IPv6 Conference

Hi Everyone, I'm going to the IPv6 Conference in Oslo (Norway) this week. If any of you is also attending it would be nice to meet up. Cheers, JP

2 Answers In: Just Chatting About Networks By: CCIE-JP April 21, 2012

Congratulations Lino!!

I’m glad to see that your hard work paid off.

You really deserve it.

I look forward to working with you on your CCNP certification.

Enjoy the summer.

Cheers,
JP

DO you wish to upgrade the CatOS or migrate to IOS?

Hi Vino,

The scenario you just mentioned will have one of the trunks being blocking.

Should you wish to use both links you could:

- bind the trunks into an Etherchannel (good)
oe
- allow some vlans over one of the trunks, and the other vlans over the other trunk.

Have a look at this: http://freenetworkstudy.com/courses_post/classic-stp-spanning-tree-protocol/

JP

Hi,

Frame-relay is a layer 2 technology. Looking at the OSI model, you may use multiple technologies at layer 2 (ethernet, frame-relay, ATM, …). You could say that these are different “transportation means” that IP packet use to travel from a router to another.

Now, an OSPF ASBR is just a router on which routes (from EIGRP or other sources) are redistributed.

These two concepts are not really related but absolutely not mutually exclusive. So the answer is yes, you can absolutely use frame-relay on an ASBR.

JP

hmmmm, I would say you should resolve the flapping issue. There’s no point to have a backup if it’s not reliable.

I do not recommend looking for a solution to hide such an issue. it’s like having a flat spare wheel.

but to answer your question, I would increase the delay on the flapping link.

JP

Hi Vino,

What did you mean with this question? Did you want to know the reason we use interface loopback in EIGRP?

Cheers,
JP

Hi Zahid,

You can definitely load balance using STP and VLANs. The trick is to cause STP to block different links for each VLAN. Let’s take an example, you have 3 parallel links and 3 VLANs (1, 2 and 3).

If you configure the STP priorities so that in VLAN 1, link 1 should be forwarding while the other 2 are blocking (for VLAN 1), then all your VLAN 1 traffic will travel on link 1 (and no loop would be created).

If you do the same for VLANs 2 and 3 being forwarding on links 2 and 3 respectively, then all links will be used in parallel without introducing a loop. You’re effectively load balancing per VLAN.

Now should link 1 break, STP would “unblock” another link for VLAN 1, …

An alternative to this is to bind all links in a port channel and let the channel load balancing take care of the traffic.

JP

If one end is set to full duplex while the other is set to half duplex, you would have collisions.

If you cannot set both sides to full, then set both sides to half duplex. This should even increase your performance since collisions cause frames to be resent and slow down the connection.

What do you mean by it’s connected to a microwave? Are you using a shielded cable?

Let me know how this goes.

Hi Hussien,

I see from the document you’ve attached that your interface is running in Half-duplex. Try statically configuring both ends to be either full or half duplex.

in addition:
Late collision are usualy caused by a faulty cable or NIC. What do you mean by it’s connected to a microwave?

JP

Hi Hussien,

How is the other end configured? and how long is the cable?

JP

Hi,

If you have the IOS, you can create a .image file as described here:

http://www.gns3.net/gns3-uncompressing-cisco-ios-images/

JP

Hi Lino,

The Feasibility Condition is met if the Reported Distance is less than the Feasible Distance for a specified destination.

The Successor is the best path to a destination that also meets the feasibility condition while the Feasible Successor is a backup route that also meets the feasibility condition but has a higher metric than the Successor.

when routes are compared, it’s the total metric (to the left) that is compared, the second value is compared in case of tie. But I don’t think this is crucial for the exam or the overall EIGRP understanding.

Here are some additional key points:

If multiple successors have the same metric, EIGRP will load balance using all these routes.

Now the only other scenario in which you would “worry” about the Reported distances of Feasible Successors is when implementing unequal cost load balancing. When using the Variance keyword, the route will be considered if the reported distance is lower than the FD prior to applying the variance multiplicator.

