+ Reply to Thread
Page 2 of 4 First 12 34 Last
Results 26 to 50 of 89

Thread: CCNP Madness

  1. Senior Member tomtom1's Avatar
    Join Date
    Feb 2014
    Posts
    374

    Certifications
    JNCIP,SP, JNCIS-SP, CCNP, VCAP5-DCA, VCP5, MCITP 2008 SA, CCNA
    #26
    Quote Originally Posted by fredrikjj View Post
    However, you are also injecting a default into BGP with the network command, and that should work since you have the static default to null0. So basically you just have a redundant line of config that you could delete.
    My thoughts exactly.

    Quote Originally Posted by fredrikjj View Post
    You shouldn't need a default route in that topology if you advertise the f0/0 networks into BGP and then redistribute these into OSPF on R3. However, looking at the diagram (which is hard, it's kind of small), a potential problem is that when you redistribute BGP into OSPF on R3, the LAN interface of R3 isn't redistributed because it will appear as directly connected in the routing table, not as BGP. Pinging between R3 and R4 will therefore be broken without the default route. If this in fact is the problem you could redistribute connected into OSPF, or just active OSPF on that interface.
    But judging by the configuration (unless I'm missing something) he has the default route, so it should work.
    Reply With Quote Quote  

  2. SS -->
  3. Roaming teh Bytes OfWolfAndMan's Avatar
    Join Date
    Oct 2013
    Location
    Grandma's basement
    Posts
    893

    Certifications
    A/L/P/S+, CCNP R&S, CCDA, CCDP, CCNA R&S/Sec, ACIS ERS 8K & VSP 9K, BS: IT Security
    #27
    OK yes I'll take the line of config out as I see what you're saying. My thing was about the default route to null0 though. From R3, I couldn't ping R1's 150.x.x.x LAN unless I added in that default route to null0. Since the null0 route is supposed to be a catch all route, why is it that I can't ping the 150.x.x.x network from R3 without the null0 default route? The network was advertised via OSPF and I redistributed the ospf routes. Maybe I should have specified metric in the redistribution of OSPF into BGP?
    Reading: Lab Books, Ansible Documentation Goals: Bash Shell/Python Automation Refinement [], CCIE R&S Written [X], AWS Certified Solutions Architect Associate (Maybe) [] CCIE R&S Counter: Somewhere between zero and infinity
    Reply With Quote Quote  

  4. Senior Member tomtom1's Avatar
    Join Date
    Feb 2014
    Posts
    374

    Certifications
    JNCIP,SP, JNCIS-SP, CCNP, VCAP5-DCA, VCP5, MCITP 2008 SA, CCNA
    #28
    According to this Cisco document, you shouldn't need any additional metrics as the origin BGP attribute will be a ?.
    Understanding Redistribution of OSPF Routes into BGP - Cisco

    Is the 150.3.3.0/24 subnet an OSPF E2 route? Since you're only redistributing those into BGP AS 333?
    Reply With Quote Quote  

  5. Senior Member
    Join Date
    Sep 2013
    Location
    Sweden
    Posts
    862

    Certifications
    CCNP
    #29
    Quote Originally Posted by OfWolfAndMan View Post
    OK yes I'll take the line of config out as I see what you're saying. My thing was about the default route to null0 though. From R3, I couldn't ping R1's 150.x.x.x LAN unless I added in that default route to null0. Since the null0 route is supposed to be a catch all route, why is it that I can't ping the 150.x.x.x network from R3 without the null0 default route? The network was advertised via OSPF and I redistributed the ospf routes. Maybe I should have specified metric in the redistribution of OSPF into BGP?
    It's likely that the issue is with the return path in that case. As you point out, adding a default route to null0 shouldn't affect reachability from R3's perspective. However, when you add that null0 default, BGP advertises a default. That default route could make it possible for other routers to reach R3 without having a specific route to 150.3.3.0/24. These are just educated guesses from my side though without really knowing what's going on.
    Last edited by fredrikjj; 06-16-2014 at 06:36 PM.
    Reply With Quote Quote  

  6. Roaming teh Bytes OfWolfAndMan's Avatar
    Join Date
    Oct 2013
    Location
    Grandma's basement
    Posts
    893

