Cisco IOS hints and tricks: labs

Showing posts with label labs. Show all posts

OSPF quick learning module

A while ago I've described a scenario where OSPF behaves like a distance-vector protocol, including creating temporary routing black holes. If you think this behavior might affect your network, it's best you test the details in a controlled lab environment. Our OSPF quick learning module will tell you how to tweak the OSPF parameters and how to prevent IP prefix reappearance in the original area. The blended solution also includes a remote lab exercise, where you can test the IOS behavior on actual routers.

E-lessons are subscription-based; you can repeat each module in the lesson (including the lab) as many times as needed.

Create initial router configurations from dynagen topology

I've always considered building (almost identical) initial router configurations a waste of time, more so when I had to enter them manually, enabling interfaces, configuring IP addresses and Frame Relay subinterfaces on the fly … as well as entering dozens of commands that I feel should be present in every router configuration.

When I finally had enough, I've stopped my non-critical lab tests for a few weeks (that's why there's still no answer on the very good question whether the NBAR started by NAT is of any use) and wrote configMaker: a PERL script that parses dynagen lab topology and produces initial router configurations based on a template file that you can adjust to your own needs. Read more about it in the CT³ wiki.

UDP flood in Perl

If you'll ever find yourself in a situation where you'll need UDP flooding (serial line or device stress testing) but won't have a dedicated flood program available (they're usually just a few click away if you consult uncle Google), here's a Perl version of UDP flood:

#!/usr/bin/perl
##############

# udp flood.
##############
 
use Socket;
use strict;
 
if ($#ARGV != 3) {
  print "flood.pl <ip> <port> <size> <time>\n\n";
  print " port=0: use random ports\n";
  print " size=0: use random size between 64 and 1024\n";
  print " time=0: continuous flood\n";
  exit(1);
}
 
my ($ip,$port,$size,$time) = @ARGV;
 
my ($iaddr,$endtime,$psize,$pport);
 
$iaddr = inet_aton("$ip") or die "Cannot resolve hostname $ip\n";
$endtime = time() + ($time ? $time : 1000000);
 
socket(flood, PF_INET, SOCK_DGRAM, 17);

 
print "Flooding $ip " . ($port ? $port : "random") . " port with " . 
  ($size ? "$size-byte" : "random size") . " packets" . 
  ($time ? " for $time seconds" : "") . "\n";
print "Break with Ctrl-C\n" unless $time;
 
for (;time() <= $endtime;) {
  $psize = $size ? $size : int(rand(1024-64)+64) ;
  $pport = $port ? $port : int(rand(65500))+1;
 
  send(flood, pack("a$psize","flood"), 0, pack_sockaddr_in($pport, $iaddr));}

BGP labs on Partner Education Connection

The BGP remote labs associated with the Configuring BGP on Cisco Routers course are available on Cisco's Partner Education Connection; they are thus available free-of-charge to all Cisco partners. The following exercises are available:

If you're don't have access to Partner Education Connection, you can buy our Configuring BGP on Cisco Routers e-learning solution or the BGP Remote Lab Bundle.

Intrusion Prevention System (IPS) remote labs are available free-of-charge to Cisco partners

We've recently deployed remote labs associated with the Implementing Cisco Intrusion Prevention System v6.0 on Partner Education Connection; they are thus available free-of-charge to all Cisco partners. The following exercises are available:

If you're a Cisco partner, you can start any of the listed lab exercises simply by clicking on its name and supplying your CCO username/password when asked for it by Cisco authentication web page.

Everyone else can buy the same labs from our learning store. For example, for €120, you can get a one week unlimited access to the labs with the ability to repeat every exercise as ofter as you need.

IPv6 e-learning solution

Do you want to gain IPv6 configuration skills and test the associated routing protocols at the time that suits you most? The IPv6 e-course allows you to do just that.

The IPv6 Fundamentals, Design and Deployment (IP6FD) e-course is a blended learning solution that consists of the IP6FD web-based training and associated remote lab bundle. The course provides you with knowledge and skills needed for transitioning to IPv6 based networks. The content encompasses design and security considerations, IPv6 configuration principles and IPv6 transition mechanisms. You will learn how to implement IPv6 in a network using numerous routing protocols such as RIP, EIGRP, OSPF, IS-IS and BGP, as well as hands-on skills in deploying IPv6 transition mechanisms including various types of tunnels.

You can find additional e-courses in our catalog.

IPv6 remote labs on Partner Education Connection

If you need to improve your hands-on IPv6 skills and have access to Cisco's Partner Education Connection, you can get a number of IPv6 remote lab exercises free-of-charge.

