Hi
Maybe someone will know which cisco router we can use as hub for
dmvpn-phase-1-dual-hub-with-3000-spokes-with-ospf enabled as routing protocol
note: gre over ipsec will be used
↧
dmvpn-phase-1-dual-hub-with-3000-spokes-with-ospf
↧
Congestion Control Techniques ..?
Dears,
During My CCIE Studies I am much confused about the Congesion Control techniques.
In some places its written that we have congesion control techniques.
1) Slow Start, 2) Congestion Avoidence 3) Fast Retransmit 4) Fast Recovery
In some Places its written 2 techniques of Congestion Control
1) Closed Loop Based and 2) Open Loop based
Under Closed Loop we have Tocket Buket Algo and Leaked Buckeet Algorithm..?Correct...?
Can please some one clarify which are the main techniques and whar are sub techniques/Algos.
Appreciate your support.
Regards
Jawwad
↧
↧
IKEv1 L2L Between IOS and ASA with PSK in Aggressive Mode
I have a question. Does anyone able to make this to work using SG solution?
I seem can't get the vpn to come up using SG solution. Got below error message on asa:
"[IKEv1]Group = 192.168.70.22, IP = 192.168.70.22, Can't find a valid tunnel group, aborting...!"
Note: I am using my own ip addressing scheme. 192.168.70.22 is asa's ikev1 interface;
To make it work, in addition to SG configs, I added below commands on R3
crypto isakmp peer address 192.168.70.12
set aggressive-mode password CISCO
set aggressive-mode client-endpoint fqdn R3.ine.com
Once configs are in place, vpn came up and working ok.
%ASA-7-713906: IP = 192.168.70.22, Connection landed on tunnel_group R3.ine.com
Is it a valid solution? It sounds like "aggressive-mode" need to be configured on both sides of devices, comment?
↧
Task Typo. Layer 2 EtherChannel with PAgP
Hey Brian,
This task if to configure PAgP
Last bullet reads:
- These links should not use PAgP for dynamic EtherChannel negotiation.
Should read
- These links should use PAgP for dynamic EtherChannel negotiation.
Happy to help,
Sam
↧
STP Message Age
I've been trying to understand Message Age timer. Some documentations say "it is similar to hop count"
From Cisco Online Documentation here http://www.cisco.com/c/en/us/support/docs/lan-switching/spanning-tree-protocol/19120-122.html
"The message age is not a fixed value. The message age contains the length of time that has passed since the root bridge initially originated the BPDU. The root bridge sends all its BPDUs with a message age value of 0, and all subsequent switches add 1 to this value. Effectively, this value contains the information on how far you are from the root bridge when you receive a BPDU."
I am using the topology shown. SW1 has been elected root. SW4's E1/0 is Blocked by STP. All devices are running in PVST mode.
The message age number is not conforming to the definition outlined in the Cisco Online documentation, as far as my understanding goes. Should I even be seeing a Message Age of 3 while working on this topology?
Furthermore, on SW4 the message age bounces from 3 to 2 then back to 3 over and over again. I suspect it may have something to do with the message age increment overestimate (msg_overestimate) parameter but I don't understand much beyond suspicion on what the purpose of "overestimation" is in the first place and what is happening in the topology.
Also why would I ever see message age of 2 on SW2's E0/0 and SW3's E0/0 which are both directly connected to the root switch and are elected root ports?
SW1#sh spanning-tree vlan 1 detail | i ^ Port | Timers
Timers: hello 1, topology change 0, notification 0, aging 300
Port 1 (Ethernet0/0) of VLAN0001 is designated forwarding
Timers: message age 0, forward delay 0, hold 0
Port 3 (Ethernet0/2) of VLAN0001 is designated forwarding
Timers: message age 0, forward delay 0, hold 0
SW1 is the root of the spanning-tree topology therefore message age is zero on both interface Ethernet0/0 and Ethernet0/2.
SW2#sh spanning-tree vlan 1 detail | i ^ Port | Timers
Timers: hello 0, topology change 0, notification 0, aging 300
Port 1 (Ethernet0/0) of VLAN0001 is root forwarding
Timers: message age 2, forward delay 0, hold 0
Port 5 (Ethernet1/0) of VLAN0001 is designated forwarding
Timers: message age 0, forward delay 0, hold 0
SW3#sh spanning-tree vlan 1 detail | i ^ Port | Timers
Timers: hello 0, topology change 0, notification 0, aging 300
Port 1 (Ethernet0/0) of VLAN0001 is root forwarding
Timers: message age 2, forward delay 0, hold 0
Port 5 (Ethernet1/0) of VLAN0001 is designated forwarding
Timers: message age 0, forward delay 0, hold 0
SW4# sh spanning-tree vlan 1 detail | i ^ Port | Timers
Timers: hello 0, topology change 0, notification 0, aging 300
Port 3 (Ethernet0/2) of VLAN0001 is root forwarding
Timers: message age 3, forward delay 0, hold 0
Port 5 (Ethernet1/0) of VLAN0001 is alternate blocking
Timers: message age 3, forward delay 0, hold 0
Then if I wait a few moments and issue same command on SW4 again it shows message age is back to 2.
