Cisco CCNP / BCMSN Exam Tutorial: Switches, QoS, And Cisco's Networking Model

QoS is a big topic on your BCMSN and CCNP exams, and for good reason. As more and more traffic flows through today's networks, accurately applying QoS to both your routers and switches becomes more important.

Note the phrase "accurately applying". You must have a plan in place before you start configuring QoS on your switches, and to create such a plan you should use Cisco's Three-layer Hierarchical Model.

This model breaks switches down into three main groups - Access, Distribution, and Core. You're familiar with these groups from your CCNA studies, and now you've got to apply this knowledge.

The QoS workload should be borne by the Access and Distribution layers, because the Core layer switches need to be left alone as much as possible to their primary purpose - switching!

Traffic should generally be classified and marked at the Access layer. This allows traffic to be assigned the desired QoS values and carry that value throughout the network.

If you choose to change CoS-DSCP mappings, this will generally be done at the Distribution layer. Since distribution layer switches will be receiving frames and packets with QoS values from the access layer switches, the appropriate "trust" and "no trust" statements should be configured on the appropriate distribution layer switches.

Any traffic received by core switches should already be classified and marked as needed. The key with core switches is to use a simple queuing setup to keep the switching process fast. Fast, fast, fast!

Real-world note - Low Latency Queuing (LLQ) is an excellent choice for core switches. The name says it all - low latency! The configuration of LLQ is not a BCMSN topic, but a quick search on the term low latency queuing will quickly bring up several Cisco LLQ configuration documents.

Knowing the three layers of Cisco's networking model and the basic QoS operation and commands is vital to passing the CCNP exams, but even more importantly, you've got to apply this knowledge carefully and accurately to make QoS work for you in today's production networks.

GoArticles: Chris Bryant, CCIE #12933, is the owner of The Bryant Advantage (http://www.thebryantadvantage.com), home of free CCNA and CCNP tutorials! For my FREE "How To Pass The CCNA" or "CCNP" ebook, visit the website and download your copies. Get your CCNA study guide from The Bryant Advantage!

Cisco CCNA / CCNP Home Lab Tutorial: The 2501 Router

To be truly prepared for your CCNA and CCNP exams, you need real hands-on experience with real Cisco routers and switches. However, a production network is a really bad place to practice your configurations, but an excellent way to get fired and/or sued. The key to becoming a true CCNA and CCNP is assembling your own Cisco home lab.

You don't have to spend a lot of money to do so; used Cisco equipment is cheaper than ever. It's robust as well - I've bought literally hundreds of used routers and switches over the years and have had very few problems. I owe much of my skill to practicing configurations and troubleshooting in my own home lab.

2501 routers are fantastic for CCNA and CCNP home labs. They come with two serial interfaces, allowing you to connect one interface directly to another router (you'll need a DTE/DCE cable for that, too) while connecting another to a frame relay switch if you like. If you don't have a frame relay switch, you can connect a 2501 directly to two other routers via the serial interfaces.

You also have an AUI port, which requires a transceiver to operate as your Ethernet interface. Transceivers are pretty cheap and readily available from Cisco resellers and ebay vendors, so pick one up for each 2503 you decide to buy.

2501 routers don't come with BRI interfaces, but not every router in your lab has to be ISDN-ready. If you choose not to have ISDN in your lab at all, 2501s are the way to go. If you do want to run ISDN and have an ISDN simulator device, you can get two 2503s and the rest of your routers can be 2501.

All in all, 2501 routers are great for your CCNA / CCNP home lab. They cost less than $100 each on ebay, so they're also very affordable. There's no better training than training on your own CCNA or CCNP home lab, and you can always sell the equipment later if you like. Basically, you're renting the routers and switches, and the experience you get by working with the real deal is invaluable.

GoArticles: Chris Bryant, CCIE #12933, is the owner of The Bryant Advantage (http://www.thebryantadvantage.com), home of free CCNA and CCNP tutorials! For my FREE "How To Pass The CCNA" or "CCNP" ebook, visit the website and download your copies. Get your CCNA study guide from The Bryant Advantage!

Cisco CCNP / BCSI Exam Tutorial: Broadcasts And The IP Helper-Address Command

While routers accept and generate broadcasts, they do not forward them. This can be quite a problem when a broadcast needs to get to a device such as a DHCP or TFTP server that's on one side of a router with other subnets on the other side.

If a PC attempts to locate a DNS server with a broadcast, the broadcast will be stopped by the router and will never get to the DNS server. By configuring the ip helper-address command on the router, UDP broadcasts such as this will be translated into a unicast by the router, making the communication possible. The command should be configured on the interface that will be receiving the broadcasts.

R1(config)#int e0

R1(config-if)#ip helper-address ?

A.B.C.D IP destination address

R1(config-if)#ip helper-address 100.1.1.2

Now, you may be wondering if this command covers all UDP services. Sorry, you're not getting off that easy! The command does forward eight common UDP service broadcasts, though.

TIME, port 37

TACACS, port 49

DNS, port 53

BOOTP/DHCP Server, port 67

BOOTP/DHCP Client, port 68

TFTP, port 69

NetBIOS name service, port 137

NetBIOS datagram service, port 138

That's going to cover most scenarios where the ip helper-address command will be useful, but what about those situations where the broadcast you need forwarded is not on this list? You can use the ip forward-protocol command to add any UDP port number to the list.

Additionally, to remove protocols from the default list, use the no ip forward-protocol command. In the following example, we'll add the Network Time Protocol port to the forwarding list while removing the NetBIOS ports. Remember, you can use IOS Help to get a list of commonly filtered ports!

R1(config)#ip forward-protocol udp ?

<0-65535> Port number

biff Biff (mail notification, comsat, 512)

bootpc Bootstrap Protocol (BOOTP) client (68)

bootps Bootstrap Protocol (BOOTP) server (67)

discard Discard (9)

dnsix DNSIX security protocol auditing (195)

domain Domain Name Service (DNS, 53)

echo Echo (7)

isakmp Internet Security Association and Key Management Protocol (500)

mobile-ip Mobile IP registration (434)

nameserver IEN116 name service (obsolete, 42)

netbios-dgm NetBios datagram service (138)

netbios-ns NetBios name service (137)

netbios-ss NetBios session service (139)

ntp Network Time Protocol (123)

pim-auto-rp PIM Auto-RP (496)

rip Routing Information Protocol (router, in.routed, 520)

snmp Simple Network Management Protocol (161)

snmptrap SNMP Traps (162)

sunrpc Sun Remote Procedure Call (111)

syslog System Logger (514)

tacacs TAC Access Control System (49)

talk Talk (517)

tftp Trivial File Transfer Protocol (69)

time Time (37)

who Who service (rwho, 513)

xdmcp X Display Manager Control Protocol (177)

 

R1(config)#ip forward-protocol udp 123

R1(config)#no ip forward-protocol udp 137

R1(config)#no ip forward-protocol udp 138 As you can see, the ip helper-address command helps work around the fact that broadcasts aren't forwarded by routers by default, and if you just need to send one or two broadcast types, the other types can be turned off easily.

Chris Bryant, CCIE #12933, is the owner of The Bryant Advantage (http://www.thebryantadvantage.com), home of free CCNP and CCNA tutorials! For my FREE "How To Pass The CCNA" or "CCNP" ebook, visit the website and download your copies. Pass your CCNP exam with The Bryant Advantage!

Cisco CCNA Certification Exam Tutorial: ISDN Details You Must Know

CCNA exam success depends partially on knowing the details of ISDN, and there are plenty of them! To help you review for your CCNA exam, here are a few ISDN details that you must know on exam day. (They help in the real world, too - and there are still plenty of ISDN networks out there!

The Cisco-proprietary version of HDLC is the default encapsulation type for serial and ISDN interfaces.

