tag:blogger.com,1999:blog-12005806311827308782024-03-13T10:05:26.011+08:00CISCO DreamerA blog about my life, my world, my adventures and my pursuit of IT certificationsPetehttp://www.blogger.com/profile/14603511201107810183noreply@blogger.comBlogger94125tag:blogger.com,1999:blog-1200580631182730878.post-1078018502990272762014-10-17T15:14:00.001+08:002014-10-17T15:14:49.578+08:00I am still hereI am still here but doing most of my technical articles in the Intense School Website. Please visit the link below. <br />
<a href="http://resources.intenseschool.com/author/peterson-amar/">http://resources.intenseschool.com/author/peterson-amar/</a>Petehttp://www.blogger.com/profile/14603511201107810183noreply@blogger.com0tag:blogger.com,1999:blog-1200580631182730878.post-14248705296154045352014-04-04T22:09:00.000+08:002014-04-04T22:09:03.812+08:00Intense School Article - GNS3 Lab: Introduction to MPLS Layer 3 VPN Part 2<span style="background-color: white; color: #222222; font-family: Arial, Tahoma, Verdana; font-size: 13px;"> I have written an article for Intense School. Find the link below.</span><br style="background-color: white; color: #222222; font-family: Arial, Tahoma, Verdana; font-size: 13px;" /><br style="background-color: white; color: #222222; font-family: Arial, Tahoma, Verdana; font-size: 13px;" /><a href="http://resources.intenseschool.com/gns3-lab-introduction-to-mpls-layer-3-vpn-part-2/">http://resources.intenseschool.com/gns3-lab-introduction-to-mpls-layer-3-vpn-part-2/</a><br />
<br /><span style="background-color: white; color: #222222; font-family: Arial, Tahoma, Verdana; font-size: 13px;">For great trainings and offerings from Intense School, click on the link below.</span><br style="background-color: white; color: #222222; font-family: Arial, Tahoma, Verdana; font-size: 13px;" /><br style="background-color: white; color: #222222; font-family: Arial, Tahoma, Verdana; font-size: 13px;" /><a href="http://www.intenseschool.com/boot_camp/cisco/" style="background-color: white; color: #017f8d; font-family: Arial, Tahoma, Verdana; font-size: 13px; text-decoration: none;">http://www.intenseschool.com/boot_camp/cisco/</a>Petehttp://www.blogger.com/profile/14603511201107810183noreply@blogger.com1tag:blogger.com,1999:blog-1200580631182730878.post-41686115520011848692014-01-25T21:44:00.000+08:002014-01-25T21:44:08.129+08:00Intense School Article - GNS3 Lab: Introduction to MPLS Layer 3 VPN Part 1I have written an article for Intense School. Find the link below.<br />
<br />
<a href="http://resources.intenseschool.com/gns3-lab-introduction-to-mpls-layer-3-vpn-part-1/">http://resources.intenseschool.com/gns3-lab-introduction-to-mpls-layer-3-vpn-part-1/</a><br />
<br />
For great trainings and offerings from Intense School, click on the link below.<br />
<br />
<a href="http://www.intenseschool.com/boot_camp/cisco/">http://www.intenseschool.com/boot_camp/cisco/</a><br />
<br />Petehttp://www.blogger.com/profile/14603511201107810183noreply@blogger.com0tag:blogger.com,1999:blog-1200580631182730878.post-6164936432430216832013-12-14T14:37:00.003+08:002013-12-14T14:37:33.822+08:00Intense School CCNA Voice Article - Adding IP Phones to the CME<span style="background-color: white; color: #222222; font-family: Arial, Tahoma, Verdana; font-size: 13px;">I have written an article regarding Adding IP Phones to the CME . Please find the link below and comment in the Intense School Website. Thanks!</span><br />
<br />
<br />
<a href="http://resources.intenseschool.com/ccna-voice-prep-adding-ip-phones-to-the-cme/">http://resources.intenseschool.com/ccna-voice-prep-adding-ip-phones-to-the-cme/</a><br />
<br />
<br style="background-color: white;" /><br /><br style="background-color: white; color: #222222; font-family: Arial, Tahoma, Verdana; font-size: 13px;" /><br style="background-color: white; color: #222222; font-family: Arial, Tahoma, Verdana; font-size: 13px;" />Petehttp://www.blogger.com/profile/14603511201107810183noreply@blogger.com0tag:blogger.com,1999:blog-1200580631182730878.post-89377368748903721052013-11-14T21:35:00.001+08:002013-11-14T21:39:58.574+08:00Finally A CCIE!Finally, I have completed my dream. Now it's time to change this site to be of more help to others who are pursuing their certification.Petehttp://www.blogger.com/profile/14603511201107810183noreply@blogger.com12tag:blogger.com,1999:blog-1200580631182730878.post-75616158656818391122013-10-14T20:32:00.001+08:002013-10-14T20:32:08.144+08:00Intense School CCNA Voice Article - CME Installation and Administration<br />
I have written an article regarding CME Installation and Administration. Please find the link below and comment. Thanks!<br />
<br />
<br />
<a href="http://resources.intenseschool.com/ccna-voice-prep-cme-installation-and-administration/">http://resources.intenseschool.com/ccna-voice-prep-cme-installation-and-administration/</a><br />
<br />
<br />
<br />
For more information on studying for CCNA Voice, please click this link. <a href="http://www.intenseschool.com/boot_camp/cisco/ccnavoice">http://www.intenseschool.com/boot_camp/cisco/ccnavoice</a><br />
Petehttp://www.blogger.com/profile/14603511201107810183noreply@blogger.com1tag:blogger.com,1999:blog-1200580631182730878.post-84553635528323190372013-09-22T12:44:00.000+08:002013-09-22T12:44:39.368+08:00Intense School CCNA Voice Article #3Intense School Article on Demystifying CCNA Voice Exam<br />
I have written an article over at the Intense School resources website on CCNA Voice, "Cisco IP Phone Boot Process and Registration". Here is a link to the article.<br />
<br />
<a href="http://resources.intenseschool.com/ccna-voice-prep-cisco-ip-phone-boot-process-and-registration/">http://resources.intenseschool.com/ccna-voice-prep-cisco-ip-phone-boot-process-and-registration/</a><br />
<br />
For more information on studying for CCNA Voice, please click this link. <a href="http://www.intenseschool.com/boot_camp/cisco/ccnavoice">http://www.intenseschool.com/boot_camp/cisco/ccnavoice</a><br />
<div>
<br /></div>
Petehttp://www.blogger.com/profile/14603511201107810183noreply@blogger.com3tag:blogger.com,1999:blog-1200580631182730878.post-63914558957881859682013-09-07T20:44:00.002+08:002013-09-07T20:46:32.841+08:00Intense School Article on Demystifying CCNA Voice ExamI have written an article over at the Intense School resources
website on CCNA Voice, specifically "Demystifying the CCNA Voice Exam". Here is a link to the
article. <a href="http://resources.intenseschool.com/demystifying-ccna-voice-understanding-the-pieces-of-cisco-unified-communications/">http://resources.intenseschool.com/demystify-ccna-voice-cert-exam/</a><br />
<br />
<div>
</div>
<div>
For more information on studying for CCNA Voice, please click this link. <a href="http://resources.intenseschool.com/demystify-ccna-voice-cert-exam/"> </a><a href="http://www.intenseschool.com/boot_camp/cisco/ccnavoice" target="_blank">http://www.<wbr></wbr>intenseschool.com/boot_camp/<wbr></wbr>cisco/ccnavoice</a></div>
<div>
</div>
<div>
</div>
Petehttp://www.blogger.com/profile/14603511201107810183noreply@blogger.com1tag:blogger.com,1999:blog-1200580631182730878.post-4262002950486123662013-08-28T01:05:00.001+08:002013-08-28T01:05:21.672+08:00Intense School CCNA Voice Article 1I have written an article over at the Intense School resources
website on CCNA Voice, specifically "Understanding the Pieces of Unified Communications". Here is a link to the
article. <a href="http://resources.intenseschool.com/demystifying-ccna-voice-understanding-the-pieces-of-cisco-unified-communications/">http://resources.intenseschool.com/demystifying-ccna-voice-understanding-the-pieces-of-cisco-unified-communications/</a><br />
<div>
<br /></div>
<div>
For more information on studying for CCNA Voice, please click this link." <a href="http://www.intenseschool.com/boot_camp/cisco/ccnavoice" target="_blank">http://www.<wbr></wbr>intenseschool.com/boot_camp/<wbr></wbr>cisco/ccnavoice</a>.</div>
