INE workbooks use Virtual Routers with virtual Interfaces.

Does the actual Lab Exam also uses Virtual Routers or Physical Routers

Dear All,

I have a question on booking the INE rack rental for practicing  vPC Labs - Nexus Technology Lab workbook. 

I could see in all vPC Labs, Servers are directly connected to Nexus and not FEX, does this mean I do not need to book the FEX add on module to practice the vPC lab or am I missing something.

Hi. I want to enable communication between R7 and R9 over SP network that consists of R8, R10, R12 and R13. I've enabled BGP 100 and MPLS between SP routers. this is my topology and config. the Ethernet over MPLS does not work. do I need to create a direct tunnel link between R8 and R10 with MPLS on it to make it work?

R8 config: --------------------

interface Loopback0

 ip address 8.8.8.8 255.255.255.255

 ip ospf 2 area 0

!

interface FastEthernet0/0.1

 encapsulation dot1Q 1 native

 xconnect 10.10.10.1 100 encapsulation mpls

!

interface Serial0/0

 ip address 100.1.128.8 255.255.255.0

 ip ospf 2 area 0

 mpls ip

!

mpls ldp router-id Loopback0 force

R10 config -----------------------------------------

interface Loopback0

 ip address 10.10.10.1 255.255.255.255

 ip ospf 2 area 0

!

interface FastEthernet0/0.1

 encapsulation dot1Q 1 native

 xconnect 8.8.8.8 100 encapsulation mpls

!

interface Serial0/0

 ip address 100.1.131.10 255.255.255.0

 ip ospf 2 area 0

 mpls ip

!

mpls ldp router-id Loopback0 force

some show commands:---------------------------------

R8(config-router)#do sh mpls l2 vc

Local intf     Local circuit              Dest address    VC ID      Status    

-------------  -------------------------- --------------- ---------- ----------

Fa0/0.1        Eth VLAN 1                 10.10.10.1      100        UP        

R10#sh mpls l2 vc

Local intf     Local circuit              Dest address    VC ID      Status    

-------------  -------------------------- --------------- ---------- ----------

Fa0/0.1        Eth VLAN 1                 8.8.8.8         100        UP        

R10#sh mpls ldp neigh | inc Iden

    Peer LDP Ident: 13.13.13.1:0; Local LDP Ident 10.10.10.1:0

        Addresses bound to peer LDP Ident:

    Peer LDP Ident: 8.8.8.8:0; Local LDP Ident 10.10.10.1:0

        Addresses bound to peer LDP Ident:

R8(config-router)#do sh mpls ldp neigh | inc Iden

    Peer LDP Ident: 12.12.12.1:0; Local LDP Ident 8.8.8.8:0

        Addresses bound to peer LDP Ident:

    Peer LDP Ident: 10.10.10.1:0; Local LDP Ident 8.8.8.8:0

        Addresses bound to peer LDP Ident:

Hello Community,

I am trying to make SNMPv3 informs work, but I am facing the following problem when trying to generate them (in this case BGP informs)

R1#clear ip bgp * 
R1#
*Oct 19 12:25:16.877: %BGP-5-ADJCHANGE: neighbor 155.1.12.2 Down User reset
*Oct 19 12:25:16.877: %BGP_SESSION-5-ADJCHANGE: neighbor 155.1.12.2 IPv4 Unicast topology base removed from session  User reset
*Oct 19 12:25:16.877: convert_pdu:Function has reached clean up routine.
CheckMIBView: OID is in MIB view.
CheckMIBView: OID is in MIB view.
CheckMIBView: OID is in MIB view.
CheckMIBView: OID is in MIB view.
CheckMIBView: OID is in MIB view.
SrCheckNotificationFilter: OID is included.
SrCheckNotificationFilter: OID is included.
SrCheckNotificationFilter: OID is included.
SrCheckNotificationFilter: OID is included.
SrCheckNotificationFilter: OID is included.
SrGenerateNotification: Search for user in agt_usmUserTable failed.
 
SrV2GenerateNotification:Function has reached clean up routine.

