Cosmetic Bug: IS-IS Network Entity Title

Posted on 05/03/2012 | Leave a comment

cosmetic bug:

a software error condition that does not impact a system in any functional way; types of errors can include spelling mistakes, transient error messages, etc.

I thought I’d start a series of blog posts dedicated to what I call “cosmetic bugs” in terms of networking technology. What I mean by that is, things that we learn, see and do in networking without any reason as to the why, because it doesn’t impact a router, switch or protocol in anyway…Just that the why’s have somehow been lost in translation of the years.

One such case is related to the lovely link-state protocol IS-IS. IS-IS stands for “Intermediate System to Intermediate System” and was originally developed to facilitate routing between “intermediate systems” – synonymous with an IP router – over the OSI Connectionless Network Service (CLNS) protocol stack. It was later extended in RFC 1195 to support both OSI and TCP/IP networks (renamed to Integrated IS-IS or Dual IS-IS). Since the OSI protocol stack has been obsoleted by TCP/IP, IS-IS is typically used in service provider core networks due to its scalability and link-state properties.

Having taken CCNP BSCI in college and gone through ROUTE in my current profession, I’ve always been intrigued by the mystical awe that is the IS-IS protocol. Being a link-state routing protocol, IS-IS is similar to OSPF in that networks are learned through flooding of link-state information throughout a domain. However, since IS-IS originated from the ISO to work in tandem with the OSI protocol stack, certain “legacy” properties remain. As indicated in the title of this blog post, I just wanted to spend some time as to the “why” behind the Network Entity Title; also known as the IS-IS NET.

The NET is a configured identifier on IS-IS routers that defines a topology. It is a hexadecimal value and indicates both an area ID and a System ID.

An IS-IS NET is made up of Area ID and a System ID. The Area ID performs the same functions as it does with OSPF (with some key differences that I won’t go into in this blog post) and is topology-driven. The System ID performs the same functions as the Router ID does in OSPF. Unlike in OSPF, it does not have to be derived from an IP address nor requires an IP address to be configured on any interface to function. Also, unlike OSPF which sits at Layer 3 (ie. has an IP header below the OSPF header), IS-IS exists directly at Layer 2 (ie. IS-IS PDU header directly after Layer 2 header). To further compare the two, IS-IS NETs must be defined within a certain structure, whereas OSPF uses arbitary values for Area ID’s and Router ID’s. Some of the details I won’t go into just because it simply has nothing to do with the TCP/IP stack. If, like me, you’ve ever wondered why Cisco uses the same configuration example in all IS-IS documentation, hopefully I can shed some light on that. Let’s look at the structure of a NET to give us some more detail:

As indicated in the diagram above, the following rules must be followed when defining the NET:

  • AFI must be 1 byte
  • Area ID can be 0 to 12 bytes long
  • System ID must be 6 bytes long
  • SEL must be 1 byte

The reason for these “rules” is that a NET is a special version of an ISO network service access point (NSAP) address, familiar to anyone who has worked with ISO protocols.

The AFI, or the Authority & Format Identifier, holds no real value in a IP-only environment. In relation to ISO protocols, the AFI was used similarly to an OUI (Organizationally Unique Identifier) in a MAC address, which would have identified the assigning authority of the address. However, in an IP-only environment, this number has no meaning separate from the Area ID itself. Most vendors and operators tend to stay compliant with the defunct protocols by specifying an AFI of “49″. This is synonymous with RFC 1918 IP addresses – it is privately administered and not assigned to another one specific organization. While best practice, the AFI byte can be combined to format a single Area ID value and is left to the discretion of the network admin.

Area ID’s function just as they do in OSPF and are decimal-notated only.

System ID can be anything chosen by the administrator, similarly to an OSPF Router ID. However, best practice with NETs is to keep the configuration as simple as humanly possible. The System ID is typically derived from either the 48-bit MAC address of an interface (“0cad.83b4.03e9″) or an IP address such as configured on a loopback interface. When defining a System ID as derived from an IP address, you can use a few conversion methods since it must be 6 bytes in length and an IPv4 address is only 4 bytes long. One is to simply add enough zeros to fulfill the 6 byte requirement, which is the simplest. You can also convert an IP address to decimal or hexadecimal formats.

