Home Contact Sitemap

CCBOOTCAMP

Authorized Cisco and CompTIA Training Boot Camps: A+, Network+, Security+, CCENT, CCNA, CCDP, CCIP, CCNP, CCVP, CCIE RS, CCIE Security, CCIE Service Provider, CCIE Voice and so much more…

About Us

Headquartered in the United States in Henderson, Nevada, we offer certification classes and boot camps at remote locations all around the globe, with the majority of our classes held in our state of the art Las Vegas facility less than six miles from McCarran International Airport.
For additional information, visit us at www.ccbootcamp.com.

Q n Q Tunneling

Q n Q Tunneling  
December 16, 2009

By David Clark, CCIE# 14742 (Routing and Switching), CCSI# 31937

Service providers often have multiple customers with overlapping VLAN ranges. Q-in-Q tunneling or 802.1Q tunneling is the mechanism that allows service providers to preserve customer VLANS being transported through the service provider networks. Q-in-Q tunneling uses a two-level VLAN tag structure. Each customer is assigned a unique VLAN within the service providers network, this unique tag is added to all incoming frames from the customer network. The original frame from the customer remains untouched. The inner frame is often referred to as the customer VLAN tag because the customer originally assigns it.

Q-in-Q tunneling significantly reduces the number of VLAN required within a customer network as each customer is assigned a unique VLAN. To the customer the service provider network appears as a transparent bridge connecting their sites together.

When configuring Q-in-Q tunneling the ports connected directly to the customer switch are configured with the command “switchport trunk encapsulation dot1q”. The customer ports are configured as per normal and require no extra configuration.

 

interface FastEthernet0/20

 description customer

 switchport trunk encapsulation dot1q

 switchport mode trunk

 switchport nonegotiate

end

 

Interface FastEthernet0/21

 description service provider

 switchport access vlan 21

 switchport mode dot1q-tunnel

 l2protocol-tunnel cdp

 l2protocol-tunnel stp

 l2protocol-tunnel vtp

 no cdp enable

end

 

In the above example Fast 0/20 resides on the customer switch, while Fast 0/21 is on the service provider switch and configured as a tunnel port. VLAN 21 becomes the outer tag and is added to all frames from Fast 0/20 sent down to Fast 0/21. The service provider port is specifically configured also to carry CDP, STP and VTP frames. The configuration can be verified with the command “show l2protocol-tunnel interface fast 0/21”

 

If the customer is running a negotiated EtherChannel a slightly different configuration is required. On the customer side a normal EtherChannel is configured.

interface Fastethernet0/1

switchport trunk encapsulation dot1q

switchport mode trunk

channel-group 1 mode desirable

 

interface Fastethernet0/2

switchport trunk encapsulation dot1q

switchport mode trunk

channel-group 1 mode desirable

 

The service provider configuration is slightly different from the previous example.

interface Fastethernet0/1

switchport access vlan 17

switchport mode dot1q-tunnel

l2protocol-tunnel point-to-point pagp

end

 

interface fastethernet0/2

switchport access vlan 18

switchport mode dot1q-tunnel

l2protocol-tunnel point-to-point pagp

end

 

In this case we use the “l2protocol-tunnel point-to-point pagp” command to carry the PagP frames across the service provider network. Also one customer VLAN is assigned per incoming from port from the customer switch.  For LACP the ““l2protocol-tunnel point-to-point LACP” would be used.

 

Article Source: http://www.ccbootcamp.com/support-resources/resources/articles-by-ccbootcamp.html

Tags: , , ,

. 17 Dec 08 | Uncategorized | Comments (0)

iCOD Arrival!! Watch the iCOD in action on YouTube.

iCOD Arrival!! Watch the iCOD in action on YouTube:

http://www.youtube.com/watch?v=2KYjpvP56sE

Tags: , , , , ,

. 20 Nov 08 | iCOD, training | Comments (0)

Configuring a Router to Support SDM

Configuring a Router to Support SDM  
November 10, 2008

By Luke Foster

Cisco SDM (Security Device Manager) is a web based management tool that works with the Cisco IOS to aid in the configuration and management of Cisco routers. The GUI (Graphical User Interface) allows engineers with little experience to configure Cisco routers, and stage large deployments. SDM is also powerful enough to help experienced engineers efficiently implement advanced security measures such as an IPS (intrusion Prevention System). 

There are two types of SDM, SDM and SDM Express.  The express version is just a limited form of SDM for routers that do not have enough flash memory to support the full SDM (SDM requires 6MB of flash, SDM Express requires only 2MB of flash). SDM is factory installed on the 1800 series, 2800 series, and 3800 series routers. SDM is also factory installed on router platforms with the (K9) security bundle.  If a router does not have SDM installed, the software can be downloaded for free from Cisco.  When downloading the SDM software from Cisco, make sure to verify the IOS version of the router can support SDM.

SDM provides several wizards to walk an engineer through configuring a router.  These wizards range from interface configurations, to VPN (Virtual Private Network), and even QoS (Quality of Service) configurations. The Security Device Manager also provides real time monitoring, logging, and security audit features. It will even notify an engineer if it notices conflicting configuration parameters and suggest resolutions.

