Quantcast
Channel: IEOC - INE's Online Community
Viewing all 10744 articles
Browse latest View live

NSSA and Default Routing

$
0
0

INE Solution:

 

R5:
router ospf 1
area 3 nssa default-information-originate
area 3 default-cost 500

 

Alternate config:

R5:
router ospf 1
area 3 nssa default-information-originate metric 500


port forward

$
0
0

dear all

i have problem with port forward i make port forward on router to server put in default getway on server i add gatway load balance for distributed switch i can not acccess this server 

INE rack tokens for sale

$
0
0
Normal 0 false false false EN-US X-NONE AR-SA MicrosoftInternetExplorer4

Hi,

I passed my CCIE and I have a lot of rack tokens that i do not need any more if anyone is interested just pm me

i have 3000 tokens, 1000 tokens for 600 USD

 

Regards

/* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin-top:0in; mso-para-margin-right:0in; mso-para-margin-bottom:10.0pt; mso-para-margin-left:0in; line-height:115%; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin;}

Automatic reply: Cisco IOU wrapper help

$
0
0

I will be out of the office beginning 4/20/15 returning on 4/21/15. During this time I will not have phone or email access. Please utilize the CNOS project DL (Agency-DL-CSO-NICS-Projects-CNOS) for any CNOS required support. In addition, please contact the Tony Stewart (CNOC) at 256-544-4400 for any CNOC LAN  (Wireless, Wired or VPN) support questions/concerns.

 

Cisco IOU wrapper help

$
0
0

Can anyone help with why wrapper-linux does not work? I cant work it out :o(

I can run the IOU image, it works fine, but wrapper doesnt...

 

user@debian32:~$ ./wrapper-linux -m i86bi-linux-l3-adventerprisek9-15.2.2.15T.bin -p 2222

Waiting on port 2222 ...

Process Id for child is 3209, parent is 3208

Unable to run router: No such file or directory

 

IOU 3209 exit

user@debian32:~$

Saving configurations on CCIE Collaboration Rack

$
0
0

Hello guys

Do you know any option to save configurations on CCIE collaboration rack?, when i say saving configurations,  I mean saving the current status of all Unified Servers to use it later without starting from scratch every rack session. Anybody knows a solution?

 

Thanks in advance

 

Hector

ASA 8.4 (2) NAT

$
0
0

I'm working on ASA NAT. I have ASA connected to 3 different devices by internal, dmz and outside interfaces. I want to configure ASA so if a router resides in the outside connects to ASA's external port with destination port 4444, ASA forwards it to internal router with destination port 23. my config is as follows:

 

nat (dmz,outside) source static R4_ETHERNET interface service R4_TELNET_23 TELNET_R4_PUBLIC

!

object network R4_ETHERNET

 host 14.14.14.4

object network R1_ETHERNET

 host 1.1.1.11 ------> IP address of R1

object service R4_TELNET_23

 service tcp source eq telnet 

object service TELNET_R4_PUBLIC

 service tcp source eq 4444 

 

 

 

ciscoasa(config)# sh inter ip br

Interface                  IP-Address      

GigabitEthernet0           1.1.1.254

GigabitEthernet1           12.12.12.254

GigabitEthernet2           14.14.14.254

 

but there is no hit on the NAT rule. any idea?

Use a break-out switch to connect CSR1000v to physical switches

$
0
0

I had being trying to connect my physical switches (4x3560 catalysts) using a break-out switch (4948) to the CSR 1000v instances on vmware without any success.

I had successfully on previous occasions connected GNS3 running on CentOS to physical switches via a breakout switch.

 

FOllowing is my setup:

on break_out switch: connecting to the VM_Host

interface GigabitEthernet1/24

 switchport trunk encapsulation dot1q

 switchport trunk allowed vlan 101-104

 switchport mode trunk

 l2protocol-tunnel cdp

 l2protocol-tunnel stp

 l2protocol-tunnel vtp

 no cdp enable

 

break_sw (g1/1) connected to physical SW_1 (fa0/1)

interface GigabitEthernet1/1

 description R1 > SW1

 switchport access vlan 101

 switchport mode dot1q-tunnel

 l2protocol-tunnel cdp

 l2protocol-tunnel lldp

 l2protocol-tunnel stp

 l2protocol-tunnel vtp

 no cdp enable

 spanning-tree portfast

end

 

Port g1/24 of break_SW is connected to eth0 of VM_Host, i create a virtual port group on the vmhost, set vlan_id as 101, assign this vm_net to the csr_1000v(R1) g3

create a dot1q interface on the router:

int g3.300

encap dot1q 300

ip addr 100.0.0.1 255.255.255.0

 

go to physical switch SW1

create vlan 300

enable trunking on fa0/1

int fa0/1

sw trunk encap dot

sw mode trunk

sw trunk allowed vlan 300

 

int vlan 300

ip addr 100.0.0.11 255.255.255.0

 

Did all these steps, i go to CSR1000v (R1) and tried to ping vlan300 interface of physical switch (SW1) with no luck, I do not see any arp on router no mac addr on vlan 300 on the physical switch.

