INE Lab 1 Section 1.6

1.6  Disabling DTP Negotiation 
•  Disable Dynamic Trunking Protocol on the trunk links of SW1. 
•  Verify that trunking is still occurring between SW1 & SW2, SW1 & SW3, 
and SW1 & SW4 without the use of DTP. 

Still very confusing about the DTP mode. Google search and found the DTP relationship table. Below is the mode that able to form the Trunking Mode.

switchport mode access -  This command puts the interface (access port) into permanent nontrunking mode.  The interface will generate DTP frames, negotiating with the neighboring interface to convert the link into a nontrunk link. The interface becomes a nontrunk interface even if the neighboring interface does not agree to the change.

switchport mode dynamic desirable  - This command makes the interface actively attempt to convert the link to a trunk link. The interface becomes a trunk interface if the neighboring interface is set to trunk, desirable, or auto mode. This is the default mode for all Ethernet interfaces.  If the neighboring interface is set to the access or non-negotiate mode, the link will become a non-trunking link.


switchport mode dynamic auto – This command makes the interface willing to convert the link to a trunk link if  the neighboring interface is set to trunk or desirable mode.  Otherwise, the link will become a non-trunking link.

switchport mode trunk – This command puts the interface into permanent trunking mode and negotiates to
convert the link into a trunk link. The interface becomes a trunk interface even if the neighboring interface does not agree to the change.

switchport nonegotiate – Prevents the interface from generating DTP frames. You can use this command only when the interface switchport mode is access or trunk. You must manually configure the neighboring interface as a trunk interface to establish a trunk link, otherwise the link will be a non-trunking link.

INE Lab Physical Setup (part 1)

After getting 4 x Cisco 3550 switches, I am going to setup my lab using Ubuntu + GNS3.
I am following INE workbook. All the equipment are placed in the office's server room to enjoy 24 hrs air condition environment.

The equipment list as below.

1. i5 Computer with Ubuntu 12.0.4 installed. Cost around $500.
2. 12 x USB NIC Card (AX88772A Chip set). Each cost $5.
3. 2 x USB to serial converter. Each cost $2
4. 2 x 7 Ports USB Hub 2.0. Each cost $5. (one spoil :sad )

Equipment on the way: 2 x USB to RS232 converter.

As I am not familiar with Linux, it is difficult for me to do configuration.

The 1st problem I faced is the broken USB hub. Then since I am using USB-NIC solution, the Ubuntu cannot detect all the USB-NIC card. I plugged in one by one to make all the USB-NIC are in working condition.

Now I found out I cannot identify the corresponding USB-NIC to the mapping in Ubuntu.
I did some google and the solution as below.

* To see the USB logging in Ubuntu, issue "dmesg"

* To view the USB equipments list, issue "lsusb"

* To check the network connection, issue "ifconfig"

We can give the logical name to each of the USB-NIC. I am going to name them USB1, USB2.
To do this, follow the below steps.

1. sudo gedit
2. Open 70-persistent-net.rules which under /etc/udev/rules.d/
3. Change the key "Names = " USB1"

Few useful link:
https://alteeve.ca/w/Changing_the_ethX_to_Ethernet_Device_Mapping_in_EL6_and_Fedora_12+
https://help.ubuntu.com/10.04/serverguide/network-configuration.html

CCIE Written: IPv4 Routing Protocols Overview

IPv4 Routing Protocol

* Static Routing

* RIPv2

* EIGRP

* OSPF

* BGP

* Policy Routing

* IP Tunneling

IP Routing Overview

* Longest match routing

                - Most bits in common when finding the routing path

* Metric vs Administrative Distance

                - Same protocol vs different protocol

                - If different protocol, then it will compare with the Administrative Distance

                - If same protocol, then it will compare with the metric / hops /cost

CCIE Written: Frame Relay

Frame Relay Overview

* NBMA (Non Broadcast Multi Access)

                - Address resolution issues implied

                - It has problem on L3 to L2 address resolution

* Data Link Connection Identifier (DLCI)

