Archive for the 'CCIE R&S' category

PVLAN on a 3550 & 3560

 | 8 Aug 2007 16:14

Amazingly the 3550 doesn’t support PVLAN, the 3560 does. So what are the options?

Catalyst Platform PVLAN Supported Minimum Software Version Isolated VLAN PVLAN Edge (Protected Port) Community VLAN
Catalyst 3550 Not supported Not supported Yes. 12.1(4)EA1 onwards Not supported
Catalyst 3560 12.2(20)SE – EMI Yes Yes. 12.1(19)EA1 onwards. Yes

Show me more… »

No IPv6 for ESM

 | 14:26

One has to love these little snippets dispersed across CCO. Reading up on Ether Switch Modules (ESM) I came across this little ‘Note’:

Layer 3 IPv6 packets are dropped when received by the switch.

I’m not sure if anyone can verify this for me, I should have a HWIC-4ESW somewhere but not in my CCIE lab so can’t lab this now. It seems rather silly not to having IPv6 support on there, especially with the increasing talk about ‘having’ to migrate to IPv6 ‘soon’. Would be even worse if you can Ipv6 enable the vlans on an ESW but it drops received IPv6 packets…

Labbing ODR

 | 13:32

ODR (On Demand Routing) is part of the R&S lab blueprint and the univercd has only one page on it. Can’t be too hard can it? Well that’s right but still it’s good to have done it once and see it in action. My first try failed as I didn’t know that ODR doesn’t work if there’s a routing protocol active on the stub router.

Some ODR characteristics:

  • Hub and spoke (stub) network
    • ODR is only enabled on the hub
    • Hub automatically advertises a default-route to the spoke
  • Uses CDP, so CDP neighborship must be established between hub and spoke
    • Enable CDP on F/R links and make sure the IP mappings support broadcasts
    • Vlans: Ensure that the routers can see each other rather than the switch they’re connected to (use l2protocol-tunnel or dot1q tunnelling)
  • No dynamic routing allowed on the spoke
  • Redistribution into ODR doesn’t work (not allowed)

My lab test:

Show me more… »

Smartport macros (3550)

 | 00:17

Nice of Cisco to preconfigure some macros for our usage, but how does one know what they do before applying them. Well using “show parser macro …” one can see what is supported and their content. My search for smartport macros first found me the following list (extract below), however this if for a 2955. The current R&S lab uses 3550 and 3560 so what to expect?

  1. cisco-global
    Use this global configuration macro to enable load balancing across VLANs, provide rapid convergence of spanning-tree instances and to enable port error recovery.
  2. cisco-desktop
    Use this interface configuration macro for increased network security and reliability when connecting a desktop device, such as a PC, to a switch port.
  3. cisco-phone
    Use this interface configuration macro when connecting a desktop device such as a PC with a Cisco IP Phone to a switch port. This macro is an extension of the cisco-desktop macro and provides the same security and resiliency features, but with the addition of dedicated voice VLANs to ensure proper treatment of delay-sensitive voice traffic.
  4. cisco-switch
    Use this interface configuration macro when connecting an access switch and a distribution switch or between access switches connected using GigaStack modules or GBICs.
  5. cisco-router
    Use this interface configuration macro when connecting the switch and a WAN router.
  6. cisco-lre-cpe
    Use this interface configuration macro to optimize performance when the switch is installed in apartment buildings or hotels, or when it is used to deliver Video-on-Demand (VoD), or multicast video.
  7. cisco-wireless
    Use this interface configuration macro when connecting the switch and a wireless access point.

The complete supported list of commands on a 3550 is:

Show me more… »

Port-security maximum 3 (for phones)

 | 7 Aug 2007 23:22

3 for phones? Was reading this and it stated the following. Nice one to keep in mind during the lab…

switchport port-security maximum 1 (or 3 for phones)

If port-security is turned on, the default number of allowed mac-addresses is 1. For an IP phone, we need 3 – one for the workstation, one for the phone on the voice Vlan and one for the phone on the native Vlan for CDP.

