CCNP Madness
Comments
-
tomtom1 Member Posts: 375OfWolfAndMan wrote: »I gotta say: Route tags will make life A LOT easier in a commercial network.
It's nice when things you study have a direct use in production networks eh
As for the PBR part, and the exam, small tip, just remember that the ip policy command is always placed on the interface that is receiving the source traffic. Also make sure the debug command (debug ip policy access-list) is in your memory. Might come in handy when labbing (or in production) with PBR and things aren't going your way. -
OfWolfAndMan Member Posts: 923 ■■■■□□□□□□It's nice when things you study have a direct use in production networks eh
Agreed!
So, just checking in. Finished the Chris Bryant vids and the Simplified book. Configured a IPSec VPN and did some basic PPPoE configurations. Thankfully, I learned a lot of the VPN theory from the CCNA Security (Except for the manual configuration), so I understood the theory side of it. As for the DSL theory and cable technologies, that's old theory to me (Again, except the configs). For this coming week, I will be doing a lot of labs as I go over my notes and the material once again (OSPF and EIGRP should be easy. Gonna be mainly hitting IPv6, PBR, BGP w/ path control and IP SLA. Then I'll also go over the VPN and Tunnel configs a couple more times as they're new to me). If I feel I am where I should be, the test will be scheduled at the end of this month (Or possibly a week prior).:study:Reading: Lab Books, Ansible Documentation, Python Cookbook 2018 Goals: More Ansible/Python work for Automation, IPSpace Automation Course [X], Build Jenkins Framework for Network Automation [] -
OfWolfAndMan Member Posts: 923 ■■■■□□□□□□Been doing some labs from the Simplified book. 6to4 tunnels, OSPF over NBMA and advanced EIGRP. Anyone have a good page for VRF such as case studies and some additional labs? I'd like to look a little more into it:study:Reading: Lab Books, Ansible Documentation, Python Cookbook 2018 Goals: More Ansible/Python work for Automation, IPSpace Automation Course [X], Build Jenkins Framework for Network Automation []
-
OfWolfAndMan Member Posts: 923 ■■■■□□□□□□The last couple of days has been lots of labbing with OSPF and BGP and overview in the Simplified book of the two routing protocols. LOTS of path control in BGP i.e. AS path prepending, MED attribute usage, weight modification, route origin, etc. Lots of attribute mods. One thing I am on now though is the as-path command. I understand the concept of it, but the characters at the end of the command i.e. ^-+()* I'm having a hard time grasping where they go in the command. Is there a page that might have a good explanation on this?:study:Reading: Lab Books, Ansible Documentation, Python Cookbook 2018 Goals: More Ansible/Python work for Automation, IPSpace Automation Course [X], Build Jenkins Framework for Network Automation []
-
OfWolfAndMan Member Posts: 923 ■■■■□□□□□□Found this. Starting to make some more sense now. At least most of the characters:
as-path - CCIE Blog:study:Reading: Lab Books, Ansible Documentation, Python Cookbook 2018 Goals: More Ansible/Python work for Automation, IPSpace Automation Course [X], Build Jenkins Framework for Network Automation [] -
OfWolfAndMan Member Posts: 923 ■■■■□□□□□□Back again. Been reviewing over OSPFv3 and BGP attribute selection. I've been doing quite a few labs including lots of BGP (Even got to learn about backdoors!), played with some more EIGRP, OSPF with LOTS of path manipulation. However, I am getting stumped on this EIGRP PBR lab, mainly because I see no packets incrementing in the route-map configuration when I do a special ping. Everyone has EIGRP neighbors, EXCEPT between R2 and R3 (Not really relevant at this point). F0/0 on R2 and R3 are advertised, but are a passive-interface in the EIGRP config. The lab wants it so any packets with a size of 0 to 500 and 1000 to 1500 bytes going to the 150.3.3.0 sourced from the 150.1.1.0 subnet are sent to the next hop of R2. All other packets take the normal path. Here is the config on R1 for the path selection:
#ip access-list extended 101
#permit ip 150.1.1.0 0.0.0.255 150.3.3.0 0.0.0.255
#route-map MATCHMTU permit 10
#match ip address 101
#match length 0 500
#set ip next-hop 10.0.0.2
#route-map MATCHMTU permit 20
#match ip address 101
#match length 1000 1500
#set ip next-hop 10.0.0.2
#route-map MATCHMTU deny 30
#interface F0/0
#ip policy route-map MATCHMTU
The problem is, whenever I ping from source F0/0 on R1 with a size of 0-500 or 1000-1500, I don't see any packets output in the route-map.
