Doc-CD

May 14, 2014, 7:52 am

≫ Next: IPV6 VRF DHCP

≪ Previous: INE R&S topology working on GNS3 using breakout switch !!

I know we can use the Doc-cd in the lab.

When I search a technology, am I able to download the book?

ie. http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_ospf/configuration/15-mt/iro-15-mt-book.html

↧

IPV6 VRF DHCP

May 14, 2014, 8:33 am

≫ Next: New Workbook Initial Configs

≪ Previous: Doc-CD

Hello , hope you are fine ,I really have a question and i appreciate that someone help me about that and i thank you very much.

. i noticed a behavior and i don't know if this is a normal behavior or not : i hope that you can help me :

In IPv4, when a client requests an IP to the DHCP server, it is the gateway to the vlan interface makes the dhcp request to the dhcp server.

In IPv6, if there are multiple vlans interfaces in a VRF, the distribution switch does not use the interface vlan client to run the query ipv6 dhcp relay, but another vlan interface in the VRF In shutant all interfaces in the vrf , client use the good gateway to request a dhcp request .

i have a different behavior between ipv4 and ipv6.

Why ipv6, distribution which serves dhcp relay don't uses the vlan interface client to send the request to the DHCP relay dhcp server. Hope that i have good explain , thank you for your reply , i really appreciate your help

Best regards

↧

New Workbook Initial Configs

May 14, 2014, 11:44 am

≫ Next: CCIE Security v4 Practice Labs Workbook now released

≪ Previous: IPV6 VRF DHCP

Could I get some clarification on the new initial configs for the new workbook? For instance I am going through the OSPF section and noticed when I open the initial configs for this section there are several sub folders listed with different titles. The only reference I am given within the workbook is to use the OSPF initial configs.

When I start on task 1 it mentions that I need to configure OSPF for Loopback 192. The initial configs don't contain Lo192. Is there something that I am missing? How would I know to load the "Loopback initial config" without having to search around for it, and how do I know I'm actually supposed to do that to begin with?

↧

CCIE Security v4 Practice Labs Workbook now released

April 18, 2014, 1:58 pm

≫ Next: DMVPN labs from v5 workbook - mGRE on the spoke routers?

≪ Previous: New Workbook Initial Configs

Folks,

While studying today my study partner noticed that within the last 10 minutes, INE has released the new CCIE Security v4 Practice Labs workbook.

We also now have new IEOC forum sections for the ATC v4 and the Practice Labs v4 added for questions and answers. Remember to update your forum memberships to subscribe to these new forums to stay up-to-date.

Cheers,

↧

DMVPN labs from v5 workbook - mGRE on the spoke routers?

May 12, 2014, 11:34 pm

≫ Next: MLDP for MVPN - multicast tree not working

≪ Previous: CCIE Security v4 Practice Labs Workbook now released

Hi,

Since there is no v5 workbook subforum I will post here.

I started doing the new DMVPN labs and noticed that everywhere on the DMVPN spokes the tunnel is configured as mGRE.

I thought the mGRE on the spokes is needed only when implementing phase 2.

Is there any particular reason why the spokes aren't configured as p2p GRE tunnels?

Thanks

↧

MLDP for MVPN - multicast tree not working

May 14, 2014, 2:35 pm

≫ Next: Ipad/Mobile Phone Wireless Authentication

≪ Previous: DMVPN labs from v5 workbook - mGRE on the spoke routers?

Hello everyone. I'm in need of help in a sample lab to run MLDP for MVPN. The topology is a simple CE (R1) <--> PE (R2) <--> P (R3) <--> PE (R4) <--> CE (R5). MPLS forwarding is working across the core. R1 is sending ICMP to 224.2.2.2 sourced from its loopback. I'm using 15.2 in GNS3. Below is the config and show output info. Please tell me what i'm missing in this lab.

Your comments are greatly appreciated. Thanks in advance.

