Monday, 21 December 2009

tcl scripting

As i've now got Dynamips working on my MacBook, and my BSCI, BCMSN, and ONT Lab Portfolio arrived today, i've started taking a look at BSCI (for no other reason than it is Router-focused, i'll actually probably take this exam last..).

First thing I want to make notes on; tcl scripts.

Say you have just set-up a routing domain (EIGRP, OSPF, IS-IS, anything), and now would like to verify that you can reach each of the devices with a simply ICMP Ping. You could sit there and enter ping 1.1.1.1, ping 2.2.2.2, ping 3.3.3.3 etc etc, OR you could use a tcl script.

N.B. Cisco suggest writing your tcl script in a Notepad window, and then paste it into the router. Useful if you need the same script from multiple devices. You can use Notepad in the CCIE Lab.

To create a script to ping 10.1.1.1, 10.1.2.1, 10.1.3.1;

R1>
R1>enable
R1#tclsh
R1(tcl)#foreach address {
+>(tcl)#10.1.1.1
+>(tcl)#10.1.2.1
+>(tcl)#10.1.3.1
+>(tcl)#} {
+>(tcl)#ping $address
+>(tcl)# }

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/8 ms
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.2.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/7/12 ms
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.3.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
R1(tcl)#tclquit
R1#

You must be in enable mode to use the tcl shell.

tclsh takes you into the tcl shell mode - notice the prompt changes!

The command foreach $address { starts a list of devices to which you want to do the command.

You can then list your devices, one on each line.

Close the list with a closing brace }, then open a new brace {

Now enter your ping command followed by $address to call the previous list.

You need to have a space before the final closing brace }. Once you press enter after the final brace, the commands will run.

To exit the tcl shell, you enter tclquit.

Losing track of time..


Ok, so it seems like ages since I last blogged (which it is!).. Sadly, not a lot has happened study-wise in the last few weeks.. Christmas is coming, and there is illness in both my and my girlfriend's families, so i've not had much time to myself.

Today, however, I have actually managed to set up Dynamips properly on my MacBook! I'm currently snowed-in at my parents house (therefore no access to my real lab) and decided to give Dynamips another chance!

I have to say, I am pleased that it is now working correctly. I tried in the past to get it all working, but something somewhere obviously wasn't right, as i'd get obscure messages and routers would not boot. It may have something to do with me trying to use 2600 images, and now i'm using 3700's..

Anyway, I am able to boot all 6 routers, 4 'switches' and 3 BB routers from the INE Dynamips topology! Of course, having the devices running, and having the devices actually running BGP etc etc are different things, but *fingers crossed*!!

Things that may be of interest to any other potential Dynamips users;

An error about '206-unable to create UDP NIO' from the Dynamips console can be resolved by adding 'udp = 50000' under the '[localhost:7200]' line in your .net file. If you have more than one instance of Dynamips running, increase the udp statements by 1000 for each.


Tuesday, 8 December 2009

Lap update and why real equipment can teach you more than Dynamips / Dynagen / GNS3


Ok, so my lab is now moved upstairs and all the final pieces of kit have arrived.

The lab now consists of;

R1 - 2610xm w/WIC-2T
R2 - 2610xm w/ 2x WIC-1T
R3 - 2610xm w/ NM-4A/S, 2x WIC-1T
R4 - 1841 w/ WIC-2T
R5 - 2611xm w/ 2x WIC-1T
R6 - 2611xm w/ 2x WIC-1T
FR switch - 2610xm w/ NM-4A/S, 2x WIC-1T

The more observant among you may have noticed that the FR switch has now changed from a 2611 to a 2610xm. This is due to the problems I had once I had received the second NM-4A/S etc and tried cabling to the INE Lab topology. For some reason, as soon as I enabled an interface on the NM-4A/S in the 2611 and tried to use Frame-Relay, the router would crash and reload..

Luckily, I managed to borrow a 2610xm from work, and that does not suffer the same problem. I didn't want to troubleshoot the 2611 too much, as it is obviously much older and therefore running an older version of IOS. Also, as it is the only non-xm 2600 that I have in my possession, it would not have been easy to get hold of an updated IOS.

The next obstacle I came across was with the WIC-2T in R1. For some reason, I could not get the connection to the FR-Switch to stay UP-UP, it always went UP-DOWN after a few moments. Debugging showed that frame-relay encapsulation was failing, but I could not see what was wrong.

I now believe, that because I had changed R1 from using 2x WIC-1T to using a single WIC-2T, I focused my troubleshooting on that end of the connection. Finding nothing wrong, I then played about with the FR-Switch end and must've messed up the configs..

