Author: Calin

Calin is a network engineer, with more than 20 years of experience in designing, installing, troubleshooting, and maintaining large enterprise WAN and LAN networks.

Black Friday 2011 – 50% Off on INE bundles

If anybody is interested in buying INE products, do it now. I’ve got the following marketing e-mail. The prices are pretty good I must admit:

The Best CCIE Training at Over 50% Off

From now until Monday enjoy the best CCIE Training at a fraction of the price.

CCIE R&S Bundle

  1. CCIE R&S Advanced Technologies Class Download
  2. CCIE R&S Lab Workbooks Volumes I-IV (Electronic)
  3. CCIE R&S Lab Workbook Volume II Dynamips Edition (Electronic)
  4. 200 Rack Rental Tokens
  5. $1,394 Value

Only $699 – Buy Now

CCIE Voice Bundle

  1. CCIE Voice Advanced Technologies Class Download
  2. CCIE Voice Lab Workbook Volume I (Electronic)
  3. CCIE Voice Lab Workbook Volume II (Electronic)
  4. 200 Rack Rental Tokens
  5. $1,897 Value

Only $899 – Buy Now

CCIE Security Bundle

  1. CCIE Security Advanced Technologies Class Download
  2. CCIE Security Lab Workbook Volumes I (Electronic)
  3. CCIE Security Lab Workbook Volume II (Electronic)
  4. 200 Rack Rental Tokens
  5. $1,097 Value

Only $599 – Buy Now

CCIE Service Provider

  1. CCIE Service Provider v3 Advanced Technologies Class Download
  2. Coupon code: SPV3ATC
  3. $299 Value

Only $249 – Buy Now

Free streaming course CCNA 640-802 from INE

I’m sure that a lot of people out there got this info already, but for those who are not part of INE newsletter or did not check yet their website, this information may be interesting. I add below their full announcement:

Get a FREE streaming CCNA R&S Exam Course!

That’s right! From now until the end of 2011, you are able to receive FREE access to the new streaming CCNA R&S Exam Course with CCIEx3 #8593 Brian McGahan!

Join one of the most highly regarded and experienced CCIE instructors in the industry, CCIEx3 #8593 Brian McGahan (R&S, Security, SP), for this comprehensive look at the technologies covered in the Cisco Certified Network Associate (CCNA) Routing & Switching exams. With over 25 hours of instructor -led videos, this class contains both easy to understand and in-depth explanations, along with hands-on examples on the Cisco IOS Command Line Interface. The class will not only fully prepare you for the latest 640-822 ICND1 (CCENT), 640-816 ICND2, and 640-802 CCNA exams, but it will also expand your understanding of core technologies that are essential to know for beginning or advancing your career with today’s networks.

Click Here for the FREE CCNA R&S Exam Course!

Even I’m somewhere above than CCNA point, it’s never too much to have a look to the basics. I had a look to this free streaming and I can tell you that beside the big marketing done by INE with this free product, the material is excellent for anyone who want to step up on the network professional path.

One notice from my side, also due to the marketing (they have to earn some money, don’t they?!). When you access the link above you will be redirected to a page that look like this:

I did a quick look on the page and saw immediately the Blue button with “Add to cart” text and I thought that the course cost 99$ and it’s not free. It cost 99$ ONLY if you want to download the course (I would say a fair price for this material). Pay attention a look about that shiny blue button (that capture your attention) immediately and you’ll see a small link with “Log in here” or a bigger one with “Sign Up” if you are new to their website.

Don’t forget that this promotion is valid until end of 2011. In 2012 you’ll have to pay to use this material.

These being said, good luck with your preparation and enjoy this content.

[adsense_id=”2″]

Home lab for CCIE exam training

Before I started with my preparation I was in front of a dilemma. I knew that I will need a rack to practice for CCIE training and I had two options: remote rack rental or home rack.

I put together side by side all pluses and minuses about the two options, but somehow I couldn’t decide which solution to choose. Both options have good and bad parts. You’ll have to figure it out which solution you can afford and works best in your case. My words below are just to be used as guidelines.

In first phase I bought some time on online racks. The prices were acceptable but I had big issues to find a time window that suits for me. As you probably know, the “good” windows are already booked in advanced. Next, most of the racks are out of Europe (where I’m located), so there is a time difference. Then I had problems with latency. It was acceptable but I could feel that the connection cannot keep up with my typing speed. All this together made me think to find a new solution.