Mike G.

R1#

!
ip multicast-routing
!
!
interface Loopback0
ip address 100.0.0.1 255.255.255.255
!
interface FastEthernet0/0
ip address 10.1.0.1 255.255.255.0
ip pim sparse-mode
!
router rip
version 2
network 10.0.0.0
network 100.0.0.0
no auto-summary
!
ip pim bidir-enable
!

R2#

!
ip vrf yellow
rd 2:200
vpn id 50:10
mdt preference mldp
mdt default mpls mldp 100.0.0.1
mdt data mpls mldp 255
mdt data threshold 40
route-target export 2:200
route-target import 2:200
!
ip multicast-routing
ip multicast-routing vrf yellow
!
mpls mldp logging notifications
!
interface Loopback0
ip address 50.0.0.2 255.255.255.255
ip pim sparse-mode
!
interface Loopback100
ip vrf forwarding yellow
ip address 100.0.0.2 255.255.255.255
ip pim sparse-mode
!
interface FastEthernet0/0
ip vrf forwarding yellow
ip address 10.1.0.2 255.255.255.0
ip pim sparse-mode
!
interface FastEthernet1/0
ip address 10.2.0.2 255.255.255.0
mpls ip
!
router ospf 1
router-id 50.0.0.2
network 10.0.0.0 0.255.255.255 area 0
network 50.0.0.0 0.0.0.255 area 0
!
router rip
version 2
no auto-summary
!
address-family ipv4 vrf yellow
redistribute bgp 1
network 10.0.0.0
network 100.0.0.0
default-metric 5
no auto-summary
version 2
exit-address-family
!
router bgp 1
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 50.0.0.4 remote-as 1
neighbor 50.0.0.4 update-source Loopback0
neighbor 50.0.0.6 remote-as 1
neighbor 50.0.0.6 update-source Loopback0
!
address-family ipv4
redistribute rip
exit-address-family
!
address-family vpnv4
neighbor 50.0.0.4 activate
neighbor 50.0.0.4 send-community extended
neighbor 50.0.0.6 activate
neighbor 50.0.0.6 send-community extended
exit-address-family
!
address-family ipv4 vrf yellow
redistribute connected
redistribute rip
exit-address-family
!
mpls ldp router-id Loopback0
!

R3#

!
ip multicast-routing
!
interface Loopback0
ip address 50.0.0.3 255.255.255.255
ip pim sparse-mode
!
interface FastEthernet0/0
ip address 10.2.0.3 255.255.255.0
mpls ip
!
interface FastEthernet1/0
ip address 10.3.0.3 255.255.255.0
mpls ip
!
router ospf 1
router-id 50.0.0.3
network 10.0.0.0 0.255.255.255 area 0
network 50.0.0.0 0.0.0.255 area 0
!

R4#

!
ip vrf yellow
rd 2:200
vpn id 50:10
mdt preference mldp
mdt default mpls mldp 100.0.0.1
mdt data mpls mldp 255
mdt default 239.1.1.1
mdt data 238.2.2.0 0.0.0.255 threshold 40
mdt data threshold 40
route-target export 2:200
route-target import 2:200
!
ip multicast-routing
ip multicast-routing vrf yellow
!
mpls mldp logging notifications
!
interface Loopback0
ip address 50.0.0.4 255.255.255.255
ip pim sparse-mode
!
interface Loopback100
ip vrf forwarding yellow
ip address 100.0.0.4 255.255.255.255
ip pim sparse-mode
!
interface FastEthernet0/0
ip vrf forwarding yellow
ip address 10.4.0.4 255.255.255.0
ip pim sparse-mode
!
interface FastEthernet1/0
ip address 10.3.0.4 255.255.255.0
mpls ip
!
router ospf 1
router-id 50.0.0.4
network 10.0.0.0 0.255.255.255 area 0
network 50.0.0.0 0.0.0.255 area 0
!
router rip
version 2
no auto-summary
!
address-family ipv4 vrf yellow
redistribute bgp 1
network 10.0.0.0
network 100.0.0.0
default-metric 5
no auto-summary
version 2
exit-address-family
!
router bgp 1
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 50.0.0.2 remote-as 1
neighbor 50.0.0.2 update-source Loopback0
!
address-family ipv4
redistribute rip
exit-address-family
!
address-family vpnv4
neighbor 50.0.0.2 activate
neighbor 50.0.0.2 send-community extended
exit-address-family
!
address-family ipv4 mdt
neighbor 50.0.0.2 activate
neighbor 50.0.0.2 send-community extended
exit-address-family
!
address-family ipv4 vrf yellow
redistribute connected
redistribute rip
exit-address-family
!
mpls ldp router-id Loopback0
!

