Tag Archives: switching

Keeping track of it all: ip access-list log-update threshold

Posted by on February 26, 2010 No comments

I’ve been doing some great studying lately. Here’s my progress:

-Read up to page 85 on the CCIE Exam Cert Guide (4th edition)

-Read 10-20 pages of the BCMSN book, used it to review on some layer 2 topics that the exam cert guide didn’t go into to much detail with

-Did up to page 40′ish on the INE Volume I labs. I’ve been taking my time to make sure I have the verification commands down, and know that I’m “good” at certain technologies. This is especially important to me, since switching is doubtedly a core topic..everything else would break without it!


ip access-list log-update threshold X

I stumbled onto this command thanks to the INE ATC. By default, when you add the “log” keyword to an access-list entry, it will log the first hit, and subsequent identical hits will be logged at 5 minute intervals. Great for the real world (sometimes), not so great for the lab. I find it helpful to know one-for-one, that I have a packet passing through that meets that particular ACL. By entering this command, and putting a “1″ where the X is, it will log hits 1-for-1. Pretty helpful I think.


Anyway, back to studying. I’m now entering the world of STP, so if you don’t hear from me, send help ASAP I’ll be fine.



My CCIE status

Posted by on May 12, 2009 No comments

Well, I am feeling a lot better. Whatever I had was horrible, and took about 7-9 days to get rid of. I don’t feel 100% yet, but I’m back at work for better or worse. Figured I would make a post with my current status as it relates to CCIE study. I’ve been studying cisco docs a lot lately, mostly centered around Frame Relay. I haven’t labbed much in the past week since I have been sick, and not gotten a lot of sleep. I plan on labbing tomorrow morning, but we’ll see how I feel after I get off work. Right now I work 7:30pm till 7:30am, so when I get home I’m usually ready to crash! Here’s some other updates:

  • The free CCNA audio nuggets are somewhat on the back burner right now. I have the class layout drawn up, and it’s ready to be recorded, but time has been so short lately, and the CCIE study takes precedence over those. Once things free up a bit I’m going to record that and post it.
  • I attended Jared Scrivener’s (Triple CCIE from IPexpert) Ask the expert session on Prefix-lists as it relates to BGP the other day. It was pretty good. I definitely left that session with a better understanding of prefix-lists. The following morning I labbed some BGP to play with prefix-lists a bit and get a more functional understanding of them. I think the key without doubt to prefix-lists is knowing your binary. If you know your binary and the layout of a prefix-list, you can figure it out. Maybe I’ll post something up once more time allows.
  • I’m realistically about 50-60% done with Switching and Frame Relay as far as technology based labs. I’ve completed all of the tasks in IE Vol I, but I’m going through the Cisco docs and using those as my yardstick. Once I feel like I’ve got the majority of topics covered I’ll move on to IGP.

That’s about it for now. I am going to hop off here and get back to reading. I make it a point to pick a subject each night at work and read about it in the cisco docs. Don’t know how much it’s helping, but it certainly can’t hurt!



Swine flu…

Posted by on May 7, 2009 No comments

Well, I wish I had more to update you all with. I got very sick last week, with a temp of 102F, chills, body aches, and all the general symptoms that come with being “really” sick. I guess this was my karma, as I had been joking about how the H1N1 (formerly the “swine flu”) virus was being blown up by the media. Shortly after I got hit with whatever this is, and it hit me hard. I never saw the doctor, but I am recovering slowly, so it looks like I’ll live.

Being sick has put a damper in my studies for sure. I haven’t had any energy, let alone motivation, and as a result haven’t gotten much done. I did review some RIP/Frame Relay/Switching tech labs a little. I plan on getting a frame relay article up soon, so look for that. It won’t be so much a “how to”, but more of a “things to know..” type format.

At the moment I am beginning to get into the EIGRP tech labs. They shouldn’t be too bad, but we’ll see. I have always used OSPF, not EIGRP in enterprise environments, so this will be my first time really diving deep into the protocol.

Anyway, more to come in a little while. It’s time for me to transition from SGT CCIE to the daycare taxi for the little one..

Command of the week: Switchport protected

Posted by on April 22, 2009 No comments

I have done my share of work in the networking field, and had never heard of this command. I have also not been exposed to a wide variety of layer 2 technologies, but I must say, that this is a very cool command. Granted, it could be considered old- or not on par with private VLAN’s (which take the same idea of isolating particular ports a little bit further), but I like it’s simplicity. However, it IS available in older catalyst switches that may not support Private VLAN’s, so that is a bonus. Last but not least,  knowing how to configure PVLAN’s and protected ports, you can accomplish- to some degree- the same thing in two different ways- which is always a plus. This article will primarily function as a basic overview of the command, although I will briefly flyby the configuration as it is fairly straightforward. Let’s get to it. First, I’ll present you a scenario that will demonstrate what switchport protected does.

Let’s say you have a Cisco 3550 in a closet somewhere, and for whatever reason want two hosts coming off of that 3550 to have no traffic pass between them. Switchport protected will enable you to do just that. The idea is simple: Any protected port can not talk to any other protected port, but can talk with any unprotected port. The idea here is the same as private VLAN’s somewhat..just a more basic method. There’s a few caveats worth mentioning regarding protected ports:

  • The protection is only local to that switch. If you have User A on SW1, and User B on SW1, both on VLAN 100, configured with switchport protected..they will not talk. However, if you split the two users up on two switches that are trunking, but still within VLAN 100…they WILL talk. The protection does not span multiple switches!
  • The protection is limited to Layer 2. Once the frame becomes a packet at Layer 3, it will allow the two hosts to communicate.
  • To block traffic at Layer 3 also, you would need to look at ACL’s, or Vlan Access-lists, or other methods of access control.

So how do we configure a port to be protected? It’s cake. See below:

Switch(config)# interface fa0/1

Switch(config-if)# switchport protected

That is it! I know, almost a letdown, right? Well, the plus is, there’s more! Commonly when implementing protected ports, you will want to also block unknown unicast/multicast traffic. Why? Think about the basic nature of a switch when it receives an unknown unicast frame..it will flood it out all ports except the one it was received. This could introduce a possible avenue for attack. To mitigate this risk, we can block unknown unicast/multicasts on these ports by using the following configuration.

Switch(config-if)#switchport block {multicast | unicast}

That’s all there really is to it. I hope this short article has at least given you a small insight into small lesser-known features the Cisco IOS has to offer. I look forward to finding the next one to share with all of you!



IEWB Vol I Ver 4, Bridging/Switching

Posted by on April 20, 2009 No comments

Lately I’ve kind of jumped around, so I decided to start at the beginning of IEWB Vol I and move forward from there. Bridging/Switching has been my subject of reading for the past week, so this will be a more focused approach and bring some regularity to my studies for the next X amount of time that I’m studying switching. I expect to complete bridging/switching labs by next weekend. Once I complete those, I’m going to go through Ver 5 of the bridging/switching labs also to verify that I know my stuff. I’m looking forward to making more progress. I have been doing good, but want to step it up a little bit. While I am busy with completing the bridging/switching labs, I am going to write out a detailed plan of study so that I have something to base the rest of my studies on. I look forward to it! Will post more informative stuff once I get a little bit further.

By the way, I was at the Clearwater, FL beach with the family yesterday, and knew instantly that I am meant for this career as when I was laying in the sun I was trying to figure out some NAT issues :)