Quantcast
Channel: IEOC - INE's Online Community
Viewing all 10744 articles
Browse latest View live

INE Lab - MDS3 and MDS4

May 15, 2014, 6:37 am
$
0
0

Hi Guys,

I need your advise on two point here.

Point 1: I can see from the INE LAB topology diagram that there is MDS3 and MDS4 but I am not really sure how to connect to these MDS (3&4) and if we really need them?

From the telnet option, I can get access to MDS1 and MDS2 which connects to the FC-SAN one way and connects to the UCS-FI the other way.

Has anyone actually used the MDS3 and MDS4? Can you point me to what session on the LAB guide that refers to it?

Just getting confused with this and needs some help understanding how its setup from the MDS point of view.

Point 2: I enabled the port (fc2/3) connecting MDS1 and MDS2 to the FC-SAN and could only see one device in the flogi database. I have configued the interface as mode FL and was hoping I will see multiple flogi from the different disks. Is this not the case?

Please your input from you experience with the lab will be most helpful

Thanks

MDS1

MDS1(config-if)# sh flogi database
--------------------------------------------------------------------------------
INTERFACE        VSAN    FCID           PORT NAME               NODE NAME      
--------------------------------------------------------------------------------
fc2/3            1     0x6102ef  21:00:00:1b:32:07:32:23 20:00:00:1b:32:07:32:23
Total number of flogi = 1.
MDS1(config-if)#

MDS1(config-if)# sh run int fc2/3
interface fc2/3
  switchport mode FL
  no shutdown
MDS1(config-if)#

 

MDS2

MDS2(config-if)# sh flogi database
--------------------------------------------------------------------------------
INTERFACE        VSAN    FCID           PORT NAME               NODE NAME      
--------------------------------------------------------------------------------
fc2/3            1     0x6402ef  21:01:00:1b:32:27:32:23 20:01:00:1b:32:27:32:23
Total number of flogi = 1.
MDS2(config-if)#

 

MDS2(config-if)# sh run int fc2/3
interface fc2/3
  switchport mode FL
  no shutdown
MDS2(config-if)#

Topology Diagram showing MDS3 and MDS4

 

Thanks

Luke

Search

New WB for RSv5 - non-covered topics

May 13, 2014, 8:17 am
$
0
0

Hey INE guys,

just want to ask - I went through the new workbook and have observed that there is new topology that is Layer3 based (maybe some L2/L3 switch for creating the links between routers). Then, was waiting for physical topology diagram because I have got a plenty of HW sorted in the racks (c2811, c3560).

1) if there is pure Layer3 topo only, how will the LAN switching part be done? Another topology/part of topo?

2) I don't see any serial connections (ETH only) - so what about the HDLC/PPP from the new LAB blueprint?

Maybe it was answered somewhere else or I missed some points - so sorry in that case, thanks anyway for any response.

Tom

4.1

May 15, 2014, 8:53 am
$
0
0

PE-CE config on BB1...

I've taken a look at BB1 but there is no PE configuration on it relating to this PE-CE relationship.  Am I missing something?

How am I meant to get a eigrp peering to work over a VRF?

Task 5.1 PIM Filtering

August 8, 2012, 9:38 pm
$
0
0

Task 5.1
5. Multicast
Some of the multicast settings have been pre-configured for you. You need to
discover the active multicast topology using the show commands.

5.1 PIM Filtering
 - A media server located on VLAN 32 will be streaming a video feed to
clients located on VLAN 5.
 - The network administrator has requested that the Frame Relay connection
between R1 and R5 be used as sparingly as possible for multicast traffic.
 - To help avoid excess multicast flooding and pruning behavior over this
Frame Relay connection, R1 should not allow R5 to become a PIM
neighbor. However, R5 should still allow clients on VLAN 5 to receive
multicast traffic for this group.
 - Configure your network to support this arrangement.
 
 
 This task was a tough one for me.  
 I could get the solution as perscribed in the solution guide
 but it would not vlaidate.
 
 We were to discover the MPLS topology but not change the topology.
 R2 S0/0 did not have PIM enabled so RPF path needed to go from r3 to r1
 through subnet 191.1.13.0.  This took a while to figure out that an OSPF
 virtual link was required for area 13 so the routing went from r3 -> r1 ->r5
 so it followed the PIM interface path.  Also adjusted an ospf cost value.
 
