|
0:00:14
|
Ok, so taking a look at network infrastructure,
|
|
0:00:18
|
first thing we're going to talk about is in IOS,
|
|
0:00:21
|
and just the basics about adding VLANs.
|
|
0:00:24
|
Ok, don't assume that they exist when you're in your lab
|
|
0:00:28
|
or even when you're doing your mock or practice labs.
|
|
0:00:31
|
Ok, check them to make sure they exist or add them if they don't exist.
|
|
0:00:36
|
Remember that just because two devices look like they're
|
|
0:00:40
|
in the same VLAN, in other words,
|
|
0:00:42
|
if I' m on a switch port, whether it's an Ethernet switch
|
|
0:00:46
|
module on a router or whether it's in a Catalyst 3750 or 3560,
|
|
0:00:52
|
really the same switch other than stacking.
|
|
0:00:54
|
If I'm in a port and I see "switchport voice vlan 103",
|
|
0:01:01
|
or "switchport access vlan 12",
|
|
0:01:04
|
whatever I might see there, just because I see that
|
|
0:01:07
|
it does not mean that that VLAN actually exists.
|
|
0:01:10
|
It should exist, and normally if you were to key that command in,
|
|
0:01:14
|
if the VLAN did not exist you would create the VLAN,
|
|
0:01:17
|
or I should say the switch would automatically create it for you.
|
|
0:01:20
|
However, if that command were in there,
|
|
0:01:24
|
or you keyed it in,
|
|
0:01:25
|
I guess I shouldn't say if you keyed it in
|
|
0:01:27
|
because then you would know whether it had been created or not
|
|
0:01:31
|
because you'd see the syslog,
|
|
0:01:33
|
assuming logging is turned on,
|
|
0:01:35
|
the syslog output saying that the VLAN was created,
|
|
0:01:37
|
but maybe you'd go into a lab and you'd see
|
|
0:01:40
|
that the VLANs are already set,
|
|
0:01:43
|
the access and voice VLANs are already set
|
|
0:01:44
|
on the switch ports for servers or,you know, main [...]
|
|
0:01:49
|
if it has a voice VLAN, or auxiliary, or dot1q,
|
|
0:01:51
|
it's going to be a phone port.
|
|
0:01:54
|
You see that they're already set up, so you assume those VLANs exist.
|
|
0:01:56
|
But what if a proctor or pre- configuration had been entered,
|
|
0:02:01
|
and of course there is troubleshooting in the voice exam,
|
|
0:02:05
|
I'll just go ahead and preempt there.
|
|
0:02:06
|
There can be pre-configuration.
|
|
0:02:09
|
I'll just go ahead and head off any conspiracy theory
|
|
0:02:12
|
or any one that's concerned with proctors
|
|
0:02:15
|
doing anything to change or modify
|
|
0:02:17
|
or damage your configuration while you're in your lab,
|
|
0:02:21
|
either while you're at your seat or even like go to lunch or a break,
|
|
0:02:25
|
there is no time that they affect your configuration.
|
|
0:02:28
|
However, before you ever sit down for your lab exam,
|
|
0:02:32
|
they do have pre-configuration,
|
|
0:02:35
|
some of it is possibly very likely configured for you,
|
|
0:02:39
|
some of it properly, some of it improperly
|
|
0:02:42
|
intentionally as inherent troubleshooting.
|
|
0:02:46
|
Ok, so maybe they already had the VLAN set for you,
|
|
0:02:50
|
and it looks like "switchport access vlan 12",
|
|
0:02:55
|
"switch port voice vlan 11",
|
|
0:02:58
|
so you assume, well my phones can talk to each other
|
|
0:03:00
|
because they're both in "switchport voice vlan 11",
|
|
0:03:03
|
and when I look at, you know, my phones
|
|
0:03:06
|
Operational VLAN shows that they're in vlan 11.
|
|
0:03:10
|
Well, here is the problem,
|
|
0:03:13
|
they could have created the VLANs, applied them to the interface,
|
|
0:03:17
|
and then gone and deleted the VLANs.
|
|
0:03:19
|
So you can't assume that a VLAN actually exists.
|
|
0:03:22
|
And if the VLAN doesn't exist,
|
|
0:03:23
|
two devices that appear to be in the same VLAN,
|
|
0:03:27
|
but in fact are not because the VLAN is not actually there,
|
|
0:03:30
|
will not be able to talk.
|
|
0:03:32
|
Ok, they do have to have that logical entity
|
|
0:03:36
|
in the VLAN database known as the particular VLAN ID.
|
|
0:03:40
|
Ok, so in Catalyst IOS we do a "show vlan"
|
|
0:03:44
|
or "show vlan brief".
|
|
0:03:45
|
In router IOS, if you type "show vlans",
|
|
0:03:48
|
it will produce the VLANs that the router portion
|
|
0:03:52
|
of the router knows about,
|
|
0:03:53
|
not the Ethernet switch module,
|
|
0:03:55
|
so you need "show vlan-switch".