R2#show interface serial0

Serial0 is up, line protocol is up

Hardware is HD64570

MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, rely 255/255, load 1/255

Encapsulation HDLC, loopback not set, keepalive set (10 sec)

While there's only one D-channel in BRI, PRI (US) and PRI (EU), the bandwidth of that D-channel does vary from BRI to PRI. It's 16 kbps in BRI and 64 kbps in both PRI versions.

The global command isdn switch-type must be configured before you can even begin to have ISDN work. show isdn status will tell you whether or not you've done this correctly.

R2#show isdn status

**** No Global ISDN Switchtype currently defined ****

ISDN BRI0 interface

dsl 0, interface ISDN Switchtype = none

Layer 1 Status:

DEACTIVATED

Layer 2 Status:

Layer 2 NOT Activated

Layer 3 Status:

0 Active Layer 3 Call(s)

PAP allows passwords to be different; CHAP requires that they be the same.

PAP requires the "ppp pap sent-username" interface-level command. CHAP has no equivalent command.

Define interesting traffic with dialer-list and link that list to the interface with dialer-group.

R2#conf t

R2(config)#dialer-list 1 proto ip permit

R2(config)#int bri0

R2(config-if)#dialer-group 1

The dialer idle-timeout value is expressed in seconds, not minutes. (Even IOS Help isn't totally clear on this.)

R2(config)#int bri0

R2(config-if)#dialer-group 1

R2(config-if)#dialer idle-timeout ?

<1-2147483> Idle timeout before disconnecting a call

R2(config-if)#dialer idle-timeout 120

Dialer map maps a remote IP address to a remote phone number. You never dial the local router's phone number.

dialer load-threshold requires the ppp multilink command to be configured, and the value of dialer load-threshold is expressed as a ratio of 255, NOT 100. For example, if you want the second b-channel to come up when the first reaches 50% of capacity, the value to express with dialer load-threshold would be 50% of 255 - which equals 127.

R2(config)#int bri0

R2(config-if)#encap ppp

R2(config-if)#ppp multilink

R2(config-if)#dialer load-threshold ?

<1-255> Load threshold to place another call

Success on the CCNA exam depends on knowing the details. Keep studying, keep practicing on real Cisco routers and switches, keep a positive attitude, and you're on your way to CCNA exam success!

Chris Bryant, CCIE #12933, is the owner of The Bryant Advantage (http://www.thebryantadvantage.com), home of free CCNA and CCNP tutorials! For my FREE "How To Pass The CCNA" or "CCNP" ebook, visit the website and download your copies. Get your CCNA study guide from The Bryant Advantage!

Cisco CCNP / BCMSN Exam Tutorial: Configuring CGMP On Routers & Switches

If a Layer Two switch doesn't have the capabilities to run IGMP Snooping, it will be able to run CGMP - Cisco Group Membership Protocol. CGMP allows the multicast router to work with the Layer Two switch to eliminate unnecessary multicast forwarding.

CGMP will be enabled on both the multicast router and the switch, but the router's going to do all the work. The router will be sending Join and Leave messages to the switch as needed. PIM must be running on the router interface facing the switch before enabling CGMP, as you can see:

R1(config)#int e0

R1(config-if)#ip cgmp

WARNING: CGMP requires PIM enabled on interface

R1(config-if)#ip pim sparse

R1(config-if)#ip cgmp

When CGMP is first enabled on both the multicast router and switch, the router will send a CGMP Join message, informing the switch that a multicast router is now connected to it. This particular CGMP Join will contain a Group Destination Address (GDA) of 0000.0000.0000 and the MAC address of the sending interface. The GDA is used to identify the multicast group, so when this is set to all zeroes, the switch knows this is an introductory CGMP Join, letting the switch know that the multicast router is online.

The switch makes an entry in its MAC table that this router can be found off the port that the CGMP Join came in on. The router will send a CGMP Join to the switch every minute to serve as a keepalive.

A workstation connected to the switch on port 0/5 now wishes to join multicast group 225.1.1.1. The Join message is sent to the multicast router, but first it will pass through the switch. The switch will do what you'd expect it to do - read the source MAC address and make an entry for it in the MAC address table as being off port fast 0/5 if there's not an entry already there. (Don't forget that the MAC address table is also referred to as the CAM table or the bridging table.)

The router will then receive the Join request, and send a CGMP Join back to the switch. This CGMP Join will contain both the multicast group's MAC address and the requesting host's MAC address. Now the switch knows about the multicast group 225.1.1.1 and that a member of that group is found off port fast 0/5. In the future, when the switch receives frames destined for that multicast group, the switch will not flood the frame as it would an unknown multicast. Instead, the switch will forward a copy of the frame to each port that it knows leads to a member of the multicast group.

Two major benefits of CGMP are the explicit Join and Leave Group messages. In the next part of this BCMSN exam tutorial, we'll take a look at the Leave Group messages.

Chris Bryant, CCIE #12933, is the owner of The Bryant Advantage (http://www.thebryantadvantage.com), home of free CCNA and CCNP tutorials! For my FREE "How To Pass The CCNA" or "CCNP" ebook, visit the website and download your copies. Get your CCNA study guide from The Bryant Advantage!

Cisco CCNA / CCNP Home Lab Tutorial: The 2503 Router

I know from experience that part of the excitement and anxiety of putting together your own CCNA / CCNP home lab is deciding what to buy! While you can make a workable home lab out of almost any combination of Cisco routers and switches, some routers are better suited for home lab work than others because they can fill multiple roles.

When you buy CCNA or CCNP "lab kits" - bundles of routers and switches - you can get a little confused about whether you're getting a good deal. One router I get asked about quite a bit is the 2503.

2503 routers are fantastic for CCNA and CCNP home labs. They come with two serial interfaces, allowing you to connect one interface directly to another router (you'll need a DTE/DCE cable for that, too) while connecting another to a frame relay switch if you like. If you don't have a frame relay switch, you can connect a 2503 directly to two other routers via the serial interfaces.

You also have an AUI port, which requires a transceiver to operate as your Ethernet interface. Transceivers are pretty cheap and readily available from Cisco resellers and ebay vendors, so pick one up for each 2503 you decide to buy.

2503 routers also come with a BRI interface. Even though you may not have an ISDN simulator right now, you may choose to add one later. That makes a 2503 a great bet for future lab expansion.

All in all, 2503 routers are great for your CCNA / CCNP home lab. They run about $125 each on ebay, or less, so they're also very affordable. There's no better training than training on your own CCNA or CCNP home lab, and you can always sell the equipment later if you like. Basically, you're renting the routers and switches, and the experience you get by working with the real deal is invaluable.

Chris Bryant, CCIE #12933, is the owner of The Bryant Advantage (http://www.thebryantadvantage.com), home of free CCNA and CCNP tutorials! For my FREE "How To Pass The CCNA" or "CCNP" ebook, visit the website and download your copies. Get your CCNA study guide from The Bryant Advantage!

Cisco CCNA Certification Exam Tutorial: Variance And Unequal Cost Load Balancing

To pass the CCNA exam, you've got to know how to work with IGRP and EIGRP unequal-cost load balancing. You may not see much IGRP in production networks anymore, but you'll see a lot of EIGRP, and part of fine-tuning your EIGRP network is making sure that all paths are in use while allowing for varying bandwidth rates.

Using the variance command is the easy part - it's getting the metric that's the hard part with IGRP. With EIGRP, you just look in the topology table and that's it. With IGRP, you've got to run a debug to get the right metric.

The variance command is a multiplier when the value supplied with the variance command is multiplied by the lowest-cost metric, it must exceed the higher-cost metric in order for the higher-cost route to be added.

If that sounds complicated, it's not. It's one of those things that sounds difficult, but isn't. Trust me!