*Oct 19 12:25:16.877: convert_pdu:Function has reached clean up routine.

SNMP config looks like the following:

R1#sh runn | s snmp
mmi snmp-timeout 180
snmp-server engineID local 1234567890
snmp-server engineID remote 155.1.12.100 ABCDEF1234
snmp-server user USER INFORM v3
snmp-server group INFORM v3 noauth notify NOTIFY
snmp-server view NOTIFY iso included
snmp-server view NOTIFY cisco included
snmp-server enable traps snmp linkdown linkup
snmp-server enable traps bgp
snmp-server host 155.1.12.100 informs version 3 noauth USER

Once I which inform to version 2c with community it starts to work as expected, so this problem seems to be specific to SNMPv3.

Any ideas what may be wrong?

Regards,

Michael

Hi Guys,

Qualifying statement - I'm working with CSR1KV's

Few thoughts.  My understanding of OSPF LFA FRR is that 3 conditions ideally need to be met when looking at the backup path. 

I believe I've got those in place but it's not coming up with the expected result. Either by using the precise solution provided or by using other cost values.   my output

Area 10:

Interface        Protected    Primary paths    Protected paths Percent protected
                             All  High   Low   All  High   Low    All High  Low
Gi1.1718               Yes     0     0     0     0     0     0     0%   0%   0%
Gi1.1617               Yes    31    19    12     1     0     1     3%   0%   8%

Questions. 

The expected output has this under the "Area 10" section of the output.  overwhelming majority of the prefixes are External Type 2's which

A)will have the same Metric in the RIB no matter where they are, but make their decisions with the forward metric.

B)from a database point of view aren't part of Area 10 at all.

I've tried changing them to E1's, no joy. I've tried stopping the redistribution into ospf 22 on R16, which causes the output of "show ip ospf fast-reroute prefix-summary" on R17 to go to 100% protected. as per

Area 10:

Interface        Protected    Primary paths    Protected paths Percent protected
                             All  High   Low   All  High   Low    All High  Low
Gi1.1718               Yes     0     0     0     0     0     0     0%   0%   0%
Gi1.1617               Yes     1     0     1     1     0     1   100%   0% 100%

but obviously very few primary's and protected's..:/ 

Which points to only having a problem with protecting External Prefixes.

Is anyone else having this issue or am I doing something incorrectly?   Either way I've spent an uncomfortable amount of time on this :/.

Cheers,

Paul B

Hi All,

Some of you may know me from CLN.  I don't usually post here.  Anyway, I have a question on Shaping class-default and then nesting a policy map under the shaping with LLQ...

I remember reading something one time that LLQ is not really being shaped behind the scenes, but is actually queued outside of the shaping policy.  I, however, cannot find this information again.  Can anyone help me with this, point me to some material that states this?  Actually shaping an LLQ would be a disaster under congestion.

Thanks for your help!

Hi all,

How can you tell from the output below if the router or the neighbors from which is learning the prefix is 4-byte aware?

I've seen this question somewere and I simultated this behavior on 2 routers, one being 4-byte aware and the other not. Its the same output, no difference.

Router#sh ip bgp
BGP table version is 3, local router ID is 150.1.5.5
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 150.1.2.2/32     1.2.3.4                  0         100 0     65001 23231 10 i
r> 150.1.3.3/32     155.1.23.3               0        100 0     65001 23231  i

Hello community,

I'm a bit confused with this behavior as I thought creating a username with privilege level 15 would automatically place the user in that privilege level when he/she logs in but instead the user gets to be put in privilege level 1. Can anyone help me understand why this happens with AAA authentication but it does not with local authentication?