But i can see cdp from both devices (R1) and SW1.

Am i missing a step? I suppose the issue lies on VM host? Is it even possible to use VMhost this way to connect to a break switch and tunnel vlans?

appreciate any help on this.

 

thanks

Ahmed.


best or valid answer selection.

$
0
0

Hi everyone I'm trying to understand how Cisco plans the CCIE security questions. 

 

I mean if we are working with static object nat for example and we have a dmvpn hub behind that nat what's would be the right answer? to change the spokes server ip to the one we nat? or to create a twice nat so we can bypass that nat rule only for the hub? 

 

both are valid configurations and the solution will work right?  (this apply only if we don't have an output image or something that points to the right solution)

 

how can we be sure that the solution is the answer expected?

 

I can give a couple of examples about it if this one is not clear.

 

any ideas?

 

regards.

Conesh.

CBWFQ and the Class-Default Class Map

$
0
0

Hello all,

Per Cisco:

CBWFQ Bandwidth Allocation

The sum of all bandwidth allocation on an interface cannot exceed 75 percent of the total available interface bandwidth. The remaining 25 percent is used for other overhead, including Layer 2 overhead, routing traffic, and best-effort traffic. Bandwidth for the CBWFQ class-default class, for instance, is taken from the remaining 25 percent. However, under aggressive circumstances in which you want to configure more than 75 percent of the interface bandwidth to classes, you can override the 75 percent maximum sum allocated to all classes or flows. If you want to override the default 75 percent, exercise caution and ensure that you allow enough remaining bandwidth to support best-effort and control traffic, and Layer 2 overhead.

 

So if I understand this correctly what they are saying is that the class-default class map handles any other traffic that you do not specifically put in your custom class maps (besides control traffic and L2 overhead). My questions:

  1. What happens if I use the bandwidth command under class-default where the assigned bandwidth is less than the 25% of the interface bandwidth? Am I creating an issue for control traffic in this case?
    policy-map XYZ
      class class-default
      bandwidth percent 5
    int g0/0
      service-policy input XYZ
  2. What if my custom class maps do not account for FTP and suddenly users start transfering big files? In this case FTP would be handled by the class-default class map along with the important control traffic and L2 overhead. Will FTP cause issues to the network control traffic in this case?

Can someone please tell me if I misunderstood Cisco's statement above? I personally see an issue with this architecture and honestly I always thought the 25% of reserved bandwidth was for control traffic only but under some unconfigurable class map and that the class-default class map used bandwidth from the remaining 75% just like all other custom class maps.

Thanks in advance

UCS Port Channels

$
0
0

Hello Team,

 

Sometimes I get lost with the way UCS permits the creation of Port Channels.

 

This is related with UCS Manager version 2.1(3e).

 

 

In the LAN Tab, we can create Ethernet Port-Channels.

 

In the LAN Uplinks Manager, we can create Ethernet Port-Channels.

 

So far, so good.

 

In the SAN Tab, we can create FC Port-Channels and FCoE Port-Channels.

 

But in the SAN Uplinks Manager, I’m only able to create FC Port-Channels. Am I missing something here ?

 

 

Another question:

 

Is it possible to aggregate two or more Unified Ports ? It’s seems we can either do Ethernet Port-Channeling or FCoE Port-Channeling. I don’t understand why this is not available. This kind of interfaces appear as both Ethernet Uplinks in the LAN Tab and FCoE Uplinks in the SAN Tab.

 

Some pointers would be great.

 

 

Thanks.

 

Regards,

 

Antonio Soares, CCIE #18473 (RS/SP)
amsoares@netcabo.pt

http://www.ccie18473.net

 

EzVPN Remote using DVTI

$
0
0

Dears,
I am trying to configure a very basic example on EzVPN remote using R1 as EzVPN Server and R2 as EzVPN remote but using DVTI interface on both.
My issue is that both pings from e0/0 and lo0 from R2 to 150.1.1.1 are using the VPN received IP address.