Note - SDM can be enabled on deployed routers without affecting the network

To configure a router to support SDM:

First, enable the HTTP or HTTPS server on the router.

Router# configure terminal

Router(config)# ip http server

Router(config)# ip http secure-server

Router(config)# ip http authentication local

Router(config)# ip http timeout-policy idle 600 life 86400 requests 10000

 

Next, create a user who has enable privileges

Router(config)# username username privilege 15 secret 0 password

 

Finally, configure the vty lines to support telnet / ssh local login and privileged level 15 users

Router(config)# line vty 0 4

Router(config-line)# privilege level 15

Router(config-line)# login local

Router(config-line)# transport input telnet ssh

Router(config-line)# exit

 

Note – If your router supports 16 vty lines, enter the commands above for vty line 5-15 as well

 

Article Source: http://www.ccbootcamp.com/support-resources/resources/articles-by-ccbootcamp.html

Tags: , , , , ,

. 17 Nov 08 | ccbootcamp | Comment (1)

CCIE: Is it really all about numbers???

One of our competitors likes to say:

“It’s simple. You are trying to obtain your CCIE number and xxx is all about CCIE numbers.”

I disagree completely. Becoming a CCIE is NOT all about CCIE numbers. It’s about learning. It’s about experiencing. It’s about YOU BECOMING an EXPERT! Too many training companies focus on quantity and NOT quality. Companies like to say, “We have the fastest growing list of CCIE’s.” That’s great. So to them, their customers are just numbers. I absolutely hate this type of thinking and approach. This is what separates CCBOOTCAMP from our CCIE competition. We focus on the student. We do NOT just like to shove workbooks down people’s throats and hoping that their “lab rat” experience works out well and it gets them through the CCIE lab exam.

I work closely with all of my sales staff, support staff, and instructors to make sure that we provide our students with the best experience possible. What does this mean you ask? This means that we make sure you get the right package from the start. We HATE just selling rack time and workbooks. Sure, it’s a quick and easy buck, but that’s NOT what CCBOOTCAMP is about. We want to make sure our instructors interact with you on a personal level and spend the time necessary to make sure you UNDERSTAND what you are doing and WHY you are doing it - when you do a lab. When I studied for my CCIE lab exam, all I had was a workbook and a rack. I didn’t have an instructor to guide me. What I found out, during my studying, was that I could type the commands that would delivery the proper and correct configuration, but I really, and truly did NOT understand what I was doing! Sure, I even passed my CCIE R&S lab exam. I never configured OSPF or BGP in a production environment prior to the lab exam. I read a few books, did a few labs, and knew enough to pass the lab. If I had to do anything related to OSPF or BGP in a production environment that varied from the CCIE lab, I was screwed! Fortunately, since then, I’ve gotten some production experience with OSPF and a little BGP.

I want our students to LEARN and UNDERSTAND what they are doing. I do not want them to become the same type of engineer I was when I passed my lab exam. I want our students to know what they are doing and why they are doing it. Sure, getting a CCIE # is great, but if you haven’t got the slightest clue of what you’re actually doing and why, are you really an expert? I don’t think so!

Sure, we have a large “hall of fame” that my sales staff posted. But I actually, personally, know quite a few of them! My staff has interacted with the majority of them. Our success stories aren’t just success stories that purchased a workbook off our website and studied. These are engineers we have worked with who have succeeded by learning.

Can a lot of people get a workbook, memorize some scenarios and pass the lab exam? Definitely. Does that make that person an expert? Probably not. I encourage our instructors to work closely with our students to make sure they understand the technologies they are configuring. We DO NOT teach to the test - we actually teach you the technologies and how they interact with each other. It’s quite a different approach than our competition, but I’m sure you’ll agree, it makes sense!

I take pride in the methodology that I personally put together. It is a very well thought out program that combines self paced learning with instructor led training. Feel free to check out one of my methodologies if you have time:
http://www.ccbootcamp.com/about-ccbootcamp/approach-and-methodology.html

The majority of my instructors are regularly working on live deployments and customer networks. It allows our instructors to bring a high level of customer understanding and experience into our CCIE classes. CCBOOTCAMP is not only an authorized Cisco training company, but we are also a Cisco Premier Partner with Advanced Unified Communications specialization. We actually PRACTICE in the channel what we PREACH. It’s something none of our competition does. I think it’s another huge benefit to attending one of our CCIE boot camps. When an instructor can bring a recent real-world situation into the classroom, it makes the student experience and understanding “hit home.”

Getting a CCIE is NOT all about just getting a number. It’s about YOU learning and understanding.

Don’t just get your CCIE #, LEARN IT and become a true expert!

Brad Ellis
CCIE#5796 (R&S / Security)
CCSI# 30482
CEO / President
CCBOOTCAMP - A Cisco Sponsored Organization (SO)
YES! We take Cisco Learning Credits!
Training And Remote Racks: http://www.ccbootcamp.com

Tags: , , , ,

. 16 Oct 08 | CEO CCIE | Comment (1)