my subscriptions
POPULAR-ALL-RANDOM | LOADING...MORE »
thomasp76000 5 points

I haven’t checked what is exactly asked for the CCNP ROUTE exam however keep in mind that the most important thing (in my opinion) is to have strong knowledge and skills on the mains topics (EIGRP, OSPF, redistribution, PBR, BGP...). Others topics are also important to know as well but they should represent a small part of the exam, they shouldn’t require as much expertise as the big ones.

xDizz3r 2 points

Everything in the blueprint is equally important. However with TCP i feel i could be studying till infinity so i wanna draw a line.

[deleted] 6 points

[deleted]

xDizz3r 1 point

Youhouuu. TCP is a beast and i'm pretty sure i have only scratched the surface!

xDizz3r commented on a post in r/networking
mikemosh511 2 points

I have this exact setup at a customer.

Isp1 is Comcast coax. Block of 5 static. Comcast modem has 4 ports. Isp2 is fios. Block of 5 static. Only one port, so we have a 5 port switch in front.

The two firewalls are configured as such: FW1 - Comcast WanIP 1 Fios WanIP 1 Internal vrrp to 192.168.200.1, priority 100 actual IP 192.168.200.5

Fw2 - Comcast wan IP 2 Fios wan ip2 Internal vrrp to 192.168.200.1, priority 99, actual IP 192.168.200.6

Ddns is used as they have local exchange, and to ensure VPN works. Ddns client is on an internal server. VPN is handled by open VPN, with the ddns host name in the config file

This was a fun setup to put into place and (knock on wood) no issues in 2 years. Be happy to provide more info if you need it

xDizz3r 2 points

Isp1 is Comcast coax. Block of 5 static. Comcast modem has 4 ports. Isp2 is fios. Block of 5 static. Only one port, so we have a 5 port switch in front.

You basically got a /29 from each ISP right?

xDizz3r commented on a post in r/networking
xDizz3r 156 points

Documentation

cult_of_algernon -6 points

Good answer, but surely documentation isn't everything? Suppose you have a very complex network that requires a lot of documentation to cover it all. In case of an emergency even a senior network engineer might struggle to get things in order if he/she would need to go through the documentation. Time is money. To me it would seem wise to have some form of backup person or team who is kept up-to-date. But I guess staff is money, too, so I'm not saying I disagree with you.

Edit: why the downvotes? I'm not rejecting the idea of documentation. I strongly encourage documentation and if it was my decision everything should be documented. My point was something as follows: You have an airplane with a pilot and 100 passengers. In the cockpit there is a folder that explains exactly how to fly and securely land a plane. Suppose the pilot dies and the plane runs out of fuel and starts to go down. Surely you wouldn't feel comfortable knowing the pilot procedure is documented if noone else can fly the plane? Yes you can ask the passengers if they know how to fly, and maybe one of the guys do, but he's only flown a small Cessna but never without fuel in a thunderstorm and definitely never a big 747. He might be able to land it securely using the documentation but is it worth the risk? Hence the co-pilot.

Maybe a bad analogy that doesn't work well in networking but it illustrates my point. When you have a network environment that only one person knows about, it seems to me that documentation - although very useful and encouraged - wouldn't necessarily be sufficient in some emergencies where time is money. That's not the same as saying documentation isn't required. I just questioned that documentation is everything.

xDizz3r 40 points

Time is money

"Your" time is "their" money and that is management's problem.

To me it would seem wise to have some form of backup person or team who is kept up-to-date

Alongside documentation, he could try to teach you what he knows or you could partner with an MSP.

To conclude, if you have such an extremely complicated network you shouldn't have a human SPOF, period.

xDizz3r commented on a post in r/ccna
xDizz3r 2 points

Nice!!!

serial-lookup - Here is a script i wrote to parse a Cisco serial number into an approximate manufacture date.

reality - Here is another that SSHs into IOS devices and runs show commands.

fantasy - Here is another that SSHs into IOS devices and runs config commands (this one uses multiprocessing)

xDizz3r commented on a post in r/ccnp
xDizz3r 0 points

Did you try to exclude the GNS3 folders from the A/V?

