CISCO EXPERT – CCIE#23373

Ricardo Martins

CompTIA Linux+ and Project+

Posted by Ricardo Martins on July 26, 2009

Lately, I have been quite busy lately, studying, working, not having as much time as I wanted to write in my blog. I am also in the process of moving to a new job but it hasn’t been particularly easy. Most jobs I have applied to, you need CCIE, Linux, team leading experience and loads of networking experience in the pocket.
All in all, I say that Project management experience and networking designing skills is what the market is demanding now.

That’s why I’m taking two CompTIA certifications Linux+ and Project+.

I have installed UBUNTU on my desktop at home, dual boot with Windows Vista and I must say that I am very impressed

Check it out:

And the good news is that it’s not as nearly difficult as I thought. I was actually really surprised with the amount memory it consumes, something between 80Kb and 220Kb depending on what you are doing or using it for.

If you want to try it, you can either dual boot or just run it in Vmware. As you know there are a lot of different Linux distributions out there, but UBUNTU is very good and has a huge community and support. Their online documentation is simply great. Check their website UBUNTU
If you don’t have Vmware you can use Virtual Box for free. Yep, I love free stuff!!

Anyhow, I am a Cisco guy hehe, so I am still taking the CCIE SP this year, but for now, Linux+ and project+ to bring something new into my career.
I don’t think right now, just having routing and switching skills gets you in high paid jobs.

Just a final word, I passed my CCVP GWGK 2 weeks ago.
Happy studies!

Advertisements

Posted in Uncategorized | 7 Comments »

Cisco Expert – Cisco Certified Architect

Posted by Ricardo Martins on June 30, 2009

Cisco has just introduced a new certification called Cisco Certified Architect. My opinion…awesome…:)

If CCDE is already hard and good, Architect is even better. I have always thought CCDE would be something for every single Cisco Engineer to chase on the long run anyways. Don’t take me wrong, I love configuration, I can spend hours looking at my green terminal typing config, but the truth is that eventually every single engineer after maybe 10 years of experience would like to design solutions and networks and of course be certified on it.

Cisco Certified Architect requires a CCDE.

All the information concerning this certification can be found here

This picture is straight from Cisco’s website and shows all the certifications available:

I have actually ordered 2 books from Amazon, one for IP Network Designs and the other MPLS Designs. Maybe I will give a try on the CCDE Written to start with….Nope, I’m not going for the Architect :), not just yet hehe

In other news:

For the people who read this forum…Guys I didn’t make it on time to the CCIE SP Lab in Brussels. I was on my way to the airport when I just realized that my Credit Card had been canceled by mistake. It did caught me by surprise and I decided not to take the Lab. Unfortunately, I lost the money I had paid for the Lab and for the flights. But…I will take the SP lab quite soon anyways.

Actually my plan for the rest of the year is:

GWGK, TUC, CIPT Exams
CCNA Wireless Exam (Starting…)
CCDE Written (Maybe)
CCIE SP Lab (Very soon)

Well, I won’t be making all of these this year, but I will start to do some of it. Life ain’t just studying and work…

Posted in Exams | 2 Comments »

Cisco Expert – One month for the CCIE SP Lab

Posted by Ricardo Martins on May 8, 2009

Hello everyone!

Lately, I haven’t felt like writting much here because I have been sick. Just recovered from a kidney stone that finally has passed out and was causing huge pain.

I am now one month for the CCIE SP lab and to be honest I still need to master many topics. I have a good general view about everything but I just need to keep on practice. It seems that once you start studying on Cisco World there’s no way out. I give you a good example. I am a CCIE R&S but I keep studying for it on a daily basis, so I am up to date with all the new technologies.

Very soon, I want to understand topics like IPV6 multicast, Performance Routing (PfR), Optimized Edge Routing (OER) and EEM (Embedded Event Manager). By the way, these are new topics for the new R&S, but for me, I just want to learn them for real world.

