Hi Experts,

I wanted to know what are Pre-configurations that can be used for each ATC VIdeos technolgies, As an example, for OSPF ATC Video, Brian mentioned that Pre-configuration is "Standard Based IP". Can we go with the same for other Routing protocol and Layer two like Spanning-tree.

Currently, I am watching Crypto IPSEC VPN Tunnel ATC Videos. I wanted to follow up with Brian in every step. I am not sure what pre-configuration I should use. as an example, in troubleshooting part of IPSEC_VPN Tunnel, some configurations were removed on purpose for troubleshooting purposes but I dont know how I could get to the same environment to follow up with ATC Video for each Video.

Thank you for your help in advance.

Best Regards

Dear Friends

i am nancy from Austrlia

my ccie sp will be expired in july 2016

to recertified, i need to pass any ccie track written exam but i prefer ccie rns written exam

but most of the technology i dont know like ip multicast, qos,  ipv6 etc etc

also i forgot theory of sp track

so what should i do ? 

I should concertrate on theory first or to save certification, i should pass written exam by any mean ?

Please suggest

Hello all,

Please help !

On CCIE R&S v5 Full-Scale Lab 2 Task 3.3 ; MPLS VPNv4 Routing

I configured routers.

But I can not see multi paths that is following on router R5.

10.255.255.7/32

10.255.255.8/32

10.255.255.22/32

172.31.17.0/24

172.31.28.0/24

172.31.78.0/24

172.31.227.0/24

172.31.228.0/24

In solution,  R5 must have multi-path for these NLRIs.

But I think that R4 (Route Reflector) does not advertise non best routes to R5.

What do I need to configure?

Must R5 have multi-path routes, really?

Hello folks,

We have a request from one of our customers and needed some guidance on it.

They want to translate SIP response 503 message to 404 if it contains ISDN release cause.

They are also looking to translate all 503 messages to 404 if it’s not possible isolate those.

I am aware that we can use voice class sip profile, but that can only translate headers.

Is it possible to do this translation on cube? They are using 2951 with 15.3.3M5.

Hi

i have some points regarding this task needs some clarifcation for , 

Both R1 and R2 performing (ZPFirwalling + Nat + WCCP) ,what is the order of operation for all of these ?

why http traffic that will get redirected out g0/1.24 on R1 don't cause a state entry for the session ? as all tcp traffic are being inspected ?

as in the solution pass action is applied for the return traffic !!

also for the nat i see that the redirected traffic don't subjected for translation at all ! i dont understand this behavior and the documenation is not clear about that .

thanks in advance

Hi Guys,

I am new to INE and I am currently studying for my CCNP R&S.  I have been looking at all the courses for the CCNP and I am a bit confused about which course(s) to watch.

Has anyone a study plan?  I liked the version Mark Snow produced a couple of years ago for CCNA to CCIE Voice (http://blog.ine.com/2013/01/16/18-month-plan-released-for-ccna-to-ccie/),  Is there a version for CCNP R&S?

Thanks for your help,

Paul

hi everyone

what`s the diiference between these two words :-

technology (technique ) and service ?

thanks 

Guys i need littel help in setting up DMVPN with PKI as of now my DMVPN is running with pre-shared key we have 2 ASR and what i am looking at is Subordinate CA server , primary HUB (root CA) config i am getting reference from various sites but where i am getting confused at is Subordinate CA can anyone please walk me through this ?

I have two AED  (7K-A, 7K-B) on same site  and one AED on remote site (DC2-N7K-C) and extend vlan 700,701.

Connection is up to both of them, but i wondering why only 1 vlan active on each local site (vlan 701 active on 7K-A, 700 active on 7K-B).

Is this how suppose to work or i miss something here ?

7K-B(config)# show otv adjacency

Overlay-Interface Overlay0  :

Hostname                         System-ID      Dest Addr       Up Time   State

7K-A                             64a0.e73e.77c1 10.4.1.17       00:12:19  UP

DC2-N7K-C                        64a0.e73e.e841 10.4.1.22       00:12:19  UP

7K-B(config)# show  otv vlan

OTV Extended VLANs and Edge Device State Information (* - AED)

Legend:

(NA) - Non AED, (VD) - Vlan Disabled, (OD) - Overlay Down

(DH) - Delete Holddown, (HW) - HW: State Down

VLAN   Auth. Edge Device                     Vlan State       Overlay

----   -----------------------------------   ----------       -------

700*  7K-B                                  active             Overlay0

701   7K-A                             inactive(NA)            Overlay0

7K-A# sh otv vlan

OTV Extended VLANs and Edge Device State Information (* - AED)

Legend:

(NA) - Non AED, (VD) - Vlan Disabled, (OD) - Overlay Down

(DH) - Delete Holddown, (HW) - HW: State Down

VLAN   Auth. Edge Device                     Vlan State       Overlay

----   -----------------------------------   ----------       -------

700   7K-B                             inactive(NA)            Overlay0

701*  7K-A                             active                  Overlay0

Hello All,

Just want to know if i can renew my CCNP and CCNA certification after it has expired by going for the CCIE R&S written exam and passing

My certs will be expiring in June and just trying to weigh my options.