In this example, R1 has two paths to 172.23.0.0, but is currently using only one. By looking in the IP routing table, we've seen that the lowest-cost metric for network 172.23.0.0 on R1 is 8576. This path goes through the 172.12.123.0 network. There is another valid path that uses the 172.12.13.0 network, but is not currently in use.

I 172.23.0.0/16 [100/8576] via 172.12.123.2, 00:00:53, Serial0

IGRP does not have a "show" command that displays all valid routes to a destination, as does EIGRP. The command debug ip igrp transactions will show the current metric of the routes using the 512 KBPS route.

R1#debug ip igrp transactions

IGRP protocol debugging is on

19:17:51: IGRP: broadcasting request on Loopback0

19:17:51: IGRP: broadcasting request on Serial0

19:17:51: IGRP: broadcasting request on Serial1

19:17:51: IGRP: received update from 172.12.13.3 on Serial1

19:17:51: subnet 172.12.13.0, metric 23531 (neighbor 21531)

19:17:51: subnet 172.12.123.0, metric 23531 (neighbor 8476)

19:17:51: network 1.0.0.0, metric 24031 (neighbor 8976)

19:17:51: network 2.0.0.0, metric 22131 (neighbor 1600)

19:17:51: network 3.0.0.0, metric 22031 (neighbor 501)

19:17:51: network 172.23.0.0, metric 21631 (neighbor 1100)

R1(config)#router igrp 1 R1(config-router)#variance 3 R1#show ip route 172.23.0.0 Routing entry for 172.23.0.0/16 Known via "igrp 1", distance 100, metric 8576 Redistributing via igrp 1 Advertised by igrp 1 (self originated) Last update from 172.12.123.2 on Serial0, 00:00:01 ago Routing Descriptor Blocks: * 172.12.13.3, from 172.12.13.3, 00:00:20 ago, via Serial1 Route metric is 21631, traffic share count is 1 Total delay is 21000 microseconds, minimum bandwidth is 512 Kbit Reliability 255/255, minimum MTU 1500 bytes Loading 1/255, Hops 0 172.12.123.3, from 172.12.123.3, 00:00:20 ago, via Serial0 Route metric is 8576, traffic share count is 3 Total delay is 21000 microseconds, minimum bandwidth is 1544 Kbit Reliability 255/255, minimum MTU 1500 bytes Loading 1/255, Hops 0 172.12.123.2, from 172.12.123.2, 00:00:01 ago, via Serial0 Route metric is 8576, traffic share count is 3 Total delay is 21000 microseconds, minimum bandwidth is 1544 Kbit Reliability 255/255, minimum MTU 1500 bytes Loading 1/255, Hops 0

The metric for 172.23.0.0 through the direct connection is 21631. A variance of 3 means that any route with a metric less than the best metric multiplied by the variance (in this case, 8576 x 3 = 25728) will be entered into the routing table. R1 now has three unequal-cost paths to 172.23.0.0 in its routing table, and load balancing will take place.

IGRP unequal-cost load balancing takes some practice, but as you can see, once you get the metric it's easy to work with. Just make sure you know how to get that metric!

Chris Bryant, CCIE #12933, is the owner of The Bryant Advantage (http://www.thebryantadvantage.com), home of free CCNA and CCNP tutorials! For my FREE "How To Pass The CCNA" or "CCNP" ebook, visit the website and download your copies. Get your CCNA study guide from The Bryant Advantage!

Cisco CCNP / BCMSN Exam Tutorial: Multicasting And The RPF Check

Multicasting is a vital topic on your BCMSN, CCNP, and CCIE exams, and it can also be very confusing when you first start studying it. Multicasting uses concepts that are unlike anything you've run into in your routing protocol studies, and that can throw you at first. I speak from experience that multicasting is like any other Cisco technology - learn the basics, master the fundamentals, and then build your skills on that foundation.

One such fundamental is the RPF Check, or Reverse Path Forwarding Check.

A fundamental difference between unicasting and multicasting is that a unicast is routed by sending it toward the destination, while a multicast is routed by sending it away from its source.

"toward the destination" and "away from its source" sound like the same thing, but they're not. A unicast is going to follow a single path from source to destination. The only factor the routers care about is the destination IP address - the source IP address isn't a factor.

With multicast routing, the destination is a multicast IP group address. It's the multicast router's job to decide which paths will lead back to the source (upstream) and which paths are downstream from the source. Reverse Path Forwarding refers to the router's behavior of sending multicast packets away from the source rather than toward a specific destination.

The RPF Check is run against any incoming multicast packet. The multicast router examines the interface that the packet arrived on. If the packet comes in on an upstream interface - that is, an interface found on the reverse path that leads back to the source - the packet passes the check and will be forwarded. If the packet comes in on any other interface, the packet is dropped.

The RPF Check serves to verify the integrity of your multicasting network, and also serves as a reminder that the basic operation of multicasting is a lot different than unicasting!

Chris Bryant, CCIE #12933, is the owner of The Bryant Advantage , home of free CCNA and CCNP tutorials! Pass the CCNA exam with Chris Bryant!

The Brief History of Cisco Certifications

Even young people can remember the old days when network administrators were more often associated for being the person sitting next to a computer system rather than for specific abilities of proficiency. In those early days, CCNA Certification or CCNA training were concepts totally ignored by most small-to-medium businesses, and they never asked a network administrator to apply for a CCNA course.

In fact during long time, many office managers just learned a few computer tricks to qualify as network administrator because a Cisco Certified Network Associate (CCNA) was only known as inter networking became more complex. The increasingly sophistication in design and equipment requiring IT professionals.

CCNA training begin to be considered essential when the business world found that only the labor of a pool consisting of qualified technicians could handle common problems and new challenges resulting from the evolving of new technologies. A CCNA course was synonym of the knowledge and skills accrediting IT personal.

As the time went by, all major vendors of computer software and hardware started to develop their own certification programs with the customers in mind. CCNA Certification become necessary to ensure providing them with people up to date with the technology, to help customers implement their products.

This way, Cisco certifications began with the offer of the Cisco Certified Inter networking Engineer (CCIE), which was a extremely difficult level of certification, as the only CCNA course available during that time. Such CCNA Certification usually required several years of experience and thousands of dollars.

CCNA training consisted of torturous lab practical, needing multiple attempts at the exam, in order to pass. CCIE Certification still require the same level of experience, practice and the rigorous nature of the exam that only a few candidates actually pass, but Cisco has developed intermediate levels of certification nowadays.

CCNA Certification can be acquired applying for a CCNA course designed for those who want to be identified as Cisco-knowledgeable technicians to improve their opportunities to develop an IT career or integrate themselves to the growing demand for computer-related jobs.

It is a well known fact that a college degree in any field cannot guarantee employment, if the person holding a college diploma is not capable of doing properly the job, regardless any advanced degree. In networking, a traditional college four-year degree in Computer Science may be obsolete by graduation day due the constantly shifting nature of technology.

Cisco has worked very hard through its history to make sure any CCNA Certification, CCNA training or CCNA course retain its real worth and prestige in the marketplace.

Natalie Aranda writes about computer, technology and IT training.

Cisco CCNP / BCMSN Exam Tutorial: Multicasting And Reserved Addresses

Ever since you picked up your first CCNA book, you've heard about multicasting, gotten a fair idea of what it is, and you've memorized a couple of reserved multicasting addresses. Now as you prepare to pass the BCMSN exam and become a CCNP, you've got to take that knowledge to the next level and gain a true understanding of multicasting. Those of you with an eye on the CCIE will truly have to become multicasting experts!

Having said that, we're going to briefly review the basics of multicasting first, and then future tutorials will look at the different ways in which multicasting can be configured on Cisco routers and switches.

What Is Multicasting?