                - Layer 2 addressing

                - DLCI number only locally significant

* Local Management Interface (LMI)

                - DTE/DCE (router/switch) communications

                - Reports virtual circuit (VC) status

Frame Relay LMI

* encapsulation frame-relay

* LMI types

                - Automatically detected

                - frame-relay lmi-type [cisco | ansi | q933a]

                - show frame-relay lmi

* LMI advertises VC Status

* Status can be

                - Active: working on both end

                - Inactive: one site is not configured

                - Deleted: DLCI doesn’t match with the frame-relay switch

                - Static: Have a manual back to back configuration

Full Mesh Network

* Topology where all devices have a direct layer 2 circuit to each other

* More closely emulates a LAN

* More expensive to provision than partial mesh network

Partial Mesh Network

* Topology where not all devices have a direct layer 2 circuit to each other

                - i.e. not fully meshed circuits

                - i.e. Hub-and-Spoke is a type of partial mesh

* Design problems occur when layer 3 network does not map exactly to layer 2 network

                - Devices without direct layer 2 circuits cannot resolve each other via Inverse-ARP

                - Some higher layer protocols (OSPF, PIM, etc) do not understand this disconnect

* Ideally layer 3 is point to point with layer 2 network

                - Separate IPv4/IPv6 subnet and point-to-point sub-interface for each DLCI

CCIE Written: EtherChannel

Ether Channel

* Used to aggregate bandwidth of physical links

                - Same logic as PPP Multilink

* Consists of two parts

                - Port-channel interface

                   + Logical interface representing the link bundle

                - Members interfaces

                   + Physical links part of a link bundle

* Channel can be any type of interface

                - i.e. Layer 2 access, trunk, tunnel or layer 3 routed

EtherChannel Negotiation

* channel-group [number] mode [mode]

* Mode determines how negotiation occurs

                - On: No negotiation  and permanently enable

                - Desirable & Auto: Initiate or listen for PAgP

                - Active & Passive: Initiate or listen for LACP (802.3ad)

* PAgp vs LACP

                - Like ISL vs 802.1q

EtherChannel Mode Compatibility

* On – On

* Desirable – Desirable

* Desirable – Auto

* Active – Active

* Active – Passive

EtherChannel Load Balancing

* Load balancing between member interface based on

                - Source MAC Address

                - Destination MAC address

                - Source IP Address

                - Destination IP Address

                - Combinations of the four

* Modified with port-channel load-balance

CCIE Written: Core Ethernet Switching Components

VLAN

* Used to separate ports into different broadcast domains

* Hosts in same VLAN share the same broadcast domain

* Switches create a separate CAM (Content Addressable Memory) table per VLAN

* Traffic inside the VLAN is layer 2 switches

* Traffic to outside or between VLANs must be layer 3 routed

* VLAN Trunks carry traffic for multiple VLANs between switches on uplinks

VLAN Numbering

* VLAN membership defined by number

* 12-bit field (0-4095)

                - 0 * 4095 reserved per 802.1Q standard

* Normal VLANs 1-1005

                - 1 à Default Ethernet VLAN

                - 1002/1004 à Default FDDI VLANs

                - 1003/1005 à Default Token Ring VLANs

                - Extended VLANs 1006 -4094

* Extended VLANs range can assigned via the VTP transparent mode. And mostly used in Private VLAN

* Extended VLAN is not advertised via the VTP version 1 & 2. It can advertised via VTP v3 in the new platform.