|
|
0:03:57
|
And then you can add them to either Catalyst IOS
|
|
0:04:01
|
or Router from IOS, you know,
|
|
0:04:05
|
just standard config t mode.
|
|
0:04:09
|
Ok, you don't have to name them, it can help,
|
|
0:04:11
|
it's up to you, or up to what the lab says.
|
|
0:04:14
|
By the way, throughout all of this lecture,
|
|
0:04:16
|
throughout all of this class,
|
|
0:04:18
|
if I say something is up to you,
|
|
0:04:21
|
I really do mean that it's completely up to your discretion
|
|
0:04:25
|
what you want to use,
|
|
0:04:26
|
unless the wording in a particular exam is more specific.
|
|
0:04:32
|
If it tells you what to do,
|
|
0:04:33
|
then you have to do that thing.
|
|
0:04:35
|
Ok, that always overrides any time that I'm going to say,
|
|
0:04:38
|
throughout all of this lecture,
|
|
0:04:40
|
it overrides any time I might say your discretion.
|
|
0:04:44
|
However, if the lab is not specific on something,
|
|
0:04:47
|
and I tell you it's your discretion,
|
|
0:04:49
|
then, really it's up to you however you want to implement.
|
|
0:04:54
|
Ok, you're not going to get any bonus points by
|
|
0:04:57
|
doing anything additional or more or better,
|
|
0:05:00
|
you just have to meet the prerequisites,
|
|
0:05:04
|
or the way that the task is worded.
|
|
0:05:08
|
Meet the requirements of the task,
|
|
0:05:10
|
that's all that's asked of you,
|
|
0:05:12
|
there is no penalty for over configuration,
|
|
0:05:14
|
but there is no bonus points either.
|
|
0:05:17
|
Ok, so looking at VLAN Trunking Protocol,
|
|
0:05:21
|
obviously used for 802.1Q Trunks.
|
|
0:05:27
|
Ok, so for looking in Catalyst IOS,
|
|
0:05:29
|
we can either do "switchport mode trunk",
|
|
0:05:33
|
or we can in the sense of.... We'll actually look at phone ports in a minute,
|
|
0:05:39
|
this is more for uplinks,
|
|
0:05:40
|
so, Cat IOS over to a router or looking at it from the router perspective.
|
|
0:05:45
|
So if we're looking at an uplink,
|
|
0:05:47
|
we're going to want to do switchport
|
|
0:05:50
|
or hard-code "switchport mode trunk".
|
|
0:05:52
|
Don't leave it to auto or switchport mode desirable.
|
|
0:05:57
|
Ok, you might have to include which VLANs are allowed,
|
|
0:06:01
|
so switchport allow vlans,
|
|
0:06:04
|
you know, 101 through 105,
|
|
0:06:08
|
or something like that.
|
|
0:06:09
|
That's a form of security,
|
|
0:06:10
|
if we see any dot1q headers come through
|
|
0:06:13
|
or the VLAN ID equal something other than the VLANs that are allowed,
|
|
0:06:16
|
then we simply drop those frames,
|
|
0:06:20
|
and that's on the Catalyst IOS side.
|
|
0:06:23
|
You keep in mind that could be one small portion of security
|
|
0:06:26
|
I suppose that you could have is the allow vlans.
|
|
0:06:30
|
Ok, so Router IOS, we define sub interfaces
|
|
0:06:34
|
if we're dealing with anything other than the Native VLAN,
|
|
0:06:38
|
and we can also define a sub interface for the Native VLAN.
|
|
0:06:41
|
So what is the Native VLAN?
|
|
0:06:43
|
Well, with 802.1Q, as opposed to ISL,
|
|
0:06:47
|
which is Cisco proprietary Inter-Switch Link Trunking method.
|
|
0:06:51
|
With the industry standard 802.1Q... one second...ok...
|
|
0:07:01
|
with 802.1Q, we have what's known as the native VLAN,
|
|
0:07:06
|
or the untagged VLAN,
|
|
0:07:09
|
and the untagged VLAN essentially by default is...
|
|
0:07:14
|
it essentially does not have an 802.1Q header.
|
|
0:07:18
|
It is just the Ethernet frame, like you would experience
|
|
0:07:21
|
on any nontrunking switch port.
|
|
0:07:25
|
So it doesn't have the 802.1Q header,
|
|
0:07:28
|
it doesn't have a VLAN ID, sub field to that header,
|
|
0:07:31
|
it doesn't have the 802.1P priority,
|
|
0:07:35
|
user priority bits for Class of Service,
|
|
0:07:38
|
it doesn't have any of those.
|
|
0:07:41
|
And, so this raw Ethernet header,
|
|
0:07:44
|
standard Ethernet header as you could look at it,
|
|
0:07:46
|
can be passed on a router physical interface.
|
|
0:07:50
|
So, here the example would be interface FastEthernet 0.0,
|
|
0:07:53
|
with no sub-interface, that's one way.