R1 with AAA authentication enabled (there is not a AAA server so it falls back to local)

R1(config)#do sh run | i username admin-15|aaa authentication login VTYs|aaa new-model
aaa new-model
aaa authentication login VTYs group tacacs+ local
username admin-15 privilege 15 secret 5 $1$EhZo$JK3C7Vc55q4h8HW31gXLs.
R1(config)#do sh run | b line vty
line vty 0 4
 login authentication VTYs
 transport input all

R3(config)#!Telnet to R1:     
R3(config)#do telnet 155.1.13.1
Trying 155.1.13.1 ... Open

================================================
===                                DBZ Battlefield                                ===
===                      Unathorized Warriors will Perish                   ===
================================================
Enter your Warrior ID >>>admin-15
Enter your Warrior Secret >>>

R1>sh priv
Current privilege level is 1

R2 with Local Authentication (aaa new-model command has not been entered)

R2(config)#do sh run | i username admin-15|aaa
username admin-15 privilege 15 secret 5 $1$KRW/$US.lGlh0DTKbdSLtTjNMl.
R2(config)#do sh run | b line vty
line vty 0 4
 login local
 transport input all

R3(config)#!Telnet to R2:
R3(config)#do telnet 155.1.23.2
Trying 155.1.23.2 ... Open


User Access Verification

Username: admin-15
Password:
R2#sh priv
Current privilege level is 15

Hi Team,

I have configured a simple NAT pool with this topology attached.

I tried to cover all 14 hosts but still the last host 10.1.1.8 can't be translated... and I am running out of options

I tried using 10.1.1.0 0.0.0.16 to just cover:

10.1.1.5 - 10.1.1.8 but still only the last host is having problems.  Does the prefix length on the pool configuration need to match the wild card mask?

NAT router:

R3#sh run | s nat

ip nat pool my_traders 124.24.34.250 124.24.34.253 prefix-length 24

ip nat inside source list traders pool my_traders

R3#sh run | s access-list

ip access-list extended traders

 permit ip 10.1.1.0 0.0.0.16 any

Thanks,

Hi Guys. I have a question and it might look stupid. I would ask anyway: I have been trying to get a grasp of FabricPath and vPC/vPC+ and all these get to incorporate FHRPs in one way or the other...especially HSRP. In HSRP the hosts have the virtual default gateway configured and use the vMAC to route outside their VLAN. How does return traffic get routed? Is the destination MAC address the HSRP virtual MAC address? In vPC, much isn't talked about the vMAC in return traffic...but in vPC+ and FabricPath, there is idea of the virtual switch whose switch ID is the encapsulated OSA...and I guess frames are pushed to it in their respective ODAs. What would be the use-case in vPC, HSRP for returning traffic?

Cant get phase 2 to come up between a cisco and checkpoint firewall. The proxy ACL and transform set seem to match but yet no workie. Anyone have an idea why?

Oct 17 15:11:10: ISAKMP:(42743):Total payload length: 12

Oct 17 15:11:10: ISAKMP:(42743): sending packet to 1.1.1.1 my_port 500 peer_port 500 (R) MM_KEY_EXCH

Oct 17 15:11:10: ISAKMP:(42743):Sending an IKE IPv4 Packet.

Oct 17 15:11:10: ISAKMP:(42743):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE

Oct 17 15:11:10: ISAKMP:(42743):Old State = IKE_R_MM5  New State = IKE_P1_COMPLETE

Oct 17 15:11:10: ISAKMP:(42743):Input = IKE_MESG_INTERNAL, IKE_PHASE1_COMPLETE

Oct 17 15:11:10: ISAKMP:(42743):Old State = IKE_P1_COMPLETE  New State = IKE_P1_COMPLETE

Oct 17 15:11:10: ISAKMP (42743): received packet from 1.1.1.1 dport 500 sport 500 Global (R) QM_IDLE

Oct 17 15:11:10: ISAKMP: set new node 2928898679 to QM_IDLE

Oct 17 15:11:10: ISAKMP:(42743): processing HASH payload. message ID = 2928898679

Oct 17 15:11:10: ISAKMP:(42743): processing SA payload. message ID = 2928898679

Oct 17 15:11:10: ISAKMP:(42743):Checking IPSec proposal 1

Oct 17 15:11:10: ISAKMP: transform 1, ESP_AES

Oct 17 15:11:10: ISAKMP:   attributes in transform:

Oct 17 15:11:10: ISAKMP:      SA life type in seconds

Oct 17 15:11:10: ISAKMP:      SA life duration (VPI) of  0x0 0x0 0xE 0x10

Oct 17 15:11:10: ISAKMP:      authenticator is HMAC-SHA

Oct 17 15:11:10: ISAKMP:      encaps is 1 (Tunnel)

Oct 17 15:11:10: ISAKMP:      key length is 256

Oct 17 15:11:10: ISAKMP:(42743):atts are acceptable.