I hope that helps.

JP

Hi,

those extra 30 minutes can be very important.

You should also practice as much as possible to get familiar with the wording. The devil is in the details, we often misread questions/answers and that can cause us to waste time or worse …

Before you start the exam, take few minutes to relax, breathe with your stomach, say someonething positive like “I’ll be alright, I’m having fun in this learning process, …”

If you have about 90 seconds in average to cover a question, remember it’s just an average, some questions can be answered in less than 5 seconds while some others might take more time.

Finaly, if you get stuck on a question at the begining of the exam, dont get stuborn, cut your loses and forget it, don’t let it get you depressed and unfocused for the remaining questions.

Hi Lino,

For the first part of your question: You’re absolutely right. When two routers are connected by a serial connection, the default OSPF network type is point-to-point.
However, when they’re connected by a PVC over a NBMA (frame-relay for example), the physical serial interface defaults to network type non-broadcast while the point-to-point subinterface (if any) defaults to net type p2p.

Regarding the second part, show ip ospf neighbor would show you the neighbor’s router ID, its connected IP address and interface.

Make sure the router-id is properly set, either manualy or by setting up a loopback interface, before your adjacencies are formed. To see what I mean, try restarting the OSPF process and you’ll see that the router-id of both routers will show the IP address of their respective loopback interface.

JP

Hi,

If your company has only one uplink/connection to the Internet, then using a default route would be a good idea:

- to store the Internet routing table and perform the various checks and computations that BGP requires would consume alot of resources (CPU and memory). Not all routers can do that. Then again, if you only have one way out of your network (one uplink), all this is quite unecessary (like in an OSPF stub area).

If you have multiple uplinks to the Internet, you would need to route dynamically. BGP also gives you control over how traffic comes in and leaves your network.

default toute : less resources and less configuration
BGP: more control and more flexibility

Hi Vino,

In order to communicate with the rest of the world, you need to be able to route traffic to the various destinations. so what you basically need is routes. you can either use a default route (send all non local traffic to your ISP) or use BGP to peer with your ISP.

So your choice is: use a default route or get the Internet routes (nowadays about 500 000 routes)

To support/scale the Internet routes you have to use an Exterior Border Routing protocol (only BGP is available).

So to answer your question, if your company is not using BGP, they’re using a default route to reach the Internet.

That’s really cool, I misread the question, I thought it was about the fastest speed on copper cable.

Hi,

I agree. This simple operation can be very disastrous: it can crash a big part of your network.

Since by default, all switches are in VTP server mode, if the new switch has a higher sequence number than the current main server, it will overide the VLAN database.

What you should do before you connect the new switch to the network:
1 put the new switch in transparent mode
2 reset the sequence number, you can for example change the vtp domain name (see more examples in the courses)

anyone else has a good method or best practice?

Hi Screenislg,

Here’s what I would do:

1-read the latest CCIE study guide
2-completely cover each technology separately (for example cover EIGRP from A to Z)
That means reading the related courses, doing the related labs and taking the related exams (make sure you completely understand the answers)
3- setup a home lab by either buying the hardware (if you can afford it) or just 2 switches that you connect to your routers in GNS3.

4- Pick a lab workbook for full-scale CCIE labs (all technologies integrated in an 8-hour lab)
5- If your home lab doesnt support all the covered features, you can spend the last 4 to 6 weeks prior to the lab exam on rental racks

I recommend you participate actively in various forums.

Before the actual ccie lab, make sure you are comfortable with creating detailed diagrams and that you have tested your lab strategy. Make sure you can write ping scripts rapidly.
Identify your milestones and testing phases.

We can discuss the lab strategy when you get closer to the D-day.

Reading recommendations (short list):

Read all the courses at freenetworkstudy

Absolute must-read books:

TCP/IP illustrated (vol 1&2)
CCIE practical studies (vol 1&2)

Regards,
JP

That’s a really good start. That’s exactly what I did. worked very well for me. have you passed any other certification? I could share some nice techniques.

