Quantcast
Channel: IEOC - INE's Online Community
Viewing all 10672 articles
Browse latest View live

Doc-CD


IPV6 VRF DHCP

$
0
0

 

Hello ,  hope you are fine ,I really have a question and i appreciate that someone help me about that and i thank you very much.
. i noticed a behavior and i don't know if this is a normal behavior or not : i hope that you can help me :
In IPv4, when a client requests an IP to the DHCP server, it is the gateway to the vlan interface makes the dhcp request to the dhcp server.
In IPv6, if there are multiple vlans interfaces in a VRF, the distribution switch does not use the interface vlan client to run the query ipv6 dhcp relay, but another vlan interface in the VRF In shutant all interfaces in the vrf , client use the good gateway to request a dhcp request .
i have a different behavior between ipv4 and ipv6.
Why ipv6, distribution which serves dhcp relay don't uses the vlan interface client to send the request to the DHCP relay dhcp server. Hope that i have good explain , thank you for your reply , i really appreciate your help

Best regards

New Workbook Initial Configs

$
0
0

Could I get some clarification on the new initial configs for the new workbook? For instance I am going through the OSPF section and noticed when I open the initial configs for this section there are several sub folders listed with different titles. The only reference I am given within the workbook is to use the OSPF initial configs.

When I start on task 1 it mentions that I need to configure OSPF for Loopback 192. The initial configs don't contain Lo192. Is there something that I am missing? How would I know to load the "Loopback initial config" without having to search around for it, and how do I know I'm actually supposed to do that to begin with?

CCIE Security v4 Practice Labs Workbook now released

$
0
0

Folks,

While studying today my study partner noticed that within the last 10 minutes, INE has released the new CCIE Security v4 Practice Labs workbook.

We also now have new IEOC forum sections for the ATC v4 and the Practice Labs v4 added for questions and answers.  Remember to update your forum memberships to subscribe to these new forums to stay up-to-date.

Cheers,

 

DMVPN labs from v5 workbook - mGRE on the spoke routers?

$
0
0

Hi,

Since there is no v5 workbook subforum I will post here.

I started doing the new DMVPN labs and noticed that everywhere on the DMVPN spokes the tunnel is configured as mGRE.

I thought the mGRE on the spokes is needed only when implementing phase 2.

Is there any particular reason why the spokes aren't configured as p2p GRE tunnels?

 

Thanks

MLDP for MVPN - multicast tree not working

$
0
0

Hello everyone. I'm in need of help in a sample lab to run MLDP for MVPN. The topology is a simple CE (R1) <--> PE (R2) <--> P (R3) <--> PE (R4) <--> CE (R5). MPLS forwarding is working across the core. R1 is sending ICMP to 224.2.2.2 sourced from its loopback. I'm using 15.2 in GNS3. Below is the config and show output info. Please tell me what i'm missing in this lab.

Your comments are greatly appreciated. Thanks in advance.

Mike G.

R1#

!
ip multicast-routing
!
!
interface Loopback0
 ip address 100.0.0.1 255.255.255.255
!
interface FastEthernet0/0
 ip address 10.1.0.1 255.255.255.0
 ip pim sparse-mode
!
router rip
 version 2
 network 10.0.0.0
 network 100.0.0.0
 no auto-summary
!
ip pim bidir-enable
!


