Quantcast
Channel: IEOC - INE's Online Community
Viewing all 10672 articles
Browse latest View live

There goes the Multicast Beast Again

May 30, 2014, 1:47 pm
$
0
0

Hello community, I'm just so confused with these commands as somehow they seem to do the same thing (filter) but not quite sure how they differ, is anyone able to help me understand please?

R5(config)#do sh run | i ip pim
ip pim rp-address 150.1.5.5 1 ---> 1) R5 is willing to be the RP for groups defined by ACL 1 only
ip pim accept-rp 150.1.5.5 2 ---> 2) R5 will accept join messages for groups defined by ACL 2 only
ip pim accept-register list 100 ---> 3) R5 will accept register messages for groups defined by ACL 100 only
R5(config)#do sh access-l 1
Standard IP access list 1
    10 permit 224.0.0.0, wildcard bits 0.255.255.255 (623 matches)
R5(config)#do sh access-l 2
Standard IP access list 2
    10 permit 224.110.110.110
    20 permit 224.10.10.10 (142 matches)
R5(config)#do sh access-l 100
Extended IP access list 100
    10 deny ip host 155.1.146.1 any
    20 deny ip host 155.1.146.7 any
    30 deny ip host 155.1.146.4 any
    40 permit ip any any (23 matches)

  1. If I already have R5 decide what groups to serve as RP, what's the point of having 2) or 3)?
  2. If I already have R5 deciding who to accept join messages from, what's the point of having 1) or 3)?
  3. If I already have R5 deciding who to accpet register messages from, what's the point of having 2) or 3)?

Are these three commands used seperately as either 1) or 2) or 3) to achieve filtering or do you use them in conjuction to achieve filtering? I'm confused :(

Search

EIGRP over the Top

May 27, 2014, 2:48 am
$
0
0

Hello,

 

I was trying today EIGRP over the top and i noticed something which makes me wonder why?

I have a basic topology with a core netork(R1,R2,R3) with iBGP enabled(config attached below)

 http://pastebin.com/download.php?i=Rn3D5W7g

R4,R5 and R6 are CE routers - EIGRP over the Top is enabled(config attached below)

http://pastebin.com/download.php?i=u1q5sq91

 

 

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

    Once everything is ready, I can see the routes as expected

      R4(config)#do sho ip route eigrp

      Gateway of last resort is 172.16.14.1 to network 0.0.0.0
            192.168.1.0/32 is subnetted, 3 subnets
      D        192.168.1.5 [90/94501211] via 172.16.25.5, 00:53:29, LISP1
      D        192.168.1.6 [90/94501211] via 172.16.36.6, 00:53:26, LISP1


      R5(config)#do sho ip route eigrp

      Gateway of last resort is 172.16.25.2 to network 0.0.0.0
            172.16.0.0/16 is variably subnetted, 3 subnets, 2 masks
      D        172.16.14.0/24 [90/95012571] via 172.16.14.4, 00:53:36, LISP1
            192.168.1.0/32 is subnetted, 3 subnets
      D        192.168.1.4 [90/94501211] via 172.16.14.4, 00:53:36, LISP1
      D        192.168.1.6 [90/94501211] via 172.16.36.6, 00:53:33, LISP1

      R6(config)#do sho ip route eigrp

      Gateway of last resort is 172.16.36.3 to network 0.0.0.0
            172.16.0.0/16 is variably subnetted, 3 subnets, 2 masks
      D        172.16.14.0/24 [90/95012571] via 172.16.14.4, 00:53:38, LISP1
            192.168.1.0/32 is subnetted, 3 subnets
      D        192.168.1.4 [90/94501211] via 172.16.14.4, 00:53:38, LISP1
      D        192.168.1.5 [90/94501211] via 172.16.25.5, 00:53:38, LISP1

      • The problem starts when I'm trying to send traffic between CE's loopbacks


      R4(config-ext-nacl)#do ping 192.168.1.5 re 1 so lo0
      Packet sent with a source address of 192.168.1.4
      .
      Success rate is 0 percent (0/1)