Since summarization is used to save ressources (by exchanging and storing less routes) and improve convergence times and network stability, you would use it at logical routing borders. Here are some examples:

ex1: sites A and B are connected via a WAN link, site A has 100 subnets of 10.0.0.0/16 and site B has 100 subnets of 10.1.0.0/16, then site A can send its summarized route to site B instead of sending 100 routes (and vice versa).

ex2: in a hierarchical campus architecture, you would summarize at the distribution layer towards the core

ex3: in a hub and spoke setup, you would send summaries to improve stability and convergence

…

I assume you are talking about two physical networks and not GNS3, if yes, you don’t need to do any change to the physical connections. You only need to setup an IPsec VPN between the locations.

look here:

http://freenetworkstudy.com/labs_post/ipsec-vpn-router-to-router/

Hello,

Are you asking why we use loopback interfaces in EIGRP and OSPF?

If so, we use loopback interface in order to “control” the routing process router-ID (the loopback with the highest IP address is used to determine the router-id) without loopbacks, the process would pick the highest configured IP address on any interface.

Hi Gurpreet,

In the case you described. It seems we are not talking about a line between two locations (which would required sharing an IP subnet). It seems we are talking about two remote locations with each its uplink to the Internet.

In that case, you would link the two site via a VPN. All you need is IP connectivity.

JP

Hi Vino,

You can find many examples here:

http://freenetworkstudy.com/courses_cat/spanning-tree-advanced-features/

Yes that’s correct.

See: http://freenetworkstudy.com/courses_post/ip-summarization/

I have multiple times configured for various real world customers similar services as those tested in the various Cisco Labs (including the CCNA).

Remember that the CCNA is the first level, it gives you an insight on some technologies and methods, but most importantly it gives your good grounds/starting point to build very good configuration skills.

Because of the Cisco NDA, I cannot tell you what labs are tested in the CCNA exam, but is there anyone out there who took the CCNA exam had to do some configuration close enough to their real world experience?

Hi Alf,

I’m not sure I understand the question: do you want to know what labs fall on the real CCNA exam or do you wish to know how the CCNA labs compare with real world experience?

JP

Hi again,

I realised I didnt really answer your other question: “how come the neighborship comes up in the second case and not in the first case.”

both configs should work, but I noticed your IP addresses change quite alot (17 => 172).

Could you please paste your configs here?

Also, I assume the 2 routers are connected via a direct serial cable, is that correct?

Hi Vino,

Look at this link:
http://freenetworkstudy.com/courses_post/eigrp-neighborships/

For the adjancy to form, you have few parameters that have to match. regarding the IP addresses, the 2 neighbors have to be in “overlapping subnets”

10.0.0.1/8 and 10.0.0.2/24 are in “overlapping subnets”

Also look at the configuration examples here:
http://freenetworkstudy.com/courses_cat/2-ccna-eigrp-configuration/

and do the labs:
http://freenetworkstudy.com/labs_cat/ccnp-eigrp-labs/

JP

Hi Gurpreer,

Yes, it works perfectly. It’s even the best setup since GNS3 has limiting switching functionalities.

As a general rule, when you wish to connect anything (physical switches, SDM, ASDM, clients, Call manager,…) to your GNS3 network, use the cloud feature.

It’s very easy and works very well.

JP

to access your GNS3 devices using SDM from your PC.
1- create a loopback adapter on your PC (http://www.windowsreference.com/windows-7/how-to-install-a-loopback-adapter-in-windows-7/)
2- add a cloud inside your GNS3 setup
3- Add the newly created loopback adapter to your cloud.
connect your GNS3 device to the cloud.
Let me know if you need more details.

Hi Rachit,

Yes absolutely, you would do that by using the cloud feature in GNS3, connect it via a loopback interface and access SDM from your browser.

There was a similar question in the forum where the details were covered. Let me know if it’s clear.

