Wednesday, December 24, 2008

Santa arrived earlier this year! Merry Christmas!

I just arrived from a long journey that took me almost 50 days away from everything (like home, you can see that by the few posts during the last 2, maybe 3 months), but, in the end, everything went well, I´ve implemented a new network for one of our customers, and all equipment (new and old) are up and running well, with no downtimes during the changes, and that´s what matters for me!

You can loose (in fact not loose, but, spend) countless hours working in an action plan, trying to figure out every situation that can arise, but in the end, the power of a plan careful created is priceless!

Anyway! Now I´m back, hungry and thirst for knowledge, specifically CCIE knowledge! lol! :)

Oh yeah! I was checking my emails, visiting my favorite websites, and found out that once again IPExpert and Internetwork Expert are playing Santa with HUGE discounts and End Year promotions under their websites! Go check it out! The AWESOME IPExpert CCIE Blended Learning Solutions for $999.00 (until Dec/31/2008) is a great deal, for sure!

I´ll spend some time with family, my wife (before she kills me), my cats during this christmas, and only after that (maybe next monday) get back to my studies, reading a book for hours, watch some Video on Demand Classes, do some labbing, all the fun stuff I need now!

So, I wish everybody a Merry Christmas and a Wonderful, Awesome, Incredible New Year, and I hope that all your dreams come true in 2009, were each of us will be able to make the difference in anything we choose to do!

Thank you all, and see you soon! Feel free to contact me any time!

Best Regards,

Caue Wailemann

Friday, December 5, 2008

OSPF: Peering Basics (IPExpert VoD) - Part I

Ok, it has been a while I don´t post anything, but believe me, it´s not because I don´t want too... I´m really away from everything due to a huge project to implement before christmas, hopefully!

That means... I do have "ocasional"  internet access (like, 1h every 5 days, can you believe that?! Me neither! It´s really difficult for a "Internet Addicted" guy like me)!!!

Anyway... That´s why I´m a bit away from all the news (I can see some exciting news regarding EverythingIE and Dynamips support from IPExpert), also a new online vClass from them, and a new introductory class from Internetwork Expert! Cool! As always, the most they try to be better than the other, we win! :) Wonderful man!

Also, Joe, I saw your email - sorry for taking so long to reply, but I´ll do it soon! Very NICE diagram and observations there! Sorry for taking too long to reply it to you, but I´ll do it soon! :S

So... let´s get a bit more technical, into OSPF, those are some notes, personal understandings and mostly the instructions, tips and advices from IPExpert VoD (awesome material). OSPF is splitted in several parts on those VoD starting with peering basics, which in my opinion, makes sense, why implement other features like security before having full reachability ?! Insane if you ask me! That means, when you get into the OSPF section, don´t worry about authentication, or area type, or things like that! Get the basics peering up and functional! Period!

That means, assign the correct router/interfaces in the correct areas, like area 0, area 1, and forget everything else, like stub, nssa, and others! Take one step at a time!

Look at your diagram and check the issues you could have to peer between the routers using OSPF... For sure the first thing that will cause us problems will be OSPF and Frame-Relay...

Oh yeah... just to remember, the Frame-Relay world has 3 different Frame-Relay interface types: Physical, Multipoint and point-to-point.

Now... as far as OSPF is concerned, we have 5 different network types. Out of that, either Multipoint and Physical Frame-Relay interfaces are both going to default to an OSPF Non-Broadcast Network Type.

On the other hand, the Point-to-Point Frame-Relay subinterface is going to default to a Point-to-Point Network Type in OSPF.

That can lead us to some mismatches, depending on the frame-relay network setup and topology. As Scott likes to say, little things to be looking at, but very important! :)

Match your network and interface types together! First of all, timers may not match if you try to mix different interface types!

There´s also the DR Router! We must take care to make our HUB router the DR! Also, if running over a Non-Broadcast link, don´t forget the broadcast parameter in the frame-relay maps, to have OSPF actually "working" on your network (even better, on your exam!). One piece of advice is, on a point-to-point subinterface this is enabled by default.

There are some tools (AKA debug) that we can use to check this "broadcast"  issue, like debug ip packet, if you get encapsulation failed, that pretty much tells you that there´s something missing (that could be the broadcast parameter in your maps, or some other kind of little thing we usually forget about).

Also, keep in mind the neighbor command! They may forbidden you from changing the network types, and things like that, we can always use the neighbor command to try to achieve neighbor relationship.

You MUST read your exam carefully and understand how it´s worded! It might tell you: don´t change the network type on the spokes, or on the HUB change to a network type other than broadcast! At the VoD Scott suggest us to start looking at the details, looking at the things that match, looking at the things that NEEDS to match in order to perform peer! Start thinking and choosing how you´re going to do stuff! A great advice!

Any interface that is Point-to-Something does NOT elect a DR, keep that in mind! But, Broadcast and Non-Broadcast will!

Broadcast - Elects a DR, and it has what we call fast timers,  10/40 sec (hello/dead) timers.

Non-Broadcast - Elects a DR, but has slow timers, 30/120 sec! It also works in the unicast fashion,  it "must" have the neighbor command! Very important! It MUST have it! In order to actually operate!

But the real question is: Can we mix and match those types?! If our spokes are Non-Broadcast, can we make the HUB Broadcast?! Sure! Absolutely! We´ll have to change timers, they need to match, either fast or slow, doesn´t matter, but they have to be the same at each end.

Also... the neighbor command... where to put it on this situation?! On this "scenario" the neighbor command goes into the spokes, even knowing that we may normally have to put them on the hub! If your HUB is in Broadcast type, the neighbor command is not accepted!

As long as the timers match, and your choices about the DR, we´re good to go!

