CCNA Bootcamp Session 4

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hello hello hello welcome back to our second session of sunday uh we're gonna wrap up our ccna bootcamp with this section all that good stuff that goes along with it um good stuff so i'm gonna throw i have not tested the poles out here on this but i'm gonna throw out a quick pull i'm gonna create a poll real quick echo's gone now oh okay weird um question uh how was this experience do it again waste of my time and money change how it was delivered content and i'll add another answer and like all good need to come again that's the first answer all right so i'm going to go ahead and i'm going to make this visible and i'm going to add the poll you guys can answer it and go from there so for those if you would do me a favor and provide a little bit of feedback on how you thought the boot camp went because this is my very first time um how that was done can we vote for more than one thing i don't know i've literally just created it um so i don't know what the option okay good stuff okay fair enough okay so clearly you guys would have wished things were done differently in terms of the content and can you give me a little bit of um i think what is this service okay so okay that's another thing i was going to ask um i should like what would it have what would the changes be if you were to um to be done would you prefer it be my goal is to switch over to youtube and do it on youtube i think youtube's got a little bit is does a little better of a job at this type of stuff they are an actual platform so there's that there's a little bit more of a delay but if you could give me some insight as to what you would have wanted to see differently done so like you know done through youtube instead or um other video crash okay i gotcha so having even g working before you start would have helped i got you i think that's what you mean yeah so it's that's going to be i kind of okay that's fair um yeah it's now that i've done this once and it's gone pretty well so i think that in the future i will do things a little bit differently we'll have some more information available before we get started obviously um but this is just use over packet tracer gotcha yeah it's going to be one of those things that i'm going to put uh kind of like a prereq um not a prerequisite but a a recommendation gotcha okay yeah i'm gonna if you just barely got it up gotcha okay um so there's a couple of youtube videos that i put out that are focused on um sorry i've lost my train of thought there are a couple of youtube videos that i've got setting up eve and i suggest you guys go over there uh go on my channel do a search type in eve and pull up whatever content is it uh relative to it and i walk you through how to set everything up so it's pretty straightforward from that perspective but it's one of those things where you're right you would have been easier to have to follow along if everything would have been already set up and yeah so it's but overall um okay cool that's that's what i'm looking for much easier to follow along by doing it with you i got you um awesome well i'm i'm glad that it worked out for you was the was the pace too fast did i go too quickly at any point in time um in terms of the deployments that i was going through where i was starting to lose people um yeah you're a bit quicker points okay i tend to get a little quick when i'm bouncing back and forth and i'm trying to get doing like a transition of going from static routing to stuff like that i gotcha well the fortunate thing is in the next couple of days you guys will get to watch the replays on youtube and i'll post them and it'll be the ccna bootcamp saturday session one and two and sunday session one and two so you'll be able to watch and uh go from there but that that helps because um a lot of these commands i'm comfortable with and so that's that's on me to slow down so um and it's kind of hard to to do that type of stuff and go slow go super slow because i'm i'm just just i get in the i get in the groove and i just go but uh yeah for sure pete i'm sure you'll get that all squared away here pretty soon you'll be good to go my i'm going to transition over to youtube i think for the next round and i am not going to charge for the access to the sessions i'm going to make those free so this is kind of a one i tried this out i didn't get a lot of great feedback so from people that were i was trying to get on the people that are willing to pay to come see to come sit on one of these sessions you guys specifically um that worked out pretty well but i think moving forward i'll probably use uh youtube and then i will anything that's in the platform or anything i'm going to be adding to the bootcamp or any of the live sessions that i do i don't know if i'm going to necessarily call it a boot camp but it'll be like live sessions and you guys can come you know ask questions and things like that through youtube and stuff like that um any of the material that i create eve topologies the configurations all that stuff will be available in the the membership area so you'll just be able to pay the 10 bucks a month and it'll be a barrier to enter it'll be a little bit excuse me a little easier to chew on i get a lot of complaints about people not being able to afford it and that's fine if you can't afford it that's all good um you guys are here so obviously you could afford it so i do appreciate you guys stopping by and you know putting your trust in me to help you prepare for ccna so hopefully the stuff that we covered helped you move that needle closer to a pass then put you further behind but so and everybody got the hundred dollar thing as i never raise the price back up to 250. so but in the future i'm going to probably just go and do i might do another one where i may charge 25 i don't know i'm still trying to figure that out but um with that being said uh i do appreciate everybody coming to the uh coming to our boot camp and stuff like that so um with that being said uh we're gonna dive into ospf in this section here and i'm gonna cover some of the high level details real quick you know the different multicast groups um and go from there and get that running and then we'll talk more about access lists and talk about how they come into play and how you can filter and stuff like that we're not going to get into super super deep detail my goal was to have all the sites working but i'm kind of glad that i didn't i'm glad that i slowed down and i only focused on the specific areas making sure that i didn't leave anybody behind slow the pace down charge more for ccnp and cca content like all the other platforms you know what you're you're probably right about that and that's something that ironically um yeah i'm glad you guys are saying that and not me um but that's actually my goal is anything that's going to be more ccna oriented i'm going to keep the price relatively inexpensive but if you're looking to dive into accessing content for more advanced networking skills yeah whether it's cisco vmware or otherwise i probably will charge more 25 or 50 bucks a month for ccnp ccie training my ironically my my personal direction is vmware right now and it's been like that for i don't know probably five or six months now um so at some point in the future that will i'll try to get more content out but i really don't want to do pre-recorded videos anymore like where i'm having to record the videos and then upload them um stuff like that it's very time consuming to do that i'd rather get on here and just talk about the technology and answer questions that you guys have would definitely be back to the company more content okay so you both you want to see vmware content live sure just be aware and i don't want to take up too much to the beginning part of this session with just mumbo jumbo stuff but um just be aware when it comes to vmware top content i have no problem going live and doing some vmware training and stuff like that i really enjoy vmware actually but the only drawback to it is that when you're dealing with vmware training things like installing vcenter server or installing esxi hosts that is a time consuming process so i would just have to come up with a game plan of talk about the talk about whatever it is that i'm