It is been a while I check forums and Ubiquiti products. They are really good products. At the beginning the really interesting thing in ubiquiti was the Open minded / Open Source direction they used. I begun to use their product with SR and XR card (when they don’t seek any final products). It was really easy to make your own product firmware with an embedded MIPS motherboard and their cards. The SDK was available at this time.
I check recently and now it is not. Ubiquiti has been introduce in Wall Street. I am really disappointed because when I was interviewed by them for their papers to be introduce to Wall Street I insisted on the fact of they success OpenSource is one main of it.
I would want to make some patch on kernel to be able to pass PPP/IP DSCP to their Atheros card to be able to do the same thing with IP (http://wiki.ubnt.com/AirMax_-_QoS_DSCP/TOS_Mappings). Now SDK is not available and I am really disappointed.
décembre 14th, 2013 in
It is finally out !
The v5.0 of the CCIE exam is here. There are lot of exciting new features to learn It will be great. In a first lecture, you can see these new things :
- EPC (Embedded Packet Capture)
- difference between IOS and IOS XE
The things which are removed :
The Lab is now in three parts :
- TS : as always troubleshooting on virtual equipments (1h30 through 2h (30 minutes shared with CONF))
- DIAG : closed-ended troubleshooting questions (30 minutes)
- CONF : configure the lab (5h30 through 6h (30 minutes shared with TS))
More to read about CCIE RS v5.0 :
Let’s go ! Written is planned to july/august 2014 and Lab in november 2015. Ok. It is said. My plan is on the internet. You are now aware of it and I must follow it !
décembre 4th, 2013 in
If you search why your rules are applied by PPTP VPN sessions are not albe to established with an error 619 (on windows plateform) :
ASA# conf t
ASA(config)# policy-map global_policy
ASA(config)# (config-pmap)# class inspection_default
ASA(config)# inspect pptp
ASA(config)# access-list outbound extended permit gre any any
ASA(config)# access-list outbound extended permit tcp any any eq pptp
ASA(config)# access-group outbound in interface inside
novembre 27th, 2013 in
For those of us like me who are working towards CCIE, you are certainly aware of the fact that CCIE v4 will be raised to v5. For INE.com, it seems that Frame-Relay (replaced by DMVPN), and some other features will be replaced.
I am studying really for fun now : I am studying Frame-Relay now
novembre 4th, 2013 in
This a question which I ask for a long time : is this e Cisco CEF equivalent on Redback router ?
A friend gives me the answer :
[VRF_FOOBAR]75TOTO-SE400-01#sh ip route 172.16.116.98
Longest match Routing entry for 172.16.116.98/32 is 172.16.116.98/32 , version 20
Route Uptime 38w6d
Paths: total 1, best path count 1
Route has been downloaded to following slots
Path information :
Active path :
Known via adjacency, type-hidden route, distance 254, metric 0,
Tag 0, Next-hop 172.16.116.98, NH-ID 0x3450014E, Adj ID: 0x160, Interface 1/5.13717
You can see there that the packet will live the router by port 1/5. You can confirm this by :
[VRF_FOOBAR]75TOTO-SE400-01#show card all fib 172.16.116.98
Prefix Next Hop Interface Next Hop Grid
172.16.116.98/32 172.16.116.98 1/5.13717 0x3450014e
Now, you can see as « sh ip cef … adjacency » :
[VRF_FOOBAR]75TOTO-SE400-01#sh card 1 adjacency | begin 0x3450014e
Encap type dot1q, function ether_dot1q_adj_ip_resolved
e05fb9a6 693c0030 88147df0 81000e85 encap_len 18
05fb9a6 693c : destination MAC address
0030 88147df0 : source MAC address
8100 : ethernet encapsulation
0e85 : vlan ID : here 3717
18 : length
For VLAN ID here :
1/5 vlan-id 3717 Up dot1q interface 1/5.13717@VRF_FOOBAR
To make a point :
./configure && make
septembre 30th, 2013 in
This is for me a new concept I don’t have any see anymore. I only imagine inter-vlan routing by L3 switch or router on a stick.
But you can make this kind of architecture :
In this case : as the request is originated from S1 (who has RA as gateway) to S2.
- RA acts as router : MAC src = RA ; MAC dsst = S2 in vlan 2
- S2 sends to his gateway which this time is RB
- RB sends packet tthrough SB which has not MAC address of S1 in his CAM for vlan 1
- So it acts in normal way : IT FLOODS !
You can have other ways where you can see unicast flooding :
- Spanning-Tree TCN changes
- Forwarding CAM table overflow
You can protect your LAN by using ‘Unicast Flooding protection’
From 12.1(14)E version it is implemented : ‘unicast flood protection‘
To check : ‘sh mac-address-table unicast-flood‘.
septembre 30th, 2013 in
Finally a good explanation of what DF bit does
Thanks to ipspace, it makes me smile
septembre 9th, 2013 in
How to make the path through R2 to 188.8.131.52 prefered over throught R3 ???
septembre 4th, 2013 in