#ping 150.3.3.3 source F0/0 size 300
#ping 150.3.3.3 source F0/0 size 1200
#show route-map
route-map MATCHMTU, permit, sequence 10
Match clauses:
ip address (access-lists): 101
length 0 500
Set clauses:
ip next-hop 10.0.0.2
Policy routing matches: 0 packets, 0 bytes
route-map MATCHMTU, permit, sequence 20
Match clauses:
ip address (access-lists): 101
length 1000 1500
Set clauses:
ip next-hop 10.0.0.2
Policy routing matches: 0 packets, 0 bytes
route-map MATCHMTU, deny, sequence 30
Match clauses:
Set clauses:
Policy routing matches: 0 packets, 0 bytes
Am I missing something?
:study:Reading: Lab Books, Ansible Documentation, Python Cookbook 2018 Goals: More Ansible/Python work for Automation, IPSpace Automation Course [X], Build Jenkins Framework for Network Automation [] -
fredrikjj Member Posts: 879try using the debug ip policy command on the router that performs the PBR. It should give more information on what's going on.
-
OfWolfAndMan Member Posts: 923 ■■■■□□□□□□Alright so I did that, and source ping from R1's f0/0 interface. Got NOTHING.
Now, if I do a ping from R4 with the appropriate size, then it does work. I guess it doesn't really matter if the interface itself can anyway. As long as the hosts' traffic gets routed appropriately.:study:Reading: Lab Books, Ansible Documentation, Python Cookbook 2018 Goals: More Ansible/Python work for Automation, IPSpace Automation Course [X], Build Jenkins Framework for Network Automation [] -
fredrikjj Member Posts: 879The problem that you are having is probably that locally generated traffic isn't affected by the ip policy interface command. It must be incoming from another device. If you want to PBR local traffic you need the global command that I've forgotten that exakt syntax for.
-
tomtom1 Member Posts: 375The problem that you are having is probably that locally generated traffic isn't affected by the ip policy interface command. It must be incoming from another device. If you want to PBR local traffic you need the global command that I've forgotten that exakt syntax for.
ip local policy, right? -
OfWolfAndMan Member Posts: 923 ■■■■□□□□□□What about #ip local policy route-map MATCHMTU?
Source: Cisco website
Edit: TomTom you're right! I would give you more rep but looks like I already gave you some:study:Reading: Lab Books, Ansible Documentation, Python Cookbook 2018 Goals: More Ansible/Python work for Automation, IPSpace Automation Course [X], Build Jenkins Framework for Network Automation [] -
OfWolfAndMan Member Posts: 923 ■■■■□□□□□□OK I know I'm jumping ahead of myself, but this request is more so for work as we recently implemented QoS and multicast configs. Is there a good video course I could check out in the future that may make it easier to understand for not only my real world benefit, but also for when I do SWITCH?:study:Reading: Lab Books, Ansible Documentation, Python Cookbook 2018 Goals: More Ansible/Python work for Automation, IPSpace Automation Course [X], Build Jenkins Framework for Network Automation []
-
OfWolfAndMan Member Posts: 923 ■■■■□□□□□□Also another question: In the SWITCH material, they seem to mention dynamic vlan configuration and VMPS. As VMPS is not used and Mac Authentication Bypass seems to be the modern thing, why even mention it?:study:Reading: Lab Books, Ansible Documentation, Python Cookbook 2018 Goals: More Ansible/Python work for Automation, IPSpace Automation Course [X], Build Jenkins Framework for Network Automation []
-
OfWolfAndMan Member Posts: 923 ■■■■□□□□□□Been reviewing over both the book and the Chris Bryant videos while labbing like crazy. Will be scheduling my test for the end of the month next week hopefully. Was supposed to do it last week but customer support was a little confused on my intentions, as my Pearson Vue account is not working, and I told them I wanted to schedule over the phone, but they insisted on trying to fix my account again, and still with no success. Anyway, will be over-viewing branch technologies today as I believe this is one area I could use some more practice. Anyone who insists, please feel free to start quizzing me, particularly those that have already taken the test.:study:Reading: Lab Books, Ansible Documentation, Python Cookbook 2018 Goals: More Ansible/Python work for Automation, IPSpace Automation Course [X], Build Jenkins Framework for Network Automation []
-
tomtom1 Member Posts: 375I could write up some practice questions for the ROUTE material if you're up? Would be a nice refresher for my TSHOOT which combines SWITCH and ROUTE (need to clear SWITCH) first though.