 Config
    R1
    router ospf 1
     area 13 virtual-link 150.1.3.3
 
    R3
    router ospf 1
     area 13 virtual-link 150.1.1.1
 
 Path
    Rack1R3#trace 191.1.5.5
      1 191.1.13.1 16 msec 16 msec 16 msec
      2 191.1.125.5 40 msec *  40 msec
    Rack1R3#
 
    Rack1R5#trace 192.10.1.3
       1 191.1.125.1 28 msec 28 msec 28 msec
       2 191.1.13.3 40 msec *  40 msec
    Rack1R5#

Now the route and the PIM interface path match. 

The validation still fails.
The client is Vlan 5 so R5 int f0/0 must do the join.

   interface FastEthernet0/0
    ip address 191.1.5.5 255.255.255.0
    ip pim dense-mode
    ip igmp helper-address 191.1.125.1
    ip igmp join-group 225.5.5.5

The server is Vlan 32 so the ping needs to originate from R3 int F0/0.
   Rack1R3#ping 225.5.5.5 source f0/0 r 99

   Type escape sequence to abort.
   Sending 99, 100-byte ICMP Echos to 225.5.5.5, timeout is 2 seconds:
   Packet sent with a source address of 192.10.1.3

   Reply to request 0 from 191.1.125.5, 109 ms...........
   Rack1R3#
  The first ping after "clear mr *" works and all others fail. 

The ping from r1 is sucessful:
   Rack1R1#ping 225.5.5.5 r 99

   Type escape sequence to abort.
   Sending 99, 100-byte ICMP Echos to 225.5.5.5, timeout is 2 seconds:

   Reply to request 0 from 191.1.125.5, 116 ms
   Reply to request 1 from 191.1.125.5, 124 ms
   Reply to request 2 from 191.1.125.5, 124 ms
   Reply to request 3 from 191.1.125.5, 124 ms
   Reply to request 4 from 191.1.125.5, 125 ms
   Reply to request 5 from 191.1.125.5, 128 ms
   Reply to request 6 from 191.1.125.5, 128 ms
   Rack1R1#
  
So there is something with PIM dense mode and the frame configuration
that is not happy.   I even tried ip pim NBMA which i know should not be used with dense mode but it did help so I turned it off.



In an attempt to debug the problem I did a "no ip mroute-cache" on R1 s0/0.
   Rack1R1(config)#  interface Serial0/0
   Rack1R1(config-if)#no ip mroute-cache
  
Now everything is validating.

   Rack1R3#ping 225.5.5.5 source f0/0 r 99

   Type escape sequence to abort.
   Sending 99, 100-byte ICMP Echos to 225.5.5.5, timeout is 2 seconds:
   Packet sent with a source address of 192.10.1.3

   Reply to request 0 from 191.1.125.5, 108 ms
   Reply to request 1 from 191.1.125.5, 105 ms
   Reply to request 2 from 191.1.125.5, 104 ms
   Reply to request 3 from 191.1.125.5, 104 ms
   Reply to request 4 from 191.1.125.5, 104 ms
   Reply to request 5 from 191.1.125.5, 104 ms
   Reply to request 6 from 191.1.125.5, 104 ms
   Reply to request 7 from 191.1.125.5, 104 ms
   Reply to request 8 from 191.1.125.5, 105 ms
   Rack1R3#
  
 So to get multicast dense mode to work with this frame-relay configuration
 requires the following commands:
 
   Rack1R1(config)#  interface Serial0/0
   Rack1R1(config-if)#no ip mroute-cache

I am running real routers and switches with the perscribed IOS.

I dont like turning off mroute-cache so
if anyone has found another way to get this task to
validate, I welcome a response.

Lab INE

May 15, 2014, 8:06 am
$
0
0

I am curious to how some of your guys are building your INE topology LAB,

are you using gns3 with XR routers in virtual box?

Are you using the new gns3 with IOU?

What are you using for the ME switches

6.2

May 15, 2014, 11:02 am
$
0
0

SG output is:

SW3 and SW4:
mac access-list extended DEC-SPANNING
permit any any dec-spanning
!
vlan access-map NO_DEC-SPANNING 10
action drop
match mac address DEC-SPANNING
!
vlan access-map NO_DEC-SPANNING 20
action forward
!
vlan filter NO_DEC-SPANNING vlan-list 363

Can anyone explain why this wouldnt work? (the SG seems a bit long winded, but I dont know whether it needs to be?)

mac access-list extended VL363
 deny   any any dec-spanning
 permit any any

vlan filter VL363 vlan-list 363

ASA SMTP inspection task

May 14, 2014, 8:34 am
$
0
0

Guys, i have a few comments on the above task:

- In the solution, the domains cyberscam.org and nullroute.com are added as follows in regex: "(cyberspam.org|nullroute.com)". I think it must be "(cyberspam\.org|nullroute\.com)", please correct me if i am wrong.
- In the questio, it is asking to reject emails from senders. In this case, the solution is using reset as action. In this specific task, i could use drop connection because it did not specify to send a TCP reset message to client/server, am i right?
- We are using policy-map type inspect esmtp and do a match because there is no class-map type inspect esmtp to do the match, can we use the match commnd inside policy-map type inspect http without using class-map type inspect http even if exists and we get the same result?