Loopback IP address of 10.255.255.200
NET System ID = 1025.5255.2000

The System ID is solely up to the administrator to choose and requires to be unique within a routing domain. MAC addresses are the easiest choice since MAC addresses are globally unique burned-in addresses and *should not* under normal circumstances be the same between different devices.

The final piece in a NET is the SEL byte, or the NSAP Selector byte. In ISO, this value is used to indicate an upper-layer function. Think of this as being similar to a TCP or UDP port number. In an IP-only network, where no upper-layer ISO protocols exist, an IP router will expect a SEL value of 0×00. This value should always be set to 0×00, which indicates the router itself is the “upper layer” protocol. The take away here is that the SEL is not relevant in an IP network and should be set to 00 to keep NET assignment simple.

*note: As pointed out by Marko Milivojevic on Twitter, a non-0 SEL value indicates a pseudonode. IS-IS on multiaccess networks elect a Designated Intermediate System (DIS). Think DR in OSPF. I’m leaving a lot of details out but just keep in mind that configuring a non-zero value for the SEL will throw you a syslog message since IOS will expect this to be configured as a 0. Non-zeros indicate pseudonodes, such as a DIS, which are “virtual nodes”. More on this later.

Below I’ll list some examples of NETs based on the above rules.

For NSAP format compliant NET, AFI of 49, Area ID of 0001, System ID of 0cad.83b4.03e9 (example MAC address) and a SEL of 00:


Router(config)#router isis
Router(config-router)#net 49.0001.0cad.83b4.03e9.00

Routers in different areas can simply use a different Area ID, no different than in OSPF. You just need to be sure the System ID is still unique, as shown below:


Router(config-router)#net 49.0002.0cad.83b4.03f0.00

For smaller networks with fewer areas, you can also define NETs according to this format:

this time using a loopback IP address of 172.31.255.254:
Router(config)#router isis
Router(config-router)#net 01.1723.1255.2540.00

An important note about NETs is that a router can only be part of ONE area. This is different than OSPF, which ABR’s will typically have at least one interface in area 0 and another interface in a standard or stub area. There are slight topology differences that account for this, which will be the topic of a future post.

The biggest thing to note when it comes to IS-IS NETs is to Keep-It-Simple-Stupid! Personally, I got hung up on the why a NET is always shown with an AFI value of 49. Details like this are just “cosmetic” – your IS-IS network will function just fine if you don’t follow ISO standards, since they’re really not relevant in an IP-only world. However, as you can see on Cisco’s website, best practices and simplicity are what determines what we’re told when learning the protocols. The “why” may not be important, but it’s still worth knowing a thing or two about it, even just to quell your own curiosity.

More on IS-IS in future post(s) – it’s worth knowing, being another tool in the Network Wizard’s tool belt.

EDIT: Thanks to Marko for his corrections and clarifications on some of the key terms and concepts. More posts in the future will be needed to explain IS-IS in more depth…stay tuned ;)

→ Leave a comment

Posted in Cosmetic Bugs, IS-IS, OSPF, Routing

CCIP retired, new CCNP Service Provider offers no bridge for current CCNP’s

Posted on 04/28/2012 | Leave a comment

Last week, Cisco announced the retirement of the Cisco Certified Internetwork Professional, the professional-level Cisco certification for service provider networking:

Retirement of CCIP Certification

Beginning October 29, 2012, Cisco CCIP certification will be retired and Cisco will no longer issue new certifications. Individuals interested in pursuing a professional-level Cisco Service Provider certification are encouraged to obtain the new Cisco CCNP Service Provider certification.

