Globalconfig.net

It was hard to wake up.

It was hard to log into the labs

It was hard to spend the only few hours i had before working doing IPEXPERTs multiprotocol lab g

and hard to come home to a wife that is so burned out on the two kids that she can hardly keep her eyes open.

I need an ENERGY KEG!!!!

Here are a few resources on this site that you may have missed for learning to subnet.  Enjoy!

Subnetting tips by Dan Stanton

Eight Easy Steps to subnetting

When you work with the Cisco Switches you can enable a function called port security.  Port Security is nice because you can limit the number of MAC addresses that can be learned and can pass traffic on a single port of a switch.  For example if you have a PC at a KIOSK and that is the only PC that should EVER be connected to switchport f0/5 you could accomplish this with port security.

Here is a sample of a port security configuration and a brief explanation of what it does.  Keep in mind that there is more to it than just this configuration but this should get you through the CCNA.

! Begin by entering the interface you want to configure port security on.

SwitchX(config)#interface fa0/5

! Next set the port as a static access port.  ! This must be done before enabling port security.

SwitchX(config-if)#switchport mode access

! Next Enable Port Security

SwitchX(config-if)#switchport port-security

! Next Set the Maximum number of MAC addresses to be seen, ! or allowed on this port.

SwitchX(config-if)#switchport port-security maximum 1

! Next configure "Sticky MAC Address Learning" In essence this says! to take the first MAC address I see and make it a permanent MAC address.

SwitchX(config-if)#switchport port-security mac-address sticky

! Finally set the action to happen if a violation occurs.  ! In this case the port will be shutdown,! or end up in a state of ERR-Disable. ! You can verify this with a Show Interface. SwitchX(config-if)#switchport port-security violation shutdown

More Information on Port Security can be found here on the Cisco Web Site.

If you found this post helpful why not leave a comment? Also, dont forget to subscribe to our feed.

PS: Welcome StumbleUpon Readers! 

This post has gained some momentum lately and for those of you arriving here from Stumble, why not subscribe to our feed.  Why subscribe?

• Contests Every Other Month
• Loads of posts
• Answers to questions you need answers for.

Thats right!  This blog is for you!  How can we help?

I’m curious.  What do you do when you are running through a lab (I mean FLYING through it like never before) and then you hit a task that is so simple, but it doesn’t work?

Well thats where I have been for the last 60 minutes.  I started IE Security Workbook Lab 2 at 10 PM tonight.  I have yet to finish the entire lab although I have been working on it over and over again for the last 2 weeks at least.  Each time I get a little further along and a little faster.  Today it took me 35 minutes to get thru all of Part 1(Initial Configurations).  Thats a personal best.  Then I worked into Part 2, PIX/ASA Firewall.  I finished every task except for 2.9 and 2.10.  In this task you set up BGP peering through the ASA2 context A and BB3, and also a little outside PAT so that if sw1 pings bb3 it can get there even if routing fails.  I did this lab a week ago  and this task worked.  Saturday I did the lab again and it did NOT work even with the same config, and tonight here I am stuck again.

So I ask, what do you do when you are running through a lab and then you hit a task that is so simple, but it doesn’t work?

I am so frustrated right now I could kick something!  Please tell me I am not alone.

Today, in between lectures to my ICND1 students and on my lunch I squeezed out some of lab 1 of the Proctor Labs CCIE Security eBook.  My first impression was, “This is easy!”  Then I started typing.  What I found is that it was very general which made it hard. I could think of a few ways to acomplish a task.  I certainly didn’t finish but I will do it again later.  For now I’m heading home to relieve my wife from kid duty until my InternewtworkExpert rack time starts at 9pm.

One question for those of you who have used the Proctor Labs eBooks:

Should I keep doing the eBook Labs or just focus on the IPExpert workbooks multiprotocol challenges?  I really want to hear your opinion.

This is a special week here at GlobalConfig.net.  Why?  Because with the new format, this week will be all about the CCENT material as I am teaching an ICND1 class in Bellevue, Wa. 

What does that mean for you?  Simple really, from 8am to 5pm this week my mind is going to be focused on CCENT/CCNA topics so, via comments on this post I welcome ANY related questions. 

How can you ask a question?

• Post a comment at the bottom of this article.

How can you get a response to your questions?

• Subscribe to this Blogs feed by clicking the “Subscribe in a reader” link in the top right corner of ANY page of this blog.

What does it do if I subscribe?  I dont like getting SPAM mail.

• By subscribing using an RSS reader (capability of your web browser usually) you will automatically be updated when new posts are added.  If you are not familiar with RSS read this article!

What else can help me get my CCNA?

• Check out the CCNA Corner for past CCNA tips.