    Certifications
    A/L/P/S+, CCNP R&S, CCDA, CCDP, CCNA R&S/Sec, ACIS ERS 8K & VSP 9K, BS: IT Security
    #30
    Here's a more detailed config:

    R1: #interface lo0
    ip add 1.1.1.1 255.255.255.255
    !
    int lo1
    ip add 190.1.1.1 255.255.255.0
    !
    int f0/0
    ip add 150.1.1.1 255.255.255.0
    !
    int S1/0
    ip add 10.0.0.1 255.255.255.252
    !
    int S1/1
    ip add 10.0.0.5 255.255.255.252
    !
    router bgp 111
    bgp router-id 1.1.1.1
    network 150.1.1.0 mask 255.255.255.0
    network 190.1.1.0 mask 255.255.255.0
    neighbor 3.3.3.3 remote-as 333
    neighbor 3.3.3.3 ebgp-multihop 2
    neighbor 3.3.3.3 update-source lo0
    neighbor 10.0.0.2 remote-as 222
    !
    ip route 3.3.3.3 255.255.255.255 S1/1

    R2: #int lo0
    ip add 2.2.2.2 255.255.255.255
    !
    int lo1
    ip add 190.2.2.2 255.255.255.0
    !
    int f0/0
    ip add 150.2.2.2 255.255.255.0
    !
    int s1/0
    ip add 10.0.0.2 255.255.255.252
    clock rate 64000
    !
    int s1/1
    ip add 10.0.0.9 255.255.255.252
    !
    router bgp 222
    bgp router-id 2.2.2.2
    network 150.2.2.0 mask 255.255.255.0
    network 190.2.2.0 mask 255.255.255.0
    neighbor 3.3.3.3 remote-as 333
    neighbor 3.3.3.3 ebgp-multihop 2
    neighbor 3.3.3.3 update-source lo0
    neighbor 10.0.0.1 remote-as 111
    !
    ip route 3.3.3.3 255.255.255.255 S1/1

    R4: #int lo0
    ip add 4.4.4.4 255.255.255.255
    !
    int f0/0
    ip add 150.4.4.4 255.255.255.0
    !
    int s0/0
    ip add 10.0.0.14 255.255.255.252
    !
    router ospf 1
    router-id 4.4.4.4
    network 10.0.0.14 0.0.0.0 area 0
    network 4.4.4.4 0.0.0.0 area 0
    redistribute connected subnets
    Reading: Lab Books, Ansible Documentation Goals: Bash Shell/Python Automation Refinement [], CCIE R&S Written [X], AWS Certified Solutions Architect Associate (Maybe) [] CCIE R&S Counter: Somewhere between zero and infinity
    Reply With Quote Quote  

  7. Roaming teh Bytes OfWolfAndMan's Avatar
    Join Date
    Oct 2013
    Location
    Grandma's basement
    Posts
    893

    Certifications
    A/L/P/S+, CCNP R&S, CCDA, CCDP, CCNA R&S/Sec, ACIS ERS 8K & VSP 9K, BS: IT Security
    #31
    So did the same lab today, and as I said before, the null0 static route is so magical! Anyway, finished up all IPv6 content, and got to configure a static IPv6 tunnel! It was quite exciting, I'm not gonna lie. I want to setup a GRE tunnel for the remote connectivity chapter already! IPv6 routing is MUCH simpler than IPv4 dynamic routing IMO (No more increased BGP complexity with the exception of the word activate after manual neighbor commands). Did some OSPF IPv6 setup. Took like 5 minutes. This weekend will entail LOTS of labbing with route maps, PBR, etc. I gotta say: Route tags will make life A LOT easier in a commercial network.
    Reading: Lab Books, Ansible Documentation Goals: Bash Shell/Python Automation Refinement [], CCIE R&S Written [X], AWS Certified Solutions Architect Associate (Maybe) [] CCIE R&S Counter: Somewhere between zero and infinity
    Reply With Quote Quote  

  8. Senior Member tomtom1's Avatar
    Join Date
    Feb 2014
    Posts
    374

    Certifications
    JNCIP,SP, JNCIS-SP, CCNP, VCAP5-DCA, VCP5, MCITP 2008 SA, CCNA
    #32
    Quote Originally Posted by OfWolfAndMan View Post
    I gotta say: Route tags will make life A LOT easier in a commercial network.
    It's nice when things you study have a direct use in production networks eh