Thank You!

Hi, I'm having trouble getting F-Port trunking to work with NPV and FCoE for multiple VSANs and hoping someone can shed some light.  My topology is very straightforward, I have N5K1 set up as an fcoe switch with npiv enabled, my second switch is N5K2 with fcoe-npv enabled.  Int e1/1 is my link.  Now, when I setup my interfaces (ethernet and vfc), I have absolutely no problem with a single VSAN (VSAN10).  Below are the salient pieces of code and the output (you will note I have provisioned vlans 20 and 30 also and respective vsan config, but not yet using them):

N5K1:

feature fcoe
feature npiv

vlan 10
  fcoe vsan 10
vlan 20
  fcoe vsan 20
vlan 30
  fcoe vsan 30
vsan database
  vsan 10 name "fcoe-vsan10"
  vsan 20 name "fcoe-vsan20"
  vsan 30 name "fcoe-vsan30"

interface Ethernet1/1
  switchport mode trunk
  switchport trunk allowed vlan 10,20,30
  spanning-tree port type edge trunk

interface vfc1
  bind interface ethernet 1/1
  switchport mode f
  switchport trunk allowed vsan 10
  no shutdown

N5K2:

feature fcoe-npv
feature lacp
feature lldp

vlan 10
  fcoe vsan 10
vlan 20
  fcoe vsan 20
vlan 30
  fcoe vsan 30
vsan database
  vsan 10 name "fcoe-vsan10"
  vsan 20 name "fcoe-vsan20"
  vsan 30 name "fcoe-vsan30"

interface Ethernet1/9
  switchport mode trunk
  switchport trunk allowed vlan 10,20,30
  spanning-tree port type edge trunk

interface vfc1
  bind interface ethernet 1/1
  switchport mode NP
  switchport trunk allowed vsan 10
  no shutdown

N5K1 Outputs:

N5K1(config-if)# sh int vfc1
vfc1 is trunking
    Bound interface is ethernet 1/1
    Hardware is Ethernet
    Port WWN is 20:00:54:7f:ee:3c:85:ff
    Admin port mode is F, trunk mode is on
    snmp link state traps are enabled
    Port mode isTF
    Port vsan is 1
    Trunk vsans (admin allowed and active) (10)
    Trunk vsans (up)                       (10)
    Trunk vsans (isolated)                 ()
    Trunk vsans (initializing)             ()
    1 minute input rate 0 bits/sec, 0 bytes/sec, 0 frames/sec
    1 minute output rate 0 bits/sec, 0 bytes/sec, 0 frames/sec
      603 frames input, 68788 bytes
        0 discards, 0 errors
      701 frames output, 96936 bytes
        0 discards, 0 errors
    last clearing of "show interface" counters never
    Interface last changed at Mon Aug 12 09:07:02 2013


N5K1(config-if)# sh vsan 10
vsan 10 information
         name:fcoe-vsan10  state:active
         interoperability mode:default
         loadbalancing:src-id/dst-id/oxid
         operational state:up

N5K2 Outputs:

N5K2(config)# sh int vfc1
vfc1 is trunking
    Bound interface is ethernet 1/1
    Hardware is Ethernet
    Port WWN is 20:00:54:7f:ee:21:3f:ff
    Admin port mode is NP, trunk mode is on
    snmp link state traps are enabled
    Port mode is TNP
    Port vsan is 1
    Trunk vsans (admin allowed and active) (10)
    Trunk vsans (up)                       (10)
    Trunk vsans (isolated)                 ()
    Trunk vsans (initializing)             ()
    1 minute input rate 0 bits/sec, 0 bytes/sec, 0 frames/sec
    1 minute output rate 0 bits/sec, 0 bytes/sec, 0 frames/sec
      164 frames input, 26088 bytes
        0 discards, 0 errors
      92 frames output, 13160 bytes
        0 discards, 0 errors
    last clearing of "show interface" counters never
    Interface last changed at Mon Aug 12 09:17:33 2013


N5K2(config)# sh vsan 10
vsan 10 information
         name:fcoe-vsan10  state:active
         interoperability mode:default
         loadbalancing:src-id/dst-id/oxid
         operational state:up

Okay, so we're good for VSAN 10.