Point-to-Point and Point-to-Multipoint, same thing, you can mix and match those if I want too, just adjusting timers!

Point-to-Multipoint Non-Broadcast (Cisco Proprietary) It assumes the same type of idea the point-to-multipoint does, uses the same slow timers and stuff, but, it must use unicast packets, that means, it uses the neighbor command ...

Now, in order to form a peering relationshipe, there are a number of things that needs to match!

Timers for example, it needs to match! We can change it! Like the OSPF Hello Timer, if we change the Hello Timer, the Dead Timer automatically changes (by the way, the Dead Timer can also be changed independently, to achieve any weird task if needed)!

Other things that must match:

MTU Size must match!

Area ID must match! That makes sense! We can´t peer an Area 0 guy with an Area 1 guy! :)

Stub Flag must match! Now, this highlights a very important rule in OSPF, one of the OSPF rules is that everybody in an Area must have the same database information! Well... what the Stub flag does?! It says a variaty of things, but it´ll tell your router it can´t have external routes as an example, what about the other router in the area, if it "wants" to have external routes!? Things are not going to work very well in this situation! Everybody MUST agree about the Stub Flag!

The same applies to Netmask! It´s important to know "we´re" all in the same network in there! There are some exceptions with Virtual-Links and Point-to-Point interfaces, don´t need to worry about that part, but, as we go through, all of these things have to match!

One very important thing is missing out of this list! That will be the DR!

Technically you can peer "something" that requires a DR with "something" that doesn´t requires a DR. However, things will be all messed up if we do that! In the DR world, somebody believes they´re in charge, and they´re the ones who can announce the routes officially!

On the non-DR network everybody has the right to announce routes, and that will mess up all of your database and reachability.

So, even knowing the DR is not a poart of the list here, you do have to match and agree to who is or is not the DR!

The neighbor command (we´re talking about it very much, don´t you think?!), is basically used when I can´t use multicast in order to get to the other side!

Technically it´s only necessary in one side of the connection, so, in a Hub and Spoke network I would probably use my Hub to put this. One place, put all the neighbors, keep life simple! But, this is not necessary! You can do it in the spokes if you want! You can do in both if you want! No big deal! But you have to have the neighbor command some place in order to initiate the conversation!

So, in our example, making the HUB Broadcast, and the Spokes Non-Broadcast, the neighbor command HAS to go on the spokes, the broadcast guy (the HUB in this situation) won´t even accept the neighbor command!

Your HUB will be sending out it´s multicast frames, no one will be talking back to it, and them, it gets an unicast from one of the spokes and says "Oh, ok! This is how you wanna talk?! Not a problem" and it´ll respond to that spoke.

Back in our example scenario... the neighbor command MUST be used in every spoke in order to trully operate! Once each of them initiates the unicast conversation the HUB will reply just fine, and everything will be working great! It takes a while, like a couple minutes, but it´ll happen just fine!

And that´s just the neighbor command!

Next post we´ll talk about the other features presented in the VoD, like loopbacks, DR, and MTU... I really gotta go now!

Nice weekend to everybody, and don´t ever give up! Keep going on your studies (check this wonderful post from Ethan Banks about this).


Friday, November 28, 2008

IPExpert R&S Dynamips Support + Everything IE!It seems Santa Claus is coming earlier this year! :)

IPExpert will be lauching Dynamips support to their R&S Track really soon! This is AWESOME news for anyone who doesn´t own a rack just like me! Follows the link for this post on their blog:

IPexpert to Announce Dynamips Support and  "Everything IE” Private Beta Launch

Also, EverythingIE will be launch in the following days! I´ve heard about it a few months back, and I´m really anxious  to check it out! An online community (like Facebook, Orkut and others) just for CCIEs! Really helpful! Check this comment from Wayne about this:


Wayne Lawson II says:

November 27th, 2008 at 1:41 pm

Caue - Thanks for the support - EIE will truly be an amazing resource and community for CCIE candidates. It’s essentially going to be Facebook, Linkedin, MySpace, Twitter, Meet up, Groupstudy, CCIEblog and Certification Talk / IEOC on steroids….Everything you need with a single login (and SPAM-free and heavily moderated so the community stays productive and valuable!) - many free resources, an “Ask the Expert” (online instructors), free labs, product giveaways, resume / job search (many recruiters assisting in placement), study groups (online) supported by the IPexpert team, etc - and we’re hoping that our competitors participate in this initiative so it’s truly a vendor-neutral meaningful community….more details to come soon!


Exciting, don´t you think?! I can´t wait to check it out!!!!!!!!!

Tuesday, November 25, 2008

Recomended CCIE Books from Jared Scrivener

I just saw this post from Jared Scrivener at IPExpert CCIE Blog, he makes a very good point! Most candidates (including myself) get so anxious to solve some labs that we forget to make a solid foundation with some quality reading!

Of course, we all have our strong and weak areas, but his point is, most of our weak areas correlates to the books we haven´t read!

This is a very nice statement! That´s why a CCIE preparation is a 18, 24 months adventure! We must feed our brain with enough information about technologies and them put the theory in pratice on our labs to check  HOW  everything works together!

Want to check his list?! Just follow the link to the post:

I would add some more books, but, probably he will have those included in the next post! Wonderful reading! Enjoy!

PS: I´m actually working on a OSPF post from IPExpert VoD. These OSPF videos are AWESOME! I´m just a bit delayed due to the HEAVY end-year workload I do have right now! :(

Friday, November 7, 2008

CCIE Command Memorizer low price for the first 500 canditates who signup!

I just received an email from (Mr. David Bombal) with GREAT news! The CCIE Command Memorizer (and all other tools available at his website) will be available for USD 9.99/month for the first 500 people who signup (regular price after that will be USD 29.90/month)!