R2#

!
ip vrf yellow
 rd 2:200
 vpn id 50:10
 mdt preference mldp
 mdt default mpls mldp 100.0.0.1
 mdt data mpls mldp 255
 mdt data threshold 40
 route-target export 2:200
 route-target import 2:200
!
ip multicast-routing
ip multicast-routing vrf yellow
!
mpls mldp logging notifications
!
interface Loopback0
 ip address 50.0.0.2 255.255.255.255
 ip pim sparse-mode
!
interface Loopback100
 ip vrf forwarding yellow
 ip address 100.0.0.2 255.255.255.255
 ip pim sparse-mode
!
interface FastEthernet0/0
 ip vrf forwarding yellow
 ip address 10.1.0.2 255.255.255.0
 ip pim sparse-mode
!
interface FastEthernet1/0
 ip address 10.2.0.2 255.255.255.0
 mpls ip
!
router ospf 1
 router-id 50.0.0.2
 network 10.0.0.0 0.255.255.255 area 0
 network 50.0.0.0 0.0.0.255 area 0
!
router rip
 version 2
 no auto-summary
 !
 address-family ipv4 vrf yellow
  redistribute bgp 1
  network 10.0.0.0
  network 100.0.0.0
  default-metric 5
  no auto-summary
  version 2
 exit-address-family
!
router bgp 1
 bgp log-neighbor-changes
 no bgp default ipv4-unicast
 neighbor 50.0.0.4 remote-as 1
 neighbor 50.0.0.4 update-source Loopback0
 neighbor 50.0.0.6 remote-as 1
 neighbor 50.0.0.6 update-source Loopback0
 !
 address-family ipv4
  redistribute rip
 exit-address-family
 !
 address-family vpnv4
  neighbor 50.0.0.4 activate
  neighbor 50.0.0.4 send-community extended
  neighbor 50.0.0.6 activate
  neighbor 50.0.0.6 send-community extended
 exit-address-family
 !
 address-family ipv4 vrf yellow
  redistribute connected
  redistribute rip
 exit-address-family
!
mpls ldp router-id Loopback0
!


R3#

!
ip multicast-routing
!
interface Loopback0
 ip address 50.0.0.3 255.255.255.255
 ip pim sparse-mode
!
interface FastEthernet0/0
 ip address 10.2.0.3 255.255.255.0
 mpls ip
!
interface FastEthernet1/0
 ip address 10.3.0.3 255.255.255.0
 mpls ip
!
router ospf 1
 router-id 50.0.0.3
 network 10.0.0.0 0.255.255.255 area 0
 network 50.0.0.0 0.0.0.255 area 0
!

R4#

!
ip vrf yellow
 rd 2:200
 vpn id 50:10
 mdt preference mldp
 mdt default mpls mldp 100.0.0.1
 mdt data mpls mldp 255
 mdt default 239.1.1.1
 mdt data 238.2.2.0 0.0.0.255 threshold 40
 mdt data threshold 40
 route-target export 2:200
 route-target import 2:200
!
ip multicast-routing
ip multicast-routing vrf yellow
!
mpls mldp logging notifications
!
interface Loopback0
 ip address 50.0.0.4 255.255.255.255
 ip pim sparse-mode
!
interface Loopback100
 ip vrf forwarding yellow
 ip address 100.0.0.4 255.255.255.255
 ip pim sparse-mode
!
interface FastEthernet0/0
 ip vrf forwarding yellow
 ip address 10.4.0.4 255.255.255.0
 ip pim sparse-mode
!
interface FastEthernet1/0
 ip address 10.3.0.4 255.255.255.0
 mpls ip
!
router ospf 1
 router-id 50.0.0.4
 network 10.0.0.0 0.255.255.255 area 0
 network 50.0.0.0 0.0.0.255 area 0
!
router rip
 version 2
 no auto-summary
 !
 address-family ipv4 vrf yellow
  redistribute bgp 1
  network 10.0.0.0
  network 100.0.0.0
  default-metric 5
  no auto-summary
  version 2
 exit-address-family
!
router bgp 1
 bgp log-neighbor-changes
 no bgp default ipv4-unicast
 neighbor 50.0.0.2 remote-as 1
 neighbor 50.0.0.2 update-source Loopback0
 !
 address-family ipv4
  redistribute rip
 exit-address-family
 !
 address-family vpnv4
  neighbor 50.0.0.2 activate
  neighbor 50.0.0.2 send-community extended
 exit-address-family
 !
 address-family ipv4 mdt
  neighbor 50.0.0.2 activate
  neighbor 50.0.0.2 send-community extended
 exit-address-family
 !
 address-family ipv4 vrf yellow
  redistribute connected
  redistribute rip
 exit-address-family
!
mpls ldp router-id Loopback0
!