Source

The CCIP certification has been a logical next step for individuals completing their CCNP route/switch certifications. A lot of the topics covered (specifically in ROUTE and the old BSCI) also apply to the service provider routing basics which makes it a logical bridge for many CCNP engineers. Essentials such as BGP, IS-IS (removed from ROUTE) as well as controlling routing information such as route filtering, redistribution, path manipulation, etc, are all covered in length throughout the CCNP and should be very familiar for those coming out of their R&S studies.

With the recent announcement of CCIP’s retirement and with the new SP track, this bridge is no longer possible.

Referring to the new CCNP Service Provider curriculum, the following exams are required for certification under the new track:

  • 642-883 SPROUTE Deploying Cisco Service Provider Network Routing
  • 642-885 SPADVROUTE Deploying Cisco Service Provider Advanced Network Routing
  • 642-887 SPCORE Implementing Cisco Service Provider Next-Generation Core Network Services
  • 642-889 SPEDGE Implementing Cisco Service Provider Next-Generation Egde Network Services

Not to mention also under the new track, a valid CCNA Service Provider is required to be certified for CCNP SP.

For those who have had their CCNP’s for some time, much of the CCNA SP topics in the exam blueprint is pure review. Oh the topics in the CCNA SP blueprint(s) (oh yeah, there’s two $250US exams for CCNA SP) I could only find the following topics that aren’t covered in CCNA/CCNP R&S:

  • Basic IOS-XE & IOS-XR CLI operations and router configurations
  • Transport Technologies such as SONET, SDH, DWDM, ROADM
  • Describe relationship between users, user groups, tasks groups and task IDs in IOS XR
  • Configure Resilient Ethernet Protocol (REP) on Cisco IOS switches
  • Configure QinQ on Cisco IOS switches
  • Carrier-grade NAT (CGN) and NAT64
  • Manage IOS XE and IOS XR software packages

Every other topic that is in both SPNGN1 and SPNGN2 exam blueprints covers CCNA-level routing and switching basics, with a few CCNP-level topics thrown in as well such as GRE tunnels and First Hop Redundancy Protocols, amongst others.

What this means is CCNP engineers must now commit both the time and money to acquire the CCNA SP certification before even attempting a CCNP SP certification. With so much overlap in the R&S certification track, it’s a real wonder why Cisco didn’t think to have some sort of bridge exam to get CCNP’s up to speed in preparation for CCNP SP material.

While it’s not completely unexpected that this track got a significant facelift; after all, covering just QoS, BGP and MPLS leaves out a lot of Cisco’s product-centric features such as promoting their IOS XR routing platforms, it has now put a deadline for those considering CCIP studies. And while Cisco has provided a migration for existing CCIP’s, it still puts prospective certified engineers in a crappy spot. What as now 3 exams (2 if you took the BGP+MPLS composite) are 4 brand new exams with nothing but instructor-led training courses…which are also not cheap.

So for those CCNP network admins who are considering Cisco’s service provider certification tracks, here are the exams (with associated costs) required to reach professional-level certification:

For CCIP (last day to certify October 29, 2012):

  • 642-902 Implementing Cisco IP Routing (ROUTE): $200 USD
  • 642-642 Quality of Service (QOS): $200 USD
  • 642-611 Implementing Cisco MPLS (MPLS): $200 USD Last day to test July 27, 2012
  • 642-661 Configuring BGP on Cisco Routers (BGP): $200 USDLast day to test July 27, 2012

Taking into account that you should have ROUTE or BSCI through your CCNP certification, you are looking at a total of 3 exams at $600 USD total*.

*note: You can also taken composite exam 642-691 BGP+MPLS, also last day to test July 27th this year, making total exams 2 at $400 USD.

