14.3. Determine shaping vs. policing
14.4. Consider all options for queuing (legacy custom/priority, bandwidth/priority, shape average/peak, FRTS/GTS)
14.5. consider all options for policing (police, rate-limit, ip multicast rate-limit, aggregate police (3550))
14.6. If frame-relay, don’t forget adaptive-shaping.( becn, fecn, foresight)
14.7. Consider all dropping mode (random detect, ecn, tail drop, marking, etc)
15. Security
Warning: Be careful not to block or drop any IGP updates
15.1. Draw a flow on paper instead of in brain.
15.2. Consider all options for classification std/ext/reflexive/dynamic ACL, IP inspect, tcp intercept, unicast RFP, ip accounting output packet /access-violation/precedence
18.3. When configuring Switchport port-security mac-address, be careful to include virtual and physical mac if HSRP is running.