Anyways…time to pass my SP

Posted in Uncategorized | 6 Comments »

Cisco Expert – MPLS and BGP – Part 2

Posted by Ricardo Martins on March 7, 2009

Alright, we have our network configured with OSPF in the transit links and we have a BGP peer session between R1 and R3. There’s only one little problem we must solve. R2 is not running BGP, therefore does not know about R1 and R3 LAN’s so is dropping any traffic for those destinations.

The solution will be enabling MPLS on the transit links between R1-R2-R3.

MPLS runs in 2 flavors, TDP and LDP. We can also use RSVP bandwidth reservations for MPLS Traffic Engineering Tunnels but that is for another day.
TDP is Cisco proprietary and stands for Tag Distribution Protocol which really is the old format for MPLS. Now, instead of tags it is called Labels.
LDP is a industry standard and stands for Lable Distribution protocol. Apart from this, they do pretty much similar.

Configuration wise, we are talking here about 2 or 3 commands, so no big deal but the concepts my friends are the problem. You have to understand the concept very well because later on when you get into MPLS VPN’s and QOS…well…Another day I will explain those topics

mpls

For now, we are going to enable MPLS.
In some IOS versions, TDP is the default, some other LDP, so check it!!!!
We are running LDP for sake of being the Industry Standard but again there’s no difference. Also be aware that some IOS versions take the command tag-switching ip, some other mpls ip. Also IP CEF is a must here.
Another very important aspect is that by default your MPLS adjacency router-id will be formed based on the highest loopback in the router and that loopback must be advertised into OSPF. So we have a problem here :). My LANs are Loppback 1, are not being advertised into OSPF and they are the highest ip. The solution is the optional command “mpls ldp router-id loopback 0 (force)”. If you are having problems, shut down the interfaces and use “force” keyword and bring them back up.

Rack1R1(config)#mpls label protocol ?
ldp Use LDP
tdp Use TDP (default)

R1 has TDP enabled my default, so I am going to change it to LDP.

R1(config)#ip cef
R1(config)#mpls ldp router-id loopback 0
R1(config)#mpls label protocol ldp
R1(config)#int e0/0
R1(config-if)#mpls ip

That’s it! Now I will enable it in all the transit links.

Verification
R2#sh mpls ldp neighbor
Peer LDP Ident: 3.3.3.3:0; Local LDP Ident 2.2.2.2:0
TCP connection: 3.3.3.3.63264 – 2.2.2.2.646
State: Oper; Msgs sent/rcvd: 10/11; Downstream
Up time: 00:01:21
LDP discovery sources:
FastEthernet0/1, Src IP addr: 172.16.23.3
Addresses bound to peer LDP Ident:
172.16.23.3 124.1.23.3 3.3.3.3 10.10.3.3
Peer LDP Ident: 1.1.1.1:0; Local LDP Ident 2.2.2.2:0
TCP connection: 1.1.1.1.646 – 2.2.2.2.20480
State: Oper; Msgs sent/rcvd: 10/10; Downstream
Up time: 00:01:15
LDP discovery sources:
FastEthernet0/0, Src IP addr: 172.16.12.1
Addresses bound to peer LDP Ident:
1.1.1.1 10.10.1.1 172.16.12.1

The process:
Now when R3 sends traffic from it’s LAN to R1’s LAN, it will sure work. Let’s check how do the routers route the traffic.

R3#sh ip route bgp
10.0.0.0/24 is subnetted, 2 subnets
B 10.10.1.0 [200/0] via 1.1.1.1, 00:03:43

R3 has 10.10.1.0 via 1.1.1.1(R1) so it will make a lookup in the MPLS table for network 1.1.1.1.

R3#sh mpls forwarding-table 1.1.1.1
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
16 32 1.1.1.1/32 0 Et0/1 172.16.23.2

It says to get to 1.1.1.1 PUSH a label 32 and send the traffic to the next hop address towards R2

R2 receives the traffic and checks the topmost Label of the packet which will be 32

R2#sh mpls forwarding-table 1.1.1.1
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
32 Pop tag 1.1.1.1/32 3296 Fa0/0 172.16.12.1

R2 now will POP the Label 32 and send the traffic towards R1.