Oct 17 15:11:10: IPSEC(ipsec_process_proposal): peer address 1.1.1.1 not found

Oct 17 15:11:10: ISAKMP:(42743): IPSec policy invalidated proposal with error 64

Oct 17 15:11:10: ISAKMP:(42743): phase 2 SA policy not acceptable! (local 2.2.2.2 remote 1.1.1.1)

Oct 17 15:11:10: ISAKMP: set new node 2706240197 to QM_IDLE

Oct 17 15:11:10: ISAKMP:(42743):Sending NOTIFY PROPOSAL_NOT_CHOSEN protocol 3

spi 139643081102792, message ID = 2706240197

Oct 17 15:11:10: ISAKMP:(42743): sending packet to 1.1.1.1 my_port 500 peer_port 500 (R) QM_IDLE

Oct 17 15:11:10: ISAKMP:(42743):Sending an IKE IPv4 Packet.

Oct 17 15:11:10: ISAKMP:(42743):purging node 2706240197

Oct 17 15:11:10: %CRYPTO-5-IPSEC_SETUP_FAILURE: IPSEC SETUP FAILED for local:1.1.1.1 local_id:1.1.1.1 remote:2.2.2.2 remote_id:2.2.2.2 IKE profile:None fvrf:None fail_reason:IPSec Proposal failure fail_class_cnt:1

Oct 17 15:11:10: ISAKMP:(42743):deleting node 2928898679 error TRUE reason "QM rejected"

Oct 17 15:11:10: ISAKMP:(42743):Node 2928898679, Input = IKE_MESG_FROM_PEER, IKE_QM_EXCH

Oct 17 15:11:10: ISAKMP:(42743):Old State = IKE_QM_READY  New State = IKE_QM_READY

Oct 17 15:11:10: ISAKMP (42743): received packet from 1.1.1.1 dport 500 sport 500 Global (R) QM_IDLE

Oct 17 15:11:10: ISAKMP: set new node 3169756681 to QM_IDLE

Oct 17 15:11:10: ISAKMP:(42743): processing HASH payload. message ID = 3169756681

Oct 17 15:11:10: ISAKMP:(42743): processing SA payload. message ID = 3169756681

Oct 17 15:11:10: ISAKMP:(42743):Checking IPSec proposal 1

Oct 17 15:11:10: ISAKMP: transform 1, ESP_AES

Oct 17 15:11:10: ISAKMP:   attributes in transform:

Oct 17 15:11:10: ISAKMP:      SA life type in seconds

Oct 17 15:11:10: ISAKMP:      SA life duration (VPI) of  0x0 0x0 0xE 0x10

Oct 17 15:11:10: ISAKMP:      authenticator is HMAC-SHA

Oct 17 15:11:10: ISAKMP:      encaps is 1 (Tunnel)

Oct 17 15:11:10: ISAKMP:      key length is 256

Oct 17 15:11:10: ISAKMP:(42743):atts are acceptable.

Oct 17 15:11:10: IPSEC(ipsec_process_proposal): peer address 1.1.1.1 not found

Oct 17 15:11:10: ISAKMP:(42743): IPSec policy invalidated proposal with error 64

Oct 17 15:11:10: ISAKMP:(42743): phase 2 SA policy not acceptable! (local 2.2.2.2 remote 1.1.1.1)

Oct 17 15:11:10: ISAKMP: set new node 1941872296 to QM_IDLE

Oct 17 15:11:10: ISAKMP:(42743):Sending NOTIFY PROPOSAL_NOT_CHOSEN protocol 3

spi 139643081102792, message ID = 1941872296

Oct 17 15:11:10: ISAKMP:(42743): sending packet to 1.1.1.1 my_port 500 peer_port 500 (R) QM_IDLE

Oct 17 15:11:10: ISAKMP:(42743):Sending an IKE IPv4 Packet.