|
|
0:07:56
|
The other way is if we had specifically noted sub interface,
|
|
0:08:02
|
so let's say "interface FastEthernet 0/0.10",
|
|
0:08:06
|
and we would say "encapsulation dot1Q",
|
|
0:08:10
|
VLAN ID 10, and then we would tag native on at the end.
|
|
0:08:16
|
That would mean, don't tag.
|
|
0:08:18
|
If anything that we're using this sub interface as a Layer 3 interface,
|
|
0:08:23
|
when we're passing this traffic back over to the switch,
|
|
0:08:27
|
don't add the dot1q header.
|
|
0:08:29
|
Leave it as a raw Ethernet frame.
|
|
0:08:32
|
Those are the two ways that we can look at
|
|
0:08:35
|
the Native VLAN from a router mode.
|
|
0:08:37
|
From a switch mode, we already see up there
|
|
0:08:40
|
"switchport mode trunk",
|
|
0:08:43
|
and "switchport trunk encapsulation dot1q",
|
|
0:08:46
|
we can also say "switchport trunk native vlan",
|
|
0:08:49
|
and name that Native VLAN.
|
|
0:08:51
|
There is a way to tag all VLANs including the Native VLAN,
|
|
0:08:55
|
and that is from the global config of Catalyst IOS.
|
|
0:08:59
|
And then we would have to honor that from the router side.
|
|
0:09:03
|
Ok, so here we see that in Router IOS
|
|
0:09:05
|
we're simply not even mentioning the Native VLAN,
|
|
0:09:10
|
and we didn't mention it in Catalyst IOS,
|
|
0:09:12
|
which means that it stays at the default
|
|
0:09:15
|
which is VLAN 1 as the default.
|
|
0:09:19
|
Do make sure that they match on either side,
|
|
0:09:21
|
so that VTP traffic can pass properly.
|
|
0:09:26
|
Ok, so we've got our VLAN ID for 11,
|
|
0:09:30
|
and we've got our IP address for Layer 3 information for that.
|
|
0:09:34
|
And then we've got a data VLAN 12,
|
|
0:09:36
|
also tagged with our Layer 3 information for that.
|
|
0:09:41
|
For phone ports, it's a good idea to use CDP,
|
|
0:09:45
|
to see what phones exist and where.
|
|
0:09:49
|
Note that in the actual CCIE Voice exam,
|
|
0:09:52
|
all testing centers, including San Jose,
|
|
0:09:55
|
have Layer 2 trunks, or Layer 2 VPNs really
|
|
0:10:02
|
back to all of the hardware,
|
|
0:10:04
|
so around the world all of the hardware actually exists
|
|
0:10:09
|
in San Jose, and the only thing that exists there local
|
|
0:10:12
|
to you is your test candidate PC,
|
|
0:10:15
|
not to be confused with the Utility XP PC
|
|
0:10:20
|
that you use in your rack.
|
|
0:10:21
|
That's actually a virtual machine back in San Jose,
|
|
0:10:23
|
all of your routers are back in San Jose,
|
|
0:10:26
|
your CUCMs, your 3750 switch,
|
|
0:10:30
|
your Ethernet switch module,
|
|
0:10:32
|
your modules, your Unity Connection,
|
|
0:10:35
|
all of the servers, all of that is back in San Jose.
|
|
0:10:38
|
And even in San Jose, it's in a different room or at least
|
|
0:10:41
|
logically in a different area.
|
|
0:10:45
|
So the only thing local to you is your phones
|
|
0:10:48
|
and an actual switch that is used to power your phones,
|
|
0:10:53
|
but you were not telnetting in or consoling in to
|
|
0:10:56
|
your switch there in front of you,
|
|
0:10:59
|
you were consoling to the switch that logically looks at,
|
|
0:11:04
|
or from your topology logically looks like your corporate headquarter,
|
|
0:11:09
|
or your Branch 1, or Site, you know,
|
|
0:11:11
|
Site 1, Site 2, however they name them,
|
|
0:11:14
|
those 3750 and Ethernet switch modules.
|
|
0:11:20
|
Ok, you will see phones show up,
|
|
0:11:22
|
this is because they have everything layered to VPN.
|
|
0:11:26
|
So, or layered to Trunk Tunneling Protocol
|
|
0:11:28
|
and if it's over the LAN, it's Layer 2 Tunneling Protocol
|
|
0:11:30
|
combined with LT2PV3 or
|
|
0:11:33
|
Layer-2 Tunneling Protocol Version 3, so the WAN.
|
|
0:11:39
|
What this means is that if you do a shut down on one of your ports,
|
|
0:11:43
|
you will not be actually powering down one of your phones,
|
|
0:11:50
|
so you can shut a port and you'll notice that your phone doesn't react.
|
|
0:11:55
|
If you want to actually power cycle a phone,
|
|
0:11:57
|
you will need to physically disconnect the Ethernet
|
|
0:12:00
|
from the phone in front of you, and then power it back on.
|
|
0:12:07
|
You also should be aware....
