ipnet
DAVID GOMEZ
I'm a Network Engineer at a Casino gaming company. I love my job and especially love all about networking. I created this blog to express myself and to teach others. In this process, I teach myself.
"You can't have any successes unless you can accept failure." ~George Cukor
19 posts
Don't wanna be here? Send us removal request.
Last Seen Blogs
camisnoone
Untitled
afelisan
пылесборник
jasfly
Jas Fly
ashmandj
ASHMAN
thevoice-gifs
The Voice gifs
Text
Cisco SecureCrt Script
Here is a simple SecureCrt Script that will log the running config on a Cisco Device.
https://gist.github.com/amb1s1/8a73a10ce9e0e787cd73
1 note
·
View note
Text
Early version of a module to SSH to Cisco Devices
I started working on a python module to make it easy to ssh to cisco devices. I have been so busy at my job that when a script is requested, I just copy and paste the code to be able to ssh, but I decided to make a module for easy to use and to be more organize. I would like to share this, so others network engineer can see how easy is to automate your daily work with python.
Remember always test on a lab environment and use it if you understand. This is a really early version if any bug please feel free to tell me.
Here is the code:
https://gist.github.com/amb1s1/5b4ffcd5a68b810ac71b
Please read the Readme file for how to use:
https://github.com/amb1s1/cisco_connect
1 note
·
View note
Link
Show command using regular expression
This is an option that I think most of the Engineers rarely use.
Example of when this was use to me:
I needed to confirm that all configuration for a specific vrf were remove. The problem was that the delete vrf was named ssdata and the new vrf was hrssdata. So when I search with a regular pipe:
show run | in ssdata
I was getting command for hrssdata. I looked online and the solution was using regular expression, so I used the following:
show run | in _ssdata_
here is a great link to learn more about regular expressions
Using regular expressions with the ‘Show’ command | CiscoZine: “”
2 notes
·
View notes
Text
Python Script for pulling cisco devices running config
OK, long time ago that I had not post anything on my blog, so I will start posting more of what I'm doing now. I started to learn how to use python to create report or to grab information from devices(Not just cisco). My manager asked to create script to grab a group of switches running config and to save it on an spreadsheet. We have a lot of branches and each branches had two switches, so what I did was to have each branch on their own tab and in this tab the two switches will have their configs in two columns. So branch1 will be in tab named branch one and switch 1 config will be on tab branch1 on column A and Switch2 will be in branch1 column B. This was show to our client and they love it(Business side love spreadsheets).
I will post the script here, but before I do this I want to be clear. I'm not a pro in programming, I just have 6 months learning how to program. If you decide to use it, please use it at your own risk. Please make sure to check everything you dont want me to put a backdoor on your network, lol.
Here is my code:
https://gist.github.com/amb1s1/5d29b155acd58f2874f2
The format on my blog messed around with the script. Python is very tricky about space, so I uploaded my code to github with the rest of the files for this script to work.
Here is the link for my github:
https://github.com/amb1s1/config_pull
6 notes
·
View notes
Text
TSHOOT Test Experience and Tips
My experience with the TSHOOT test was hard, easy and fun. It was hard, because it was a lot of work to do for each ticket, easy because that’s what I do for a living and fun because I love troubleshooting.
If you passed the Route and Switch test your are basically ready for the TSHOOT, but there are still things that you need to be prepare
I have couple of tips for this test
1. Recreate the TSHOOT topology over, over and over to get used to the IP scheme and the entire topology.
2. Study all my TSHOOT notes from this blog.
3. Watch the TSHOOT Bull eye Strategy on youtube http://www.youtube.com/watch?v=3Bo4Pw82G2M , this youtube video talk about how to tackle the test.
4. Read the first couple of chapter of the TSHOOT Cisco Press book where they talk Theories.
5. Watch the TSHOOT CBT Nugget
Again, I love this the TSHOOT exam and with a lot of effort and love to the technology you will pass this test.
45 notes
·
View notes
Text
Redundancy Protocols - HSRP, VRRP and GLBP
Issues with Redundancy Protocols
Technologies:
HSRP:
Hot Standby Router Protocol - Created by Cisco
VRRP:
Virtual Router Redundancy Protocol - Created by IETF - Standard work with multiple vendors
GLBP:
Created by Cisco
Issues:
1. Client using the wrong gateway ip address - ipconfig for pc and ifconfig for mac
2. Wrong device acting as the active device - sh standby brief - The device that we want to be active has to have a higher priority number.
3. Missmatch authentication - sh run [interface]
NOTE: Make sure that if a key-chain is on the interface, that the key-chain was created on the global config.