Petehttp://www.blogger.com/profile/14603511201107810183noreply@blogger.com0tag:blogger.com,1999:blog-1200580631182730878.post-23828184206486935762013-06-05T13:23:00.002+08:002013-06-05T13:23:44.016+08:00Still Here and Doing Cisco StuffIts been a while since I last posted, I am currently studying for my 2nd attempt late this year. I promise to post again once I get my digits and there will be a lot of changes in this site. I thank you my friends for visiting this and I hope you continue to do so. See you again when I get my digits.Petehttp://www.blogger.com/profile/14603511201107810183noreply@blogger.com1tag:blogger.com,1999:blog-1200580631182730878.post-64109442856076670222011-06-15T13:50:00.002+08:002011-06-15T13:52:32.427+08:00Video BlogsI am quite busy with my studies now that I don't have time to blog. I am thinking of using Camtasia and instead do a Video blog, saves a lot of time and the explanation will be real time. I want to get active in posting again as the visits in this site seems to be increasing.<br /><br />Let me know if this is a good idea. Thanks!Petehttp://www.blogger.com/profile/14603511201107810183noreply@blogger.com9tag:blogger.com,1999:blog-1200580631182730878.post-38935960421068664902011-01-11T23:24:00.023+08:002011-01-12T00:49:57.386+08:00Using TCL to Prepare ConfigurationIf you have worked as a network engineer for an enterprise or even a telco, you would notice that the best practice to have a standard configuration template. Sometimes, you are stuck in a situation wherein you need to prepare configuration let's say for around 20 routers and time is not on your side. My approach for this when I was starting my networking career was to get that standard template and start filing up the necessary configuration in notepad for the 20 routers and save one file after another. Believe me it was not an easy task and it was prone to having typo's.<br /><br />It is for sure a tedious task but using TCL, it will pretty much make your life easier. I have researched for a way to automate the config preparation provided you have all the necessary data required. I am not a programmer but somehow I managed to find some TCL software and commands to make this possible. Before we begin we would need to have TCLKIT which can be downloaded <a href="http://equi4.com/pub/tk/tclkit-win32.upx.exe">here</a>.<br /><br />Now for this example, let us only try to create configs for 10 routers. Our standard config is as shown below. (not so long so make things easier)<br /><br /><pre class="source"><br /><span style="color: rgb(0, 51, 0);">hostname (hostname)</span><hostname><br /><span style="color: rgb(0, 51, 0);">!</span><br /><span style="color: rgb(0, 51, 0);">interface Serial1/1 </span><br /><span style="color: rgb(0, 51, 0);">ip address (ip address)(mask) </span><ip address=""><span style="color: rgb(0, 51, 0);"> </span><mask><br /><span style="color: rgb(0, 51, 0);">!</span><br /><span style="color: rgb(0, 51, 0);">router ospf 1</span><br /><span style="color: rgb(0, 51, 0);">network </span><network address=""><wildcard><span style="color: rgb(0, 51, 0);">(network) (wildcard) area (ospf area)</span><ospf area=""></ospf></wildcard></network></mask></ip></hostname></pre><br /><br />The first step is to create our variables, quite much work required for this especially for long standard configs. We will create variables for those with () in the standard config above. These are the parts in the configuration wherein the data will be placed. Standard configuration with variables shown below.<br /><br /><pre class="source"><br /><span style="color: rgb(0, 51, 0);">hostname $hostname</span><br /><span style="color: rgb(0, 51, 0);">!</span><br /><span style="color: rgb(0, 51, 0);">interface Serial1/1</span><br /><span style="color: rgb(0, 51, 0);">ip address $ipaddress $ipmask</span><br /><span style="color: rgb(0, 51, 0);">!</span><br /><span style="color: rgb(0, 51, 0);">router ospf 1</span><br /><span style="color: rgb(0, 51, 0);">network $network $wildcard area $ospfarea</span></pre><br />Now we have created our variables. Let us use the multivariable "foreach" TCL command to create a looping script. We put in our variables next to the "foreach" statement. The "$" is not required. If you are not familiar with this, please visit this <a href="http://ciscodreamer.blogspot.com/2009/08/fun-with-tcl-generating-100-loopbacks.html">post</a>.<br /><br /><pre style="color: rgb(0, 51, 0);" class="source"><br />foreach {hostname ipaddress ipmask network wildcard ospfarea}</pre><br />The next line of this script will now contain the data. Prepare the data in excel spreadsheet and the sequence of the columns should be the same as the one listed in the "foreach" statement. Then add that to the second line of the script. Put an open { before the data and } after the data.<br />Add also the important commands below that will make auto text file generation for each config file. The final script will look like something below. Then save this as a text file.<br /><br /><pre class="source"><span style="color: rgb(0, 51, 0);"><br />foreach {hostname ipaddress ipmask network wildcard ospfarea} {</span><br /><span style="color: rgb(0, 51, 0);">Router1 1.1.1.1 255.255.255.0 1.1.1.1 0.0.0.0 1</span><br /><span style="color: rgb(0, 51, 0);">Router2 1.1.1.2 255.255.255.0 1.1.1.2 0.0.0.0 2</span><br /><span style="color: rgb(0, 51, 0);">Router3 1.1.1.3 255.255.255.0 1.1.1.3 0.0.0.0 3</span><br /><span style="color: rgb(0, 51, 0);">Router4 1.1.1.4 255.255.255.0 1.1.1.4 0.0.0.0 4</span><br /><span style="color: rgb(0, 51, 0);">Router5 1.1.1.5 255.255.255.0 1.1.1.5 0.0.0.0 5</span><br /><span style="color: rgb(0, 51, 0);">Router6 1.1.1.6 255.255.255.0 1.1.1.6 0.0.0.0 6</span><br /><span style="color: rgb(0, 51, 0);">Router7 1.1.1.7 255.255.255.0 1.1.1.7 0.0.0.0 7</span><br /><span style="color: rgb(0, 51, 0);">Router8 1.1.1.8 255.255.255.0 1.1.1.8 0.0.0.0 8</span><br /><span style="color: rgb(0, 51, 0);">Router9 1.1.1.9 255.255.255.0 1.1.1.9 0.0.0.0 9</span><br /><span style="color: rgb(0, 51, 0);">Router10 1.1.1.10 255.255.255.0 1.1.1.10 0.0.0.0 10</span><br /><br /><span style="color: rgb(0, 51, 0);">} {set data "</span><br /><br /><span style="color: rgb(0, 51, 0);">hostname $hostname</span><br /><span style="color: rgb(0, 51, 0);">!</span><br /><span style="color: rgb(0, 51, 0);">interface Serial1/1</span><br /><span style="color: rgb(0, 51, 0);">ip address $ipaddress $ipmask</span><br /><span style="color: rgb(0, 51, 0);">!</span><br /><span style="color: rgb(0, 51, 0);">router ospf 1</span><br /><span style="color: rgb(0, 51, 0);">network $network $wildcard area $ospfarea</span><br /><br /><span style="color: rgb(0, 51, 0);">"</span><br /><span style="color: rgb(0, 51, 0);"> set filename "${hostname}.txt"</span><br /><span style="color: rgb(0, 51, 0);"> set fileId [open $filename "w"]</span><br /><span style="color: rgb(0, 51, 0);"> puts -nonewline $fileId $data</span><br /><span style="color: rgb(0, 51, 0);"> close $fileId</span><br /><br /><span style="color: rgb(0, 51, 0);">}</span></pre><br />Now its time to auto generate the configs. What this looping script does is take the first line on the data, do the variable substitution and then at the end it will save the text file with the hostname as the filename. It does this until the last line of the data. The files will be auto generated where the TCLKIT software is saved.<br /><br /><a href="http://4.bp.blogspot.com/_29AItQAcw9w/TSyAwvvvqwI/AAAAAAAAALw/81NzJBHokZE/s1600/TCLKITSource.JPG"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 400px; height: 251px;" src="http://4.bp.blogspot.com/_29AItQAcw9w/TSyAwvvvqwI/AAAAAAAAALw/81NzJBHokZE/s400/TCLKITSource.JPG" alt="" id="BLOGGER_PHOTO_ID_5560961214834518786" border="0" /></a><br /><hostname><ip address=""><mask><network address=""><wildcard><ospf area=""><br /><br />Open TCLKIT, two windows will appear big and small. <span style="font-weight: bold;">Click on File -> Source ->Go to the directory where you saved the script as text file -> Change "Files of Type to "All Files" -> Select the Script. </span>Then viola, your configurations appear and all variables substituted. It makes life easier for a network engineer.<br /></ospf></wildcard></network></mask></ip></hostname><a href="http://1.bp.blogspot.com/_29AItQAcw9w/TSyAXMrufRI/AAAAAAAAALg/ZM27MI2xrWo/s1600/TCLFinalOUTPUT.JPG"><br /></a><a href="http://4.bp.blogspot.com/_29AItQAcw9w/TSyAmctY_FI/AAAAAAAAALo/JsDF5sxIcYI/s1600/TCLFinalOUTPUT.JPG"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 289px; height: 223px;" src="http://4.bp.blogspot.com/_29AItQAcw9w/TSyAmctY_FI/AAAAAAAAALo/JsDF5sxIcYI/s400/TCLFinalOUTPUT.JPG" alt="" id="BLOGGER_PHOTO_ID_5560961037925678162" border="0" /></a><br /><hostname><ip address=""><mask><network address=""><wildcard><ospf area=""><br /><br /><br /></ospf></wildcard></network></mask></ip></hostname>Petehttp://www.blogger.com/profile/14603511201107810183noreply@blogger.com10tag:blogger.com,1999:blog-1200580631182730878.post-29580878079653002010-12-27T13:23:00.002+08:002010-12-27T13:27:35.189+08:00Merry Christmas and a Happy New Year to AllIt's been a while since I touched any materials and listened to Scott Morris' Audio bootcamp. My current job really demands a lot of my time. After 3 months of inactivity I promised myself that I will bounce back. I only have 11 months left to take the lab so I'll be studying full force when the new year arrives.