|
|
0:12:12
|
In fact one of the ways you can look at that is
|
|
0:12:14
|
if let's say you're on your Cat 3750,
|
|
0:12:16
|
and we'll do a demonstration of this in just a little bit,
|
|
0:12:19
|
if you do a "show power inline", you'll see....
|
|
0:12:23
|
or actually if you do "show CDP neighbor details",
|
|
0:12:25
|
you'll see that the phone thinks that it's sending
|
|
0:12:28
|
or the switch thinks it's sending power to the phone,
|
|
0:12:31
|
but then if you do "show power inline",
|
|
0:12:32
|
you'll see that there actually is no power that's being sent to the phone
|
|
0:12:36
|
because it's remote.
|
|
0:12:38
|
CDP makes it think that it is, but it's really not actually sending any
|
|
0:12:43
|
Layer 2 or Layer 1 really power.
|
|
0:12:47
|
Ok, with CDP, it's important to know that there is two versions,
|
|
0:12:52
|
Version1 and Version 2.
|
|
0:12:53
|
And Version 2 is the standard and the default,
|
|
0:12:57
|
but it's possible that, you know,
|
|
0:12:59
|
the lab could change any parameters before you get in there,
|
|
0:13:02
|
or any configuration, and Version1,
|
|
0:13:05
|
amongst other things, doesn't carry any Voice VLAN
|
|
0:13:10
|
or auxiliary VLAN data.
|
|
0:13:13
|
That's actually not mentioned in any of the documentation I've ever seen
|
|
0:13:16
|
on CDP Version 2, but a Voice VLAN was
|
|
0:13:23
|
one of the new features to Version 2,
|
|
0:13:25
|
but way back, I mean probably 2000, 2001.
|
|
0:13:31
|
Ok, but do note that you need CDP version 2,
|
|
0:13:33
|
you need CDP run globally,
|
|
0:13:36
|
and you need CDP enabled on each port.
|
|
0:13:39
|
Again those are all the defaults, but you might want to look for them.
|
|
0:13:43
|
Ok, there are two methods that we can use to configure phone ports,
|
|
0:13:48
|
and this applies to both the 4-port Ethernet switch module,
|
|
0:13:53
|
which is what's in the lab,
|
|
0:13:55
|
or the 3750/3560.
|
|
0:13:58
|
And these methods are either the trunk method where we see
|
|
0:14:04
|
up there that we're explicitly configuring the trunk,
|
|
0:14:08
|
hard-coding it to a mode trunk or what's known as the access VLAN method.
|
|
0:14:12
|
So the trunk port method, we explicitly configure
|
|
0:14:16
|
the trunk the access port method,
|
|
0:14:17
|
we're saying "switchport access vlan 12",
|
|
0:14:20
|
which is our data VLAN, and "switchport voice vlan 11".
|
|
0:14:26
|
The switch port voice VLAN is of course what's being passed
|
|
0:14:30
|
on to the phone through CDP to tell it what
|
|
0:14:33
|
internal switch port it should attach to.
|
|
0:14:38
|
Now, the thing with an access port is that
|
|
0:14:42
|
it's not allowing trunking information, right?
|
|
0:14:45
|
So, if it's not allowing trunking information,
|
|
0:14:48
|
then how are we distinguishing between two different VLANs?
|
|
0:14:54
|
How are we actually sending data on two different VLANs?
|
|
0:14:56
|
Well, the truth is that with the access port method,
|
|
0:15:00
|
or actually any time we enter the command "switchport voice vlan11",
|
|
0:15:05
|
or "switchport voice vlan (whatever)"
|
|
0:15:07
|
other than the fact that the Voice VLAN information
|
|
0:15:16
|
or ID is transmitted in CDP to the phone,
|
|
0:15:19
|
if the other side doesn't happen to be a phone,
|
|
0:15:22
|
it, you know, CDP doesn't transfer that information,
|
|
0:15:26
|
but the "switchport voice vlan" still works for really anything on the other side.
|
|
0:15:31
|
What it's essentially saying is that the switch is doing a pseudo trunking method.
|
|
0:15:37
|
So, it's still using dot1q,
|
|
0:15:40
|
and it's essentially allowing dot1q headers on top of Ethernet headers,
|
|
0:15:45
|
or on top of Ethernet frames, to come into the switch,
|
|
0:15:49
|
but it's just checking their VLAN ID.
|
|
0:15:51
|
And if the VLAN ID equals whatever the Voice VLAN ID
|
|
0:15:56
|
command is set to in the Catalyst switch,
|
|
0:15:58
|
then it will automatically go ahead and allow that traffic to come in.
|
|
0:16:09
|
If it's not the same as whatever the Voice VLAN ID is configured to be,
|
|
0:16:13
|
the VLAN ID is different on the actual incoming dot1q header,
|
|
0:16:16
|
then it will simply ignore that traffic.