Cheers,
JP

Hi Fredrik,

Yes, that would do the trick. However, I personally don’t like to manipulate routes using the administrative distance. By doing so, you lose alot of granularity. It doesn’t show when only one route is redistributed.

Was that part of a lab you’re doing? what are the requirements?

cheers,
JP

Very Good point!! I use to have an 8 weeks plan (depending on the exam) listing for each week the blueprint points that would be covered.

It’s motivating to see your progess plus you avoid forgetting something.

Hi everyone,

the conference was just amazing. Some of the fathers of Internet were there as well as absolute experts from Hurricane Electric, Cisco, Telenor, Yahoo, RIPE, Alcatel-Lucent and many others. They shared massive IPv6 tips and techniques

I’ll try to write about it next week.
JP

PS: was fun seeing some of you there!

Hi John,

That’s a great question. I hope others will read this and understand that this world is open to everyone. I’m quite the “bad” example since I followed a more classic path (Engineering school for 5 years followed by a master, then started with the ccna in 2001 and never stopped since).

But I know dozens of individuals (some of them are members of this forum so please add your comments too) who started their networking lives with absolutely no IT background. And within 6 months were certified and working on very exciting projects employed by big companies.

What I did was telling them to really understand the stuff and not certify too fast.

What they did is just that, start from the basics and build up (look at the question about CCNA strategy). The worst you can do is keep things to yourself. This forum is really just about that: sharing (knowledge and problems). Don’t be afraid to ask. Tell us about what you still don’t understand once instead of having it show up repeatidely througout your carreer.

NETWORKING IS NOT HARD AT ALL, all you have to do is commit to learning and ask for help.

JP

nice

Hi Kabi,

Have you seen this course?

http://freenetworkstudy.com/courses_post/ieee-802-1x-the-basics/

JP

Hi Kabi,

Please do not claim this question so that we can continue adding our comments

What Lino wrote about the subnets is correct. However the hosts part is 3+8 bits (3 bits + the fourth octet), which makes 2046 hosts. But don’t worry about that, your subnets don’t overlap.

Have you modified your config as I mentioned in my last comment?

Have a look at this course: http://freenetworkstudy.com/courses_post/ip-subnetting/

First, did you know that the first address in your network is 192.168.8.1 ? (not 10.1) =>192.168.8.1 – 192.168.15.254

That’s not an issue since they don’t overlap.

Where are you entering those commands? on Packet tracer?

I don’t think you can really type them as described with a “-”, try as follow:
ip dhcp pool
ip dhcp excluded-address

JP

Hi,

from the exam topics list on cisco.com :
- Configure and verify Frame Relay on Cisco routers

It’s a WAN technology still in use today. check out the courses here.

JP

Hi Kabi,

Could you paste the whole config here? I want to see how you configured your interface VLAN.

Did you say you can ping the default Gateway in each VLAN?

JP

I like the spirit! Why choose when we can have them all

about VTP: make sure all switches in the VTP domain use the same VTP domain name.

Now, as per my last message, you have to create 2 interface VLAN (one for each VLAN), that would be your default gateway. No routing configuration is needed since those 2 int vlan are directly connected.

Could you paste your configs so that we can help you solve the issue?

JP

In which context are you typing these commands?

Some commands/firmware/hardware demand a mask, others demand a wildcard mask. For example, an ACL on a router demands a wildcard mask while on an ASA, it’s a mask.

network 192.168.0.0 0.0.255.255
==> every network starting with 192.168

network 192.168.0.0 255.255.0.0 (not a valid wildcard mask, but if it was it would be all networks ending with 0.0)

Did I understand your question correctly?

JP

Hi Kabi,

Your question didn’t say, but I assume VLANs 10 and 20 are on every switch, and that you’ve configured the ports connecting to the systems to be in access mode in each of these VLANs.

Then you only need to create an Interface VLAN for each VLAN and give it an IP address in the same subnet.
Ex:
Interface VLAN 10
IP address 10.10.10.1 255.255.255.0
Interface VLAN 20
IP address 10.10.12.1 255.255.255.0

You do that on your L3 switch.