I registered the domain CCIEPREP.ME this weekend.  After registering it I found out that my web host (Hostmonster) doesn’t support the registration of .me domains.  Whats that mean for me?  It means I have to add it as an “add-on domain.”

Well thats what I have done for now.  So if you go to http://www.ccieprep.me you will of course come right back here to http://cciestudy.brandonjcarroll.com.

Time for Bed, I’m teaching an ICND1 class this week (usually a breeze) and have TONS of rack time.

I have been on the labs since about 8am.  It’s now 7pm.  At lunch I watched the IPExpert CCIE Security DVD for a bit.  I MUST stop for a bit.  Have any of you readers done the Internetwork Expert CCIE Security Volume 2 Lab 2?  The VPN stuff KILLED me!  I posted a few times to the IEOC forum today before I realized that I was posting in the wrong place.  DOH!

Anyhow, off to mess with the blog and the Amazon Kindle.  I’m still getting used to it, but I really like it.  I’m reading The Complete Cisco VPN Configuration Guide by Richard Deal.  He has a great writing style and his stuff really makes sense.

This morning I’m working on a task that requires BGP to be authenticated between 2 routers with a PIX in the middle.  I know the big thing here is to make sure that you dont strip tcp option 19 and that you disable random sequence numbering.  Well thats what I did, the neighbor is actually peered up but for some reason I’m getting “TCP-6-BADAUTH” messages on the inside router.

Take a look at the PIX config here:

access-list BGP extended permit tcp any eq bgp any

access-list BGP extended permit tcp any any eq bgp

tcp-map BGP

  tcp-options range 19 19 allow

!

class-map BGP

 match access-list BGP

policy-map global_policy

 class inspection_default

  inspect dns preset_dns_map

  inspect ftp

  inspect h323 h225

  inspect h323 ras

  inspect netbios

  inspect rsh

  inspect rtsp

  inspect skinny

  inspect esmtp

  inspect sqlnet

  inspect sunrpc

  inspect tftp

  inspect sip

  inspect xdmcp

 class BGP

  set connection random-sequence-number disable

  set connection advanced-options BGP

Now when I do a show conn i can see a connection:

Rack2PIX(config)# sh conn
5 in use, 7 most used
TCP out 150.2.6.6:28321 in 150.2.2.2:179 idle 0:00:02 bytes 1117 flags UIOB
Rack2PIX(config)#

if i look at the routers, both show the peer up:

Rack2R6#sh ip bgp summ
BGP router identifier 150.2.6.6, local AS number 100
BGP table version is 11, main routing table version 11
10 network entries using 1170 bytes of memory
10 path entries using 520 bytes of memory
5/4 BGP path/bestpath attribute entries using 620 bytes of memory
2 BGP AS-PATH entries using 48 bytes of memory
1 BGP community entries using 24 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 2382 total bytes of memory
BGP activity 20/10 prefixes, 20/10 paths, scan interval 60 secs

Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
54.2.2.254      4    54     753     749       11    0    0 00:23:51        8
150.2.2.2       4   100      80      88       11    0    0 00:23:03        0
Rack2R6#

#####################################################

Rack2R2#sh ip bgp summ
BGP router identifier 150.2.2.2, local AS number 100
BGP table version is 9, main routing table version 9
8 network entries using 808 bytes of memory
8 path entries using 384 bytes of memory
2 BGP path attribute entries using 120 bytes of memory
2 BGP AS-PATH entries using 48 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 1360 total bytes of memory
BGP activity 32/24 prefixes, 32/24 paths, scan interval 60 secs

Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
150.2.1.1       4   100     751     767        9    0    0 00:23:59        0
150.2.3.3       4   100     748     764        9    0    0 00:23:56        0
150.2.4.4       4   100     745     762        9    0    0 00:23:58        0
150.2.6.6       4   100      84      89        9    0    0 00:24:03        8
150.2.7.7       4   100     744     762        9    0    0 00:24:00        0
Rack2R2#

Yet with all this i still see on R2:

Rack2R2#
*Mar  1 12:18:30.356: %TCP-6-BADAUTH: No MD5 digest from 150.2.6.6(22083) to 150.2.2.2(179)
Rack2R2#
*Mar  1 12:19:11.411: %TCP-6-BADAUTH: No MD5 digest from 150.2.6.6(22083) to 150.2.2.2(179)

Anyone know whats going on here?

So tonight I recieved my IPExpert CCIE Security CoD and Audio Bootcamp.  Have any of you used these products?  My first impression is…”Very Cool!”  The Product Packaging is clean and professional bit thats not what this is all about right?  It’s about getting the best materail to help pass the test.  So far I have watched DVD1 and part of DVD2.  They are pretty good with the basics being covered.  I cant wait till it digs into deeper stuff.

Anyhow this is just a quick post because I’m still working on a InternetworkExpert Lab right now.

More later!