Quantcast
Channel: IEOC - INE's Online Community
Viewing all 10744 articles
Browse latest View live

GETVPN with certificates

April 4, 2016, 7:59 am
$
0
0

Hi. I have this topology:

 

first KS: router 9

2nd KS: router 4

root CA: router 8

GMs: routers 1,2,3

 

I have configured R8 as root CA and created trustpoints on all of the other router and authenticate and enroll to that root CA; so I can see the relative certificates on the routers issued by R8. on R9 (my first KS) I have created an RSA key named "R9KEY" for this purpose. 

during the GETVPN configuration phase, I've create another RSA key named "R9KEYEXP" on R9 for GETVPN signing purpose and use this key with the "rekey authentication mypubkey rsa R9KEYEXP" command. the problem is no any GM has been registered on the K9 and I repeatedly get this message on the R9: (R9TRUST is the name of the trustpoint that was created for initial registration of the GMs to the KS server).

 

Apr  4 17:50:46.634: %PKI-4-CRLINSERTFAIL: Trustpoint "R9TRUST" unknown (error 1804:E_VALIDITY : validity period start later than end)

Apr  4 17:50:46.635: %PKI-3-CERTIFICATE_INVALID: Certificate chain validation has failed.

Apr  4 17:50:46.650: %CRYPTO-5-IKMP_INVAL_CERT: Certificate received from 100.1.19.1 is bad: certificate invalid

Search

Data Centre starting point

October 27, 2013, 7:41 am
$
0
0

Hi Brian,

 

Could you please clarify that in which order we can start watching your videos to save max time and achieve more. I have gone through the blog and most of the new comers have the same issue. Can you or Mark have a look into it.

Thnaks

 

Show ip bgp...filter question

April 5, 2016, 2:17 am
$
0
0

Hi all,

As you know, when soft-reconfig-inbound is configured, show ip bgp will also show all "received-only" prefixes.

Is there a way to display the BGP table for a prefix, without those "received-only" paths?

Was not able to discover a way from CLI help.

BGP Bestpath (Basic BGP Routing) - No AS 254?

April 5, 2016, 6:33 pm
$
0
0

I just wanted to post what seems to be an easy solution, but took me a long time to find :-)

If you are doing the BGP Bestpath Lab and notice that no BGP route actually originates in AS 254 (which would be required to complete the lab), check to ensure the switches have actually defined VLAN 210.  I went down a deep rabbit hole troubleshooting the VRF portion of the configuration between R10 and R2, only to realize the switches didn't have VLAN 210.  As soon as I created it, the lab was solvable.

Hope this helps somebody save some time!

--Andrew

How enable console access for VDC ?

April 6, 2016, 7:57 am
$
0
0

I created 3 VDC on Nexus 7K (7K2,7K3,7K4) . I can switchto vdc from main vdc but it's a pain back and forward. 

If i want to set up direct console access to it, how to do that ?

      - 2002 = 7K2

      - 2003=  7K3

      - 2004= 7K4

 

logging cache on CML ?

April 6, 2016, 10:29 pm
$
0
0

I can run this command fine on real 7K router but cannot get it working on CML. Is there anything i need to enable first ?

N7K(config)# show logging ip access-list cache 

Service not enabled

 

First Lab Attempt for CCIE

April 7, 2016, 7:47 pm
$
0
0

Hi IEOC,

I just wanted to share my experience with the CCIE v5 R/S in San Jose.  I had my first [CCIE Lab ever] attempt in San Jose, and I PASSED!  Everything but the overall cut score...doh!  I had my First Attempt In Learning (FAIL), but it's all good, and here's why. The lunch was good!  Haha, just kidding.  But seriously,

Thanks to INE, and the great instructors like Brain M and Keith Bogart, NOTHING on that test was foreign to me.  I am such a stronger engineer for all the time I put in and the countless hours of studying, labbing, reading, studying, labbing, reading......  

I would say the four things that got me were:

1.  Not looking at the TS Topology thourghouly enough.  There was a certain item that I was troubleshooting for 15 minutes, and when I stepped back and looked at the TS Topology, I was like, well no duh, this is where I should be looking.  That ticket should have took me 2-5 minutes, but because I couldnt see the forest from the trees, I used up way more time then necessary.

2.  Not being used to the testing environment (where to click, how things get laid out once open, etc).

3.  I had to eat the 30 minutes of TS to solve an extra ticket, or I would have guarenteed failed that section.  Unfortunately, this cost me a few points in CONFIG that I knew I could have gotten if I just had another half an hour.

4.  I would say the last thing that got me and ate precious time was spending too much time verifying things that I "knew" would work.  Because I was so nervous on my first attempt, I wanted to make sure everything would work, even if it was repeatable.  I should have just had more confidence in that, and that would have given me more time.