Now, if you’re interested in going down Cisco’s new SP track, you’ll be starting at ground-zero with CCNA-Service Provider before moving into CCNP SP:

For CCNA-Service Provider:

  • 640-875 Building Cisco Service Provider Next-Generation Networks, Part 1: $250 USD
  • 640-878 Building Cisco Service Provider Next-Generation Networks, Part 2: $250 USD

For CCNP-Service Provider:

  • 642-883 Deploying Cisco Service Provider Network Routing: $200 USD
  • 642-885 Deploying Cisco Service Provider Advanced Network Routing: $200 USD
  • 642-887 Implementing Cisco Service Provider Next Generation Core Network Services: $200 USD
  • 642-889 Implementing Cisco Service Provider Next Generation Edge Network Services: $200 USD

Cisco is offering a credit towards 642-883 for those who have completed the ROUTE exam (which is part of CCNP). Other than that, with the new SP track, you are tasked with a total of 5 exams, totaling a cost of $1100 USD ($500 for CCNA-SP, $600 for CCNP-SP).

This year will be a rough transition for those looking to enter the service provider track. Actual CCIP certification will only be available until October 29th of this year, with both the BGP and MPLS core exams being retired by the end of June. And for those looking to go down the newly released track, training material will be sparse and not as widely available as those offered by Cisco Press covering BGP and MPLS.

In any case, it’s something that I’m passion about and will be looking forward to seeing developments with these certifications. Since I obtained my CCNP last year, I’ve always been interested in large service provider networks so naturally I’ve gravitated towards this side of Cisco certification. I also hold a lot of respect for the titans of our industry, namely Ivan Pepelnjak, for their deep knowledge of MPLS, BGP and everything routing.

In the meantime, I’ll be looking to crank out some blog posts to compliment my studies currently with MPLS. For those looking to learn more about the protocol, I must recommend Luc De Ghein’s fantastic book MPLS Fundamentals. Further on my reading list is Ivan’s book MPLS & VPN Architectures, Sam Halabi’s Internet Routing Architectures and Randy Zhang & Micah Bartell’s BGP Design and Implementation. If I can fit a certification in between all that information, that’ll be fantastic. However, with Cisco’s current and newly updated SP track, it’s not as high on my agenda. I doubt it’s high on other network pros’ to-do lists either.

UPDATE: After making a similar post on the Cisco Learning Network forum, I received a reply from Rigo the Community Manger, who explained that a valid CCIP certification can be used as a prerequisite towards the new CCNP SP certifications. CCNA Service Provider is not required if you already have a valid CCIP. This makes things a little easier this year while CCIP is still being issued new certifications (until October 29th this year).

→ Leave a comment

Posted in Cisco, Certification

Tagged , , , , ,

My thoughts of certification in 2012

Posted on 03/22/2012 | Leave a comment

Last week, I was in San Antonio, TX, attending a 5-day course for implementing Cisco Wireless VoWLAN networks course, IUWVN of the CCNP Wireless track. I got the chance to learn how to implement Cisco VoWLAN, configure Cisco 2504 WLC’s, WCS and 7921 Wireless IP Phones for voice & video over WLAN, and a lot of the details in between. The week was great — weather was beautiful, our instructor was awesome with 20 years of RF experience from the US Marine Corps and I got to interact with a lot of other network pros. :)

For this blog post, I wanted to pose a question regarding certification in our industry…and specifically, how much certification is too much? When does it show technical proficiency, and when does it become a check box for Layer 8? Working for a Cisco Partner usually means that there are times that certifications are business requirements for maintaining Partner status and not necessarily technical requirements for designing, implementing and maintaining an enterprise network. What about the average network wizard?

With how much any modern business depends on the IT staff to keep the data flowing, certification can certainly be an annoyance or a chore. On any given exam, you may be asked any number of esoteric protocol details, or vendor-specific implementation and design guidelines (trust me when I say that Cisco is certainly not the only culprit) but usually you’re not tested on applying your real-world skills in the testing centers. In fact, sometimes the gear we work with everyday behaves in ways that flies in the face of the Cisco Manifesto (I’m looking at you, Catalyst 6500). I would imagine this to be the position of most of the networking gurus out there – we’re all busy enough maintaining our environments and keeping our users happy.