[edit] It’s funny checking this that the smartport macro only sets the maximum at 2:

Macro name : cisco-phone
Macro type : default interface
# Cisco IP phone + desktop template
# Enable port security limiting port to a 2 MAC
# addressess -- One for desktop on data vlan and
# one for phone on voice vlan
switchport port-security
switchport port-security maximum 2

[edit] Sneaking a peak at my 877 home cpe I notice that indeed the mac address of my 7960 phone is seen on both the data and voice vlan…

home-cpe#sh mac-address-table
Destination Address Address Type VLAN Destination Port
------------------- ------------ ---- -------------------
0011.2189.c317 _______ Dynamic ____ 1 __ FastEthernet0
0011.2189.c317 _______ Dynamic ___ 10 __ FastEthernet0

(irrelevant output removed)

Other 3550 voip phone ready access-port stuff from the same page:

Show me more… »

3550 mls qos

 | 22:37

Reading CCIE Practical Studies Volume II on Safari I thought I’d check out mls qos on the 3550 I have in my CCIE lab. Being familiar with the QoS mapping on a 6500 (sup720) and a 4500 (sup IV?), I was surprised to find something I’d not seen before:

  • Policed-dscp map

So I started searching for what it’s for and I quickly found the following information.

Show me more… »

Transparent bridging

 | 31 Jul 2007 18:16

Two things I learned today about bridging:

1) When bridging on a router that is only forwarding the bridged traffic it’s best (not needed apparently) to turn off ip routing:

no ip routing
bridge <123> protocol ieee

2) When bridging and routing IRB or CRB then it’s advisable to enable routing within the bridge-group:

bridge irb
bridge <123> protocol ieee
bridge <123> route ip

IRB = Integrated Routing & Bridging
CRB = Concurrent Routing & Bridging

What the heck is EEK?

 | 29 Jul 2007 16:25

Q. What the heck is F/R EEK?
A. frame-relay End-to-End Keepalive

EEK can only be used to bring down the sub interfaces. The physical interfaces will remain up as long as they are receiving lmi’s from their local (CO) frame switch. Arguably EEK is pointless due to the fact that LMI will indicate that a certain pvc isn’t available anymore. Whatever it’s use I’d never heard of it before.

Netstat but then for IOS

 | 28 Jul 2007 16:49

Not sure how long this has been there but I just noticed it in 12.4T:

Router#show ip sockets
Proto Remote Port Local Port In Out Stat TTY OutputIF
17 0 --any-- 67 0 0 2211 0

For those who’re wondering what a router listens to by default, it’s dhcp. To turn it off issue the following command:

no service dhcp

Researching regular expressions (filter show commands)

 | 25 Jul 2007 11:07

While trying to figure out whether I could find an AND operator rather than just the OR “|” I stubled across the following:

C2611XM#show ver | ?
_append____Append redirected output to URL (URLs supporting append operation only)
_begin_____Begin with the line that matches
_exclude___Exclude lines that match
_include___Include lines that match
_redirect__Redirect output to URL
_section___Filter a section of output
_tee_______Copy output to URL

A number of these are new to me… A nice recent addition is the ‘section’ key word, it shows the section following the matched line. This allows for displaying the running config of an access-list which previously was not possible:

C2611XM(config-ext-nacl)#do sr | section http
ip http server
no ip http secure-server
ip access-list extended http
_permit tcp any any eq www
_permit tcp any eq www any

This condensed quote from CCO lists a couple of things to remember:

show <command> | append <url> – Redirects the output of any show command to be appended to a specified file.
show <command> | redirect <url> – Redirects the output of any show command to a specified file.
show <command> | tee <url> – Copies the show command output to a file while displaying it on the terminal.

The Cisco IOS File System (IFS) uses URLs to specify the location of a file system, directory and file. Typical URL elements include:


Prefixes can be local file locations, such as flash: or disk0:. Alternatively, you can specify network locations using the following syntax:


The rcp: prefix is not supported.