Phase two: Dynamips. I believe that everybody who’s preparing for an Cisco exam heard of this software and used and least once. I put together a strong machine to support Dynamips and then I look around for a training provider that would offer their labs in this format. Back then, INE was my choice and it went pretty well. Almost perfect, just that the routers were stopping to respond from time to time, lack of connectivity in the emulated topology and of course I couldn’t test everything on switches.

I had some months of practice -> Brussels -> exam … and failed. Yes, failure is part of the game. Judging after my exam results (the percent part) I realized that I’m not totally out of topics, but I need to polish my knowledge a bit more to pass.

After this episode I had to stop for a while my preparation due to lack of time. A while ago, I decided to give another exam try, but before I need  to start polishing my knowledge.

Phase three: mixed home rack. I have now a mixed rack with Dynamips for routers and switches in hardware. I opted for this solution because of multiple problems like lack of space for a full rack, costs, power consumption, noise and so on.

To put the things together for this mixed topology, I had to buy some things on eBay. Here is the list:

3 x Quad Ethernet cards

2 x Cisco 3560

2 x Cisco 3550

3 x Cisco 2600 (for BB routers)

There is another solution, that don’t require quad cards, but an extra switch that support QinQ. You can read more about that solution here.

The there quad cards will give me 12 ethernet ports enough for 6 routers (R1..R6) in common topologies. The serial connections will be emulated in Dynamips and the Ethernet will be something like:

R1 F0/0 -> Eth1 (Linux box) -> 3560 Fa0/1

and so on…

The three BB routers are not really necessary if you use the topology from INE , as one of the BB has a Serial connection to topology routers, and I cannot have that connection from virtual to physical environment.

If you use MicronicsTrainig, well-know as Narbik topology, then you will need the physical routers or an additional quad card. In this topology the BB routers have Ethernet connection to the switches and I don’t have enough ports with my three quad cards. Anyway the price was not a problem for the 2600.

With IPexpert training books, it’s a bit different. I didn’t check too much into their topology, because I understand that you need more resources as it include more routers (about nine). I will have a look in future, as I would like to see if my home rack can be used with any provider.

Here are some pictures of my home lab:

In my next post I will describe how I build a “rack” from an IKEA table, cable connection, console configuration and so more technical details for those who would like to follow this solution.

 


 

New blog section – Certification

I don’t know how many of my blog visitors had the curiosity to visit the About section to read something about me. If some of you did read that section, then you already know that I have several certifications from Cisco and other vendors and I’m on my way to CCIE. A long road with a slow progress due to my busy professional life.

These being said, I want to announce a new section of my blog called “Certification”. In this section I will discuss only about certifications and related topics like training providers, exam scenarios and tasks, recommended approach and so on. I will try to help engineers on the same path as me and, why not, ask for help when I have a blocking point.

I have some years of network engineering field experience, I attended some exams and for a while I’m preparing for the CCIE R&S exam, so I think I can do a good job in this section. Compared to other sections the technical parts discussed here will be more oriented to exams, and not real networking challenges.

I hope my experience together with your contribution with comments and suggestions to make this section interesting.

Last words. If you hope to find here braindumps or materials that violate the NDA (no matter if is Cisco or other vendor), then you are in the wrong place.

RIPv2 MD5 authentication – routing trick

I must admit that the following example is more a CCIE exam topic and not a solution that you would add in real network environments.

Let’s assume that we have the following topology:

[adsense_id=”1″]

The Loopback interfaces are there to have some networks which we will advertise into RIPv2. The request for this topic is to have RIPv2 MD5 authentication in place, Router1 to receive all routes from Router2, but Router2 will not have any prefixes in routing table from Router1. Don’t use any access-list, prefix-list, distribution-list, RIP packet version send / receive command under interface…well not use anything which is common to carry out this task.

Let’s start the configuration:
Router 1
!
version 2
network 10.0.0.0
network 192.168.0.0
network 192.168.1.0
network 192.168.2.0
network 192.168.3.0
network 192.168.4.0
network 192.168.5.0
no auto-summary
!
!! Let’s define the key chain
!! The RIPv2 MD5 authentication need
!! to have the same key number on
!! both ends
key chain RIP
key 1
key-string cisco
!
!! let’s apply RIPv2 authentication
int fa0/1
ip rip authentication mode md5
ip rip authentication key-chain RIP
!
Now the configuration on Router 2
!
router rip
version 2
network 10.0.0.0
network 172.16.0.0
no auto-summary
!
key chain RIP
key 1
key-string cisco
!
int fa0/0
ip rip authentication mode md5
ip rip authentication key-chain RIP

If you want to check if the RIPv2 authentication is running fine, shutdown / no shutdown one interface and on the other end do:
debug ip rip
You should see something like:
*Mar 12 03:22:08.261: RIP: received packet with MD5 authentication

OK, let’s check the routing tables.