R5#
!
ip multicast-routing
!
interface Loopback0
ip address 100.0.0.5 255.255.255.255
!
interface FastEthernet0/0
ip address 10.4.0.5 255.255.255.0
ip pim sparse-mode
ip igmp join-group 224.2.2.2
!
router rip
version 2
network 10.0.0.0
network 100.0.0.0
no auto-summary
!
ip pim bidir-enable
!

>>> Trace to R5's loopback works.

R1#trace 100.0.0.5

Type escape sequence to abort.
Tracing the route to 100.0.0.5

1 10.1.0.2 16 msec 60 msec 28 msec
2 10.2.0.3 [MPLS: Labels 16/21 Exp 0] 128 msec 84 msec 96 msec
3 10.4.0.4 [MPLS: Label 21 Exp 0] 108 msec 96 msec 44 msec
4 10.4.0.5 152 msec 124 msec 104 msec
R1#

>>> PING to multicast address fails.

R1#ping 224.2.2.2 so lo0 repeat 50

Type escape sequence to abort.
Sending 50, 100-byte ICMP Echos to 224.2.2.2, timeout is 2 seconds:
Packet sent with a source address of 100.0.0.1
.......
R1#sh ip mroute
IP Multicast Routing Table
Flags: D - Dense, S - Sparse, B - Bidir Group, s - SSM Group, C - Connected,
       L - Local, P - Pruned, R - RP-bit set, F - Register flag,
       T - SPT-bit set, J - Join SPT, M - MSDP created entry,
       X - Proxy Join Timer Running, A - Candidate for MSDP Advertisement,
       U - URD, I - Received Source Specific Host Report,
       Z - Multicast Tunnel, z - MDT-data group sender,
       Y - Joined MDT-data group, y - Sending to MDT-data group
Outgoing interface flags: H - Hardware switched, A - Assert winner
Timers: Uptime/Expires
Interface state: Interface, Next-Hop or VCD, State/Mode

(*, 224.0.1.40), 00:30:58/00:02:49, RP 0.0.0.0, flags: DPL
Incoming interface: Null, RPF nbr 0.0.0.0
Outgoing interface list: Null

R1#
R2#sh ip pim vrf yellow neigh
PIM Neighbor Table
Mode: B - Bidir Capable, DR - Designated Router, N - Default DR Priority,
      P - Proxy Capable, S - State Refresh Capable, G - GenID Capable
Neighbor          Interface                Uptime/Expires    Ver   DR
Address                                                            Prio/Mode
10.1.0.1          FastEthernet0/0          00:22:38/00:01:16 v2    1 / S G
R2#

>>> No PIM peering over the LSPVIF0 interface.