doing and as i'm talking about it be going through the deployment so um installing vcenter server takes about a 40 minute it's about a 45 minute process um depending on the platform if i deploy it directly on a server it goes much quicker 15-20 minutes but it is a time-consuming thing so it'd be one of those things where like if i was to do a live stream i'd have to like come up with some filler topic for 10 or 15 minutes you know something like that i wouldn't be able to talk about all the theory up front and then sit there and just twitter my thumbs so i'll have to figure that out as we move forward but um as a matter of fact i am just about done uh recording my nsx for nsxv for vsphere series and i've got about 30 something videos recorded for that and then i actually just bought two books for vmware nsxt the new version of nsx and i'm going to begin recording content with that here uh starting next week and getting that because i have two different environments set up one for v one for t i'm gonna start getting that stuff rolled out so you'll get to see some technology rolled out for it now that'll be pretty cool i'm actually really looking forward to that um getting that stuff knocked out and then once i have t knocked out and that recorded and all that good stuff my goal is to then start diving into desktop mobility so good stuff there i want to become one of those rockstar vmware engineers as well so all right uh without any further ado let's dive into ospf let me go ahead and uh share my screen screen three go ahead and get this party started and let me go close this message all right so um so i do i will first before we dive into the cut the content i do want to thank everybody for their feedback that's important to me because what i think works and is should be a very smooth operation may not be the case for you guys so um i do appreciate that and what we'll do as we move forward um i like open and honest be transparent with me let me know honestly what you guys think on stuff because um what i think works may not so but i do appreciate the feedback so with that being said we will dive into ospf so ospf is probably one of my favorite protocols besides bgp from an operational perspective it's very very easy to to get working and there's some some cool stuff that comes into play with how it works and stuff like that but you need to i'd say from a if you were to learn dynamic routing in a uh crawl walk run or start from a and get to z i'd say that rip is the easiest one to understand out of the gate and then then eigrp then ospf because if you understand eigrp and you get that down pat then ospf will be very very similar to eigrp some some slight differences but on how the protocol works the different multicast groups and things like that but for the most part ospf and eigrp are very similar operationally so it makes it very easy to deploy and get working and then once you understand ospf pretty well isis is the same algorithm so the shortest path first algorithm to get working and um it doesn't do as many things as ospf does ospf has a crap ton of nerd knobs and i'll show you that when we get on the cli but it's definitely a couple of protocols that if you go in that that order rip version 2 eigrp ospf isis and then dive into bgp it'll make all the writing protocols pretty easy and to be honest with you if you start grasping the concept and the understanding of how the writing protocols work that way it'll be that much easier you'll see that you'll start to pick up the pace of your learning because you'll already understand how something works over here say like how you know adjacencies are formed um you'll understand how that works in ospf because it'll pick up on it right away with ospf because you already understand how it works in eigrp but once you have that base foundation and you add that layer it'll just be an adding another layer and another layer and you'll be able to pick up on things much much quicker so hopefully that makes sense so um with that being said uh the cool thing about ospf is it's open standards right it's open standards and it allows any vendor to run it right so i've worked in several environments where i've had a situation where i'll go ahead and change my color to be green so it's easier for you guys to see i've had several deployments where i've had a cisco router right i'll just say cs a cr here and a cr here and then i've got connectivity to a couple of like a stack of cisco switches so i'll draw this out like this and these guys are stacked together and these guys are connected to here like this and then you've got some like palo alto firewall and a palo alto oops palo alto firewall and these guys connected like this right so i've deployed a lot like this and you end up having to form ospf adjacencies like this right you get all your adjacencies up and running and you have a kind of an h a deployment scroll deployed so in this case here it makes it really easy to roll that out and then you can have multiple connections set up and then this is actually very common where this little section right here and i'm not going to get too much into design but this little section of connectivity here is a very small public address range public public ip space where let's say for example you go out to a uh there's a comp there's a place on the internet called ipv4 auctions.com and you can buy subnets that are no longer needed by an organization and you can i'm not sure how often it's that this is the last place i remember looking for ipv4 addresses but um i've bought slash 24s for customers in the past obviously they're paying for it i'm just going out there and grabbing the subnet range um so let's say for example you grab the 131.0.0.0.24 range right what's cool about this is you can actually take the very end of the range let's say you break it down and you have one two three four devices right so you need to have at a minimum um you're going to have one connection here so it's going to be uh dot one and say dot two we have another connection down here these could be you don't have to have them all separated you could have uh vlan separation here where csr1 or cisco router 1 and palo alto one are one subnet and that's in uh point to point or you could do it a couple different ways i often recommend since you've got four devices you would need like a slash 29 right slash 29 address range and then you give this guy.1 this guy.2 this guy.3 and this guy.4 and then this is a end of the range type of configuration where you're gonna go and break it down and then you take the very last six ips of your range you just advertise you pull 29 off the back end of your 131 address will be like 131.0.0 dot what would that be uh 248 yeah 248 through 254 right so you'd grab these last six ips off your range and you'd associate them here and then once you by doing that you would be able to have for example this would be your nat router right and you would have inside and you'd have outside and then you'd be doing all your firewalling on your palo altos that's just one example but this is where you would use ospf because it provides that inter of inter vendor communication you'd be able to set up a ospf pairing between the cisco box and the palo alto box and that's where that type of stuff comes into play that's what that's why i really like ospf because i don't care who i'm peering with i can do whatever i want especially in a data center this is huge in a data center because more often than not i'm going to be dealing with not just uh with more than just cisco right oh and by the way uh if i'm running let's say this is a data center and behind my csrs i have a or my csrs but behind my cisco routers let's say i have nexus switches right and they're connecting up to the cisco routers what i might have behind my nexus switches are e s x i hosts and on those esxi hosts i might be running ns x v or t and guess what nsxv supports ospf and bgp nsxt and 3.0 just supports bgp but in 3.1 it supports ospf and vgp so i'd be able to route from my edge down to my esxi host through dynamic routing so if if you're following what i'm trying to play down here once you learn how the protocols work and how you unders you understand their interoperability and you know communicating between the different vendors i could have