-
OfWolfAndMan Member Posts: 923 ■■■■□□□□□□Absolutely! Currently configuring a gre over ipsec tunnel. Making it even more difficult by using NAT on both sides of the tunnel, routing it over a public IP medium. I expect it to help me understand VPN tunneling a little more by getting some hands on. I am also currently working on configuring my home router as a VPN server for OpenVPN so I can remotely work on my home switch lab from anywhere. I believe this task will help me do that.:study:Reading: Lab Books, Ansible Documentation, Python Cookbook 2018 Goals: More Ansible/Python work for Automation, IPSpace Automation Course [X], Build Jenkins Framework for Network Automation []
-
OfWolfAndMan Member Posts: 923 ■■■■□□□□□□Scheduled the exam for the 30th! Time to touch up on BGP communities, PBR, and a little more VPN labbing, then overviewing everything once more, followed by some more labs!:study:Reading: Lab Books, Ansible Documentation, Python Cookbook 2018 Goals: More Ansible/Python work for Automation, IPSpace Automation Course [X], Build Jenkins Framework for Network Automation []
-
OfWolfAndMan Member Posts: 923 ■■■■□□□□□□Test is on Wednesday guys! Will be doing a good amount of final overview this weekend. Labbing as well and will be writing notes AGAIN for ultimate retainability. I feel confident in just about everything except maybe BGP communities. Feel free to quiz me!:study:Reading: Lab Books, Ansible Documentation, Python Cookbook 2018 Goals: More Ansible/Python work for Automation, IPSpace Automation Course [X], Build Jenkins Framework for Network Automation []
-
OfWolfAndMan Member Posts: 923 ■■■■□□□□□□Test tomorrow guys! Doing some last minute overview tonight. I feel confident on all topics, and yes, I memorized the EIGRP default metric and BGP path selection attributes:study:Reading: Lab Books, Ansible Documentation, Python Cookbook 2018 Goals: More Ansible/Python work for Automation, IPSpace Automation Course [X], Build Jenkins Framework for Network Automation []
-
OfWolfAndMan Member Posts: 923 ■■■■□□□□□□Well guys, that test was extremely challenging! Thankfully I passed though... Barely. 806. Looks like I'll be starting my SWITCH studies in a few days!:study:Reading: Lab Books, Ansible Documentation, Python Cookbook 2018 Goals: More Ansible/Python work for Automation, IPSpace Automation Course [X], Build Jenkins Framework for Network Automation []
-
Danielh22185 Member Posts: 1,195 ■■■■□□□□□□Congrats on the pass. You seemed to knock Route out pretty quick!Currently Studying: IE Stuff...kinda...for now...
My ultimate career goal: To climb to the top of the computer network industry food chain.
"Winning means you're willing to go longer, work harder, and give more than anyone else." - Vince Lombardi -
networker050184 Mod Posts: 11,962 ModCongrats!An expert is a man who has made all the mistakes which can be made.
-
OfWolfAndMan Member Posts: 923 ■■■■□□□□□□Thank you everyone!
Daniel, I think I put in close to two months for the ROUTE, however I had begin skimming through some of the material multiple times before finishing up the CCNA Security. In addition, it did help to deal with IGPs at work. When I was at work, I had a switch lab setup with ip routing enabled as we couldn't use GNS3. At lunch (Some days), I would go home and study or lab. After work and after the gym, I would allocate time accordingly to the Pomodoro technique (As I would go for two hours and burn out eventually if I didn't pace myself) with my studies. On weekends, I would get a good 8-12 hours over those two days. I was committed as this will probably be the hardest of the three for me.:study:Reading: Lab Books, Ansible Documentation, Python Cookbook 2018 Goals: More Ansible/Python work for Automation, IPSpace Automation Course [X], Build Jenkins Framework for Network Automation [] -
OfWolfAndMan Member Posts: 923 ■■■■□□□□□□OK so I had already read through a good 50 pages of the SWITCH book at the end of ROUTE, and had the VLAN videos and VTP videos watched for Chris Bryant's. Just finished up VLANs/VTP in the Simplified book this morning and have finished some of CB's spanning tree videos last night. A LOT more detail and depth on spanning tree than the CCNA, but the foundation makes things a lot easier to understand. Thankfully I currently am dealing with a network using VTPv3 so getting my hands on lab equipment (Even though I have a 3560 with version 15 at home if need be) will be easy. I love VTP mode off!:study:Reading: Lab Books, Ansible Documentation, Python Cookbook 2018 Goals: More Ansible/Python work for Automation, IPSpace Automation Course [X], Build Jenkins Framework for Network Automation []
-
mistabrumley89 Member Posts: 356 ■■■□□□□□□□I prefer VTP to be off as well. Usually we just have a baseline we can copy/paste, so worrying about VTP isn't a real issue. Local VLANS FTW.