What does this mean for the network newbie such as myself? Certification will most definitely help getting the ever-crucial “foot in the door”. But while having “CCNA” on your resume or LinkedIn profile will help with recruiter keyword searching, it doesn’t just end there. You have to be able to prove to the IT Manager in the interview you can apply it to solve real-world problems or at least have the drive to soak up as much knowledge and experience to become a productive network admin.

Certification, for me, means that for this technology, I have a declaration that “I believe” in the Dogma of the Vendor. But its the time outside of exam cramming that is spent in lab and solving difficult problems that will actually prove that I can make it in this business.

→ Leave a comment

Posted in Certification

CCO Gems: Cisco Aironet Antennas and Accessories Reference Guide

Posted on 03/21/2012 | Leave a comment

In an attempt to wrap my head around a lot of the Layer 1 details in the Wireless LAN world, I came across the following doc on Cisco’s website under their wireless antennas product info:

Cisco Aironet Antennas and Accessories Reference Guide

One of the most important units of measure to understand when working with RF is the decibel (dB). While this unit is used in many other fields such as sound and audio, this doc presents it in a clear and concise manner as it relates to WLAN’s:

Decibels
The decibel (dB) scale is a logarithmic scale used to denote the ratio of one power value to another.
For example:
X1`dB = 10 log10 (Power A/Power B)
An increase of 3 dB indicates a doubling (2x) of power. An increase of 6 dB indicates a quadrupling (4x) of power. Conversely, a decrease of 3 dB reduces power by one half, and a decrease of 6 dB results in a one fourth of the power.

Increase

Factor

Decrease

Factor

0 dB

1 x (same)

0 dB

1 x (same)

1 dB

1.25 x

-1 dB

0.8 x

3 dB

2 x

-3 dB

0.5 x

6 dB

4 x

-6 dB

0.25 x

10 dB

10 x

-10 dB

0.10 x

12 dB

16 x

-12 dB

0.06 x

20 dB

100 x

-20 dB

0.01 x

30 dB

1000 x

-30 dB

0.001 x

40 dB

10,000 x

-40 dB

0.0001 x

If you’re a newbie like me, this makes a lot more sense than some of the other documentation I’ve read on the subject, especially with the table above that clearly shows how dB increases logarithmically.

Now that we know a decibel is a relative value, we need to know what values are being measured and referenced. In the wireless world, those two values are Received Signal Strength Indicator or RSSI, and Signal-To-Noise ratio (SNR).

RSSI is a vendor-specific grading of received signal strength. Because it is vendor-specific and not a standard measure, these values cannot be used to compare between vendors. It is usually measured in decibel milliwatt (dBm), which is basically the ratio of power referenced to 1 milliwatt. For example, 3 dBm is 2mW of power. Again, the Cisco Aironet Antenna reference guide provides a good chart for common dBm values to give you an idea of how dBm scales in reference to wattage.

Table 2. Common mW Values to dBm Values

dBm

mW

dBm

mW

0 dBm

1 mW

0 dBm

1 mW

1 dBm

1.25 mW

-1 dBm

0.8 mW

3 dBm

2 mW

-3 dBm

0.5 mW

6 dBm

4 mW

-6 dBm

0.25 mW

7 dBm

5 mW

-7 dBm

0.20 mW

10 dBm

10 mW

-10 dBm

0.10 mW

12 dBm

16 mW

-12 dBm

0.06 mW

13 dBm

20 mW

-13 dBm

0.05 mW

15 dBm

32 mW

-15 dBm

0.03 mW

17 dBm

50 mW

-17 dBm

0.02 mw

20 dBm

100 mW

-20 dBm

0.01 mW

30 dBm

1000 mW (1 W)

-30 dBm

0.001 mW

40 dBm

10,000 mW (10 W)

-40 dBm

0.0001 mW

Signal-To-Noise ratio is defined as the power ratio between a signal, such as a WLAN waveform, and the background noise. Again, we’re measuring in decibels since it is the ratio of the RSSI and the surrounding garbage RF noise.