Oct 17 15:11:10: ISAKMP:(42743):purging node 1941872296

Oct 17 15:11:10: ISAKMP:(42743):deleting node 3169756681 error TRUE reason "QM rejected"

Oct 17 15:11:10: ISAKMP:(42743):Node 3169756681, Input = IKE_MESG_FROM_PEER, IKE_QM_EXCH

Oct 17 15:11:10: ISAKMP:(42743):Old State = IKE_QM_READY  New State = IKE_QM_READY

Oct 17 15:11:17: IPSEC(delete_sa): SA found saving DEL kmi

Oct 17 15:11:29: ISAKMP:(42742):purging node 1673756212

We need some explanation. in Lab Overview section one point is made:

The resolution of one incident MAY depend on the resolution of previous incidents.
The dependency will not be visible if incidents are resolved in sequence.

so, it is better to solve those tickets in sequence?

For the Version 4 Technologies Workbook, is becoming extremely familiar with all the topics that the workbook covers a good indicator of lab exam readiness?  

I'm enjoying going through all of the INE material, but I find myself wondering when my peparation will be good enough to make a lab attempt.

Hello everyone,

I'm looking for one to three virtual (online) study partners for the CCIE R&S exam. Preferably individuals who have gone through all of Workbook 1 or nearly all of it and are available from 7pm to 12am Central time and weekends for study sessions to review material.

What I'm looking for is humble and dedicated people who are not afraid to explain technologies to each other and run through scenarios. Most importantly, individuals that don't put other people down or make fun of others for not knowing a particual topic. It's important to have support from each member of the group.

Please add your name and email below if you are interested

Use this thread for discussion on building INE's CCIE RSv5 topology using the Cloud Services Router 1000v (CSR1000v).

Details of INE's RSv5 topology can be found here.

Details on CSR1000v can be found here.

Check the CSR1000v Data Sheets for specific platform requirements.

This thread is a continuation of the original RSv5 build thread that can be found here.

PLEASE DO NOT POST REQUESTS FOR IOS IMAGES, IT IS ILLEGAL TO PROVIDE YOU WITH THEM UNLESS YOU ALREADY HAVE A VALID CISCO SERVICE CONTRACT.

Hello,

When the workbook V5 was published it was said some part of it could be usefull for the written too.

Now my question is :

how to use v5 workbook to study for the written ?

The following notes are listed in the full scale lab - solutions for task 1.2. Can someone explain the "disjoint OSPF area design"? I noticed the virtual-links connect R1/R3 and R2/R4. There is already a OSPF neighbor and adjacency on the connected interface. Why do we require virtual links? I see the notes for area 10/area 121 to exchange Type 3 and the loopback notes. However, is the reason for connecting to Area 0, which is located on R3 and R4?  

"The virtual-links configured here fix the disjoint OSPF Area design used by this lab. Area 10 and 121 will be able to exchange Type-3 LSAs, and also allow R1-R4 to advertise their Loopback0 into Area 0"

R1:

router ospf 100

 area 20 virtual-link 192.122.3.3

R3:

router ospf 100

 area 20 virtual-link 192.122.3.1

Hi all,

I'm curious what exact time did your lab start in Brussels. I'm asking because on my last attempt the plane was leaving about 7:30 PM, while the lab ended on at 5 PM.  The proctor warned us that it was risky, because sometimes the lab starts late (9-10 AM)

Now I'm trying to figure out how likely is this going to happen. Is it better to book a flight next day?

Is there a new guildline to stuyd for R&S v5 similar to http://blog.ine.com/2010/10/09/how-to-pass-the-ccie-rs-with-ines-4-0-training-program

Thank you!