As the WIC-2T was what had changed, and as it was the only one in a 2610xm that I was using, I (wrongly) assumed it was perhaps a hardware problem / cable problem / incompatibility issue.. So, I recabled and moved a few cards around such that my WIC-2T was in R3 and was just for point-to-point links (rather than Frame-Relay), and my R1 was back to 2x WIC-1T.

Imagine my displeasure when R1 STILL reverted to UP-DOWN.. As it was late, I gave up and went to bed.

The following day, I was sat installing my new printer and thought i'd have another look at what the problem was, thinking to myself "There MUST be something I can see using 'show' and 'debug' commands.. What if this was an exam question!?".. So, a quick 'show interface s0/0' command and I spot this;

LMI enq sent 131, LMI stat recvd 116, LMI upd recvd 0, DTE LMI up
LMI enq recvd 0, LMI stat sent 0, LMI upd sent 0
LMI DLCI 1023 LMI type is CISCO frame relay DTE

Unfortunately, that DTE was showing on both the FR-Switch interface, as well as the R1 interface.. I double-checked the config at the FR-Switch end against another, and sure enough the 'frame-relay intf-type dce' command is missing on the connection to R1.. So I put everything back how it was, and it's all now working.

I still do not know how I managed to miss this! I think it's primarily down to the text-file I had saved of the FR-Switch config. I used a template from a forum, and then ran across the DTE error that I blogged about here, so started adding the intf-type command from then.

I had (wrongly) assumed that the DTE error was due to the physical cabling, rather than specific to Frame-Relay, and so wasted a fairly large amount of time!

But, I have learned a lot about Frame-Relay, whereas before I knew absolutely zilch. I've also realised that, had this been a Dynamips / Dynagen / GNS3 set-up, I doubt I would ever have come across this problem, nor learned as much about Frame-Relay.

In amongst all of this, I've watched the videos on MPLS twice each, and tried to recreate the lab example in the videos. Unfortunately i'm not running the same equipment / IOS, so my outputs are slightly different. Because of this (and because I ran out of time), i've started on the IPSec videos, as MPLS VPNs are actually outside the scope of the CCNP ISCW exam and i'm conscience that time is marching on..

Argh..!!!


Grr... Another reminder for myself on something to blog about later!!

sh int s0/0 << check the LMI frame relay status!!

frame-relay intf-type dce


-- Posted from my iPhone!! So excuse any typo's..


Tuesday, 24 November 2009

Frame-relay switch config - frame-relay intf-type dce


Hmm... I was entering the config for my frame-relay switch, and started getting this error;

'route command not allowed between two DTE interfaces'

Which was particularly annoying, as I only had a single DTE interface connected (still waiting on my remaining DB60-DB60 cables to arrive..)

A quick google led me to a forum which stated you must enter the following command;

'frame-relay intf-type dce'

For each interface on your frame-relay switch..


Update;

This command was accepted fine. What I failed to do (facepalm!) was to then re-add the route commands that had previously been rejected, so I spent a good 10-15 minutes troubleshooting why my circuit would not come up.. Once the routes were re-added, everything went swimmingly!

HyperTerminal - send break


Useful note for using HyperTerminal -

to send a 'break' whilst a device is booting (to get into rommon mode), press 'Ctrl + Pause/Break'


Monday, 23 November 2009

Lab update


I've had to move my lab this weekend (it has to make way for the Christmas tree!), so I decided to re-cable it to the INE CCNP Bootcamp topology. I've also ordered the final(ish) bits of kit that I need to complete it all - 2x WIC-1T and another NM-4A/S/

The lab now (once outstanding orders arrive) consists of;

R1 - 2610xm w/ WIC-2T
R2 - 2610xm w/ 2x WIC-1T
R3 - 2610xm w/ NM-4A/S
R4 - 1841 w/ WIC-2T
R5 - 2611xm w/2x WIC-1T
FR switch - 2611 w/ NM-4A/S, 2x WIC-1T

I'm just going through them all now to configure with a 'Management' address so I can always telnet to each device (I don't have an Access-server)

Sunday, 22 November 2009

Argh! It's been a week already..