4. The Active device doesn't gain the Active after reboots - sh standby brief
5. Wrong group number - sh standby brief
Good Show command to know:
show standby brief - harp
show glbp brief - glbp
show vrrp brief - vrrp
show standby [interface] - hsrp
show glbp [interface] - glbp
show vrrp [interface] - vrrp
Debug standby terse - hsrp
Debug glbp terse - glbp
Debug vrrp event - vrrp
sh run interface [interface]
note: This is only redundancy protocol troubleshooting. You still need to know the other technologies to be able to fix any issues with redundancy protocol. Example, if layer 1 is not working HSRP, VRRP or GLBP are not going to work.
8 notes
·
View notes
Note
Hi David-I saw you were or in the process of a network migration? Why do you want to use a VPN tunnel when you can utilize next gen IPSEC VPN technology that will support your bandwidth requirements, ensure security, and will preserve network utilization?? If you are interested please check out www.certesnetworks.com
We used IPSEC VPN already and we are planning to used it on our new facility. Thanks
0 notes
Note
I cant seem to get the TSHOOT lab to open. I get errors on the bin file. Do you happen to know what I may be doing wrong?
Try to use the exact IOS that I have on the LAB.
0 notes
Text
642-832 TSHOOT Test Tips - Layer 3 BGP Issues
BGP ISSUES
Issues Peering your neighbor router
3. Since TTL for EBGP is 1 (IBGP is 255) if you want peer to a router that is not one hop away, you will need to use the Multihop command
2. Access List blocking TCP 179 - sh access-list
3. Routers have to have ip reachability (Rip, EIGRP, Static Route....) if the router is not directly connect to be able to establish peering - sh ip route
BGP peers must agree on the following attribute
1. Peer Address
2. Unique RID (Router ID - loop interface)
3. ASN (autonomous system number)
Important command to know
1. show ip bgp neighbors
2. show ip route
3. show ip bgp summary
4 notes
·
View notes
Video
youtube
This video has nothing to do with cisco exams, but I would like to share this video that made. It is a sad history.
0 notes
Text
642-832 TSHOOT Test Tips - Layer 3 OSPF Issues
OSPF Issues
Access-list blocking protocol 89 – sh access-list
Neighbor statement that configured for Non-Broadcast Network - sh ip ospf [interface interface id]
Area 0 not configure on a multiple OSPF Network - sh ip ospf database
Areas not physically or virtually connect to Area 0 (Every area needs to connect to area 0 either physically or virtually connect) - sh ip ospf virtual-link
Missing the Subnet keyword when doing redistribution ex. redistribute eigrp 10 subnets - sh run | sec ospf
Mismatch configurations - The following must match between the OSPF neighbors to have OSPF adjacency
Subnet
Area
Network Type
Hello/Dead Timers
MTU
Stub Flag
Authentications
The above issued can be fiund with the following command - Sh ip ospf [interface interface id]
Sh Commands
Sh ip route
Sh ip ospf neighbor
Sh ip ospf [interface interface id]
Sh ip ospf virtual-link
Debug command
Debug ip ospf packet
#ospf#tshoot#ccnp#ccnp test#cisco#cisco switch#cisco network#cisco test#network#tutorial#tshoot test
12 notes
·
View notes
Note
How did the Test G0
I haven't take it yet. I'm planning to take it in a month.
0 notes
Text
TSHOOT GNS3 Complete Project with complete Configs
TSHOOT GNS3 Complete Project with complete Configs
It took me more than I expect to complete this project the reason why, was that we were celebrating my daughter's first birthday and bautism last sunday and I had to do a lot over the weekend.
Beside that, I was running into some problems with GNS3. My co-worker and I came with the conclusion that it was a GNS3 bug, where it was showing the interface up/ up even though the cable was not plug in. I re-did the project and use the same config and everything was working.
What I want to do is; I would be posting project with broken configs to have people practice troubleshooting by trying to fix the issues. I think this would be a great experience for my you guys and for me. Also I encourage people to send me broken projects to [email protected] and type on your subject: "Broken Project". If you don't type that in the subject the Spam will block the email. Also if you have any question feel free to leave the answer under comments.
So here we going
Click Here For the ZIP File
that includes: the .net file, Config Folder and working folder. When prompt for an username and password, type cisco for everything.
There is only one thing that has to be changed on the .net file and it is the image path for the Cisco IOS File, and it has to be changed in two lines. If you have a text editor that you can see the line number, the lines that have to be changed are lines 6 and 145.
I also did not include the IOS File since is not legal to do that, but I think you all know where to find it. About the IOS Version lets everybody stay with the same IOS version in this case is "c3640-jk9s-mz.124-16.bin".
For Last, if anybody wants to add any technology to this project feel free to send me an email at the same email with the same subject and I will review and if it is appropriate, I will add to the project.
Thank and I hope you enjoy and lets start troubleshoot the heck out this lab.