one ospf adjacency or not i shouldn't say ospf adjacency i can have connectivity from my esxi host to my palo alto firewalls all running ospf right and that's that's where the the beauty of having a protocol that's vendor and agnostic you know ospf runs on everything bgp runs on everything makes it really really easy to do that type of stuff so the reason i bring that up is because you might walk into an environment where you eigrp isn't the way to go it's not the way to do it because it you wouldn't have the all cisco environment to work with so eigrp is great it works really well but there are potential issues with it and one of them is not being able to work with other vendors so keep those things in mind i'm going to clear the screen off now ospf works very very similar to eigrp so if you have r1 and you have r2 i'm going to use the same example i used before and there's a land segment sitting behind it you're going to have a connection between these guys this guy is going to be 10.1.2.0 24. this guy will be 1 to skywb.2 and you're going to use the router ospf 1 command now the number here is arbitrary you can use whatever you want this right here is just a process id right it's not the same thing as an autonomous system number there are two different concepts this is a local process because you can have more than one ospf process running on a router and you can redistribute between them as well on the same router where if you're coming in underneath here the network statement is identical you type in network of say 10.1.2.0 0.0.0.255 but then you need to add in one more additional statement which is the area identifier we'll say area zero area zero what is area zero what is an area an area is a flooding domain so an area in ospf is to ospf where a autonomous system number is to eigrp it's how far we're going to let our routing updates propagate and what is our administrative domain now they're not the area isn't specifically tied to the administrative domain because you can have multiple areas inside of ospf and they're all the same autonomous system or the administrative domain so i can have r1 r2 r3 and then r4 all in serial or on a line and i can run ospf area 0 between r2 and r4 and r3 and then on r2 i can have another area over here i can have this as area 1 for example and then this guy right here when you have multiple areas would would sit between area zero and area one and any router that sits between two different areas is referred to as an area border router because it borders two different areas you need to in order for an abr to be an abr it needs to have at least one interface specifically this one right here inside of area zero and then once it does it can have an interface in any other area that's non-zero so one through uh was it's 4.2 billion i think it's something ridiculously high now from a area nomenclature perspective 0 right here if you type in area 0 it's actually going to look like this it's going to be a 32-bit address or a 32-bit identifier and it can be it can be documented either as 0.0.0.0 or a zero now if you want to make this area 10 you can make it area 10 or you can make it 0.0.0.10. it's up to you and how you want to just define it irregardless of how you define it it is an identifier right and that is the key thing to keep in mind here the area is the only thing different between ospf and eigrp and it's similar to the autonomous system but not the same in terms of being a bound uh to be an administrative domain yeah the autonomous system is the administrative domain the area is the flooding domain so in that case that's where they're the same as the flooding domain how far you're gonna send writing updates now they work the same way in terms of how you set them up so you type in rudder ospf 1 and then network of 10.1.2.0 0.0.0.255 area 0. you do that on both sides right you can figure that on r1 you can figure that on r2 what's going to end up happening is they are both going to send hellos out the interface that's configured with the ip address of 10.1.2.x that's still the same as it was for eigrp the only difference is they send to 224.0.0.6 for the designated router and two to dot for all non-dr routers so what that means is i'm going to send by default on a connection between two different routers that are connected to a multi-access interface or they're connecting you plug a router into a switch and that switch also connects to another router that's a multi-access interface you're going to run if it detects ethernet it's going to automatically run that into the broadcast network type and it's going to send all of your updates to this guy right here because you're going to have a designated router election process what's a designated router a designated router is going to be the device that handles all the routing updates in the environment so whoever wins the election whether it's router 1 or router 2 will be the device that all the routers in that subnet that are connected to that lan segment so you might have r3 up here as well you might have r3 that connects into and here like this and this would be dot three in this case here you're going to have one route one dr and let's say that r2 becomes the dr you're going to have one router that becomes the backup designated router we'll say that's r1 and then r3 if r1 and r2 have already been elected as dr and bdr r3 will come in as a non dr or or a dr other so what ends up happening then is if i if r3 has a lan segment that he needs to advertise he's actually going to send that update to 224.006. 22406 is going to come to router 2 because he's the designated router and then what will end up happening is r2 will then go ahead and receive that update and then he'll push that update to r1 r1 will get the update r1 will always be kept up to date via r2 through any updating and this will actually be a unicast update updates are propagated via unicast to all the devices and then in the event that r2 goes down r1 will then be promoted to designated router and then r3 will be promoted to backup designated router because the election process will kick off and r1 will then be able to disseminate information just like r2 did and that's how the dr process works now is there any real value of having the dr there is not so if you only if you have connections like this and you have multiple routers sitting on it and it's uh then the broadcast network type and the dr makes sense but most of the time you're not going to have this type of a setup you're going to have something that's more like this where you're going to have a point-to-point link and what you're going to do in order to remove the dr process from your operations you're going to go to the interface level here and here and you're going to type in the command ip ospf network 0.2 point if you go to point to point number types on both sides they both have to be the same configuration where you get a network type mismatch you do that they're automatically going to get rid of the type 2 lsa the dr process goes completely uh goes completely away and you are no longer running a dr and that's the ideal situation and i'll show you guys how to set that up on r1 and our and switch 6 so you guys can see the difference between the two if you are running a scenario where you've got r3 r2 and they're connecting down to r1 and you've got a lan segment connecting these guys together then a dr process would come into play but you don't have to use it you can actually use what they call point to multi-point which is another point-to-point option so you've got a single point and he points to here and he points to here so you can run also a network type of point to multi-point that's another option as well and then it forms adjacencies with both guys and the updates go back and forth like so if you have the ability of running even g and you have the ability of running ospf i would suggest testing out all the different network types a lot of organizations that only have point-to-point connectivity between their infrastructure devices will automatically go to point-to-point ospf a network type point-to-point is probably the most common deployment that i've seen it's very rare to see network uh broadcast there's a couple other variations as well and just so everybody's aware when it comes to a