Ok, nearly a week.. It's been quite a busy one, so that's my excuse for not studying / blogging much. Here's an update on what's happened this week;

  • I've watched two and a half of my CCNP Bootcamp CoD videos.. An introduction to ISCW and ONT, Basic Teleworker Services, and half of an MPLS Overview.
  • The Lab Workbook has now been updated to include ISCW and ONT, which is nice. See here
  • I've gone ahead and ordered a NM-4A/S and 2 x WIC-1T to put into a 2611 (that belongs to a friend) and use as my Frame-Relay switch. I have a 2610XM that is not being used, but I still need 2 x serial connections to use it as R5. I may end up purchasing a router that comes with a WIC-2T to use as R5, and then if my friend ever wants their 2611 back, I shouldn't be short. The problem is i've already spent a huge amount of money on my study in the last 2 months, and Christmas is around the corner, so i'm a little anxious about spending more just yet..
  • We've had a shuffle round at work, so i'm hoping to get a bit more 'discreet' studying done! (maybe even a few runs of CoD videos)

Monday, 16 November 2009

Internetwork Expert CCNP Bootcamp Class-on-Demand, first impressions


Just finished watching the first two parts of ISCW videos, which is Day 1 of the 2nd Week of the Bootcamp.. ;) Yes, i'm not planning on going through the videos in the recorded order, as i'd like to get ISCW exam done first. My logic being, that i've (fairly) recently completed my CCNA:Sec exam, and there's a large amount of overlap between that and ISCW.

The first impression is that the videos are very good. I was a little concerned by the free videos available that I watched before purchasing, not because of the content, but because of the quality. I was a little worried about how INE would deliver their proper content (the free stuff is on YouTube), but it has turned out very well. You can see the instructor's screen, any questions that were asked by the people taking the class live, and links to the related documentation. You can also actually click on the links in the slides/videos which then opens up a new browser window <- very clever as it's something I don't think can be done with normal video hosting.

The Lab Workbook is a little unfinished - as of today only listing BCMSN and BCSI, but i'm sure ISCW and ONT will turn up.

I'm still not decided how I will continue with my studies. I'll definitely be watching the INE videos, but i'm not sure how I will integrate these with my CiscoPress reading etc. The INE Lab Workbook also uses a slightly different set of equipment to the CiscoPress Lab Portfolio (one more router and a Frame Relay switch), so I may have to look at purchasing those.. After Christmas I think! :)

Spent some money..

I've spent some more money on my pursuit of CCNP / CCIE certification status.. Internetwork Expert's CCNP Bootcamp Class-on-Demand

I'm just watching one of the Introduction videos now. I'll post a few review/write-ups as I go!

Sunday, 15 November 2009

Testing from my iPhone..


Just testing out blogging from my iPhone.. Seems easy enough, although I can't see myself writing too many essays from this!


-- Posted from my iPhone!! So excuse any typo's..


Friday, 13 November 2009

Configuring PPPoE


Grrr.. I've been trying to set my 2611XM up to act as PPPoE server, so that I can test my PPPoE client config, but it's not been going well.

The client config is fairly straight-forward;

interface Eth 1
no ip address
pppoe enable
pppoe-client dial-pool-number 1
!
interface Dialer 0
ip address negotiated
ip mtu 1492
encapsulation ppp
dial pool 1

And i've found a few posts online about configuring a PPPoE server on a Cisco router, but not had much luck implementing it. I can get as far as creating a VPDN-Group, but my router does not accept PPPoE as a protocol.

The PPPoE / PPPoA server config is not actually covered in the ISCW Lab Portfolio (it only shows you how to configure the client) but I thought it would be an interesting exercise to try..

The other parts covered in the ISCW Lab Portfolio (and a few bits that I think are missing) are;

interface Eth 0
ip address 10.0.0.1 255.255.255.0
ip nat inside
ip tcp mss-adjust 1452
!
interface Dialer0
ip nat outside
!
ip nat inside source list 101 interface Dialer0 overload
access-list 101 permit ip 10.0.0.0 255.255.255.0 any
!
ip dhcp pool LOCAL
network 10.0.0.0 255.255.255.0
default router 10.0.0.1
!
ip dhcp excluded-address 10.0.0.1
!
ip route 0.0.0.0 0.0.0.0 Dialer0

Yaawwwn...

2600's take ages to boot.. :(

Edit: Grrr.. and even more annoying when you power-on the wrong one!!

Monday, 9 November 2009

ISCW Lab Portfolio breakdown

  • Chapter 2 - Teleworker Connectivity - not-started
  • Chapter 3 - IPSec VPNs
    3.1 - Configuring SDM on a Router - not-started
    3.2 - Configuring a basic GRE Tunnel - Complete!
    3.3 - Configuring Wireshark and SPAN - not-started
    3.4 - Configuring Site-to-Site IPSec VPNs with SDM - not-started
    3.5 - Configuring Site-to-Site IPSec VPNs with IOS CLI - not-started
    3.6 - Configuring a Secure GRE Tunnel with SDM - not-started
    3.7 - Configuring a Secure GRE Tunnel with IOS CLI - not-started
    3.8 - Configuring IPSec VTIs - not-started
    3.9 - Configuring Easy VPN with SDM - not-started
    3.10 - Configuring Easy VPN with IOS CLI - not-started
    3.11 - IPSec Challenge Lab - not-started
    3.12 - IPSec Troubleshooting Lab - not-started

As you can see, there's a lot to do with IPSec in this syallabus!

