External routes are propagated through an OSPF area as a type 5 from an ASBR,  or type 7 LSA from an ASBR in an NSSA. These routes from outside the OSPF domain are can either be E1 or E2 routes and they are treated in slightly different ways.

E1 or External Type Routes - The cost of E1 routes is the cost of the external metric with the additional of the internal cost within OSPF to reach that network.

E2 or External Type2 Routes – The cost of E2 routes will always be the external metric, the metric will takes no notice of the internal cost to reach that network.

If 2 external type 2 routes exist with the same metric to the same destination the route with the lowest metric to the ASBR will be used. Also if an E1 and and E2 route exist to the same destination the E1 route will always be preferred irrespective of the metric.

Cisco’s excellent reference on the topic is http://www.cisco.com/en/US/tech/tk365/technologies_white_paper09186a0080094e9e.shtml#t33

Off Topic – The weather in the UK for some reason is always exceptional as its an island nation. For the last 5 or so days we have had an exception heatwave and it has been 30°C+ which were just not used to, and I have been surprised how much it has affected my ability to study, I just haven’t been able to concentrate for anywhere near as long as I can in the cold.

Due to my domain name and site title I get a fair few visitors who get directed to this site looking for information about community strings, so I thought its about time to write some information on the topic SNMP community strings.

Simple Network Management Protocol (SNMP) is a set of standards for managing network devices, network devices are monitored by a SNMP manager which connects to an SNMP agent on network devices. Data which the SNMP agent can access is stored in a database called Management Information Base (MIB), MIBs are sometimes called MIB trees and small pieces of information (variables) are stored on MIB leaves.

A community string is a password for accessing the SNMP agent and separate community strings are usually used for systems which require read only or read/write access.

There are 4 version of SNMP;

SNMPv1 – Basic authentication through the use of community strings using SMIv1, the community string is sent in plain text

SNMPv2 – Does not community strings to authenticate. Mandates the use of SMIv2 and allows the use of a new message GetBulk and Inform

SNMPv2c – Uses SNMP version 1 style community strings sent in plain text but operates more similarly to to SNMPv2

SNMPv3 – Similar to SNMPv2 but improvements made for security and access control.

There aren’t that many SNMP message types and its useful to know them all, the SNMP message types are;

Get - Requests a single single variable from a MIB

GetNext - Requests the next MIB leaf in the MIB tree

GetBulk – Requests a sequential list of MIB leaves in a single request, GetBulk is commonly used to extract complex MIB structures

Set - this message changes the value of a MIB variable

Response - Sent in response to a set, get or inform type messages

Trap - This message is sent in an unsolicited fashion and does not require confirmation

Inform - Sent between SNMP managers to inform each other about MIB data

The 3 major steps traditional 802.1d STP uses to stabilise the network are;

Elect the root switch – Only a single switch can be the root switch in a STP domain, each switch will send STP Bridge Protocol Data Units (BPDUs) listing itself as the root switch which is sent across the Layer 2 domain. If the switch receives BPDU with a lower bridge ID, it accepts that as the root switch and BPDUs sent from the switch will list the Bridge ID or the root switch in their BPDUs. Eventually all switches in an STP domain will have the same root switch, after the election period a new root switch will not be elected until hello frames sent from the root switch have stopped being received.

The Bridge ID originally consisted of a 2 byte priority and a 6 byte system ID (MAC Address), but the first 2 bytes were altered to supported technologies which require the VLAN information to be sent in BPDUs such as Multiple Spanning Tree (MST). So now the first 2 bytes consist of 4 bits for bridge priority (as these are the high order bits hence only multiples of 4096 are accepted values), and 12 bits to hold the Vlan information the new 12 bits is called the System ID extension. There is an older post I made about why the STP priority must be a multiple of 4096 here, this bit limitation is also the reason why there is a maximum vlan ID of 4095.

Determine the root port for each switch – After the root switch is elected every other switch apart from the root switch determines the port with the lowest cost to reach the root switch. The root switch sends out hellos and each port receiving the hello adds the port cost using the table below to the hello.

I think that it might have been a bit short sighted stopping the updated costs at 10Gbps, my organisation is running lots of 40 Gbps links and has just finished a field trial of 100 Gbps.

The ports on a non root switch which received the hello and has the lowest cost to to root switch is elected the root port. If 2 ports have the same cost to reach the root bridge the tiebreaker is the forwarding switches Bridge ID, and then an administratively defined port priority and finally the lowest internal port number.