      R5#
      IP: s=172.16.14.4 (Ethernet0/0.25), d=172.16.25.5, len 136, input feature
          UDP src=1281, dst=4343, MCI Check(99), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
      FIBipv4-packet-proc: route packet from Ethernet0/0.25 src 172.16.14.4 dst 172.16.25.5
      FIBfwd-proc: Default:172.16.25.5/32 receive entry
      FIBipv4-packet-proc: packet routing failed
      IP: tableid=0, s=172.16.14.4 (Ethernet0/0.25), d=172.16.25.5 (Ethernet0/0.25), routed via RIB
      IP: s=172.16.14.4 (Ethernet0/0.25), d=172.16.25.5 (Ethernet0/0.25), len 136, rcvd 3
          UDP src=1281, dst=4343
      IP: s=172.16.14.4 (Ethernet0/0.25), d=172.16.25.5, len 136, stop process pak for forus packet
          UDP src=1281, dst=4343
      IP: s=192.168.1.4 (LISP1), d=192.168.1.5, len 100, input feature
          ICMP type=8, code=0, MCI Check(99), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
      FIBipv4-packet-proc: route packet from LISP1 src 192.168.1.4 dst 192.168.1.5
      FIBfwd-proc: Default:192.168.1.5/32 receive entry
      FIBipv4-packet-proc: packet routing failed
      IP: tableid=0, s=192.168.1.4 (LISP1), d=192.168.1.5 (Loopback0), routed via RIB
      IP: s=192.168.1.4 (LISP1), d=192.168.1.5, len 100, rcvd 4
          ICMP type=8, code=0
      IP: s=192.168.1.4 (LISP1), d=192.168.1.5, len 100, stop process pak for forus packet
          ICMP type=8, code=0
      IP: s=192.168.1.5 (local), d=192.168.1.4, len 100, local feature
          ICMP type=0, code=0, Logical MN local(14), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
      FIBipv4-packet-proc: route packet from (local) src 192.168.1.5 dst 192.168.1.4
      FIBfwd-proc: packet routed by adj to LISP1 172.16.14.4
      FIBipv4-packet-proc: packet routing succeeded
      IP: s=192.168.1.5 (local), d=192.168.1.4 (LISP1), len 100, sending
          ICMP type=0, code=0
      LISPfwd-proc: adj IP midchain out of LISP1, addr 172.16.14.4 (incomplete) not complete
      LISPfwd-proc: adj IP midchain out of LISP1, addr 172.16.14.4 (incomplete) not complete
      IP: s=192.168.1.5 (local), d=192.168.1.4 (LISP1), len 100, encapsulation failed
          ICMP type=0, code=0

       

      dmvpn-phase-1-dual-hub-with-3000-spokes-with-ospf

      May 29, 2014, 1:55 am
      $
      0
      0

      Hi
      Maybe someone will know which cisco router we can use as hub for
      dmvpn-phase-1-dual-hub-with-3000-spokes-with-ospf enabled as routing protocol

      note: gre over ipsec will be used

       

      Congestion Control Techniques ..?

      May 31, 2014, 2:05 pm
      $
      0
      0

      Dears,

       

      During My CCIE Studies I am much confused about the Congesion Control techniques.

       

      In some places its written that we have congesion control techniques.

      1) Slow Start, 2) Congestion Avoidence 3) Fast Retransmit 4) Fast Recovery

       

      In some Places its written 2 techniques of Congestion Control

      1) Closed Loop Based and 2) Open Loop based

       

      Under Closed Loop we have Tocket Buket Algo and Leaked Buckeet Algorithm..?Correct...?

       

       

      Can please some one clarify which are the main techniques and whar are sub techniques/Algos.

       

      Appreciate your support.
      Regards
      Jawwad

      IKEv1 L2L Between IOS and ASA with PSK in Aggressive Mode

      May 31, 2014, 7:55 pm
      $
      0
      0

      I have a question. Does anyone able to make this to work using SG solution?

      I seem can't get the vpn to come up using SG solution.  Got below error message on asa:

      "[IKEv1]Group = 192.168.70.22, IP = 192.168.70.22, Can't find a valid tunnel group, aborting...!" 

      Note: I am using my own ip addressing scheme. 192.168.70.22 is asa's ikev1 interface;

      To make it work, in addition to SG configs, I added below commands on R3

      crypto isakmp peer address 192.168.70.12
       set aggressive-mode password CISCO
       set aggressive-mode client-endpoint fqdn R3.ine.com

      Once configs are in place, vpn came up and working ok.

      %ASA-7-713906: IP = 192.168.70.22, Connection landed on tunnel_group R3.ine.com

      Is it a valid solution?  It sounds like "aggressive-mode" need to be configured on both sides of devices, comment?

