From: Darby Weaver (darbyweaver@yahoo.com)
Date: Sun Mar 18 2007 - 11:08:02 ART
Excellent Additions.
Actually, as I sit here in my hotel room and go over
things with a friend of mine and walk him through my
strategy it has occcurred to me to work a bit smarter
as well.
I have decided to add aliases (I have not been using
these but they cannot hurt me much) to my pre-lab
list.
I also decided it may not be a bad idea to turn on
multicast-routing, IPv6 per router, and do a few extra
config tasks like set the time on all routers. Set my
timestamps etc.
I thought I would use the send * to copy and paste the
configs. I also thought I would use it to reload the
routers as required. At 2 minutes per reboot or so,
I'm thinking it is really wise to do it after I
achieve end-to-end connectivity, again after I have
added all my "extra configs - like auth and setup my
root bridge, etc." I am toying with this and rather
like the idea. My tcl scripts and my 3550 macro are
hard-coded in my brain.
I am proving to be amazingly quick, fast, and
efficient at spotting the issues and explaining why
for each as I tutor my room-mate and prepare to meet
Heinz Ulm.
My "stick-man" diagrams are simply efficient and it is
taking me less than 14-15 minutes to draw my entire
topology for Switching, my point matrix checklist, my
physical toplogy, my IGPs, my BGP, my IPv6, and my
Multicast diagrams.
My quick run through all 10 devices - sh run and sh
ver is only taking me about 5 minutes - 10 minutes
and I am confident I can spot "troubleshooting issues"
fast and efficiently as well as perform the
corrections as well.
I am finding that my methodology is lightening fast
for my link layer configuration and configuring my
switches fot VTP, veryifying it and vlan propagation,
configuring trunks and verifying, and assigning vlans
to interfaces. This whole process is extremely quick,
accurate and verified in like 5 minutes flat on a bad
finger cramp.
My link layer connectivity methodology is equally fast
and using my stick diagram and very quick pings it is
proving delightfully fast.
The same can be said with my per-IGP configuration.
Issues like Auth, stub areas and other misc, tweaks
are not included here as they distract from the
misssion of achieving connectivity early on. My only
goal is connectivity and getting up, done, and verfied
in the most efficient manner possible. Adding other
items now may slow me down and may cause me to miss a
link - if I get side-tracked. Not this time. I did
this before. I am extemely well-discined now it
seems.
Now I address the issue of Redistribution where
required. This is usually quick and in my tried and
true battles with redistribution - now fairly
painless, I am keenly aware from battered and bruised
ego's vantage of higher to lower admin distance,
Tagging techniques (very preferred if not a removed
option).
My "sii" alias serves me well as I use it at the send
* prompt and just log back into each router and grab
the output for easy and quick typing into notepad - 10
Devices 1-2 minutes with pruning and config of both
the tcl and macro script. How's that for efficiency.
Now since I have verified my link-layer connectivity,
my per-IGP connectivity, and my redistribution with a
quick ping from a far router, I will now run my
scripts and again use the send * command for each one
and immediately check the results. I know the tcl
won't work on the switches and the macro will not work
on the routers - but this is about speed here and
getting the task done on all 10 devices in only a few
minutes time and correcting any errors found -
quickly.
From here - Darby has gotten older and invariably a
bit wiser. So at this point I turn on debug ip
routing and then reboot my pod using the send *
command. I watch the screens and the debug output to
verify that my routing debugs are as expected on a
per-Router basis. I have this down pat. So it takes
a few brief minutes - but I remind you if I had to
troubleshoot any single problem, it could easily take
this time and more as well as drain my precious mental
energies.
Now, I look at my Tasklist and my workbook and I start
thinking about my tasks - Authentication is first and
foremost, as are any tweaks like stub areas, etc.
(each task is verified as soon as completed). After
these are completed - I reboot and verify again...
Took a few minutes - but from here on out any problems
noted are not link-layer, IGP, authentication, or even
Spanning-Tree related. Stub areas should work now as
well.
Now other misc. tasks are completed - if I have
SPAN/RPAN, DHCP tasks, etc. These tasks are done and
done quickly with per-Task verification.
I am and have been using my Tasklist effectively. It
has anything I am not comfortable with or questionable
(questions for the proctor noted).
At this point - Is my proctor-time - Any questions I
have regarding any task I have completed or not
completed or even a inkling of a doubt about I go to
the proctor - workbook in hand... and have carefully
worded questions ready for a further clarification.
Now I return to my pod and apply any changes based on
output and I have learned to "interpret" proctor
jargon as "look at the task again" or something of the
sort to mean... there might be more... and so I am
out to go back and check one more time for possible
mis-interpretation.
This is a careful and keen step in my overall
strategy. At this point I have completed about 55-65%
of my lab and I am thinking, it is the foundation
portion and needs to be rock solid.
I expect to have about 1 hour before lunch to check
and re-check.
Before lunch - BGP Connectivity and basic address
advertisement are done - with veriication as are any
PIM interfaces.
Time permitting another quick look at my Tasklist and
my workbook - IPv6 and IP Services are on my mind and
nothing else for lunch.