Select the designated port for each segment – Only 1 switch in a spanning tree domain is allowed to forward frames to each LAN segment, this is called the Designated Port. Each switch port will send hellos and with the cost of its root port, this will be received by other switches on the segment and and the port with the lowest cost will become the DR while the other port will move to the blocking state. For tiebreakers the lowest forwarders Bridge ID, then lowest port priority and finally lowest port number is used just like the tiebreakers for the root port.

Detecting when bad things happen – The root switch will send out periodic hellos which will be received, updated and forwarded out of every designated port. The maxage timer is reset every time a hello is sent but if the maxage timer expires (default is 10x the hello therefore 20seconds) the switches elect a new root switch.

If a trunk goes down, a switch will sent a Topology Change Notification (TCN) BPDU out of its root port and will continue doing so every hello time until it receives a Topology Change Acknowledgement (TCA) which is a bit set in the BPDU. When a switch receives a TCN BPDU it will send back a TCA BPDU and the switches will continue forwarding on the root ports until it reaches the root switch. Once the root switch receives the TCN BPDU it will send out the next few BPDUs with the TCA bit set, when a switch receives this BPDU it will time out entries in the CAM

802.1d Interface States -During a topology change there is a risk of causing Layer 2 loops to prevent this the interfaces cycle through the usual blocking, listening, learning, forwarding or disabled states.

Personal Note – Im not going to blogging in such depth and breadth any more as it takes to much time and will cover topics which are more interesting or I struggle a bit on.

VLAN Trunking Protocol (VTP) – VTP updates are sent out of all active trunking interfaces (dot1Q or ISL). Each VTP advertisement includes a revision number that is incremented by a VTP server, the advertisement will only be processed by VTP servers and VTP clients in the same domain and correct password if the revision number is greater than the one currently stored on the switch. Standard range VLAN information is stored in vlan.dat file stored in the flash.

Cisco switches are VTP servers by default but will not send out VTP advertisements until a VTP domain is configured.

There are 3 main modes a VTP switch can be in Server, Client & Transparent.

Server – In VTP server mode you can create, edit and delete VLAN information on the switch and it will be propagated throughout the VTP domain. VTP servers also originate periodic VTP updates.

Client – VTP client mode is exactly the same as server mode except it is not possible to create edit or delete VLANs on the switch, you will need to edit them on a server in the VTP domain and they will update the client, clients will also originate VTP updates.

Transparent – In VTP transparent mode the switch will forward VTP advertisements but not process any of the advertisements. VLAN information can be changed on the switch but the information will not be propagated and stay local to the switch.

Standard/Extended range VLANs – VTP will only update standard range VLANs which is any VLAN with a number between 1 and 1005. If you wish to configure extended range VLANs (VLAN numbers 1024 to 4094) then the server must be in VTP transparent mode as VTP does not support these.

Note: VLANs 1006 to to 1024 were reserved for compatibility with CatOS based switches and shouldn’t not be used.

Extended range VLANS cant be stored in the vlan.dat file and will be stored in the running configuration, if the startup config and the vlan.dat have any differences only the vlan.dat information will be used.

VLAN Trunking – Interconnects between switches are trunked using either ISL or 802.1Q. ISL is Cisco propriety and encapsulates each frame with a 26 byte header and an additional trailer where as dot1Q which is an IEE standard adds a 4 byte tag after the source address field in the frame. dot1q will not tag the native VLAN on a link therefore any frames receiving on a VLAN trunk without a tag are presumed to be part of the native VLAN, ISL does not support native VLANs.

Dynamic Trunk Protocol (DTP) – DTP allows a switch port to automatically negotiate a trunk, this can be a security issue and personally I am not to keep on this and prefer to manually make each port either a trunk or access port. The DTP modes are;

on - Permanent trunk even if the neighbour cant support it

off - Permanent access port, so wont trunk even if the neighbour cant support it

desirable - Actively sends out DTP frames to attmpt become a trunk but will become a trunk or an access port.

auto - attempts to passively become a trunk, so wont send out frames but will respond if it receives them. Note that if both ends are set to auto then the port will not become a trunk

nonnegotaite - The port  will not send any DTP frames out, its recommended that this should be used when connecting the port to a non cisco switch which could react strangely to DTP frames.  Either use switchport mode trunk or switchport mode access to dictate what mode the port should be in.