    As for the PBR part, and the exam, small tip, just remember that the ip policy command is always placed on the interface that is receiving the source traffic. Also make sure the debug command (debug ip policy access-list) is in your memory. Might come in handy when labbing (or in production) with PBR and things aren't going your way.
    Reply With Quote Quote  

  9. Roaming teh Bytes OfWolfAndMan's Avatar
    Join Date
    Oct 2013
    Location
    Grandma's basement
    Posts
    893

    Certifications
    A/L/P/S+, CCNP R&S, CCDA, CCDP, CCNA R&S/Sec, ACIS ERS 8K & VSP 9K, BS: IT Security
    #33
    It's nice when things you study have a direct use in production networks eh
    Agreed!

    So, just checking in. Finished the Chris Bryant vids and the Simplified book. Configured a IPSec VPN and did some basic PPPoE configurations. Thankfully, I learned a lot of the VPN theory from the CCNA Security (Except for the manual configuration), so I understood the theory side of it. As for the DSL theory and cable technologies, that's old theory to me (Again, except the configs). For this coming week, I will be doing a lot of labs as I go over my notes and the material once again (OSPF and EIGRP should be easy. Gonna be mainly hitting IPv6, PBR, BGP w/ path control and IP SLA. Then I'll also go over the VPN and Tunnel configs a couple more times as they're new to me). If I feel I am where I should be, the test will be scheduled at the end of this month (Or possibly a week prior).
    Reading: Lab Books, Ansible Documentation Goals: Bash Shell/Python Automation Refinement [], CCIE R&S Written [X], AWS Certified Solutions Architect Associate (Maybe) [] CCIE R&S Counter: Somewhere between zero and infinity
    Reply With Quote Quote  

  10. Roaming teh Bytes OfWolfAndMan's Avatar
    Join Date
    Oct 2013
    Location
    Grandma's basement
    Posts
    893

    Certifications
    A/L/P/S+, CCNP R&S, CCDA, CCDP, CCNA R&S/Sec, ACIS ERS 8K & VSP 9K, BS: IT Security
    #34
    Been doing some labs from the Simplified book. 6to4 tunnels, OSPF over NBMA and advanced EIGRP. Anyone have a good page for VRF such as case studies and some additional labs? I'd like to look a little more into it
    Reading: Lab Books, Ansible Documentation Goals: Bash Shell/Python Automation Refinement [], CCIE R&S Written [X], AWS Certified Solutions Architect Associate (Maybe) [] CCIE R&S Counter: Somewhere between zero and infinity
    Reply With Quote Quote  

  11. Roaming teh Bytes OfWolfAndMan's Avatar
    Join Date
    Oct 2013
    Location
    Grandma's basement
    Posts
    893

    Certifications
    A/L/P/S+, CCNP R&S, CCDA, CCDP, CCNA R&S/Sec, ACIS ERS 8K & VSP 9K, BS: IT Security
    #35
    The last couple of days has been lots of labbing with OSPF and BGP and overview in the Simplified book of the two routing protocols. LOTS of path control in BGP i.e. AS path prepending, MED attribute usage, weight modification, route origin, etc. Lots of attribute mods. One thing I am on now though is the as-path command. I understand the concept of it, but the characters at the end of the command i.e. ^-+()* I'm having a hard time grasping where they go in the command. Is there a page that might have a good explanation on this?
    Reading: Lab Books, Ansible Documentation Goals: Bash Shell/Python Automation Refinement [], CCIE R&S Written [X], AWS Certified Solutions Architect Associate (Maybe) [] CCIE R&S Counter: Somewhere between zero and infinity
    Reply With Quote Quote  

  12. Roaming teh Bytes OfWolfAndMan's Avatar
    Join Date
    Oct 2013
    Location
    Grandma's basement
    Posts
    893

    Certifications
    A/L/P/S+, CCNP R&S, CCDA, CCDP, CCNA R&S/Sec, ACIS ERS 8K & VSP 9K, BS: IT Security
    #36
    Found this. Starting to make some more sense now. At least most of the characters:

    as-path - CCIE Blog
    Reading: Lab Books, Ansible Documentation Goals: Bash Shell/Python Automation Refinement [], CCIE R&S Written [X], AWS Certified Solutions Architect Associate (Maybe) [] CCIE R&S Counter: Somewhere between zero and infinity
    Reply With Quote Quote  