VLAN Trunks

* Trunk links are used to transport traffic for multiple VLANs between devices

* Traffic sent over a trunk link receives special trunking encapsulation

                - Normal Ethernet header does not have field for VLAN number

                - ISL or 802.1Q headers are added to include this information

* Both ISL and 802.1Q accomplish the same goal of encoding VLAN number in frame header to separate traffic

* The key different are

                - ISL: + Cisco Proprietary

                          + 30 byte encapsulation for all frames (26 byte header and 4 byte trailer FCS)

                          + Does not modify original frame

                - 8021.Q: + IEEE Standard

                                   + 4-byte tag except for “native VLAN”

                                   + Modify original frame as it need to generate the new FCS

IOS Switch Port modes

* Access

* Trunk

* Dynamic Desirable

* Dynamic Auto

* Tunnel (802.1q)

Dynamic Trunking Protocol

*Dynamic Switchports automatically choose whether to run in access or trunking mode

* Run DTP to negotiate , in order to decide to run ISL trunk, 802.1q trunk or access port

* DTP prefer ISL as it negotiate as ISL, then 802.1q and then access

* Configure as switchport mode dynamic [auto | desirable]

* Disable with switchport nonegotiate or switchport mode access

* On: Force the port to become trunk

   Off: Force the port to become non-trunk

   Desirable: Actively to convert the link to trunk when the other party is On, Auto & Desirable

   Auto: Trunk if other is Desirable or On

   No-negotiate: Turn off the DTP.

	On	Off	Des	Auto	Nonego
On	√	X	√	√	√
Off	x	X	x	X	x
Des	√	X	√	√	√
Auto	√	X	√	X	x
Nonego	√	X	√	X	√

- Nonego and nonego depends on the switchport mode. Both sides must on.

VLAN Trunking Protocol

* VTP solves the VLAN administration problem. It is just make sure the switches agree on the VLAN number assignment

* Cisco proprietatly

* Used to dynamically

                - Advertise addition, removal, modification of VLAN properties like numbers, name etc

                - Negotiate trunking allowed lists by using VTP pruning

* Does not affect actual VLAN assignments

                - Still manually needed with switchport access vlan [vlan]

How VTP Works

* VTP domain

                - To exchange information, switches must belong to the same domain

* VTP Mode      

                - Controls who can advertise new/modified information

                - Modes are Server, Client and Transparent

* VTP Revision Number

                - Sequence number to ensure consistent databases

                - Higher revision number indicates newer database

VTP Domains

* VTP domain name controls which devices can exchange VTP advertisements

* VTP domain does not define broadcast domain

                - Switches in different VTP domains that share same VLAN numbers hosts’ are still in the same broadcast

                 domain

* Configured as vtp domain [name]

* Defaults to null value

                - Switch inherits VTP domain name of first advertisement it received

VTP Server Mode

* Default mode

* Allows addition, deletion and modification of VLAN information

* Changes on server overwrite the rest of the domain assuming it has the highest revision number

* Configure as vtp mode server

VTP Client Mode

* Not allows for addition, deletion and modification of VLAN information

* Listens for advertisements originated by a server, installs them and passes them on

* Configure as vtp mode client

VTP Transparent Mode

* Keeps a separate VTP database from the rest of the domain

* Does not originate advertisements

* “Transparently” passes received advertisements through without installing them

* Needed for some applications like Private VLANs

* Configure as vtp mode transparent

VTP  Security

* VTP susceptible to attacks or mis-configuration where VLANs are deleted

                - Access ports in a VLAN that does not exist cannot forward traffic

* MD5 authentication prevents against attack

                - vtp password [password]

* Does not prevent against mis-configuration

                - VTP transparent mode recommendation

VTP  Pruning

* Broadcast and unknown unicast/multicast frame are flooded everywhere in the broadcast domain

                - Includes trunk links

* Edition allowed list limits this flo0ding, but large administrative overhead

* VTP pruning automates this procedure

                - Switches advertise what VLANs they need

                - All other VLANs are pruned (removed) off the trunk link

* Does not work for transparent mode

* Just configure the VTP pruning in any of the server and it will propagate out to the whole VTP domain

CCIE Written: Spanning Tree Protocol

CCIE Written: STP

 STP Variations

                - 802.1d: Common Spanning Tree (CST)

                - PVST / PVST+: Cisco Per-VLAN Spaning-Tree

                - 802.1W: Rapid Spanning Tree (RSTP)

