When you're studying for the CCNA and CCNP exams, you've got a lot of different choices when it comes to training. One popular choice is choosing one of the many "boot camps" and five-day in-person courses that are out there. I've taught quite a few of these, and while many of them are good, they do have drawbacks. Of course, one is cost. Many employers are putting the brakes on paying for CCNA and CCNP boot camps, and most candidates can't afford to pay thousands of dollars for such a class. Then you've got travel costs, meals, and having to possibly burn your own vacation time to take the class. Add in time away from your family and boot camps become impractical for many CCNA / CCNP candidates. Another issue is fatigue. I enjoy teaching week-long classes, but let's face facts - whether you're training for the CCNA or CCNP exams, you're going to get a lot of information thrown at you in just a few days. You're going to be mentally and physically exhausted at the end of the week, and that's when some boot camps actually have you take the exam! You've got to be refreshed and rested when you take the exam to have your best chance of success.How can you get the benefit of an experienced instructor without paying thousands of dollars? By taking a Video Boot Camp! There are some high-quality computer-based training (CBT) courses out there, and these courses offer quite a few advantages for the CCNA and CCNP candidate. These courses run hundreds instead of thousands of dollars, and you can train on your own schedule. It is important for you to make and keep that schedule, but instead of spending thousands of dollars and having to travel, you can get world-class CCNA and CCNP training in the comfort of your own home.By combining a high-quality CCNA or CCNP CBT or video boot camp with a strong work ethic, you're on your way to passing the exam and accelerating your career. Now get to work!
Your BCMSN and CCNP studies will include mastering the details of Spanning Tree Protocol (STP). While you learned some of these details in your CCNA studies, quite a bit of it may be new to you. Before going on to the intermediate and advanced STP features, let's review the root bridge election process and learn how to change these results.Each switch will have a Bridge ID Priority value, more commonly referred to as a BID. This BID is a combination of a default priority value and the switch's MAC address, with the priority value listed first. For example, if a Cisco switch has the default priority value of 32,768 and a MAC address of 11-22-33-44-55-66, the BID would be 32768:11-22-33-44-55-66. Therefore, if the switch priority is left at the default, the MAC address is the deciding factor.Switches are a lot like people - when they first arrive, they announce that they are the center of the universe! Unlike some people, the switches will soon get over it. BPDUs will be exchanged until one switch is elected Root Bridge, and it's the switch with the lowest BPDU that will end up being the Root Bridge.If STP is left totally alone, a single switch is going to be the root bridge for every single VLAN in your network. Worse, that single switch is going to be selected because it has a lower MAC address than every other switch, which isn't exactly the criteria you want to use to select a single root bridge.The time will definitely come when you want to determine a particular switch to be the root bridge for your VLANs, or when you will want to spread the root bridge workload. For instance, if you have 50 VLANs and five switches, you may want each switch to act as the root bridge for 10 VLANs each. You can make this happen with the spanning-tree vlan root command.SW1(config)#spanning-tree vlan 1 ?forward-time Set the forward delay for the spanning treehello-time Set the hello interval for the spanning treemax-age Set the max age interval for the spanning treepriority Set the bridge priority for the spanning treeroot Configure switch as rootIn this example, we've got two switches, and SW1 has been elected the root bridge for VLANs 10, 20, and 30. We'll use the spanning-tree vlan root command on SW2 to make it the root bridge for VLANs 20 and 30.SW2(config)#spanning-tree vlan 20 root primarySW2(config)#spanning-tree vlan 30 root primarySW2#show spanning vlan 20VLAN0020Spanning tree enabled protocol ieeeRoot ID Priority 24596Address 000f.90e2.1300This bridge is the rootSW2#show spanning vlan 30VLAN0030Spanning tree enabled protocol ieeeRoot ID Priority 24606Address 000f.90e2.1300This bridge is the rootSW 2 is now the root bridge for both VLAN 20 and 30. Notice that the priority value has changed from the default of 32768.In the next CCNP / BCMSN tutorial, we'll take a look at more STP features.