  13. Roaming teh Bytes OfWolfAndMan's Avatar
    Join Date
    Oct 2013
    Location
    Grandma's basement
    Posts
    893

    Certifications
    A/L/P/S+, CCNP R&S, CCDA, CCDP, CCNA R&S/Sec, ACIS ERS 8K & VSP 9K, BS: IT Security
    #37
    Back again. Been reviewing over OSPFv3 and BGP attribute selection. I've been doing quite a few labs including lots of BGP (Even got to learn about backdoors!), played with some more EIGRP, OSPF with LOTS of path manipulation. However, I am getting stumped on this EIGRP PBR lab, mainly because I see no packets incrementing in the route-map configuration when I do a special ping. Everyone has EIGRP neighbors, EXCEPT between R2 and R3 (Not really relevant at this point). F0/0 on R2 and R3 are advertised, but are a passive-interface in the EIGRP config. The lab wants it so any packets with a size of 0 to 500 and 1000 to 1500 bytes going to the 150.3.3.0 sourced from the 150.1.1.0 subnet are sent to the next hop of R2. All other packets take the normal path. Here is the config on R1 for the path selection:

    #ip access-list extended 101
    #permit ip 150.1.1.0 0.0.0.255 150.3.3.0 0.0.0.255
    #route-map MATCHMTU permit 10
    #match ip address 101
    #match length 0 500
    #set ip next-hop 10.0.0.2
    #route-map MATCHMTU permit 20
    #match ip address 101
    #match length 1000 1500
    #set ip next-hop 10.0.0.2
    #route-map MATCHMTU deny 30

    #interface F0/0
    #ip policy
    route-map MATCHMTU

    The problem is, whenever I ping from source F0/0 on R1 with a size of 0-500 or 1000-1500, I don't see any packets output in the route-map.
    #ping 150.3.3.3 source F0/0 size 300
    #ping 150.3.3.3 source F0/0 size 1200
    #show route-map
    route-map MATCHMTU, permit, sequence 10
    Match clauses:
    ip address (access-lists): 101
    length 0 500
    Set clauses:
    ip next-hop 10.0.0.2
    Policy routing matches: 0 packets, 0 bytes
    route-map MATCHMTU, permit, sequence 20
    Match clauses:
    ip address (access-lists): 101
    length 1000 1500
    Set clauses:
    ip next-hop 10.0.0.2
    Policy routing matches: 0 packets, 0 bytes
    route-map MATCHMTU, deny, sequence 30
    Match clauses:
    Set clauses:
    Policy routing matches: 0 packets, 0 bytes


    Am I missing something?
    EIGRP_PBR.jpg
    Reading: Lab Books, Ansible Documentation Goals: Bash Shell/Python Automation Refinement [], CCIE R&S Written [X], AWS Certified Solutions Architect Associate (Maybe) [] CCIE R&S Counter: Somewhere between zero and infinity
    Reply With Quote Quote  

  14. Senior Member
    Join Date
    Sep 2013
    Location
    Sweden
    Posts
    862

    Certifications
    CCNP
    #38
    try using the debug ip policy command on the router that performs the PBR. It should give more information on what's going on.
    Reply With Quote Quote  

  15. Roaming teh Bytes OfWolfAndMan's Avatar
    Join Date
    Oct 2013
    Location
    Grandma's basement
    Posts
    893

    Certifications
    A/L/P/S+, CCNP R&S, CCDA, CCDP, CCNA R&S/Sec, ACIS ERS 8K & VSP 9K, BS: IT Security
    #39
    Alright so I did that, and source ping from R1's f0/0 interface. Got NOTHING.

