Sent via BlackBerry by AT&T
-----Original Message-----
From: [email protected]
Sender: [email protected]
Date: Tue, 22 Feb 2011 16:05:27
To: <[email protected]>
Reply-To: [email protected]
Subject: CCIE_RS Digest, Vol 61, Issue 49
Send CCIE_RS mailing list submissions to
[email protected]
To subscribe or unsubscribe via the World Wide Web, visit
http://onlinestudylist.com/mailman/listinfo/ccie_rs
or, via email, send a message with subject or body 'help' to
[email protected]
You can reach the person managing the list at
[email protected]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of CCIE_RS digest..."
Today's Topics:
1. Re: Site to site VPN using PKI (Tyson Scott)
2. Re: WB 2 Lab 9 voice vlan (Hammer)
3. Re: WB 2 Lab 9 voice vlan (marc abel)
4. Re: WB 2 Lab 9 voice vlan (marc abel)
5. Re: WB 2 Lab 9 voice vlan (Daniel Gheorghe)
6. Re: WB 2 Lab 9 voice vlan (Hammer)
7. Re: WB 2 Lab 9 voice vlan (Aaron Moreck)
8. Re: WB 2 Lab 9 voice vlan (Aaron Moreck)
----------------------------------------------------------------------
Message: 1
Date: Tue, 22 Feb 2011 12:21:59 -0500
From: "Tyson Scott" <[email protected]>
To: "'Patrice Ngassam'" <[email protected]>,
<[email protected]>, "'Tyson Scott'" <[email protected]>
Subject: Re: [OSL | CCIE_RS] Site to site VPN using PKI
Message-ID: <002501cbd2b5$041723d0$0c456b70$@com>
Content-Type: text/plain; charset="us-ascii"
To my knowledge you can only do a single CRL URL. If you want redundancy
have that URL point to a Content Load Balancer that goes to multiple
servers.
Regards,
Tyson Scott - CCIE #13513 R&S, Security, and SP
Managing Partner / Sr. Instructor - IPexpert, Inc.
Mailto: [email protected]
Telephone: +1.810.326.1444, ext. 208
Live Assistance, Please visit: www.ipexpert.com/chat
eFax: +1.810.454.0130
IPexpert is a premier provider of Self-Study Workbooks, Video on Demand,
Audio Tools, Online Hardware Rental and Classroom Training for the Cisco
CCIE (R&S, Voice, Security & Service Provider) certification(s) with
training locations throughout the United States, Europe, South Asia and
Australia. Be sure to visit our online communities at
www.ipexpert.com/communities and our public website at www.ipexpert.com
<http://www.ipexpert.com/>
From: Patrice Ngassam [mailto:[email protected]]
Sent: Tuesday, February 22, 2011 11:05 AM
To: [email protected]; Tyson Scott
Subject: [OSL | CCIE_RS] Site to site VPN using PKI
Hi (Tysons),
how to configure multiple (primary and backup) URLs for CRL query using
Cisco router (Cisco 3845 running c3845-adventerprisek9-mz.124-25c.bin)?
Regards,
Patrice Ngassam
CEO NEN NET Inc.
------------------------------
Message: 2
Date: Tue, 22 Feb 2011 12:12:33 -0600
From: Hammer <[email protected]>
To: Daniel Gheorghe <[email protected]>
Cc: [email protected]
Subject: Re: [OSL | CCIE_RS] WB 2 Lab 9 voice vlan
Message-ID:
<[email protected]>
Content-Type: text/plain; charset=ISO-8859-1
On the router, fa0/0 is not being encapsulated with tag 56. So it's native.
So the IP space 140.10.56.x is on VLAN 56 on the switch and (if it's
trunked) is on VLAN 1 on the router. So they aren't seeing each other.
-Hammer-
"I was a normal American nerd."
-Jack Herer
On Tue, Feb 22, 2011 at 10:35 AM, Daniel Gheorghe <[email protected]
> wrote:
> Hi,
>
> I want to hear some feedback on this issue:
>
>
> R6 fa0/0 ---------------- fa0/6 Cat2
>
> R6:
>
> interface FastEthernet0/0
> ip address 140.10.56.6 255.255.255.0
> duplex auto
> speed auto
> !