A unicast is data that is sent from one host to another, while a broadcast is data sent from a host that is destined for "all" host addresses. By "all", we can mean all hosts on a subnet, or truly all hosts on a network.

There's a quite a bit of a middle ground there! A multicast is that middle ground, as a multicast is data that is sent to a logical group of hosts, called a multicast group. Hosts that are not part of the multicast group will not receive the data.

Some other basic multicasting facts:

There's no limit on how many multicast groups a single host can belong to.

The sender is usually unaware of what host devices belong to the multicast group.

Multicast traffic is unidirectional. If the members of the multicast group need to respond, that reply will generally be a unicast.

The range of IP addresses reserved for multicasting is the Class D range, 224.0.0.0 - 239.255.255.255.

That range contains a couple of other reserved address ranges.

224.0.0.0 - 224.0.0.255 is reserved for network protocols only on a local network segment. Packets in this range will not be forwarded by routers, so these packets cannot leave the segment.

Just as Class A, Class B, and Class C networks have private address ranges, so does Class D. The Class D private address range is 239.0.0.0 - 239.255.255.255. Like the other private ranges, these addresses can't be routed, so they can be reused from one network to another.

The remaining addresses fall between 224.0.1.0 and 238.255.255.255. That's the "normal" range of multicast addresses. These addresses can be routed, so they must be unique and should not be duplicated from one network to the next.

In my next BCMSN / CCNP multicasting tutorial, we'll take a look at the different ways in which Cisco routers and switches interact to forward multicast traffic.

Chris Bryant, CCIE #12933, is the owner of The Bryant Advantage (http://www.thebryantadvantage.com), home of free CCNP and CCNA tutorials! For my FREE "How To Pass The CCNA" or "CCNP" ebook, visit the website and download your copies. Pass your CCNP exam with The Bryant Advantage!

Cisco CCNP / BSCI Exam Tutorial: OSPF Route Redistribution Review

OSPF route redistribution is an important topic on the BSCI exam, and it's a topic full of details and defaults that you need to know for the exam room and the job. To help you pass the BSCI exam, here's a quick review of some of the OSPF route redistribution basics.

To see if a router is an ABR or ASBR, run show ip ospf. This also displays any routes being redistributed into OSPF on this router.

R1#show ip ospf

Routing Process "ospf 1" with ID 1.1.1.1

Supports only single TOS(TOS0) routes

Supports opaque LSA

It is an area border and autonomous system boundary router

Redistributing External Routes from,

connected, includes subnets in redistribution

rip, includes subnets in redistribution

When redistributing RIP into OSPF, the "subnets" option is needed to include subnets in redistribution. When redistributing OSPF into RIP, a seed metric must be specified. (OSPF gives redistributed routes a default metric of 20 - this can be changed, but a seed metric does not have to be set.)

R1(config)#router ospf 1

R1(config-router)#redistribute connected

% Only classful networks will be redistributed

R1(config-router)#redistribute connected subnets

R1(config-router)#redistribute rip subnets

R1(config-router)#router rip

R1(config-router)#redistribute connected metric 1

R1(config-router)#redistribute ospf 1 metric 1

By default, routes redistributed into OSPF are marked as E2 routes. The metric for these routes reflects only the cost of the path from the ASBR to the destination network and does not include the cost of the path from the local router to the ASBR. By contrast, E1 routes include the cost of the entire path from the local router to the destination network.

O E2 5.1.1.1 [110/20] via 172.34.34.3, 00:33:21, Ethernet0

6.0.0.0/32 is subnetted, 1 subnets

O E2 6.1.1.1 [110/20] via 172.34.34.3, 00:33:21, Ethernet0

172.12.0.0/16 is variably subnetted, 2 subnets, 2 masks

O E2 172.12.21.0/30 [110/20] via 172.34.34.3, 00:33:32, Ethernet0

O E2 7.1.1.1 [110/20] via 172.34.34.3, 00:33:21, Ethernet0

15.0.0.0/24 is subnetted, 1 subnets

O E2 15.1.1.0 [110/20] via 172.34.34.3, 00:33:32, Ethernet0

To redistribute routes into OSPF and mark them as E1 upon redistribution, use the metric-type option with the redistribution command.

R1(config)#router ospf 1

R1(config-router)#redistribute rip subnets metric-type ?

1 Set OSPF External Type 1 metrics

2 Set OSPF External Type 2 metrics

R1(config-router)#redistribute rip subnets metric-type 1

Look at the same two routes in R4's routing table, which are now displayed as E1 routes:

O E1 5.1.1.1 [110/94] via 172.34.34.3, 00:04:13, Ethernet0

6.0.0.0/32 is subnetted, 1 subnets

O E1 6.1.1.1 [110/94] via 172.34.34.3, 00:04:14, Ethernet0

BSCI exam success and earning your CCNP certification depends on knowing the details, and there are plenty of details involved in OSPF route redistribution! Keep studying, practice different scenarios in your CCNA / CCNP home lab or rack rental, and you'll master these details and pass the exam!

Chris Bryant, CCIE #12933, is the owner of The Bryant Advantage (http://www.thebryantadvantage.com), home of free CCNA and CCNP tutorials! For my FREE "How To Pass The CCNA" or "CCNP" ebook, visit the website and download your copies. Get your CCNA study guide from The Bryant Advantage!

Cisco CCNA Certification Exam Tutorial: RIP Details You Must Know

RIP isn't exactly the most complex routing protocol on the CCNA exam, but that makes it easy to overlook some of the important details you must keep in mind in order to pass the exam! To help you review for the exam, here are just a few of those details!

RIP's default behavior is to send version 1 updates, but to accept both version 1 and 2 routing updates.

R2(config)#router rip

R2(config-router)#net 172.16.0.0

R2(config-router)#^Z

R2#show ip protocols

Routing Protocol is "rip"

Sending updates every 30 seconds, next due in 6 seconds

Invalid after 180 seconds, hold down 180, flushed after 240

Outgoing update filter list for all interfaces is

Incoming update filter list for all interfaces is

Redistributing: rip

Default version control: send version 1, receive any version

Interface Send Recv Key-chain

Serial0 1 1 2

By default, RIP v2 autosummarizes routing updates sent across classful network boundaries. To disable this behavior, run no auto-summary under the RIP process.

R1#conf t

R1(config)#router rip

R1(config-router)#version 2

R1(config-router)#no auto-summary

You do not specify a subnet mask or wildcard mask when configuring RIP - just the classful network, even if you're running RIP v2.

R1#conf t

Enter configuration commands, one per line. End with CNTL/Z.

R1(config)#router rip

R1(config-router)#version 2

R1(config-router)#no auto-summary

R1(config-router)#network 172.10.0.0 ?

 

Debug ip rip displays the routing updates and metrics as the advertisements are sent and requested. To see this in action without waiting for the next regularly scheduled update, run clear ip route *.

R1#debug ip rip

RIP protocol debugging is on

R1#clear ip route *

01:16:54: RIP: sending v1 update to 255.255.255.255 via Loopback1 (1.1.1.1)

01:16:54: network 2.0.0.0, metric 2

01:16:54: network 3.0.0.0, metric 2

01:16:54: network 172.16.0.0, metric 1

01:16:54: network 10.0.0.0, metric 2

01:16:54: RIP: sending v1 update to 255.255.255.255 via Serial0 (172.16.123.1)

01:16:54: subnet 172.16.123.0, metric 1

01:16:54: network 1.0.0.0, metric 1

01:16:54: network 2.0.0.0, metric 2

01:16:54: network 3.0.0.0, metric 2

01:16:54: network 10.0.0.0, metric 2

To see only the routes discovered by a routing protocol, run show ip route followed by the name of the protocol:

R1#show ip route rip

R 2.0.0.0/8 [120/1] via 172.16.123.2, 00:00:26, Serial0

R 3.0.0.0/8 [120/1] via 172.16.13.2, 00:00:09, Serial1

[120/1] via 172.16.123.3, 00:00:09, Serial0

R 10.0.0.0/8 [120/1] via 172.16.13.2, 00:00:09, Serial1

[120/1] via 172.16.123.3, 00:00:09, Serial0

[120/1] via 172.16.123.2, 00:00:26, Serial0

And don't forget - to turn off all currently running debugs, run undebug all.