SW4# sh spanning-tree vlan 1 detail | i ^ Port | Timers
Timers: hello 0, topology change 0, notification 0, aging 300
Port 3 (Ethernet0/2) of VLAN0001 is root forwarding
Timers: message age 2, forward delay 0, hold 0
Port 5 (Ethernet1/0) of VLAN0001 is alternate blocking
Timers: message age 2, forward delay 0, hold 0
Please help shed some light on this vexing thing.
Thanks!
↧
↧
MTU Problem (need a beast to fix it)
In my network I have a 3560 Gbit switch using a 9k jumbo frame, and 2 PC's that are currently now using a 7500 MTU. The two PC's are just connected to the switch, which is using Gbit SFP's. Both NIC's are actually capable of using jumbo frames and a 9k MTU, but when I set them to actually use the 9k MTU - when traffic is sent between them using a ping sweep with a size 7800, the traffic starts fragmenting (I worked it out by setting the df-bit at both 7799 and 7800. At 7799 it doesn't fragment, but at 7800 it does. Makes no sense because its just 2pc's connected to one 3560 switch with everything configured to use 9k jumbo frames). So that's why I've set my MTU to 7500 rather than 9k at the moment. Why won't Windows allow me to get the full 8960 byte MSS (i.e. 9k jumbo frame minus the 20byte tcp and ip header)? That's my first question! According to the much loved internet, Windows should be capable of using a MSS of 64KB, aka 65535 bytes, which is way more than the 8960 I want it to use. So I don't understand why my data is getting fragmented at 7799 bytes?
The command I used to test this was in Windows > ping 192.168.1.100 -f -l 7799. I put this command on both hosts A and host B (just call them that for simplicity). Host A just didn't get the reply when the command was issued. But when I put the command into Host B, it said something like df-bit set but need to fragment. So I assume Host B is potentially the one with the issue? I'm really stuck on how to troubleshoot, or go any further with this. But I'm sure of one thing. This is doing my nut in! Can anyone help?
↧
SIP Dial Rules
I'm playing with something in the lab based on something I ran into at a customer and I'm fiddling with ways to make it work.
I'm trying to make the same rule available to a sip 89XX phone, but there seems to be a conflict between the actions.
mike
On a SCCP phone, you can create an XLation pattern WITHOUT urgenty priority enabled to create the following scenario:
Phone goes off hook, at interdigit timeout (phone is knocked off hook but user is incapaciated) the phone will auto dial (PLAR) to an extension.
This scenario is pretty straight forward.
I'm trying to make the same rule available to a sip 89XX phone, but there seems to be a conflict between the actions.
I can PLAR to an extension
I can interdigit timeout to an extension without dialing any digits...BUT if I do the interdigit delay, the system won't accept digits dialed when I do try to dial.
Anyone have any thoughts? I'm weak on the SIP side (dial rules, etc) so I may be missing something rudimentary.
Thanks in advance.
mike
↧
Building INE's RSv5 topology on CSR1000v
Use this thread for discussion on building INE's CCIE RSv5 topology using the Cloud Services Router 1000v (CSR1000v).
Details of INE's RSv5 topology can be found here.
Details on CSR1000v can be found here.
Check the CSR1000v Data Sheets for specific platform requirements.
This thread is a continuation of the original RSv5 build thread that can be found here.
PLEASE DO NOT POST REQUESTS FOR IOS IMAGES, IT IS ILLEGAL TO PROVIDE YOU WITH THEM UNLESS YOU ALREADY HAVE A VALID CISCO SERVICE CONTRACT.
↧
shift ctrl 6 x Mac os
Hey Guys,
Something thats driving me crazy , sure its simple but ....
how do i escape on a cisco terminal server when using either mac os terminal or iterm like on windows shift ctrl 6 x , under iterm tried sending the hex and a few different things driving me a bit mad now :)
any help appreciated....
↧
↧
OSPF Initial configs - bug?
It seems there are bugs in the initial configs for the OSPF labs. The loopback 0 interfaces of all routers have masks of 255.255.255.255, vs. v4 labs that are /24. This becomes an issue in the OSPF Network Loopback task. This starts in the inital ospf configs, and seems present in the ospf over broadcast media, and dmvpn configs as well. It appears to be fixed in later OSPF lab configs.
↧
SPF Algorithm - Equal Cost Routes
I have a question on the SPF algorithm. During the SPF run, if there are two or more equal cost paths to a router which path is placed in the tree database? I don't recall seeing anything on it in the video and the book TCP/IP Routing (Vol1) says if there are two or more equal cost paths choose one. There is nothing on how that path is chosen. Thanks!
↧
'fcoe-npv' vs 'fcoe' & 'npv'
So I was wondering how this worked, if I needed a 5500 switch to be both an fc npv switch and an fcoe-npv switch - can I enable both features at the same time? i.e can I enable all of 'fcoe', 'npv' and 'fcoe-npv'. It turns out I cannot. But then again, I don't need to...
If I enable 'fcoe' and then enable 'npv', I not only get NPV for FC, but I do also get NPV for FCoE (by default).