similarity perspective on the network types you have broadcast and non-broadcast multi-access for those of you that have been around for a while in the id space this was what frame relay was commonly referred to as non-broadcast multi-access non-broadcast meaning that multicast was not supported over the transport where only unicast communication was allowed so you would have to use a different type of situation and if you had i won't say this is a frame relay network over here you would use point to multi point to multi-point non-broadcast as your connectivity which would mean that you're only allowed to use unicast communication so there's no multicast to lows being sent and then so these will work together because they're just because you still have the the dr bdr process coming into play where point to point point to multi-point and point to multi-point non-broadcast are all similar as well so this is the determining factor broadcast and non-broadcast multi-access will work together and any version of point to anything else will work together but if you try to run point-to-point and broadcast on the same land segment it would not work so just keep things like that in in mind when you are looking at how the operations come into play and things like that so that is some of the basics that i wanted to cover in terms of the operations there is there any questions before we dive into the config because the config isn't going to be very involved it's going to be setting up a couple of network statements doing the passive interface between these guys right here like we did with the igrp and getting the uh the default route propagated and all that good stuff any questions anybody has clear as mud maybe i don't know well i'll let you guys give me the the feedback and i'm gonna go on a limb here and say that you're probably gonna have to go over this a couple times and lab this stuff up in order for it to really click i know i did i understood the logic to it i mean it probably makes probably makes sense but it might be the first time you're hearing some of this stuff but you definitely need to dive into this stuff a bit more and do some hands-on labs so kind of beating you the the punch there pete because i know that's your typical response but i know where to you're on the right track though anyway no questions good stuff with that being said i'm gonna go ahead and clear the screen off if you are typing your question go ahead and uh pose your question and we can handle that um if not i'm going to go ahead and get the configuration going i'm actually going to can you touch on the different types of lsp or is that not so important yeah i could touch on them real quick let me clear the screen because i'm kind of ran out of space but yeah i can touch on those real quick not a problem so there's a couple different lsa types so uh we'll type we'll take a look at type one first which is gonna be the router lsa lsa stands for link state advertisement or it's the advertisement of a link on the router let's say router lsa advertising the connections here the vlan interfaces stuff like that that's what it's advertising it's advertising the physically connected or logical interfaces that are on the device that's what a type one lsa is type 2 lsa is the network lsa i'm sorry uh where's that summary i honestly don't remember i always get confused on that one if it's networker summary i'm gonna go and say summary i think is the correct answer well we'll find out when we get on the box so it's i can't remember off top my head but i'm going to say summary summary yeah that's what i okay summaries type three yeah okay yeah i knew i was in the right direction i was pretty sure it was network network is network lsa basically what you have here is whoever the dr is you're going to have whatever device this is this is going to be who's advertising it so if it's r2 or r1 r1 will be advertising it and so pretend like when you do have this and say this guy becomes the designated router pretend like you have a r1 dr sitting in between the devices saying this is what i have reachability towards that's basically what the designated router is saying this is what i know about on this particular link and you can have yeah and what's cool about it is if you had a link to r to switch 6 or sorry switch 7 and r1 had a connection down to r2 then the r1 might be the designated router for all of these this could be a designated router connection as well and then r1 could be the dr for all three links because the designated router election is done on a per link basis for every time you have a link that interface will also be considered to be in the the connection so keep those things in mind 3 lsas is going to be the summary lsa and this is going to be when you have a router that's acting as a border router so if i have r1 r2 and i have r3 and i have a lan segment hanging off of each and this is area zero and this is area one what will end up happening is this guy right here will be the area border router and what will end up happening is you'll see uh router 2 we'll say this is the 11 network and this is the uh the 33 network r2 will see the 11 network as an ospf route and you'll see the 33 network as an ospf route but r1 will see the 33 network as an ospf inter area route and r3 will see the um the 11 network as an ospf inter area route the inter area pointer will be to r2 because router 2 is acting as the area border router but router 2 since he's sitting in both areas at the same time he'll see both routes coming in as an ospf in intra area now these two lsas type one and type two only flood with inside of the area that they exist in so it's these are area uh area constrained is what i'll say area constrained means that type 1 and type 2 lsas don't uh they can't the the advertisements themselves a type 1 lsa will be propagated with inside of the area once that type 1 or type 2 lsa hits an area border router when it goes from one area to the other go from area 1 to area 0 it's converted to a type 3 lsa because it must pass through the area border router in order to get to the other area and this is where ospf inter area routing becomes like eigrp with routing by rumor because r2 is advertising to the routers in the other area hey in order to reach area 1 routes from area 0 go ahead and use r2 and same thing from uh r1 to r3 if r1 wants to reach r3 he must pass through or point towards r2 in order to get to where he's got to go so that's basically how that works and just to keep things uh from a forwarding perspective easy to understand if you're trying to stay within your ospf domain so in ospf you will drop down in lsa types so if i'm in a different area i will use a type 3 lsa to reach a type 1 lsa if i am going to be inside of ospf or if i'm leaving or going outside of ospf i'm going to go up an lsa because i need to go from either 1 to five which is going to be an external lsa or a three to a uh or it might be a one to three to five depending on the situation one to three to five depending on where i'm at in the network if i'm if my if i'm in area 0 and let's say r3 connects off to the internet r2 is going to see this is an intra area external route and you have type 4 and type 5. type 5 is an external route external lsa and if you're a type 5 lsa and you're seeing a type 5 lsa that means you are in the same area as the router that's advertising the the external route a type 4 lsa is an asbr external or summary and what that means is that i'm in a different area than the external uh than the type 5 lsa so if i'm r1 and i need to get to the internet i must go from area 0 to area 1 or i'm sorry area 1 to area 0 excuse me and i need to go from here so the area border router the router 2 will actually generate a type 4 lsa and point that inbound towards r1 so r1 will see an abr and type 4 lsa that points to get to the as to the um the the abr which is a type 3 lsa and get it to where it's gotta go so i'm sorry not the type three i'll say um if it's an external route you'll see a type four propagation lsa come through and that'll be saying hey point to your abr the abr will be able to reach the external route that's what that's saying and that's basically how that'll come to be so you have this is what they refer to as an intra area like uh we'll say ext