R2#show mpls mldp database
* Indicates MLDP recursive forwarding is enabled

LSM ID : 1 (RNR LSM ID: 2)   Type: MP2MP   Uptime : 00:06:55
FEC Root           : 100.0.0.1
Opaque decoded     : [mdt 50:10 0]
Opaque length      : 11 bytes
Opaque value       : 02 000B 0000500000001000000000
RNR active LSP     : (this entry)
Upstream client(s) :
    None
      Expires        : N/A           Path Set ID : 1
Replication client(s):
    MDT (VRF yellow)
      Uptime         : 00:06:55      Path Set ID : 2
      Interface      : Lspvif0

R2#

R2#sh ip pim vrf yellow mdt
* implies mdt is the default MDT
MDT Group/Num Interface Source VRF
* 0 Lspvif0 Loopback0 yellow
R2#

R2#sh ip mroute vrf yellow
IP Multicast Routing Table
Flags: D - Dense, S - Sparse, B - Bidir Group, s - SSM Group, C - Connected,
       L - Local, P - Pruned, R - RP-bit set, F - Register flag,
       T - SPT-bit set, J - Join SPT, M - MSDP created entry, E - Extranet,
       X - Proxy Join Timer Running, A - Candidate for MSDP Advertisement,
       U - URD, I - Received Source Specific Host Report,
       Z - Multicast Tunnel, z - MDT-data group sender,
       Y - Joined MDT-data group, y - Sending to MDT-data group,
       G - Received BGP C-Mroute, g - Sent BGP C-Mroute,
       Q - Received BGP S-A Route, q - Sent BGP S-A Route,
       V - RD & Vector, v - Vector
Outgoing interface flags: H - Hardware switched, A - Assert winner
Timers: Uptime/Expires
Interface state: Interface, Next-Hop or VCD, State/Mode

(*, 224.0.1.40), 00:17:04/00:02:58, RP 0.0.0.0, flags: DCL
Incoming interface: Null, RPF nbr 0.0.0.0
Outgoing interface list:
    FastEthernet0/0, Forward/Sparse, 00:17:02/00:02:46
    Loopback100, Forward/Sparse, 00:17:03/00:02:58

R2#

May 14, 2014, 8:01 pm

≫ Next: The Avenginator Returns.

≪ Previous: test iewb-rsv5-fsl@ieoc.com

Forums for discussion of the CCIE RSv5 Workbook are now available here. Sub-forums each have email ailases as well.

↧

The Avenginator Returns.

May 14, 2014, 9:37 am

≫ Next: ASA SMTP inspection task

≪ Previous: New CCIE R&S v5 Workbook Forums

Lets get the nasty bits over with.

No I'm not a CCIE...I failed....TWICE! Shame on me but those who followed my posts previously had an idea that I was well on my way to passing this thing...or at least had a better than average shot at it.. Then EXACTLY 90 days before...EXACTLY on the same day...actually 2 hours after I got the conformation e-mail from cisco something horrible happened. (In hind sight it was a good thing but at the time...it was impossible)

Its been tough but enough moping.

I'm back. Will Tox study for this thing again? I dont know...I dont wanna teach anymore....so I'm in limbo. I DO know that I'm done being locked up in my room 12 hours a day by myself...and there are only so many CCNA and CCNP classes that I can bear to teach now.

Ver 5 took PfR away and Layer 2 qos...GOOD....they took Frame away...BAD...C'est la vie

The proctor now happens to know me as "the guy that ate too much hot sauce during lunch and was dobled over for most of the exam!"

I've lost a lot of technical knowhow...if you were to ask me about OSPF transit capability or BGP outbound route filtering...I'm stare at ya blankly...ok not exactly blankly but I wouldn't nail it...which is a shame....but i'm back...

I believe this is a step in the right direction.

To old friends on here...

Hello once more.

Tox!

↧

ASA SMTP inspection task

May 14, 2014, 8:34 am

≫ Next: R&S - Fail on my first attempt

≪ Previous: The Avenginator Returns.