A couple of notes on the Ethernet Basics chapter from the CCIE Routing and Switching Exam Certification Guide

Wiring – On Routers & PCs transmit pair is wires 1 & 2 and the receive pair is 3 & 6, switches are the opposite way around this is so the receive pair will communicate with the transmit pair between devices. If two PCs (or routers or switches) are directly connected, to ensure the transmit and receive pairs match up a crossover cable should be used which swaps wire 1-3 and 2-6, alternatively the port will need to support Auto MDIX which can resolve the problem automatically.

Auto-negotiation – Fast Link Pulses are used to detect the speed of a connected interface with 17  100ns pulses with informs the  device on the other end of the wire the speed/duplex settings. Fiber does not use Fast Link Pulses but the negotiation works in a similar way.

Preamble - The preamble consists of 62 alternating 1s and 0s ending with a pair of 1s, this 8 bytes of signalling information is sometimes referenced as a 7byte preamble and 1 byte start of frame delimiter.

U/G, U/L MAC Bits – I wrote a post a while ago regarding a couple of bits in the MAC, its important to note that the second from last bit in the first byte of the MAC is the Individual/Group (U/G) bit which if set to 1 signifies that its a multicast or broadcast MAC. Also the last bit is Universal/Local (U/L) bit which indicates where it is set to a 1 indicates it has been administratively as opposed to vendor assigned, but many devices and drivers do not enforce the U/L bit.

As it has been well documented Cisco is changing the Routing & Switching exam to version 4.0 on the 18th of October 2009, its 4 months away so I should be able to pass before then as I was almost ready for the written late last year.

There are no materials released for the 4.0 blueprint yet  https://cisco.hosted.jivesoftware.com/docs/DOC-4604 but I will be using the 3rd edition of the CCIE Routing and Switching Exam Certification Guide, the InformIT quick reference sheets, DocCD, and blogging just to keep my thoughts together.

I have booked a date for the written in August which is going to be a busy month with a trip to the Netherlands for har2009,  so time will be tight. If I don’t pass first time which is likely I will just retake a couple of weeks later.

Beta tests for the new written exam will be going on July & August, but I am considering giving it a go just to get a feel so I know what to expect if I get delayed and had to take the 4.0 track, at $50 you cant go wrong.

I picked up a free voucher to complete a Microsoft Certified Technical Specialist exam and I didn’t have any immediate study plans for Cisco exams so I decided to give it a punt. I flicked through the MCTS exams they offer and the MCTS for Windows Server 2008, Configuring Network Infrastructure caught my eye. I deal with quite a few sites which have Windows Servers to handle things like DHCP, & DNS so I thought this would be the ideal Microsoft Certification to complement my existing Cisco qualifications.

I used a free trial of Amazon prime to get free next day delivery and ordered this book MCTS 70-642 Exam Cram: Windows Server 2008 Network Infrastructure, Configuring (Exam Cram (Que)) I have seen a few exam cram books sitting on some peoples desks and heard good things about them. The content was pretty good and it skipped alot of the basic details which might not benefit the inexperienced reader, but the book desperately needed to be proof read there were lots of errors in it. It was an easy read so I was able to cover around 80 pages each evening without much difficulty.

The voucher had a short lifetime and the furthest date I could find a testing center date in the vouchers validity was 9 days away, which gave me 8 days to prepare from when I received the book. I used the exam cram book as the method of study and had a couple of Sever 2008 VMs running using Virtual Box.

I was really disappointed in the quality of the exam, I don’t wish to break the NDA so wont discuss the contents but it was entirely multiple choice there were no simulation or drag and drop type questions.  There were 50 questions and you would have to practically take a nap to run out of time, I finished with around 50 minutes to spare. The exam was easy and even with only a week to prepare I managed to get 833 out of 700.

One of the reasons why I value my Cisco certifications is that it takes real time and commitment to study for them and pass, also Cisco works hard to make the test difficult to pass without real understanding. In my eyes this test doesn’t carry any weight and I wouldn’t recommend it unless your looking for an extra line on your CV or get hold of a free voucher.

As you might have noticed its been a bit quiet around here, since after I went on holiday.

When I went away I decided that I would complete my honours degree which meant I would not have enough time to continue studying for my CCIE, so the Cisco studies were moved to the backburner.  I’m pleased to say the degree has been completed and I am in a position to start studying again.