external and this is uh one to three to five is in inter area external if i have to leave my area to grease the the router that's got the access to the default gateway that's how that would work now there is an uh there's a type 7 as well which is a not so stubby area lsa and this is typically done when you're dealing with any type of stub area specifically not so stubby area and totally not so stubby area they basically when you're dealing with stubs these specific lsa types are not allowed in stub areas depending on how deep you go uh so if you're dealing with you're dealing with just stub areas you can't have type 4 and type 5 lsas show up in your area so if i converted our area 1 to be a stub you can't have type 4 and type 5 lsas and a stub area you can only have a deep uh you can have type uh 1 and type 2 and type 3 and the type 3 is going to be a default route to get you to wherever you got to go where if i'm going to be using a totally stubby area so you type in uh the command would be stub no summary you're getting rid of the type 3 lsa so this would be also include all of this so the first one is stub the other one is stub no summary and that would get rid of your type three four and five lsas and that's basically where that would come into play yeah and that's typically because most people don't go this deep with ccna for ccna content but this is the type of stuff that i would really suggest from just a knowing of how the protocol works at a high level this is some of the basic stuff that you would need to understand because this is actually going to help you transition into ccnp much much easier right if you understand this this will make ccnp that much easier the further you take your ccna training the easier ccnp will be to continue into if you just take yourself to ccna like you learn just enough and i'm not exactly sure how what that just enough level is to be honest with you if you learn just enough to pass your ccna ccmp will be extremely difficult to work through because you're still trying to build your knowledge level but if you take your ccna training and you just keep right on going you're like okay i'm going to keep learning this protocol to the next step next step next step the same thing with like bgp and uh ipsec and any other other topics you're going to find ccmp won't be that much won't be that difficult or it'll be actually easier because you've already covered that that's the whole thing so um yeah so and that because you're at that point where you're you're you're feeling like you don't you haven't quite earned it or you're still kind of like not where you think you need to be that's a fair assessment i'm actually glad you're being that honest with yourself because now you can say you know what i need to dive deeper into the protocol so i get a better understanding of it so that's basically how that works now in a stub area no redistribution is supported in a stub but in a not so stubby area you can do redistribution and that's why they call it not so stubby because you're going to allow redistribution in and that's why they have a type 7 lsa because type 5 is not allowed so you will have a type 7 lsa injected anyway and you'll see it show up as nssa and then when you get to your your abr wherever that might be sitting you're gonna have what they call a type seven two type five translation which means you're going to convert your type 7 to a type 5 lsa as it goes into the rest of the regular areas because none of the other areas are going to understand type 7 lsas because they are specific to not so stubby areas so that's basically how that works i can show you what that looks like in the config it's not very difficult to do it's only a handful of commands it's the logic that you need to understand and what it is you're trying to control it's all about trying to keep the the link state database and the routing table as small as possible some people like to see lots and lots of routes show up on their writing tables other people want to have that bad boy as small as possible because the the smaller it is the quicker reconvergence happens so little things like that to keep in mind as you're going forward but these are some of the details that you would need to understand if you're like trying to figure out how things work and stuff like that and depending on how you're looking at them you've got the ospf state machine you've got ospf in intra area routes actually let me cover that real quick as well so when you're dealing with any of this stuff you're going to see uh let me draw it over here where i have a little more room from an order of precedence which is the most important based off the the propagation you have ospf routes you have ospf inter area routes you have ospf external type 1 you have ospf not so stubby area type 1 you have ospf external type 2 and you have ospf nssa type 2 and that it processes top down so the higher you are up in the area so if you're in the area it's going to be an lspf route that's the most preferred and the cool thing about this is there because this is how the os ospf processes the routing it doesn't matter if you if you're learning a uh a route for ospf e1 and it's got a cost of 100 and you've got an ospf internal uh intra inter area route and it's got a cost of 1 000 you would think oh the higher the lower cost would win right and that is not the case the cost you could throw even larger differences between the two and the cost does not help here this route will always be chosen before this route will because it's higher up in the order of operations in the state machine because it's the way that ospf works so there's a there's a better way of explaining that but um at the moment i'm failing to remember the exact lingo but um you have to understand the ospf state machine and this right here ties into this over here when you're dealing with your connectivity so i don't want to go much deeper than that because it's well it gets complicated but beyond that that's kind of where we're at so is that is that good i mean i i don't want to say i don't want to go any deeper because i don't know what the how to explain it but i'd have to it'll be it's going to be very difficult for you to correlate what i'm talking about to anything unless you've seen it on the cli and you've tested it out but i don't want to lose anybody in that aspect because if i continue to go down the theory theory wagon or theory trail i'm going to start losing people so i want to jump in the config i'm gone deeper than most than i normally would have for ccna but some basic high-level information is good for everybody so all right with that being said i'm going to go ahead and switch gears i'm going to jump on the cli i'm going to pull i'm going to deploy ospf i'm going to show you kind of a transition way of configuring things just so in the event that you had a problem going on in the network you'd still be able to get everything working so it we might lose some some connections but i mean in a transition a little bit of downtime is accepted i'm going to clear the screen i'm going to pull up secure crt and get this train rolling so the first thing i'm going to do is i'm going to go and set up ospf between r1 and switch 6 and then r2 and switch 7. on here i'm going to type in router ospf 1 and then the network statement is going to be 10.1.6.0.0.0.0.255 and then area 0. i'm going to put everything in area 0 for right now it'll just make more sense when we get a little further along and then i can even throw the svi connections into like area one for example so you guys will be able to see how that comes into play so i'm going to go over to switch six and get him configured will be router ospf one 1 network of 10.1.6.0.0.03.0.255. area 0. this will not form right away this will take 40 seconds to happen which is the actual designated router election process and once that timer expires the dr is figured out and then he'll go the dr will be defined and then the actual adjacency process will kick off so while that's happening i'm gonna go get r2 done i'm gonna do router ospf one network of 10.2.7.0 0.0.0.255 area 0. and then on our on switch seven same thing here router ospf one spf not os fp um one network of 10.2.7.0 0.0.0.255 area 0. all right so we saw that r1 popped up and we have an