Skip to main content

CCIE VTP

As you probably know already the Switching part in the lab exam is now taking a grater part in the lab score ~20 points so it is definitely a major subject. VTP (VLAN Trunk Protocol) key points for the lab: In the lab you will have 2x3550 and 2x3560 making configuration of VLAN and VTP slight more interesting and very interesting for spanning tree but this is for another post. vtp default mode is server on server mode you can create modify delete vlan assign password for higher security. vtp check revision numbers the switch with the higher revision number win and update all. mean that if you insert into a new setup a switch that was in production or was handled to show a higher revision number will mess up all your setup so it is most recommended to delete flash:vlan.dat ! all the vlans info is kept in that file ! set / check the vtp mode to server vtp mode server ! set a new vtp domain vtp domain newCCIE ! set a password other then cisco notice that the password is case sensitive vtp password otherthencisco ! and only then install it into your topology !for the lab i would check the vtp status show vtp st ! if status or revision or configuration of vlan is not suitable to my needs ! i would change the domain name to a different domain and re change it to the needed ! domain this would make the revision number to 0 Version of the vtp is not so much concern unless specifically asked as the difference mainly between ver 1 to 2 is the support of token ring on ver 2 VTP pruning is a nice feature that allow the switches to save some traffic by pruning unnecessary vlan traffic. vtp modes : Server as was mentioned before this mode is to allow to create modify and delete vlan Client is not allowed to create delete or modify vlan information Transparent is allowed to create modify delete vlan only on the local switch. VTP is used to transfer multiple vlan information and due to that it can only travel between trunks, so if you have problem with vtp information propagation check your trunk, also one of the switches must be server and other clients for the information to be transferred properly. also ver1 and v2 are not compatible so make sure all switches use the same vtp version. Another key difference between ver 1 and 2 In Transparent mode vtp advertisement that travel trough the switch are drop if not on the same domain, but on ver 2 it is propagated and not dropped. Hope this was some informative review on vtp, note that there is much more to vtp then what I have specified here but I think I have summarized some key features that I use in my practice and real life.
Post a Comment

Popular posts from this blog

Step By Step MPLS – Basic MPLS Setup

Initial configuration , very basic with no MPLS, connectivity only to directly connected interfaces.R1R2R3R4!
!
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface FastEthernet0/0
ip address 10.0.31.1 255.255.255.0
duplex auto
speed auto
!
!
!
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface FastEthernet0/0
ip address 10.0.42.2 255.255.255.0
duplex auto
speed auto
!
!
!
interface Loopback0
ip address 3.3.3.3 255.255.255.255
no clns route-cache
!
interface FastEthernet0/0
ip address 10.0.31.3 255.255.255.0
duplex auto
speed auto
  no clns route-cache
!
interface Serial1/0
ip address 10.0.43.3 255.255.255.0
  serial restart-delay 0
no clns route-cache
!
!
!
interface Loopback0
ip address 4.4.4.4 255.255.255.255
no clns route-cache
!
interface FastEthernet0/0
ip address 10.0.42.4 255.255.255.0
duplex auto
speed auto
!
interface Serial1/0
ip address 10.0.43.4 255.255.255.0
  serial restart-delay 0
no clns route-cache
!
adding to the following configuration MPLS labels we will start wi…

What is about to change in CISSP from Apr 2018

Change have arrived and like with other professional certification there is almost a standard time before certification gets its update, with most anywhere it is between 3 - 4 years, CISSP is no different and since last update was on 2015 the change is arriving here as well.

For the people that wish to see the official existing and new outline

I have decided to write this post as the new out line is more of a list of Domain and Sections within the domain without hint or indication to what was modified actually and I could not find anyone else that done that comparison, I had to take the task and do the comparison, please be advised that I have done it for my own "pleasure" so apologies if I missed something :-)
Lets start with the obvious change:
CISSP - Before Apr 2018CISSP - from Apr 20181. Security and Risk Management16%15%2. Asset Security10%10%3. Security Engineering12%13%4. Communications and Network Security12%14%5. Identity and Access Management13%13%6. …

VRF Maximum Routes

Maximum routes under customer vrf, if the service provider had unlimited resources he would not have needed that!
however normally resources are limited and expensive, and Service provider would like to make money from his available resources. maximum routes configured under VRF provide a mean of controlling PE local resource and abuse avoidance from the CE side.I have vrf called DC_EXTRANET, you can see that I have 16 routes, I have configured 10 maximum routes under that vrf however I did not want to be aggressive so I have set the warning only option. See that immediately I get a notice that I have more routes then the maximum, however no action is taken other then alerting and sending a syslog. ! PE_ashdod_otherisp.n(config-vrf)# maximum routes 10 warning-only % The current number of routes in the routing table is equal to, or exceeds the configured warning limit PE_ashdod_otherisp.n(config-vrf)# *Nov 26 20:39:41.175: %IPRT-3-ROUTELIMITWARNING: IP routing table limit warning - DC_…