<br /><br />Anyways have a Merry Christmas and Happy New Year to be everybody. Let us overcome any hindrances that tries to stop us from getting our dreams fulfilled. Expect new posts coming when the new year comes. Enjoy!Petehttp://www.blogger.com/profile/14603511201107810183noreply@blogger.com0tag:blogger.com,1999:blog-1200580631182730878.post-46132437376153960902010-10-21T21:59:00.003+08:002010-10-21T22:02:04.040+08:00It's Been A WhileAgain, its been a while since I posted something here. I miss the technical stuff I was doing and I could say I was 70% ready for the CCIE exam now I am back to mere 1%. I have a lot more things to share and once again I'll try to find time. Whatever happens my dream to be a CCIE still stands. Hope to hear good news from guys reading my posts.Petehttp://www.blogger.com/profile/14603511201107810183noreply@blogger.com2tag:blogger.com,1999:blog-1200580631182730878.post-79120023970908860672010-08-26T16:31:00.002+08:002010-08-26T16:43:58.094+08:00New JobIt's just today that I have posted something here and the reason behind this is that I am moving to Singapore for a new job on first week of September. I have been very busy with employment passes and other things required for the transfer. My new job involves lesser technical job than what I did in Hewlett Packard but its around 50/50 similar to my current job in a bank. 50 percent for technical and 50 percent for network project management. Even though I lost the other half to project management :), its still related as I will be handling network projects specifically MPLS migrations. Will my pursuit for CCIE still continue? The answer is yes. I love the technical stuff and its still useful with my current job position. My studies for now is in a standstill though I have finished all the topics I need a round or two to go through again all of them.<br /><br />I will be posting here topics from time to time since there are people who requested from me. I never thought there are people interested with my blog. :) I have created a Facebook page for those who view my blog entries and those who like to be my friends. Please join/like <a href="http://www.facebook.com/pages/I-WANT-TO-BE-A-CCIE/111951565499131">I WANT TO BE A CCIE</a> in Facebook. See you there and keep in touch.Petehttp://www.blogger.com/profile/14603511201107810183noreply@blogger.com5tag:blogger.com,1999:blog-1200580631182730878.post-8223368868003953772010-08-26T16:03:00.010+08:002010-08-26T16:29:46.433+08:00Answer: Reload Router By Telnet<pre class="scene"><span style="font-family:arial;">Configure a default route from R1 pointing to R2's ip address. The challenge is to reboot R1</span><br /><span style="font-family:arial;">from a telnet command from R3 without typing the command "reload". R3 should not telnet</span><br /><span style="font-family:arial;">directly to 12.12.12.1 but instead it should telnet 23.23.23.2 port 3000 to get to 12.12.12.1</span><br /><span style="font-family:arial;">port 3005. R1 should automatically ask to proceed to reboot and not ask for username/password</span><br /><span style="font-family:arial;">once the telnet from R3 is executed.</span></pre><br /><br />Solution is pretty simple. First we need to configure NATing on R2 to translate 23.23.23.2 port 3000 to 12.12.12.1 port 3005.<br /><br /><pre class="source"><span style="font-size:100%;"><span style="color: rgb(0, 51, 0);font-family:courier new;" >R2#</span><br /><span style="color: rgb(0, 51, 0);font-family:courier new;" >!</span><br /><span style="color: rgb(0, 51, 0);font-family:courier new;" >ip nat inside source static tcp 12.12.12.1 3005 23.23.23.2 3000 extendable</span><br /><span style="color: rgb(0, 51, 0);font-family:courier new;" >!</span><br /><span style="color: rgb(0, 51, 0);font-family:courier new;" >interface Serial1/3</span><br /><span style="color: rgb(0, 51, 0);font-family:courier new;" > ip nat outside</span><br /><span style="color: rgb(0, 51, 0);font-family:courier new;" >interface Serial1/1</span><br /><span style="color: rgb(0, 51, 0);font-family:courier new;" > ip nat inside</span></span></pre><br />Lets also configure telnet password in R2 for testing.<br /><br /><pre style="color: rgb(0, 51, 0);font-family:courier new;" class="source"><span style="font-size:100%;">line vty 0 4<br />password cisco<br />login</span></pre><br />Now we have solved the first problem. There are 3 issues left on R1, how to make telnet not ask for a password, how to use port 3005 for telnet and how to make the reload automatic. Here's how the configuration should look like.<br /><br /><br /><pre style="color: rgb(0, 51, 0);font-family:courier new;" class="source"><span style="font-size:100%;">R1#<br />!<br />line vty 0 4<br />privilege level 15<br />no login<br />rotary 5<br />autocommand reload</span></pre><br />Setting the vty to "privilege level 15" and configuring "no login" by passes user authentication. By default if there is no password set the device will refuse connections. "Rotary 5" command lets you use port 2005, 3005, 4005 and so on for telnet. The "autocommand" feature executes whatever command after the telnet.<br /><br />Let's test first telneting to 23.23.23.2 using default telnet port.<br /><br /><br /><pre style="color: rgb(0, 51, 0);font-family:courier new;" class="source"><span style="font-size:100%;">R3#telnet 23.23.23.2<br />Trying 23.23.23.2 ... Open<br /><br /><br />User Access Verification<br /><br />Password:<br />R2></span><br /></pre><br /><span>We see it doesn't go to R1 but to R2 instead. Now to test using port 3000.</span><br /><br /><br /><pre style="color: rgb(0, 51, 0);font-family:courier new;" class="source">R3#telnet 23.23.23.2 3000<br />Trying 23.23.23.2, 3000 ... Open<br /><br /><br /><span style="color: rgb(204, 0, 0);">System configuration has been modified. Save? [yes/no]:</span><br /><br />Debug on R1<br />R1#debug ip packet<br />*Aug 26 15:47:43.299: IP: tableid=0, s=23.23.23.3 (Serial1/2), d=12.12.12.1 (Serial1/2), routed via RIB<br />*Aug 26 15:47:43.299: IP: s=23.23.23.3 (Serial1/2), d=12.12.12.1 (Serial1/2), len 44, rcvd 3<br />*Aug 26 15:47:43.307: IP: tableid=0, s=12.12.12.1 (local), d=23.23.23.3 (Serial1/2), routed via FIB<br />*Aug 26 15:47:43.307: IP: s=12.12.12.1 (local), d=23.23.23.3 (Serial1/2), len 44, sending</pre><br />The debug clearly shows that the telnet came from R3. The telnet due to NAT redirected the traffic towards 12.12.12.1. Some people call this NAT redirection. Obviously this is not a practical way to reload routers but this is just for fun and to demonstrate how can be used to redirect traffic. I haven't seen any enterprise using this way to reload and will not see in the future. LOLS!Petehttp://www.blogger.com/profile/14603511201107810183noreply@blogger.com1tag:blogger.com,1999:blog-1200580631182730878.post-9432170368860594192010-06-02T21:55:00.005+08:002010-06-02T21:58:32.439+08:00Lab Challenge: Reload Router By TelnetHere's a little challenge, I thought of this during my train trip when I was going home this evening. This should be pretty easy. Consider the diagram below and the scenario.<br /><br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://4.bp.blogspot.com/_hqrMaXBW9WM/TAZf8EGnkzI/AAAAAAAAADY/mrLFBed20jk/s1600/Challenge.png"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 400px; height: 167px;" src="http://4.bp.blogspot.com/_hqrMaXBW9WM/TAZf8EGnkzI/AAAAAAAAADY/mrLFBed20jk/s400/Challenge.png" alt="" id="BLOGGER_PHOTO_ID_5478171482241078066" border="0" /></a><br /><pre class="scene"><span style="font-family:arial;">Configure a default route from R1 pointing to R2's ip address. The challenge is to reboot R1</span><br /><span style="font-family:arial;">from a telnet command from R3 without typing the command "reload". R3 should not telnet</span><br /><span style="font-family:arial;">directly to 12.12.12.1 but instead it should telnet 23.23.23.2 port 3000 to get to 12.12.12.1</span><br /><span style="font-family:arial;">port 3005. R1 should automatically ask to proceed to reboot and not ask for username/password</span><br /><span style="font-family:arial;">once the telnet from R3 is executed.</span><br /></pre><br /><br />I believe this should be pretty easy for everyone. Let me know your thoughts on how to solve this challenge. I will post a blog entry regarding this for the next post. For now I need to get back to the belly of the IOS beast. Cheers!Petehttp://www.blogger.com/profile/14603511201107810183noreply@blogger.com6tag:blogger.com,1999:blog-1200580631182730878.post-17673252198952435672010-05-29T18:25:00.006+08:002010-05-29T18:33:49.266+08:00Broadcast/Network PingIf there is a need to ping several devices in one same subnet and broadcast domain, you can do several commands or ping like the one below.<br /><br /><pre class="source"><br /><span style="color: rgb(0, 102, 0); font-weight: bold;">R1#ping 10.1.1.255</span><br /><br /><span style="color: rgb(0, 102, 0);">Type escape sequence to abort.