R1 receives the traffic for 10.10.1.1 and knows that is directly connected.

Because this is a small topology we did not see one important step in MPLS. Imagine that between R2 and R3 we would have another router. That router would just SWAP the topmost label with another label and send the traffic to R2. Basically, labels are formed like this 16-17 17-18 18-19 19-20 and so on, so when a router sends a label, the other router is expecting that label.

In conclusion, there are 3 processes for MPLS, PUSH – SWAP – POP.

Final test, ping from R3’s LAN to R1’s LAN

R3#ping 10.10.1.1 source lo1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.1.1, timeout is 2 seconds:
Packet sent with a source address of 10.10.3.3
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms

Now we have reachability!!

The MPLS routers on the core of the network they will not run BGP and have not routes for BGP networks, they will route the traffic based on LABELS only.  P->PE, Provider to Provider Edge, will always POP the label. Likewise, PE->P will always PUSH a Label. P->P will only SWAP a Label

This makes a lot of sense, If a ISP has 400 P routers and 100 PE routers, they only need to run BGP in 100 routers, COOL HA?

Posted in BGP, MPLS | Tagged: , | 7 Comments »

Cisco Expert – MPLS and BGP – Part 1

Posted by Ricardo Martins on March 7, 2009

When I decided to start studying for CCIE SP, I was a lilttle bit nervous because I thought MPLS would be very difficult and complex. I am not saying that it is easy but if you understand the basic concept, you problably can solve more complex scenarios.

In simple words, MPLS was designed to avoid running BGP everywhere in a network. These days, the internet is composed by over 250k routes, so it would not be very scalable to run BGP in everywhere in your AS. Basically, MPLS will provide transport end-to-end for BGP routes.

In R&S world there are 3 ways you can do this:

1 – Run BGP everywhere
2 – Redistribute BGP into IGP
3 – Run a GRE tunnel from PE to PE

Obviously, none of these solutions are very scaleable for any big network, so the option here would be

4 – Run a MPLS free BGP core

First of all, we are going to enable OSPF in the links and advertise the loopbacks into OSPF and then enable BGP on R1 and R3 and advertise the LAN’s into BGP. Assume that all loopbacks are in the format 1.1.1.1, 2.2.2.2, etc. At this point, forget MPLS. We just want to build our network and test ip reachability. Just as a side note, if you are using OSPF in the network, you must always use a single area.

The network:

mpls

After we have enabled OSPF we should have reachability from R3 loopback to R1 loopback, let’s test it

R3#ping 1.1.1.1 source lo0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
Packet sent with a source address of 3.3.3.3
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms

Now, we can safely enable BGP on R1 and R3 and advertise the LAN’s

R1
router bgp 10
no synchronization
bgp log-neighbor-changes
network 10.10.1.0 mask 255.255.255.0
neighbor 3.3.3.3 remote-as 10
neighbor 3.3.3.3 update-source Loopback0
no auto-summary

R1#sh ip bgp
BGP table version is 3, local router ID is 10.10.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i – internal,
r RIB-failure, S Stale
Origin codes: i – IGP, e – EGP, ? – incomplete

Network Next Hop Metric LocPrf Weight Path
*> 10.10.1.0/24 0.0.0.0 0 32768 i
*>i10.10.3.0/24 3.3.3.3 0 100 0 i

R3
router bgp 10
no synchronization
bgp log-neighbor-changes
network 10.10.3.0 mask 255.255.255.0
neighbor 1.1.1.1 remote-as 10
neighbor 1.1.1.1 update-source Loopback0
no auto-summary

R3#sh ip bgp
BGP table version is 3, local router ID is 10.10.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i – internal,
r RIB-failure, S Stale
Origin codes: i – IGP, e – EGP, ? – incomplete

