Posts Tagged ‘ccie blog’

Status Update

December 22, 2012 Leave a comment

I am studying hard for my next attempt! I am feeling that I am improving and I am getting closer. I also want to say that when I was in San Jose in November I attempted the INE CCIE R&S bootcamp taught by Brian Dennis and it was fantastic. I have learned so much from this bootcamp. I don´t want to make a review on the bootcamp as there are quite few on the Internet already but I just want to say that Brian Dennis is a really good teacher apart from being a 5xCCIE! He is a great person which loves what he is doing. Actually I was not expecting too much from the bootcamp because I have been disappointed in the past by many teachers but I have to admit that this time I have been amazingly surprised by the quality of the teaching. When I am studying I always remember some moments from the bootcamp where Brian was explaining how things work and why they work this way. Actually when I did my first attempt I used different techniques that I have learned during the bootcamp. For example, it may sounds really basic but you should always make sure to have IP connectivity before starting to configure any routing protocols by pinging on all the devices and compare the results with your L3 diagram. It can save you some time later!

So thanks INE and Brian for delivering such a quality training 😉


Basic NAT

December 19, 2012 1 comment

In this post I would like to demonstrate how NAT works on Cisco IOS router and more particularly what is the order of operation process when using Domain-based NAT vs. Nat Virtual Interface (NVI). As usual, to highlight the different configuration examples throughout this post I will use the following topology:



Let´s imagine that R1 is simulating a virtual PBX (also known as Hosted PBX.) located in the Voice provider network. This VPBX needs access to R5 (which is simulating a Lotus Notes server) in order to synchronize the different information for calendar, contacts, etc. Here are the following requirements from the customer:

  • The customer doesn´t want to run any dynamic routing protocols between its network and the Voice provider network
  • The customer wants the implementation of the solution to be as transparent as possible.
  • The voice provider must only have access to the lotus notes (represented by R5 in this scenario).
  • The voice provider must not be aware of any internal networks located at the customer site.
  • The Voice provider has installed a tiny software client on each PC located at the customer site on the network in order to send information to the VPBX. This software should be able to reach the VPBX (simulated by R1 in this scenario) without having any routing information regarding the Voice provider network.

Read more…

Basic Multicast part 6 – Anycast RP

December 1, 2012 2 comments

Continuing with Multicast topics I will talk this time about Anycast RP. Anycast RP is used for RP redundancy. As I explained in my previous posts on multicast it is possible to have RP redundancy with Auto-RP by defining multiple RP servicing the same multicast groups (the RP with the highest IP will be selected as the active RP for a specific group by the MA). PIM BSR can also be used for RP redundancy and the process is the same as with Auto-RP apart from the fact that the BSR router doesn´t elect which RP is active for a specific group. In both cases the failover delay is based on the RP/BSR/MA advertisement intervals which are not fast by default (up to 60 seconds). So the whole point with Anycast RP is that the failover is based on the IGP running in the multicast domain which can be really fast (especially when using Bidirectional Forwarding Detection).

 For this post I will use the same topology as the other multicast posts:


Scenario: R4 and R2 will be configured as static RPs sharing the same IP address. An MSDP session will be established between R4 and R2 in order to synchronize source IP information


 RPs: R4 and R2 with IP


 Platform/IOS: Cisco 2691/12.4(15)T11 Adv IP services

 All the routers in the PIM SM topology are configured with PIM SM. For this post I will only use static RP assignment as it is the most commonly used method for group-to-RP mapping due to its deterministic nature. Auto-RP or PIM BSR could also have been used.

Read more…

Basic Multicast part 5 – PIM SSM and SSM mapping

November 28, 2012 3 comments

Continuing with Multicast topic I will talk this time about PIM SSM (Source Specific Multicast RFC 3569) and SSM mapping. In my previous posts on Multicast I demonstrated how to configure PIM DM/SM which uses IGMPv2 for host to router signaling. PIM DM and SM are known as “Any Source Multicast” or ASM. The receivers are willing to receive multicast from any source which is why a RP is needed in order to allow the receivers to discover new sources. With PIM SSM the concept is different as the receivers signal which source they want receive multicast traffic from by using IGMPv3 which means that RPs are not needed and the multicast routers in the multicast domain will only build shortest-path trees (SPT).

 For this post I will use the same topology as the other multicast posts:

Scenario: The Multicast source will send two streams, one for the multicast group and one for the multicast group The first group ( will be running PIM SM and R4 will be the RP for this group. The second multicast group ( will be running PIM SSM. The receiver will act as an IGMPv2/v3 receiver. In the second part of this post I will demonstrate how to configure SSM mapping where the receiver will not be IGMPv3 capable.

Read more…

My first lab attempt

November 22, 2012 6 comments

I failed my first lab attempt in San Jose the 19th of November. I did this attempt just after the INE R&S bootcamp. It is a hard feeling to know that you have failed but I knew that it was going to be tough. The troubleshooting section killed me. I usually enjoy the TS section when doing mock labs but in the real lab it is a ~28 routers topology instead of 6 (with INE topology). Actually I did 2 of the new TS labs from INE  and they are really well done and there are automatically graded (Presentation Video).

Read more…

Categories: Diverse Tags: , ,

Cisco Zone Based Firewall

November 5, 2012 6 comments

In this post I will talk about Cisco Zone Based Firewall (ZBF) which is a new approach to configure access control in the IOS firewall. I will first make an introduction to ZBF and then I will demonstrate how to configure it.

To illustrate the different examples in this post I will use the following topology:


 Platform/IOS: Cisco 2691/12.4(15)T11 Adv IP services.

 Side note: As I am using IOS 12.4(15)T I will only talk about ZBF rules for this IOS release. Some improvements and rules changes have been made in the last IOS releases (IOS 15.X).

 IP addressing: All routers in the topology are configured with loopback IP in the format X.X.X.X /32 where X is the router number.

Read more…

Basic QoS part 2 – Catalyst 3560 QoS

November 1, 2012 3 comments

In this post I will talk about Cisco Catalyst 3560 QoS. In Basic QoS part 1 I talked about policing and shaping on Cisco IOS routers.

 To illustrate the different examples in this post I will use the following topology:


 Platform/IOS: Catalyst 3560/ c3560-advipservicesk9-mz.122-44.SE6.bin

Read more…