                -802.1S: Multiple Spanning Tree (MSTP)

How 802.1d STP works

                - Elect one Root Bridge

                - Elect one Root Port per bridge/switch

                - Elect Designated Ports

Root Bridge Election

* Switch with lowest Bridge ID in the network becomes Root Bridge

* Bridge ID contains:

• Bridge Priority: 0~61440 in increments of 4096. 0 is the most preferable and 32768 is the default value.
• System ID Extension: 0~4095 Used to encode the VLAN number of the Spanning Tree Instance
• MAC Address: Lowest MAC address is more preferable

* Only Root Bridge is in charge of generate for the BPDU packets (802.1d only)

* Once elected, BPDUs flow down from root of the tree to the the leaves

Rot Port Election

* RP is upstream facing towards Root Bridge

* Elected based on lowest Root Path Cost

                - Cumulative cost of all links to get to the root

* Cost based on inverse bandwidth

                - i.e. higher bandwidth, lower cost, not linear.
                - 10Mbps=100, 100Mbps=19, 1000Mbps=1

* If tie in cost

                - Choose lowest upstream BID

                - Choose lowest upstream Port ID

Designated Port Election

* DPs are downstream away from the Root Bridge

* Like Root Port, elected based on

                - Lowest Root Path Cost

                - Lowest BID

                - Lowest Port ID

* All other ports go into blocking mode

                - Receive BPDUs

                - Discard all other traffic

                - Cannot Send Traffic

802.1d Convergence

* CST convergence based on timers set on Root Bridge

                - Hello Timer: How often to send the BPDU

                - Forward Delay Timer:
                   To control transition from blocking – listening – learning- forwarding stages

                - Max Age Timer:
                  How long we wait for the upstream device to send the BDPU packet before
                  we declare them down. It consider as dead interval.

* Default Hello is 2 seconds, Forward delay is 15 seconds (listening 15s, learning 15s) and total is 30s, Max Age is 20s

* The minimum value for the Forward delay is 7s

 * Convergence time will be forward delay + max age

* TCN BPDUs used to notify Root Bridge of changes

                - Flows up the tree to root, root replies with ACK

                - CAM aging time set to Forward Delay to flush MAC addresses

PVST/PVST+

Per VLAN STP (PVST)

* One instance of Legacy STP per VLAN

* Cisco ISL support

Per VLAN STP Plus (PVST+)

* One instance of Legacy STP per VLAN

* Cisco ISL and 802.1Q support

* Provides interoperability between CST and PVST

* Default mode on most Catalyst platforms

* Allows root bridge / port placement per VLAN

Cisco’s STP Enhancement ( to speed up the convergence)

* Port Fast

                - Edge ports shouldn’t be subject to Forwarding Delay or generate TCNs

                - It allow the port that is port-fast enable jump from disable to forwarding

* Uplink Fast

                - Direct Root Port failure should re-converge immediately if Alternate Port
                  available

                - Used when multiple link from one switch to another switch

                - Cisco Doc          

                - When enable, it will increase the bridge priority to 49152 and increase by 3000
                   for port priority

                - Reason of the increase is to make sure the bridge won’t elect as Root Bridge
                  and the port wouldn’t elect to designated port. The uplink fast is make sure of 
                  the Alternate port and enable in the global mode

                https://supportforums.cisco.com/thread/143612?referring_site=kapi

* Backbone Fast

                - Indirect failures should start recalculating immediately

                - Inferior BDPU sent from the upper edge switch to determine the original path
                   to root bridge is down

                - It needs to wait the Max Age if the neighbor link is not down but the upper link
                  is down            

                - If backbone fast Is enable in the switch, it will skip the Max Age timers

                - Cisco Doc             

* Port fast saves Max Age + Forward Delay timers
* Uplink Fast saves Forward Delay timers