</span><br /><span style="color: rgb(0, 102, 0);">Sending 5, 100-byte ICMP Echos to 10.1.1.255, timeout is 2 seconds:</span><br /><br /><span style="color: rgb(0, 102, 0);">Reply to request 0 from 10.1.1.2, 80 ms</span><br /><span style="color: rgb(0, 102, 0);">Reply to request 0 from 10.1.1.3, 80 ms</span><br /><span style="color: rgb(0, 102, 0);">Reply to request 0 from 10.1.1.4, 80 ms</span><br /><span style="color: rgb(0, 102, 0);">Reply to request 1 from 10.1.1.4, 52 ms</span><br /><span style="color: rgb(0, 102, 0);">Reply to request 1 from 10.1.1.2, 52 ms</span><br /><span style="color: rgb(0, 102, 0);">Reply to request 1 from 10.1.1.3, 52 ms</span><br /><span style="color: rgb(0, 102, 0);">Reply to request 2 from 10.1.1.3, 84 ms</span><br /><span style="color: rgb(0, 102, 0);">Reply to request 2 from 10.1.1.4, 84 ms</span><br /><span style="color: rgb(0, 102, 0);">Reply to request 2 from 10.1.1.2, 84 ms</span><br /><span style="color: rgb(0, 102, 0);">Reply to request 3 from 10.1.1.2, 20 ms</span><br /><span style="color: rgb(0, 102, 0);">Reply to request 3 from 10.1.1.4, 20 ms</span><br /><span style="color: rgb(0, 102, 0);">Reply to request 3 from 10.1.1.3, 20 ms</span><br /><span style="color: rgb(0, 102, 0);">Reply to request 4 from 10.1.1.3, 16 ms</span><br /><span style="color: rgb(0, 102, 0);">Reply to request 4 from 10.1.1.4, 16 ms</span><br /><span style="color: rgb(0, 102, 0);">Reply to request 4 from 10.1.1.2, 16 ms</span><br /><span style="color: rgb(0, 102, 0); font-weight: bold;"><br /><span style="color: rgb(102, 0, 0);">You can also use the Network Address</span>.<br /><br />R1#ping 10.1.1.0</span><br /><br /><span style="color: rgb(0, 102, 0);">Type escape sequence to abort.</span><br /><span style="color: rgb(0, 102, 0);">Sending 5, 100-byte ICMP Echos to 10.1.1.0, timeout is 2 seconds:</span><br /><br /><span style="color: rgb(0, 102, 0);">Reply to request 0 from 10.1.1.4, 84 ms</span><br /><span style="color: rgb(0, 102, 0);">Reply to request 0 from 10.1.1.2, 112 ms</span><br /><span style="color: rgb(0, 102, 0);">Reply to request 0 from 10.1.1.3, 84 ms</span><br /><span style="color: rgb(0, 102, 0);">Reply to request 1 from 10.1.1.2, 72 ms</span><br /><span style="color: rgb(0, 102, 0);">Reply to request 1 from 10.1.1.3, 72 ms</span><br /><span style="color: rgb(0, 102, 0);">Reply to request 1 from 10.1.1.4, 72 ms</span><br /><span style="color: rgb(0, 102, 0);">Reply to request 2 from 10.1.1.4, 68 ms</span><br /><span style="color: rgb(0, 102, 0);">Reply to request 2 from 10.1.1.2, 68 ms</span><br /><span style="color: rgb(0, 102, 0);">Reply to request 2 from 10.1.1.3, 68 ms</span><br /><span style="color: rgb(0, 102, 0);">Reply to request 3 from 10.1.1.3, 64 ms</span><br /><span style="color: rgb(0, 102, 0);">Reply to request 3 from 10.1.1.4, 64 ms</span><br /><span style="color: rgb(0, 102, 0);">Reply to request 3 from 10.1.1.2, 64 ms</span><br /><span style="color: rgb(0, 102, 0);">Reply to request 4 from 10.1.1.4, 72 ms</span><br /><span style="color: rgb(0, 102, 0);">Reply to request 4 from 10.1.1.3, 72 ms</span><br /><span style="color: rgb(0, 102, 0);">Reply to request 4 from 10.1.1.2, 72 ms</span><br /></pre><br /><br />You can also do a single ping command to check if all links in the routers are up or not. You can the following below. This works on all kinds of WAN interfaces connected to the router.<br /><br /><pre class="source"><br /><span style="color: rgb(0, 102, 0);">R1#ping 255.255.255.255 rep 1</span><br /><br /><span style="color: rgb(0, 102, 0);">Type escape sequence to abort.</span><br /><span style="color: rgb(0, 102, 0);">Sending 1, 100-byte ICMP Echos to 255.255.255.255, timeout is 2 seconds:</span><br /><br /><span style="color: rgb(0, 102, 0);">Reply to request 0 from 15.15.15.5, 16 ms</span><br /><span style="color: rgb(0, 102, 0);">Reply to request 0 from 10.1.1.4, 16 ms</span><br /><span style="color: rgb(0, 102, 0);">Reply to request 0 from 10.1.1.3, 16 ms</span><br /><span style="color: rgb(0, 102, 0);">Reply to request 0 from 10.1.1.2, 16 ms</span><br /></pre><br /><br />This command can be helpful during the CCIE lab exam to verify if interfaces are working. I assume that all who read this already knew this from their CCNA studies but I guess there are exceptions. Even the smartest Cisco Engineers forget basic commands sometimes. Let me know if you are one of those who didn't know this one.<br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://www.mouserunner.com/images/SmileyIcon_IconsPreview_Homepage.png"><img style="cursor: pointer; width: 40px; height: 40px;" src="http://www.mouserunner.com/images/SmileyIcon_IconsPreview_Homepage.png" alt="" border="0" /></a>Petehttp://www.blogger.com/profile/14603511201107810183noreply@blogger.com8tag:blogger.com,1999:blog-1200580631182730878.post-43539425778308505872010-05-29T14:54:00.005+08:002010-05-29T15:10:29.305+08:00Free Troubleshooting LabIf you want to check out Narbik's troubleshooting workbook and want to get an idea of it, you can visit <a href="http://dans-net.com/TS_mini/">Dan's blog</a>. This contains around 12 trouble tickets and 1 full TS lab challenge consisting of 10 trouble tickets. Good news is that these are Dynamips ready for those who don't have a real home labs.<br /><br />If I am not mistaken, Dan is Narbik's partner in creating the Micronics Troubleshooting Workbooks. You can also find a free Narbik troubleshooting workbook in this <a href="http://www.micronicstraining.com/classes/index.php?dispatch=products.view&product_id=29836">link</a>. Go check it out and have some fun!Petehttp://www.blogger.com/profile/14603511201107810183noreply@blogger.com0tag:blogger.com,1999:blog-1200580631182730878.post-81088117765646422532010-05-29T13:21:00.002+08:002010-05-29T13:24:55.562+08:00Flag CounterI have added a flag counter. I haven't realize I need to track from which countries readers are coming from. It's only after I got 25,000 visits based on the counter below the blog, I realized this. Thanks for the people who are visiting this blog.<br /><br />If you have any topics you wish to request, please do. Despite of my busy schedules for work and study, I'll find time to blog the request.Petehttp://www.blogger.com/profile/14603511201107810183noreply@blogger.com0tag:blogger.com,1999:blog-1200580631182730878.post-34778553282269539322010-05-28T23:33:00.007+08:002010-05-29T02:02:37.054+08:00NAT Stateful FailoverWhen the word "stateful" is mentioned in the networking world, it usually means that the router or a firewall keeps records of the sessions created. Stateful failover means that whatever sessions that have been recorded in one device the other backup device has a knowledge of it and can act as a backup without those sessions torn down in case the main device fails. It will function as the same as the primary one. NAT has also the failover functionality. This lab will focus on configuring Dynamic NAT failover.<br /><br /><br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://1.bp.blogspot.com/_29AItQAcw9w/S__-xccC7_I/AAAAAAAAALM/Y8gEWLdoQK4/s1600/NAT+Stateful+Failover.png"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 400px; height: 203px;" src="http://1.bp.blogspot.com/_29AItQAcw9w/S__-xccC7_I/AAAAAAAAALM/Y8gEWLdoQK4/s400/NAT+Stateful+Failover.png" alt="" id="BLOGGER_PHOTO_ID_5476375797306683378" border="0" /></a><br /><pre class="scene"><span style="font-size:100%;"><span style="font-family:arial;">R3 and R4 are NAT routers. R3 is the primary and R4 is the back up NAT router. These must be configured so that </span><br /><span style="font-family:arial;">R4 will provide stateful failover. Subnets in R1 1.1.1.1/32 - 1.1.1.5/32 should be translated to </span><br /><span style="font-family:arial;">123.123.123.1 - .5 /24. The host side ip address must match e.g. 1.1.1.1/32 = 123.123.123.1/32.</span><br /><br /><span style="font-family:arial;">These have been preconfigured:</span><br /><span style="font-family:arial;">1. OSPF on all routers.</span><br /><span style="font-family:arial;">2. Default route and floating static default route in R5.(for 123.123.123.0/24 reachability)</span><br /><span style="font-family:arial;">3. Ip OSPF cost in the links from R2 to R3 and R3 to R5 to disable equal cost path load balancing.</span></span><br /></pre><br />1. First let's configure which is the inside and outside part in the NAT configuration.<br /><br /><pre style="color: rgb(0, 102, 0);" class="source"><br />R3(config)#int se0/2<br />R3(config-if)#description connected to R2<br />R3(config-if)#ip nat inside<br />R3(config-if)#int se0/3<br />R3(config-if)#description connected to R5<br />R3(config-if)#ip nat outside<br /><br />R4(config)#int se0/2<br />R4(config-if)#description connected to R2<br />R4(config-if)#ip nat inside<br />R4(config-if)#int se0/0<br />R4(config-if)#description connected to R5<br />R4(config-if)#ip nat outside<br /></pre><br />2. Configure an access-list list that will match the IP addresses of Loopback0 in R1 and configure a NAT pool where we will get the translations.