Guys, i have a few comments on the above task:

- In the solution, the domains cyberscam.org and nullroute.com are added as follows in regex: "(cyberspam.org|nullroute.com)". I think it must be "(cyberspam\.org|nullroute\.com)", please correct me if i am wrong.
- In the questio, it is asking to reject emails from senders. In this case, the solution is using reset as action. In this specific task, i could use drop connection because it did not specify to send a TCP reset message to client/server, am i right?
- We are using policy-map type inspect esmtp and do a match because there is no class-map type inspect esmtp to do the match, can we use the match commnd inside policy-map type inspect http without using class-map type inspect http even if exists and we get the same result?

Please correct me if i am wrong.

↧

R&S - Fail on my first attempt

May 14, 2014, 9:54 am

≫ Next: IPS Promiscuous Mode

≪ Previous: ASA SMTP inspection task

Hi community,

Just to let you know that I fail on my first attempt on May,12 at Brussels.

My main weak points were on TS, comprehension and speed.

But the main point in wich I was desapointed was that the keyboard was Belgium instead of French!

I'm now preparing for v5 and never give up until I get my number.

↧

IPS Promiscuous Mode

May 14, 2014, 10:14 pm

≫ Next: FCOE and native vlans

≪ Previous: R&S - Fail on my first attempt

Hi,

I read the task (3.50) and I can't see where is the information that we should send traffic to destination as untagged:

"- Configure the management IP address to be 136.1.43.100/24, and set the default gateway to 136.1.43.9; ensure that HTTP management access is allowed only from VLAN 37.
- Configure SW3 to send VLAN 37 traffic to the IPS. Traffic should not be received by SW1. Avoid traffic duplication and associate TCP resets with VLAN 37.
- Configure SW4 to send Gi1/0/7 traffic to the IPS and allow tagged inbound TCP resets.
- Enable signature 2000 for VLAN 37 traffic and signature 2004 for Gi1/0/7 traffic."

and provided solution:

monitor session 1 destination interface Gi1/0/9 ingress untagged vlan 37

Is the below solution correct as well?

monitor session 1 destination interface Gi1/0/9 encapsulation dot1q ingress dot1q vlan 37

regards

Hubert

↧

FCOE and native vlans

May 14, 2014, 6:47 am

≫ Next: Automatic reply: CCIE R&S Study partner in Australia/APAC time zone

≪ Previous: IPS Promiscuous Mode

Working through some scenarios and Cisco docs - I see where Cisco says that you must allow the native vlan across the ethernet trunk for FCOE to function properly. However, they fail to do this in their own examples. I have configured FCOE between 5k's and 7k's without the native vlan being allowed on the trunk. I am confused as to how I should confgure this to be sure I dont miss the question on the real exam

↧

Automatic reply: CCIE R&S Study partner in Australia/APAC time zone

May 15, 2014, 5:28 am

≫ Next: Task 2.3 Default routing - solution incomplete

≪ Previous: FCOE and native vlans

I am currently out of the office returning 16 June. For technical issues and updates on open tickets please contact the Managed Services Centre on 1800 255 255 or email servicedesk@eircom.ie

↧

Task 2.3 Default routing - solution incomplete

February 17, 2010, 1:08 pm

≫ Next: issue with: Inter AS MPLS L3VPN Option C - ASBRs Peering BGP+Label

≪ Previous: Automatic reply: CCIE R&S Study partner in Australia/APAC time zone

Task asks us to have R3 originate a default route into OSPF as long as it has an active connection to either BB2 or BB3. The solutions guide used a route-map which checked for the presence of the networks that BB2's or BB3's directly connected interface to R3 reside in as a means of determining whether the BBs would be accessible. What doesn't make sense is if I shutdown the BGP session between R3 (not the interface) and it's neighbors, the default route still gets originated. Correct me if I'm wrong, but the solution doesn't meet the task requirements.

The way I got this to work was to configure my prefix list to permit the BGP routes received from BB2 and BB3. Then, when I shutdown my BGP neighbors, all my BGP routes went away as did the default route. As soon as I added one of my BGP neighbors back, the default route came back as well. Also, I was able to get this to work whether I was using "default-information originate always" or just "default-information originate".

↧