I have to admit that I’ve been an awful blogger recently L (sorry!), I’m hoping to improve things in the near future – since starting @ Cisco I have been studying in sporadic spells of time instead of a fixed 2 hrs each evening which in-turn has caused me to neglect this blog…
Anyway, I’ve got a few little things to update you on:
1) I’ve been tasked with becoming a “semi-specialist” in UC by my manager – this is due to a need for additional LGov UC resource. What this means as far as I’m concerned is that I have a much bigger gap in knowledge to fill (compared to R&S) and therefore any spare time I have during the working day will more than likely be spent trawling through endless docs and labs making sure I’m up-to the standard I would expect if I were a customer – on a business and technical level that is. It’s a challenge I’m ready for and I always welcome additional knowledge to store in my memory banks. It has been said to me in the past that Cisco tends to keep employees outside of their comfort zone – I have a feeling that this also contributed to the decision on what my specialisation will be… Just to clarify – I do still have the full support of Cisco for my R&S CCIE quest J
2) David Bombal has continued the development of the Command Memorizer tool – it was already a great learning aid and his commitment to the development of it is great to see. A number of other bloggers in the community have now used the software and some reviews are linked on the product page.
3) A new consolidated source for Enterprise Technical content has been launched on cisco.com – it’s called “Design Zone”. It’s organized around Network Architectures, Technologies and Vertical Industries and brings Cisco Validated Designs, legacy design guides and SRNDs, white papers, podcasts, videos together in one place – check it out @ www.cisco.com/go/designzone
4) I received an e-mail whilst in the office announcing that Solarwinds Real Time Netflow Analyzer is now free – a great tool to get started with Netflow…
5) From another e-mail –> Ever wanted to search cisco.com, the IOS bug database, or the command lookup tool from the search box in IE or Firefox? –> add the Cisco.com Searches and Tools to Your Browser (instructions are included)
6) Another e-mail –> CCIE SP Mini-Scenarios by Antonio Soares – definitely worth taking a look at if you’re studying or interested in the CCIE SP track
7) I’ve been fortunate enough to come across some great presentations (with audio) down one of the dark corridors of the intranet here at Cisco. I have watched some advanced (some of it is very advanced!) breakdowns of “Spanning Tree”, “MLS QoS”, and “RACLs/VACLs/PVLANs” – I’m very confident with Spanning Tree and the presentation confirmed that I should be able to deal with any STP tasks thrown at me in the exams, I did however learn one or two new things from the “MLS QoS” and “RACLs/VACLs/PVLANs” breakdowns.
I thought it would be nice to share some ACL theory with you to see whether it is known/used in the wild by anyone? If not, and you’re currently studying towards the CCIE R&S, I just know you’ll be really happy with me for introducing you to some extremely technical non-blueprint information after reading this J
Let’s start with a simple “Yes or No” question:
|Q) You’ve just added an ACE to an ACL and now your being told that your switch’s TCAM is full, will the ACE still be added and processed by the switch?
Relatively easy if you’ve read a bit about the subject. Now, let’s get deep into ACLs, and how they affect hardware resources…
|Take a look at the following configuration on a 6500:
10 access-list 101 permit udp 10.0.0.0 0.255.255.255 range 16384 32767 172.16.0.0 0.15.255.255 range 16384 32767
20 access-list 101 permit udp 10.0.0.0 0.255.255.255 range 16384 32767 192.168.1.0 0.0.0.255 range 16384 32767
30 access-list 101 permit udp 10.1.0.0 0.0.255.255 host 192.168.1.1 eq 53
40 access-list 101 permit udp 10.2.0.0 0.0.255.255 host 192.168.1.1 eq 53
50 access-list 101 permit tcp 10.1.0.0 0.0.255.255 10.20.0.0 0.0.7.255 eq 80
60 access-list 101 permit tcp 10.1.0.0 0.0.255.255 10.20.8.0 0.0.3.255 eq 22
70 access-list 101 permit tcp 10.1.0.0 0.0.255.255 10.100.0.0 0.0.15.255 gt 1023
80 access-list 101 permit tcp 10.2.0.0 0.0.255.255 10.200.200.0 0.0.0.3 eq 22
90 access-list 101 permit tcp 10.2.0.0 0.0.255.255 host 192.168.1.2 eq 443 Q1) How many “Mask Patterns” exist in the ACL?
Q2) How many “Mask Slots” will the ACL below consume in the TCAM?
Q3) How many “L4 Ops” are in the ACL?
Q4) How many “LOUs” does the ACL populate?
Believe me, that stuff is the just tip of the iceberg! And my explanations probably don’t tell you everything you need to know to understand what’s going-on. The general rule is that a hardware limit for each one of the items above exists, and software will be used after the limit has been reached (possibly affecting perfomance). For more information click here.
8- After having a few questions fired at me by Channel Partners and Customers during my first few days on the job I realised that the answers might be of use to the readers of this blog, here a couple, I’ll try to publish the interesting/useful ones as they come along:
|Q1) “Is it possible to field upgrade a Cat 6509 chassis to a 6509-E. Reason for doing this is to install a SUP-720-10G initially with a view to implementing VSS next year. Looking on CCO it says SUP-720-10G is supported in a 6509 chassis but doesn’t confirm this will work with VSS?
After a chat this was translated to:
Q2) “The Unified Communications 500 series ‘Baby Call Manager’ – does this support 7941, 7911 & 7921 wireless handsets. The data sheet suggests it does but I’ve got people telling me it doesn’t. Was hoping you could clarify??”