This is a GREAT opportunity for those who want to know the tool, and how it works! A very nice move! You can try it for a month, if you like, you renew your subscription, if you don´t just cancel it! :)

Let me say this... I loved! Very nice tool, and it´s helping me in my studies, in fact, the CCIE Command Memorizer is key in my strategy (specially on the road)!

Oh yeah... The signup will not only give you access to the CCIE Command Memorizer, but to many other tools also!

Wednesday, November 5, 2008

What a "nice" way to do business! Thank GOD I didn´t bought from NMC!

To my surprise, this week while checking Sadikhov Forums (CCIE Other section), I saw many NetMasterClass customers complaining about their "products" being removed from their accounts! EVERYTHING, DOiTv2 Workbook, Video on Demand, Tech Library, everything!

WTH! Does the Cisco 360 Program gives the right to NMC to do that?! I would ask for my products back or a refund! I would NOT accept nothing less than that!

Oh my! Thank God I didn´t bought their Study Package (remember the slogan: This awesome study package will keep you busy enough bla bla bla...)... yeah! Right! It would keep me busy enough to try to have them back to my account!

So, if a company (NMC) sell their products to other company (Cisco), what happen to their customers?! Yeah... good question...

I wish more companies have the same police IPExpert and Internetwork Expert does regarding Investment Protection! That´s the way it should be!

You can check the original Sadikhov Topic by clicking here.

IPExpert Year End Special

Yeah! Year End Special from IPExpert!

IPExpert Blended Learning Solutions is priced at USD 999.99 again! At least for a while! Wonderful study package!

Today IPExpert just released a new Newsletter with some promotions for this year!


I will hurry up to grabe some more Rack Rental hours! :)

Tuesday, November 4, 2008

How to check your Diagram for potential Routing Loops

One of the most challenging tasks in the CCIE Lab is how to deal with routing loops, specially when dealing with redistribution. I still working my way through it and I still missing alot (any comments, thoughts, suggestions will be welcome!).

Anyway... I will not deal here (in this specific post of course) with the details about redistribution, and anything else. I will just check the topology for potential routing loops, and redistribution points! (and please, correct me if I´m wrong, ok?!).

Let´s check this diagram from IPExpert Workbook Vol. 3 - Lab. 1 (this Lab 1 is available for download at IPExpert Website, go get yours).


To keep things simple, forget that R4 Serial connection is also connected to R5 through Frame-Relay network, just pretend it is connected direct through Serial Interfaces, ok?!

So we have EIGRP, OSPF and RIP all over our topology, and guess which protocol was choosen to be in the Frame-Relay network?! Yes, you´re right! OSPF!

Anyway, checking it a little deeper, we can see that routers BB2, R4, R5 and R2 have direct connections and those routers are using RIP. Also, R1 and SW1 are using RIP between them! That should not take too long to be configured (depending on what is being asked), but probably not very challenge.

In the EIGRP "world" we have BB1, R6, R7 and R9 routers. Note that there are two interfaces between R6 and R9. Again, that also should not take too long to be configured depending on what the task is asking and the restrictions applied!

Now... OSPF! It´s being used between R2, R5 and R6 in the OSPF Area 256, and between R1 and R2 in OSPF Area 12.

Now that we checked the IPv4 IGP Routing Protocols in this diagram, we also need to verify it for potential Routing Loops. Check the bellow drawing:


Starting from BB2, to the top of the topology, we can see two loops in our network. One represented by the "ORANGE" arrows and the other by the "RED" arrows.

First, let´s analyze the loop in "ORANGE" between R6 and R9. It´s inside EIGRP AS679. So, this loop is "contained" inside one routing protocol. The routing protocol will deal with it. No worries!

Now... the loop between R2 and R5 (represented by the "RED" arrows). This one involves two distinct routing protocols! So we must take care when doing redistribution between those routing domains, either by using different Administrative Distance (AD), route-maps, access-list or any tool that we´re allowed to use to avoid it!

Regarding the redistribution points... we´ll need to redistribute routes in R2, R6 and "maybe" in R1, it´ll all depend on the connections!

Just keep in mind that, when dealing with routing loops we can have situations like:

Routing Loop with a single IGP: That kind of situation will not create a routing loop when redistribution is performed, because, it´ll be filtered by the IGP in use.

Routing Loops  with two or more IGPs:  In  this situation we´ll need to take care off "manually", using filters, maps, access-lists, and other tools when dealing with redistribution, avoiding for example that RIP domain learn OSPF routes, and them send those routes back to the OSPF domain!

This analysis seens simple, but try to do it in some different diagrams on your own to get more practice, I´ll do the same!

Later we´ll discuss the details involving the redistribution and the IGPs!


Friday, October 31, 2008

The "War" Begins again! Internetwork Expert major announcement and IPExpert Answer

Yesterday Internetwork Expert made their major announcement. You can check it out at their website. There are some very cool ideas over there. Here´s the direct link to the video:

Today Mr. Matt Brooks from IPExpert just answered IE´s announcement, and I must agree with him in some points, some of the "new" stuff of Internetwork Expert are out there on market for a while at IPExpert... like the CCIE Blog... Well... IPExpert is announcing it for a while now, and since it´s launch it´s a huge success! Here follows the link to the IPExpert answer, I would check it out if I were you, very nice observations:

Also, our biggest friend Mr. MIKE DOWN (yeah!) made a very nice post about this on his blog! By the way, sorry to hear that buddy! Didn´t knew about your house! :( I told you! Come down to Brazil! This is living! :) lol!