R5#
!
ip multicast-routing
!
interface Loopback0
 ip address 100.0.0.5 255.255.255.255
!
interface FastEthernet0/0
 ip address 10.4.0.5 255.255.255.0
 ip pim sparse-mode
 ip igmp join-group 224.2.2.2
!
router rip
 version 2
 network 10.0.0.0
 network 100.0.0.0
 no auto-summary
!
ip pim bidir-enable
!

>>> Trace to R5's loopback works.

R1#trace 100.0.0.5

Type escape sequence to abort.
Tracing the route to 100.0.0.5

  1 10.1.0.2 16 msec 60 msec 28 msec
  2 10.2.0.3 [MPLS: Labels 16/21 Exp 0] 128 msec 84 msec 96 msec
  3 10.4.0.4 [MPLS: Label 21 Exp 0] 108 msec 96 msec 44 msec
  4 10.4.0.5 152 msec 124 msec 104 msec
R1#

>>> PING to multicast address fails.


R1#ping 224.2.2.2 so lo0 repeat 50

Type escape sequence to abort.
Sending 50, 100-byte ICMP Echos to 224.2.2.2, timeout is 2 seconds:
Packet sent with a source address of 100.0.0.1
.......
R1#sh ip mroute
IP Multicast Routing Table
Flags: D - Dense, S - Sparse, B - Bidir Group, s - SSM Group, C - Connected,
       L - Local, P - Pruned, R - RP-bit set, F - Register flag,
       T - SPT-bit set, J - Join SPT, M - MSDP created entry,
       X - Proxy Join Timer Running, A - Candidate for MSDP Advertisement,
       U - URD, I - Received Source Specific Host Report,
       Z - Multicast Tunnel, z - MDT-data group sender,
       Y - Joined MDT-data group, y - Sending to MDT-data group
Outgoing interface flags: H - Hardware switched, A - Assert winner
 Timers: Uptime/Expires
 Interface state: Interface, Next-Hop or VCD, State/Mode

(*, 224.0.1.40), 00:30:58/00:02:49, RP 0.0.0.0, flags: DPL
  Incoming interface: Null, RPF nbr 0.0.0.0
  Outgoing interface list: Null

R1#
R2#sh ip pim vrf yellow neigh
PIM Neighbor Table
Mode: B - Bidir Capable, DR - Designated Router, N - Default DR Priority,
      P - Proxy Capable, S - State Refresh Capable, G - GenID Capable
Neighbor          Interface                Uptime/Expires    Ver   DR
Address                                                            Prio/Mode
10.1.0.1          FastEthernet0/0          00:22:38/00:01:16 v2    1 / S G
R2#

>>> No PIM peering over the LSPVIF0 interface.

R2#show mpls mldp database
  * Indicates MLDP recursive forwarding is enabled

LSM ID : 1 (RNR LSM ID: 2)   Type: MP2MP   Uptime : 00:06:55
  FEC Root           : 100.0.0.1
  Opaque decoded     : [mdt 50:10 0]
  Opaque length      : 11 bytes
  Opaque value       : 02 000B 0000500000001000000000
  RNR active LSP     : (this entry)
  Upstream client(s) :
    None
      Expires        : N/A           Path Set ID  : 1
  Replication client(s):
    MDT  (VRF yellow)
      Uptime         : 00:06:55      Path Set ID  : 2
      Interface      : Lspvif0

R2#


R2#sh ip pim vrf yellow mdt
  * implies mdt is the default MDT
  MDT Group/Num   Interface   Source                   VRF
* 0               Lspvif0     Loopback0                yellow
R2#