Everyone else can buy the same labs from our learning store. For example, for €128, you can get a one week unlimited access to the labs with the ability to repeat every exercise as ofter as you need.

To view the PEC lab content and schedule the labs, just click on one of the following links:

SNPA labs available on Partner Education Connection

Our new remote lab exercises covering the Securing Networks with PIX and ASA v5.0 course have been made available free of charge to Cisco partners on
Partner Education Connection. To start them, just click this link, log in and select the desired exercise.

If you're not a Cisco partner, you can buy the same exercises on our web site.

Setup DNS server in your lab

If you do a lot of telnetting in your lab, you could set up an internal DNS server to be able to use router names instead of IP addresses.

Select a router that will act as the DNS server and configure it on all other routers in your lab. For example, if your DNS server has IP address 10.0.0.1, use the following configuration commands:

ip domain-lookup
ip name-server 10.0.0.1

On the DNS server, disable DNS lookup and DNS forwarding (it has nowhere else to go) and define all the routers as IP host names:

no ip domain lookup
!
ip dns view default
 no dns forwarding
!
ip dns server
!
ip host Core-1 10.0.0.1
ip host Core-2 10.0.0.2
ip host POP 192.168.2.1
ip host Ext 192.168.1.5
ip name-server 10.0.0.1

If you also define IP addresses for the WAN links, for example:

ip host serial-1-0.X1 10.0.1.6
ip host serial-1-0.Core-1 10.0.1.1

… you'll get correct hop-by-hop information from the traceroute command:

POP#trace Ext
Translating "Ext"...domain server (10.0.0.1) [OK]
Type escape sequence to abort.
Tracing the route to Ext (192.168.1.5)
  1 serial-1-0.Core-1 (10.0.1.1) 36 msec 24 msec 16 msec
  2 serial-1-0.X1 (10.0.1.6) 24 msec 28 msec 4 msec
  3 Ext (192.168.1.5) 20 msec * 24 msec

Simplify your lab work

If you do a lot of tests in a router lab, you're probably getting upset when you have to retype the login and enable password whenever you log into a router. What I do in my labs is to disable VTY login, set the default privilege level to 15 and disable exec timeout (to stop the router from terminating my session).

line con 0
 exec-timeout 0 0
 privilege level 15
line vty 0 4
 exec-timeout 0 0
 privilege level 15
 no login

Obviously, this would not bring you additional points on the CCIE lab exam :)

OSPF Remote Lab Exercises

Have you ever wanted to practice with all the aspects of the OSPF technology, from simple single-area scenarios to a complex MPLS environment? The new remote lab product we've just released gives you the opportunity to test a number of OSPF concepts and configuration techniques. The Open Shortest Path First - Complete Technology lab bundle is a collection of exercises taken from standard Cisco courses (BSCI, MPLS and IP6FD) enhanced by specific OSPF scenarios (Non-Broadcast Multi-Access, Sham link support) and complete real-life deployment scenario (OSPF Superlab), enabling you to gain advanced skills in configuring and monitoring OSPF in complex and diverse network environments.

SNRS labs on available on Partner E-learning Connection

If you want to study for your CCSP certification and have partner-level access to Cisco's web, you can schedule Securing Networks with Cisco Routers and Switches remote labs free-of-charge straight from Partner E-learning connection by clicking this link (partner-level CCO username required).

If you're not a Cisco partner, you can buy the same labs from our web site.

Hands-on MPLS Traffic Engineering

I've written a lot about MPLS Traffic Engineering (not nearly as much as I would like, but there are always time constraints), as I believe this technology has interesting applications in Enterprise networks (and we all know that a lot of Service Providers are using it anyway). You might have seen my 10 MPLS Traffic Engineering Myths or the Perfect Load Balancing article … and if you don't know what I'm talking about, there's always the introductory Traffic Engineering the Service Provider Network.

The major problem of MPLS TE is that it's complex and that networking engineers usually lack the hands-on skills, and this is where we can help you: we've just rolled out the revised MPLS TE lab exercises. Compared to remote lab offerings from other sources, these lab exercises are very focused: you get step-by-step instructions (but no recipes, that would spoil the learning process), preconfigured equipment (so you don't have to configure IP addresses or IP routing protocols to get the job done) and detailed solutions explaining which task is achieved using a specific set of configuration commands.