<br /><br /><pre class="source"><br /><span style="color: rgb(102, 0, 0);">Note: The </span><span style="font-weight: bold; color: rgb(102, 0, 0);">"match-host"</span><span style="color: rgb(102, 0, 0);"> keyword makes it possible for exact host to host translation 1.1.1.1/32 = 123.123.123.1/32, .5 = .5 the </span><br /><span style="color: rgb(102, 0, 0);">last octet in the ip address will be the same value. It will match the host portion of the IP address.</span><br /><br /><span style="color: rgb(0, 102, 0);">R3(config)#access-list 1 permit 1.1.1.0 0.0.0.255</span><br /><span style="color: rgb(0, 102, 0);">R3(config)#ip nat pool LOOPBACK 123.123.123.1 123.123.123.5 prefix-length 24 type match-host</span><br /><br /><span style="color: rgb(0, 102, 0);">R4(config)#access-list 1 permit 1.1.1.0 0.0.0.255</span><br /><span style="color: rgb(0, 102, 0);">R4(config)#ip nat pool LOOPBACK 123.123.123.1 123.123.123.5 prefix-length 24 type match-host</span><br /></pre><br />3. Configure a NAT stateful ID. This is what makes the stateful failover possible. This configuration will determine which is the primary NAT router and the backup.<br /><br /><pre class="source"><br /><span style="color: rgb(0, 102, 0);">R3(config)#ip nat stateful id 1 </span> <span style="font-weight: bold; color: rgb(102, 0, 0);">----------> This is locally significant.</span><br /><span style="color: rgb(0, 102, 0);">R3(config-ipnat-snat)#primary 23.23.23.3</span><br /><span style="color: rgb(0, 102, 0);">R3(config-ipnat-snat-pri)#peer 24.24.24.4</span><br /><span style="color: rgb(0, 102, 0);">R3(config-ipnat-snat-pri)#mapping-id 1</span> <span style="color: rgb(102, 0, 0); font-weight: bold;">---------> This should match on the routers.</span><br /><span style="color: rgb(0, 153, 0);">R3(config-ipnat-snat-pri)#exit</span><br /><br /><br /><span style="color: rgb(0, 102, 0);">R4(config)#ip nat stateful id 1</span> <span style="color: rgb(102, 0, 0); font-weight: bold;">----------> This is locally significant.</span><br /><span style="color: rgb(0, 102, 0);">R4(config-ipnat-snat)#backup 24.24.24.4</span><br /><span style="color: rgb(0, 102, 0);">R4(config-ipnat-snat-pri)#peer 23.23.23.3</span><br /><span style="color: rgb(0, 102, 0);">R4(config-ipnat-snat-pri)#mapping-id </span>1 -<span style="color: rgb(102, 0, 0); font-weight: bold;">--------> This should match on the routers.</span><br /><span style="color: rgb(0, 102, 0);">R4(config-ipnat-snat-pri)#exit</span><br /></pre><br />The "peer" keyword here will do that trick on making the 2 routers related. The ip addresses configured on the "primary" and "backup" parameters should be one of the IP addresses in the router which is configured with the "ip nat inside" command. Otherwise, you will get an error message that its not a match.If 2 backups are configured and they are peer with each other, they won't establish a relationship. A router can be configured as a primary for one mapping-id and back up for another.<br /><br />After configuring these commands, let's see the logs created by the routers.<br /><br /><pre class="source"><br /><span style="color: rgb(0, 102, 0);"><br />R3#</span><br /><span style="color: rgb(0, 102, 0);">*Mar 1 01:36:33.783: %SNAT-5-PROCESS: Id 1, System start converging</span><br /><span style="color: rgb(0, 102, 0);">*Mar 1 01:36:45.871: SNAT (Receive): CONVERGENCE Message for Router-Id: 1 from Peer Router-Id: 1's entries</span><br /><span style="color: rgb(0, 102, 0);">*Mar 1 01:36:45.871: %SNAT-5-PROCESS: Id 1, System fully converged</span><br /><br /><span style="color: rgb(0, 102, 0);">R4#</span><br /><span style="color: rgb(0, 102, 0);">*Mar 1 01:34:11.803: %SNAT-5-PROCESS: Id 1, System start converging</span><br /><span style="color: rgb(0, 102, 0);">*Mar 1 01:34:11.811: %SNAT-5-PROCESS: Id 1, System fully converged</span><br /><span style="color: rgb(0, 102, 0);">*Mar 1 01:34:48.767: %SNAT-5-PROCESS: Id 1, System start converging</span><br /><span style="color: rgb(0, 102, 0);">*Mar 1 01:34:50.791: SNAT (Receive): CONVERGENCE Message for Router-Id: 1 from Peer Router-Id: 1's entries</span><br /><span style="color: rgb(0, 102, 0);">*Mar 1 01:34:50.795: %SNAT-5-PROCESS: Id 1, System fully converged</span><br /></pre><br />Let's do a show command that will check the status of the Stateful Failover NAT.<br /><br /><pre class="source"><br /><span style="color: rgb(0, 102, 0);">R3#show ip snat distributed</span><br /><br /><span style="color: rgb(0, 102, 0);">Stateful NAT Connected Peers</span><br /><br /><span style="color: rgb(0, 102, 0);">SNAT: Mode PRIMARY</span><br /><span style="color: rgb(0, 102, 0);"> : State READY</span><br /><span style="color: rgb(0, 102, 0);"> : Local Address 23.23.23.3</span><br /><span style="color: rgb(0, 102, 0);"> : Local NAT id 1</span><br /><span style="color: rgb(0, 102, 0);"> : Peer Address 24.24.24.4</span><br /><span style="color: rgb(0, 102, 0);"> : Peer NAT id 1</span><br /><span style="color: rgb(0, 102, 0);"> : Mapping List 1</span><br /><br /><span style="color: rgb(0, 102, 0);">R4#show ip snat distributed</span><br /><br /><span style="color: rgb(0, 102, 0);">Stateful NAT Connected Peers</span><br /><br /><span style="color: rgb(0, 102, 0);">SNAT: Mode BACKUP</span><br /><span style="color: rgb(0, 102, 0);"> : State READY</span><br /><span style="color: rgb(0, 102, 0);"> : Local Address 24.24.24.4</span><br /><span style="color: rgb(0, 102, 0);"> : Local NAT id 1</span><br /><span style="color: rgb(0, 102, 0);"> : Peer Address 23.23.23.3</span><br /><span style="color: rgb(0, 102, 0);"> : Peer NAT id 1</span><br /><span style="color: rgb(0, 102, 0);"> : Mapping List 1</span><br /></pre><br />4. Configure the IP NAT translation statement mapping access-list 1 and the NAT pool created.<br /><br /><pre class="source"><span style="color: rgb(0, 102, 0);"><br />R3(config)#ip nat inside source list 1 pool LOOPBACK mapping-id 1</span><br /><br /><span style="color: rgb(0, 102, 0);">R4(config)#ip nat inside source list 1 pool LOOPBACK mapping-id 1</span><br /></pre><br />5. Now let's test NATing by pingin 5.5.5.5 sourcing from the IP's on Loopback0 on R1. (Will not be shown) We can do "debug ip nat" on R3 and R4, but will only see output in R3 since the traffic passes there. For the sake of a shorter post I will not display the output.<br /><br />6. Let's check the translation on R3, our main NAT router and afterwards check if R4 is getting the information from the NATing table.<br /><br /><pre class="source"><br /><span style="color: rgb(0, 102, 0);">R3#sh ip nat tran</span><br /><span style="color: rgb(0, 102, 0);">Pro Inside global Inside local Outside local Outside global</span><br /><span style="color: rgb(0, 102, 0);">icmp 123.123.123.1:20 1.1.1.1:20 5.5.5.5:20 5.5.5.5:20</span><br /><span style="color: rgb(0, 102, 0);">--- 123.123.123.1 1.1.1.1 --- ---</span><br /><span style="color: rgb(0, 102, 0);">icmp 123.123.123.2:19 1.1.1.2:19 5.5.5.5:19 5.5.5.5:19</span><br /><span style="color: rgb(0, 102, 0);">--- 123.123.123.2 1.1.1.2 --- ---</span><br /><span style="color: rgb(0, 102, 0);">icmp 123.123.123.3:18 1.1.1.3:18 5.5.5.5:18 5.5.5.5:18</span><br /><span style="color: rgb(0, 102, 0);">--- 123.123.123.3 1.1.1.3 --- ---</span><br /><span style="color: rgb(0, 102, 0);">icmp 123.123.123.4:17 1.1.1.4:17 5.5.5.5:17 5.5.5.5:17</span><br /><span style="color: rgb(0, 102, 0);">--- 123.123.123.4 1.1.1.4 --- ---</span><br /><span style="color: rgb(0, 102, 0);">icmp 123.123.123.5:16 1.1.1.5:16 5.5.5.5:16 5.5.5.5:16</span><br /><span style="color: rgb(0, 102, 0);">--- 123.123.123.5 1.1.1.5 --- ---</span><br /><br /><span style="color: rgb(0, 102, 0);">R4#sh ip nat tran</span><br /><span style="color: rgb(0, 102, 0);">Pro Inside global Inside local Outside local Outside global</span><br /><span style="color: rgb(0, 102, 0);">icmp 123.123.123.1:20 1.1.1.1:20 5.5.5.5:20 5.5.5.5:20</span><br /><span style="color: rgb(0, 102, 0);">--- 123.123.123.1 1.1.1.1 --- ---</span><br /><span style="color: rgb(0, 102, 0);">icmp 123.123.123.2:19 1.1.1.2:19 5.5.5.5:19 5.5.5.5:19</span><br /><span style="color: rgb(0, 102, 0);">--- 123.123.123.2 1.1.1.2 --- ---</span><br /><span style="color: rgb(0, 102, 0);">icmp 123.123.123.3:18 1.1.1.3:18 5.5.5.5:18 5.5.5.5:18</span><br /><span style="color: rgb(0, 102, 0);">--- 123.123.123.3 1.1.1.3 --- ---</span><br /><span style="color: rgb(0, 102, 0);">icmp 123.123.123.4:17 1.1.1.4:17 5.5.5.5:17 5.5.5.5:17</span><br /><span style="color: rgb(0, 102, 0);">--- 123.123.123.4 1.1.1.4 --- ---</span><br /><span style="color: rgb(0, 102, 0);">icmp 123.123.123.5:16 1.1.1.5:16 5.5.5.5:16 5.5.5.5:16</span><br /><span style="color: rgb(0, 102, 0);">--- 123.123.123.5 1.1.1.5 --- ---</span><br /></pre><br />Though the traffic did not pass through R4, it knows the translation. Notice that the host part of the original ip address and the translated ip address is the same. This is the result of the "match=host" keyword.