JP

Hi,

Do a ” dir flash0: ” to verify the file name,
then copy the image to a tftp server: ” copy flash0: tftp: ”

Finally copy the image to the other device ” copy tftp: flash0: ”

There you go:
http://freenetworkstudy.com/courses_post/ip-access-control-lists/

JP

File

Hi Lino,

You have two equal cost routes to your destination. I would say that traceroute is getting both paths.

Strange about your attachment not showing up.

Hi Lino,

I can’t see your attachment.

Regards,
JP

Hi Raju,

What’s your ultimate goal? Do you wish to specialize in security? If you haven’t decided yet, I recommend taking the CCNP R&S. It would give you strong networking grounds.

JP

Hi Lino,

The exam feature should be released on freenetworkstudy in about two weeks. In the meantime, if you follow link under the exam page, you’ll have access to free exams.

Otherwise, there are tons of companies out there selling exams. I’ve heard of testking but I don’t know how good they are. Make sure you nail the CCNA labs here before you take the test.

How soon would that be?
Best of luck buddy, I know you’ve worked hard and really deserve it.

JP

Look at these examples:

http://freenetworkstudy.com/courses_post/ip-summarization/

Hi Lino,

From your question, it’s unclear if A is 192.168.1.0 through 192.168.7.0 or 192.168.1.0 through 192.168.120.0

However, for 192.168.1.0 through 192.168.120.0
it would be 192.168.0.0/17
and for 192.168.1.0 through 192.168.7.0 it would be
192.168.0.0/21

about B: 172,16.1.0 through 172.16.7.0, it would be 172.16.0.0/21 but that’s a “bad” summary since it includes 172.16.0.0/24

JP

Hi,

Yes, you’re right. A gateway is a router.
Gateway is almost a legacy term: a device connecting 2 “worlds”. We use to have voice gateways (connecting the IP world to the voice world).
In the IP context, the gateway is the router that connects your local subnet to the rest of the internetwork (not necessarly the Internet).

Let me know if this was a bit unclear.
JP

Hi Ayaan, and welcome,

If you are new at this, you should start by looking at

• OSI Model
• TCP/IP Model
• Data Encapsulation

Then follow with the layer 2 concepts. Check out the CCNA program.

Generaly speaking, follow these steps:
here’s the step by step strategy:
1- read the courses (all the courses) on a given technology (ex: VLANS and TRUNKING)
2-Practice the Labs for that technology.
3-take the practices exams for that technology
4-Ask questions here and get help

Anyone else on the forum just starting or started only few weeks/months ago?

JP

Hi,

That’s a great question. Let’s look at the details.
The bandwidth is 1000 on all links. Which implies that the metric comparaison will be done on the delay.

Router C would receive a route to the subnet from Router B. Now the question is: how does router D reach the subnet?
Router D receives updates from Routers A and C. from router A, the metric (=400) is twice the metric from router C (100+100=200).
As a result Router D would install the route it received from Router C. And split-horizon dictates that this route cannot be advertized back to Router C.
–>Router C only has one route to the subnet (via router B)

Hope this helps.
JP

Hi Lino,

When you wish to connect anything from outside GNS3 to your GNS3 internetwork, you should use the GNS3 cloud feature.

My Cisco Call manager and soft IPphones were running on a VMware. I connected them transparently using the cloud.
You can do the same to access your GNS3 devices using SDM from your PC.
1- create a loopback adapter on your PC (http://www.windowsreference.com/windows-7/how-to-install-a-loopback-adapter-in-windows-7/)
2- add a cloud inside your GNS3 setup
3- Add the newly created loopback adapter to your cloud.
connect your GNS3 device to the cloud.
Let me know if you need more details.

Hi Lino,

Yes you can run the Cisco ACS (as well as the IPS, ASA, …) in GNS3. You can even run CCIE security labs in GNS3.
I even ran a full VOIP LAB – all manager, IP phone (soft),… On GNS3

JP

Hi PHOBryant,

Can you describe your current setup and requirements list? a basic diagram could be nice to have.