|
|
0:16:18
|
Ok, so it is a pseudo dot1q trunk,
|
|
0:16:21
|
it's just allowing one additional dot1q header or one additional
|
|
0:16:26
|
VLAN in addition to the Native or Untagged VLAN.
|
|
0:16:30
|
If we're doing the trunk port method,
|
|
0:16:33
|
or we hard-code "switchport mode trunk",
|
|
0:16:36
|
then what we need to do is,
|
|
0:16:40
|
we can still use the "switchport voice vlan" command,
|
|
0:16:43
|
but we also use the "switchport trunk native" command
|
|
0:16:51
|
in order to send and access VLAN or the PC port,
|
|
0:16:54
|
VLAN on the back of the phone.
|
|
0:16:57
|
Ok, looking at Spanning Tree,
|
|
0:16:59
|
how this applies to the voice lab is basically in reducing the wait time
|
|
0:17:04
|
for the phone to be able to talk or send traffic.
|
|
0:17:07
|
Catalyst IOS, simply for the phone ports,
|
|
0:17:11
|
spanning-tree portfast,
|
|
0:17:12
|
we noted back a couple of slides back that for trunks,
|
|
0:17:17
|
if we want, we can do "spanning-tree portfast trunk".
|
|
0:17:21
|
And essentially what this is saying is,
|
|
0:17:22
|
don't wait for the blocking, learning,
|
|
0:17:26
|
listening, forwarding mode.
|
|
0:17:28
|
We're not dealing with rapid spanning-tree
|
|
0:17:30
|
or anything like that, but essentially sort of
|
|
0:17:34
|
turn off spanning-tree for this port,
|
|
0:17:36
|
or just don't listen for it.
|
|
0:17:39
|
Ok, so that allows the phone to talk quicker.
|
|
0:17:43
|
Looking at TFTP Services,
|
|
0:17:48
|
we need to enable TFTP first of course
|
|
0:17:50
|
in Serviceability, for our Unified Communication Manager servers
|
|
0:17:55
|
or what I'll typically call CUCM from this point on,
|
|
0:17:58
|
any time that you add files to the TFTP service,
|
|
0:18:02
|
so we'll take a look at this.
|
|
0:18:04
|
But in CUCM, when we go to the operating system drop-down,
|
|
0:18:07
|
the operating system, OS User Interface,
|
|
0:18:11
|
and we go to system upgrade and we add files to TFTP,
|
|
0:18:17
|
we must restart the TFTP Service.
|
|
0:18:19
|
Also, those files are not kept in sync,
|
|
0:18:23
|
rsync or anything else, not in CUCM 7 across servers.
|
|
0:18:30
|
So if we want them to be available or for [....]
|
|
0:18:32
|
to make them available in a redundant fashion,
|
|
0:18:35
|
maybe on the Pub and the Sub,
|
|
0:18:36
|
or publisher and subscriber,
|
|
0:18:38
|
then we need to add them to both and restart both TFTP Services.
|
|
0:18:44
|
In IOS, we can always do like a "sh flash | in (whatever phone or
|
|
0:18:50
|
type or name or something like that).
|
|
0:18:54
|
If we want to see files that are specific to that,
|
|
0:18:56
|
and then we can add those manually,
|
|
0:18:59
|
so we can say "tftp-server" in config mode,
|
|
0:19:01
|
"flash: (the name of the path and then the name of the file)"
|
|
0:19:06
|
and we can also use the alias command
|
|
0:19:09
|
to make look like they appear in the route directory
|
|
0:19:13
|
because when phones ask for firmware files
|
|
0:19:17
|
they don't ask for them through TFTP with any directory structure.
|
|
0:19:20
|
On a contrary, when phones go to ask for desktop settings like
|
|
0:19:25
|
ringtones or the.... I should say customization settings
|
|
0:19:29
|
like the desktop picture or ringtones
|
|
0:19:32
|
they do ask for them, at least the desktop settings in
|
|
0:19:35
|
a specific directory structure, and we'll cover that in a little bit later,
|
|
0:19:39
|
and look at some examples of that,
|
|
0:19:42
|
but we need to make sure that they appear aliased
|
|
0:19:45
|
just like you would through an FTP server
|
|
0:19:48
|
or a web server, but the TFTP server hands them out
|
|
0:19:51
|
or at least recognizes and serves them up
|
|
0:19:57
|
as if they appear from the route directory
|
|
0:20:00
|
even if they don't happen to be. So that's what an alias command is for.
|
|
0:20:04
|
Looking at the Network Time Protocol,
|
|
0:20:07
|
we need to configure NTP on the Publisher,
|
|
0:20:10
|
CUCM server, and all Subscribers sync with the Publisher,
|
|
0:20:14
|
so any Publishers in our system
|
|
0:20:17
|
if we were only told to do the CUCM server you might only have to do that,
|
|
0:20:22
|
it probably will not hurt, nor take you very much time at all
|
|
0:20:27
|
to make sure that all of your Publisher servers, so like,
|
|
0:20:29
|
your Unity Connection, Publisher
|
|
0:20:32
|
or UCCX, well actually UCCX in the lab is still Windows,
|
|
0:20:37
|
so you can set that in Windows Time.