       

      Task Typo. Layer 2 EtherChannel with PAgP

      June 1, 2014, 7:31 am
      $
      0
      0

      Hey Brian,

      This task if to configure PAgP

       

      Last bullet reads:

      • These links should not use PAgP for dynamic EtherChannel negotiation.

      Should read

      • These links should use PAgP for dynamic EtherChannel negotiation.

       

      Happy to help,

      Sam

      STP Message Age

      May 30, 2014, 6:11 pm
      $
      0
      0

      I've been trying to understand Message Age timer. Some documentations say "it is similar to hop count"

      From Cisco Online Documentation here http://www.cisco.com/c/en/us/support/docs/lan-switching/spanning-tree-protocol/19120-122.html

      "The message age is not a fixed value. The message age contains the length of time that has passed since the root bridge initially originated the BPDU. The root bridge sends all its BPDUs with a message age value of 0, and all subsequent switches add 1 to this value. Effectively, this value contains the information on how far you are from the root bridge when you receive a BPDU."

      I am using the topology shown. SW1 has been elected root. SW4's E1/0 is Blocked by STP. All devices are running in PVST mode.STP Topology Ethernet Square.jpg

      The message age number is not conforming to the definition outlined  in the Cisco Online documentation, as far as my understanding goes.  Should I even be seeing a Message Age of 3 while working on this  topology?

      Furthermore, on SW4 the message age  bounces from 3 to 2 then back to 3 over and over again. I suspect it may  have something to do with the message age increment overestimate (msg_overestimate) parameter but I don't understand much beyond suspicion on what the purpose of  "overestimation" is in the first place and what is happening in the  topology.

      Also why would I ever see message age of 2 on  SW2's E0/0 and SW3's E0/0 which are both directly connected to the root  switch and are elected root ports?

      SW1#sh spanning-tree vlan 1 detail | i ^ Port | Timers

        Timers: hello 1, topology change 0, notification 0, aging 300

      Port 1 (Ethernet0/0) of VLAN0001 is designated forwarding

         Timers: message age 0, forward delay 0, hold 0

      Port 3 (Ethernet0/2) of VLAN0001 is designated forwarding

         Timers: message age 0, forward delay 0, hold 0

      SW1 is the root of the spanning-tree topology therefore message age is zero on both interface Ethernet0/0 and Ethernet0/2.

       

      SW2#sh spanning-tree vlan 1 detail | i ^ Port | Timers

        Timers: hello 0, topology change 0, notification 0, aging 300

      Port 1 (Ethernet0/0) of VLAN0001 is root forwarding

         Timers: message age 2, forward delay 0, hold 0

      Port 5 (Ethernet1/0) of VLAN0001 is designated forwarding

         Timers: message age 0, forward delay 0, hold 0

       

      SW3#sh spanning-tree vlan 1 detail | i ^ Port | Timers

        Timers: hello 0, topology change 0, notification 0, aging 300

      Port 1 (Ethernet0/0) of VLAN0001 is root forwarding

         Timers: message age 2, forward delay 0, hold 0

      Port 5 (Ethernet1/0) of VLAN0001 is designated forwarding

         Timers: message age 0, forward delay 0, hold 0

       

      SW4# sh spanning-tree vlan 1 detail | i ^ Port | Timers

        Timers: hello 0, topology change 0, notification 0, aging 300

      Port 3 (Ethernet0/2) of VLAN0001 is root forwarding

         Timers: message age 3, forward delay 0, hold 0

      Port 5 (Ethernet1/0) of VLAN0001 is alternate blocking

         Timers: message age 3, forward delay 0, hold 0

      Then if I wait a few moments and issue same command on SW4 again it shows message age is back to 2.

       

      SW4# sh spanning-tree vlan 1 detail | i ^ Port | Timers

        Timers: hello 0, topology change 0, notification 0, aging 300

      Port 3 (Ethernet0/2) of VLAN0001 is root forwarding

         Timers: message age 2, forward delay 0, hold 0

      Port 5 (Ethernet1/0) of VLAN0001 is alternate blocking

         Timers: message age 2, forward delay 0, hold 0

       

      Please help shed some light on this vexing thing.

      Thanks!