R2#sh ip mroute vrf yellow
IP Multicast Routing Table
Flags: D - Dense, S - Sparse, B - Bidir Group, s - SSM Group, C - Connected,
       L - Local, P - Pruned, R - RP-bit set, F - Register flag,
       T - SPT-bit set, J - Join SPT, M - MSDP created entry, E - Extranet,
       X - Proxy Join Timer Running, A - Candidate for MSDP Advertisement,
       U - URD, I - Received Source Specific Host Report,
       Z - Multicast Tunnel, z - MDT-data group sender,
       Y - Joined MDT-data group, y - Sending to MDT-data group,
       G - Received BGP C-Mroute, g - Sent BGP C-Mroute,
       Q - Received BGP S-A Route, q - Sent BGP S-A Route,
       V - RD & Vector, v - Vector
Outgoing interface flags: H - Hardware switched, A - Assert winner
 Timers: Uptime/Expires
 Interface state: Interface, Next-Hop or VCD, State/Mode

(*, 224.0.1.40), 00:17:04/00:02:58, RP 0.0.0.0, flags: DCL
  Incoming interface: Null, RPF nbr 0.0.0.0
  Outgoing interface list:
    FastEthernet0/0, Forward/Sparse, 00:17:02/00:02:46
    Loopback100, Forward/Sparse, 00:17:03/00:02:58

R2#

R5#sh ip mroute
IP Multicast Routing Table
Flags: D - Dense, S - Sparse, B - Bidir Group, s - SSM Group, C - Connected,
       L - Local, P - Pruned, R - RP-bit set, F - Register flag,
       T - SPT-bit set, J - Join SPT, M - MSDP created entry,
       X - Proxy Join Timer Running, A - Candidate for MSDP Advertisement,
       U - URD, I - Received Source Specific Host Report,
       Z - Multicast Tunnel, z - MDT-data group sender,
       Y - Joined MDT-data group, y - Sending to MDT-data group
Outgoing interface flags: H - Hardware switched, A - Assert winner
 Timers: Uptime/Expires
 Interface state: Interface, Next-Hop or VCD, State/Mode

(*, 224.2.2.2), 00:23:23/00:02:31, RP 0.0.0.0, flags: SJCL
  Incoming interface: Null, RPF nbr 0.0.0.0
  Outgoing interface list:
    FastEthernet0/0, Forward/Sparse, 00:23:23/00:02:31

(*, 224.0.1.40), 00:23:23/00:02:39, RP 0.0.0.0, flags: DCL
  Incoming interface: Null, RPF nbr 0.0.0.0
  Outgoing interface list:
    FastEthernet0/0, Forward/Sparse, 00:23:23/00:02:39

R5#

Ipad/Mobile Phone Wireless Authentication

$
0
0

The authenticating server is ACS 5.5.  Wireless controller is configured to forward authentication to ACS server.  The ACS server's certificate is obtained through Entrust, a third-party vendor.   When clients such as Ipad, Iphone, Android phones connect to a wireless network and authenticate, it prompt them to Trust the certificate one time.  But if the same devices go to a SSL website using the same third-party vendor, there is no prompt.  Why is that?

test iewb-rsv5@ieoc.com


test iewb-rsv5-atl@ieoc.com

test iewb-rsv5-fl@ieoc.com

test iewb-rsv5-tl@ieoc.com

test iewb-rsv5-fsl@ieoc.com

New CCIE R&S v5 Workbook Forums

The Avenginator Returns.

$
0
0

Lets get the nasty bits over with.

No I'm not a CCIE...I failed....TWICE!  Shame on me but those who followed my posts previously had an idea that I was well on my way to passing this thing...or at least had a better than average shot at it.. Then EXACTLY 90 days before...EXACTLY on the same day...actually 2 hours after I got the conformation e-mail from cisco something horrible happened. (In hind sight it was a good thing but at the time...it was impossible)

 

Its been tough but enough moping.

 

I'm back. Will Tox study for this thing again?  I dont know...I dont wanna teach anymore....so I'm in limbo. I DO know that I'm done being locked up in my room 12 hours a day by myself...and there are only so many CCNA and CCNP classes that I can bear to teach now.

Ver 5 took PfR away and Layer 2 qos...GOOD....they took Frame away...BAD...C'est la vie

The proctor now happens to know me as "the guy that ate too much hot sauce during lunch and was dobled over for most of the exam!"

