Archive for July, 2007

Transparent bridging

 | 31 Jul 2007 18:16

Two things I learned today about bridging:

1) When bridging on a router that is only forwarding the bridged traffic it’s best (not needed apparently) to turn off ip routing:

no ip routing
!
bridge <123> protocol ieee

2) When bridging and routing IRB or CRB then it’s advisable to enable routing within the bridge-group:

bridge irb
bridge <123> protocol ieee
bridge <123> route ip

IRB = Integrated Routing & Bridging
CRB = Concurrent Routing & Bridging

What the heck is EEK?

 | 29 Jul 2007 16:25

Q. What the heck is F/R EEK?
A. frame-relay End-to-End Keepalive

EEK can only be used to bring down the sub interfaces. The physical interfaces will remain up as long as they are receiving lmi’s from their local (CO) frame switch. Arguably EEK is pointless due to the fact that LMI will indicate that a certain pvc isn’t available anymore. Whatever it’s use I’d never heard of it before.

Netstat but then for IOS

 | 28 Jul 2007 16:49

Not sure how long this has been there but I just noticed it in 12.4T:

Router#show ip sockets
Proto Remote Port Local Port In Out Stat TTY OutputIF
17 0.0.0.0 0 --any-- 67 0 0 2211 0

For those who’re wondering what a router listens to by default, it’s dhcp. To turn it off issue the following command:

no service dhcp

Researching regular expressions (filter show commands)

 | 25 Jul 2007 11:07

While trying to figure out whether I could find an AND operator rather than just the OR “|” I stubled across the following:

C2611XM#show ver | ?
_append____Append redirected output to URL (URLs supporting append operation only)
_begin_____Begin with the line that matches
_exclude___Exclude lines that match
_include___Include lines that match
_redirect__Redirect output to URL
_section___Filter a section of output
_tee_______Copy output to URL

A number of these are new to me… A nice recent addition is the ‘section’ key word, it shows the section following the matched line. This allows for displaying the running config of an access-list which previously was not possible:

C2611XM(config-ext-nacl)#do sr | section http
ip http server
no ip http secure-server
ip access-list extended http
_permit tcp any any eq www
_permit tcp any eq www any

This condensed quote from CCO lists a couple of things to remember:

show <command> | append <url> – Redirects the output of any show command to be appended to a specified file.
show <command> | redirect <url> – Redirects the output of any show command to a specified file.
show <command> | tee <url> – Copies the show command output to a file while displaying it on the terminal.

The Cisco IOS File System (IFS) uses URLs to specify the location of a file system, directory and file. Typical URL elements include:

prefix:[directory/]filename

Prefixes can be local file locations, such as flash: or disk0:. Alternatively, you can specify network locations using the following syntax:

ftp:[[//[username[:password]@]location]/directory]/filename
tftp:[[//location]/directory]/filename

The rcp: prefix is not supported.

Defective Serial module

 | 24 Jul 2007 00:53

Rats, had to spend more time in my hosted CCIE lab to replace a defective NM-8A/S in my F/R switch. But at least all my serial connectivity is up/up and the new F/R switch, a 3640 with a mere 16Mb of flash, is configured with a full mesh of PVC’s.

I feel ready to try some mock labs, having started one tonight I remember how difficult it is to translate/superimpose the hardware layouts. Oh well I guess I’ll get the hang of it sooner or later. It feels like last year was such smooth sailing between the bootcamp and the exam. Must be about the grass being greener elsewhere again…

I actually configured my first port channels today, or it’s been so long I can’t remember the last time. Funny having a 3548 and 3560, one starts to notice old and new config. Kinda nice as a hint of what new features might be emphasised in the lab. For those who’re wondering, for example: The 3548 uses ‘port groups’ where the 1st interface in the group holds the etherchannel config, but the 3560 uses channel-group style config which creates port-channel interfaces for the etherchannel config.

Another lesson learned: STP trouble can occur if one side of the etherchannel has been configured but not the other, so shut down the interfaces before adding them to an etherchannel. Also it’s best to create etherchannels from interfaces without prior config.