adjacency with ospf if i do show ip ospf interface brief i can see that i'm working on gig zero size zero if i do an ipo spf neighbors you can see that i have a fully adjacent connection and we are the designated router and router 6 is in the state of full but he is the backup designated router if i go over here and do show ip ospf interface brief we can see that the state is currently bdr if i come in here and do neighbor we can see that we're connected to router 1 and he is the dr currently if i do show uh ipospf database you're gonna see this you're gonna see the type one lsa right here these are your type one lsas and you're gonna see the type two lsas the network link states okay and now switch 7 and um router 2 also have that connection the next thing i'm going to go do is i will configure switch 6 and switch 7 to advertise their spi's in so i'm going to type in network of 10.1 excuse me 10.1.10.0.0.0.0.255. area 0 and 20. now if i hit the up arrow i do a do show ipo ospf database i'm going to start to see that coming through now you notice that the link count went from one to three that's because i'm advertising more routes if i go over to r1 and i do show ipospf database i'm going to see a total of three links coming across right if i do show ip ospf database and i say um for the router i'm going to start to see this stuff coming across i'm going to see 10 120 and 10 110 so i'm looking specifically at the router lsas and you can dive into this if you'd like this is how you would do that and you can get an idea of how everything is configured and good to go there i'm not going to go very far into the ospf database uh it's it needs a deep dive in and of itself and i not don't have a whole lot of time left to go to go into it i actually have a a hard stop at uh 525 i have something i have to go take care of so in uh what's that about 45 minutes or so uh 40 minutes uh if i have a hard stop but um so that uh everybody good so far with the operations it's very uh configuration wise is identical to eigrp right there's nothing different other than the area configuration changes that's it on switch seven i'm going to go ahead and set up the network statements for him as well so network of 10.1.10.0 0.0 oh and then the area command and it was the same thing for 20. you get them squared away now we're going to go through the same process we did when we set up the r1 to switch 6 connectivity right here as well as switch 7 to r2 with the adjacency so they come online now remember what i told you guys earlier about forming an adjacency between um yeah good thing you get to go back and re-watch it again huh so um what we want what we don't want to have on switch 7 and switch 6 is an adjacency form between switch 6 and switch 7 when you've already got hsrp so i'm going to type in the passive interface command and we're going to say vlan 10 and vlan 20 that'll take the the adjacency down but it still advertises the route all the passive interface does is it prevents the propagation and the reception of any type of ospf hello but the routes still propagate that's the cool thing about it since it still propagates you still get to maintain your reachability so switch six will be the same thing so type in passive interface vlan 10 and vlan 20. just like that so rods are still going to advertise but i won't have a connection between the two which makes the most sense you don't really need one in that case now the reason and the big reason for that is if i had a link between r1 and r2 and i have a connection between switch 6 and switch 7 i run the potential possibility during a reconvergence event or a network network device failure a link getting pulled and then getting plugged back in anytime ospf has to reconverge you run the possibility of having a loop because you have a connection like this where it's going like that you'd have a big loop between them and that loop can go until ospf figures itself out any loops that occur during reconvergence are often referred to as transient loops transient loop means that it's happening during reconvergence and it eventually will go away a data plane loop is a misconfiguration of some type somewhere on the network you've accidentally done something either you haven't done your filtering correctly during redistribution or you've got some stuff going on that you shouldn't have when you have a data plane loop that's consistent that's different than reconvergence and having a transient loop transient loops eventually will figure themselves out and ospf will reconverge and be like oh yep i don't need that link i'm going to go shut it down or the what path was making sense is now not making sense because it may not be as good as another path and so that potential loop that you had will eventually go away just a couple things to keep in mind when you're dealing with connectivity which is one of the reasons why we don't want an adjacency between switch six and switch seven all right now that i've got that if i do show iprout how come i don't have any ei ospf adjacencies right how come ospf isn't showing up on my routing table any ideas if i go to r1 same thing how come oh doing you show iprout how come i don't see any ospf routes showing up the answer to the question is because eigrp is still active yes and the ad most likely yep your aesthetic routes and the igrp rats have lori which will show up in exactly 100 pete's got the most specific answer but yes that is true so if i go in to r1 as i have a no router eid or p1 and i go to switch 6 and type in no router eigrp1 switch 7 no router eigrp1 and switch and r2 no router eigrp1 alright now if i go back to r1 and i hit the up arrow i have ospf routes showing up in my routing table right now if i go down to switch six if i do show ip route i have no internet access right my gateway of last resort is not set so how do i propagate a default route in ospf down to my switches how would i how do you how would i go about doing that any ideas exactly default information originated you're spot-on so underneath router ospf 1 default batch information originate and go back over to switch 6 and there it goes now i have my ospf external type 2 route showing up e2 is used by default which is exactly what you want to see and then i'm going to go ahead and same thing on r2 i'm going to type in router ospf 1 default dash information originate i go to switch 7 and a do show iprout and we see the route show up in the writing table there we go right we have connectivity in place everybody's happy so now the question is will i have internet access you betcha because we've taken ospf and we've done the same thing we did with the igrp right notice that i'm still sending traffic out towards switch six switch six currently is my current active forwarder for both vlan 10 and vlan 20. in the event that switch 6 dies switch 7 should take over but they're both getting the same information make sense any questions on that good stuff see it's not super difficult right you get that part cool now what i'm going to do now is i'm going to convert vlan 10 and vlan 20. yeah lsa's probably will be for a little while i you're probably going to have to read the documentation and have it lapped up that'll definitely help because in this topology here i mean i could make it work i could show you how it works but i think i would just confuse uh well i won't say i would confuse you but if it's hard to understand that's going to be par for the course for right now one thing i would i'm going to share with you guys is my um my ospf notes that i've got and hopefully that will provide some clarity as to how each one works and how they come into play and stuff like that maybe that'll help you guys out they're deep notes but that's like me study for my ccie that's basically what i used i'll share my notes out to you guys just so that you know and there's a lot a lot of notes anyway uh with that being said i'm gonna go on switch six and switch seven if we look on uh router one if we do show ip route again we can see that we're learning these in but these are ospf intra area routes which means we're inside of the same area i'm going to go ahead and put vlan 10 and vlan 20 into into area 10. or no actually i'll do area 100. on switch six i'm gonna do show run pipe section ospf and i'm gonna type in