R1#undebug all

All possible debugging has been turned off

Don't overlook RIP and IGRP when it comes to the CCNA exam. OSPF and EIGRP are more complex to configure, but you need to understand how distance vector protocols work in order to pass the CCNA!

Chris Bryant, CCIE #12933, is the owner of The Bryant Advantage , home of free CCNA and CCNP tutorials! Pass the CCNA exam with Chris Bryant!

Cisco CCNA Exam Tutorial: Split Horizon And Hub-And-Spoke Networks

For CCNA exam success, you had better know what split horizon is, how to turn it off, and when to turn it off. Knowing when to turn split horizon off is also important in production networks, because it can cause a hub-and-spoke network to have incomplete routing tables on the spokes.

Split horizon exists for a very good reason - routing loop prevention. The rule of split horizon states that a router cannot send an advertisement for a route out the same interface that it came in on. Split horizon is on by default on all interfaces running RIP, IGRP, and EIGRP.

In this CCNA tutorial, R1 will serve, as the hub and R2 and R3 will be the spokes. We'll first configure EIGRP over the 172.16.123.0 /24 network, the network connecting the three routers.

R1#conf t

R1(config)#router eigrp 100

R1(config-router)#no auto-summary

R1(config-router)#network 172.12.123.0 0.0.0.255

R2#conf t

R2(config)#router eigrp 100

R2(config-router)#no auto-summary

R2(config-router)#network 172.12.123.0 0.0.0.255

R3#conf t

R3(config)#router eigrp 100

R3(config-router)#no auto-summary

R3(config-router)#network 172.12.123.0 0.0.0.255

Running show ip eigrp neighbor on R1 shows that adjacencies to R2 and R3 are up.

R1#show ip eigrp neighbor

IP-EIGRP neighbors for process 100

H Address Interface Hold Uptime SRTT RTO Q Seq Type

(sec) (ms) Cnt Num

1 172.12.123.3 Se0/0 11 00:02:45 1 5000 0 1

0 172.12.123.2 Se0/0 161 00:03:01 1 5000 0 1 Each router will now advertise its loopback address via EIGRP.

R1#conf t

R1(config)#router eigrp 100

R1(config-router)#network 1.1.1.0 0.0.0.255

R2#conf t

R2(config)#router eigrp 100

R2(config-router)#network 2.2.2.0 0.0.0.255

R3#conf t

R3(config)#router eigrp 100

R3(config-router)#network 3.3.3.0 0.0.0.255

Running show ip eigrp route on each router shows that R1 has a route for both R2's and R3's loopback. R2 and R3 will only see R1's loopback address, and not each other's. Why?

R1#show ip route eigrp

2.0.0.0/24 is subnetted, 1 subnets

D 2.2.2.0 [90/2297856] via 172.12.123.2, 00:03:19, Serial0/0

3.0.0.0/24 is subnetted, 1 subnets

D 3.3.3.0 [90/2297856] via 172.12.123.3, 00:03:04, Serial0/0

R2#show ip route eigrp

1.0.0.0/24 is subnetted, 1 subnets

D 1.1.1.0 [90/2297856] via 172.12.123.1, 00:03:40, Serial0/0.123

R3#show ip route eigrp

1.0.0.0/24 is subnetted, 1 subnets

D 1.1.1.0 [90/2297856] via 172.12.123.1, 00:05:17, Serial0/0.31

EIGRP uses Split Horizon by default to prevent routing loops. In this lab, though, it prevents full network reachability. R2 and R3 both form neighbor relationships with R1's Serial physical interface. R2 advertises its loopback address to R1's Serial interface, as does R3. Split Horizon does not allow a route to be advertised back out the same interface it was received on. This prevents R1 from advertising R2's loopback to R3, or R3's loopback to R2.

Split Horizon must be disabled to allow full network reachability in this lab. To do so, run no ip split-horizon eigrp 100 on R1's Serial interface. When Split Horizon is disabled, that will cause the neighbor relationships to fail, and then reestablish. Run show ip route eigrp 100 on both R2 and R3. The appropriate route to the remote loopback address will now appear.

R1#conf t

R1(config)#int serial0

R1(config-if)#no ip split-horizon eigrp 100

10:02:23: %DUAL-5-NBRCHANGE: IP-EIGRP 100: Neighbor 172.12.123.2 (Serial0/0) down: split horizon changed

10:02:23: %DUAL-5-NBRCHANGE: IP-EIGRP 100: Neighbor 172.12.123.3 (Serial0/0) down: split horizon changed

10:02:27: %DUAL-5-NBRCHANGE: IP-EIGRP 100: Neighbor 172.12.123.3 (Serial0/0) ip: new adjacency

10:02:54: %DUAL-5-NBRCHANGE: IP-EIGRP 100: Neighbor 172.12.123.2 (Serial0/0) ip: new adjacency

R2#show ip route eigrp

1.0.0.0/24 is subnetted, 1 subnets

D 1.1.1.0 [90/2297856] via 172.12.123.1, 00:00:06, Serial0/0.123

3.0.0.0/24 is subnetted, 1 subnets

D 3.3.3.0 [90/2809856] via 172.12.123.1, 00:00:06, Serial0/0.123

R3#show ip route eigrp

1.0.0.0/24 is subnetted, 1 subnets

D 1.1.1.0 [90/2297856] via 172.12.123.1, 00:00:12, Serial0/0.31 2.0.0.0/24 is subnetted, 1 subnets

D 2.2.2.0 [90/2809856] via 172.12.123.1, 00:00:12, Serial0/0.31

Disabling split horizon should be done with care, but knowing when and where to do so shows that you truly understand how this technology works - and that's a big step on the way to earning your CCNA!

Chris Bryant, CCIE #12933, is the owner of The Bryant Advantage , home of free CCNA and CCNP tutorials! Pass the CCNA exam with Chris Bryant!

Cisco CCNP / BSCI Exam Tutorial: The Passive Interface Command And OSPF

To pass the BSCI exam and become a CCNP, you have to be aware of the proper use of passive interfaces. You learned about passive interfaces in your CCNA studies, but here we'll review the basic concept and clear up one misconception regarding passive interfaces and OSPF.

Configuring an interface as passive will still allow the interface to receive routing updates, but the interface will no longer transmit them. While the command itself would make you think this command will be applied at the interface level, that is not the case. Below, we'll configure ethernet0 as a RIP passive interface.

R1(config)#router rip

R1(config-router)#passive-interface ethernet0

Ethernet0 will no longer send RIP routing updates, but will accept them.

The passive interface concept is clear enough with RIP, IGRP, and EIGRP - all protocols that send routing update packets. But OSPF doesn't send routing update packets - OSPF sends link state advertisements. It's the inability of the passive interface command to stop LSAs that lead many to think that passive interfaces cannot be used with OSPF.

Even though OSPF does not sent "routing updates" in the form that RIP, IGRP, and EIGRP do, you can still configure an OSPF-enabled interface as passive in order to prevent OSPF traffic from exiting or entering that interface. No OSPF adjacency can be formed if one of the interfaces involved is a passive interface, and if you configure an OSPF-enabled interface as passive where an adjacency already exists, the adjacency will drop almost immediately.

Let's see that in action. R1 and R2 have an existing OSPF adjacency over their Ethernet interfaces. In an effort to reduce routing traffic, R1's e0 interface is configured as passive. The adjacency drops right away.

