Folks,

A word of warning, and it seems so obvious, but save your configs - regularly!  i.e. after each command on whatever device.  My trick was to write this for nxos:

cli alias name wr copy runn start

Basically, just type 'wr' to save you configs.  I must have done it a hundred times or so.

Which held me in good stead, as we had a 1.5hr power outage in the lab.  When everything came back, I was good to go, hadn't lost anything.

Sadly, the guy doing another lab had not saved for 3 1/2 hours!  Game over!

It was a very expensive occasion for him (as it turned out, so it was for me also!).  Still haven't crossed the finishing line....

So, save your configs!

Pardon my ignorance, but what payment methods are being used here to purchase unneeded tokens?  Paypal?  Just checking cus I will need some soon.

Hi all,

I've found myself spending an inordinate amount of time trying to get the basic Inter-AS and CSC working in Lab 4 and it's making me want to pack this whole thing in! I'm having real issues, apparently centred around XR2, where I cannot get reachability through to the R7 and R8 loopbacks inside vrf FOO. There are prefixes and labels being advertised out but the traffic just doesn't get there. If anyone can shed some light on this I'd really appreciate it

RP/0/3/CPU0:XR2#sh ip ro vrf FOO 172.16.0.7

Sat Oct 25 12:30:46.058 UTC

Routing entry for 172.16.0.7/32

  Known via "bgp 1000", distance 20, metric 0

  Tag 3000, type external

  Installed Oct 25 12:23:46.953 for 00:06:59

  Routing Descriptor Blocks

    172.16.207.7, from 172.16.207.7

      Route metric is 0

  No advertising protos.

RP/0/3/CPU0:XR2#sh bgp vrf FOO

Sat Oct 25 12:35:15.380 UTC

BGP VRF FOO, state: Active

BGP Route Distinguisher: 10.0.0.20:1

VRF ID: 0x60000003

BGP router identifier 10.0.0.20, local AS number 1000

BGP table state: Active

Table ID: 0xe0000003

BGP main routing table version 170

Status codes: s suppressed, d damped, h history, * valid, > best

              i - internal, r RIB-failure, S stale

Origin codes: i - IGP, e - EGP, ? - incomplete

   Network            Next Hop            Metric LocPrf Weight Path

Route Distinguisher: 10.0.0.20:1 (default for vrf FOO)

*> 172.16.0.1/32      10.0.0.1                               0 2000 i

*>i172.16.0.2/32      10.0.0.2                 0    100      0 i

*> 172.16.0.3/32      10.0.0.3                               0 2000 i

*> 172.16.0.4/32      10.0.0.4                 0             0 2000 i

*>i172.16.0.5/32      10.0.0.5                 0    100      0 i

*> 172.16.0.6/32      10.0.0.1                               0 2000 ?

*> 172.16.0.7/32      172.16.207.7             0             0 3000 i

*> 172.16.0.8/32      172.16.208.8             0             0 3000 i

*>i172.16.0.19/32     10.0.0.19                0    100      0 i

*> 172.16.0.20/32     0.0.0.0                  0         32768 i

*> 172.16.46.0/24     10.0.0.1                               0 2000 ?

*> 172.16.78.0/24     172.16.207.7             0             0 3000 i

*                     172.16.208.8             0             0 3000 i

*> 172.16.207.0/24    172.16.207.7             0             0 3000 i

*> 172.16.208.0/24    172.16.208.8             0             0 3000 i

RP/0/3/CPU0:XR2#sh bgp vrf FOO 172.16.0.7

Sat Oct 25 12:35:57.173 UTC

BGP routing table entry for 172.16.0.7/32, Route Distinguisher: 10.0.0.20:1

Versions:

  Process           bRIB/RIB  SendTblVer

  Speaker                169         169

    Local Label: 16010

Last Modified: Oct 25 12:08:13.531 for 00:27:43

Paths: (1 available, best #1)

  Advertised to PE update-groups (with more than one peer):

    0.3

  Advertised to PE peers (in unique update groups):

    10.0.0.4

  Advertised to CE update-groups (with more than one peer):

    0.1

  Path #1: Received by speaker 0

  3000

    172.16.207.7 from 172.16.207.7 (172.16.0.7)

      Received Label 3

      Origin IGP, metric 0, localpref 100, valid, external, best, import-candidate

      Extended community: RT:1000:1

As you can see XR2 is learning the prefixes and is being given label 3 to use. However when it comes to using that label it's a different matter.