> interface FastEthernet0/0.76
> encapsulation dot1Q 76
> ip address 140.10.76.6 255.255.255.0
>
>
> Cat2:
>
> interface FastEthernet0/6
> switchport access vlan 56
> switchport voice vlan 76
> spanning-tree portfast
> !
> interface Vlan56
> ip address 140.10.56.12 255.255.255.0
> !
> interface Vlan76
> ip address 140.10.76.12 255.255.255.0
>
>
> R6(config-subif)#do ping 140.10.76.12
> Type escape sequence to abort.
> Sending 5, 100-byte ICMP Echos to 140.10.76.12, timeout is 2 seconds:
> !!!!!
> Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/8 ms
>
> R6(config-subif)#do ping 140.10.56.12
> Type escape sequence to abort.
> Sending 5, 100-byte ICMP Echos to 140.10.56.12, timeout is 2 seconds:
> .....
> Success rate is 0 percent (0/5)
>
> Any reasonable explanation we don't have connectivity on both vlans?
>
>
> Thanks
> _______________________________________________
> For more information regarding industry leading CCIE Lab training, please
> visit www.ipexpert.com
>
------------------------------
Message: 3
Date: Tue, 22 Feb 2011 12:21:49 -0600
From: marc abel <[email protected]>
To: Daniel Gheorghe <[email protected]>
Cc: [email protected]
Subject: Re: [OSL | CCIE_RS] WB 2 Lab 9 voice vlan
Message-ID:
<[email protected]>
Content-Type: text/plain; charset=ISO-8859-1
Try putting your IP on R6 on sub interface f0/0.56 instead of the untagged
interface? Seems like it wouldn't tag it since it was an access port but...
Also make sure that your vlan56 interface on cat2 is UP/UP.
On Tue, Feb 22, 2011 at 10:35 AM, Daniel Gheorghe <[email protected]
> wrote:
> Hi,
>
> I want to hear some feedback on this issue:
>
>
> R6 fa0/0 ---------------- fa0/6 Cat2
>
> R6:
>
> interface FastEthernet0/0
> ip address 140.10.56.6 255.255.255.0
> duplex auto
> speed auto
> !
> interface FastEthernet0/0.76
> encapsulation dot1Q 76
> ip address 140.10.76.6 255.255.255.0
>
>
> Cat2:
>
> interface FastEthernet0/6
> switchport access vlan 56
> switchport voice vlan 76
> spanning-tree portfast
> !
> interface Vlan56
> ip address 140.10.56.12 255.255.255.0
> !
> interface Vlan76
> ip address 140.10.76.12 255.255.255.0
>
>
> R6(config-subif)#do ping 140.10.76.12
> Type escape sequence to abort.
> Sending 5, 100-byte ICMP Echos to 140.10.76.12, timeout is 2 seconds:
> !!!!!
> Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/8 ms
>
> R6(config-subif)#do ping 140.10.56.12
> Type escape sequence to abort.
> Sending 5, 100-byte ICMP Echos to 140.10.56.12, timeout is 2 seconds:
> .....
> Success rate is 0 percent (0/5)
>
> Any reasonable explanation we don't have connectivity on both vlans?
>
>
> Thanks
> _______________________________________________
> For more information regarding industry leading CCIE Lab training, please
> visit www.ipexpert.com
>
------------------------------
Message: 4
Date: Tue, 22 Feb 2011 12:24:15 -0600
From: marc abel <[email protected]>
To: Daniel Gheorghe <[email protected]>
Cc: [email protected]
Subject: Re: [OSL | CCIE_RS] WB 2 Lab 9 voice vlan
Message-ID:
<[email protected]>
Content-Type: text/plain; charset=ISO-8859-1
Actually from your output you are set to dynamic on f0/6 so it probably is
trunking. Can you confirm? If so you can either set the native vlan to 56 on
the the trunk, or change the router side to a sub-interface as I suggested
before.
On Tue, Feb 22, 2011 at 12:21 PM, marc abel <[email protected]> wrote:
> Try putting your IP on R6 on sub interface f0/0.56 instead of the untagged
> interface? Seems like it wouldn't tag it since it was an access port but...
>
> Also make sure that your vlan56 interface on cat2 is UP/UP.
>
>
> On Tue, Feb 22, 2011 at 10:35 AM, Daniel Gheorghe <
> [email protected]> wrote:
>
>> Hi,
>>
>> I want to hear some feedback on this issue:
>>
>>
>> R6 fa0/0 ---------------- fa0/6 Cat2
>>
>> R6:
>>
>> interface FastEthernet0/0
>> ip address 140.10.56.6 255.255.255.0
>> duplex auto
>> speed auto
>> !