Anyway, Mike´s post (and blog) is a "must check out"! Here´s the link:

And... you know what?! Who wins at the end?! WE, Customers, Candidates! My wish is that IE, IPExpert, and others keeps on "war" making better products with lower prices! Just imagine if there were only 1 training company out there, what would happen?! Poor materials and high prices would be my guess...

So... watch out for the next events of this "Could War", at least, this one will bring only benefits to us all! :)

OH YEAH! Almost forgot about! Brian said something about Blogs that are not "neutral"... Well... I don´t think that there are blogs and/or bloggers actually bought by companies. I used to have IE´s banner over my blog, and now I do have IPExpert one, and NO ONE ever told me what to write about!

Maybe Brian just quick checked those blogs/bloggers he talked about, and had a feeling about it, I´m sure if he dig a little deeper he will change his opinion!

Tell me something... Who are the "EXPERTS" ?! I my opinion the EXPERTS are the vendors, better yet, the instructors who created the training material... Ok... So... They created the material in a way they know it´s good for us to learn! For instance, what´s the purpose of learning BGP before RIP?! Insane I would say! So... Probably those blogs/bloggers  are in the same situation as I am! I really LOVED the Video on Demand from IPExpert (not only for it´s High Quality, but actually for the idea behind it, you, the instructor a few power point slides and HOURS of information, what else you need?!)

So... to conclude... I´ve chosen to start my preparation with IPExpert Video on Demand... And I´ll finish it before doing anything else. Maybe a couple labs. But, that´s not the point... If my preparation right now is the IPExpert Video on Demand, what else could I blog about?! My cats?! Of course I will blog about those videos I´m watching! I do have Internetwork Expert Class on Demand, Workbooks, and what will happen when I start to use their products and blog about it?! Will IPExpert thinks that IE is buying me up for a few posts?! I don´t think so!

Now you ask me, Brian is lying?! Not at all! This is possible, companies CAN pay people to blog about their products... but what happens to those that are really USING it and ENJOYING it?! What is expected for this guy?! This is something to think about.

Anyway... If I can have a blog at Internetwork Expert WERE I can blog about anything (and I mean, any other company)  I want that would be cool! Otherwise, Blogspot and CCIE Blog are more than enough for me, because here, I´m free to talk about anything that I want! I feel just like in my home... FREE! ;)

PS: I know I´m away from the blog, but things are really CRAZY down here, I promisse I´ll take more time to blog things out! Sorry! :S

Thursday, October 23, 2008

Is the new Cisco 360 Training Program a new label to NMC products?!

That one sounded like a joke/hoax a while ago, but now that Cisco just announced the new Cisco 360 Learning Program for CCIE Routing and Switching it doesn´t sound like a hoax anymore!

Of course, until we actually see the Cisco 360 Training Program  in action we can´t assure nothing, but a couple things makes me think they partnered with NMC (NetMasterClass) and NMC products will be re-labeled or re-created/re-written as Cisco Official.

My question is... Why NMC?! Why not IPExpert, why not Narbik, why not Internetwork Expert?!

You may ask me WHY do I think they partnered with NMC... well... easy... First, couple months ago, I just don´t remember where, maybe on Sadikhov Forums or GroupStudy, I´ve saw a post regarding NMC partnering with Cisco.

Second... go to NMC Website and try to buy their DoITv2 Workbook! The same Workbook Ethan Banks used, and many others! By the way, it seens to be a WONDERFUL resource, I´ve checked their sample lab, and i liked it very much!

Their VoD also seens to be very good, but, unlike IPExpert or Internetwork Expert, NMC doesn´t have a FULL end-to-end Video-on-Demand program, they do have for some topics, but not for all of them!

The only doubt is... How expensive the new  Cisco Official Workbook will be?! Even better, will I be able to buy only the Workbook or I should get the FULL Training Program?!

By the way, the "old" NMC DoITv2 Workbook was priced at USD 300.00.


Available November 1st: Cisco 360 Learning Program for CCIE Routing and Switching

Designed to help high potential network professionals transform into certified network experts, the Cisco 360 Learning Program for CCIE Routing and Switching is the first Cisco authorized learning program for expert training. The Cisco 360 Learning Program for CCIE Routing and Switching prepares networking professionals for the challenges of managing sophisticated networks as well as the configuration and troubleshooting scenarios found on CCIE examinations.

The Cisco 360 Learning Program is a six-month blended learning experience incorporating advanced skills assessments, targeted learning modules, instructor-led training, mentoring and hands-on practice and assessement labs to accelerate expert-level competency. The Cisco 360 Learning Program will be made available through select authorized Cisco Learning Partners.

For more information, visit Cisco 360 Learning Program for CCIE Routing and Switching.


Wednesday, October 22, 2008

OSPF Virtual-Links

OSPF Virtual-Links are used to extend Area 0 to routers without direct connection to OSPF Area 0.

A diagram will help us to understand this requirement a bit better:

OSPF Virtual Link-C1

The link between R1 F0/0 and R2 F0/0 belongs to the Backbone Area, or Area 0. The Frame-Relay connection between R2 S0/0 and R3 S0/0 belongs to the OSPF Area 1. As far as R2 has a direct connection to Area 0 (through it´s F0/0 interface) no Virtual-Links are needed.

BUT, for example, if we create a Loopback Interface in R3, and place this Loopback Interface in OSPF Area 2, what will happen?!

R3 doesn´t have any connections to Area 0, it has connections to OSPF Areas 1 and 2, but not Area 0. Check this new diagram including the newly created Loopback Interface in R3:      

OSPF Virtual Link - C2

Hmmm... This situation will require the use of Virtual-Links between R3 and R2 using Area 1 as a "connection" to Area 0. In situations like this, where the router (in our case R3) has two or more interfaces in different areas, and none of those interfaces belongs to Area 0, we´ll need to use an OSPF Virtual-Link.