Defective Serial module

 | 24 Jul 2007 00:53

Rats, had to spend more time in my hosted CCIE lab to replace a defective NM-8A/S in my F/R switch. But at least all my serial connectivity is up/up and the new F/R switch, a 3640 with a mere 16Mb of flash, is configured with a full mesh of PVC’s.

I feel ready to try some mock labs, having started one tonight I remember how difficult it is to translate/superimpose the hardware layouts. Oh well I guess I’ll get the hang of it sooner or later. It feels like last year was such smooth sailing between the bootcamp and the exam. Must be about the grass being greener elsewhere again…

I actually configured my first port channels today, or it’s been so long I can’t remember the last time. Funny having a 3548 and 3560, one starts to notice old and new config. Kinda nice as a hint of what new features might be emphasised in the lab. For those who’re wondering, for example: The 3548 uses ‘port groups’ where the 1st interface in the group holds the etherchannel config, but the 3560 uses channel-group style config which creates port-channel interfaces for the etherchannel config.

Another lesson learned: STP trouble can occur if one side of the etherchannel has been configured but not the other, so shut down the interfaces before adding them to an etherchannel. Also it’s best to create etherchannels from interfaces without prior config.

Note to self…

 | 00:38

When using a Bluetooth (BT) keyboard, check the batteries first before spending time on troubleshooting network problems… It appears that the keyboard just slows down rather than just cutting out.

Cool Cisco IOS hints site

 | 15 Jul 2007 21:01

Well it’s cool for us ppl who prepare for the CCIE R&S lab and possibly other Networking workaholics too 🙂

I first thought this guy workes for Cisco but this is far from the truth…

IPv6 routing (OSPFv3)

 | 14 Jul 2007 21:55

Well I guess I was wrong that IP BASE or TELCO feature-set would do fine for R&S labbing. They lack IPv6 and if they do have IPv6 then they don’t have IPv6 routing (OSPFv3) capability.

Remembering the noises about IPv6 really coming our way in the next year or two I think we’ll be upgrading a lot of routers… IP PLUS and ENT BASE seem to be the feature-sets to go for but my flash and ram don’t support the images. I guess I’ll have to dig out all the old memory and hope I can make it match (and stable).

Any help is welcome. My 3640 are limited to 64/16, the 2600’s to 40/8 and 48/16. All I have is a beefy 2691 (128/32) and my 7200’s with 128 and flash cards (48 and 2x 20Mb [eek]). Does anyone have a simple site listing which memory type is supported per platform?

[July 16th 2007] Well I went rummaging through a pile of old memory and it looks like I can max out my 3640’s to 128 ram. I’ still failing in the flash department… 🙁
Heehee, just found “c3640-is-mz.124-1c.bin and ‘3g.bin IP PLUS” which are just under 24Mb so I may just have saved myself a lot of hassle. It has OSPFv3 support and everything else I need, bar tcp intercept and MPLS.

Personal lab updates

 | 14:23

Right, back on the number hunt I’ve listed up for and am currently upgrading most of my routers to 12.4 or in case of my two 7200’s with NPE-200’s 12.3.

The feature-sets are a right mix too but I hope that I’ll be OK there. Personally I think that the enterprise feature-set is not needed when labbing for R&S as SNA, DSLw and the likes were removed in Jan 2006. I do try to have crypto in there as securing routing protocols is a hot item these days.

Next to IOS upgrades I’ve ordered some more serial cables to add to my lab as it will give me a lot more flexibility. I guess it’s one of the down sides of having ones lab in a datacenter and not at home. Ooh and not being able to manually reload routers is another issue I have. Luckilly it doesn’t happen that much but my 2621 with 40/8 (ram/flash) did not like 12.3(3i) IP as it complains about IOMEM and just halts during boot. (I can feel another trip to the datacenter coming) Cables should be in next week so I’ll have to work at the datacenter late coming Friday (in the UK on Wednesday and Thursday).