    Now, if I do a ping from R4 with the appropriate size, then it does work. I guess it doesn't really matter if the interface itself can anyway. As long as the hosts' traffic gets routed appropriately.
    Last edited by OfWolfAndMan; 07-06-2014 at 06:09 PM.
    Reading: Lab Books, Ansible Documentation Goals: Bash Shell/Python Automation Refinement [], CCIE R&S Written [X], AWS Certified Solutions Architect Associate (Maybe) [] CCIE R&S Counter: Somewhere between zero and infinity
    Reply With Quote Quote  

  16. Senior Member
    Join Date
    Sep 2013
    Location
    Sweden
    Posts
    862

    Certifications
    CCNP
    #40
    The problem that you are having is probably that locally generated traffic isn't affected by the ip policy interface command. It must be incoming from another device. If you want to PBR local traffic you need the global command that I've forgotten that exakt syntax for.
    Reply With Quote Quote  

  17. Senior Member tomtom1's Avatar
    Join Date
    Feb 2014
    Posts
    374

    Certifications
    JNCIP,SP, JNCIS-SP, CCNP, VCAP5-DCA, VCP5, MCITP 2008 SA, CCNA
    #41
    Quote Originally Posted by fredrikjj View Post
    The problem that you are having is probably that locally generated traffic isn't affected by the ip policy interface command. It must be incoming from another device. If you want to PBR local traffic you need the global command that I've forgotten that exakt syntax for.
    ip local policy, right?
    Reply With Quote Quote  

  18. Roaming teh Bytes OfWolfAndMan's Avatar
    Join Date
    Oct 2013
    Location
    Grandma's basement
    Posts
    893

    Certifications
    A/L/P/S+, CCNP R&S, CCDA, CCDP, CCNA R&S/Sec, ACIS ERS 8K & VSP 9K, BS: IT Security
    #42
    What about #ip local policy route-map MATCHMTU?

    Source: Cisco website

    Edit: TomTom you're right! I would give you more rep but looks like I already gave you some
    Last edited by OfWolfAndMan; 07-06-2014 at 06:47 PM.
    Reading: Lab Books, Ansible Documentation Goals: Bash Shell/Python Automation Refinement [], CCIE R&S Written [X], AWS Certified Solutions Architect Associate (Maybe) [] CCIE R&S Counter: Somewhere between zero and infinity
    Reply With Quote Quote  

  19. Roaming teh Bytes OfWolfAndMan's Avatar
    Join Date
    Oct 2013
    Location
    Grandma's basement
    Posts
    893

    Certifications
    A/L/P/S+, CCNP R&S, CCDA, CCDP, CCNA R&S/Sec, ACIS ERS 8K & VSP 9K, BS: IT Security
    #43
    OK I know I'm jumping ahead of myself, but this request is more so for work as we recently implemented QoS and multicast configs. Is there a good video course I could check out in the future that may make it easier to understand for not only my real world benefit, but also for when I do SWITCH?
    Reading: Lab Books, Ansible Documentation Goals: Bash Shell/Python Automation Refinement [], CCIE R&S Written [X], AWS Certified Solutions Architect Associate (Maybe) [] CCIE R&S Counter: Somewhere between zero and infinity
    Reply With Quote Quote  

  20. Roaming teh Bytes OfWolfAndMan's Avatar
    Join Date
    Oct 2013
    Location
    Grandma's basement
    Posts
    893

    Certifications
    A/L/P/S+, CCNP R&S, CCDA, CCDP, CCNA R&S/Sec, ACIS ERS 8K & VSP 9K, BS: IT Security
    #44
    Also another question: In the SWITCH material, they seem to mention dynamic vlan configuration and VMPS. As VMPS is not used and Mac Authentication Bypass seems to be the modern thing, why even mention it?
    Reading: Lab Books, Ansible Documentation Goals: Bash Shell/Python Automation Refinement [], CCIE R&S Written [X], AWS Certified Solutions Architect Associate (Maybe) [] CCIE R&S Counter: Somewhere between zero and infinity
    Reply With Quote Quote  

  21. Roaming teh Bytes OfWolfAndMan's Avatar
    Join Date
    Oct 2013
    Location
    Grandma's basement
    Posts
    893

    Certifications
    A/L/P/S+, CCNP R&S, CCDA, CCDP, CCNA R&S/Sec, ACIS ERS 8K & VSP 9K, BS: IT Security
    #45
    Been reviewing over both the book and the Chris Bryant videos while labbing like crazy. Will be scheduling my test for the end of the month next week hopefully. Was supposed to do it last week but customer support was a little confused on my intentions, as my Pearson Vue account is not working, and I told them I wanted to schedule over the phone, but they insisted on trying to fix my account again, and still with no success. Anyway, will be over-viewing branch technologies today as I believe this is one area I could use some more practice. Anyone who insists, please feel free to start quizzing me, particularly those that have already taken the test.
    Reading: Lab Books, Ansible Documentation Goals: Bash Shell/Python Automation Refinement [], CCIE R&S Written [X], AWS Certified Solutions Architect Associate (Maybe) [] CCIE R&S Counter: Somewhere between zero and infinity
    Reply With Quote Quote  