<br />Let's see if the failover information by R3 is passed to R4 by a show command.<br /><br /><pre class="source"><br /><span style="color: rgb(0, 102, 0);">R4#sh ip snat peer 23.23.23.3</span><br /><br /><span style="color: rgb(102, 0, 0);">Show NAT Entries created by peer: 23.23.23.3</span><br /><br /><span style="color: rgb(0, 102, 0);">Pro Inside global Inside local Outside local Outside global</span><br /><span style="color: rgb(0, 102, 0);">--- 123.123.123.1 1.1.1.1 --- ---</span><br /><span style="color: rgb(0, 102, 0);">--- 123.123.123.2 1.1.1.2 --- ---</span><br /><span style="color: rgb(0, 102, 0);">--- 123.123.123.3 1.1.1.3 --- ---</span><br /><span style="color: rgb(0, 102, 0);">--- 123.123.123.4 1.1.1.4 --- ---</span><br /><span style="color: rgb(0, 102, 0);">--- 123.123.123.5 1.1.1.5 --- ---</span><br /><span style="color: rgb(0, 102, 0);">icmp 123.123.123.5:16 1.1.1.5:16 5.5.5.5:16 5.5.5.5:16</span><br /><span style="color: rgb(0, 102, 0);">icmp 123.123.123.4:17 1.1.1.4:17 5.5.5.5:17 5.5.5.5:17</span><br /><span style="color: rgb(0, 102, 0);">icmp 123.123.123.3:18 1.1.1.3:18 5.5.5.5:18 5.5.5.5:18</span><br /><span style="color: rgb(0, 102, 0);">icmp 123.123.123.2:19 1.1.1.2:19 5.5.5.5:19 5.5.5.5:19</span><br /><span style="color: rgb(0, 102, 0);">icmp 123.123.123.1:20 1.1.1.1:20 5.5.5.5:20 5.5.5.5:20</span><br /></pre><br />In the even that R3 and the traffic goes to R4, the sessions need not to be restarted as there are already existing translations on R4 which have been passed by R3. Let's shut down the interface in R3 and lets show how R4 reacts.<br /><br /><pre class="source"><br /><span style="color: rgb(0, 102, 0);">R4#</span><br /><span style="color: rgb(0, 102, 0);">*Mar 1 02:11:15.819: %SNAT-5-ALERT: BACKUP staging recovery, replacing Primary</span><br /><span style="color: rgb(0, 102, 0);">*Mar 1 02:11:15.819: %SNAT-5-PROCESS: Id 1, System start converging</span><br /><span style="color: rgb(0, 102, 0);">*Mar 1 02:11:15.827: %SNAT-5-PROCESS: Id 1, System fully converged</span><br /></pre><br />It places itself as the primary NAT router but the translations that its learned from R3 will continue to be in place. Once R3 goes back up, it will put itself again the backup NAT router.Petehttp://www.blogger.com/profile/14603511201107810183noreply@blogger.com2tag:blogger.com,1999:blog-1200580631182730878.post-33005825302187738212010-05-22T23:53:00.004+08:002010-05-23T00:44:34.062+08:00CCIE Written Cleared<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://t0.gstatic.com/images?q=tbn:g_YIlhnvcL3jMM"><img style="float: left; margin: 0pt 10px 10px 0pt; cursor: pointer; width: 104px; height: 79px;" src="http://t0.gstatic.com/images?q=tbn:g_YIlhnvcL3jMM" alt="" border="0" /></a><br />Finally, I have cleared the written exam last week. This doesn't mean I will stop with the theory stuff, in fact I am reading again the certification guide and some QoS books. I am currently doing Narbik Kocharian's Labs Workbook "<a href="http://www.micronicstraining.com/classes/index.php?dispatch=products.view&product_id=29812">The Gap from CCNP to CCIE</a>". Though this might be considered an old workbook by some, but the topics here still apply to the current blueprint. I don't have my own rack so I basically do the labs that can be done in GNS3. I am skipping some topics that can only be done in 3550/3650 switches which I will do in a free community lab that I know of. I am halfway through the topics after this I will do the latest Kocharian's <a href="http://www.micronicstraining.com/classes/index.php?dispatch=products.view&product_id=29816">workbook</a>. I might as well consider purchasing Kocharian's troubleshooting labs as I find the <a href="http://www.micronicstraining.com/downloads/lab03-free.zip">sample lab</a> very amusing.<br /><br />I am not promoting Micronics Training in any way. I really like Narbik's approach: Study the technology one at a time and do as much exploration on one topic. This kind of approach IMHO can really make the candidate understand the topic thoroughly. Many candidates fall into the mistake of doing right away the mock labs like crazy but never really explored the topic one after another. Understanding (again IMHO) what you are configuring is a key to passing the lab.<br /><br />I have not enrolled in any bootcamp but would love to. My primary reason is MONEY, I don't have tons of it. I am a self paying CCIE candidate. Since I can't attend a bootcamp, I read books and visit <a href="http://www.cisco.com/univercd/home/home.htm">Cisco Univercd</a>. We have a saying back home and I paraphrase, "If you can't buy a longer blanket, better learn to fit yourself into the blanket", and this is exactly what I am doing.<br /><br />My plans for doing the lab will be on January 2011, probably take it in Hong Kong. If I feel that I am ready before that, might consider the mobile lab in Singapore by November. I am spending at least 3 hours a night, and a few hours in the office (if not busy) studying and doing some labs on GNS3. For the next 8 months, I will have little to no social life (I never had one before anyways :D). Good day mates and hold on to the Cisco Dream!Petehttp://www.blogger.com/profile/14603511201107810183noreply@blogger.com0tag:blogger.com,1999:blog-1200580631182730878.post-46860009198291079302010-05-08T21:33:00.020+08:002010-05-08T23:11:18.696+08:00QoS: Classification and MarkingClassification and Marking is pretty much a self explanatory term. Classify the packet/frame based on number of things such as ip source subnet, protocol, tags, L2/L3 header markings and etc. The fields can be marked are IP header, LAN trunking headers, Frame Relay and ATM headers. This lab will focus on IP precedence and DSCP values on IP packet.<br /><br /><pre class="scene"><br /><span style=";font-family:arial;font-size:100%;" >In R1, IP precendence 0,1,2 markings should be marked on packets from 1.1.1.1/32,</span><span style=";font-family:arial;font-size:100%;" > 11.11.11.11/32 and<br />111.111.111.111/32 respectively. R2 should check for IP prec</span><span style=";font-family:arial;font-size:100%;" > packets 0,1,2 and replace them with DSCP markings<br />AF11, 12 and 13 respectively.</span><span style=";font-family:arial;font-size:100%;" > R3 should have an inbound policy-map with no action just to keep track of how</span><span style="font-family:arial;"><span style="font-size:100%;"><span style="font-family:arial;"> many</span><br />packets have been marked as AF11,12 and 13</span>.</span><br /></pre><br /><br />Click on the diagram to resize.<br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://1.bp.blogspot.com/_29AItQAcw9w/S-VtW_Rq6jI/AAAAAAAAALE/TVAlJsrlh1g/s1600/CandM.png"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 400px; height: 187px;" src="http://1.bp.blogspot.com/_29AItQAcw9w/S-VtW_Rq6jI/AAAAAAAAALE/TVAlJsrlh1g/s400/CandM.png" alt="" id="BLOGGER_PHOTO_ID_5468897564221434418" border="0" /></a><br />Relevant configurations.<br /><br /><pre class="source"><br /><span style="color: rgb(0, 102, 0);font-size:100%;" ><span style="font-family:courier new;">R1:</span><br /><br /><span style="font-family:courier new;">interface Loopback0</span><br /><span style="font-family:courier new;"> ip address 1.1.1.1 255.255.255.255</span><br /><span style="font-family:courier new;">!</span><br /><span style="font-family:courier new;">interface Loopback1</span><br /><span style="font-family:courier new;"> ip address 11.11.11.11 255.255.255.255</span><br /><span style="font-family:courier new;">!</span><br /><span style="font-family:courier new;">interface Loopback2</span><br /><span style="font-family:courier new;"> ip address 111.111.111.111 255.255.255.255</span><br /><span style="font-family:courier new;">!</span><br /><span style="font-family:courier new;">interface Serial0/2</span><br /><span style="font-family:courier new;"> ip address 12.12.12.1 255.255.255.0</span><br /><span style="font-family:courier new;"> serial restart-delay 0</span><br /><span style="font-family:courier new;">!</span><br /><span style="font-family:courier new;">ip route 0.0.0.0 0.0.0.0 12.12.12.2</span><br /><br /><span style="font-family:courier new;">R2:</span><br /><br /><span style="font-family:courier new;">!</span><br /><span style="font-family:courier new;">interface Serial0/1</span><br /><span style="font-family:courier new;"> ip address 12.12.12.2 255.255.255.0</span><br /><span style="font-family:courier new;"> serial restart-delay 0</span><br /><span style="font-family:courier new;">!