RP/0/3/CPU0:XR2#sh mpls forwarding vrf FOO

Sat Oct 25 12:29:18.248 UTC

Local  Outgoing    Prefix             Outgoing     Next Hop        Bytes

Label  Label       or ID              Interface                    Switched

------ ----------- ------------------ ------------ --------------- ------------

16006  Aggregate   FOO: Per-VRF Aggr[V]   \

                                      FOO                          4680

16009  Aggregate   172.16.207.0/24[V] FOO                          0

16012  Aggregate   172.16.208.0/24[V] FOO                          0

16013  Pop         172.16.78.0/24[V]               172.16.207.7    0

16014  19          172.16.0.1/32[V]                10.0.0.1        0

16015  19          172.16.0.2/32[V]                10.0.0.2        0

16016  21          172.16.0.3/32[V]                10.0.0.3        0

16017  21          172.16.0.4/32[V]                10.0.0.4        0

16018  22          172.16.0.5/32[V]                10.0.0.5        0

16019  28          172.16.0.6/32[V]                10.0.0.1        0

16020  16007       172.16.0.19/32[V]               10.0.0.19       0

16021  29          172.16.46.0/24[V]               10.0.0.1        0

If I add a static route inside vrf FOO for the R7/R8 loopbacks then I get a forwarding entry however obviously this isn't a solution in the lab and anyway the CSC still doesn't work.

Doing a debug I can see R5, directly connected, is trying to send traffic to XR2 with a label of 16010 however this doesn't appear in the mpls forwarding table above. XR2 is actively advertising this label out! Output below is from another PE router

R1(config-subif)#do sh mpls fo vrf FOO 172.16.0.7

Local      Outgoing   Prefix           Bytes Label   Outgoing   Next Hop

Label      Label      or Tunnel Id     Switched      interface

30         16010      172.16.0.7/32[V] 9522          Fa0/0.13   10.0.13.3

This is confirmed on XR2

RP/0/3/CPU0:XR2#sh bgp vrf FOO labels | include 172.16.0.7

Sat Oct 25 13:01:11.580 UTC

*> 172.16.0.7/32      172.16.207.7    3               16010

I'm completely stuck now. The outputs do look similar for XR2s loopback inside vrf FOO however that works as expected.

Here is the BGP config from XR2:

router bgp 1000

 address-family ipv4 unicast

  network 10.0.0.20/32

 !

 address-family vpnv4 unicast

 !

 address-family ipv6 unicast

  network 2001:10::20/128

 !

 neighbor 10.0.0.2

  remote-as 1000

  update-source Loopback0

  address-family ipv4 unicast

  !

  address-family vpnv4 unicast

   route-reflector-client

  !

 !

 neighbor 10.0.0.4

  remote-as 2000

  ebgp-multihop 255

  update-source Loopback0

  address-family vpnv4 unicast

   route-policy PASS in

   route-policy PASS out

   next-hop-unchanged

  !

 !

 neighbor 10.0.0.5

  remote-as 1000

  update-source Loopback0

  address-family vpnv4 unicast

   route-reflector-client

  !

 !

 neighbor 10.0.0.19

  remote-as 1000

  update-source Loopback0

  address-family vpnv4 unicast

   route-reflector-client

  !

 !

 neighbor 2001:10::19

  remote-as 1000

  update-source Loopback0

  address-family ipv6 unicast

  !

 !

 vrf FOO

  rd 10.0.0.20:1

  address-family ipv4 unicast

   network 172.16.0.20/32

   allocate-label all

  !

  neighbor 172.16.207.7

   remote-as 3000

   address-family ipv4 labeled-unicast

    route-policy PASS in

    route-policy PASS out

   !

  !

  neighbor 172.16.208.8

   remote-as 3000

   address-family ipv4 labeled-unicast

    route-policy PASS in

    route-policy PASS out

   !

  !

 !

!

And the static routes for good measure

router static

 vrf FOO

  address-family ipv4 unicast

   172.16.0.7/32 GigabitEthernet0/4/0/0.207

   172.16.0.8/32 GigabitEthernet0/4/0/0.208

!   172.16.207.7/32 GigabitEthernet0/4/0/0.207

!   172.16.208.8/32 GigabitEthernet0/4/0/0.208

  !

 !

!

R7 BGP config

R7(config-router-af)#do sh run | s bgp

 mpls bgp forwarding

router bgp 3000

 no bgp default ipv4-unicast

 bgp log-neighbor-changes

 neighbor 172.16.0.6 remote-as 3000

 neighbor 172.16.0.6 update-source Loopback0

 neighbor 172.16.0.8 remote-as 3000

 neighbor 172.16.0.8 update-source Loopback0

 neighbor 172.16.207.20 remote-as 1000

 !

 address-family ipv4

  network 172.16.0.7 mask 255.255.255.255

  network 172.16.78.0 mask 255.255.255.0

  neighbor 172.16.0.8 activate

  neighbor 172.16.0.8 send-label

  neighbor 172.16.207.20 activate

  neighbor 172.16.207.20 send-label

  no auto-summary

 exit-address-family

 !

 address-family vpnv4

  neighbor 172.16.0.6 activate

  neighbor 172.16.0.6 send-community extended

  neighbor 172.16.0.8 activate

  neighbor 172.16.0.8 send-community extended

 exit-address-family

 !

 address-family ipv4 vrf BAR

  network 192.168.0.7 mask 255.255.255.255

 exit-address-family

Hi all,

Given that IOS XR 3.9.1 is now end of support they seem to have removed it from the cisco.com online docs. Does anyone know what documentation access you get in the lab and what version the docs are?