uh router ospf one network of 10.1.10.0 uh 0.0.0.255 area 100. what you're going to see is that you'll see a uh a syslog message saying it's been changed from area 0 to area 1. now the same thing for 20 and i'll do the same thing on switch 7 router ospf 1 network of 10.1.10.0.0.0.2 area 100 and 20 they're good to go and then i'm going to go to r1 hit the up arrow now you'll see the ospf area routes show up as intra inter area with ia that's basically how that'll work so i just provided some some connectivity um a multi-area deployment and that's how simple areas are to work with it's now it's understanding that what the different areas are and stuff like that just a flooding domain so that's that i'm going to go ahead and flip switch 6 and an r1 and then the connection between switch 7 and r2 over to ip ospf network type point to point because if i do show ipospf database i have this pesky little network link states here right i don't want that i'm not a fan of the designated router so what i'm going to do i'm going to go to interface 0 0 and then i'm going to type in ipospf network and i'm going to say the member point to point now what you're going to see is this you get right to here it says ospf network type mismatch received hello from 10 126 so which is going to be uh switch six on gig zero gig zero zero indicating a potential network type mismatch because if we look at do show ip ospf interface kx050 we are running in the state of point-to-point but if i go to switch six and i do show ipospf interface giga03 i am running in the mode of right here never type of broadcast and therefore i have a dr priority right so i'm gonna go and do the same thing here i'm gonna type interface gig zero slash 3 and type in ip ospf network type is going to be point to point and then our adjacency will form again is now the number types match and if i go back to r1 hit the up arrow we're going to see a point to point everybody's happy i hit the up arrow again to go to my database and now guess what my net link states they're gone right they're gone so uh technically speaking i'm getting one from why is that there i shouldn't be getting i'm getting that one let me go and convert this one over as well let's do uh let's go take a look at r2 and do show ip ospf database oh yeah he's seeing r1 so let's go ahead and knock that out real quick we're going to go to um r2 we're going to go to interface gig 0.0 and type in ip ospf network of point to point and then on switch 7 we have to go underneath the interface vlan to configure this so interface vlan 27 whoops 27. i'm going to type in ipospf network of point to point because we're using an spi to terminate this and not a inter router interface we have to fix that now we go back over to r2 and i look at the database eventually this will time out so we can see that the timers are looking better eventually this will time out because the age is so high but right now we are still going to receive some network link states but we're not receiving anything for the connection between the two which is what we wanted here we got rid of that so we're in good shape there and if i was to hit the up arrow and go to the bottom here we are receiving a default route and you notice the tag number right here this tag indicates that this is our process id so tag one process id one if we go down to switch six and i do a show ip route you'll see the default route and if i look at joe ip uh ospf database i'll see that tag one is coming across and in order to reach the internet i need to go towards this advertising router id which is gonna be router one and that ladies and gentlemen i should say gentlemen because there's no ladies here i keep saying that um that's pretty much it for the basics of ospf it's not a a ton of it's not super difficult one second here i have to uh i'm gonna cover oh i'll cover acls we'll do some basic connectivity tests between pc11 and pc13 just to block some connectivity and that'll pretty much wrap up the call because i've gotta jump off here pretty soon here any questions on any of the other stuff that i've covered anything doesn't make quite uh it doesn't make a lot of sense take it easy omari and yes pete we can have more sessions like this soon um i don't know what my availability is going to look like i will know that soon um but yeah we will definitely be able to take a look at that for sure but you're uh you're a youtube subscriber so you'll see stuff like this pop up and i'll put a posting out there when we decide to go live on that with the new job i'm looking at doing some additional training stuff but yeah we'll definitely be able to do that i don't have to i don't teach cohorts anymore which is nice and i'm so tired of teaching cohorts anyway um that being said no your cohort is actually pretty tame it's uh i left that organization and i went to a different one i'll keep it simple like that because um people aren't gonna recognize what i'm talking about in the replay so but you know where i'm coming from that's that's the bottom line you guys know what i'm talking about anyway um with that being said uh i'm gonna go ahead and cover acls real quick uh not a lot to dive into really but we're going to make sure that we do this on switch six so because switch six is our default gateway and that's where we'll have to configure them so what i'll do is on switch six is i wanna prevent pc11 from being able to ping pc13 right because right now pc11 can ping pc13 if i ping 10.1.20.1 i should be able to ping him as long as pc13 has got the ipad.ipos show ip that's the right ip every once in a while this happens where i've gotta go on the switch and i've gotta ping the ip address uh paint 10.1.20.1 and then now i should be able to paint between the two there it goes every once in a while i have that problem but what i'm going to do is i'm going to and the same thing with 20.2 uh kind of yeah and well arp should kick in and it sometimes it doesn't work in a virtual environment the way it should be but it's working now so what i'm going to do is on switch 6 is i'm going to create an extended acl say ip access list extended and i'm going to call this block block icmp and spell icmp and what i'm going to do is i'm going to say um deny icmp from the source from the host of 10.1.10.1 to the host of 10.1.20.1 if it is echo or echo reply but i'm going to say permit ip any any so do show ip access list i have my entries in here where i'm saying i want to block ping from any from from 10 110 1 to 10 121 and vice versa so if i get a reply back then it should get blocked so if um technically speaking this this line doesn't make any sense let me go actually go ahead and get rid of it would never have yeah i would uh actually know that'll work that i think about it so this is basically saying if 10 110 1 is trying to respond to 10 121 vehicle reply that will get blocked how i apply this is i go to interface vlan 10. and i can either apply it inbound on vlan 10 or outbound on vlan 20 because we got to think of the direction of the traffic traffic will be coming in on vlan 10 and then going back out on vlan 20. so i can either block it inbound on the sbi on the receiving vlan or i can block it block it outbound on the the outbound on the uh the sending me or to the vlan that's being receiving the traffic it's either way i can do it i'm going to go ahead and do a uh ipxs group and i'm going to call this block icmp in now if i go back over here let's do a show ip access list real quick we have no hits on it i'm going to come over here to pc11 and try to ping 20.1 and i'm getting communication administratively prohibited and if i come over here to the i have five matches so the ping never made it through but if i tried to ping if i go from pc13 and i try to ping 10.1.10.1 notice that i'm getting an icmp timeout if i go back to here and i hit the up arrow i'm getting matches right here so 10 110 1 is responding to 10 121 via echo reply and those matches are getting they're getting caught on because the ping is being dropped the ping is actually getting from pc13 to pc11 so the echo is going out right and if i was to create another access list on switch six it's a ip access list extended um icmp and say permits icmp from host 10.1.20.1 to host 10.1.20 or 10.1 via echo and then do a uh i'll permit