C:\Program Files\GNS3
C:\Users\%username%\GNS3
LordRahl_OG 0 points

Yeah I've included all GNS3 files and directories in the exceptions and still failing.

xDizz3r 1 point

Did you try a c7200 IOS 15 image ?

xDizz3r commented on a post in r/sysadmin
xDizz3r 2 points

We had the same problem.
We saw the problem coming out of a fresh Windows 10 Enterprise Build 15XXX image directly from Microsoft.
This is the latest image for Windows 10 Enterprise, there is no newer build available.
I did a clean install in 5 new PCs (bough in 2018) and the only thing that broke was Windows Update, was giving an error.
After much investigation and google-fu i solved it by installing and running Windows 10 Update Assistant (available from Microsoft).
It updates (doesn't format or anything) windows to build 17XXX.
After the build update Windows Update works fine.

xDizz3r commented on a post in r/sysadmin
xDizz3r 3 points

Quoting a reddit ninja

Can you draw a diagram on the whiteboard of a network you've worked on, and explain it to me?

  • It's an exercise that can reveal a lot more about a candidates experience than any single technical question, and opens up a lot of additional possible questions, while simultaneously allowing you to observe the communication skills of the candidate.

  • Interviews aren't like tests taken in school, or certs. A proper interview question is designed to not have a simple answer, but to draw the candidate into a conversation that reveals not only their technical experience and knowledge, but how they process information, how they identify data, and how they communicate complex ideas.

xDizz3r commented on a post in r/networking
VAS0LINE 2 points
  • Zabbix for data collection and alerting
  • ntopng / nProbe for netflow
  • Grafana to make Zabbix pretty
  • Ansible to talk to Git
  • Git for config management
xDizz3r 2 points

Ansible to talk to Git
Git for config management

Any links/guides/etc. on how you accomplished all that?
When you say Git you mean a local Git server or GitHub?
I'd guess you have RANCID/Oxidized backup the configs into git repo, right?
What are are some cool things you do with that setup?

VAS0LINE 6 points

I have a box that runs Ansible. We have an internal Git server. For config backup, there are cron jobs that launch some playbooks. One of those jobs is to capture the configuration of each network device in our environment and then push the config to Git. I suppose it's similar to RANCID/Oxidized, but it's a hell of a lot leaner.

For making big changes, the process is like:

  1. Someone (who knows how this works) forks the configuration repo from Git
  2. That person submits a merge request to the dev branch containing their modifications
  3. We review the request and merge dev -> master if it is not garbage
  4. My Ansible box will grab the new stuff from Git and then push to a device

I guess it's "Infrastructure as Code" or "NetDevOps" whatever the hip thing is these days. Of course, this is not used for all changes, sometimes I just need to tag a VLAN somewhere or make a small change to an ACL. Also I still want to add some automated QA somewhere in this process, and a mechanism to automatically respond to problems... Basically automate any tedious stuff so I can focus on architecture or deep troubleshooting.

I figured all this crap out with the help of Ansible documentation, Kirk Byers, and months of lab work. I have grand plans to start blogging about it, but I will need to recreate the environment completely in my own time from scratch without the notes I kept at work. I'm pretty sure I could run into some legal trouble if my company decided that the stack I built was "proprietary" in some way. :)

xDizz3r 1 point

Very interesting stuff, hope you create a blog someday! I'm still a newbie in the "Infrastruture as Code" or "NetDevOps" era.

I'm also a fan of Kirk. I've made some python scripts using netmiko, his examples and this awesome guy from youtube.

Also I still want to add some automated QA somewhere in this process, and a mechanism to automatically respond to problems...

I think these Facebook talks on NANOG can get you started.

NetOps Coding 101 Python Intro and Regular Expression Deep Dive Part 1
NetOps Coding 101 Python Intro and Regular Expression Deep Dive Part 2
NetOps Coding 201 Building Facebook's FBAR for Network Devices

One last question, how do you apply the new config as a new "version" and not merge it with the current config? Do you use the cisco's "archive" feature?

Thank you.

xDizz3r commented on a post in r/ccnp
33
xDizz3r 1 point

Congratulations on passing the beast. I want to ask, when you say you used cisco docs do you mean you read the entire Configuration Guide or individual topics that weren't covered good/deep enough from OCG/PCG/INE/CBT ?

xAY400x 2 points

yeah just the ones that weren't covered deeply enough in the OCG etc....

xDizz3r 1 point

cool

xDizz3r commented on a post in r/ccnp
xDizz3r 2 points

I'm using IOSvL2 in GNS3 and the things i can't lab are:

  • SDM Templates
  • PoE
  • Stacking (Stackwise)
  • VSS
  • Storm control

At the moment i'm studying for ROUTE (haven't done SWITCH), but if i was studying for SWITCH i would get 2 physical switches to lab these and everything else inside GNS3. This way i can have both physical/virtual advantages.

