|
CCNA is basically Intro to Cisco, so I'm not surprised by the number of Cisco Centric questions you encountered. I doubt there will be anything about BGP except something like "Which of the following are routing protocols?" There should be 2 "lab" questions which you shouldn't have a problem with and probably some basic questions about VLANs and STP.
|
# ? Oct 23, 2012 15:58 |
|
|
# ? May 30, 2024 14:17 |
|
There's a thread for IT certifications and things here: http://forums.somethingawful.com/showthread.php?threadid=3117356
|
# ? Oct 23, 2012 17:26 |
|
Kaluza-Klein posted:Can I ask CCNA questions in here? In my experience, test exams tend to be more difficult than the actual exam is. The test Cisco includes in their official book is exceedingly difficult. Also, keep in mind that the first C in CCNA stands for Cisco, so you'll get tons of Cisco specific questions. With that said, I took my test about two months ago and failed it. 800 out of 825. 100% on NAT and ACL. 33% on the basics. I hate that you can't go back and work on any other questions. ed 9tut is a pretty solid study guide and is the closest to the actual test, though some of the stuff on the site is a little dated.
|
# ? Oct 23, 2012 18:56 |
|
Someone already mentioned the Exam Cert thread so have a look in there, but my $0.02 while you are here: When you learn any body of knowledge there will be areas that can be covered that you won't be too familiar with, or won't be examined as much, or cannot be tested thoroughly. Don't freak out if there is a series of tests that go in depth on topics which might be in the exam but aren't a major focus of it. DO dumps, examcollection.com, 9tut.org even though you feel you know your stuff or might have an ethical problem with doing the dumps. DON'T freak out if you don't know the inner workings of CDP or some smug rear end in a top hat throws some BGP into a CCNA test when it should be in CCNP.
|
# ? Oct 23, 2012 19:28 |
|
Uh, so, I just received a refurbished 2950G-48-EI, and I set it all up. Passwords, SSH, all the initial stuff. I spent a few days fine tuning the configuration, copied it all to the startup config, then I unplugged it since it's not going into production yet. I plug it back in today, hop on the console port, and the entire thing has reverted itself to default. The startup config is bone stock, and I'm the only IT at the company. What in the gently caress? I thought this thing uses non-volatile ram, AKA flash memory? How in the holy hell is this possible? Now, I saved my configuration so it's not a huge problem to put it back, but you can see why this is a little unsettling.
|
# ? Oct 23, 2012 19:30 |
|
Check the configuration register by doing 'show version'. It's probably not what it should be.
|
# ? Oct 23, 2012 19:47 |
|
Did you actually save it? wr or copy run start ?
|
# ? Oct 23, 2012 19:47 |
|
Zuhzuhzombie!! posted:In my experience, test exams tend to be more difficult than the actual exam is. The test Cisco includes in their official book is exceedingly difficult. You received a 97% and did not pass? oh my. edit: Do the little terminal interfaces in the exam have tab completion and help?
|
# ? Oct 23, 2012 20:18 |
|
jwh posted:Check the configuration register by doing 'show version'. Cisco Internetwork Operating System Software IOS (tm) C2950 Software (C2950-I6K2L2Q4-M), Version 12.1(22)EA8, RELEASE SOFTWARE (fc1) Copyright (c) 1986-2006 by cisco Systems, Inc. Compiled Fri 12-May-06 19:04 by myl Image text-base: 0x80010000, data-base: 0x8067A000 ROM: Bootstrap program is C2950 boot loader Switch uptime is 1 minute System returned to ROM by power-on System image file is "flash:/c2950-i6k2l2q4-mz.121-22.EA8.bin" cisco WS-C2950G-48-EI (RC32300) processor (revision P0) with 19959K bytes of memory. Processor board ID FOC0831W0ZV Last reset from system-reset Running Enhanced Image 48 FastEthernet/IEEE 802.3 interface(s) 2 Gigabit Ethernet/IEEE 802.3 interface(s) 32K bytes of flash-simulated non-volatile configuration memory. Base ethernet MAC Address: 00:11:BB:02:8E:40 Motherboard assembly number: 73-7409-12 Power supply part number: 34-0965-01 Motherboard serial number: FOC08310ZUX Power supply serial number: DAB0828C41M Model revision number: P0 Motherboard revision number: A0 Model number: WS-C2950G-48-EI System serial number: FOC0831W0ZV Configuration register is 0xF Powercrazy posted:Did you actually save it? I got this exact output below like 20 times while configuring the switch: Switch#copy run start Destination filename [startup-config]? Building configuration... [OK]
|
# ? Oct 23, 2012 20:21 |
|
E: Nevermind. A "show boot"? Something is weird in the boot up sequence probably. GOOCHY fucked around with this message at 20:27 on Oct 23, 2012 |
# ? Oct 23, 2012 20:25 |
|
code:
Edit: is "BOOT path-list:" supposed to be blank? I'm only working on my CCNA so I'm not exactly a router ninja, but from Googling around it doesn't seem right. Zero VGS fucked around with this message at 22:14 on Oct 23, 2012 |
# ? Oct 23, 2012 21:18 |
|
Zero VGS posted:
It's fine, if it's empty IOS just boots the first image it finds. What does: more flash:/config.text show jwh posted:Check the configuration register by doing 'show version'. Fixed config catalyst doesn't use confreg to bypass startup config, you have to break it and do the whole flash_init load_helper rename flash:/config.text flash:/config.old deal
|
# ? Oct 23, 2012 22:35 |
|
You're right, I didn't even make the connection to the platform.