R1(config)#router ospf 1

R1(config-router)#passive-interface ethernet0

18:31:11: %OSPF-5-ADJCHG: Process 1, Nbr 2.2.2.2 on Ethernet0 from FULL to DOWN, Neighbor Down: Interface down or detached

Knowing how to use the passive interface command is a vital part of being a CCNP, and of being a master networker. Good luck to you in both of these pursuits!

Chris Bryant, CCIE #12933, is the owner of The Bryant Advantage , home of free CCNA and CCNP tutorials! Pass the CCNA exam with Chris Bryant!

Cisco CCNP / BCMSN Exam Tutorial: The Core Layer Of Cisco's Three-Layer Model

In this section, you're going to be reintroduced to a networking model you first saw in your CCNA studies. No, it's not the OSI model or the TCP/IP model - it's the Cisco Three-Layer Hierarchical Model. Let's face it, just about all you had to do for the CCNA was memorize the three layers and the order they were found in that model, but the stakes are raised here in your CCNP studies. You need to know what each layer does, and what each layer should not be doing. This is vital information for your real-world network career as well, so let's get started with a review of the Cisco three-layer model, and then we'll take a look at each layer's tasks. Most of the considerations at each layer are common sense, but we'll go over them anyway!

Today we'll take a look at the core layer of the Cisco model.

The term core switches refers to any switches found here. Switches at the core layer allow switches at the distribution layer to communicate, and this is more than a full-time job. It's vital to keep any extra workload off the core switches, and allow them to do what they need to do - switch! The core layer is the backbone of your entire network, so we're interested in high-speed data transfer and very low latency - that's it!

Core layer switches are usually the most powerful in your network, capable of higher throughput than any other switches in the network. Remember, everything we do on a Cisco router or switch has a cost in CPU or memory, so we're going to leave most frame manipulation and filtering to other layers. The exception is Cisco QoS, or Quality of Service. QoS is generally performed at the core layer. We'll go into much more detail regarding QoS in another tutorial, but for now, know that QoS is basically high-speed queuing where special consideration can be given to certain data in certain queues. (You'll soon find that this is a very basic definition!)

We always want redundancy, but you want a lot of redundancy in your core layer. This is the nerve center of your entire network, so fault tolerance needs to be as high as you can possibly get it. Root bridges should also be located in the core layer.

The importance of keeping unnecessary workload off your core switches cannot be overstated. In the next part of this BCMSN tutorial, we'll take a look at how the other layers of the Cisco three-part model do just that.

Chris Bryant, CCIE #12933, is the owner of The Bryant Advantage , home of free CCNA and CCNP tutorials! Pass the CCNA exam with Chris Bryant!

Cisco CCNA Exam Tutorial: Loopback Interfaces

As a CCNA candidate, you most likely have some background in PC hardware and workstation support. If so, you're already familiar with loopback interfaces, particularly 127.0.0.1, the loopback address assigned to a PC.

When you're learning all about the different physical interfaces for your CCNA exam - serial, ethernet, and BRI, among others - there's one logical interface you need to know about, and that is - you guessed it! - the loopback interface.

What isn't as immediately apparent is why we use loopback interfaces on routers and switches to begin with. Many of the Cisco router features that can use loopbacks are intermediate and advanced features that you'll learn about in your CCNP and CCIE studies, but these features all come back to one basic concept: If the loopback interface on a router is down, that means the router is unavailable as a whole.

In contrast, a physical interface being down does not mean the router itself is out of commission. A router's ethernet port can go down, but the other physical interfaces on that router are still operational. Since a loopback interface is logical, there's nothing physical that can go wrong with it.

As I mentioned, you'll learn different Cisco router and switch features that utilize loopback interfaces as you climb the Cisco certification ladder. There's one misconception about Cisco loopback interfaces that you want to get clear on now, though. You?re probably familiar with loopback interfaces on a PC, and may even know that the address range 127.0.0.0 is reserved for loopback addressing.

Note that this reserved address range does not apply to loopbacks on Cisco devices, however. If you attempt to assign an address from this range to a Cisco loopback interface, you get this result:

R1#conf t

Enter configuration commands, one per line. End with CNTL/Z.

R1(config)#interface loopback0

R1(config-if)#ip address 127.0.0.2 255.255.255.0

Not a valid host address - 127.0.0.2

R1(config-if)#ip address 127.1.1.1 255.255.255.0

Not a valid host address - 127.1.1.1

The range 127.0.0.0 is reserved for host loopbacks (such as PCs), not routers or switches. The most commonly used address from this range is 127.0.0.1 ? if you can?t ping that on a workstation, that means you can?t ping yourself, which means there?s a problem with the TCP/IP install itself.

Keep these details in mind on the exam and in the workplace, and you?re on your way to CCNA exam success!
Chris Bryant, CCIE #12933, is the owner of The Bryant Advantage (http://www.thebryantadvantage.com ), home of free CCNA and CCNP tutorials, and The Ultimate CCNA and CCNP Study Packages. For a copy of his FREE "How To Pass The CCNA" or "CCNP" ebook, visit the website and download copies! Our new RSS feed gives you free Cisco questions daily!

Cisco CCNP/BCMSN Exam Tutorial: Changing Root Bridge Election Results

Your BCMSN and CCNP studies will include mastering the details of Spanning Tree Protocol (STP). While you learned some of these details in your CCNA studies, quite a bit of it may be new to you. Before going on to the intermediate and advanced STP features, let's review the root bridge election process and learn how to change these results.

Each switch will have a Bridge ID Priority value, more commonly referred to as a BID. This BID is a combination of a default priority value and the switch's MAC address, with the priority value listed first. For example, if a Cisco switch has the default priority value of 32,768 and a MAC address of 11-22-33-44-55-66, the BID would be 32768:11-22-33-44-55-66. Therefore, if the switch priority is left at the default, the MAC address is the deciding factor.

Switches are a lot like people - when they first arrive, they announce that they are the center of the universe! Unlike some people, the switches will soon get over it. BPDUs will be exchanged until one switch is elected Root Bridge, and it's the switch with the lowest BPDU that will end up being the Root Bridge.

If STP is left totally alone, a single switch is going to be the root bridge for every single VLAN in your network. Worse, that single switch is going to be selected because it has a lower MAC address than every other switch, which isn't exactly the criteria you want to use to select a single root bridge.

The time will definitely come when you want to determine a particular switch to be the root bridge for your VLANs, or when you will want to spread the root bridge workload. For instance, if you have 50 VLANs and five switches, you may want each switch to act as the root bridge for 10 VLANs each. You can make this happen with the spanning-tree vlan root command.

SW1(config)#spanning-tree vlan 1 ?

forward-time Set the forward delay for the spanning tree

hello-time Set the hello interval for the spanning tree

max-age Set the max age interval for the spanning tree

priority Set the bridge priority for the spanning tree

root Configure switch as root

In this example, we've got two switches, and SW1 has been elected the root bridge for VLANs 10, 20, and 30. We'll use the spanning-tree vlan root command on SW2 to make it the root bridge for VLANs 20 and 30.

SW2(config)#spanning-tree vlan 20 root primary

SW2(config)#spanning-tree vlan 30 root primary

SW2#show spanning vlan 20

VLAN0020

Spanning tree enabled protocol ieee

Root ID Priority 24596

Address 000f.90e2.1300

This bridge is the root

SW2#show spanning vlan 30

VLAN0030

Spanning tree enabled protocol ieee

Root ID Priority 24606

Address 000f.90e2.1300

This bridge is the root

SW 2 is now the root bridge for both VLAN 20 and 30. Notice that the priority value has changed from the default of 32768.

