Wednesday, July 31, 2013

CCIE DC: Unfiltered Blog Post from IPExpert Bootcamp day 2 and 3

Hi Guys!

Sorry for no update yesterday, I went out with some of the nice people from the bootcamp so didn't get home until late.

Here are some of those 1 percenters we covered off today in the bootcamp:

  • With authentication key chains, the key chain number must match
  • Show vpc role is a nice handy once off command to show the roles and configured priorities etc of both switches easily
  • Graceful consistency check was explained in greater detail for me, basically it is on by default and allows vPC to turn off the secondary vPC peer's member port for a particular vPC if there are either global vPC config mismatches (consistency parameters) OR issues on a particular member, now if you turn it on, instead BOTH vPC member ports on both switches stay up but the vlan's go into err-disabled state, which is not as nice as the graceful failover, hence 'Graceful consistency check"
  • The "Authentication-check" command for ISIS authentication is ON by default, if you turn it OFF, the devices will auth with each other, _BUT_ they will STILL establish adjacency even if there was a password error, but if you have authentication check ON (whcih is the default don't forget) then the adjacency won't work if the passwords are wrong, so saying under an int: no authentication-check is a great way to troubleshoot your auth
  • did you know that you can say peer-gateway and then also "Exclude-vlan" to exclude specific vlan's from having the peer-gateway feature if for some reason you need to garuantee that those particular vlan's your excluding are RFC compliant or something like that
  • Here was a big one, i think i ran into this before but forgot; OTV INTERFACE ID's _MUST_ match between OTV peers, they MUST or it won't work, because the OTV interface ID becomes the VPN Name
  • (One of the guys in the bootcamp came out with this command) show fspf internal route is a great way to see your FC Routes
  • Here was another huge one, i totally forgot how to do this, "POWEROFF MODULE 2" to turn off the expansion slot module on a Nexus 5000
  • DId you know you can make vsan 1 inactive? you can't delete it, but you can suspend it with: vsan 1 suspend, Rick mur pointed this out, and then you will have problems with your trunk links if you do this
  • Did you know you can restrict CFS functions to certain areas of the network using regions

Sorry that it's a bit all over the place guys but i hope it helps someone