|
# ? Oct 24, 2012 16:40 |
|
I have a good question: I finally got my ASA5515-x's in and setup, got my Anyconnect SSL vpn working, and hit a problem I am hoping there is a simple answer to. It's actually 2 questions now that I think about it- First, I can not seem to resolve hosts by name when connected to the VPN- except for my Server 2008R2 boxes which are on the domain. (The rest of the workstations are not yet on the domain.) Why can I resolve my domain.local Hosts, but not workstations? Second- I can not access other vlans. I can access everything on the Office Vlan- which hosts the ASA and my HP 5406zl L3 switch which takes care of my Inner-Vlan routing. I think this has to do with me using split tunneling. For any device on the network, its default gateway must be the Vlan's IP for it to talk with other Vlans. With split tunneling, there does not appear to be a default gateway. When I disable split tunneling, there is no internet access. I have not tried checking if I can access other vlans though. I will check this weekend. Any input is welcome! Thanks!
|
# ? Oct 25, 2012 21:58 |
|
Once the ssl vpn is up, can you ping anything beyond the directly connected inside subnet on the ASA? I have vague memories that of needing to set a default route for vpn clients pointed to something on the inside interface. It was via a command other then a typical 'ip route whatever'.
|
# ? Oct 26, 2012 00:55 |
|
Anyone using MPLS-TE in their environment? If so, do you use auto-tunnel?
|
# ? Oct 26, 2012 01:50 |
|
the spyder posted:I have a good question: I finally got my ASA5515-x's in and setup, got my Anyconnect SSL vpn working, and hit a problem I am hoping there is a simple answer to. This may not actually help much, but if the workstations aren't on the domain and you're able to resolve them on the LAN, they're resolving locally via a method - DNS, netbios? - that isn't available to the VPN client, either because it's not on the LAN, can't connect or isn't being provided the resource via the VPN. I don't have direct ASA/Anyconnect admin experience, so grain of salt and all, but I know you can provide routes for the client in terms of what resources it should route to via the VPN. Add the specific routes you need for your other networks with the proper gateway for the VPN. Or be lazy and just add all the private ranges as their /8, 12, 16 supernets. Since any more specific LAN route would still be the longest match, the only potential issue would be if someone connected from a network where the admin was silly enough to use one of those supernets for the actual local LAN. I'm sure it'll happen if you do this. tortilla_chip posted:Anyone using MPLS-TE in their environment? If so, do you use auto-tunnel? I've not seen auto-tunnel in use. I'd have to do more research on it, but the purely dynamic features (e.g. when not building manual tunnels) sound a lot like trying to have RSVP do things your IGP was made for. I would recommend serious consideration of what benefits you'd be getting out of a feature like this. Any complexity you add (network/system overhead here for sure) should have clear gains to some combination of reliability, uptime and ease of administration.
|
# ? Oct 26, 2012 08:10 |
|
the spyder posted:I have a good question: I finally got my ASA5515-x's in and setup, got my Anyconnect SSL vpn working, and hit a problem I am hoping there is a simple answer to. 1st one - if you don't have a WINS server the machines will need to be registered in DNS. 2nd one - Does your L3 switch have a route for the VPN subnet pointing to your ASA? There is no default gateway because the VPN application injects static routes into your machine based on your split-tunnel ACL.