|
|
0:20:39
|
Again I wouldn't be too concerned with it if the lab isn't
|
|
0:20:43
|
more specific, but if they are, set it on all the servers that are necessary.
|
|
0:20:49
|
Present server for instance, and this can be configured via the CUCS,
|
|
0:20:54
|
sorry CUOS, or the Cisco Unified Operating System Command Line
|
|
0:20:58
|
or you can do it through the web user interface
|
|
0:21:01
|
I think it's easier through the web interface,
|
|
0:21:04
|
you can see if it's available, we'll take a look at it here in just a moment.
|
|
0:21:09
|
The only way to fully verify the time is through the command line, although
|
|
0:21:14
|
you can see if the service is accessible from the web interface.
|
|
0:21:19
|
You should configure routers and switches, set their
|
|
0:21:22
|
time zones first, and manually set the clock
|
|
0:21:27
|
to within a second or two of whatever the server source is.
|
|
0:21:32
|
If the server happens to be on the PSTN,
|
|
0:21:34
|
then just look up at your local clock in the actual testing centers
|
|
0:21:37
|
since you don't have access to the PSTN WAN router in the lab.
|
|
0:21:42
|
But if it happens to be one on your rack, like let's say
|
|
0:21:45
|
yours told the sync to Router 1,
|
|
0:21:47
|
then make sure you set Router 1 to whatever your local time is there
|
|
0:21:50
|
at your testing center, and then set all of your other routers manually
|
|
0:21:54
|
using the clock set command before you begin setting up NTP.
|
|
0:22:01
|
This is to allow them to sync up a lot quicker,
|
|
0:22:03
|
they'll still take a while to sync up,
|
|
0:22:05
|
so once you enter your commands for NTP,
|
|
0:22:07
|
don't sit there and wait for your routers to sync up to each other,
|
|
0:22:11
|
just go on and do other things, trust that they will sync
|
|
0:22:14
|
and come back in maybe a half hour or an hour and check them out later.
|
|
0:22:20
|
Ok, don't forget to set the proper date and time groups in the CUCM,
|
|
0:22:24
|
also there is a Phone NTP Reference in CUCM,
|
|
0:22:28
|
this is for SIP phones if you should have them.
|
|
0:22:32
|
Skinny phones get their time through the date-time group
|
|
0:22:34
|
and the Skinny Protocol, SIP phones use NTP.
|
|
0:22:38
|
So on IOS, you can set up a server as NTP Master, and then the stratum time.
|
|
0:22:44
|
Any of you that have ever tried to install CUCM 8 or 8.5,
|
|
0:22:48
|
you'll note that unless your router is set to stratum 2,
|
|
0:22:51
|
or, I always set it to stratum 2 but...
|
|
0:22:54
|
Stratum 2 or 3, you will not be able to get your CUCM server to install this is because
|
|
0:23:01
|
the CUCM wants to be sure that it's looking at an NTP server
|
|
0:23:06
|
with a stratum of no less than 4,
|
|
0:23:09
|
I'm sorry, no greater than 4 or worse off,
|
|
0:23:13
|
higher number the worse, the lower number the better,
|
|
0:23:17
|
closer to the cesium atomic time clock.
|
|
0:23:24
|
So, keep in mind about stratum,
|
|
0:23:27
|
lower stratums outweigh a higher stratum,
|
|
0:23:30
|
so if I'm not only doing NTP master, but I also have NTP server set
|
|
0:23:35
|
that is I want to learn my time as a router from another router,
|
|
0:23:39
|
but then I also want to be a master in the sense that I'll
|
|
0:23:41
|
serve time to other people, maybe I'm kind of a border router for my enterprise.
|
|
0:23:46
|
Maybe Router 1 is syncing from the PSTN, so I'm doing NTP server with the
|
|
0:23:50
|
IP address of the PSTN, maybe a loopback,
|
|
0:23:53
|
and then I'm also doing NTP master,
|
|
0:23:55
|
I need to make sure that my stratum for NTP master on my
|
|
0:23:58
|
Router 1 let's say is higher than what the PSTN server is sending.
|
|
0:24:04
|
I can just configure the NTP server command
|
|
0:24:08
|
point it to the PSTN, and wait for a little while and do a
|
|
0:24:12
|
"show ntp status" or really "show ntp associations" I like,
|
|
0:24:18
|
to see which stratum the PSTN is telling me it's set at,
|
|
0:24:21
|
and then I set mine at least one higher.
|
|
0:24:26
|
Ok, that way I won't.... That way I'll sync with the PSTN,
|
|
0:24:29
|
but I'll also be able to serve time.
|
|
0:24:31
|
If I set it equal to or lower, then I'll sync with myself first,
|
|
0:24:35
|
and I won't really sync with the PSTN.
