From the blog.

Managing Digital Racket
The more I tune out, the less I miss it. But that has presented me with some complex choices for a nuanced approach to curb
Complexity – My Friend, My Enemy
Over my years of network engineering, I've learned that the fewer features you can implement while still achieving a business goal, the better. Why? Fewer

NMC DOiT Vol.2 Scenario 13 – “ip default-gateway” + “default-information originate” + Creating Core Dumps + “no service pad” + MAC Address Notification Traps + GLBP

590 Words. Plan about 3 minute(s) to read this.

I did well with this scenario overall. I got hung up on the multicast, never getting it working quite right. Almost right, but not completely. I was also out of gas while working through the IPv6, which was an open-ended NAT-PT with just a wee bit of OSPFv3. This scenario explained the requirements of NAT-PT MUCH better than scenario 12.

So here’s a few highlights, from my perspective. I know others of you that read this blog are doing these scenarios, too. Please feel free to register and post your comments for the benefit of all of us who are studying.

  • In this scenario, the 3550’s were layer 2 only (and there were no 3560’s). One task specifically stated that “CAT1 and CAT2 must be configured for default routing.” If I’d been on the actual lab, I might have asked the proctor for clarification, to determine if the task was asking for “ip default-gateway” or truly a default route. In hindsight, the scenario requirements specifically state that you cannot use any static routes, so that really leaves “ip default-gateway” as the only option.
  • I had an issue on the OSPF network where I misconfigured the router-ID for a virtual link. This resulted in an error I had not seen before.

    Jun 7 04:01:29.468: %OSPF-4-ERRRCV: Received invalid packet: mismatch area ID, from backbone area must be virtual-link but not found from 172.16.26.6, FastEthernet0/0

  • An RIP task instructed a minimal number of routes be advertised from a particular RIP router, but not to summarize. In that case, it was acceptable to do a “default-information originate“. Sometimes, it’s easy to overlook any solution involving the quad-zero route since so often it’s expressly forbidden. But if it’s legal, it’s a good tool to have in the arsenal.
  • “exception dump xx.xx.xx.xx” and “write core” can be used to offload a core file from a crashed IOS device. Read more about this.
  • If a task is asking you to help users avoid the X28 inline editor, it wants you to do a “no service pad“.
  • A task asked me to perform the following:
    • Allow a 3550 port access to 2 workstations, letting a new one replace an old one after 5 minutes.
    • Tell a specific monitoring server about MAC addresses learned on this port.
    • Report changes to the monitoring server every 20 seconds, if there are any.
    • Keep the last 15 MAC address changes in the switch notification history table.
    • The code to perform these tasks follows. The magic is in “port-security” and in configuring MAC address notification traps.

      CAT1
      conf t
      !
      snmp-server host 66.170.103.40 traps version 2c visitor-room mac-notification
      snmp-server enable traps mac-notification
      !
      mac address-table notification
      mac address-table notification interval 20
      mac address-table notification history-size 15
      !
      interface Fa0/17
      no shut
      switchport
      switchport mode access
      switchport port-security maximum 2
      switchport port-security aging time 5
      switchport port-security aging type inactivity
      snmp trap mac-notification added
      exit
      !
      exit
      !
      wri mem

  • This scenario asked for a basic GLBP (gateway load balancing protocol) setup. One of the clues that GLBP was the desired first-hop redundancy protocol was mention of UDP/3222, the port used for GLBP communications. Take a look at this very simple (and familiar-looking if you know HSRP) setup. This config happens to include authentication. And…I have to mention that GLBP is a different beast than VRRP or HSRP in what it actually does. You should read up if you’re not famliar with it.

    R2
    conf t
    !
    interface Fa0/0
    glbp 10 ip 172.16.26.1
    glbp 10 priority 105
    glbp 10 preempt
    glbp 10 authentication md5 key-string 0 nmc
    exit
    !
    exit
    !
    wri mem

    R6
    conf t
    !
    interface Fa0/0.40
    glbp 10 ip 172.16.26.1
    glbp 10 authentication md5 key-string 0 nmc
    exit
    exit
    !
    wri mem