In the next CCNP / BCMSN tutorial, we'll take a look at more STP features.
Chris Bryant, CCIE #12933, is the owner of The Bryant Advantage (http://www.thebryantadvantage.com ), home of free CCNA and CCNP tutorials, and The Ultimate CCNA and CCNP Study Packages.

Cisco CCNP/BSCI Exam Tutorial: Introduction To Policy Routing

Policy routing is a major topic on your BSCI exam, and you'll find quite a bit of policy routing going on in today's production networks. But what exactly is policy routing?

Policy-based routing, generally referred to as "policy routing", is the use of route maps to determine the path a packet will take to get to its final destination. As you progress through your CCNP studies and go on to the CCIE (or to a Cisco Quality Of Service certification), you'll find that traffic can be "marked" by policy routing in order to give different levels of service to various classes of traffic. (This is done by marking the traffic and placing the different classes of traffic in different queues in the router, allowing the administrator to give some traffic higher priority for transmission.)

There are some basic policy routing rules you should know:

Policy routing doesn't affect the destination of the packet, but does affect the path that is taken to get there.

Policy routing can forward traffic based on the source IP address or the destination IP address (with the use of an extended ACL).

Policy routing can be configured at the interface level, or globally.

Applying policy routing on an interface affects only packets arriving on that interface:

R2(config)#int s0

R2(config-if)#ip policy route-map CHANGE_NEXT_HOP

Applying the policy globally applies the route map to packets generated on the router, not on all packets received on all interfaces.

Whether you're running policy routing at the interface level, on packets created locally, or both, always run the command show ip policy to make sure you've got the right route maps on the proper interfaces.

R2#show ip policy

Interface Route map

local CHANGE_NEXT_HOP

Serial0 CHANGE_NEXT_HOP

And here's the big rule to remember....

If a packet doesn't match any of the specific criteria in a route map, or does match a line that has an explicit deny statement, the data is sent to the routing process and will be processed normally. If you don't want to route packets that do not meet any route map criteria, the set command must be used to send those packets to the null0 interface. This set command should be the final set command in the route map.

There are four possibilities for an incoming packet when route maps are in use. The following example illustrates all of them.

R2(config)#access-list 29 permit host 20.1.1.1

R2(config)#access-list 30 permit host 20.2.2.2

R2(config)#access-list 31 permit host 20.3.3.3

R2(config)#access-list 32 permit host 20.4.4.4

R2(config)#route-map EXAMPLE permit 10

R2(config-route-map)#match ip address 29

R2(config-route-map)#set ip next-hop 40.1.1.1

R2(config-route-map)#route-map EXAMPLE permit 20

R2(config-route-map)#match ip address 30

Assuming the route map has been applied to the router's ethernet0 interface, a packet sourced from 20.1.1.1 would meet the first line of the route map and have its next-hop IP address set to 40.1.1.1.

A packet sourced from 20.2.2.2 would match the next permit statement (sequence number 20). Since there is no action listed, this packet would return to the routing engine to undergo the normal routing procedure. All traffic that did not match these two addresses would also be routed normally - there would be no action taken by the route map.

Perhaps we want to specifically block traffic sourced from 20.3.3.3 or 20.4.4.4. We can use multiple match statements in one single route map, and have packets matching those two addresses sent to the bit bucket - the interface null0.

R2(config)#route-map EXAMPLE permit 30

R2(config-route-map)#match ip address 31

R2(config-route-map)#match ip address 32

R2(config-route-map)#set ?

as-path Prepend string for a BGP AS-path attribute

automatic-tag Automatically compute TAG value

comm-list set BGP community list (for deletion)

community BGP community attribute

dampening Set BGP route flap dampening parameters

default Set default information

extcommunity BGP extended community attribute

interface Output interface

ip IP specific information

level Where to import route

local-preference BGP local preference path attribute

metric Metric value for destination routing protocol

metric-type Type of metric for destination routing protocol

origin BGP origin code

tag Tag value for destination routing protocol

weight BGP weight for routing table

R2(config-route-map)#set interface null0

Any traffic matching ACLs 31 or 32 will be sent to null0, resulting in its being discarded by the router. Any traffic that didn't match any of the route map statements will be returned to the routing engine for normal processing.

Knowing policy routing and how to apply it are essential skills for passing the BSCI exam, earning your CCNP, and becoming more valuable in today's job market. Get some hands-on practice in a CCNA / CCNP home lab or rack rental to go along with learning the theory, and you'll be writing and applying policy routing in no time at all.
Chris Bryant, CCIE #12933, is the owner of The Bryant Advantage (http://www.thebryantadvantage.com ), home of free CCNA and CCNP tutorials, and The Ultimate CCNA and CCNP Study Packages. For a copy of his FREE "How To Pass The CCNA" or "CCNP" ebook, visit the website and download your copies!

Cisco CCNP Certification/BCMSN Exam Tutorial: Uplinkfast

You remember from your CCNA studies that when a port goes through the transition from blocking to forwarding, you're looking at a 50-second delay before that port can actually begin forwarding frames. Configuring a port with PortFast is one way to get around that, but again, you can only use it when a single host device is found off the port. What if the device connected to a port is another switch?

A switch can be connected to two other switches, giving that local switch a redundant path to the root bridge, and that's great - we always want a backup plan! However, STP will only allow one path to be available, but if the available path to the root switch goes down, there will be a 50-second delay due to the STP timers MaxAge and ForwardDelay before the currently blocked path will be available.

The delay is there to prevent switching loops, and we can't use PortFast to shorten the delay since these are switches, not host devices. What we can use is Uplinkfast.

The ports that SW3 could potentially use to reach the root switch are collectively referred to as an uplink group. The uplink group includes the ports in forwarding and blocking mode. If the forwarding port in the uplink group sees that the link has gone down, another port in the uplink group will be transitioned from blocking to forwarding immediately. Uplinkfast is pretty much PortFast for wiring closets. (Cisco recommends that Uplinkfast not be used on switches in the distribution and core layers.)

Some additional details regarding Uplinkfast:

The actual transition from blocking to forwarding mode takes about three seconds.

Uplinkfast cannot be configured on a root switch.

Uplinkfast is configured globally. You can't run Uplinkfast on some ports or on a per-VLAN basis - it's all or nothing.

The original root port will become the root port again when it detects that its link to the root switch has come back up. This does not take place immediately. The switch uses the following formula to determine how long to wait before transitioning back to the forwarding state:

( 2 x FwdDelay) + 5 seconds

Uplinkfast will take immediate action to ensure that the switch upon which it is configured cannot become the root switch. First, the switch priority will be set to 49,152, which means that if all other switches are still at their default priority, they'd all have to go down before this switch can possibly become the root switch. Additionally, the STP Port Cost will be increased by 3000, making it highly unlikely that this switch will be used to reach the root switch by any downstream switches.

And you just know there's got to be at least one option with this command, right? Let's run IOS Help and see.

SW2(config)#spanning-tree uplinkfast ?

max-update-rate Rate at which station address updates are sent

When there is a direct link failure, dummy multicast frames are sent to the MAC destination 0100.0ccd.cdcd. The max-update-rate value determines how many of these frames will be sent in a 100-millisecond time period.

Mastering the details of UplinkFast, BackboneFast, BPDU Guard, and Loop Guard are vital to your success on the CCNP exams, and one or more of these features are in use on almost every network in the world. Learn these features for success in both the exam room and the real world!
Chris Bryant, CCIE #12933, is the owner of The Bryant Advantage (http://www.thebryantadvantage.com). For a copy of his FREE "How To Pass The CCNA" or "CCNP" ebook, visit the website and download your copies! Daily exam questions and tutorials now available through RSS feed!

Cisco CCNA Certification Exam Tutorial: DNS And The IP Name-server Command

DNS behaviors of a Cisco router are important topics for both the CCNA exam and real-world production networks, and you probably didn't know there were so many DNS details before you began studying for the exam! In this tutorial, we'll look at the ip name-server command and its proper usage.