My dissertation involved analysing if BGP-4 was fit for the purpose of Internet routing, I also performed an analysis of the CPU requirements for BGP & OSPF with some very interesting results, I will post snippets of my research up here soon.

I also have a great new job and work in computer security for a UK ISP, but wont be working with routing & switching on a daily basis anymore which has worried me slightly but I still want to achieve my CCIE as its a lifetime goal.

It hasn’t been announced publicly yet but I will be giving a talk in August 2009 on “Securing Networks from an ISP Perspective” at a large computer security event called Hacking at Random, the last event in the series 4 years ago was called “What the Hack”.  If your attending please give me a shout.

I’m going to put a timetable for my studies online in the next week or so and continue to use this blog as a study tool to keep me motivated and all my notes in one place. But I wont be ramping the study time from manageable to crazy until after Hacking at Random.

Just to let you all know that there wont be any updates or comment approvals on this site until I return from holiday on the 14th of September 2008.

Today I used the Cisco recommended TFTP server tftpd32 to copy an IOS image from my desktop to my lab 3550, but I got some errors which ultimately led to the transfer failing;

Switch3550#copy tftp flash
Address or name of remote host []? 10.0.0.1
Source filename []? c3550-ipservicesk9-mz.122-46.SE.bin
Destination filename [c3550-ipservicesk9-mz.122-46.SE.bin]?
Accessing tftp://10.0.0.1/c3550-ipservicesk9-mz.122-46.SE.bin...
Loading c3550-ipservicesk9-mz.122-46.SE.bin .from 10.0.0.1 (via FastEthernet0/24
):!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!O!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!O!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!O!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!O!!!!!!!!!!!!!!O!!!!!!!!!!!!!!O!!O!!!!O!!O!!!O!!!O!!!O!!O!! !O!!!O!!O!!!O!!!O!!!O!!O!!!!O!!O!!!O!!!O!!O!!!O!!!O!!!O!!O!!!O!!!O!!!O!!O!!!O!!! O!!O!!!!O!!O!!!O!!!O!!!O!!O!!!O!!!O!!O!!!O!!!O!!!O!!O!!!!O!!O!!O!!!!O!!O!!!O!!!O !!O!!!O!!!O!!O!!O!!O!!OOO!OO!OO!OO!OOOO!OO!OO!OO!OOOO!OO!OO!OO!OOOO!OO!OO!OO!OOO O!OO!OO!OO!OOOO!OO!OO!OO!OOOOO!OOOO!OOOOO... [timed out]

%Error reading tftp://10.0.0.1/c3550-ipservicesk9-mz.122-46.SE.bin (Timed out)


I tried resending the file and got the same error, I looked up the error code and O means that the packets were received out of order, I checked the interface and couldn’t see any issues with it;

Switch3550#show int fa0/24
FastEthernet0/24 is up, line protocol is up (connected)
Hardware is Fast Ethernet, address is 0013.80a2.6b00 (bia 0013.80a2.6b00)
Internet address is 10.0.0.2/8
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, media type is unknown media type
input flow-control is off, output flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:03, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 52000 bits/sec, 2 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
20965 packets input, 10551667 bytes, 0 no buffer
Received 2515 broadcasts (42 IP multicast)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 1279 multicast, 0 pause input
0 input packets with dribble condition detected
19122 packets output, 1248823 bytes, 0 underruns
0 output errors, 0 collisions, 2 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 PAUSE output
0 output buffer failures, 0 output buffers swapped out

To resolve it I doubled the timeout from 3 seconds to 6 seconds and increased the number or max retransmits from 6 to 12, and the transfer went smoothly. Im unsure of why I was getting the errors, I did not set tftpd32 to use an anticipation window and there was only a straight through cable between me and the switch, any suggestions why they were out of sequence would be appreciated!

So I thought this would be a good opportunity to review TFTP & some of its status codes like ! and O. TFTP uses UDP port 69, and block numbers within packets to order them. There was originally a 512 byte block per packet with a 32MB file limit but this has now increased to a variable block size and a 4GB limit with RFC 2348. TFTP is only used significantly today to transfer network device images & associated configurations across trusted networks, it has no methods of listing directories, packet encryption or passwords.

The characters which show the status of a transfer in IOS are
! – Indicates a successful transfer to 10 packets
O – Indicates out of sequence packets
. – Indicates a timeout
E – Uppercase E indicates an error
e – Lowercase e indicates flash is being erased
V – Indicates checksum verification