Since I’m coming from a wired world where everything is essentially plug-and-play, I’m working from the ground up at Layer 1 to hone my WLAN skills.
Anyways, the Cisco Aironet document here gives a very succinct overview of various L1 WLAN concepts such as 802.11 modulation techniques, antennas ratings and specs, understanding RF power levels, as well as a slew of other little details. The first 1/3 of the document gives a nice overview of these concepts, while the other 2/3′s list all of Cisco’s Aironet antenna products.

This is one of those gems on Cisco’s site that I’m surely packing the PDF away for future reference (especially for my Cisco wireless studies).

→ Leave a comment

Posted in Certification, Cisco, Documentation, Wireless

OSPF Area ID’s – Dotted or Decimal?

Posted on 02/12/2012 | Leave a comment

I had a thought the other day while at work regarding OSPF area numbers in Cisco IOS.

Having been brought up on Cisco Net Academy in college, Cisco always teaches the following command syntax:

R1(config-t)#router ospf 1
R1(config-router)#network 10.1.1.0 0.0.0.255 area 0

In fact, 90% of all Cisco documentation and command references will always express OSPF Area ID’s as decimal numbers.
One thing you probably want to keep in mind is what is actually transmitted on the wire.
As an experiment, I used area ID’s of 1000 and 2000 on two directly connected routers, and used both formats for configuring the areas.

On R1
router ospf 1
router-id 1.1.1.1
log-adjacency-changes
network 10.0.0.0 0.0.0.3 area 0

On R2
router ospf 1
router-id 2.2.2.2
log-adjacency-changes
network 10.0.0.0 0.0.0.3 area 0.0.0.0

As expected, the OSPF neighbors came up, since we know that when configuring area 0 as a decimal, it’s sent out irregardless as dotted decimal in OSPF packets.

R1#sh ip os int fa1/0
FastEthernet1/0 is up, line protocol is up
Internet Address 10.0.0.1/30, Area 0
Process ID 1, Router ID 1.1.1.1, Network Type BROADCAST, Cost: 1
Transmit Delay is 1 sec, State BDR, Priority 1
Designated Router (ID) 2.2.2.2, Interface address 10.0.0.2
Backup Designated router (ID) 1.1.1.1, Interface address 10.0.0.1
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
truncated...

R2#sh ip osp int fa1/0
FastEthernet1/0 is up, line protocol is up
Internet Address 10.0.0.2/30, Area 0.0.0.0
Process ID 1, Router ID 2.2.2.2, Network Type BROADCAST, Cost: 1
Transmit Delay is 1 sec, State DR, Priority 1
Designated Router (ID) 2.2.2.2, Interface address 10.0.0.2
Backup Designated router (ID) 1.1.1.1, Interface address 10.0.0.1
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
truncated...

Now that I have these routers talking to each other over the backbone area, let’s see how LSA’s for the loopback areas (1000 and 2000) look when configured with decimals under Cisco IOS:


R1(config-if)#do sh run int fa1/1
Building configuration...

Current configuration : 116 bytes
!
interface FastEthernet1/1
ip address 10.10.1.1 255.255.255.0
ip ospf 1 area 1000

R2(config-if)#do sh run int fa1/1
Building configuration...

Current configuration : 116 bytes
!
interface FastEthernet1/1
ip address 10.20.1.1 255.255.255.0
ip ospf 1 area 2000

And the captures:

R1 OSPF Hello on Area 1000
R2 OSPF Hello on Area 2000

As we can see, even though we use decimal notation, OSPF packets are always sent using dotted decimal.
It’s fairly simple why, being just a matter of binary conversation of decimal numbers to dotted decimal format.
For example, R1 was configured on Area ID 1000.

Decimal 1000 in binary is = 0011 1110 1000
Expanding that out to dotted decimal, we have the following in binary = 0000 0000.0000 0000.0000 0011.1110 1000

Converting it back to dotted decimal, we see in the hellos that OSPF Area ID 1000 = Area ID 0.0.3.232.

We can do the same for R2 on Area ID 2000.