Network Next Hop Metric LocPrf Weight Path
*>i10.10.1.0/24 1.1.1.1 0 100 0 i
*> 10.10.3.0/24 0.0.0.0 0 32768 i

Now the problem that we run into here, is that for example R3 will not have ip reachability to R1’s LAN 10.10.1.0/24 (Remember that we need to source traffic from R3’s LAN, otherwise R1 will not have a route back)

Rack1R3#ping 10.10.1.1 source lo1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.1.1, timeout is 2 seconds:
Packet sent with a source address of 10.10.3.3
…..
Success rate is 0 percent (0/5)

The reason we cannot ping is that, R2 will not have a route installed for R1 and R3’s LAN, let’s check

R2#sh ip route ospf
1.0.0.0/32 is subnetted, 1 subnets
O 1.1.1.1 [110/2] via 172.16.12.1, 00:13:51, FastEthernet0/0
3.0.0.0/32 is subnetted, 1 subnets
O 3.3.3.3 [110/2] via 172.16.23.3, 00:13:51, FastEthernet0/1

R2 only provides transport for R1 and R3 to be able to peer via BGP

In part 2, we will see how can we solve this problem implementing the option “4-Run a MPLS free BGP core”, being R2 the core of the network. We will also take a closer look of the MPLS labeling process.

Posted in BGP, MPLS | Tagged: , | 12 Comments »

Cisco Expert – CCIE SP RACK is in tha House

Posted by Ricardo Martins on February 6, 2009

Alright, I have been a CCIE for a week and it feels wonderful, but I just cant settle down, I am too young for that 🙂

That’s why since I came back from Brussels, I probably already studied for CCIE SP for a good 10 – 15 hours and let me tell you, Service Provider is awesome stuff. I borrowed 2 cisco 7204 VXR, NPE-400 and 1 Cisco 2811.

This is my new rack:

Basically this is what I had:
R1 = Cisco 2610XM – 128/32
R2 = Cisco 2610XM – 128/32
R3 = Cisco 3640 – 128/32
R4 = Cisco 3640 – 128/32
R5 = Cisco 2611XM – 256/48 – 2FXS
R6 = Cisco 2651XM – 128/32 – 2FXS
R7 = Cisco 1750 – 2FXS
BB1 = Cisco 2501
BB2 = Cisco 2610
BB3 = Cisco 2610
FR = Cisco 2523
SW1 = Cisco 3550 EMI
SW2 = Cisco 3550 EMI
SW3 = Cisco 2950
“SW4″ = Cisco 1721
TS = Cisco 2511
ADSL = Cisco 877
Wireless = Linksys WRT54G2
2 Analog phones, 1 Cisco 7940

And now what I have:
R1 = Cisco 7204VXR – NPE-400 XM – 512/64
R2 = Cisco 7204VXR – NPE-400 XM – 512/64
R3 = Cisco 3640 – 128/32
R4 = Cisco 3640 – 128/32 – 2FXS
R5 = Cisco 2651XM – 128/32 – 2FXS
R6 = Cisco 2811 – 256/64
R7 = Cisco 3550 EMI
R8 = Cisco 3550 EMI
BB1 = Cisco 2501
BB2 = Cisco 2610
BB3 = Cisco 2610
FR = Cisco 2523
TS = Cisco 2511
ADSL = Cisco 877
Wireless = Linksys WRT54G2
2 Analog phones, 1 Cisco 7940

The only thing I am missing is the 2 modules PA – 4T for the 7204 but they will arrive next Tuesday. I also don’t have a LS1010 ATM Switch so I use a back-to-back ATM connection from R1 to R2. At this point, I am not quite sure exactly what features will I lose with just a back-to-back connection. But I will find out!

Happy studying!