* Backbone Fast saves Max Age timers

Other Cisco’s STP Features

* BPDU Filter

                - Filter BDPUs in and out

* BPDU Guard

                - If BPDU is received shut port down

* Root Guard

                - If superior BPDU is received shut port down

* Loop Guard & UDLD (Uni Direction Link Detection) (same features)

                - Prevent unidirectional links

                - Loop Guard is using the STP BPDU to detect

                - UDLD using its own lightweight L2 keep alive

802.1w RSTP

Rapid Spanning Tree Protocol

* Faster convergence compare to legacy 802.1d

* Rapid convergence based on sync process or proposal process

* Allow for faster initial convergence

* Announce itself as root bridge when startup and start sending the proposal

* Switches will agree on the proposal on who is the root bridge in sub second method

* RSTP simplified the port state to 3 stages: Discarding, learning, forwarding.

* All bridges generate BPDUs

                - Send out all every Hello Interval which by default 2s

                - If three Hellos are missed neighbor is declared down and CAM is immediately
                   flushed

                - Three Hello timers is greater than Max Age which 6s vs 20s

                - Allows for faster re-convergence

* Runs backward compatibility with 802.1d

802.1s MSTP

Multiple Spanning Tree Protocol

* User defined instances are separate from VLANs

* PVST+ uses one instance per VLAN

* Uses 802.1w for rapid convergence

* Highly scalable

                - Switches with same instances, configuration revision number and name form
                   a “region”

                - Different regions see each other as virtual bridges

CCIE Written: Overview

CCIE Written Overview

* CCNP level of knowledge of

                - Layer 2: Ethernet, Frame Relay, HDLC, PPP, Briding

                - Layer 3: IPv4/IPv6, Routing Logic, RIP, EIGRP, OSPF, BGP, Multicast, MPLS

                - Misc: QoS, IOS Security, IOS features & management

* Cisco Documentation is the only resources can be used during the lab test.

                - Configuration Guide

                - Command Reference

                - Master Index

                - New Feature List

* Search is DISABLE during the lab exam

Setting up Ubuntu & GNS3

For me, a completely Linux idiot, trying to install Ubuntu 12.0.4 and GNS3.
The below steps for my own reference in case I need it for the future.

1. Download the Ubuntu from the website.
2. Trying dual boot with XP but it failed. Forget it, I just use the single HDD for the Ubuntu.
3. After installing the Ubuntu, I follow the below link to install the GNS3
http://blog.ipexpert.com/2010/07/05/gns3-on-ubuntu-910-the-ipexpert-way/
4. First problem I face is I cannot find the Synaptic Package Manager.
It is disable by default in the Ubuntu 12.0.4.
5. I search it in the help and found out that I need to install via the Software center.
6. 1st problem solved. Synaptic Package Manager installed
7. Able to run the Synaptic Package Manager and installed the GNS3
8. I am using the auto configuration that provided by IPexpert
9. 2nd problem faced. I cannot access to the /root folder
After searching the web, I can access using the sudo command
10. 3rd problem faced. Where can I type the command in Linux.
11. Terminal window is use for CLI. It can find using the Dash Board
12. The most useful command to copy , move, rename, delete files in /root folder as below
gksudo nautilus
13. And finally able to run the GNS3

CCIE Road Begin

After finishing my CCNP and I decided togo for the CCIE R&S

Like what I did for the CCNA & CCNP track, all self study and using the video training either from CBT Nuggets or TrainSignal series.

For CCIE,  I found the below website is useful for the self study.

•       http://www.ipexpert.com/
•       http://www.ine.com/
•       http://www.micronicstraining.com/ --> Narbik's workbooks

I will follow the INE (InterNetwork Expert) training and the lab for the preparation.

First step, gather all the resources.

1. Books. 

* Cisco Press CCIE Fourth Edition. (borrow from library)

2. Video Training

* INE Video Training

3. Lab

* One PC ready with XP installed. i5 2.6Ghz, 4G RAM 250G HDD

4. Switches /Router

* 1 x 2950 (password reset!!)
Link for the steps 

I will be updating you once I have everything up and running.