 

 

I've lost a lot of technical knowhow...if you were to ask me about OSPF transit capability or BGP outbound route filtering...I'm stare at ya blankly...ok not exactly blankly but I wouldn't nail it...which is a shame....but i'm back...

 

I believe this is a step in the right direction.

 

 

To old friends on here...

 

Hello once more.

 

 

Tox!

 

 

 

ASA SMTP inspection task

$
0
0

Guys, i have a few comments on the above task:

- In the solution, the domains cyberscam.org and nullroute.com are added as follows in regex: "(cyberspam.org|nullroute.com)". I think it must be "(cyberspam\.org|nullroute\.com)", please correct me if i am wrong.
- In the questio, it is asking to reject emails from senders. In this case, the solution is using reset as action. In this specific task, i could use drop connection because it did not specify to send a TCP reset message to client/server, am i right?
- We are using policy-map type inspect esmtp and do a match because there is no class-map type inspect esmtp to do the match, can we use the match commnd inside policy-map type inspect http without using class-map type inspect http even if exists and we get the same result?

Please correct me if i am wrong.


R&S - Fail on my first attempt

$
0
0

Hi community,

Just to let you know that I fail on my first attempt on May,12 at Brussels.

My main weak points were on TS,  comprehension and speed.

But the main point in wich I was desapointed was that the keyboard was Belgium instead of French!

I'm now preparing for v5 and never give up until I get my number.

 

IPS Promiscuous Mode

$
0
0

Hi,

I read the task (3.50) and I can't see where is the information that we should send traffic to destination as untagged:

 

"- Configure the management IP address to be 136.1.43.100/24, and set the default gateway to 136.1.43.9; ensure that HTTP management access is allowed only from VLAN 37.
- Configure SW3 to send VLAN 37 traffic to the IPS. Traffic should not be received by SW1. Avoid traffic duplication and associate TCP resets with VLAN 37.
- Configure SW4 to send Gi1/0/7 traffic to the IPS and allow tagged inbound TCP resets.
- Enable signature 2000 for VLAN 37 traffic and signature 2004 for Gi1/0/7 traffic."

 

and provided solution:

monitor session 1 destination interface Gi1/0/9 ingress untagged vlan 37

 

Is the below solution correct as well?

monitor session 1 destination interface Gi1/0/9 encapsulation dot1q ingress dot1q vlan 37

 

regards

Hubert

FCOE and native vlans

$
0
0

Working through some scenarios and Cisco docs - I see where Cisco says that you must allow the native vlan across the ethernet trunk for FCOE to function properly.  However, they fail to do this in their own examples.    I have configured FCOE between 5k's and 7k's without the native vlan being allowed on the trunk.   I am confused as to how I should confgure this to be sure I dont miss the question on the real exam

Automatic reply: CCIE R&S Study partner in Australia/APAC time zone

$
0
0

I am currently out of the office returning 16 June. For technical issues and updates on open tickets please contact the Managed Services Centre on 1800 255 255 or email servicedesk@eircom.ie

Task 2.3 Default routing - solution incomplete

$
0
0

Task asks us to have R3 originate a default route into OSPF as long as it has an active connection to either BB2 or BB3.  The solutions guide used a route-map which checked for the presence of the networks that BB2's or BB3's directly connected interface to R3 reside in as a means of determining whether the BBs would be accessible.  What doesn't make sense is if I shutdown the BGP session between R3 (not the interface) and it's neighbors, the default route still gets originated.  Correct me if I'm wrong, but the solution doesn't meet the task requirements.

The way I got this to work was to configure my prefix list to permit the BGP routes received from BB2 and BB3.  Then, when I shutdown my BGP neighbors, all my BGP routes went away as did the default route.  As soon as I added one of my BGP neighbors back, the default route came back as well.  Also, I was able to get this to work whether I was using "default-information originate always" or just "default-information originate".

Viewing all 10672 articles
Browse latest View live