Posted in Uncategorized | 15 Comments »

Cisco Expert – Got my CCIE R&S and CCNA Voice

Posted by Ricardo Martins on January 31, 2009

Hello everyone,
For now, just let you now that my CCIE journey, lots of hours of studying and hands on live routers just payed off. Yesterday I became CCIE# 23373 in Routing and Switching on Thursday 29th January 2009.

Earlier this week, on Tuesday 27th January, I also got my CCNA Voice, in my opinion, the best and more pleasant certification I ever studied for. Call Manager Express or CUCME like Cisco now calls it is definitely funny to configure. I am starting to think that Voice may be my thing in the future. We will see…

I will update this post over the next few days after I get some hours of sleeping and resting, well deserved.

Story of my life:

All started in February 2007 when I decided to take my first IT cetification MCDST. I attended the MCSE course certification at a Microsoft learning center. On the first day, I knew nothing about IT, only windows XP and that was it. After the first lesson, I knew that certifications was my thing and IT would be my passion.

After my first exam I was a MCP and I jumped so much when I got my certification. After the second exam I got my MCDST. After 6 months I was done with MCSE, then I asked myself, now what?? Well I got some old CBT Nuggets of CCNA of a friend in September 2007  and I started to watch the first video. After 5 min I was like…where are the wizards and all the GUI’s? Didn’t like the feeling, but I kept on going because at the Microsft Center, everybody said that being a MCSE + CCNA was the best thing anyone could be. So I used GNS3 and practice a lot so I got my CCNA. At this point I was in love with Cisco. Worth to mention that, I found no use in taking lessons for Cisco Certs as I did for Microsoft. Found that most places are just trying to sell courses for huge price, and most trainers aren’t even prepared to teach.

After that I took my CCNP, CCSP. CCDP, CCIP. I studied day and night for these certs. After this I got a job in Northern Ireland in HP.

In HP, with all the certs and some experience in the pocket that I already had from a portuguese company I was offered that job. Man, the network here is huge…Anyways, I saved some cash and bought my own rack…and started my CCIE journey.

The next 8 months, used Internetwork Expert Vol 2 and spent 3 hours daily in my rack.

After practicing for a while, I started to feel confident so I went for the CCIE R&S Written exam which I cleared it. After this exam I practiced another 3 months just labbing, labbing, labbing and 12th Nov.2008 arrived fast….I was in Brussels…

“I will be your proctor for the day” – says Bruno

…. Ricardo….Rack 11

The exam started….after 4 hours I had only BGP and Multicast left…so I was relaxed. QOS and Security seemed a bit odd to me but there was a good chance to pass. Spent the whole afteernoon checking the configurations, having drinks, I knew I had a huge chance to be a CCIE…16.30…Lab over.

They say, if you were to pass your results should be available earlier, I’m guessing they run a script and if it says you pass, you passed but if says you have failed probably a proctor will check all your configurations and that takes extra time. Again I have no information on this, I am just guessing.

1:48am in the Hotel…the email came through and I had failed but with a good and very very very close score…QOS and Security was horrible…I say good because most topics I scored 100%, then on QOS and Security a disaster. I was actually happy, I knew if I studied those 2 topics, I would be fine next time…Flew back home and scheduled my 2nd attempt for 29th January…

During this 2.5 months I didnt touch 1 lab from start to end. I just practiced random stuff, OSPF, EIGRP and all the normal easy stuff just to make sure I wouldn’t forget a thing. Now the big secret….I opened the Cisco DOC CD online during my preparation, I read from cover to cover, Ip services, QOS and Security stuff and I labbed everything. Man…this was my salvation. I think IE vol.2 is not very good for Security, IP services and lacks some information for QOS as well.

29th Jan.  2009

This time Istvan if I remember his name correctly was the proctor. I was not nervous like the first time or anything and this time….”Ricardo…Rack 10″…I know I had to do it this time. Found this lab a bit more difficult and tricky than the first attempt but I didnt care, just followed the normal cisco procedures for the problems and troubleshooting they threw at me, and before lunch I finished the lab. In the afternoon, after lunch, I checked the configurations 4 times and all seemed ok. I was a bit afraid of the interpretation of some questions but there was nothing I could do. So I just had 3 drinks, Cecemel, this is some chocolate drink with caramel…if u go to brussels drink this…it is awesome.