ip any any and then go to interface vlan 20 and type in ip access group in or uh icmp inbound and then do that thing again do that ping still going to get timeouts but on the if i go to the acl you're going to see that my ping is going out so it's being received on the spi of vlan 20 and it's being i'm blocking the response back out so the traffic is coming back in from pc 11 on the sbi assist of switch six and the acl is actually dropping the traffic as it's coming back in because the source is 10 10 1 the destination is 10 121 and it's a response to an echo it's like a reply so that just goes to show you that you can do it both ways and that's where acls have to you have to play with them to understand their logic but that's basically how that would come into play but if i wanted to go to pc11 and do a ping to tracy quad 8 that's going to work all day if i go back to pc13 and i want to trace to quad 8 i can still get there all day doesn't affect any of the traffic this is more or less east-west traffic and how that would work all right now whether or not you use icmp or you try to block http to a um a web page or telnet to a remote management or you block ssh the logic is still the same you still have to come in here and specify the protocol which like for example is going to be if you want to block telnet from reaching something you can say deny tcp from whatever the source is to whatever the destination is and then you can say equal 23 and that would say i want to deny telnet from this source to this destination whatever that might be and that's some of the cool stuff that you can do with acls and i prefer extended acls anytime i can over a standard acl because it doesn't matter where i put them now technically speaking you're supposed to put a standard acl as close to the source as possible so it's as caught as quickly as possible an extended acl supposed to be placed as far as close to the destination as possible but in this case here i only have one choice the switch 6 has got the only place the only svi that i can apply an acl to and these are layer 3-axis lists so they have to be placed on a layer 3 interface clear as mud good to go questions on that before i wrap up you get a good portion of it okay anything that doesn't make sense for sure yeah i agree with that nothing that totally doesn't make sense more practice will help answer things much smoother i agree yep practice practice practice practice makes permanent practice does not make perfect because no one's perfect right there's always room for improvement all right gentlemen perfect never exists exactly that's why you practice practice practice to make it permanent and the one thing i like to say is when it comes to let me go ahead and stop sharing for a minute here the one thing i like to say and this is something that i've listened to a lot of podcasts about when it comes to other and other occupation training for specifically i like listening to navy seal podcasts and one thing that i like was uh one thing that a lot of the guys say on a regular basis is that they spent like a i guess i i don't know what to the actual term to call it but let's say a they call it a workup where you spend 18 months getting ready to go on deployment and then you spend six months on deployment so you spend three times as much time training as you do actually doing the job which i find that their occupation and the way that they train is very similar to the way that people in the i.t space train we spend a lot of time studying and a lot of time learning in order for us to do a little bit of work that we have to do sometimes it's can be challenging and that's how you grow right you don't grow by staying in your comfort zone you you grow by getting into your out of your comfort zone and being challenged so um that's just something to keep in mind as well but one of the things that he mentions a lot in his podcast and i'm talking about cleared hot podcast he mentions a lot about currency meaning how current are you in that particular skill set i would not consider myself current in a lot of routing and switching content i do i still know it can i still execute on it sure but do i consider myself current on it not really i'm falling back to what i remember and what i can do on a basic level but that that's the key though it's mastering the basics becoming good at doing the basic stuff and then as you add another basic skill like a particular like stub areas in ospf for example when you add another once you've got one basic level under under wraps and you're good to go you add another basic skill and another basic skill and then it starts to build off of each other until you have a really strong base and you know a lot of different things and then you can use that base understanding to take that into other things like once you guys are rock stars in ccna and you've got that stuff locked down it'll make things way way easier if you for example want to dive into vmware networking like nsx if you have a strong baseline of computing on a on a computer for example and you want to get into virtualization understanding how a cpu works and how the operating system interacts with the cpu and all the components on the motherboard will make understanding how virtualization works so i look at it that way a good mentor also would be huge for any newcomer and then yeah i i agree with that but the the only drawback to that thinking and i'm not sure if my drawback would be the right term but a good mentor will be able to provide you with advice and clarification answer any questions that you might have but a good mentor you regardless of how good the mentor is you still have to put in the time because i know a lot of stuff right i can be a good mentor to others but there's a a mentor can only do so much for the person the person has to have the will and the drive which i mean you're here you it's clear that you have the will on the drive it's just one of those things where you have to spend the time and you've mentioned that several times so far so i know you recognize that but for those that are watching this in a recorded format on a replay it's important to keep that in mind you know um i have one of my kids snowboards a lot in the wintertime and he is good at snowboarding and he's got coaches that are older and have more experience than him and show him little things so he's gotten better and better as a snowboarder but he's only gotten better and better because he puts the time in and he's also got good mentors so but i agree with you good mentors also have a huge benefit to anyone in new and the thing is you'll become a good mentor as well so at some point in time you'll take all the experiences that you have and you'll be able to pass them down which is why the it space is very much a pay it forward kind of deal take what i've learned and pass it on explain it do my best to try to help others so it all works out in the end man so good stuff so i'm about to get an alert for the you have a 30 minute extension i'm going to go ahead and just close that message out we are in the last 30 minutes of the call but i have a hard stop in about 10 minutes and i don't see i'm not going to dive into any of the other there's nothing more for me to really dive into we covered everything that i wanted to today and i'm glad it's we went slower and focused on just uh some of the basics we didn't dive into anything advanced i didn't go too fast i don't think at least i hope not but um we will definitely do this in the future i will let everybody know how that's going to work out uh via youtube and things like that okay good i'm glad that you were happy with the pace so good stuff all right gentlemen and uh we'll do some do this in the future at some point i don't know when though i'll let you guys know but you guys have a good rest of your day you can enjoy the rest of your weekend cool beans hot rice good stuff can't say that i've ever had beans in rice not a big fan of beans but anyway so you guys have a nice uh rest of your weekend and i will uh see all of you at some point in the future take it easy guys

Info

Channel: Rob Riker's Tech Channel

Views: 501

Rating: undefined out of 5

Keywords:

Id: 9cpYDLRUI1w

Channel Id: undefined

Length: 91min 26sec (5486 seconds)

Published: Wed Jun 02 2021