Good luck to all future candidates!  I am going to try again soon, and next time I know I will pass.

Please tell me how to "break" a telnet inside putty?

December 22, 2015, 7:43 pm
$
0
0

Lets say, I login to a cisco router via console, telnet or ssh using putty, then entered "telnet 8.8.8.8". While the router is showing/doing "Trying 8.8.8.8...", what is the correct esc sequence to stop that telnet?

I tried Ctrl+Shift+6, Ctrl+Shift+6+6, Ctrl+Shift+6+x, Ctrl+Shift+6+6+x, Ctrl+C, Ctrl+C&Ctrl+C, Ctrl+C+X...

Also What if I want to break "ssh -l test 8.8.8.8" entered onto router via putty? 

Please advise.

Search

Configuration Section "Pre-Configuration" Rules and Guidelines?

April 3, 2016, 7:21 pm
$
0
0

Hi all,

Im wondering if people can help clarify something for me.  In the configuration section, I know some general things are/could be configured for us already.  These include Basic IP Addressing, interfaces, potential ACLs, etc.

My question is, unless the Exam does not say otherwise, I assume that it is okay to remove un-necessary configurations that wont "break" anything correct?  This is different than the troubleshooting portion where we are explictily denied from removing configurations/technologies.

For example, lets say my lab has 8 switches, each with a pre-existing VLAN list.  However, the tasks I get tell me to configure VLANs 1-20, which are NOT pre-configured (let's say for simplicity 50-60 are configured).

Now another task states, "Make Switch A the primary Root for all Odd Vlans, and Secondary for Even; Switch B should be primary for Even and Secondary for Odd."  

This seems to me to be a gotcha; will the grading engine look only for the VLANs that my topology care's for, or ALL vlans for this STP assignment?  Are they looking for me to remove all of the existing VLANs so that my running config/vlan list matches just the VLANs necessary for the topology at hand?

This is the most specific example I have, but I may be able to think of others too where this may come into play.

INE RS lab and Wireshark access

April 5, 2016, 3:48 am
$
0
0

Will I be able to export captures to INE Wireshark machine and access the wireshark captures when I do INE lab? If yes, can you please explain me how to do it? I tried to locate the wireshark PC option on rack control planel with no luck

Thanks

Jose

CCIE DATA CENTER Workbook Version 1 VDC

April 5, 2016, 4:40 am
$
0
0

Hi All,

I have started my studies with INE CCIE DC and hence purchased the CCIE DC Workbook. I've noticed that there are not any questions on testing us on VDC (Virtual Device Context). Please confirm if this is the case or not. 

 

Your kind replies would be much appreciated.

 

Thanks in advance.

 

CCIE DC Written

April 5, 2016, 4:56 am
$
0
0

Hi Brian,

 

Just a quick question, i am planning to take my CCIE DC written before 22 july 2016, would that written exam be enough to take the lab after 22 july 2016 or do i need to re take the written again as per blue print requirement in order to sit into the practical lab exam.

 

Thanks in advance

Redistributing Loopbacks into EIGRP

April 2, 2016, 9:57 am
$
0
0

Hi guys,

I am trying to redistribute some routes from OSPF into EIGRP. Please see the next example:



http://postimg.org/image/pc1cztm0z/

Description:
I am trying to Redistribute Loopbacks 0 and 1 from R3 and R4 (OSPF) into EIGRP. All of the other loopbacks are being filtered with a route-map before being redistribute. Notice that they are loopbacks with /24 and as I understand OSPF advertise them as /32 routes.


Issues:
1 - When looking the routing table in R2, I can see 2 routes for 10.1.4.0 and 2 more routes for 10.1.5.0. 

I am trying to understand why am I receiving these 2 extra /24 routes for these loopbacks?. Should not I receive just one /32 route for each Loopback as it is the case for the routes originated by R3?



2 - Additionally I cannot see and Type 1 LSA being generated in OSPF for those Loopbacks. I can see type 5 instead for some of the routes which makes me think it might be an issue with these loopbacks being redistributed back into OSPF.



http://postimg.org/image/ahp10i19z/14035d83/

Thanks in advance for your comments to shed some light on this.

CCIE/CCNP Cisco Roles Nationwide| The Bradsby Group

April 8, 2016, 8:23 am
$
0
0

Hi IEOC Colleagues,

My team and I recruit nationwide for Cisco Gold/Citrix Platinum/Avaya Gold partners.  We have been recruiting in Cisco for 8+ years.  I typically post new roles on my LinkedIn profile: https://www.linkedin.com/in/kelli-brush-b6164993.  I thought I would add a bi-weekly post on this board for our reference as well.  Feel free to email me with questions/feedback/resumes at kbrush@bradsbygroup.com. Keep up the hard work!