Reload using the send * (my sanity check)
At lunch - a quick mental review of what I have done
and what I have yet to do.
After lunch I validate the reload and run a few tcl
scripts to verify things like "sir", "sip", etc.
Thanks again Bruce and Val! TCL is KEWL!!!
BGP tasks that I am familiar with I nail quickly.
Those I have any question of are noted and can be done
later.
IPv6 is done and verified if itwas not completed
before lunch - usually a 15-20 minute task for me - or
much less.
MCAST - I appoach with extreme caution. Having always
suffered here - even when I thought I had it, I am
cautious and wary. Interpretation is questioned and
addressed.
QoS - No longer my bugbear is now a friend of mine and
I take on things like Queueing, Class-map tasks, NBAR,
FRTS, CAR, and a multitude of other tasks with relish,
some improved speed, and enlightened interpretation
skills - I am wary and the proctors are consulted for
anything that even looks negotiable...
Security - I like to think of as my old dear friend,
but my eyes are opened wide here for any access-list
issues and control-plane traffic, and a number of
things that just might break something.
I have spent a wealth of time in the Security section
of the UniverCD and so I am prepared - I'll have to
tell you of my "ULTRA-QUICK METHODOLOGY for QUICK
MASTERY OF THE UNIVERCD" - as of now it IS a trade
secret. But to say I can find any item new or old
quickly and in one or two minutes or less is an
understatement... I got this one...
So... If by chance, everything looked easy, my
suspicion is on high alert and I look at my workbook
and my diagram and I question everything - each item
and I mentally note my config options - if in doubt I
use my enhanced CCO skills and put them to work. I'm
looking and looking hard for matters of interpretation
and double-checking my work.
I may even reboot the pod one more time to ensure
everything works.
I now use TCL to more advantage and may run it to
produce desired output for quick verification.
Guys, I think I got this...
Now, let's see if Herr Ulm can teach me some tricks
and help me tune my weaker areas...
Every little bit helps... And I hope I don't have to
take a picture and submit to "The EVIL BASTARD".
Besides a flogging with a cat-o-nine tails may not
look as good on a resume...
I always copy and paste any way.
--- Dan C <cdan2154@gmail.com> wrote:
> Hi Darby,
>
> Just to add to your list at point 3 I would do a sh
> interface status on
> switches and have a quick look at the output....
>
> Also I like to use the access server for things
> like:
>
> send *
> term len 0
> sh run
> sh ver
>
> term len 24
>
> ctrl z send
>
> I will be checking for config reg value just in case
> is set wrong and don't
> end up in rommon mode after reload.
>
> Also I use send * for things like no ip
> domain-lookup , wr mem, logg
> console, it helps me speed up the whole process....
>
> Cheers and all the very best with your studies,
> Dan
>
> On 3/15/07, Darby Weaver <darbyweaver@yahoo.com>
> wrote:
> >
> > Here's some of the techniques I've picked up so
> far,
> > mostly from Bruce Caslow, Bob Sinclair, Scott
> Morris,
> > and from Brian Dennis, however I might have a few
> > other tricks sprinkled in that I just like a bit.
> >
> >
> > 1. Read the Lab - Yes the Whole Lab. - Now just
> > reading it is great, since we are excited and all
> but
> > what are we looking for?
> >
> > - Diagrams
> > - IP Addressing
> > - Physical Loops
> > - Logical Loops
> > - Issues with Split-Horizon
> >
> > 2. Read the Lab again - Yes I know the clock is
> > ticking. But I can promise you'll find something
> you
> > didn't see before and besides the more familair
> you
> > are with the layout the better your performance
> will
> > be later when you have that headache, yours eyes
> are
> > sore, and you are wondering what you came for...
> >
> > - Again look closely
> > - Draw your diagrams
> > - Switch Layout VLANS/TRUNKS
> > - Spanning-Tree Topology
> > - Physical Diagram (Link-to-Link and IP's)
> > - Watch those IP Addresses - Anything wrong?
> > - Frame Relay Map - P2P, P2M, Phy.
> > - IGP Diagram per-IGP (note where they meet i.e
> > Redistribution (Y/N))
> > - BGP Fiagram
> > - Mcast Diagram
> > - Make a Diagram for your points/section
> >
> > Task Points Y N ?
> > ===========================
> > 1.1
> > 1.2
> > 1.3
> > 1.4
> > 2.1
> > 2.2
> > 2.3
> > 3.1
> > 3.2
> > 3.3
> >
> >
> > OK, So you spent about 20 minutes on item number 1
> and
> > another 25-30 minutes on the items in number 2.
> You
> > still have not touched your pod.
> >
> > 3. Setup your icons. Now I'm kinda weird here, I
> work
> > off of Notepads and I label each one per Device,
> ie.
> > R1, R2, R3, S1, S2, S3, etc. I also prefer to
> work on
> > one session and only use other sessions when I
> need
> > them for testing. However you may like 1 session
> or
> > tab per device. You decide.