It is a bit of a no-brainer really when you think about it, but it's worth knowing in case you need to work out what features you need.
feature fcoe-npv will just give you NPV mode for FCoE, so no native FC-NPV.
Of course, on your NPIV switch, you still need 'feature npiv' - may sound silly, but don't forget about it!
and also don't forget, on 5500's you enable FC by turning on the 'FCoE' feature.
↧
CML Cisco Youtube video
Watched this video, about 18 minutes in the CTO for education discusses CML and what to expect with the products and release time frames. Most things have already beed discussed but this is from Cisco directly and it's recent. Hopefully you find it as informative as I did.
https://www.youtube.com/watch?v=FCjTSqjVcKk
↧
↧
Task 3.1 basic mpls
Dears, im facing a problem with IOS-XR at ldp stablshment that no ldp adjacency as below:
RP/0/0/CPU0:XR01#sh mpls ldp neighbor
Sat May 31 15:07:57.423 UTC
RP/0/0/CPU0:XR01#
RP/0/0/CPU0:XR01#sh ospf nei
Sat May 31 15:07:44.314 UTC
* Indicates MADJ interface
Neighbors for OSPF 1
Neighbor ID Pri State Dead Time Address Interface
6.6.6.6 1 FULL/BDR 00:00:36 20.6.19.6 GigabitEthernet0/0/0/0
Neighbor is up for 00:48:59
5.5.5.5 1 FULL/BDR 00:00:39 20.5.19.5 GigabitEthernet0/0/0/1
Neighbor is up for 00:48:47
20.20.20.20 1 FULL/DR 00:00:32 20.19.20.20 GigabitEthernet0/0/0/2
Neighbor is up for 00:50:46
RP/0/0/CPU0:XR01#sh mpls interfaces
Sat May 31 14:58:05.074 UTC
Interface LDP Tunnel Static Enabled
-------------------------- -------- -------- -------- --------
GigabitEthernet0/0/0/0 Yes No No Yes
GigabitEthernet0/0/0/1 Yes No No Yes
RP/0/0/CPU0:XR01#sh ospf nei
Sat May 31 15:07:44.314 UTC
* Indicates MADJ interface
Neighbors for OSPF 1
Neighbor ID Pri State Dead Time Address Interface
6.6.6.6 1 FULL/BDR 00:00:36 20.6.19.6 GigabitEthernet0/0/0/0
Neighbor is up for 00:48:59
5.5.5.5 1 FULL/BDR 00:00:39 20.5.19.5 GigabitEthernet0/0/0/1
Neighbor is up for 00:48:47
20.20.20.20 1 FULL/DR 00:00:32 20.19.20.20 GigabitEthernet0/0/0/2
Neighbor is up for 00:50:46
↧
Doc CD - Master Command List
Hey Everyone, does anyone know if during the lab we have access to the part of the Doc CD that is listed as the Cisco IOS Master Command List?
Thanks!
↧
CCIE R&S Passed!
It's been a really long road, but I finally passed my CCIE R&S Lab last week on my second attempt! I definitely want to thank everyone at the INE Team for their top notch training materials ad thoroughness to get here. I couldn't have done it without, for sure. Now, time to take a small break and start to tackle either DC or SP!
Thanks!
Ethan
CCIE# 44000
↧
Workbook Physical layout and parts list
Hey,
IF I choose to build my own lab based on the workbooks, what parts list do I need and how is the gear physically cabled? I built my own R/S rack and I am toying with building a partial DC lab as well. Any ideas anyone? I have not been able to find any documentation on physical layout of the DC lab...
↧
↧
Building INE's RSv5 topology with physical routers
Use this thread for discussion on building INE's CCIE RSv5 topology using the physical routers.
Details of INE's RSv5 topology can be found here.
Detials on branch router platforms can be found here.
This thread is a continuation of the original RSv5 build thread that can be found here.
PLEASE DO NOT POST REQUESTS FOR IOS IMAGES, IT IS ILLEGAL TO PROVIDE YOU WITH THEM UNLESS YOU ALREADY HAVE A VALID CISCO SERVICE CONTRACT.
↧
PEAP authentication on ACS 5.3 for aruba wireless users
Dears
sorry if my question is far from CCIE scope. but in real production, i have one aruba controller and ACS 5.3. the requirement is to have wireless users authenticated from ACS using PEAP MSCHAPv2.. i configured internal user and apply access service policy with Permit access authorization profile.. but it is not working and showed me this error "11019 Selected Service DenyAccess". please help
↧
CCIE RSv5 Equipment Build
Edit: This thread is getting too long, and it is now closed. Please post in a more detailed thread below instead:
- Building INE's RSv5 topology on CSR1000v
- Building INE's RSv5 topology on IOS on GNS3
- Building INE's RSv5 topology on IOU/IOL on GNS3
- Building INE's RSv5 topology with physical routers
- Building INE's RSv5 topology with physical switches
Use this thread for Q&A on how to build INE's new CCIE RSv5 topology, either in physical hardware or virtualization. This thread will later be compiled into the new "How To Build A CCIE Rack" page.
↧