You may ask yourself:  why R3 S0/0 in Area 1 doesn´t need a Virtual-Link connection also?! It´s on the same router as the Area 2 Loopback Interface, so why R3´s Loopback in Area 2 need a Virtual-Link connection, but R3´s S0/0 interface in Area 1 doesn´t?!

The answer is simple, R3 is direct connected to R2 using Area 1, and R2 is connected to Area 0, so it´ll get advertised due to R2 connections! ;)

Without Virtual-Links Area 2 (in this situation) would never get advertised to either R2 and R1!

First, let´s go ahead and configure all routers according to our diagram (except by the Virtual-Links):


int f0/0
ip address
no shut
router ospf 1
network area 0


int f0/0
ip address
no shut
int s0/0
encapsulation frame-relay
ip address
frame-relay map ip 203 broadcast
no shut
router ospf 1
network area 0
network area 1


interface loopback 2
ip address
interface serial 0/0
encapsulation frame-relay
ip address
frame-relay map ip 302 broadcast
no shut
router ospf 1
network area 1
network area 2

Ok! The above configuration is done, let´s check the OSPF Neighbor Relationship and the IP Routing Tables of our routers:


R1(config)#do sh ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i-IS-IS, su-IS-IS summary, L1-IS-IS level-1, L2-IS-IS level-2
ia-IS-IS inter area, *-candidate default,U-per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

C is directly connected, Ethernet0/0
O IA [110/74] via, 00:00:00, Ethernet0/0

R1(config)#do sh ip ospf neig

Neighbor ID  Pri State    Dead Time  Address        Interface       1  FULL/DR  00:00:38   Ethernet0/0



R2(config)#do sh ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i-IS-IS, su-IS-IS summary, L1-IS-IS level-1, L2-IS-IS level-2
ia-IS-IS inter area, *-candidate default,U-per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

C is directly connected, Ethernet0/0
C is directly connected, Serial1/0

R2(config)#do sh ip ospf neig

Neighbor ID  Pri State    Dead Time  Address        Interface       1  FULL/BDR 00:00:30   Ethernet0/0       1  FULL/DR  00:01:43   Serial1/0



R3#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i-IS-IS, su-IS-IS summary, L1-IS-IS level-1, L2-IS-IS level-2
ia-IS-IS inter area, *-candidate default,U-per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

C is directly connected, Loopback2
O IA [110/74]via,00:00:24,Serial1/0
C is directly connected, Serial1/0

R3#sh ip ospf neig

Neighbor ID  Pri State        Dead Time  Address      Interface       1  FULL/DROTHER 00:01:56 Serial1/0

See?! Neither R1 and R2 have the Network from Area 2! That´s because R3 is not directly connected to Area 0! To solve that, we´ll need to configure a Virtual-Link between R2 and R3 using Area 1 as a "connection" to Area 0.

The command to do that is: area <area-id> virtual-link <rid of the router in the other end>, for example: R3 will have the following command added to it´s configuration: area 1 virtual-link . The same command (just changing R2´s rid by R3´s rid) needs to be configured in R2. To make things a little bit easier, here follows the configuration:


router ospf 1
area 1 virtual-link


router ospf 1
area 1 virtual-link

Oh yeah! If you´re unsure about the Router ID (rid) of the router, just issue a show ip ospf command and it´ll show you the Router ID, see below:

R3(config)#do sh ip ospf
 Routing Process "ospf 1" with ID
Supports only single TOS(TOS0) routes
Supports opaque LSA
Supports Link-local Signaling (LLS)
Supports area transit capability
Initial SPF schedule delay 5000 msecs

<output omitted>

Now, with the virtual-link configured between R2 and R3, let´s check again the OSPF Neighbor Relationship and the IP Routing Table of all our three routers:


R1(config)#do sh ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i-IS-IS, su-IS-IS summary, L1-IS-IS level-1, L2-IS-IS level-2
ia-IS-IS inter area, *-candidate default,U-per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is not set is subnetted, 1 subnets
O IA [110/75] via, 00:00:01, Ethernet0/0
C is directly connected, Ethernet0/0
O IA [110/74] via, 00:01:00, Ethernet0/0

R1(config)#do sh ip ospf neig

Neighbor ID  Pri State    Dead Time  Address        Interface       1   FULL/DR 00:00:38   Ethernet0/0



R2(config-router)#do sh ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i-IS-IS, su-IS-IS summary, L1-IS-IS level-1, L2-IS-IS level-2
ia-IS-IS inter area, *-candidate default,U-per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is not set is subnetted, 1 subnets
O IA [110/65] via, 00:00:10, Serial1/0

C is directly connected, Ethernet0/0
C is directly connected, Serial1/0

R2(config-router)#do sh ip ospf neig

Neighbor ID  Pri State     Dead Time  Address       Interface       0   FULL/-   00:00:33  OSPF_VL0       1   FULL/BDR 00:00:39  Ethernet0/0       1   FULL/DR  00:01:56  Serial1/0



R3(config-router)#do sh ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i-IS-IS, su-IS-IS summary, L1-IS-IS level-1, L2-IS-IS level-2
ia-IS-IS inter area, *-candidate default,U-per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

C is directly connected, Loopback2
O [110/74] via, 00:01:41, Serial1/0
C is directly connected, Serial1/0

R3(config-router)#do sh ip ospf nei

Neighbor ID  Pri State    Dead Time  Address       Interface       0   FULL/-   00:00:19  OSPF_VL1       1   FULL/BDR 00:01:47  Serial1/0

AH! Much better! Now ALL routers have ALL OSPF Routes in their IP Routing Tables! Our "hero" Virtual-Link solved our problem!