Goals from last week (w/c 2nd Nov 2009)

  • Receive final router for Lab - complete!
  • Finish cabling Lab - complete! (although being the anally-retentive person that I am, I may re-do 2 cables, as they don't match the others.. 1 because I forgot to put on the boot, and another because I wanted to patch something and couldn't be bothered to make a cable myself!)
  • Read first 2 Chapters of ISCW Exam Cert Guide - complete!
  • Complete Chapter 2 of ISCW Lab Portfolio - i've not actually done this.. But I have done parts of Chapter 3 instead. I think i'll re-think the way in which I work through the book.

Thursday, 5 November 2009

Woohoo! Lab is (pretty much) complete!!


I picked up my 2611xm from my parents, along with my 4 SS-DB60 cables, so my Lab for the ISCW now consists of;

1 x 1841 w/ 2x WIC-1T
1 x 2611xm w/ 2x WIC-1T
1 x 2610xm w/ 2x WIC-2T
1 x 2610xm w/ 2x WIC-1T
1 x 2950 12-port

The ISCW Lab Portfolio is actually based on 4 x 2811 routers, which are obviously really expensive! 2811's have 2xFE ports, whereas my 2610xm's only have the 1.. I'm hoping this won't be too much of an issue, but i'm also tempted to buy a pair of 2621xm's that i've seen on eBay as I intend on carrying on with the CCIE in the future.

I quickly ran through a basic lab on configuring a GRE tunnel and setting up EIGRP, nice and easy! Will probably run through it again, and actually read the notes that go along with it..

Tuesday, 3 November 2009

Update (w/c 2nd Nov 2009)


An update on the goals for this week;

  • Receive final router for Lab - i've had delivery confirmation, I just need to collect it from my parents (Thurs).
  • Finish cabling Lab - I spent some time this evening creating 0.5m Cat5e cables, and I believe my Serial cables have arrived at my parents.
  • Read first 2 Chapters of of ISCW ECG - I went through the 'Do I Know This Already' questions for Chapter 1, and scored 7/8 so think i'll skip most of this chapter. Not started Chapter 2 just yet.
  • Complete Chapter 2 of ISCW Lab Portfolio - not started..

Monday, 2 November 2009

Teleworker Connectivity (Pt 1)

Cicso list a number of links concerning Teleworker Connectivity at the start of ISCW Lab Portfolio Chapter 2;

I'll try and read these as part of my goals for this week.

Goals for this week.. (w/c 2nd Nov 2009)

  • Receive final router for Lab
  • Finish cabling Lab
  • Read first 2 Chapters of ISCW Exam Cert Guide
  • Complete Chapter 2 of ISCW Lab Portfolio

CCNP changes being announced Jan 2010

Ok, so the changes that I expected to be announced in Nov 09, are no being announced in Jan 2010.. - https://learningnetwork.cisco.com/thread/8498

This is kind of good news, as it means I should be able to get a good start on one of the existing exams, and get it out of the way before the announcement.

Sunday, 1 November 2009

Welcome..

Hello, and welcome to blog.123and6.com. Make yourself at home.

I guess this first post should introduce myself, and explain a litte about what blog.123and6.com is all about. Well, for about 4 years now I have worked in I.T. and about 2 years ago I passed my first Cisco networking certification - the CCNA.

Technology has always interested in me, and it was actually by pure chance that I ended up working in the field of networking. But since I first started to understand what was going on, i've wanted to learn more.

The 'holy grail' for Cisco networking engineers is the CCIE or Cisco Certified Internetwork Expert. This includes a written exam, and what started out as a 2-day lab exam. The Lab has changed a lot over the years, became a single 8.5 hour day, and as of 19th Oct. 2009 includes a 2-hour 'Troubleshooting' section, leaving the actual config down to 6.5 hours.

I'd like to think that i'll get there one day..

At the moment my record stands at;

CCNA - Passed
CCDA - Failed :(
CCNA:Security - Passed
CCVP: CVoice - Failed :(

I am in two minds as whether to take another crack at the CVoice exam (I only narrowly failed), or to start with the CCNP. Over the last couple of weeks i've built up a lab that should see me through most of the CCNP, but as usual the problem will be the time constraints of having a full-time job, a girlfriend, moving house.. Plus there's the expected announcement from Cisco that the CCNP track will be changing soon.

But anyway, stay tuned for irregular posts on Cisco networking and my travels through the certification world..