Well…I think the say is true…this time at 11:30 I got my result and CCIE# 23373.

My biggest tip is, if you want something really bad you will get it…there are no limits, just study, understand the technologies and pass the lab. Motivaton is the key…

Posted in CCIE, Exams | 18 Comments »

Cisco Expert – CCNAS Certified

Posted by Ricardo Martins on December 11, 2008

For the first time after arriving from Brussels, I finally feel like posting again in my blog. It was a bit hard to fail the CCIE LAB after so many hours of studying. I will be back in January 2009 for the LAB, this time I will make it.

There isn’t much to tell about the lab, fairly easy compared to those 20 Labs from Internetwork Expert, however you need to be full concentrated, avoid mistakes. Truth to be told, I failed for a maximum of 3 – 5 % and was because I forgot to enable some features after a pile of good configuration.
I say, if you study hard enough, the exam is passable.

Yesterday, I got my CCNA Security, passed the exam 640-553.
Very easy exam if I compare it, for example with CCENT or CCNA, very straight forward. Topics like AAA, IOS security, VPN or IOS Firewall are very interesting and not that hard. In my opinion a very good certification to have in your Resume. That was my exam number 28 so far.

My next goals, is to pass 3 exams to finish the CCVP, CCNA Voice which I have studied hard for it, just haven’t taken the exam yet and maybe later on CCNA Wireless. So a total of 5 exams and I have achieved all Cisco Career Certifications at Associate and Professional level. It is likely that I will do several Expert level certificatons int he future as well, hoping I get CCIE R&S already in January.

Let’s see how the story goes…

Posted in Exams | Tagged: , | 2 Comments »

Cisco Expert – Tips for your Cisco Access Server

Posted by Ricardo Martins on November 8, 2008

Alright, first of all forgive me if there’s a better way to do this. I found this one myself so probably..mmm…there is a better way.

The question is – How do you stop people from reverse telnet to one of your devices, assuming your Cisco Access Server IP is 1.1.1.1??

When you build a host table in the Access Server, you use ports 2001 – 2016 right? So by telnet 1.1.1.1 2007, you end up let’s say on Router 7. This is great for using tabs with SecureCRT for instance, but also causes the problem that anyone in the network can open a console connection straight into Router 7 without authenticating on the Access Server first. My solution works fine, however you won’t be able to use tabs in CRT anymore, which I don’t like anyways.

Here’s the Access server config:

line 1 16
access-class 100 in
no exec <--Stops the gibberish and stops the lines getting busy constantly, WOW!
transport input all

access-list 100 permit tcp host 1.1.1.1 any range 2001 2016

This access-list, only allows your Access Server to open console connections to your devices.

That’s it!!! Now everyone needs to authenticate first in the Access Server prior to open any console connections to your devices.

Posted in Tips | Tagged: | 2 Comments »

Cisco Expert – What a cool laptop HP 2133!

Posted by Ricardo Martins on October 29, 2008

I tell you what, going to a client site, pull out a HP 2133, a console cable and start applying configuration to the router it is another league. These laptops are so cool and so small. My girlfriend was trying to find a laptop for her so I recommended to buy this one

EEE PC would have been also a good choice but the reason I bought the HP (no not because I am a HP employee) its because EEE PC keyboard is very bad and doesn’t have a hard disk or at least they are very limited 4 to 8 Gb I believe.

So far so good, the only think I may have to point out is that they get hot really fast, as you imagine they don’t have a very sophisticated fan system.

In conclusion, the whole point of this laptop is TELNET…just kidding…I meant SSH.. ;P

Posted in Uncategorized | Tagged: , | 6 Comments »