Router1

R1#sh ip route rip
R 172.16.4.0 [120/1] via 10.10.12.2, 00:00:20, FastEthernet0/1
R 172.16.5.0 [120/1] via 10.10.12.2, 00:00:20, FastEthernet0/1
R 172.16.0.0 [120/1] via 10.10.12.2, 00:00:20, FastEthernet0/1
R 172.16.1.0 [120/1] via 10.10.12.2, 00:00:20, FastEthernet0/1
R 172.16.2.0 [120/1] via 10.10.12.2, 00:00:20, FastEthernet0/1
R 172.16.3.0 [120/1] via 10.10.12.2, 00:00:20, FastEthernet0/1

Router 2

R2#sh ip route rip
R 192.168.4.0/24 [120/1] via 10.10.12.1, 00:00:23, FastEthernet0/0
R 192.168.5.0/24 [120/1] via 10.10.12.1, 00:00:23, FastEthernet0/0
R 192.168.0.0/24 [120/1] via 10.10.12.1, 00:00:23, FastEthernet0/0
R 192.168.1.0/24 [120/1] via 10.10.12.1, 00:00:23, FastEthernet0/0
R 192.168.2.0/24 [120/1] via 10.10.12.1, 00:00:23, FastEthernet0/0
R 192.168.3.0/24 [120/1] via 10.10.12.1, 00:00:23, FastEthernet0/0

We have all routes. Until now we just configured a RIPv2 with authentication which is working fine, but still we haven’t accomplish our task.
Here is how we will do it. I found out this recently. I believe some of you already know this trick, but for the rest will be pretty interesting.

MD5 authentication in RIPv2 states that the key number in the key chain has to be the same so everything is running fine. But what if we change one key to a higher number than (in our case) 1?

The result will be that the router with the higher key number will receive ALL routes and the one with the lower key number will receive NO routes. Our task is that R1 has all routes but R2 has no prefixes (from RIP process) in routing table. Since both keys are having number 1, we cannot lower the key number on R2 so we have to increase it on R1

On Router 1
!
R1#conf t
R1(config)#key chain RIP
R1(config-keychain)#no key 1
R1(config)#key chain RIP
R1(config-keychain)#key 5
R1(config-keychain-key)#key-string cisco
R1(config-keychain-key)#end

Let’s check again the routing table on those 2 devices. You may want to clear the IP routing table to speed up the process.

Router 1

R1#sh ip route rip
R 172.16.4.0 [120/1] via 10.10.12.2, 00:00:06, FastEthernet0/1
R 172.16.5.0 [120/1] via 10.10.12.2, 00:00:06, FastEthernet0/1
R 172.16.0.0 [120/1] via 10.10.12.2, 00:00:06, FastEthernet0/1
R 172.16.1.0 [120/1] via 10.10.12.2, 00:00:06, FastEthernet0/1
R 172.16.2.0 [120/1] via 10.10.12.2, 00:00:06, FastEthernet0/1
R 172.16.3.0 [120/1] via 10.10.12.2, 00:00:06, FastEthernet0/1

Router 2

R2#sh ip route rip

There is nothing in the routing table.

Let’s check with ping:

R1#ping 172.16.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/13/24 ms

Of course is working, as the source interface from which the packet is send will be the direct connected interface. Let’s try to ping having the source one of the Loopback interfaces on R1:

R1#ping 172.16.1.1 source lo10

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.1.1, timeout is 2 seconds:
Packet sent with a source address of 192.168.0.1
…..
Success rate is 0 percent (0/5)

It’s not working as R2 doesn not have a route back to Loopback10 subnet which is 192.168.0.0 /24

If you’ll do a “debug ip rip” on R2 you will see something like this:

*Mar 12 03:39:57.001: RIP: ignored v2 packet from 10.10.12.1 (invalid authentication)
*Mar 12 03:39:58.261: RIP: received packet with MD5 authentication

I hope this example will help in your preparation.

[adsense_id=”3″]