Please correct me if i am wrong.

ASA Threat Detection task

May 15, 2014, 11:07 am
$
0
0

Dears,

I have a question in the above task. I understood that the burst_rate is calculated by the formula (1/30)*rate_interval.
Rate_interval=7200 seconds. Then the Burst_rate will be 240. Why in the solution it is 24000?

Please advise.

Search

Missing Topics in CCIE Sec V4 ATC

May 15, 2014, 11:41 am
$
0
0

There are some Topics missing in CCIE Security V4 ATC like NAT on ASA 8.4/8.6,IKEV2,VRF aware VPN,GETVPN etc so Brain or Cristian i would be really thankful to you if you Guys can update us that when these topics will be available i tried to understand these topics from one other vendor but all went over my head there is no comparsion of Brain the way he explains the technology and then implementation and troubleshooting its really awsome Brain is not a trainer HE is instrctor who is career builder you are penta time BEST Sir Brain

The Avenginator Returns.

May 14, 2014, 9:37 am
$
0
0

Lets get the nasty bits over with.

No I'm not a CCIE...I failed....TWICE!  Shame on me but those who followed my posts previously had an idea that I was well on my way to passing this thing...or at least had a better than average shot at it.. Then EXACTLY 90 days before...EXACTLY on the same day...actually 2 hours after I got the conformation e-mail from cisco something horrible happened. (In hind sight it was a good thing but at the time...it was impossible)

 

Its been tough but enough moping.

 

I'm back. Will Tox study for this thing again?  I dont know...I dont wanna teach anymore....so I'm in limbo. I DO know that I'm done being locked up in my room 12 hours a day by myself...and there are only so many CCNA and CCNP classes that I can bear to teach now.

Ver 5 took PfR away and Layer 2 qos...GOOD....they took Frame away...BAD...C'est la vie

The proctor now happens to know me as "the guy that ate too much hot sauce during lunch and was dobled over for most of the exam!"

 

 

I've lost a lot of technical knowhow...if you were to ask me about OSPF transit capability or BGP outbound route filtering...I'm stare at ya blankly...ok not exactly blankly but I wouldn't nail it...which is a shame....but i'm back...

 

I believe this is a step in the right direction.

 

 

To old friends on here...

 

Hello once more.

 

 

Tox!

 

 

 

10.81 Advanced HTTP Classification with NBAR

July 3, 2009, 3:12 am
$
0
0

Hi experts,

according to my testing, this SG statement is not true:

"Matching is case-sensitive and you can use patterns like [aA] to match both cases."


This also contradicts what is said in 11.12 Using NBAR for Content-Based Filtering,
where it is stated:

"All matching is case insensitive. The pattern "text" matches "TEXT" as well."


Any clarification would be highly appreciated!


tom

V5 rack rental and IPv6

May 15, 2014, 9:46 pm
$
0
0

Hi

I was wondering if anyone has tried a full dual-stack deployment on the new v5Racks? I was running into an ND error where the Routers could not resolve or communicate with ipv6. I tested my config on my home lab gear and no issue, and i also tested by using the ipv4 address on each link and static ipv6 neighbor setting with no luck. 

CoPP configuration

May 15, 2014, 11:32 pm
$
0
0

hi we are seeing Copp violation packet in CoPP is that fine. should we need to increase the bandwidth set. we dont see CPU high though.

thanks in advance

class-map copp-system-class-important (match-any)
match access-group name copp-system-acl-cts
match access-group name copp-system-acl-glbp
match access-group name copp-system-acl-hsrp
match access-group name copp-system-acl-vrrp
match access-group name copp-system-acl-wccp
match access-group name copp-system-acl-hsrp6
match access-group name copp-system-acl-pim-reg
match access-group name copp-system-acl-icmp6-msgs
police cir 1060 kbps , bc 1000 ms
module 1 :
conformed 24434164305 bytes; action: transmit
violated 40636 bytes; action: drop

module 2 :
conformed 2579677277 bytes; action: transmit
violated 0 bytes; action: drop

module 7 :
conformed 10818979339 bytes; action: transmit
violated 28644319360 bytes; action: drop

Security Lab 5 - section 3.1 R3 Sub-Ca not working

May 15, 2014, 11:35 pm
$
0
0

Support, we follow your detail solution for Lab 5, but the R3 Sub-Ca not working, has below error, what's wrong? Please advice............