Oh, and congrats on the pass. The route exam was really really tough. I think you will find SWITCH to be a much smoother ride.Goals: WGU BS: IT-Sec (DONE) | CCIE Written: In Progress
LinkedIn: www.linkedin.com/in/charlesbrumley -
ninjaturtle Member Posts: 245 ■■■□□□□□□□OfWolfAndMan wrote: »OK so I had already read through a good 50 pages of the SWITCH book at the end of ROUTE, and had the VLAN videos and VTP videos watched for Chris Bryant's. Just finished up VLANs/VTP in the Simplified book this morning and have finished some of CB's spanning tree videos last night. A LOT more detail and depth on spanning tree than the CCNA, but the foundation makes things a lot easier to understand. Thankfully I currently am dealing with a network using VTPv3 so getting my hands on lab equipment (Even though I have a 3560 with version 15 at home if need be) will be easy. I love VTP mode off!
Lab galore! Cheers!!Current Study Discipline: CCIE Data Center
Cisco SEAL, Cisco SWAT, Cisco DeltaForce, Cisco FBI, Cisco DoD, Cisco Army Rangers, Cisco SOCOM .ιlι..ιlι. -
OfWolfAndMan Member Posts: 923 ■■■■□□□□□□Thank you, Ninjaturtle!
Update: I just completed the videos for all Spanning-Tree concepts (to include Backbonefast, Uplinkfast, Root Guard, Loop Guard, BPDUguard/filter, Portfast, RSTP, PVST, MST, etc). I had never heard about the STP diameter concept before, but found it quite interesting. In addition, I just finished etherchannel this morning, and I believe channel-group 1 mode on will be my universal etherchannel command for the most part. Flex links is also a brand new concept to me, and I'm kinda curious as to when it could be used. It seemed somewhat similar to an FHRP setup, except for the fact FHRP seems it's more appropriate for a L3 switching edge (Or redundant router setup), while flex links seem more appropriate on the downstream switches at the distribution layer on a L2/L3 setup. Labs will be coming soon.
I have actually had my switching lab for a couple of months thankfully, prepping in advance of course. Thanks to Veritas_Libertas and Jahsoul, every switch with the exception of one I got off of Ebay. My topology currently consists of: 1 3560 w/ version 15, 1 3750 with PoE, and 3 2950s. I also have a rack to make things a little more organized:study:Reading: Lab Books, Ansible Documentation, Python Cookbook 2018 Goals: More Ansible/Python work for Automation, IPSpace Automation Course [X], Build Jenkins Framework for Network Automation [] -
fredrikjj Member Posts: 879Flex links is also a brand new concept to me, and I'm kinda curious as to when it could be used.
It converges faster than RSTP. Like 50 ms vs. 100 ms. So if you need that and also can't use some multi chassis link aggregation technology (though tbh I'm not particularly familiar with MLAG convergence if a link fails - I'm just assuming that it's fast) you could use flex link and deal with the increased complexity of deploying a feature that's pretty obscure and isn't completely plug and play.
Read this: Cisco Flex link | Daniels networking blog
Then read this series: Flex Links: The Beginning (Part 1/3) | rekrowteN | NetworkerI believe channel-group 1 mode on will be my universal etherchannel command for the most part.
You probably want to use LACP for the most part since it has failsafes built in that the "on" mode doesn't. On is just for forcing the bundle with devices that haven't implemented LACP. -
OfWolfAndMan Member Posts: 923 ■■■■□□□□□□Read this: Cisco Flex link | Daniels networking blogYou probably want to use LACP for the most part since it has failsafes built in that the "on" mode doesn't. On is just for forcing the bundle with devices that haven't implemented LACP.
Update on the studying: Finished the LAN security section in the videos and the book along with the MLS sections. LAN security was a little bit of overview of some of the stuff I learned from CCNA Security (Dynamic ARP inspection, DHCP snooping, port security). A few new things to me were PVLANs (I could find that very useful for security purposes), VLAN ACLs (Which would seem useless of preventing particular users from accessing other users in the same VLAN. Isn't that one of the reasons for VLANs, aside from broadcast segmentation? If you're preventing interVLAN traffic, I could see that.), and a little bit about 802.1x (We use ISE at work, so I am somewhat familiar. Supplicant is a word they love to use over client.). MLS is not a new concept to me, especially the config, but I did learn a few new things in that section too: Fallback bridging (Genius way of bridging IPX/Appletalk without it needing to be routed), a little more detail about CEF, and something that's a flashback from my NA Security studies, the data and control planes. Next week I will be focusing in on FHRPs and hopefully finish up on the smaller sections like Multicast, VoIP, QoS, and Wireless. Depending, I may just finish FHRPs and then go straight into labbing, as I find these last topics a little less broad in this course.:study:Reading: Lab Books, Ansible Documentation, Python Cookbook 2018 Goals: More Ansible/Python work for Automation, IPSpace Automation Course [X], Build Jenkins Framework for Network Automation []