|
# ? Oct 26, 2012 12:54 |
|
tortilla_chip posted:Anyone using MPLS-TE in their environment? If so, do you use auto-tunnel? I don't but then again my MPLS environment is pretty small. I'd imagine that you would only see benefits from that feature if you had a large number of highly Meshed P routers such as in a large ISP cloud or equivalent, with highly erratic traffic patterns between the various customer sites. Otherwise manually defining your tunnels seems much preferable.
|
# ? Oct 26, 2012 17:07 |
|
So the challenge I have is we have a core ring with a few subtending rings. I'd like to take advantage of FRR without having to define n^2 manual tunnels.
|
# ? Oct 26, 2012 17:48 |
|
tortilla_chip posted:So the challenge I have is we have a core ring with a few subtending rings. I'd like to take advantage of FRR without having to define n^2 manual tunnels. Are you dealing with actual traffic engineering? E.g. something like multiple paths with destinations installed in separate LSPs to distribute load/guarantee bandwidth availability for specific uses? If you're not, create your tunnel with the destination/loose hop and let your IGP manage your paths and re-route. Edit: Basically, if you're not actually using TE, then you're over-complicating your network with manual LSPs in the first place. If you are doing TE, then it depends pretty heavily on your topology, how many LSPs you're dealing with, what you're using them for, if you have real resource requirements etc. rattrap fucked around with this message at 18:08 on Oct 26, 2012 |
# ? Oct 26, 2012 17:57 |
|
The goal would not to be to take multiple paths. The traffic I'm most concerned with is Metaswitch (SS7oIP). I'd like to have it take the shortest path over a ring (easy with IGP only). However, in the case of a link failure I'd like to have the "long path" LSP presignaled and ready to failover. Everyone wants SONET. No one wants to pay for it.
|
# ? Oct 26, 2012 18:22 |
|
Why wouldn't BFD work?
|
# ? Oct 26, 2012 18:34 |
|
Can't get down to <=50ms convergence.
|
# ? Oct 26, 2012 18:35 |
|
tortilla_chip posted:Can't get down to <=50ms convergence.
|
# ? Oct 26, 2012 22:52 |
|
ragzilla posted:L3vpn or l2vpn? Looked at v4 loop free alternate? We provide both types of services. Unfortunately LFA isn't an option due to some of the hardware platforms we're running.
|
# ? Oct 26, 2012 23:10 |
|
tortilla_chip posted:Can't get down to <=50ms convergence. I hope that's not what you're aiming for in total time between fault and reroute - for the sake of your sanity. That's a ludicrously tight time frame. If so, sort of comedy option: spring for a contract with access to Advanced Services and have Cisco help you engineer it. Boatloads of money gets spent for those kinds of convergence times. Presumably, you're using bfd signaling for the tunnels since I don't think you can even get sub-second hello intervals without it? I've discussed bfd intervals with both Juniper and Cisco engineers and they're pretty wary of suggesting sub 250-300ms intervals in most cases because of false positives. If you really have the hardware and network to handle it, I'm sure you can get those a lot tighter, but sub-second is generally considered very good. Auto-tunnel features might help you cut out a lot of manual config if you're set on pre-signaled backup tunnels for fault tolerance. From my interpretation of the documentation, though, this is for individual link/node protection in general, not simply creating a backup to an entire manual LSP - maybe I'm reading into it wrong, it's hard to tell sometimes with Cisco's documentation. Anyway, if that's true, there's something important to consider if you're dealing with a true ring topology. It would mean that at the point of failure, your traffic through that backup NHOP/NNHOP tunnel is going to traverse the entire ring to reach the next node. In that kind of topology, you'd be better served with manual backup tunnels from the ingress nodes to the destination.
|
# ? Oct 27, 2012 06:15 |
|
Anyone have experience with the 4900M? I am thinking about picking up a pair for our DR site, since I can get two with all the necessary hardware for 8 hosts of 10Gbe for under $20k.
|
# ? Oct 29, 2012 03:33 |
|
For an environment that has maybe 40 subnets, and routing is done mainly by one L3 switch, a firewall and 2-3 other devices - should we keep to static routes or should we learn how this RIP/OSPF/whatever magic works and use that?