Now, when I add VSANs 20 and 30 to each of the VFC interfaces on N5K1 and N5K2, such that my config now looks like this:

interface vfc1
  bind interface ethernet 1/1
  switchport trunk allowed vsan 10
  switchport trunk allowed vsan add 20
  switchport trunk allowed vsan add 30
  no shutdown

I get the following (on both switches):

N5K1(config)# sh int vfc1
vfc1 is trunking
    Bound interface is ethernet 1/1
    Hardware is Ethernet
    Port WWN is 20:00:54:7f:ee:3c:85:ff
    Admin port mode is F, trunk mode is on
    snmp link state traps are enabled
    Port mode is TF
    Port vsan is 10
    Trunk vsans (admin allowed and active) (10,20,30)
    Trunk vsans (up)                       (30)
    Trunk vsans (isolated)                 ()
    Trunk vsans (initializing)             (10,20)
    1 minute input rate 0 bits/sec, 0 bytes/sec, 0 frames/sec
    1 minute output rate 0 bits/sec, 0 bytes/sec, 0 frames/sec
      625 frames input, 71556 bytes
        0 discards, 0 errors
      743 frames output, 104668 bytes
        0 discards, 0 errors
    last clearing of "show interface" counters never
    Interface last changed at Mon Aug 12 09:17:21 2013


N5K-p3-1(config)# sh vsan 10
vsan 10 information
         name:fcoe-vsan10  state:active
         interoperability mode:default
         loadbalancing:src-id/dst-id/oxid
         operational state:down

N5K-p3-1(config)# sh vsan 20
vsan 20 information
         name:fcoe-vsan20  state:active
         interoperability mode:default
         loadbalancing:src-id/dst-id/oxid
         operational state:down

N5K-p3-1(config)# sh vsan 30
vsan 30 information
         name:fcoe-vsan30  state:active
         interoperability mode:default
         loadbalancing:src-id/dst-id/oxid
         operational state:up

I can't get all VSANs in the UP state, and for some reason, VSAN 30 has gone into 'UP' but VSAN 10 (which was previously UP) is now 'DOWN' and VSANs 10 and 20 just say 'initialising'.

I don't think it's something I have misconfigured, more that perhaps I'm missing something?  Either that, or F-Port trunking (TF) is different to what I'm thinking, and that only a single VSAN can go between the switches?

Probably me and something very simple :-)

Thanks

Dominic

I'm building a CCIE R&S v5 Lab with physical equipment. i need some help to choose the best one:

1) http://www.ebay.com/itm/Cisco-CCIE-R-S-INE-Internetwork-Home-LAB-v5-0-KIT-FREE-SHIPPING/251350811150?_trksid=p2047675.c100010.m2109&_trkparms=aid%3D555012%26algo%3DPW.MBE%26ao%3D2%26asc%3D33876%26meid%3D805e67b025b2475695e8a1b7c7ed4985%26pid%3D100010%26rk%3D7%26rkt%3D24%26sd%3D251081234425

2) http://www.ebay.com/itm/Cisco-CCNP-CCIE-R-S-INE-Internetwork-Home-LAB-KIT-Version-5-0-/261751464267?hash=item3cf19a614b:g:JswAAOSwzOxUXTZ5

3) http://www.ebay.com/itm/Cisco-CCNP-CCIE-R-S-INE-Internetwork-Home-LAB-v5-0-KIT-/251081234425?hash=item3a759b97f9:g:PHcAAOSwPhdVLWBW

I do not understand what this error message means.

ent1-dc1(config-if)#standby 1 ipv6 2001:201:15:3e8::/64 
%GigabitEthernet0/4: Warning: 2001:201:15:3E8::/64 is a Subnet Router Anycast

The IOS config guide says to use `# standby 1 ipv6 autoconfig`, which does it actually mean?

What's the advantage of using FE80::1 as HSRP ipv6 address?

IOS does allow me to use `standby ipv6 autoconfig` on one router and `standby ipv6 $global_unique_prefix` on another? Does it cause outage upon failover?

Hi

In the summary-address command, can anyone explain to me what essentially the difference is with these in a NSSA?  To me, in a NSSA, they essentially do they same thing, do they not?  What would warrant the use of one over the other?

Hi

I have an issue on FC/SAN network:

My topology is this one:

initiator -------- nexus-5672 ----------- nexus-7010 ------- nexus-5672 -------- brocade switch ------ target

- I have a target connected to a FC switch.