When a command is mistyped on a Cisco router, the default behavior of the router is to attempt to resolve it via DNS. First, the router looks for an IP Host table on the local router to perform this resolution ? that?s what the ?translating? word in the output is referring to. If there?s no IP Host table or the IP Host table doesn?t contain an entry for what you typed, the router will send a broadcast in an attempt to resolve this name through a remote DNS server. To prevent this broadcast, enter the global command no ip domain-lookup. Of course, to use DNS to resolve hostnames, ip domain-lookup would have to be reenabled if it?s been turned off.

R2#contin

Translating "contin"...domain server (255.255.255.255)

% Unknown command or computer name, or unable to find computer address

A command is mistyped as ?contin?. The Cisco router?s default behavior is to resolve this entry locally via an IP Host table, which isn't present on the router. A broadcast is then sent out to find a DNS server to perform the name resolution. The DNS lookup attempt must time out before the configuration can continue.

R2#conf t

R2(config)#no ip domain-lookup

R2#contin

Translating "contin"

% Unknown command or computer name, or unable to find computer address

With ?no ip domain-lookup? configured, the router doesn?t attempt to find a remote DNS server. It sees there is no local resolution configured and almost immediately sends a message to the console that the name can?t be resolved.

R2#conf t

R2(config)#ip domain-lookup

R2(config)#ip name-server 10.1.1.1

R2#contin

Translating "contin"...domain server (10.1.1.1)

A DNS server is installed on the network with the IP address 10.1.1.1. DNS lookup is reenabled with the command ip domain-lookup, and the IP address of the DNS server is specified with the ip name-server command.

It's just that easy to tell a Cisco router exactly where the DNS server is!
Chris Bryant, CCIE #12933, is the owner of The Bryant Advantage (http://www.thebryantadvantage.com ), home of free CCNA and CCNP tutorials, and The Ultimate CCNA and CCNP Study Packages. For a copy of his FREE "How To Pass The CCNA" or "CCNP" ebook, visit the website and download copies! Our new RSS feed gives you free Cisco questions daily!

Cisco CCNP/BSCI Exam Tutorial: Using Distribute Lists

To be successful on the BSCI exam and in earning your CCNP, you've got to master route redistribution. This isn't as easy as it sounds, because configuring route redistribution is only half the battle. Whether it's on an exam or in a real-world production network, you've got to identify possible points of trouble before you configure route redistribution - and you need to be able to control redistribution as well. You may have an OSPF domain with 100 routes, but only need to redistribute 10 of them into a neighboring RIPv2 domain. You've got to know how to do that, and one method is the use of a distribute-list.

A distribute-list is an access-list that is used to determine what routes can and cannot be redistributed. Distribute-lists let you specify what routes will be filtered from the process. You can use standard or extended ACLs, and you can filter routes that are coming into a routing process or being injected into another process.

In the following example, R1 is redistributing RIP routes into OSPF, but only wants to advertise network 150.1.1.0 /24 to other OSPF routers. An ACL will be written to match that particular network, and then the distribute-list will be written under the routing process. I'm going to show you the IOS Help output for the distribute-list command, and please note that routing updates can be controlled at the interface level or protocol level.

R1(config)#access-list 24 permit 150.1.1.0 0.0.0.255

R1(config)#router ospf 1

R1(config-router)#redistribute rip subnets

R1(config-router)#distribute-list 24 ?

in Filter incoming routing updates

out Filter outgoing routing updates

R1(config-router)#distribute-list 11 out ?

Async Async interface

BRI ISDN Basic Rate Interface

BVI Bridge-Group Virtual Interface

CTunnel CTunnel interface

Dialer Dialer interface

Ethernet IEEE 802.3

Lex Lex interface

Loopback Loopback interface

Multilink Multilink-group interface

Null Null interface

Serial Serial

Tunnel Tunnel interface

Vif PGM Multicast Host interface

Virtual-Template Virtual Template interface

Virtual-TokenRing Virtual TokenRing

bgp Border Gateway Protocol (BGP)

connected Connected

egp Exterior Gateway Protocol (EGP)

eigrp Enhanced Interior Gateway Routing Protocol (EIGRP)

igrp Interior Gateway Routing Protocol (IGRP)

ospf Open Shortest Path First (OSPF)

rip Routing Information Protocol (RIP)

static Static routes

R1(config-router)#distribute-list 11 out rip

Using distribute-lists does guard against routing loops, but they have other purposes. You may have a network segment that should be kept secret from the rest of your company; a distribute-list can filter that segment's network number from the redistribution process. In this way, distribute-lists serve as a basic form of network security. (Very basic. I wouldn't sell that firewall on ebay if I were you.)

Keeping such networks out of routing updates and routing tables throughout the network has the side effect of reducing routing update overhead as well.
Chris Bryant, CCIE #12933, is the owner of The Bryant Advantage (http://www.thebryantadvantage.com ), home of free CCNA and CCNP tutorials, and The Ultimate CCNA and CCNP Study Packages. For a copy of his FREE "How To Pass The CCNA" or "CCNP" ebook, visit the website and download copies! Our new RSS feed gives you free Cisco questions daily!

Cisco CCNP/BCMSN Exam Tutorial: Spanning Tree Protocol (STP) Timers

In your BCMSN / CCNP exam study, it's easy to overlook some of the details of Spanning Tree Protocol (STP). After all, you learned all of that in your CCNA studies, right? Not necessarily! While some of the BCMSN material will be a review for you, there are some details regarding familiar topics that you need to learn. That includes the timers for STP - Hello Time, MaxAge, and Forward Delay.

You may remember these timers from your CCNA studies as well, and you should also remember that these timers should not be changed lightly. What you might not have known is that if you decide to change any and all of these timers, that change must be configured on the root bridge! The root bridge will inform the nonroot switches of the change via BPDUs.

Hello Time is the interval between BPDUs, two seconds by default.

Forward Delay is the length of both the listening and learning STP stages, with a default value of 15 seconds.

Maximum Age, referred to by the switch as MaxAge, is the amount of time a switch will retain a BPDU's contents before discarding it. The default is 20 seconds.

The value of these timers can be changed with the spanning-tree vlan command shown below. Verify the changes with the show spanning-tree command.

SW1(config)#spanning-tree vlan 1 ?

forward-time Set the forward delay for the spanning tree

hello-time Set the hello interval for the spanning tree

max-age Set the max age interval for the spanning tree

priority Set the bridge priority for the spanning tree

root Configure switch as root

SW1(config)#spanning-tree vlan 1 hello-time 5

SW1(config)#spanning-tree vlan 1 max-age 30

SW1(config)#spanning-tree vlan 1 forward-time 20

SW1(config)#^Z

SW1#show spanning-tree vlan 1

VLAN0001

Spanning tree enabled protocol ieee

Root ID Priority 32769

Address 000f.90e1.c240

This bridge is the root

Hello Time 5 sec Max Age 30 sec Forward Delay 20 sec

Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)

Address 000f.90e1.c240

Hello Time 5 sec Max Age 30 sec Forward Delay 20 sec

Aging Time 300

Interface Role Sts Cost Prio.Nbr Type

Fa0/11 Desg FWD 19 128.11 P2p

Fa0/12 Desg FWD 19 128.12 P2p

Again, you should always take great care in changing these timers. Those defaults are set for a reason - helping to prevent switching loops!
Chris Bryant, CCIE #12933, is the owner of The Bryant Advantage (http://www.thebryantadvantage.com ), home of free CCNA and CCNP tutorials, and The Ultimate CCNA and CCNP Study Packages. For a copy of his FREE "How To Pass The CCNA" or "CCNP" ebook, visit the website and download copies! Our new RSS feed gives you free Cisco questions daily!