|
# ? Oct 29, 2012 08:50 |
|
zapateria posted:For an environment that has maybe 40 subnets, and routing is done mainly by one L3 switch, a firewall and 2-3 other devices - should we keep to static routes or should we learn how this RIP/OSPF/whatever magic works and use that? First: don't use RIP. It is dead. Second: it is very easy to start implementing OSPF now that everything is still small. Implement it now and reap the benefits later. It really isn't that hard for basic implementation.
|
# ? Oct 29, 2012 09:46 |
|
Jelmylicious posted:First: don't use RIP. It is dead. No it's not. No, it doesn't scale, but I know of a number of smaller shops that use it because it meets their requirements and it works for them. zapateria posted:For an environment that has maybe 40 subnets, and routing is done mainly by one L3 switch, a firewall and 2-3 other devices - should we keep to static routes or should we learn how this RIP/OSPF/whatever magic works and use that? Again this is a matter of scale, and you kind of answered your own question. Don't add more moving parts if you don't have to. If you see adding more routing devices/subnets/etc then yeah it may make sense to look into dynamic routing, but if that's not on the horizon, don't needlessly add complexity.
|
# ? Oct 29, 2012 10:23 |
|
Jelmylicious posted:First: don't use RIP. It is dead. Second: it is very easy to start implementing OSPF now that everything is still small. Implement it now and reap the benefits later. It really isn't that hard for basic implementation.
|
# ? Oct 30, 2012 13:26 |
|
zapateria posted:For an environment that has maybe 40 subnets, and routing is done mainly by one L3 switch, a firewall and 2-3 other devices - should we keep to static routes or should we learn how this RIP/OSPF/whatever magic works and use that? If it's Cisco then just use EIGRP.
|
# ? Oct 30, 2012 15:08 |
|
Zuhzuhzombie!! posted:If it's Cisco then just use EIGRP. Unless you need EIGRPs features (unequal cost load balancing) I'd stick to OSPF in case you need to add other vendors in your network.
|
# ? Oct 30, 2012 15:20 |
|
ragzilla posted:Unless you need EIGRPs features (unequal cost load balancing) I'd stick to OSPF in case you need to add other vendors in your network. Yeah, probably the better idea thinking about it in the long run. Is there no SDM profile/template on a 7609?
|
# ? Oct 30, 2012 17:17 |
|
It's a HP/Cisco environment so EIGRP is out. I'll probably stick with static routing since OSPF requires a premium license and while we do get new subnets now and then, it's not more than we can handle manually. I have a few spare boxes now though so I'll set up a lab just to see how it works. Do we have a "critique my network design" thread btw? We have a terrible spaghetti-network here I'm trying to redesign, but I don't have alot of know-how or experience. zapateria fucked around with this message at 17:30 on Oct 30, 2012 |
# ? Oct 30, 2012 17:27 |
|
Zuhzuhzombie!! posted:Is there no SDM profile/template on a 7609? Not to my knowledge, but ragz would know for sure. I think the way the tcam is allocated is probably largely dependent on the supervisor.
|
# ? Oct 30, 2012 18:05 |
|
You can change TCAM allocation on the Sup720. This shows the current allocations: sh mls cef max And you can change the AF split with: mls cef AF # Reboot is required.
|
# ? Oct 30, 2012 18:32 |
|
Zuhzuhzombie!! posted:Yeah, probably the better idea thinking about it in the long run. There's no SDM for feature activation like 3560/3750 but you can change the v4/v6 TCAM carve as tortilla mentioned.
|
# ? Oct 30, 2012 18:36 |
|
|
# ? May 30, 2024 14:17 |
|
DeNofa posted:Seconding this. The only thing RIP is good for is learning what a routing protocol is. Please do not use it. A basic OSPF or even EIGRP setup will be just as simple as RIP but your convergence time will be measured in seconds instead of years. yeah true RIP timers can't be tuned at all edit: zapateria posted:It's a HP/Cisco environment so EIGRP is out. I'll probably stick with static routing since OSPF requires a premium license and while we do get new subnets now and then, it's not more than we can handle manually. I have a few spare boxes now though so I'll set up a lab just to see how it works. EIGRP is terrible in its own regards so even if you were all Cisco (and your network was sized as more than 10 routers) I'd still vote for OSPF. I doubt a separate thread for network design would be useful so I'd vouch for just putting it ITT atticus fucked around with this message at 21:51 on Oct 30, 2012 |
# ? Oct 30, 2012 21:48 |