I'm assuming obviously that it is still running IOS XR 3.9.1, the CCIE pages still have that on the blueprint.

Thanks,

Pete

Configure the network so that R13 can reach R10’s loopback0 via R11, and so that R14 can reach it via R12. Don’t modify the link cost/metrics to accomplish this task.

Although it is clear that the task requires mutual 2 points redistribution between ospf and eigrp, it is not clear in which way would be possible to achieve the same modifying the cost/metrics of any of these 2 protocols.

Thank you for any clarifications.

It seems there are bugs in the initial configs for the OSPF labs. The loopback 0 interfaces of all routers have masks of 255.255.255.255, vs. v4 labs that are /24. This becomes an issue in the OSPF Network Loopback task. This starts in the inital ospf configs, and seems present in the ospf over broadcast media, and dmvpn configs as well. It appears to be fixed in later OSPF lab configs.

Hi guys,

i'm confused by the "state" statement. what's the difference between

track 1 ip sla 1 and track 1 ip sla 1 state

Cisco says: state (Optional) Tracks the operation return code.

i'm using icmp-echo to test. seems no matter the "state" is present or not, the ip sla will inform the track once the link is down.

so even i dont add the "state" the icmp-echo timeout return code will still be returned back to the "track".

The sample as below

match ip add ACCESS-LIST
set ip next-hop verify-availability 2.2.2.2 track 1
set ip next-hop 3.3.3.3

track 1 just monitor icmp-echo sla

The testing result shows if the routing to 2.2.2.2 is up the second "set" won't override the first "set". However if the rouitng to 2.2.2.2 down, the second "set" will take place.

So, what's the relationship between the first "set" and the second "set"? AND or OR?

Dear All,

I was trying to see the Total Number of L2 Portchannel support in N5K (5548UP) running 5.1(3)N2 version. As per the below given document, for Nexus 5548 it is 48 port channel and for Nexus 5596 is 96 port-channel.

http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/configuration_limits/limits_513/nexus_5000_config_limits_513.html#wp327738

But I have reached creating 77 L2 port channels (68 LACP & 9 Static operational) now and worried how to verify if I have reached the limit.

If I reach the limit, will the device notify explicitly with a message or the port-channel will not come up without any message.

Could someone please help to verify what would be the limit of port-channels in 5548 running 5.1(3)N2.

I'm following along in the Traffic Engineering w/Stub Areas ATC video, and when I change the cost of the default route originated from R6 into Area 2, I am not seeing the output in the show ip ospf database of "Routing Bit Set on this LSA...." on the LSA from R3

If you look at the video, at 10:51, you see this in the top of the command line after Brian runs "show ip ospf database 0.0.0.0"

My output is below:

R7#show ip ospf data sum 0.0.0.0

            OSPF Router with ID (150.1.7.7) (Process ID 1)

                Summary Net Link States (Area 2)

  LS age: 705

  Options: (No TOS-capability, DC, Upward)

  LS Type: Summary Links(Network)

  Link State ID: 0.0.0.0 (summary Network Number)

  Advertising Router: 150.1.3.3

  LS Seq Number: 80000001

  Checksum: 0x3769

  Length: 28

  Network Mask: /0

        MTID: 0         Metric: 1 

  LS age: 153

  Options: (No TOS-capability, DC, Upward)

  LS Type: Summary Links(Network)

  Link State ID: 0.0.0.0 (summary Network Number)

  Advertising Router: 150.1.6.6

  LS Seq Number: 80000002

  Checksum: 0x645F

  Length: 28

  Network Mask: /0

        MTID: 0         Metric: 1234 

Hi, I have a pretty tough to troubleshoot issue with duplicate IP alerts on my OTV setup, if anyone has ideas I would be very grateful!

I have 2 sites, each site has 2 7K's. OTV is setup and working perfectly between sites for layer 2 vlans..........Until I create an SVI HSRP group for one of those vlans. As soon as i span an SVI i immediately start to get duplicate ip address warnings on the 7K main VDC.

%arp-2-DUP_SRC_IP: arp [6976] source address of packet received from d867.d970.7620 on Vlan 400(port-channel40) is duplicate of local 172.20.10.10

Port-channel40 is the VCP link to the other 7K on the same site. I get this on all the 7K's and its always seeing the duplicate IP over the VPC link.