</span><br /><span style="font-family:courier new;">interface Serial0/3</span><br /><span style="font-family:courier new;"> ip address 23.23.23.2 255.255.255.0</span><br /><span style="font-family:courier new;"> serial restart-delay 0</span><br /><span style="font-family:courier new;">!</span><br /><span style="font-family:courier new;">ip route 1.1.1.1 255.255.255.255 12.12.12.1</span><br /><span style="font-family:courier new;">ip route 11.11.11.11 255.255.255.255 12.12.12.1</span><br /><span style="font-family:courier new;">ip route 111.111.111.111 255.255.255 12.12.12.1</span><br /><br /><span style="font-family:courier new;">R3:</span><br /><br /><span style="font-family:courier new;">interface Loopback0</span><br /><span style="font-family:courier new;"> ip address 3.3.3.3 255.255.255.255</span><br /><span style="font-family:courier new;">!</span><br /><span style="font-family:courier new;">interface Serial0/2</span><br /><span style="font-family:courier new;"> ip address 23.23.23.3 255.255.255.0</span><br /><span style="font-family:courier new;"> serial restart-delay 0</span><br /><span style="font-family:courier new;"> service-policy input DSCP</span><br /><span style="font-family:courier new;">!</span><br /><span style="font-family:courier new;">ip route 0.0.0.0 0.0.0.0 23.23.23.2</span></span></pre><br />First we need to configure access-list on R1 for every loopback addresses. After which, create a class-map to match the access-groups and policy-map to put the corresponding IP precendence marking per class-map. Apply the policy-map to the interface Se0/2 on an outbound direction.<br /><br /><pre class="source"><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" >On R1, configure:</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" >!</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" >access-list 10 permit 1.1.1.1</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" >access-list 11 permit 11.11.11.11</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" >access-list 12 permit 111.111.111.111</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" >!</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" >class-map match-all Loopback2</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" > match access-group 12</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" >class-map match-all Loopback1</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" > match access-group 11</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" >class-map match-all Loopback0</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" > match access-group 10</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" >!</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" >interface Serial0/2</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" > service-policy output Loopback</span></pre><br />Let's proceed configuring R2. Let's match IP precedence and then replace them with DSCP values indicated.<br /><br /><pre class="source"><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" >On R2:</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" >!</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" >class-map match-all PREC0</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" > match precedence 0</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" >class-map match-all PREC1</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" > match precedence 1</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" >class-map match-all PREC2</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" > match precedence 2</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" >!</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" >policy-map CHECKER</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" > class PREC1</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" > set dscp af12</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" > class PREC0</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" > set dscp af11</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" > class PREC2</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" > set dscp af13</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" >!</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" >interface Serial0/3</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" >service-policy output CHECKER</span><br /></pre><br /><br />On to configuring R3 to match the DSCP values and serve as a inbound counter.<br /><br /><pre class="source"><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" >R3:</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" >!</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" >class-map match-all AF12</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" > match dscp af12</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" >class-map match-all AF13</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" > match dscp af13</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" >class-map match-all AF11</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" > match dscp af11</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" >!</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" >policy-map DSCP</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" > class AF11</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" > class AF12</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" > class AF13</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" >!</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" >interface Serial0/2</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" > service-policy input DSCP</span><br /></pre><br /><br />Let's generate some traffic and check the policy-maps later. 100, 200 and 300 packets from Lo0, Lo1 and Lo2 respectively.<br /><br /><pre class="source"><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" >R1#ping 3.3.3.3 source lo0 rep 100</span><br /><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" >Type escape sequence to abort.</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" >Sending 100, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" >Packet sent with a source address of 1.1.1.1</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" >!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" >!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" >Success rate is 100 percent (100/100), round-trip min/avg/max = 1/12/64 ms</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" >R1#ping 3.3.3.3 source lo1 rep 200</span><br /><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" >Type escape sequence to abort.</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" >Sending 200, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" >Packet sent with a source address of 11.11.11.11</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" >!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" >!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" >!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" >Success rate is 100 percent (200/200), round-trip min/avg/max = 1/13/108 ms</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" >R1#ping 3.3.3.3 source lo2 rep 300</span><br /><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" >Type escape sequence to abort.</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" >Sending 300, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" >Packet sent with a source address of 111.111.111.111</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" >!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" >!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" >!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" >!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" >!!!!!!!!!!!!!!!!!!!!</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" >Success rate is 100 percent (300/300), round-trip min/avg/max = 1/11/92 ms</span><br /></pre><br /><br />Let's check the policy-map hits.