I was able to get a discount for my readers: if you click this link and type in the promotion code 42B078 (expires on January 15th, 2008), you'll get a one week subscription to the MPLS TE remote lab bundle for €56. As this is a subscription offering, you can run the lab exercises as often as you like within a week of the purchasing date. And if you need one more argument to be persuaded, check the lab topology; you can experiment in a preconfigured nine router network :)

ICND1 blended learning

If you're a regular reader of my blog, you probably won't need this one, but it might be useful to your colleagues who are reaching for the first rung on the Cisco certification ladder.

If your first thought was CCNA, you're wrong; Cisco came up with a sub-CCNA certification called Cisco Certified Entry Networking Technician.

We've just rolled out a blended e-learning version of the requisite ICND1 (yes, that is ICND part one) course containing student guides in e-learning format and all the associated remote lab exercises (performed on actual devices, no simulations).

Advanced Routing and Switching for Field Engineers

The Advanced Routing and Switching for Field Engineers course was targeted primarily at Cisco partners, but it covers a variety of interesting technologies that anyone aiming past the CCNP level might benefit from. Apart from heavy focus on MPLS VPN (that was largely missing from the CCNP curriculum), it includes advanced network management and high availability topics.

If you're not an expert working for a Cisco partner, you'll probably not want to attend the full-blown instructor-led course, but you can still get the same hands-on experience using our newly released ARSFE remote lab exercises.

Securing Networks with Cisco Routers and Switches

We have just released the new version of the Securing Networks with Cisco Routers and Switches (SNRS) remote lab exercises. They are an ideal companion to books or e-learning material if you're preparing for the CCSP exam. You can also use them as a great practice environment if you have to support security-related IOS features in your network, but simply don't have the extra equipment to test them out before deploying them.

As a side note, what really amazes me is the fact that Cisco has rolled out a mainstream certification course that supports pretty recent features (up to IOS release 12.4(6)T), including control-plane policing, management-plane protection, zone-based firewalls and Web VPN.

More information is available here.

Practice the PIX and ASA configuration in a remote lab

If you're studying for your CCSP exam or have to test some of the new features available on PIX and ASA, the remote lab exercises supporting the Securing Networks with PIX and ASA course from Cisco might be just the right thing for you. You'll be able to configure firewall and VPN features of PIX/ASA, as well as test its integration in a network, for example, usage of AAA server and deployment of WebVPN. The lab exercises also cover interesting improvements like transparent firewall, virtual firewall and active/active failover.

More information is available here.

Get hands-on IPv6 experience

In one of his recent articles, Scott Morris provided an excellent summary why IPv6 is still on the horizon. The point I like most (as it's often forgotten by the techies) is this:

“After all of the pieces (network, applications, OS, etc.) are done, do you have enough people with enough knowledge to manage and design things? Now may be a good time for some training!”

Cisco has already included IPv6 in its mainstream BSCI course (so IPv6 is now officially part of CCNP certification). Apart from visiting the BSCI classroom course, you also have a few other options to get your hands on IPv6 training material:

Get the BSCI 3.0 blended solution that includes student guide and access to on-line lab exercises (real routers, no simulations :).
If you're a Cisco partner, you can get the BSCI lab exercises from Partner E-learning Connection. To help you get past the site complex navigation, click this link after logging into PEC.
You can also get the full set of BSCI remote lab exercises from NIL Data Communications.

Try before you buy: Configure multi-area OSPF

In a recent post, I've been writing about our CCNP e-learning offerings. If you're aiming toward the CCNP certification and don't have time to attend a classroom session (or hate sitting through four weeks of training), these products might be the perfect fit for you.

If you'd like to evaluate our e-learning offerings, you can get free access to a sample module and related lab covering area configuration in OSPF; just go to our Blended Solutions Portfolio page and click on the Try our E-course Demo link at the top of the page.

Test drive Carrier's Carrier MPLS VPN service

Carrier's Carrier MPLS VPN service is one of the more confusing aspects of MPLS VPN technology; there are simply so many different bits and pieces that have to fit together just right to make it work (although we did a pretty good job describing it in the Cisco Press book MPLS and VPN architectures, Volume II). If you would like to set it up in a test environment, here's what you can do: if you have partner-level Cisco Connection Online access, you can do it free of charge:

Start Partner e-learning connection.
After landing on the main PEC page, click here (or paste http://cisco.partnerelearning.com/peclms/lang-en/management/LMS_TrainLedInfo.asp?UserMode=0&LEDefId=17619 in the browser address bar)

If you're not working for a Cisco partner, you can buy the whole set of advanced MPLS remote labs from NIL Data Communications.

Cisco IOS hints and tricks

Featured products

Labels