Note: I'm not using the image from the latest VIRL update so idk if something from these is supported now.

xDizz3r commented on a post in r/networking
rankinrez 1 point

Cos the interface sucks compared to GNS3 and EVE-NG.

Plus I can run all kinds of other virtual devices in GNS3 apart from just the VIRL images and let them talk to each other.

xDizz3r 1 point

Let me ask you something sir. You can't connect VMs in VIRL like in GNS3 and the cloud interface thingy? Does even VIRL has something similar to GNS3's cloud interface thingy? Can you run wireshark on interfaces?

xDizz3r commented on a post in r/ccna
xDizz3r 1 point

I think you can.
The Verizon CPE probably supports "port forwarding" which is technically Static NAT.
On the CPE create a "port forward" entry for TLS/DTLS pointing to the ASA:

  • Protocol: TCP & UDP
  • WAN IP: <blank> ?
  • WAN Port: 443
  • LAN IP: 192.168.1.254
  • LAN Port: 443

The "WAN IP" part depends on the CPE, check CPE's manual for more details.

+-----+                                +---------+                                                     
| ASA | .254 --- 192.168.1.0/24 --- .1 | Verizon | <public_ip> or <ddns_hostname>
+-----+                                +---------+                   

ASA:

int Gi0/0
 nameif OUTSIDE
 security 0
 ip add 192.168.1.254/24

tunnel-group PROFILE_ANYCONNECT webvpn-attributes
 group-alias AnyConnect enable
 group-url https://<public_ip>/anyconnect enable

Note: If you have DDNS on the CPE you can also specify it here with another group-url like group-url https://<ddns_hostname>/anyconnect enable

Now if you browse https://<public_ip>/anyconnect or https://<ddns_hostname>/anyconnect from a box located on the internet you will hit the Verizon CPE which will allow TCP/443 (SSL/TLS) & UDP/443 (DTLS) inbound and will forward it to 192.168.1.254.

xDizz3r commented on a post in r/networking
xDizz3r 4 points

I like this one as banner motd.

+--------------------------------------------------------+
| UNAUTHORIZED ACCESS TO THIS NETWORK DEVICE AND         |
| ATTACHED NETWORKS IS STRICTLY PROHIBITED!              |
| You must have explicit permission to access or         |
| configure this device.                                 |
| All activities performed on this device may be logged  |
| or monitored without further notice, and the resulting |
| logs may be used as evidence in court.                 |
| Any unauthorized use of the system is unlawful, and    |
| may be subject to civil and/or criminal penalties!     |
+--------------------------------------------------------+
xDizz3r commented on a post in r/ccnp
54
xDizz3r 16 points

Congrats on the CCNP. Now here is some advice from a reddit god (not me!).

  • Employers are posting their ideal candidate. In most situations, they won't find this.
  • If you have 1/2 of the requirements down you stand a good chance at getting that job.
  • You don't have to beat everyone in the world for a particular position, just those who apply.
  • Pay no attention to the "X years' experience required" line or anything that says you need a degree in computer science or anything like that. Look at what they actually expect you to do on a day-to-day basis, and if you think you can do that, apply for the job.
xDizz3r commented on a post in r/ccna
2
jeff597 2 points

Thank you for the explanation. That's what I wanted to hear, SLAAC alone can't do all the job.

Note: According to the course, Stateful DHCPv6 doesn't need O-bit.

The M flag indicates whether or not to use stateful DHCPv6. The O flag is not involved.

Iskaral-Pust 3 points

RFCs 6106 and 8106 actually enhance router advertisements to be able to carry DNS information, including DNS servers (RDNSS) and DNS search lists (DNSSL), but that's probably a bit out of scope for the CCNA. According to Wikipedia, support was added in IOS 15.4, but I don't know the configuration commands for it. Client OS implementation is also a bit spotty from what I gather.

xDizz3r 1 point

Wow i didn't know that.. Not even seen that in any CCNP material so far. From what i see from this wiki and this Microsoft added support only for W10 with the Creators Update.

Load more comments
view more:
next ›
639 Karma
73 Post Karma
566 Comment Karma

Following this user will show all the posts they make to their profile on your front page.

About xdizz3r

  • Reddit Birthday

    August 31, 2013

Other Interesting Profiles

    Want to make posts on your
    own profile?

    Sign up to test the Reddit post to profile beta.

    Sign up