I’m intrigued with Diffie-Hellman usage in IPSec. Most of the sources you can find in the internet will explain you how Diffie-Hellman work. You might want to visit this YouTube video about Diffie-Hellman Key Exchange and probably another YouTube video if you still not getting it.
Skipped the history side of this, in short, Diffie-Hellman is a method so that you can exchange your secret key without the need to pass that key over the network. It can be done with this 5 simple steps.
Step 1. Set up Classification Policy
ip access-list ACL_QOS_GOLD
It’s been a good experience so far, knowing that I failed my CCIE R&S lab for the second time. Well, certainly not the best outcome but certainly was a good experience.
Last year, 31 May 2012, I failed my first lab exam. That time was pretty rough. I was too emotional and nearly walking out of the building for not knowing enough of the technologies. I came out of the building felling stress out. It could probably be that I went to the exam just couple of days after I finished with Narbik’s Bootcamp. Exhausted and agitated.
This is the third part of Cisco 3560 MLS QOS. Previously I’ve discussed about Classification and Marking and Ingress Queuing.
Now, it has come to the part where packets are ready to be sent out. The idea is quite similar with Ingress Queuing but Egress has 4 Queues instead of only 2 for Ingress. Unlike Ingress Queues, Egress Queues has two sets of Queue configuration templates. It is called Queue-set 1 and Queue-set 2. This can be handy if you require to have two different settings for access ports and trunk ports. You will be able to configure Queue-set 1 with particular setup and have another different setup for Queue-set 2.
This is the second part of Cisco 3560 MLS QOS. Previously I’ve discused about Classification and Marking which can be found here.
For this second part, I’ll try to explain about the Ingress Queueing mechanism and how can we modify this to prioritize traffic.
MLS QOS has been one of the greatest fear for my CCIE RS exam. I’ve read it several times, labbed it more than 3 times, but still I just cannot understand it. Then I decided to write my own notes to teach myself and hopefully any of you mere mortals like me.
I’ll start with this Classification and Marking and let see how deep the rabbit hole goes for the next few parts.
Just say that we have these three sites connected to the main hub R1. R1 – R2 is running EIGRP 12 and R1 – R3 is running EIGRP 13. R1 – R4 runs no routing protocol and R4 uses default route pointing to R1 Fa2/0 interface 18.104.22.168.
Initial configuration below
There are several things to be satisfied before OSPF can establish its full adjacency. These are Area-ID, Stub-Flags, Interface-Type, Timers, Authentication, and MTU. These attributes must match to the other peering.
Let’s say that you have a scenario to create Q-in-Q which requires you to alter the default MTU to 1504 using
system mtu 1504. The verification also shows that your system MTU is indeed 1504.
SWITCH-3560#sh system mtu
System MTU size is 1504 bytes
System Jumbo MTU size is 1504 bytes
Routing MTU size is 1500 bytes
When you configure
switchport access vlan 20 on an interface:
- This will make the interface become a layer 2 switchport or non-routeable port.
- There is no 802.1q/ISL tagging involvement in this port as the traffic will be received and sent as untagged.
- Because there is no tagging involved, the port has no clue what VLAN this frame should be. Therefore, any packets passing this port is assumed to belong to the VLAN assigned to this port. In this case vlan 20.
- If you add the configuration with
switchport mode access this will make the interface turned to nontrunking permanently and also negotiates or telling the other end of the link to be a nontrunk link. This interface will permanently become nontrunk interface regardless the other end is trunk or nontrunk link. With this in mind, if one port is configured with
switchport mode access and other end port happens to be configured with
switchport mode dynamic auto or
switchport mode dynamic desirable