Note to self…

 | 00:38

When using a Bluetooth (BT) keyboard, check the batteries first before spending time on troubleshooting network problems… It appears that the keyboard just slows down rather than just cutting out.

Cool Cisco IOS hints site

 | 15 Jul 2007 21:01

Well it’s cool for us ppl who prepare for the CCIE R&S lab and possibly other Networking workaholics too 🙂

http://ioshints.blogspot.com/

I first thought this guy workes for Cisco but this is far from the truth…

IPv6 routing (OSPFv3)

 | 14 Jul 2007 21:55

Well I guess I was wrong that IP BASE or TELCO feature-set would do fine for R&S labbing. They lack IPv6 and if they do have IPv6 then they don’t have IPv6 routing (OSPFv3) capability.

Remembering the noises about IPv6 really coming our way in the next year or two I think we’ll be upgrading a lot of routers… IP PLUS and ENT BASE seem to be the feature-sets to go for but my flash and ram don’t support the images. I guess I’ll have to dig out all the old memory and hope I can make it match (and stable).

Any help is welcome. My 3640 are limited to 64/16, the 2600’s to 40/8 and 48/16. All I have is a beefy 2691 (128/32) and my 7200’s with 128 and flash cards (48 and 2x 20Mb [eek]). Does anyone have a simple site listing which memory type is supported per platform?

[July 16th 2007] Well I went rummaging through a pile of old memory and it looks like I can max out my 3640’s to 128 ram. I’ still failing in the flash department… 🙁
Heehee, just found “c3640-is-mz.124-1c.bin and ‘3g.bin IP PLUS” which are just under 24Mb so I may just have saved myself a lot of hassle. It has OSPFv3 support and everything else I need, bar tcp intercept and MPLS.

Networkers EMEA 2008

 | 21:46

Last weeks news: Networkers EMEA 2008 will be in Barcelona. For the diary: Monday Jan 21st – Thursday 24th.

I’m counting on being there, though untill my manager gives approval and it’s been booked I will not know fur sure… 🙂

Personal lab updates

 | 14:23

Right, back on the number hunt I’ve listed up for ccielab@groupstudy.com and am currently upgrading most of my routers to 12.4 or in case of my two 7200’s with NPE-200’s 12.3.

The feature-sets are a right mix too but I hope that I’ll be OK there. Personally I think that the enterprise feature-set is not needed when labbing for R&S as SNA, DSLw and the likes were removed in Jan 2006. I do try to have crypto in there as securing routing protocols is a hot item these days.

Next to IOS upgrades I’ve ordered some more serial cables to add to my lab as it will give me a lot more flexibility. I guess it’s one of the down sides of having ones lab in a datacenter and not at home. Ooh and not being able to manually reload routers is another issue I have. Luckilly it doesn’t happen that much but my 2621 with 40/8 (ram/flash) did not like 12.3(3i) IP as it complains about IOMEM and just halts during boot. (I can feel another trip to the datacenter coming) Cables should be in next week so I’ll have to work at the datacenter late coming Friday (in the UK on Wednesday and Thursday).

MAC filtering

 | 7 Jul 2007 20:25

Just reading up on stuff and came across the I/G and U/L bits in the MAC address. The I/G bit is the first bit of the MAC address, reading MSB to LSB, the U/L bit the second.

I/G: Binary 0 means the address is a unicast; Binary 1 means the address is a multicast or broadcast.
U/L: Binary 0 means the address is vendor assigned; Binary 1 means the address has been administratively assigned, overriding the vendor-assigned address.

Say I’d want to Deny Multicast & Broadcast and also Administratively assigned addresses, then the following ACL would be best (out of the three options, due to ACL length).

mac access-list extended MACL-official-Ucast-only
permit any 0000.0000.0000 00ff.ffff.ffff
!
interface FastEthernet1/0/10
mac access-group MACL-official-Ucast-only in