> >
> > As you are setting up your icons, you should log
> into
> > each device. For a few reasons:
> >
> > - To be sure you can.
> > - To do a sh ver - Check the ver AND
> config-registers
> > or if on a switch - look for env_vars and in any
> case
> > look for other configs that may be there - you
> don't
> > need them and they could hurt you.
> > - To do a sh cdp neigh
> > - To do a sh ip int brief
> > - To setup housekeeping commands and/or aliases
> > - TO VERIFY WHAT IS ON YOUR WORKBOOK IS WHAT IS ON
> > YOUR RACK - If I yelled it any louder the glass
> would
> > break.
> > - Oh yes, and a quick sh run might be valuable to
> > determine if any extra configuration is present or
> > not.
> > - Sometimes, I may also check anything that is
> > pre-configured for me. If there are vlans, I
> might do
> > a sh vlan, or if there are trunks, I might do a sh
> int
> > trunk. If there were pre-configured
> etherchannels,
> > I'd perform a cursory sh channel-group command,
> etc.
> >
> > What I am really doing is carefully inpsecting
> > anything that they gave me... Not that I do not
> trust
> > the proctors, but hey...
> >
> > - config cdp on eveything - even frame, especially
> > frame - I like visibility.
> > - turn on multicast and IPv6 where required -
> > afterthought but it helps and besides - you did
> script
> > it right?
> >
> > 4. Work on your layer 2 configuration and as you
> do so
> > - verify link layer connectivity on a per-Link
> basis.
> > Here I do things like config my VTP, Trunks,
> > EtherChannel, assign ports to trunks, config my
> frame
> > relay, bridging, fallback bridging,
> virtual-templates
> > etc.
> >
> > Here are the tips for this section.
> >
> > - Shut down interfaces before configuring things
> like:
> > trunks, frame interfaces followed by no fram inv,
> > interfaces used for etherchannels, etc.
> >
> > - Create vlans before assigning ports.
> >
> > - Verify L2 etherchannel, before moving to L3
> > Etherchannel which we verify as well.
> >
> > - Verify connectivity to the Backbone. - We may
> have
> > to filter here one way or the other. But we need
> > connectivity first. Hah!
> >
> >
> > debug is our friend here for anything that even
> think
> > it looks out of place.
> >
> > 5. Start configuring my IGP AS's one at a time,
> and
> > verify connectivity per AS. router-id's (yes, I
> use
> > them for eigrp and ospf).
> >
> > 6. Now configure Redistribution if and where
> required.
> >
> > 7. OK - Time for a TCL Script.
> >
> > sh ip alias, notepad, and copy/paste are the tools
> of
> > the trade.
> >
> > Verify connectivity - should not have problems.
> And
> > if you do you would fix them here and now.
> >
> > Run the Switch Macro too...
> >
> > 8. Repeat steps for IPv6 if required.
> >
> > - Intermission - Might as well reboot - Ensure
> things
> > are going great. Ping script.
> >
> > Note: Some people say before lunch - I say after
> IGPs.
> > Just me - I like to make sure things are the way I
> > want them and I tend to watch the order of the
> boot as
> > well and watch for things that are not like I
> might
> > like and then I fix them.
> >
> > 9. Quickly complete BGP Connectivity (bgp
> router-id,
> > no auto, no sync or not)
> >
> > 10. Quickly enable PIM interfaces.
> >
> > 11. Quickly perform any authentication on a
> per-link
> > bassis, adhere to order of operations and then
> verify
> > on a per-link and per-AS basis.
> >
> > 13. Ping scripts are working? Right? Try again.
> Fix
> > any discrepancies.
> >
> > 14. Pick off easy tasks, SPAN/RSPAN, AUTOINSTALL,
> NTP,
> > SYSLOG, RMON, FTP, SSH, CRASHDUMP, NAT/PAT, DHCP,
> > VRRP, IRDP, GLBP, HSRP, MENU, BANNERS, etc. The
> fun
> > and misc stuff.
> >
> > 15. Get Multicast working and testing.
> >
> > 16. Get BGP Advanced Tasks working
> >
> > 17. Get QoS Tasks working - would anything even
> > remotely filter or break anything - Check anyway.
> The
> > Scripts were working before they work now. Only
> takes
> > a few minutes.
> >
> > 18. Security - Let's get these guys in place.
> >
> > 19. I know you may have questions. You have
> > everything you know how to work working. So take
> a
> > step back and breathe. Look at your work. Run
> the
> > Scripts - BTW some labs may not require full
> > reachability.
> >
> > Tunnels, DHCP, NAT, or FHRP may be done earlier if
> you
> > think you need them to work.
> >
> > Ask the proctor any mind-numbing questions.
> > Go back and work any sections you found difficult
> or
> > you skipped or that were ambiguius.
> >
> >
> > Anyway - I had a few random minutes so I thought I
> > would jot this down for RouterGirl2003 and anyone
> else
> > who might find it handy...
> >
> >
> > I may have missed something, but not too much I
> hope.
> >
> >
>
This archive was generated by hypermail 2.1.4 : Sun Apr 01 2007 - 06:35:51 ART