Hi all, Can anyone recommend any advanced work books more aligned to gns3 for me to work on when i'm on night shifts.
This is whilst I save up for some lab equipment pref 3560's, I have Narbiks VOL I VOL II, I suppose I avoid the switching tasks? Appreciate any help. BR Tony CCNP CCNA R&S JNCIS-SEC MCSE Sent from my iPhone on 3 On 8 May 2012, at 17:00, [email protected] wrote: > Send CCIE_RS mailing list submissions to > [email protected] > > To subscribe or unsubscribe via the World Wide Web, visit > http://onlinestudylist.com/mailman/listinfo/ccie_rs > or, via email, send a message with subject or body 'help' to > [email protected] > > You can reach the person managing the list at > [email protected] > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of CCIE_RS digest..." > > > Today's Topics: > > 1. Re: EIGRP Authentication again!! (Adam Booth) > 2. Re: EIGRP Authentication again!! (Oluwagbenga Oyebande) > 3. LAB 6 VOL 1 (Cristiano Guerrieri) > 4. Re: OSPF over PPoE ([email protected]) > 5. Re: LAB 6 VOL 1 (Oluwagbenga Oyebande) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Tue, 8 May 2012 12:39:35 +1000 > From: Adam Booth <[email protected]> > To: George Leslie <[email protected]> > Cc: IPExpert Study List <[email protected]> > Subject: Re: [OSL | CCIE_RS] EIGRP Authentication again!! > Message-ID: > <cakxsbmqydkk-mvjm2c4eeruviysby1ygy8yotkbhdy4nv6+...@mail.gmail.com> > Content-Type: text/plain; charset=ISO-8859-1 > > Hi George, > > I don't think it would be possible with a local database and the magic > is more likely to happen via RADIUS using the cisco-av-pair VSA. I > haven't used it for authentication purposes but I have done things > like assign ACLs and VRF membership this way in the past. > > Cheers, > Adam > > On 5/8/12, George Leslie <[email protected]> wrote: >> >> >> >> >> Hello all,Jay McM and I had an offline chat about my previous posting, which >> was trying to do the EIGRP authentication on a hub and spoke network, where >> the hubs use different authentication keys from each other. I was playing >> around with frame hub and spoke. To recap, I previously found that the hub, >> despite having the two different keys in its key chain, both of which had >> valid lifetimes, refused to send using key 2. It would only send with key 1 >> despite correctly authentication spoke 2 which was using key 2. Therefore, >> hub authenticated spoke, but not vice versa. On frame, you could use PPPoFr, >> and use different virtual templates on each DLCI, and therefore have >> different key chains on each. What I actually did was use point to point >> tunnels over the frame, which worked a treat. In what my old physics teacher >> used to call, "a thought experiment", I was thinking about what you could >> do, just on a bog standard Ethernet segment. The tunnel approach would >> still work. How >> ever, with PPPoE, the server virtual template is tied to the physical, via >> the bba-group. Therefore the key chain would be applied to all clients that >> use the virtual template, which presents the same problem as on the frame >> network. My question: is there any way that you can configure a PPPoE >> virtual template on the hub that is somehow tied to each individual client? >> For example, is there a mechanism to tie the virtual template to the PPP >> chap username? Bit of chicken and egg here, as you need the virtual >> template to know to authenticate by chap, but need chap to know the virtual >> template to apply.....My head hurts. Regards, George. >> _______________________________________________ >> For more information regarding industry leading CCIE Lab training, please >> visit www.ipexpert.com >> >> Are you a CCNP or CCIE and looking for a job? Check out >> www.PlatinumPlacement.com >> >> http://onlinestudylist.com/mailman/listinfo/ccie_rs >> > > > ------------------------------ > > Message: 2 > Date: Tue, 8 May 2012 06:47:44 +0100 > From: Oluwagbenga Oyebande <[email protected]> > To: Adam Booth <[email protected]> > Cc: IPExpert Study List <[email protected]> > Subject: Re: [OSL | CCIE_RS] EIGRP Authentication again!! > Message-ID: > <cajbxc8ntfcc92-dpusomwyj1qw2+qwzkr_zl1-cnn++psfc...@mail.gmail.com> > Content-Type: text/plain; charset=ISO-8859-1 > > Apart from the ppp chap approach. You could tie the virtual-template to > Ethernet Sub-interfaces instead of the physical so you can define a virtual > templates for each sub-interface > > On 8 May 2012 03:39, Adam Booth <[email protected]> wrote: > >> Hi George, >> >> I don't think it would be possible with a local database and the magic >> is more likely to happen via RADIUS using the cisco-av-pair VSA. I >> haven't used it for authentication purposes but I have done things >> like assign ACLs and VRF membership this way in the past. >> >> Cheers, >> Adam >> >> On 5/8/12, George Leslie <[email protected]> wrote: >>> >>> >>> >>> >>> Hello all,Jay McM and I had an offline chat about my previous posting, >> which >>> was trying to do the EIGRP