>> interface FastEthernet0/0.76
>> encapsulation dot1Q 76
>> ip address 140.10.76.6 255.255.255.0
>>
>>
>> Cat2:
>>
>> interface FastEthernet0/6
>> switchport access vlan 56
>> switchport voice vlan 76
>> spanning-tree portfast
>> !
>> interface Vlan56
>> ip address 140.10.56.12 255.255.255.0
>> !
>> interface Vlan76
>> ip address 140.10.76.12 255.255.255.0
>>
>>
>> R6(config-subif)#do ping 140.10.76.12
>> Type escape sequence to abort.
>> Sending 5, 100-byte ICMP Echos to 140.10.76.12, timeout is 2 seconds:
>> !!!!!
>> Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/8 ms
>>
>> R6(config-subif)#do ping 140.10.56.12
>> Type escape sequence to abort.
>> Sending 5, 100-byte ICMP Echos to 140.10.56.12, timeout is 2 seconds:
>> .....
>> Success rate is 0 percent (0/5)
>>
>> Any reasonable explanation we don't have connectivity on both vlans?
>>
>>
>> Thanks
>> _______________________________________________
>> For more information regarding industry leading CCIE Lab training, please
>> visit www.ipexpert.com
>>
>
>
------------------------------
Message: 5
Date: Tue, 22 Feb 2011 10:31:25 -0800
From: Daniel Gheorghe <[email protected]>
To: marc abel <[email protected]>
Cc: [email protected]
Subject: Re: [OSL | CCIE_RS] WB 2 Lab 9 voice vlan
Message-ID:
<[email protected]>
Content-Type: text/plain; charset=ISO-8859-1
The behavior is the same if the Cat port is dynamic or not. The strange
thing is that the 56 vlan has connectivity if I remove the voice vlan from
the port. I can't understand this.
The restrictions of the task include all the vlans being tagged (so vlan
dot1g tag native) and only the port-channels between the switches should be
seen as trunks, So the ideea of the voice vlan appeared in order to avoid
using a trunk on Cat2 fa0/6.
Also I confirm that the behavior is the same even if we use 2 subinterfaces
on the router (although the task prohibits the modification of the router
interface addressing).
On Tue, Feb 22, 2011 at 10:24 AM, marc abel <[email protected]> wrote:
> Actually from your output you are set to dynamic on f0/6 so it probably is
> trunking. Can you confirm? If so you can either set the native vlan to 56 on
> the the trunk, or change the router side to a sub-interface as I suggested
> before.
>
>
>
------------------------------
Message: 6
Date: Tue, 22 Feb 2011 14:59:11 -0600
From: Hammer <[email protected]>
To: Daniel Gheorghe <[email protected]>
Cc: [email protected]
Subject: Re: [OSL | CCIE_RS] WB 2 Lab 9 voice vlan
Message-ID:
<[email protected]>
Content-Type: text/plain; charset=ISO-8859-1
But on the router the .56.x subnet is not tagged with the proper VLAN tag.
-Hammer-
"I was a normal American nerd."
-Jack Herer
On Tue, Feb 22, 2011 at 12:31 PM, Daniel Gheorghe <[email protected]
> wrote:
> The behavior is the same if the Cat port is dynamic or not. The strange
> thing is that the 56 vlan has connectivity if I remove the voice vlan from
> the port. I can't understand this.
>
> The restrictions of the task include all the vlans being tagged (so vlan
> dot1g tag native) and only the port-channels between the switches should be
> seen as trunks, So the ideea of the voice vlan appeared in order to avoid
> using a trunk on Cat2 fa0/6.
>
> Also I confirm that the behavior is the same even if we use 2 subinterfaces
> on the router (although the task prohibits the modification of the router
> interface addressing).
>
> On Tue, Feb 22, 2011 at 10:24 AM, marc abel <[email protected]> wrote:
>
> > Actually from your output you are set to dynamic on f0/6 so it probably
> is
> > trunking. Can you confirm? If so you can either set the native vlan to 56
> on
> > the the trunk, or change the router side to a sub-interface as I
> suggested
> > before.