Another really usefull tip is... sometimes when you issue a show ip ospf virtual-link the output shows that the Virtual-Link is UP, but you see no communication going on, neither a OSPF Relationship established... well... sometimes that happens, to make sure that the Virtual-Link is "really" working, issue a show ip ospf virtual-link command and see if the output is just a portion of what it´s supposed to be (that will indicate a not working virtual-link) or if you have the full output. That can also be a temporary situation (while the link gets up). See the example of a BAD and a GOOD Virtual-Link output:

Virtual-Link with Problems (BAD):

R2(config-router)#do sh ip ospf virtual-link
Virtual Link OSPF_VL0 to router is up
  Run as demand circuit
  DoNotAge LSA allowed.
  Transit area 1, via interface Serial1/0, Cost of using 64
  Transmit Delay is 1 sec, State POINT_TO_POINT,
  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
    Hello due in 00:00:06


Working Virtual-Link (Good):

R2(config-router)#do sh ip ospf virtual-link
Virtual Link OSPF_VL0 to router is up
  Run as demand circuit
  DoNotAge LSA allowed.
  Transit area 1, via interface Serial1/0, Cost of using 64
  Transmit Delay is 1 sec, State POINT_TO_POINT,
  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
    Hello due in 00:00:08
    Adjacency State FULL (Hello suppressed)
    Index 2/3, retransmission queue length 1, number of retransmission 1
    First 0x65593B80(11)/0x0(0) Next 0x65593B80(11)/0x0(0)
    Last retransmission scan length is 1, maximum is 1
    Last retransmission scan time is 0 msec, maximum is 0 msec
    Link State retransmission due in 2986 msec

To finish, another useful command (not only to Virtual-Links, but to OSPF), is the show ip ospf interface brief. This command will show you a brief of all OSPF configured interfaces, with some other nice things to know!

R2#sh ip ospf interface brief
Interface   PID   Area  IP Address/Mask  Cost  State Nbrs F/C
Et0/0        1     0   10    DR    1/1
Se1/0        1     1   64    BDR   1/1

Seens a bit easier now, don´t you think?! :) I do!

Monday, October 20, 2008

IPExpert BIG Announcements! (With nice opportunities!)

Hmmm... I´ve stepped away for a couple weeks due to a very critical project to take care off and in my return we do have some big news!

The long awaited CCIE Blog from IPExpert was finally released! So cool man! Not a blogspot, wordpress or something like that! It´s a sacred place for CCIE´s and CCIE Candidates! You can create a blog, add your existing one, read, comment, everything related to the CCIE and technical topics you may want to!

There´s also some GREAT opportunities in this newsletter which you must check it out!

--  IPExpert October Newsletter --

October 20, 2008

IPexpert is a BETTER VALUE than Internetwork Expert... from the IT Industry's Leading Provider of Third-Party Validation

LAUNCHED: Create Your CCIE Blog or Add Your Existing Blog to the Directory for Great Visibility

OCTOBER SPECIALS... Two Weeks Left! Courses, Products and Rack Time

COMING 2009: IPexpert University -- Apply to Join Our Team!

2009 Public Course Schedule Released, Private On-Sites Available

IPexpert's Self-Study Workbooks are a MUST HAVE for CCIE Prep

Are You Located in Europe, Asia or Australia? Read This...

Exhaust Your 2008 Training Budget Before It's Too Late

CCIE Security Blended Learning Solution Now Shipping

Aggressive Discounts for Proctor Labs Rack Sessions -- ONLY 2 Weeks Left!

NEW: CCIE Voice Video on Demand Boot Camp (High-Definition!)

FREE Upgrade: CCIE Voice Audio Lecture on Demand (20 HOURS, iPod-Ready)

IPexpert-Sponsored Study Groups (all CCIE tracks)

Words from Your Peers: Actual CCIEs Tell You What Worked for Them

Developers Needed for CCDE and CCIE Wireless

Free Online vLectures -- Register Now!

Cisco CCIE "360 Degree" Program Announced

CCIE Security: Lab Blueprint Change Announced

Friday, October 10, 2008

IPExpert Special, must hurry up!

IPExpert is doing a wonderful job  helping candidates to achieve their goal, get CCIE Certified! Blended Learning Solutions is a POWERFUL tool to that (I really loved the approach IPExpert used, man, really, you don´t feel sleepy, or get bored, it´s like a regular bootcamp class, you must check it out), and for this week (and this week only), they do have this VERY NICE Special offer for their "Social Friends"!

Right now I can´t attend a bootcamp (for two main reasons, 1 - I´m not ready yet, even knowing I can buy it now, but attend it at a later date, and 2 - A travel to USA is not in my  "budget" right now), but the price is great! I paid more for my last CCNP course than they´re charging for this awesome bootcamp.

BUT! I´ll be able to enjoy the Proctor Labs promotion!  That is making all the difference in my studies! Hands on, is exactly what I need right now!

In fact, you all know that I´m a bit "away" from the blog for the last couple weeks, but be cool, next week will be way better for me. Too many projects to implement at the same time, consuming all my energy right now (I´m working almost  18hours/day for the last couple weeks), but that will end by next wednesday for sure, and I´ll back to my normal study/blogging routine! Thanks GOD!

I still amazed of how my wife still recognizing me! I´m spending more time at office than at home! If I keep doing that, eventualy she´ll lock me out! lol! :)

Anyway, you´ll be redirect to this IPExpert Promotion by Clicking Here. Act now and save HUGE $$! :) I will!


Special Offers for our "Social Network" Friends

Here are 1-Week ONLY specials (valid now through next Friday, Oct. 17) for our followers on Twitter, LinkedIn, OSL and the Training Advisor Blog...