authentication on a hub and spoke network, >> where >>> the hubs use different authentication keys from each other. I was >> playing >>> around with frame hub and spoke. To recap, I previously found that the >> hub, >>> despite having the two different keys in its key chain, both of which had >>> valid lifetimes, refused to send using key 2. It would only send with >> key 1 >>> despite correctly authentication spoke 2 which was using key 2. >> Therefore, >>> hub authenticated spoke, but not vice versa. On frame, you could use >> PPPoFr, >>> and use different virtual templates on each DLCI, and therefore have >>> different key chains on each. What I actually did was use point to point >>> tunnels over the frame, which worked a treat. In what my old physics >> teacher >>> used to call, "a thought experiment", I was thinking about what you could >>> do, just on a bog standard Ethernet segment. The tunnel approach would >>> still work. How >>> ever, with PPPoE, the server virtual template is tied to the physical, >> via >>> the bba-group. Therefore the key chain would be applied to all clients >> that >>> use the virtual template, which presents the same problem as on the frame >>> network. My question: is there any way that you can configure a PPPoE >>> virtual template on the hub that is somehow tied to each individual >> client? >>> For example, is there a mechanism to tie the virtual template to the PPP >>> chap username? Bit of chicken and egg here, as you need the virtual >>> template to know to authenticate by chap, but need chap to know the >> virtual >>> template to apply.....My head hurts. Regards, George. >>> _______________________________________________ >>> For more information regarding industry leading CCIE Lab training, please >>> visit www.ipexpert.com >>> >>> Are you a CCNP or CCIE and looking for a job? Check out >>> www.PlatinumPlacement.com >>> >>> http://onlinestudylist.com/mailman/listinfo/ccie_rs >>> >> _______________________________________________ >> For more information regarding industry leading CCIE Lab training, please >> visit www.ipexpert.com >> >> Are you a CCNP or CCIE and looking for a job? Check out >> www.PlatinumPlacement.com >> >> http://onlinestudylist.com/mailman/listinfo/ccie_rs >> > > > > -- > Olugbenga Oyebande > MD, DAIT > 234-803-302-5287 > http://www.dait-ng.com > Cisco Networks, Network Security & Quality of Service > DAIT Linux Enterprise Network Servers, Web Portal Projects > Broadband Internet Deployment & ISP Consultancy > [image: View my profile on LinkedIn]View Olugbenga Oyebande's > profile<http://ng.linkedin.com/pub/olugbenga-oyebande/15/395/8a9> > > > ------------------------------ > > Message: 3 > Date: Tue, 8 May 2012 09:25:59 +0100 > From: Cristiano Guerrieri <[email protected]> > To: IPexpert <[email protected]> > Subject: [OSL | CCIE_RS] LAB 6 VOL 1 > Message-ID: > <CAFJ=LdnDv-FBmU65yfZa05axm9=BsdcX3RmBjgSNd_=c5om...@mail.gmail.com> > Content-Type: text/plain; charset=ISO-8859-1 > > Hi all, > probably because I just came back from an holiday in Italy and I've been > eating too much! > > However I cannot fully understand the LAB6 in the volume 1. Looking at the > solution, I can see a 150.100.100.X/24 and 150.100.X.X/24 (where the first > X is the connection between routers) subnets configured. I don't > understand where these subnets came from! the only subnet I can see in the > workbook is 150.200.200.X/24 > > Any help is much appreciated. > > Thanks in advance to everyone. > > Cristiano > > > ------------------------------ > > Message: 4 > Date: Tue, 08 May 2012 05:40:56 -0400 > From: [email protected] > To: naveen bhat <[email protected]>, [email protected] > Subject: Re: [OSL | CCIE_RS] OSPF over PPoE > Message-ID: > <1336470056.23643.140661072618421.3bbac...@webmail.messagingengine.com> > > Content-Type: text/plain > > > > here a configuration recovered from one of the first ipexpert volume 2 > > > > > > Configurations: > > R1: > ---------------------------------------------------------------------- > interface Dialer1 > encapsulation ppp > ip address negotiated > dialer pool 12 > dialer persistent > ip mtu 1492 > no shutdown > ! > interface FastEthernet0/0 > no ip address > pppoe-client dial-pool-number 12 > no shutdown > ! > router ospf 1 > network 0.0.0.0 0.0.0.0 area 0 > ! > > R2: > ---------------------------------------------------------------------- > bba-group pppoe global > virtual-template 12 > ! > ip local pool R1 12.12.12.100 12.12.12.100 > ! > > interface virtual-template1 > encapsulation ppp > ip address 12.12.12.2 255.255.255.0 > peer default ip address pool R1 > ! > interface GigabitEthernet0/0 > no ip address > pppoe enable group global > no shutdown > ! > router ospf 1 > network 12.12.12.0 0.0.0.255 area 0 > > > > > R1#show ip ospf neighbor > > Neighbor ID Pri State Dead Time Address > Interface > 12.12.12.2 0 FULL/ - 00:00:22 12.12.12.2 > Dialer1 > > > > Tp ypur router The problem of using ip address negotiated on the PPPoE > client