 

CSR1000v - debug ip packet does not work?

May 13, 2014, 12:19 pm
$
0
0

Hi,

A few days ago I have set up the new v5 topology using 10 CSR1000v (03.11.00.S) and started labbing. It worked great, but today I ran into issue when trying to debug some GRE tunnels.

I found that "debug ip packet" does not show incoming packets. No matter if it's ICMP or routing protocols.

It only shows locally generated packets. I tried to do the same on IOU and it worked like a charm.

Anyone experienced the same thing with CSR1000v and know how to fix this?

Version 03.11.00.S is dated November 2013, but this was the last one with virtual machine version 8, the newer ones will need vSphere Web Client which I've heard is not so good.

 

Search

Task 6.2 Traffic Filtering with Dynamic ACL (Lock & Key)

September 14, 2011, 1:43 am
$
0
0

Guys,

The task says "Configure the network in such a way that hosts must first authenticate to R2 before they are allowed to telnet to SW1". Doesn't it mean that we need to use the "host" keyword in "access-enable" command? Otherwise, one host can punch a hole in the access-list and other hosts can pass-through without authenticating with R2.

SG solution: (version 5.10.019)
username TELNET autocommand access-enable timeout 5

In my opinion, it shoulde be:
username TELNET autocommand access-enable host timeout 5

Please let me know your opinion.
Thanks

 

7.4

May 16, 2014, 4:43 am
$
0
0
  • Configure SW2 to respond to UDP echoes from a network management station with a yet unknown IP address.
  • SW2 should not respond to packets sent to the UDP discard and chargen ports from this network management station

Rather than enable the service udp-small-servers and then creating an ACL to filter, how about just:

access-list 101 permit udp any any eq echo

?

My fifteen hundred dollar lunch.

May 15, 2014, 6:15 pm
$
0
0

Failed troubleshooting, passed configuration.

 

I got smoked on the troubleshooting section.  My suggestion is like people say regarding config, read all the tickets before starting, there are interdependencies and you can break multiple tickets by messing up another which is what I did.

I also was really nervous and could hardly think or type for the first 20 minutes, and that hurt me.  Bottom line though is I'm weak at troubleshooting, I should have been able to jam through those tickets with plenty of time to verify, but I did not have time to verify anything and that cost me.

I thought maybe I had I had squeaked it out on troubleshooting, but realized the big mistake just as I was beginning config.  I felt sick to my stomach.  Ironically it caused me to settle down and I tore through the config section like I was doing an easy vol 2 lab back at home.  I spent the last hour verifying and I never felt pressed for time.  I put a lot of time into speed drills and base config in the final 3 weeks of my prep and that was obviously effective.

I've learned a lot prepping for this attempt and I'd like to thank INE for their wonderful products, it was the heart of my preperation.  Now it's on to v5 and I'm pissed and determined.  Bring it on.

 

 

New INE 10-Day CCNP Routing & Switching Bootcamps!

May 9, 2014, 4:58 pm
$
0
0

Hi everyone,

Just wanted to let you know that INE has just released CCNP Routing & Switching 10-Day Bootcamps

Both live on-site and online interactive Bootcamp formats are available for purchase. As an added bonus, if you purchase the CCNP Routing 10-Day Bootcamp, you'll receive a complimentary 1-Year All Access Pass!

On a budget? No problem! INE offers a variety of payment plan options to choose from at checkout. 

Visit INE's website for course dates/locations, and outlines of the CCNP Routing & Switching Bootcamps. Be sure to reserve your seat today! http://www.ine.com/instructor-led/ccnp-bootcamps.htm

 

Happy Studying,

 

Kristen Hansen
Technical Marketing | INE, Inc. 

 

Question about IP MTU.

May 15, 2014, 1:42 pm
$
0
0

Hi Experts,

I have network connected like this: R1(Fa0/0) - (Fa0/0)R2

R1 Fa0/0 interface is configured for ip mtu 1498.

Now sending a ping with packet size of 1500 from R1 to R2.

The packet from R1 to R2 will be fragmented into 2 packets because of the ip MTU.

How will be reply packet from R2 to R1. How R2 comes to know that R1 has a lesser mtu size than its default value 1500 bytes?

Will the return reply packet be fragmented?

Viewing all 10744 articles
Browse latest View live
Search