*Salary: Salary is open depending on the individual and we hash that out in covnversation.  I know ranges and can tell you what will fly for each role.  
*Travel: We work primarily with VAR's so travel is a given anywhere from 10% local to 80% regional/national.  We can discuss your preferences.  
*Benefits: All my partners offer benefits


CCIE Level Roles:

CCIE DC/RS Architect--50/50 architect and hands-on with mentoriship focus--NYC
Large Cisco Gold Partner 

Managing Consultant--CCIE Level R&S experience--regional travel--NYC/NJ
Large Cisco Gold Partner 

Pre-Sales CCIE R&S--VA/MD/D.C. area
Midsized Cisco Gold Partner/Government

Sr. Security Engineer--design/deployment and some pre-sales--Austin, TX
Large Cisco Gold Partner 

Sr. DC Consultant--Dallas, TX
Small Cisco Partner 

CCIE/CCNP Level Roles:

Wireless Engineer--design and deployment roles--NYC
Large Cisco Gold Partner  

Securuity Network Engineer--ASA/FirePOWER/IDS/IPS/ISE--St. Louis, MO/Charlotte, NC/Cincinnati, OH
Mid and small sized Cisco Partners (Gold and Silver)

Collaboration Engineer--CCVP/CCNP Collab--telepresence preferred--REMOTE with travel in NE
Midsized Cisco Partner

Other:

NOC Manager--build out Cisco NOC practice--St. Louis, MO
Cisco Gold Partner 

EMC ViPR Architect--Austin, TX

Citrix Engineer--Chicago, IL/Cincinnati, OH

Avaya Network Engineer (ERS)--contract/clearance/remote with travel (75%)

Avaya Voice Engineer (x2)--San Diego, CA

 

QoS: bandwidth remaining percent

February 4, 2009, 11:48 am
$
0
0

 

If an interface has a total bandwidth of 10,000 Kbps, by default, 2500 Kbps is reserved and 7500 Kbps can be allocated.

So if I do:

class HTTP-TRAFFIC

bandwidth remaining percent 25%

 

Does this mean 25% of 2500 Kbps OR 25% of 7500 Kbps (assume no bandwidth is reserved for any other traffic)

Thanks!

Search

CoA with ISE

April 8, 2016, 4:10 am
$
0
0

Hi,

Do anyone of you happen to know if there is a way for a client to trigger the ISE server to do a CoA when the client is already logged in to the network?

Basically letting the user of a client reconnect to whatever other part of the network at will. 

Top most recommended CCIE R&S Books

April 8, 2016, 5:16 am
$
0
0

Greetings!

I've recently (about 3 months ago) passed the CCIE R&S Written exam.

Altough I did study for that exam from a theory point of view, I also have a quite fair amount of experience with Cisco having professional certifications in R&S, SP and Design and working as a network engineer for a service provider for 4 years now but I still have the feeling that I need to read some topics from theory point of view...

Of course I have some weak points which I can be sure I do not master them like IPv6, multicast, QoS, etc. but I do not lack the basic knowlege either.

I've started doing labs and watching INE advanced technology videos for CCIE v5 but I still have the feeling that I need to do some more deeper theory reading as well.

SO - long story short - what are the most recommended books for CCIE R&S training?

Best regards!

 

IOS XR BGP

April 8, 2016, 3:16 pm
$
0
0

Hi , it isn't a complex quesiton but yet I hope you will help me I am a new IOS XR users :S I use it inside my GNS3 based on virtualbox IOS XRv v5.3 

 

when I configure a  BGP ASN and then commit it give me that error failed config

 

 

I tried multiple ASNs 

 

 

 

 router bgp 20.20

!!% The instance name is used already: asn 0.1 inst-name default

What happened to PDF version of INE Workbooks?

April 6, 2016, 9:55 am
$
0
0

I am finding that I now can't download PDF versions of my INE Workbook Bundle that I purchased. That online format is very inconvenient for offline study settings. Are the PDFs still available somehow or were they removed?

recertified CCIE

April 9, 2016, 10:15 am
$
0
0

Hello freinds,

my name is Nancy from australia

 

i need your serious suggestions

in 2014 i pass CCIE SP Certification but i dont have much deep knowledge of any technology of SP or R&S

now in July, my CCIE will get suspended therefore i need to pass any ccie written exam but i dont have much knowledge at the level of CCIE

if i do not recertified, then CCIE will get suspended

what you suggest guys, i should pass written exam using dumps and then start study or i should have knowledge of each technology and then pass written exam ?

but it wil take one or half year to complete all study.

 

please suggest

 

 

Viewing all 10744 articles
Browse latest View live
Search