side is that it will > use IPCP to negotiate the IP address and will always install the PPPoE > Server's IP address > and its own IP address as /32 routes. > in RIP you can resolve this issue using interface command > "no validate-update-source".. > > If you can switch by dhcp and then -ip add dhcp- under client and peer > default ip address dhcp under virtual-template > IP negotiation will follow dhcp's rule and you will have correct mask. > > On Mon, May 7, 2012, at 09:45 PM, naveen bhat wrote: >> >> Hi, >> >> >> >> >> >> I am trying to run OSPF over PPoE but it's not comming up .Here is the >> server/client config. Tried to change the OSPF network type to >> point-to-point but still same issue. As per the debug the two ends are >> complaning about not being on the same subnet and at the same time i can >> ping othe other side. >> >> >> R4# >> vpdn enable >> bba-group pppoe cisco >> virtual-template 1 >> >> username R3 password 0 cisco >> interface FastEthernet0/0 >> no ip address >> duplex auto >> speed auto >> pppoe enable group cisco >> interface Virtual-Template1 >> ip address 23.23.34.4 255.255.255.0 >> peer default ip address pool PPoE >> ppp authentication chap >> >> ip local pool PPoE 23.23.34.3 >> >> R3# >> interface FastEthernet0/1 >> no ip address >> duplex auto >> speed auto >> pppoe enable group cisco >> pppoe-client dial-pool-number 1 >> >> interface Dialer1 >> ip address negotiated >> ip mtu 1492 >> encapsulation ppp >> dialer pool 1 >> dialer persistent >> ppp authentication chap callin >> ppp chap password 0 cisco >> >> R3#debug ip ospf adj >> OSPF adjacency events debugging is on >> R3# >> *Apr 1 17:10:46.111: OSPF: Rcv pkt from 23.23.34.4, Dialer1, area >> 0.0.0.2 : src not on the same network >> R3# >> *Apr 1 17:10:50.242: OSPF: Rcv pkt from 23.23.34.4, Dialer1, area >> 0.0.0.2 : src not on the same network >> R3# >> *Apr 1 17:10:56.111: OSPF: Rcv pkt from 23.23.34.4, Dialer1, area >> 0.0.0.2 : src not on the same network >> R3#pi 23.23.34.4 >> Type escape sequence to abort. >> Sending 5, 100-byte ICMP Echos to 23.23.34.4, timeout is 2 seconds: >> !!!!! >> Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms >> >> >> Thanks, >> _______________________________________________ >> For more information regarding industry leading CCIE Lab training, please >> visit www.ipexpert.com >> >> Are you a CCNP or CCIE and looking for a job? Check out >> www.PlatinumPlacement.com >> >> http://onlinestudylist.com/mailman/listinfo/ccie_rs > -- > This message is intended for the individual(s) to whom it is addressed and > may contain information that is privileged or confidential. > If you are not the addressee you must not read,use or disclose the contents > of this email. > Whilst all reasonable care has been taken to avoid the transmission of > viruses, the recipient should carry out virus and other checks, > as they consider appropriate. > Myself accepts no responsibility in this regard. > > > > > ------------------------------ > > Message: 5 > Date: Tue, 8 May 2012 11:46:34 +0100 > From: Oluwagbenga Oyebande <[email protected]> > To: Cristiano Guerrieri <[email protected]> > Cc: IPexpert <[email protected]> > Subject: Re: [OSL | CCIE_RS] LAB 6 VOL 1 > Message-ID: > <cajbxc8onjfb8vjw-j4r3e0kninlvidudzn+3jyu_ts60+su...@mail.gmail.com> > Content-Type: text/plain; charset=ISO-8859-1 > > Are you looking at the right diagram for Volume 1, Lab6. > > We have 150.100.100.X/24 and 150.100.X.X/24 subnets all over the place in > the diagram. > > On 8 May 2012 09:25, Cristiano Guerrieri <[email protected]> wrote: > >> Hi all, >> probably because I just came back from an holiday in Italy and I've been >> eating too much! >> >> However I cannot fully understand the LAB6 in the volume 1. Looking at the >> solution, I can see a 150.100.100.X/24 and 150.100.X.X/24 (where the first >> X is the connection between routers) subnets configured. I don't >> understand where these subnets came from! the only subnet I can see in the >> workbook is 150.200.200.X/24 >> >> Any help is much appreciated. >> >> Thanks in advance to everyone. >> >> Cristiano >> _______________________________________________ >> For more information regarding industry leading CCIE Lab training, please >> visit www.ipexpert.com >> >> Are you a CCNP or CCIE and looking for a job? Check out >> www.PlatinumPlacement.com >> >> http://onlinestudylist.com/mailman/listinfo/ccie_rs >> > > > > -- > Olugbenga Oyebande > MD, DAIT > 234-803-302-5287 > http://www.dait-ng.com > Cisco Networks, Network Security & Quality of Service > DAIT Linux Enterprise Network Servers, Web Portal Projects > Broadband Internet Deployment & ISP Consultancy > [image: View my profile on LinkedIn]View Olugbenga Oyebande's > profile<http://ng.linkedin.com/pub/olugbenga-oyebande/15/395/8a9> > > > End of CCIE_RS Digest, Vol 76, Issue 24 > *************************************** _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com http://onlinestudylist.com/mailman/listinfo/ccie_rs