|
|
0:24:39
|
Ok, so it's always a good idea to do "ntp source loopback",
|
|
0:24:41
|
it's pretty much a good idea to always link everything
|
|
0:24:44
|
all sources of protocol traffic from your router
|
|
0:24:50
|
link them to a loopback, unless you're told otherwise.
|
|
0:24:53
|
If you're told otherwise, obviously do whatever you're told.
|
|
0:24:57
|
Ok, looking at DHCP inside CUCM,
|
|
0:25:00
|
it's important and critical to enable the DHCP Monitor Service
|
|
0:25:05
|
under serviceability, service activation
|
|
0:25:08
|
make sure it's running,
|
|
0:25:08
|
and then configure your DHCP server
|
|
0:25:11
|
if you were told to use CUCM as a DHCP server.
|
|
0:25:14
|
Use whichever one they told you,
|
|
0:25:17
|
if they didn't tell you I'd probably use the Publisher,
|
|
0:25:19
|
not in a real environment, I'd probably never use CUCM DHCP
|
|
0:25:24
|
real environment, this is for the lab.
|
|
0:25:26
|
And then you would configure a subnet for each site,
|
|
0:25:29
|
after you would configure the server,
|
|
0:25:32
|
make sure you'd assigned the default router IP address,
|
|
0:25:34
|
and TFTP address, and DNS if they asked you, but that's
|
|
0:25:38
|
probably less likely that you [...] in the lab,
|
|
0:25:42
|
although they certainly could ask you to do that.
|
|
0:25:43
|
We'll look over that during this week.
|
|
0:25:49
|
Ensure that "ip helper-address" command is configured under any
|
|
0:25:53
|
Voice VLAN sub interfaces on any routers or switches.
|
|
0:25:57
|
So, first of all if I'm on a switch, and I want to obtain the DHCP information
|
|
0:26:02
|
from that switch, I should note that I have to have an
|
|
0:26:06
|
SVI, Switch Virtual Interface.
|
|
0:26:08
|
Ok, I have to have a Layer 3 component to
|
|
0:26:11
|
my switch if the actual DHCP pool is on an IOS switch.
|
|
0:26:17
|
Or else I don't have any way of ever listening to Layer 3 information
|
|
0:26:21
|
much less serving it back.
|
|
0:26:23
|
It has to of course before the subnet where the
|
|
0:26:25
|
request, the DHCP request is coming from.
|
|
0:26:30
|
If I have a DHCP, and I'm going to pull up a topology here in a moment,
|
|
0:26:37
|
but let's just say a headquarter switch, there's a phone
|
|
0:26:39
|
attached to it and I've got a headquarter router,
|
|
0:26:42
|
which has a dot1q Layer 3 interface on that router,
|
|
0:26:46
|
I don't have to use IP DHCP, or sorry ip helper-address,
|
|
0:26:51
|
if the DHCP pool is on the router.
|
|
0:26:55
|
But if it's on the CUCM server,
|
|
0:26:57
|
and the reason I don't have to if it's on the router is because
|
|
0:26:59
|
I have a Layer 3 interface where the router can listen for that request.
|
|
0:27:05
|
The router is serving it from a global pool,
|
|
0:27:07
|
just looking to see where, what subnet it came from.
|
|
0:27:12
|
But if I have that IOS, I'm sorry not IOS
|
|
0:27:16
|
but DHCP pool set on a CCM server,
|
|
0:27:20
|
and my phones are in a different VLAN from the server,
|
|
0:27:24
|
as they most likely will be or,
|
|
0:27:26
|
certainly most likely are in real installations.
|
|
0:27:30
|
And I do need to have a helper address
|
|
0:27:32
|
on my phone's VLAN, or VLAN sub interface, Layer 3 interface
|
|
0:27:39
|
where I take that broadcast address,
|
|
0:27:42
|
it can't be a unicast because a unicast packet
|
|
0:27:45
|
has both source and destination IP address.
|
|
0:27:48
|
I can't have a source IP address if I'm a phone that doesn't have an IP address yet, right?
|
|
0:27:52
|
I'm looking to get one, that's what DHCP is for.
|
|
0:27:55
|
So my source is essentially blank.
|
|
0:27:58
|
I've got a broadcast packet.
|
|
0:28:00
|
And I need to turn that broadcast into a unicast.
|
|
0:28:04
|
That's the router's job.
|
|
0:28:06
|
With the "ip helper-address" turn that broadcast for
|
|
0:28:09
|
BOOTP, BOOTPS...
|
|
0:28:14
|
A number of other things, DNS, there is a number of other
|
|
0:28:16
|
IP4 Protocol that can be done, but
|
|
0:28:20
|
turn that broadcast DHCP into a unicast
|
|
0:28:23
|
and send it on to the server,
|
|
0:28:27
|
the actual unicast IP address of the CUCM server,
|
|
0:28:30
|
let's say Publisher.
|
|
0:28:31
|
So I need the "ip helper-address" on any Layer 3 interface
|
|
0:28:35
|
where my phones are living and sending out their broadcast.