I have the filters on each of the 4 OTV VDC's:

1. Was the R5 loopback 0 meant to be incorrect?

2. Section 5.2/5.3:  Would it have been sufficient to use a route-map that looks like the following for the link to ISP B:

route-map LOCAL_ROUTES2B permit 10

 match as-path 1

 set as-path prepend 1832 1832

Here, we're saying only permit routes that were localy originated AND as-path prepend them..deny everything else.

3. Section 6.3: Maybe I'm a bit rusty..but why can't we influence the spokes to prefer one DMVPN hub over the other from the hub's perspective?  My first thought would be to pump up the delay on the hub routers...this had no effect on the the total delay.     

4. Section 9.2: What is the purpose of using the ntp peer key?

Debug with and without it on one of the clients (After removing the server and re-adding it):

WITHOUT:

Oct 26 11:38:46.613: NTP message sent to 10.255.255.9, from interface 'Loopback0' (10.255.255.12).

Oct 26 11:38:46.615: NTP message received from 10.255.255.9 on interface 'Loopback0' (10.255.255.12).

Oct 26 11:38:46.615: NTP Core(DEBUG): ntp_receive: message received

Oct 26 11:38:46.615: NTP Core(DEBUG): ntp_receive: peer is 0x7F761C2082A8, next action is 1.

WITH:

Oct 26 11:40:11.592: NTP message sent to 10.255.255.9, from interface 'Loopback0' (10.255.255.11).

Oct 26 11:40:11.594: NTP message received from 10.255.255.9 on interface 'Loopback0' (10.255.255.11).

Oct 26 11:40:11.594: NTP Core(DEBUG): ntp_receive: message received

Oct 26 11:40:11.594: NTP Core(DEBUG): ntp_receive: peer is 0x7F1CEC00A9F0, next action is 1.

Not sure if my understanding is correct.

To reach the tunnel destination we need to go through the tunnel, however to built the tunnle we need to reach the destinaton first.

Am I right?

Hi all!

Props to user sdallspach (Steven) for creating this. 

https://www.dropbox.com/s/ztg39zjb5o41iat/Steven%27s%20awesome%20CCIE%20RS%20LAB%20Generator.xlsx?dl=0

From any tab press F9 to generate a new list randomly.  This is currently based off the labs that aren't pending updates.

For this task, it states to "ensure that only R1 advertises this route (R6's redistributed loopback100) into area 0"

Would this config be a valid solution as well as what's show in the solution INE provides?

router ospf 1

 area 1 nssa translate type7 always

Brian shows in this the ATC videos, and it has the intended effect, but I just want to double check.

Hello everyone,

After creating seventeen routers in my ESXi 5.1 server, I was going to start configuring them following the template from the new workbooks, but for some reason, I only have one Gigabit Ethernet interface in each of my routers instead of three.

The funny thing is when I first installed these routers, I put the managment config on g1 on all seventeen of the routers and opened telent session to them in securcrt so I could start seeing how many routers I can run on my server, I didn't look for any other interfaces until now.

Has anyone else come across this? I downloaded the ova file from Cisco, I'm using 9.3.11

Thanks,

Mike

Hi all,

I'm curious what exact time did your lab start in Brussels. I'm asking because on my last attempt the plane was leaving about 7:30 PM, while the lab ended on at 5 PM.  The proctor warned us that it was risky, because sometimes the lab starts late (9-10 AM)

Now I'm trying to figure out how likely is this going to happen. Is it better to book a flight next day?

Hi all,

How can you tell from the output below if the router or the neighbors from which is learning the prefix is 4-byte aware?

I've seen this question somewere and I simultated this behavior on 2 routers, one being 4-byte aware and the other not. Its the same output, no difference.

Router#sh ip bgp
BGP table version is 3, local router ID is 150.1.5.5
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 150.1.2.2/32     1.2.3.4                  0         100 0     65001 23231 10 i
r> 150.1.3.3/32     155.1.23.3               0        100 0     65001 23231  i

I head out Saturday for my 10-Day R&S bootcamp in seattle and just wanted to get everyones opinion on how to make the most of my time. In all honesty this will be my first in-person training session for certifications. Up until now everything I have done has been self study.

I feel good going into this bootcamp and think Im about 2 months away from testing. I hope to gain a lot more depth on most all areas and really expose my weak areas. 

What would you have done differently with your bootcamp? 

What mistakes do people make going in that affects their bootcamp experiance?

Notes: Im thinking Ill take some just to hit high points and weak areas but mostly just listen and interact.

What else guys?

Hi Bryan, are there plans to release a workbook based only on CSR1000v (kinda like your Dynamips version for v4 labs)?

Also, since a large section is focused on L3, is there a problem with reconfiguring interfaces to be physical instead of sub-interfaces? Since using sub-if would require a 2nd NIC to connect your ESX box to the four external switches.

Thank you.

Mike