Policy routing is a major topic on your BSCI exam, and you'll find quite a bit of policy routing going on in today's production networks. But what exactly is policy routing?Policy-based routing, generally referred to as "policy routing", is the use of route maps to determine the path a packet will take to get to its final destination. As you progress through your CCNP studies and go on to the CCIE (or to a Cisco Quality Of Service certification), you'll find that traffic can be "marked" by policy routing in order to give different levels of service to various classes of traffic. (This is done by marking the traffic and placing the different classes of traffic in different queues in the router, allowing the administrator to give some traffic higher priority for transmission.)There are some basic policy routing rules you should know:Policy routing doesn't affect the destination of the packet, but does affect the path that is taken to get there.Policy routing can forward traffic based on the source IP address or the destination IP address (with the use of an extended ACL).Policy routing can be configured at the interface level, or globally.Applying policy routing on an interface affects only packets arriving on that interface:R2(config)#int s0R2(config-if)#ip policy route-map CHANGE_NEXT_HOPApplying the policy globally applies the route map to packets generated on the router, not on all packets received on all interfaces.Whether you're running policy routing at the interface level, on packets created locally, or both, always run the command show ip policy to make sure you've got the right route maps on the proper interfaces.R2#show ip policyInterface Route maplocal CHANGE_NEXT_HOPSerial0 CHANGE_NEXT_HOPAnd here's the big rule to remember....If a packet doesn't match any of the specific criteria in a route map, or does match a line that has an explicit deny statement, the data is sent to the routing process and will be processed normally. If you don't want to route packets that do not meet any route map criteria, the set command must be used to send those packets to the null0 interface. This set command should be the final set command in the route map.There are four possibilities for an incoming packet when route maps are in use. The following example illustrates all of them.R2(config)#access-list 29 permit host 220.127.116.11R2(config)#access-list 30 permit host 18.104.22.168R2(config)#access-list 31 permit host 22.214.171.124R2(config)#access-list 32 permit host 126.96.36.199R2(config)#route-map EXAMPLE permit 10R2(config-route-map)#match ip address 29R2(config-route-map)#set ip next-hop 188.8.131.52R2(config-route-map)#route-map EXAMPLE permit 20R2(config-route-map)#match ip address 30Assuming the route map has been applied to the router's ethernet0 interface, a packet sourced from 184.108.40.206 would meet the first line of the route map and have its next-hop IP address set to 220.127.116.11.A packet sourced from 18.104.22.168 would match the next permit statement (sequence number 20). Since there is no action listed, this packet would return to the routing engine to undergo the normal routing procedure. All traffic that did not match these two addresses would also be routed normally - there would be no action taken by the route map.Perhaps we want to specifically block traffic sourced from 22.214.171.124 or 126.96.36.199. We can use multiple match statements in one single route map, and have packets matching those two addresses sent to the bit bucket - the interface null0.R2(config)#route-map EXAMPLE permit 30R2(config-route-map)#match ip address 31R2(config-route-map)#match ip address 32R2(config-route-map)#set ? as-path Prepend string for a BGP AS-path attribute automatic-tag Automatically compute TAG value comm-list set BGP community list (for deletion) community BGP community attribute dampening Set BGP route flap dampening parameters default Set default information extcommunity BGP extended community attribute interface Output interface ip IP specific information level Where to import route local-preference BGP local preference path attribute metric Metric value for destination routing protocol metric-type Type of metric for destination routing protocol origin BGP origin code tag Tag value for destination routing protocol weight BGP weight for routing tableR2(config-route-map)#set interface null0Any traffic matching ACLs 31 or 32 will be sent to null0, resulting in its being discarded by the router. Any traffic that didn't match any of the route map statements will be returned to the routing engine for normal processing.Knowing policy routing and how to apply it are essential skills for passing the BSCI exam, earning your CCNP, and becoming more valuable in today's job market. Get some hands-on practice in a CCNA / CCNP home lab or rack rental to go along with learning the theory, and you'll be writing and applying policy routing in no time at all.
Knowledge of Dynamic VLANs and VMPS is important in your efforts to pass the BCMSN exam and earn your CCNP, and it's also a great skill to have for your networking career. As a CCNA and CCNP candidate, you know how and why to configure static VLANs. Static VLANs can be a powerful tool for reducing unnecessary broadcast and multicast traffic, but if hosts are moved from one switch port to another, you've got to make those changes manually on the switch. With Dynamic VLANs, the changes are made - how else? - dynamically.The actual configuration of dynamic VLANs is out of the scope of the BCMSN exam, but as a CCNP candidate you need to know the basics of VMPS - a VLAN Membership Policy Server.Using VMPS results in port VLAN membership changes being performed dynamically, because the port's VLAN membership is decided by the source MAC address of the device connected to that port. (Yet another reason that the first value a switch looks at on an incoming frame is the source MAC address.) In my home lab network, I've got a host connected to switch port fast0/1 that resides in VLAN 12. What if we had to move Host 1's connection to the switch to port 0/6? With static VLANs, we'd have to connect to the switch, configure the port as an access port, and then place the port into VLAN 12. With VMPS, the only thing we'd have to do is reconnect the cable to port 0/6, and the VMPS would dynamically place that port into VLAN 12.I urge you to do additional reading regarding VMPS. Use your favorite search engine for the term configuring vmps and you'll quickly find some great official Cisco documentation on this topic.To review, the VLAN membership of a host is decided by one of two factors. With static VLANs, the host's VLAN membership is the VLAN to which its switch port has been assigned. With dynamic VLANs, it is dependent upon the host's MAC address.
As your CCNA / CCNP home lab expands, an access server such as the Cisco 2509 or 2511 is one of the best investments you can make. In this article, we'll look at the basic configuration for an access server and discuss how to connect to the other routers and switches in your pod through the AS.Here's part of a configuration from one of my access servers:ip host FRS 2006 188.8.131.52ip host SW2 2005 184.108.40.206ip host SW1 2004 220.127.116.11ip host R2 2002 18.104.22.168ip host R1 2001 22.214.171.124ip host R3 2003 126.96.36.199interface Loopback0 ip address 188.8.131.52 255.255.255.255 no ip directed-broadcastThis is an IP Host table, and this is what makes the entire AS setup work. Your PC will connect to the access server, and the access server is in turn physically connected to your other routers and switches via an octal cable. One end of the octal cable splices off into eight separate cables, each terminated with an Rj-45 connector. That connector will be placed into the console port of one of your home lab devices. In this configuration, I have connector 1 connected to the console port of R1, connector 2 to R2, connector 3 to R3, connector 4 to Sw1, and so forth. (The connectors are physically numbered as well.)The IP Host table entries here are linked to the loopback address shown. The loopback can be any address, but it must match the address in the IP Host table. This allows you to create reverse telnet sessions to the routers and switches.To open the reverse telnet sessions upon opening a connection to the AS, type the entire name of the device and press the enter key twice. A connection to that device will now be visible, as shown here:Access_Server#r1Trying R1 (184.108.40.206, 2001)... OpenR1#To get back to the access server, use the key combination