Here is my setup:
[Lo0]R1[E0/0]----[E0/0]R2[Lo0]
External subnet is 192.168.1.0/24 where 1.1 and 1.2 are IP addresses on R1 and R2 respectively. Moreover, loopback interfaces are 150.1.1.1/24 and 150.1.2.2 on R1 and R2 respectively.

Here are my configs:

R1:
aaa new-model
!
aaa authentication login default none
aaa authentication login authc local
aaa authorization network authz local
!
ip local pool pool 192.1.1.1 192.1.1.10
access-list 101 permit ip host 150.1.1.1 host 150.1.2.2
!
crypto isakmp policy 1
 encr 3des
 hash md5
 authentication pre-share
 group 2
crypto isakmp client configuration group ezvpn
 key cisco
 pool pool
 acl 101
 save-password
crypto isakmp profile myprof
   match identity group ezvpn
   client authentication list authc
   isakmp authorization list authz
   client configuration address respond
   client configuration group ezvpn
   virtual-template 1
crypto ipsec transform-set myset esp-3des esp-md5-hmac
 mode tunnel
crypto ipsec profile myprof
 set transform-set myset
 set isakmp-profile myprof
!
int e0/0
 ip address 192.168.1.1 255.255.255.0
int lo0
 ip add 150.1.1.1 255.255.255.0
interface Virtual-Template1 type tunnel
 ip unnumbered Ethernet0/0
 tunnel source Ethernet0/0
 tunnel mode ipsec ipv4
 tunnel protection ipsec profile myprof
ip route 0.0.0.0 0.0.0.0 192.168.1.2

R2:
crypto ipsec client ezvpn ezvpn
 connect auto
 group ezvpn key cisco
 mode client
 peer 192.168.1.1
 virtual-interface 2
 username cisco password cisco
 xauth userid mode local
int lo0
 ip address 150.1.2.2 255.255.255.0
 crypto ipsec client ezvpn ezvpn inside
int e0/0
 ip address 192.168.1.2 255.255.255.0
 crypto ipsec client ezvpn ezvpn
interface Virtual-Template2 type tunnel
 ip unnumbered Loopback0
ip route 0.0.0.0 0.0.0.0 192.168.1.1

My issue is that with the above config when i ping 150.1.1.1 from R2 e0/0 and lo0, i can see that it is using the IP address received by the vpn. However, if i remove the command virtual-interface 2 from my crypto ipsec client ezvpn ezvpn config, only ping from R2's lo0 will be using the vpn received address.

R2(config-if)#do ping 150.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 150.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 5/5/5 ms
R2(config-if)#

R1(config)#
*Apr 21 22:46:19.211: ICMP: echo reply sent, src 150.1.1.1, dst 192.1.1.7, topology BASE, dscp 0 topoid 0
*Apr 21 22:46:19.216: ICMP: echo reply sent, src 150.1.1.1, dst 192.1.1.7, topology BASE, dscp 0 topoid 0
*Apr 21 22:46:19.221: ICMP: echo reply sent, src 150.1.1.1, dst 192.1.1.7, topology BASE, dscp 0 topoid 0
*Apr 21 22:46:19.225: ICMP: echo reply sent, src 150.1.1.1, dst 192.1.1.7, topology BASE, dscp 0 topoid 0
*Apr 21 22:46:19.230: ICMP: echo reply sent, src 150.1.1.1, dst 192.1.1.7, topology BASE, dscp 0 topoid 0
R1(config)#

Can someone assist me in the above issue?

New VCP-Network Virtualization

$
0
0

Anyone have an opinion on whether the new VCP Network Virtualization would help build a foundation for the CCIE DC?  I know it doesn't directly relate but it would be interesting to have the knowledge going in on how VMWare treats things like VXLAN.  

Until the end of February, you can take the exam and earn the certification without taking a class as long as you have your CCNA or CCNP in RS or DC.

From: Cert Maiti

$
0
0
Hi



http://soglamorbeauty.com/information.php?clean=vn68q0awcqs9z





Cert Maiti


Sent from my iPhone

How to Upgrade FCoE License on 5548UP

$
0
0

May I know/have link to learn "How to Upgrade FCoE License on 5548UP"

thanks buddies..

 


OSPF Nssa and Prefix-suppression command

$
0
0

I saw that Ospf, when we issue the prefix-suppression command within an NSSA area where an external prefix has been redistributed, in addition to hide the FA address, it clears the P-bit disallowing the translation of the type 7 Lsa.