> >
> >
> >
> _______________________________________________
> For more information regarding industry leading CCIE Lab training, please
> visit www.ipexpert.com
>
------------------------------
Message: 7
Date: Tue, 22 Feb 2011 16:00:31 -0500
From: Aaron Moreck <[email protected]>
To: Daniel Gheorghe <[email protected]>
Cc: [email protected]
Subject: Re: [OSL | CCIE_RS] WB 2 Lab 9 voice vlan
Message-ID:
<[email protected]>
Content-Type: text/plain; charset=ISO-8859-1
You would want to do this.
CAT 6
interface FastEthernet0/0.56
encapsulation dot1Q 76
ip address 140.10.56.6 255.255.255.0
!
interface FastEthernet0/0.76
encapsulation dot1Q 76
ip address 140.10.76.6 255.255.255.0
CAT 2
vlan dot1q tag native
interface FastEthernet0/6
switchport trunk encap dot1q
switchport mode trunk
switchport trunk allowed vlan 56,76
!
interface Vlan56
ip address 140.10.56.12 255.255.255.0
!
interface Vlan76
ip address 140.10.76.12 255.255.255.0
On Tue, Feb 22, 2011 at 1:31 PM, Daniel Gheorghe
<[email protected]>wrote:
> The behavior is the same if the Cat port is dynamic or not. The strange
> thing is that the 56 vlan has connectivity if I remove the voice vlan from
> the port. I can't understand this.
>
> The restrictions of the task include all the vlans being tagged (so vlan
> dot1g tag native) and only the port-channels between the switches should be
> seen as trunks, So the ideea of the voice vlan appeared in order to avoid
> using a trunk on Cat2 fa0/6.
>
> Also I confirm that the behavior is the same even if we use 2 subinterfaces
> on the router (although the task prohibits the modification of the router
> interface addressing).
>
> On Tue, Feb 22, 2011 at 10:24 AM, marc abel <[email protected]> wrote:
>
> > Actually from your output you are set to dynamic on f0/6 so it probably
> is
> > trunking. Can you confirm? If so you can either set the native vlan to 56
> on
> > the the trunk, or change the router side to a sub-interface as I
> suggested
> > before.
> >
> >
> >
> _______________________________________________
> For more information regarding industry leading CCIE Lab training, please
> visit www.ipexpert.com
>
------------------------------
Message: 8
Date: Tue, 22 Feb 2011 16:05:24 -0500
From: Aaron Moreck <[email protected]>
To: Daniel Gheorghe <[email protected]>
Cc: [email protected]
Subject: Re: [OSL | CCIE_RS] WB 2 Lab 9 voice vlan
Message-ID:
<[email protected]>
Content-Type: text/plain; charset=ISO-8859-1
Sorry i didn't see the last part about not modifying the router interfaces
i dont see how you would do this while 1.) tagging all VLANS including the
native and 2.) Not modifying the interfaces on R6
I think you are in a catch 22 here.
If requirement #1 was not there you could simply
interface FastEthernet0/6
switchport trunk encap dot1q
switchport mode trunk
switchport trunk allowed vlan 56,76
switchport trunk native vlan 56
On Tue, Feb 22, 2011 at 1:31 PM, Daniel Gheorghe
<[email protected]>wrote:
> The behavior is the same if the Cat port is dynamic or not. The strange
> thing is that the 56 vlan has connectivity if I remove the voice vlan from
> the port. I can't understand this.
>
> The restrictions of the task include all the vlans being tagged (so vlan
> dot1g tag native) and only the port-channels between the switches should be
> seen as trunks, So the ideea of the voice vlan appeared in order to avoid
> using a trunk on Cat2 fa0/6.
>
> Also I confirm that the behavior is the same even if we use 2 subinterfaces
> on the router (although the task prohibits the modification of the router
> interface addressing).
>
> On Tue, Feb 22, 2011 at 10:24 AM, marc abel <[email protected]> wrote:
>
> > Actually from your output you are set to dynamic on f0/6 so it probably
> is
> > trunking. Can you confirm? If so you can either set the native vlan to 56
> on
> > the the trunk, or change the router side to a sub-interface as I
> suggested
> > before.
> >
> >
> >
> _______________________________________________
> For more information regarding industry leading CCIE Lab training, please
> visit www.ipexpert.com
>
End of CCIE_RS Digest, Vol 61, Issue 49
***************************************
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