  22. Senior Member tomtom1's Avatar
    Join Date
    Feb 2014
    Posts
    374

    Certifications
    JNCIP,SP, JNCIS-SP, CCNP, VCAP5-DCA, VCP5, MCITP 2008 SA, CCNA
    #46
    I could write up some practice questions for the ROUTE material if you're up? Would be a nice refresher for my TSHOOT which combines SWITCH and ROUTE (need to clear SWITCH) first though.
    Reply With Quote Quote  

  23. Roaming teh Bytes OfWolfAndMan's Avatar
    Join Date
    Oct 2013
    Location
    Grandma's basement
    Posts
    893

    Certifications
    A/L/P/S+, CCNP R&S, CCDA, CCDP, CCNA R&S/Sec, ACIS ERS 8K & VSP 9K, BS: IT Security
    #47
    Absolutely! Currently configuring a gre over ipsec tunnel. Making it even more difficult by using NAT on both sides of the tunnel, routing it over a public IP medium. I expect it to help me understand VPN tunneling a little more by getting some hands on. I am also currently working on configuring my home router as a VPN server for OpenVPN so I can remotely work on my home switch lab from anywhere. I believe this task will help me do that.
    Reading: Lab Books, Ansible Documentation Goals: Bash Shell/Python Automation Refinement [], CCIE R&S Written [X], AWS Certified Solutions Architect Associate (Maybe) [] CCIE R&S Counter: Somewhere between zero and infinity
    Reply With Quote Quote  

  24. Roaming teh Bytes OfWolfAndMan's Avatar
    Join Date
    Oct 2013
    Location
    Grandma's basement
    Posts
    893

    Certifications
    A/L/P/S+, CCNP R&S, CCDA, CCDP, CCNA R&S/Sec, ACIS ERS 8K & VSP 9K, BS: IT Security
    #48
    Scheduled the exam for the 30th! Time to touch up on BGP communities, PBR, and a little more VPN labbing, then overviewing everything once more, followed by some more labs!
    Reading: Lab Books, Ansible Documentation Goals: Bash Shell/Python Automation Refinement [], CCIE R&S Written [X], AWS Certified Solutions Architect Associate (Maybe) [] CCIE R&S Counter: Somewhere between zero and infinity
    Reply With Quote Quote  

  25. Roaming teh Bytes OfWolfAndMan's Avatar
    Join Date
    Oct 2013
    Location
    Grandma's basement
    Posts
    893

    Certifications
    A/L/P/S+, CCNP R&S, CCDA, CCDP, CCNA R&S/Sec, ACIS ERS 8K & VSP 9K, BS: IT Security
    #49
    Test is on Wednesday guys! Will be doing a good amount of final overview this weekend. Labbing as well and will be writing notes AGAIN for ultimate retainability. I feel confident in just about everything except maybe BGP communities. Feel free to quiz me!
    Reading: Lab Books, Ansible Documentation Goals: Bash Shell/Python Automation Refinement [], CCIE R&S Written [X], AWS Certified Solutions Architect Associate (Maybe) [] CCIE R&S Counter: Somewhere between zero and infinity
    Reply With Quote Quote  

  26. Roaming teh Bytes OfWolfAndMan's Avatar
    Join Date
    Oct 2013
    Location
    Grandma's basement
    Posts
    893

    Certifications
    A/L/P/S+, CCNP R&S, CCDA, CCDP, CCNA R&S/Sec, ACIS ERS 8K & VSP 9K, BS: IT Security
    #50
    Test tomorrow guys! Doing some last minute overview tonight. I feel confident on all topics, and yes, I memorized the EIGRP default metric and BGP path selection attributes
    Reading: Lab Books, Ansible Documentation Goals: Bash Shell/Python Automation Refinement [], CCIE R&S Written [X], AWS Certified Solutions Architect Associate (Maybe) [] CCIE R&S Counter: Somewhere between zero and infinity
    Reply With Quote Quote  

+ Reply to Thread
Page 2 of 4 First 12 34 Last

Social Networking & Bookmarks