Boot Camp Special:

Self-Study Product Special:

  • 50% OFF the Blended Learning Solution (R&S and Voice)... a $1,000 savings!
  • 10% OFF any other IPexpert product, any track!
  • To take advantage of this offer, email for instructions.

Proctor Labs Rack Rental Special:

  • DOUBLE YOUR MONEY on Proctor Labs online rack rental (R&S, Voice, Security, Service Provider). When you purchase a 10, 25, 50 or 100 session bundle, you will get twice as many at the same price!
  • To take advantage of this offer, email for instructions.

* Notices:

  • Cannot be combined with any other discounts / promotions.
  • New registrations / purchases only.
  • Valid for IPexpert-delivered publicly-offered courses only.
  • All orders and registrations must be received with payment in full by 5:00pm Eastern, October 17, 2008.


Monday, September 29, 2008

SDM - Switch Database Modifier

SDM is used for memory management on your switches. Anytime you hear the "Memory Management"  keyword  that means SDM in your switches.

Switches comes with a finite amount of memory, and, you may need to optimize your switch  to support all L2/L3 memory requirements for a specific type of traffic.

It brings us many possibilities of how we´re going to use the switch memory! But, the real question is... how to do it?!

We got default profiles, just keep in mind, no matter which profile you choose, it won´t break your lab, on the other hand, it can bring serious damages to a real network! So, always, plan before configuring anything!

The SDM Templates are used to optimize the switch for specific features, for IPv4 we have:

  • Access — The access template maximizes system resources for access control lists (ACLs) to accommodate a large number of ACLs.
  • Default — The default template gives balance to all functions.
  • Routing — The routing template maximizes system resources for unicast routing, typically required for a router or aggregator in the center of a network.
  • VLANs — The VLAN template disables routing and supports the maximum number of unicast MAC addresses. It would typically be selected for a Layer 2 switch.

So, anytime we change the SDM, which by the way, it´s the only command about Memory Management, we MUST reload the switch in order for to take effect! This is very important! If you do not reload the switch, and the proctor issue a show sdm and it shows it´ll be "routing"  on next reload, you lost your section points!

The configuration is pretty straight-forward, for example, to optimize routing, we use the global configuration command sdm prefer routing and that´s it, check this example:

Switch(config)# sdm prefer vlan
Switch(config)# end
Switch# reload
Proceed with reload? [confirm]

DO NOT forget to reload! Otherwise it won´t take effect! If you issue a show sdm before the reload, your output will look pretty much like this one:

Switch# show sdm prefer
 The current template is "desktop routing" template.
The selected template optimizes the resources in
the switch to support this level of features for
8 routed interfaces and 1024 VLANs.
  number of unicast mac addresses:            3K
  number of igmp groups + multicast routes:   1K
  number of unicast routes:                   11K
    number of directly connected hosts:       3K
    number of indirect routes:                8K
  number of qos aces:                         512
number of security aces:                    1K
 On next reload, template will be "desktop vlan" template.

Not difficult at all right?! More information can be found at:

Wednesday, September 24, 2008

He´s back ladies and gentleman!

Our friend, Mr. Mike Down, is back with his new blog I Don't Wanna Be a CCIE! Most of you had the chance to speak with him before, some of you don´t, but know that: HE´S THE MAN!

As usual he knows what he´s talking about, and how to do it!

I would follow his posts closely, as he knows everything inside out from the "backstages" of the CCIE and the CCIE Training World! And that´s cool!

Brother, welcome back, and count with me for anything you ever need! I´m here, no matter where you are, or to who you work, I´m your fan! ;)

Tuesday, September 23, 2008

Don´t believe "only" in the show run (in my case, in the show conf)

Hmm... buddy! Let me tell you something... don´t believe only in the show run, always check every parameter involved using other show commands...

Why do I say that?! Last weekend, during a new WS-3750 installation for user access, I faced a little problem... Two core´s, and my new access switch, with links to both Core Switches. Trunk was limitted only to the management vlan to avoid any problems during the intervation.

In order to avoid any other problems, I´ve increased to Spanning-Tree cost to 25 in both uplinks (1Gbps) from the access switch to the cores.

So far so good! Installation done with the first core, ok, let´s connect the second! Hmmm... lost access, let me try again, ok, accessing normal, so what happened?! Root Port from Core 1 changed to the Access Switch?! Why?!

That´s when I´ve found that one of the Core Switches had  spanning-tree costs of 3004, 3019... WTH! Quick show conf (yes, it is CatOS), the Core was configured with UpLinkFast...

No biggie, changed spanning-tree cost, path went back to normal, and everything else was good! Customer will check how and when to remove the UpLinkFast configuration.

If at any time, I´ve checked the spanning-tree with show commands (not the show conf), I would see that, but... living and learning, right?!

Now I do know why some guys don´t like to do a show run, they preffer to check with other commands, I think they´re right... ;)

Sunday, September 21, 2008

September edition of the CCIE Flyer just released!

The wonderful CCIE Flyer from Emmanuel Conde (CCIE Agent) was just released!

Man, I must say, they know what they´re talking about! I almost cried reading the article "Build a CCIE Workshop" from Emmanuel, I must agree with him that everything in there is TRUE!

Also, mr. Scott Morris wrote a fantastic article called "CCIE Training - First Day Preparations", a must read!

Plus many others! You must check it out! I just finished reading through everything, and I loved! Well... who will expect less than a AWESOME job from Emmanuel, right?! Emam, YOU´RE THE MAN!

-- Click here to be redirected to the  CCIE Flyer --

Friday, September 19, 2008

Storm-Control everything you need to know

Another part of the IPExpert Security Video-on-Demand, Storm-Control!