      MTU Problem (need a beast to fix it)

      May 31, 2014, 3:37 pm
      $
      0
      0

      In my network I have a 3560 Gbit switch using a 9k jumbo frame, and 2 PC's that are currently now using a 7500 MTU.  The two PC's are just connected to the switch, which is using Gbit SFP's. Both NIC's are actually capable of using jumbo frames and a 9k MTU, but when I set them to actually use the 9k MTU - when traffic is sent between them using a ping sweep with a size 7800, the traffic starts fragmenting (I worked it out by setting the df-bit at both 7799 and 7800.  At 7799 it  doesn't fragment, but at 7800 it does.  Makes no sense because its just 2pc's connected to one 3560 switch with everything configured to use 9k jumbo frames).  So that's why I've set my MTU to 7500 rather than 9k at the moment.  Why won't Windows allow me to get the full 8960 byte MSS (i.e. 9k jumbo frame minus the 20byte tcp and ip header)? That's my first question!  According to the much loved internet, Windows should be capable of using a MSS of 64KB, aka 65535 bytes, which is way more than the 8960 I want it to use. So I don't understand why my data is getting fragmented at 7799 bytes?

       

      The command I used to test this was in Windows > ping 192.168.1.100 -f -l 7799.  I put this command on both hosts A and host B (just call them that for simplicity).  Host A just didn't get the reply when the command was issued.  But when I put the command into Host B, it said something like df-bit set but need to fragment.  So I assume Host B is potentially the one with the issue?  I'm really stuck on how to troubleshoot, or go any further with this.  But I'm sure of one thing.  This is doing my nut in!  Can anyone help?

      Search

      SIP Dial Rules

      May 29, 2014, 10:55 am
      $
      0
      0
      I'm playing with something in the lab based on something I ran into at a customer and I'm fiddling with ways to make it work.

      On a SCCP phone, you can create an XLation pattern WITHOUT urgenty priority enabled to create the following scenario:

      Phone goes off hook, at interdigit timeout (phone is knocked off hook but user is incapaciated) the phone will auto dial (PLAR) to an extension.

      This scenario is pretty straight forward.

      I'm trying to make the same rule available to a sip 89XX phone, but there seems to be a conflict between the actions.

      I can PLAR to an extension
      I can interdigit timeout to an extension without dialing any digits...BUT if I do the interdigit delay, the system won't accept digits dialed when I do try to dial.

      Anyone have any thoughts?  I'm weak on the SIP side (dial rules, etc) so I may be missing something rudimentary.

      Thanks in advance.

      mike

      OSPF Initial configs - bug?

      May 30, 2014, 6:47 pm
      $
      0
      0

      It seems there are bugs in the initial configs for the OSPF labs. The loopback 0 interfaces of all routers have masks of 255.255.255.255, vs. v4 labs that are /24. This becomes an issue in the OSPF Network Loopback task. This starts in the inital ospf configs, and seems present in the ospf over broadcast media, and dmvpn configs as well. It appears to be fixed in later OSPF lab configs.

      SPF Algorithm - Equal Cost Routes

      May 31, 2014, 2:16 pm
      $
      0
      0

      I have a question on the SPF algorithm.  During the SPF run, if there are two or more equal cost paths to a router which path is placed in the tree database?  I don't recall seeing anything on it in the video and the book TCP/IP Routing (Vol1) says if there are two or more equal cost paths choose one.  There is nothing on how that path is chosen.  Thanks!

      'fcoe-npv' vs 'fcoe' & 'npv'

      May 29, 2014, 2:50 pm
      $
      0
      0

      So I was wondering how this worked, if I needed a 5500 switch to be both an fc npv switch and an fcoe-npv switch - can I enable both features at the same time?  i.e can I enable all of 'fcoe', 'npv' and 'fcoe-npv'.  It turns out I cannot. But then again, I don't need to...

      If I enable 'fcoe' and then enable 'npv', I not only get NPV for FC, but I do also get NPV for FCoE (by default). 

      It is a bit of a no-brainer really when you think about it, but it's worth knowing in case you need to work out what features you need.

      feature fcoe-npv will just give you NPV mode for FCoE, so no native FC-NPV.

      Of course, on your NPIV switch, you still need 'feature npiv' - may sound silly, but don't forget about it!

      and also don't forget, on 5500's you enable FC by turning on the 'FCoE' feature.

       

      Building INE's RSv5 topology on CSR1000v

      May 23, 2014, 9:08 am
      $
      0
      0

      Use this thread for discussion on building INE's CCIE RSv5 topology using the Cloud Services Router 1000v (CSR1000v).

      Details of INE's RSv5 topology can be found here.

      Details on CSR1000v can be found here.

      Check the CSR1000v Data Sheets for specific platform requirements.