<br /><br /><pre class="source"><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" >R1#sh policy-map int</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" > Serial0/2</span><br /><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" > Service-policy output: Loopback</span><br /><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" > Class-map: Loopback0 (match-all)</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" > <span style="color: rgb(255, 0, 0);">100 packets, 10400 bytes</span></span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" > 5 minute offered rate 0 bps, drop rate 0 bps</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" > Match: access-group 10</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" > QoS Set</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" > precedence 0</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" > Packets marked 100</span><br /><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" > Class-map: Loopback1 (match-all)</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" > <span style="color: rgb(255, 0, 0);">200 packets, 20800 bytes</span></span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" > 5 minute offered rate 1000 bps, drop rate 0 bps</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" > Match: access-group 11</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" > QoS Set</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" > precedence 1</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" > Packets marked 200</span><br /><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" > Class-map: Loopback2 (match-all)</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" > <span style="color: rgb(255, 0, 0);">300 packets, 31200 bytes</span></span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" > 5 minute offered rate 4000 bps, drop rate 0 bps</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" > Match: access-group 12</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" > QoS Set</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" > precedence 2</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" > Packets marked 300</span><br /><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" > Class-map: class-default (match-any)</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" > 11 packets, 876 bytes</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" > 5 minute offered rate 0 bps, drop rate 0 bps</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" > Match: any</span><br /><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" >R2#sh policy-map int</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" > Serial0/1</span><br /><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" > Service-policy input: CHECKER</span><br /><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" > Class-map: PREC1 (match-all)</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" > <span style="color: rgb(255, 0, 0);">200 packets, 20800 bytes</span></span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" > 5 minute offered rate 0 bps, drop rate 0 bps</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" > Match: precedence 1</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" > QoS Set</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" > dscp af12</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" > Packets marked 200</span><br /><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" > Class-map: PREC0 (match-all)</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" > <span style="color: rgb(255, 0, 0);">100 packets, 10400 bytes</span></span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" > 5 minute offered rate 0 bps, drop rate 0 bps</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" > Match: precedence 0</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" > QoS Set</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" > dscp af11</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" > Packets marked 100</span><br /><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" > Class-map: PREC2 (match-all)</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" > <span style="color: rgb(255, 0, 0);">300 packets, 31200 bytes</span></span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" > 5 minute offered rate 0 bps, drop rate 0 bps</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" > Match: precedence 2</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" > QoS Set</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" > dscp af13</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" > Packets marked 300</span><br /><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" > Class-map: class-default (match-any)</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" > 0 packets, 0 bytes</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" > 5 minute offered rate 0 bps, drop rate 0 bps</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" > Match: any</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" ><br />R3#</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" >*Mar 1 00:54:36.683: %CLEAR-5-COUNTERS: Clear counter on all interfaces by console</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" >R3#sh policy-map int</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" > Serial0/2</span><br /><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" > Service-policy input: DSCP</span><br /><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" > Class-map: AF11 (match-all)</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" > <span style="color: rgb(255, 0, 0);">100 packets, 10400 bytes</span></span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" > 5 minute offered rate 0 bps</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" > Match: dscp af11 (10)</span><br /><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" > Class-map: AF12 (match-all)</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" > <span style="color: rgb(255, 0, 0);">200 packets, 20800 bytes</span></span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" > 5 minute offered rate 0 bps</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" > Match: dscp af12 (12)</span><br /><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" > Class-map: AF13 (match-all)</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" > <span style="color: rgb(255, 0, 0);">300 packets, 31200 bytes</span></span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" > 5 minute offered rate 0 bps</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" > Match: dscp af13 (14)</span><br /><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" > Class-map: class-default (match-any)</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" > 0 packets, 0 bytes</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" > 5 minute offered rate 0 bps, drop rate 0 bps</span><br /><span style="color: rgb(0, 102, 0);font-family:courier new;" > Match: any</span><br /></pre><br /><br />Checking on the show output, we can see that from a normal packet without a marking, it was marked by R1 with IP precedence values and then classified by R2 and remarked again now with DSCP values. We can see we have the same number of packets on the corresponding IP Prec and DSCP values. 0 to AF11 = 100, 1 to AF12 = 200 and 2 to AF13 = 300.<br /><br /><pre class="info"><br />Layer 2 markings such ash CoS, DE, CLP and EXP can only be classified in the ingress<br />direction and can only be marked in the egress direction only.<br /></pre>Petehttp://www.blogger.com/profile/14603511201107810183noreply@blogger.com1tag:blogger.com,1999:blog-1200580631182730878.post-49880052280732575452010-02-03T14:11:00.002+08:002010-02-03T14:16:17.082+08:00No Updates, Yet!!!I have no time to write a technical blog as of now as I am currently in transition moving from my current company to a new one. I have to do all the necessary stuff needed for this move. Currently I am reading<span style="font-size:100%;"> CCIE Routing and Switching Exam Certification Guide, 4th Edition as preparation for my CCIE written mid this year. I don't have much lab time yet but I do have time reading the concepts I have studied when I took my CCNP. My target is Written this year and probably late this year or early to mid next year for my lab attempt. Will be posting something technical here probably 2 weeks from now.<br /></span>Petehttp://www.blogger.com/profile/14603511201107810183noreply@blogger.com1tag:blogger.com,1999:blog-1200580631182730878.post-62351932692667221302010-01-08T10:01:00.005+08:002010-01-08T10:11:12.086+08:00Study Tip: Gathering ConfigurationsI am fond of checking Cisco website and other blogs. Whenever I come across a configuration I am interested whether its something familiar or unfamiliar, I copy that config, save it on a notepad. Though I might not understand some of the configuration files I gather, I find time researching what those config lines mean, try it in Dynamips and read more about it.<br /><br />If you work doing network configuration changes, doing configs line by line will really get in your nerves. One best practice is to prepare yourself a template config per technology or per setup and save this in a notepad. Network configs in an enterprise environment usually have standard format so this will really save time and you can use time reviewing the config you prepared using the template. In the future the configs you have gathered will surely come in handy.Petehttp://www.blogger.com/profile/14603511201107810183noreply@blogger.com1