0 notes
Photo
Finish cabling this baby (cat6513). This 6513 cisco switch is use for our HQ Sever access switch. We have two of this baby for redundancy and we glad that we had two because one went bad and while we replace the bad chassis the backup was taking care the traffic.
17 notes
·
View notes
Text
642-832 TSHOOT Test Tips - Layer 3 EIGRP issues
LAYER 3 EIGRP Issues
Access list issues blocking protocol 88 – sh access-list
Misconfiguration of the network and neighbor statements – One side has a network statement and the other neighbor – sh ip route eigrp – sh run | section eigrp
Device in different subnet – sh ip int brief
Different ASN (Autonomous system Number) - sh ip eigrp interface
Authentication problem – sh run | section eigrp *tips even if you see that the password is the same, does not mean it is the same because one of the password can have a space on the password, but you won’t see it. If you see authentication problem on the debug (debug eigrp packets) you have to remove and add the password – really tricky right.
Different K values (metric weights)
Redistribution issues – Redistribution into EIGRP does not have a default value – We need to add the default value or add the metrics.
Example: redistribute rip metric 1 1 1 1 1
Things to know about EIGRP
Type: Distance Vector
Algorithm: Dual
AD (Admin Distance): 90/170(External)/5 (summary)
Standard: Cisco proprietary
Protocol: IP/88
Authentication: MD5
Multicast: 224.0.0.10
EIGRP is not as big as Layer 2 issues. Remember we can have tons of problems, but I'm trying to narrow the issues with the most common one.
#tshoot#topology#tshoot test#cisco#CCNP#ccnp test#cisco test#lab#eigrp#routing#eigrp routing#network#tutorial
31 notes
·
View notes
Text
642-832 TSHOOT test Tips - Layer 2 issues
TSHOOT test in general can be overwhelming, but if you take the entire test and look at it from one technology at a time, it can be really easy.
I'm going to start to point out issues that we may counter with different technologies base on the TSHOOT blueprint.
On my first post I'm going to start with layer 2 issues.
Layer 2 issues:
Misconfiguration of the trunk encapsulation (Dot1q, ISL) - sh interface trunk
Misconfiguration of the port mode (Trunk and Access) - sh vlan, sh int switchport
Vlan not allowed on the trunk port - sh interface trunk
Adding an Vlan to a switchport and without adding a Vlan is not in the Vlan Datatabse - sh vlan brief
Duplex and Speed mismatch - sh log and sh interface and the interface that you want to see
VTP Issues
VLAN Failing to propagate to in the topology - sh vtp status
Wrong VTP Mode - Having a device in transparent mode between a client and a server can cause problem - sh vtp status
Wrong MD5 digest password - Sh vtp passwor4d - sh vtp status *note the MD5 password sometime look the same, but the hash is different (sh vtp status), the way to fix that is by removing the password and apply the password again.
Dot1Q issue only - Native Vlan Mismatch - sh interface switchport
8. Issues with DTP (Dynamic Trunk Protocol) - sh interface switchport
dynamic mode auto + dynamic mode auto = No Trunk
dynamic mode on + dynamic mode Nonegotiate= No trunking
dynamic mode Auto + dynamic mode desirable= Trunk
dynamic mode on + dynamic mode auto= Trunk
Etherchannel Layer 2 Issues:
Misconfiguration between the members
All members has to have identical configurations *tips always configure the etherchannel configuration with the interface range command.
2. Issues with the negotiation protocols (LACP(open standar) and PAgP(Cisco)
PAgP two modes - Desirable and Auto
LACP two modes - Active and Pasive
On is turning statical the etherchannel on
The etherchannel can't be mismatch with two type of negotiation protocols
3. Issues with PAgP Negotiation Protocol
Desirable + Desirable = Etherchannel is going to be Up
Desirable + Auto = Etherchannel is going to be Up
Auto + Auto = Etherchannel is not going to be Up
4. Issues with LACP Negotiation Protocol
Active + Active = Etherchannel is going to be Up
Active + Passive = Etherchannel is going to be Up
Passive + Passive = Etherchannel is not going to be Up
Command for Etherchannel Troubleshooting:
sh interface trunk
sh etherchannel summary
sh etherchannel port-channel
STP (Spanning Tree Protocol)
High port utilization ( a loop can cause this issue) - sh processes cpu
BPDU Issues propagating
Trunk link have to be established on all interfaces participating in the spanning tree sh interface trunk
2. Misconfiguration of the STP mode PVST, MST and Rapid-PVST - sh spanning-tree vlan vlan#
3. STP not anable on the vlan - sh spanning-tree vlan and the vlan #
�� Conclusion
It may look big, but with couple of commands you can see a most of the problems.
Next Tutorial is going to be Layer 3 EIGRP Issues. Thanks
0 notes