JP

Hi again,

In a live production network, you would want the behavior to be deterministic. You would configure bridge priorities so that we would pick the root bridge as well as the bridge that would become root in case of failure. about the port roles, run the show spanning-tree command.
Is your company spanning a broadcast domain accross more than 500 switches?

Hi Netrusingh,

Could you detail your question a bit more?

There’s a root port on every non-root switch (it’s the port connecting towards the root bridge).

There’s also a Designated port per segment (between switches).

On a given switch, you can see port roles using the show spanning-tree comand. Is that helping?

Hi,

When did you pass your last exam? have you received an email confirmation that you passed? First you should verify that your CCO contact details are up to date.

JP

Hi Ben,

D and E are the correct answers.

Explainations: These are exactly the definitions of UDLD and loop guard.

Check the switching courses for more details. I also advise to look into Bidirectional Forwarding Detection (BFD).

JP

here’s the step by step strategy:
1- read the courses (all the courses) on a given technology (ex: OSPF)
2-Practice the Labs for that technology.
3-take the practices exams for that technology
4-Ask questions here and get help
5-Try to explain it to someone else (you gain alot, since it falls into place)

repeat steps 1 to 5 for each technology listed in the blueprint

6-Practice full scale labs, and full scale exams.

Hi Arshad,

Your planning looks very good!
The only things I would do differently, is start with:
• OSI Model
• TCP/IP Model
• Data Encapsulation
And maybe do the following before you study routing, since routing depend a lot on what you run at layer 2.
Day 3
• Introduction to WANs
• Cable and DSL
• PPP & HDLC encapsulation Methods
Day 4
• Frame Relay
• LAB-Frame Relay
Day 5
• Introduction To Switches & Switches Models
• STP “Spanning Tree Protocol”
• Basic Switches Configuration
• LAB-basic Switches Configuration
Day 6
• VLANs “Virtual LANs”
• LAB-VLAN

And finish with a week or reviewing the ccna labs and take full scale ccna exams.
Great plan!

Hi,

When I took my CCNP, I started with routing, since I was most comfortable with routing and I wanted to start with a success for motivation.
I spoke to many who did the opposite: started with the subject they’re least comfortable with. But it doesnt make much sense to start with T-shooting.

I guess the logical order is to follow the OSI layers: start with switching, routing then T-shooting.

Anybody currently taking the CCNP or took it? how did you do?

Congrats!!! Well Done!

How did you prepare? any good tips for others?

Hi Hachem,

Welcome to the fastest growing network community (105 new users in 3 days).

The key is to Learn the basis, master them before you go to the next step, dont build on weakness.

So here’s the step by step strategy:
1- read the courses (all the courses) on a given technology (ex: OSPF)
NB: even the design courses, since your plan is to master the technology in order to eventually continue to CCNP and CCIE.
2-Practice the Labs for that technology.
3-take the practices exams for that technology
4-Ask questions here and get help
5-Try to explain it to someone else (you gain alot, since it falls into place)

repeat steps 1 to 5 for each technology listed in the blueprint

6-Practice full scale labs, and full scale exams.

Hmmm, what version are you using currently, and what version are you upgrading to?

I see, well you can solve your issue by keeping the current certificate and netmask unchanged, and enabling proxy ARP on the server’s default gateway (router or firewall).

If that helps, please approve my answer

Hi John,

You can’t just rewrite a certificate since it has been signed using all the inputs (IP address, name, mask,…) you have submitted.

You must order a new certificate.

If that helps, please approve my answer

JP

no, this is not required, what’s required is a roll back plan

A. easy guidelines in case of failure

Cert Book: rollback steps in case of a failure

the first may mean (and often does) a description of the steps to fix issues introduced by the change (and proceed with the change)
the second is about rolling back the change

So I think only D,E and F apply here

do u see a difference between the 2 answers?

Hi Chrilind,

I would say answers: D, E and F.

JP