- I have a initiator connected to a FCOE network, in other words, on a simple nexus-5672 Ethernet switch.

All indicators are good:

Initiator is connected on a F port

FCOE configuration is declared on nexus 5672 switch

* I have a simple VSAN mapped on a simple VLAN configured all along this path

* I have a VFC configured on nexus-5672

No zoning, no zonesets exist on any points

All messages are going well from initiator to targets, FLOGI sequences succed, but PLOGI exchange failed.

Do anybody here know a possible reason for this ?

Regards

Hello All,

Does anyone have any thoughts on why someone might choose to use EIGRP OTP over DMVPN? I'm drawing a blank and the only things I can come up with are that OTP config might be simpler and that maybe GETVPN is preferred for encryption over encrypted GRE.

Hi,

the first thing I did in this ticket is an mtrace on R17 towards the Loopback of R15. As expected I got a "no route" output for this because the prefered route is towards R16. However, there is no PIM running on this interface. As a consequence, I increased the OSPF cost on the interface g1.1617 to change the IGP route towards R18.

Later I was a bit surprised that this was not part of the sample solution so I labbed it up again and tried without increasing the OSPF cost on the g1.1617 link. Surprisingly, it still worked even though the output didn't make a lot of sense to me. The (S,G) tree will be built over the link where no PIM is running if this is the prefered route to reach R15's loopback. The "show ip mroute" output stated that the incoming interface was "Unknown" or something similar.

How is it that there is no RPF Check Failure on R17 when we receive the multicast packet sourced from R15's loopback interface from R18? This is a mistery to me.

Florian

Overview:

The Network Security Engineer (NSE) is responsible for managing and maintaining network security systems. The NSE will utilize an advanced expertise in network security to provide daily support for multiple clients. 

Primary Responsibilities:

• Maintain network security systems including firewalls, VPN, ISE, and IDS/IPS solutions, with a focus on Cisco ASAs and associated FirePOWER services
• Troubleshooting client network security incidents
• Moves, Adds, Changes, and Deletions for client security requests
• Maintain documentation applicable to network security systems, processes and procedures
• Monitor networking equipment and the health of the network
• Review and interpretation of security logs
• Assist with ongoing compliance and development of security policies and procedures

Qualifications:

• Minimum of 2 years work experience with Cisco security solutions
• Working knowledge of Cisco ISE
• Working knowledge of Cisco FirePower services and related offerings
• Detailed understanding of the TCP/IP protocols
• Experience in security maintenance of network and security devices in a large enterprise environment (routers, switches, firewalls, intrusion detection/prevention systems)
• A strong understanding of best network security practices at all layers of the OSI Model
• Advanced knowledge of Cisco firewall and information security principles and practices

• Excellent oral and written communication skills; ability to interact with internal and external stakeholders.
• Must demonstrate strong analytical, reasoning and problem solving skills.
• Ability to set priorities and adapt to changes in a quick, professional manner.
• Ability to use discretion when handling confidential information.
• Ability to effectively perform in a team environment
• Excellent communications skills

Certifications:

Required: Cisco Certified Network Associate (CCNA) – Security

Required: Cisco Certified Network Professional (CCNP)

Preferred: Cisco Certified Internetwork Expert (CCIE) – Security

Hi

I have just donw one of the R&S v5 labs in the IP Routing section which asks for you to add a static route between R4 and R5 to each others loopbacks via their vlan 45 LAN, then, make a static route again to the loopback /16 so 150.1.0.0/16, via the DMVPN network.

I didnt get it spot on, but one of the things I dont get, it why the answer is to route to the /32's with a next hop interface rather than a next hop IP. The proviso of the task is that the LAN route is favoured over the DMVPN route unless it becomes unreachable.

See below.... 

• Configure R4 and R5 with IPv4 static routes to each other’s Loopback0 prefixes via the Ethernet segment between them.
• Configure R4 and R5 with IPv4 static routes for 150.1.0.0/16 prefix via the DMVPN cloud.
• Ensure that traffic between R4's and R5’s Loopback0 prefixes is primarily routed over the Ethernet segment, and DMVPN cloud is used only if Ethernet link is DOWN.

If want to capture netflow traffic between Clients inside a vlan, and clients to outside wolrd via gateway (svi on that vlan).

.

Is this the right way to do it ?

1. Between clients inside vlan :

     vlan configuration X

            ip flow monitor MONITOR input

            ip flow monitor MONITOR output

2. clients to outside world via gateway (svi on that vlan)

    interface vlan X

            ip flow monitor MONITOR input

            ip flow monitor MONITOR output

Note:

This's assuming flow recorder, flow exporter and flow monitor has been set up.