Storm-Control can be used to limit, or to set thresholds for different types of traffic (Broadcast, Multicast and Unicast) on a specific interface you choose (or that you´re asked for). ;)

You can set your threshold to whatever the top level that you want, and the traffic will be limit to that. Also, on 3560 Switches you can set falling thresholds too! Basically it is telling the switch how much traffic do I want (or don´t I want) through that interface.

Now... to the tricky part... just suppose you want to limit the broadcast/multicast traffic in a specific interface... how would you set?! Would you allow more Broadcast traffic than Multicast?!

Hmm... good question, let´s step back for a while... What´s a Layer 3 Broadcast?!

A Layer 3 Broadcast can be the "All Hosts" which is the, or it can be a "Subnet Brodcast", for example is the broadcast IP of the /24 subnet;  just keep in mind that if the actual subnet mask change, the Broadcast IP will also change too!

Now... how about Layer 3 Multicasts?! What those guys are? 

Layer 3 Multicasts, known as Class D also, begin with the binary value of 1110 in the first octet. It goes from 224.x.x.x to 239.x.x.x. Also, at Class D we don´t have concept of subnetting of or broadcast reachability! So Broadcasts and Multicasts at "Layer 3" have nothing to do with each other.

Ok! With all that in mind, can you make a decision on how to configure the Storm-Control in one of your switch ports to limit the Broadcast / Multicast traffic?! Not that fast right?! There´s another wonderful world outside "Layer 3" it´s called "Layer 2" ! :)

At Layer 2, Broadcasts are know as "All F´s" FF-FF-FF-FF-FF-FF, this address represents all devices in a Layer 2 network, we all know that since the CCNA days, so, no big deal!

Now... The Layer 2 representation of IP Multicasts all begin with 01-00-5E. And there´s one specific bit in the MAC Address that defines whether or not it´s a Multicast, the I/G bit!

Take a look at the MAC Address format:


So, like our friend Scott Morris likes to say, the least significant bit of the most significant byte is the I/G bit! And looking at our Multicast Address 01-00-5E (in binary 0000 0001-0000 0000-0101 1110)  we can see that this I/G bit is set to 1 in EVERY Multicast!

In that case, the I/G bit defines a Multicast when it´s set to 1, but, how about the Broadcasts?! All bits in a Layer 2 Broadcast are set to 1 (including the I/G bit), so, Layer 2 Broadcasts, in fact, ARE a subset of Layer 2 Multicasts.

All Layer 2 Broadcasts are Multicasts.

All Layer 2 Multicasts are not Broadcasts.

With that in mind, when configuring Storm-Control in a switch port, and, if you´re setting limits to both Multicast and Broadcast, you should set Multicast limit HIGHER than the Broadcast limit (at least set they equal, but never set the Multicast level to be less than the Broadcast level, otherwise, either Broadcasts and Multicasts will be limited by the Multicast level, making pointless the Storm-Control configuration for the Broadcast!).

It´s configured on a per-interface basis, here´s the command list:

(config-if)#storm-control broadcast level (#)[.(#)]
(config-if)#storm-control multicast  level (#)[.(#)]
(config-if)#storm-control unicast level (#)[.(#)]

Level is % of line as maximum threshold
Level 100 would permit everything
Level 0.0 would disable the frame type

The following example will enable Unicast Storm-Control on a switch port with an 89% rising suppression level and a 67% falling suppression (remember, falling suppression can only be configured in 3560). It´ll also enable Broadcast Storm-Control on a port to a level of 20%. When the Broadcast exceeds the configured level of 20% of the total available bandwidth of the port within the traffic-storm-control interval, the switch drops all broadcast traffic until the end of the traffic-storm-control interval:

interface gigabitethernet0/1
storm-control unicast level 89 67
storm-control broadcast level 20

Just remember, Multicast levels (which includes more things) must be higher, or at least equal, to the Broadcast levels when configuring Storm-Control!

You can use the show storm-control command to verify the operation!

Nice! :)

More information available in do following Websites:

Wednesday, September 17, 2008

Virtual Tour - CCIE Lab: A "must" see video!

I was checking one of my favorite CCIE resource on the Web, Sadikhov Forums -> CCIE Other, a very nice section to be checked once and a while! In there I´ve found a post from our friend Stacky about a very nice video in Cisco Website: Virtual Tour - CCIE Lab!

The video is 3 min long, but it´s AWESOME! At least you´ll get to know what you´ll face in the lab day, and how it looks like!

I do recomend to everybody, if you have a chance, check it out!

Here´s the link, it´s the third video in this page:

Certifications Connect - Becoming a CCIE

Thursday, September 11, 2008

IPExpert Blended Learning Solutions - Promotional Price ending soon!

For those who wants to get the awesome IPExpert CCIE R&S Blended Learning Solutions, I advise to act now! The price will increase soon, it´ll still the lowest price on the market, but why pay more, if you can have it now for USD 999.99 ?!

Talk to sales guys, they will clear any doubt you have, and there are many reviews about it over the internet! Just check it out!

I must say, the product is fantastic! Nothing like that! They use a different approach, not slide after slide, but a full motion movie, you, and the instructor! Very informative!


LAST MONTH for Blended Learning Solution Giveaway Pricing -- BUY NOW

The past two months has been an exciting time. Since we began our promotion offering our newly-created, ground-breaking Blended Learning Solution™ products for only $999, we have shipped nearly 1,000 of them to CCIE candidates around the world!

However, there are less than 2 WEEKS LEFT of this rock-bottom pricing for this unmatched level of training materials! On Monday, September 22, the prices for the Blended Learning Solution products will double, rising back to the level representative of the massive amount of quality materials delivered in this offering.

The message is, if you were planning to buy CCIE training materials, DO IT NOW and take advantage of a value unseen before anywhere.,bb3NCpTF