      This thread is a continuation of the original RSv5 build thread that can be found here.

      PLEASE DO NOT POST REQUESTS FOR IOS IMAGES, IT IS ILLEGAL TO PROVIDE YOU WITH THEM UNLESS YOU ALREADY HAVE A VALID CISCO SERVICE CONTRACT.

      shift ctrl 6 x Mac os

      November 8, 2008, 8:35 am
      $
      0
      0

      Hey Guys,

       

      Something thats driving me crazy , sure its simple but ....

       

      how do i escape on a cisco terminal server when using either mac os terminal or  iterm like on windows shift ctrl  6 x , under iterm tried sending the hex and a few different things driving me a bit mad now :)

       

      any help appreciated.... 

      CML Cisco Youtube video

      June 1, 2014, 9:06 pm
      $
      0
      0

      Watched this video, about 18 minutes in the CTO for education discusses CML and what to expect with the products and release time frames. Most things have already beed discussed but this is from Cisco directly and it's recent. Hopefully you find it as informative as I did.

       

      https://www.youtube.com/watch?v=FCjTSqjVcKk

      Search

      Task 3.1 basic mpls

      May 31, 2014, 5:09 am
      $
      0
      0

      Dears, im facing a problem with IOS-XR at ldp stablshment that no ldp adjacency as below:

      RP/0/0/CPU0:XR01#sh mpls ldp neighbor 

      Sat May 31 15:07:57.423 UTC

       

      RP/0/0/CPU0:XR01#

      RP/0/0/CPU0:XR01#sh ospf nei

      Sat May 31 15:07:44.314 UTC

       

      * Indicates MADJ interface

       

      Neighbors for OSPF 1

       

      Neighbor ID     Pri   State           Dead Time   Address         Interface

      6.6.6.6         1     FULL/BDR        00:00:36    20.6.19.6       GigabitEthernet0/0/0/0

          Neighbor is up for 00:48:59

      5.5.5.5         1     FULL/BDR        00:00:39    20.5.19.5       GigabitEthernet0/0/0/1

          Neighbor is up for 00:48:47

      20.20.20.20     1     FULL/DR         00:00:32    20.19.20.20     GigabitEthernet0/0/0/2

          Neighbor is up for 00:50:46

       

      RP/0/0/CPU0:XR01#sh mpls interfaces           

      Sat May 31 14:58:05.074 UTC

      Interface                  LDP      Tunnel   Static   Enabled 

      -------------------------- -------- -------- -------- --------

      GigabitEthernet0/0/0/0     Yes      No       No       Yes

      GigabitEthernet0/0/0/1     Yes      No       No       Yes

       

      RP/0/0/CPU0:XR01#sh ospf nei

      Sat May 31 15:07:44.314 UTC

       

      * Indicates MADJ interface

       

      Neighbors for OSPF 1

       

      Neighbor ID     Pri   State           Dead Time   Address         Interface

      6.6.6.6         1     FULL/BDR        00:00:36    20.6.19.6       GigabitEthernet0/0/0/0

          Neighbor is up for 00:48:59

      5.5.5.5         1     FULL/BDR        00:00:39    20.5.19.5       GigabitEthernet0/0/0/1

          Neighbor is up for 00:48:47

      20.20.20.20     1     FULL/DR         00:00:32    20.19.20.20     GigabitEthernet0/0/0/2

          Neighbor is up for 00:50:46

      Doc CD - Master Command List

      February 15, 2012, 3:41 pm

      CCIE R&S Passed!

      June 2, 2014, 7:15 am
      $
      0
      0

      It's been a really long road, but I finally passed my CCIE R&S Lab last week on my second attempt!  I definitely want to thank everyone at the INE Team for their top notch training materials ad thoroughness to get here.  I couldn't have done it without, for sure.  Now, time to take a small break and start to tackle either DC or SP!

       

       

      Thanks!

      Ethan
      CCIE# 44000

      Workbook Physical layout and parts list

      August 16, 2013, 5:47 am
      $
      0
      0

      Hey,

      IF I choose to build my own lab based on the workbooks, what parts list do I need and how is the gear physically cabled?  I built my own R/S rack and I am toying with building a partial DC lab as well.   Any ideas anyone?  I have not been able to find any documentation on physical layout of the DC lab...

      Building INE's RSv5 topology with physical routers

      May 23, 2014, 9:15 am
      Viewing all 10672 articles
      Browse latest View live
      Search