Decimal 2000 = 0111 1101 0000 binary
32-bit binary 0000 0000.0000 00000.0000 0111.1101 0000 = 0.0.7.208

So regardless of which way you configure your area ID’s, OSPF will always transmit using dotted decimal format.
While it is easy to maintain and see decimal base-10 on small OSPF networks, an area ID greater than 255 will result in the next 8-bit octet incrementing as your area ID numbers increase (ie. Area ID 256 = 0.0.1.0 in dotted decimal). While 1000 and 2000 are nice numbers in a running config, it will always transmit in dotted decimal.

→ Leave a comment

Posted in Cisco, Config, OSPF

Crossroads: Cisco Wireless Certs Refresh v2.0

Posted on 01/30/2012 | Leave a comment

A couple weeks ago, Cisco Learning Network released the following announcement:

Cisco has updated its written exams and training courses for the CCNA Wireless and CCNP Wireless certification programs. The changes reflect the addition of more relevant materials that include an update to the current version of software including Autonomous, WLC, and Clients.

CLN Announcement

As with any time Cisco brings down a new exam version and topic refresh, candidates (such as myself for the Wireless track) are faced with a dilemma; do I go for the old version exam, or do I move towards studying for the updated and refreshed exam?

For those who have already been studying the previous version exams, such as the previous CCNA Wireless 640-721, you’re probably better off continuing with the current v1.0 versions. At the time of this writing, we’re still relying on the older Cisco Press study guides (for those doing self-study) so there will be some time spent in “Limbo” where there’s no official material for the newer exams.

It’s always useful as well to compare the exam topics to see how it fares with your knowledge.
Since I’m set to go for CCNA Wireless this year, let’s review the changes for the v1.0 and v2.0 exams (640-721 and 640-722, respectively):

IUWNE v1.0 Topics removed

  • Describe the Cisco Mobility Express Wireless architecture (Smart Business Communication System — SBCS, Cisco Config Agent — CCA, 526WLC, 521AP – stand-alone and controller-based)
  • Configure the basics of a stand-alone access point (no lab) (Express setup, basic security)
  • Describe RRM
  • Install Cisco ADU
  • Describe and configure encryption methods (WPA/WPA2 with TKIP, AES)
  • Install/upgrade WCS and configure basic administration parameters (ports, O/S version, strong passwords, service vs. application)
  • Configure and use maps in the WCS (add campus, building, floor, maps, position AP)
 IUWNE v2.0 Topics added

  • Install and configure autonomous access points in the small business environment
  • Describe Radio Resource Management (RRM) fundamentals including ED-RRM.
  • Verify basic wireless network operation
  • Identify basic configuration of common wireless supplicants (Macintosh, Intel Wireless Pro, Windows, iOS, and Android)
  • Implement wireless Guest networking
  • Navigate WCS interface
  • Use preconfigured maps in the WCS (adding/relocating/removing access points, turn on/off heat maps, view client location, and view CleanAir zones of influence)
  • Generate standard WCS reports (inventory, CleanAir, client-related, AP-related, and utilization)
  • Configure authentication and encryption methods on a WLAN (WPA/WPA2 with PSK and 802.1x)

Looking at the v2.0 blueprint, most of the changes are slight reordering of the exam topics and clarification on others. I’m willing to bet that the majority of the changes is the result of the changes in Cisco’s wireless product portfolio (namely, the removal of ADU and MSE specific topics, and Cisco CleanAir features in WCS).

Some of the most important additions/revisions on the v2.0 blueprint is the addition of Implementing wireless Guest networking, 802.1X authentication and configuring common wireless supplicants in Mac, Windows, iOS and Android devices. I’m glad to see some of the more serious topics being added to the new exam since anyone implementing a Cisco WLAN network will need to know the basics of Guest wireless, 802.1X authentication and configuring all the different devices that will be using the WLAN.

So now, the newer candidates such as myself, are at a crossroad. Do we start studying the v1.0 blueprint? Or do we study the updated curriculum that contains all of the recent updates in Cisco’s product portfolio?