This means that even though we try to issue on the ABR the "area xyz nssa translate type 7 suppress-fa" command or nssa translate always, we cannot recurse anyway to the ABR since the translation is blocked because of the P-bit clearing.

For me this mechanism is a little bit inefficient from a path preservation point of view because the ABR knows every detail of the NSSA area and it can reach the ASBR that is originating the prefix. It just cannot translate it.

So im wondering why this is needed ? There should be maybe some  particular caveat behind this design choice?

CCIE SPv4 Kickoff Online Seminar

$
0
0

This class marks the kickoff of INE’s CCIE SPv4 product line for the New CCIE Service Provider Version 4 Blueprint, which goes live May 22nd 2015!  In this class we’ll cover the v3 to v4 changes, including exam format changes and topic adds and removes, recommended readings and resources, INE’s new CCIE SPv4 hardware specification and CCIE SPv4 Workbook, and the schedule for INE’s upcoming CCIE Service Provider Version 4 Advanced Technologies Class.  Class runs tomorrow, Tuesday April 14th at 09:00 PDT (16:00 UTC), and is free to attend.  Simply sign up for an INE Members account or visit this direct link for the class.

DMVPN - Encrypt Network

$
0
0

Hi Forum.

My Toplogy:

 <---------------(EIGRP AS202)---------------->

SPOKE1 -> 130.1.51.0 /24 -> SPOKE2 -> HUB1

I created 100.100.100.0/24 for my tunnel interfaces. So traffic to and from this network will get encrypted.I want to encrypt the 130.1.51.0 /24 network as well (learned via EIGRP process). It dosent work if I make a static route on the HUB1 that points the network to go throug tunnel interface. How can I solve this one?

 

My Config:

HUB:

!
crypto isakmp policy 1
 authentication pre-share
 hash md5
 group 2
 encryption 3des
!
crypto isakmp key CISCO address 0.0.0.0
!
crypto ipsec transform-set trans2 esp-3des esp-md5-hmac
mode transport
!
crypto ipsec profile vpnprof
 set transform-set trans2
!
interface Tunnel0
 ip address 100.100.100.1 255.255.255.0
 ip nhrp authentication CISCO
 ip nhrp map multicast dynamic
 ip nhrp network-id 99
 ip nhrp holdtime 300
 tunnel source fa0/0.17
 tunnel mode gre multipoint
 tunnel key 100000
 tunnel protection ipsec profile vpnprof
!

Spoke:

!
crypto isakmp policy 1
 authentication pre-share
 hash md5
 group 2
 encryption 3des
!
crypto isakmp key CISCO address 0.0.0.0
!
crypto ipsec transform-set trans2 esp-3des esp-md5-hmac
 mode transport
!
crypto ipsec profile vpnprof
 set transform-set trans2
!
interface Tunnel0
 ip address 100.100.100.2 255.255.255.0
 ip nhrp authentication CISCO
 ip nhrp map 100.100.100.1 130.1.76.7
 ip nhrp map multicast 130.1.76.7
 ip nhrp network-id 99
 ip nhrp nhs 100.100.100.1
 tunnel source Gi0/0.17
 tunnel mode gre multipoint
 tunnel key 100000
 tunnel protection ipsec profile vpnprof
!

Spoke:


crypto isakmp policy 1
 authentication pre-share
 hash md5
 group 2
 encryption 3des
!
crypto isakmp key CISCO address 0.0.0.0
!
crypto ipsec transform-set trans2 esp-3des esp-md5-hmac
 mode transport
!
crypto ipsec profile vpnprof
 set transform-set trans2
!
interface Tunnel0
 ip address 100.100.100.3 255.255.255.0
 ip nhrp authentication CISCO
 ip nhrp map 100.100.100.1 130.1.76.7
 ip nhrp map multicast 130.1.76.7
 ip nhrp network-id 99
 ip nhrp nhs 100.100.100.1
 tunnel source Gi0/0.17
 tunnel mode gre multipoint
 tunnel key 100000
 tunnel protection ipsec profile vpnprof
!

INE virtual rack tokens for sale - 1500!

$
0
0

Hi,

 

i have 1496 INE rack tokens that i need no longer.

 

If anyone is interested (all of them or just some) please let me know and we´d arrange a price.

Test environment ?

$
0
0

I have question about test environment:

a. Is there puttyConnection manager ?

b. Is the PC running Win7 or Win XP ?

    Prefer Win7 since it has "highlight" feature which will compansate lack of puttyConnection Manager.

c. Do we get few regular papers or 1 whiteboard paper ?

Andi

Viewing all 10744 articles
Browse latest View live