Personally, I think I will want to go with the v2.0 exam. While the official course-ware might not be available yet, the fundamentals are the same (with a few additions and updates). The new exam is available as of last week (Jan. 24th, 2012) and for current candidates, the old v1.0 exam will be available until May 11, 2012. What path you choose will depend entirely on you and your studies; either way, keep studying and best of luck!

CCNA Wireless IUWNE v1.0 Exam Blueprints 640-721
CCNA Wireless IUWNE v2.0 Exam Blueprints 640-722

→ Leave a comment

Posted in Certification, Cisco, Wireless

Configuration differences in multi-vendor networks

Posted on 01/26/2012 | 1 Comment

One of the challenges working in a multi-vendor environment is trying to keep track of all the configuration differences. Having all the guides handy helps when you have to look-up a command or two, but actually having a whole end-to-end configuration for a vendor you don’t normally work with can be challenging.

I spent this week training a new employee on both Brocade FastIron/NetIron and BNT isCLI, so I got a chance to refresh my non-Cisco vendor configuration. It can get pretty insane having to jump between the different OS’s so I’ll be making periodic posts (such as this one) for both my own reference and to give some exposure to the various CLI’s that aren’t as widespread as Cisco IOS.

Brocade (formerly Foundry Networks) kit looks pretty innocent at first and is very IOS-like:

FastIron>en
No password has been assigned yet...
FastIron#conf t
FastIron(config)#
FastIron(config)#enable super-user-password br0cade
FastIron(config)#int ethernet 1/1/1
FastIron(config-if-e1000-1/1/1)#

…However, Brocade FastIron has a different way of configuring your basic Layer 2 settings:

FastIron(config-if-e1000-1/1/1)#switchport
Unrecognized command
FastIron(config-if-e1000-1/1/1)#exit
FastIron(config)#vlan 100
FastIron(config-vlan-100)#tagg
tagged                     802.1Q tagged port
FastIron(config-vlan-100)#tagged eth 1/1/1
Added tagged port(s) ethe 1/1/1 to port-vlan 100.

This is the equivalent to Cisco’s switchport mode trunk switchport trunk allowed vlan 1,100.
In my opinion, Brocade has a much more sane way of configuring your L2. You can also use a range of ports (tagged eth 1/1/1 to 1/1/48 eth...) and doesn’t suffer the drawback of having to go into each interface to assign a VLAN. To configure “access switchport”, you add ports to the VLAN as “untagged”.

Some other Layer 2 features in Brocade:

Rapid Spanning Tree
FastIron(config-vlan)#spanning-tree 802-1w
FastIron(config-vlan)#spanning-tree 802-1w priority 4096
FastIron(config-vlan)#spanning-tree 802-1w admin-pt2pt-mac

Voice VLANs
FastIron(config)#vlan 110 name voice
FastIron(config-vlan-110)#tagged eth 1/1/20
Added tagged port(s) ethe 1/1/20 to port-vlan 110.
FastIron(config-vlan-110)#vlan 120 name data
FastIron(config-vlan-120)#tagged eth 1/1/20
Added tagged port(s) ethe 1/1/20 to port-vlan 120.
FastIron(config-vlan-120)#int eth 1/1/20
FastIron(config-if-e1000-1/1/20)#dual-mode 120

Virtual Router Interface (SVI)
FastIron(config)#vlan 100
FastIron(config-vlan-100)#router-interface ve 1
FastIron(config-vlan-100)#int ve 1
FastIron(config-vif-1)#ip address 10.10.10.1/24

As you can see, the FastIron CLI (also applies to NetIron) is very much IOS-like, so the learning curve between IOS and Brocade is pretty minimal. Some others include being able to use any “show” command in any of the CLI hierarchy and use of “enable”/”disable” commands to bring interfaces down or up (instead of your “shut”/”no shut”).

Since this post is looking a bit long in the tooth, I’ll leave the BNT configs for next time. :)

Docs used: Brocade FastIron 07.3.00 Configuration Guide

→ 1 Comment

Posted in Brocade, Config