|
|
0:28:42
|
Then verify the address allocation under each scope.
|
|
0:28:44
|
This is certainly possible in IOS,
|
|
0:28:48
|
it's not really so possible in CUCM.
|
|
0:28:52
|
Ok, there really not even a command line to show you that.
|
|
0:28:55
|
It's not the best DHCP server.
|
|
0:28:57
|
And then ping the phone address to make sure you've allocated the gateway correctly.
|
|
0:29:02
|
Go to the web interface for the phone,
|
|
0:29:04
|
so just put the IP address in a web browser,
|
|
0:29:06
|
the IP address of the phone,
|
|
0:29:08
|
make sure you can reach that web server.
|
|
0:29:11
|
Ok, looking at IOS DHCP
|
|
0:29:13
|
we can verify address reservations with "show ip dhcp bindings",
|
|
0:29:17
|
and check for maybe stale addresses with "show cdp neighbor".
|
|
0:29:21
|
Sometimes clearing a CDP Table can help us well.
|
|
0:29:25
|
So from EXEC Mode, but not config t Mode,
|
|
0:29:29
|
do "clear cdp table", and then power cycle any phones
|
|
0:29:33
|
that take too much time to obtain an IP address.
|
|
0:29:38
|
We'll go over this, we'll go over the actual configuration for this
|
|
0:29:42
|
in just a bit in our demo.
|
|
0:29:44
|
So looking at Multicast Routing
|
|
0:29:46
|
is about the last thing we need to look at
|
|
0:29:48
|
before our demos with network infrastructure.
|
|
0:29:50
|
Now multicast of course fits into media resources,
|
|
0:29:54
|
under Music On Hold,
|
|
0:29:55
|
because that's at least in what we're concerned with
|
|
0:30:00
|
for the CCIE Voice lab, that's really the only time we care about multicast traffic,
|
|
0:30:04
|
we might care about it for Broadcast IPTV, but
|
|
0:30:08
|
you know, and then a number of other things
|
|
0:30:10
|
in real networks, but for the lab, Music On Hold
|
|
0:30:14
|
is about the only thing we care about Multicast.
|
|
0:30:16
|
But it really falls... Breaks down into two components,
|
|
0:30:20
|
One is the server configuration,
|
|
0:30:24
|
the other is the network infrastructure,
|
|
0:30:26
|
so we'll cover the infrastructure portion here.
|
|
0:30:29
|
First of all, in a lab environment,
|
|
0:30:32
|
a small lab environment, like our CCIE Voice Exam,
|
|
0:30:37
|
and practice labs, it's perfectly safe in a small lab environment to
|
|
0:30:44
|
use PIM Dense Mode.
|
|
0:30:45
|
And Dense mode simply floods all multicast groups,
|
|
0:30:49
|
and multicast traffic everywhere,
|
|
0:30:51
|
Ok, this is for routers,
|
|
0:30:53
|
PIM is Protocol Independent Multicast,
|
|
0:30:55
|
we're not going to go into a long lengthy discussion of multicast.
|
|
0:30:58
|
There is easily an entire day worth of multicast
|
|
0:31:03
|
that we could go over, maybe two.
|
|
0:31:04
|
In fact, if you're interested in that,
|
|
0:31:07
|
and you happen to have the all access pass,
|
|
0:31:09
|
please watch, I can send you a link to Brian McGahan's
|
|
0:31:14
|
full day of IP Multicast that he just recorded last week,
|
|
0:31:20
|
for his Routing and Switching Class On Demand,
|
|
0:31:23
|
but we really don't need to go into a lot of detail for multicast
|
|
0:31:27
|
when it comes, as it pertains to the CCIE Voice lab I should say.
|
|
0:31:32
|
We'll use dense mode on the routers
|
|
0:31:34
|
to flood it everywhere, and we can use a form of Dense Mode
|
|
0:31:39
|
on the switches if we like as well.
|
|
0:31:41
|
Now, there is already something called IGMP,
|
|
0:31:43
|
or Internet Group Management Protocol
|
|
0:31:46
|
running on the 3750 switches and
|
|
0:31:48
|
even on the Ethernet switch module portion
|
|
0:31:51
|
router where we have that ESW,
|
|
0:31:55
|
and it snoops and listens for join requests.
|
|
0:31:58
|
So, by default we have IGMP snooping turned on for VLAN.
|
|
0:32:04
|
We can say "no igmp snooping"
|
|
0:32:08
|
in the Cat 3750 or even the Ethernet switch modules to turn it off.
|
|
0:32:14
|
It's perfectly fine to leave it on, on both.
|
|
0:32:17
|
But it can be helpful.
|
|
0:32:19
|
There used to be a bug many IOS versions ago
|
|
0:32:21
|
where we had to turn it of for the Ethernet switch module.
|
|
0:32:23
|
That's not the case anymore.
|
|
0:32:25
|
We just need to make sure that we have
|
|
0:32:27
|
ccm-manager music-on-hold configured on any IOS router,
|
|
0:32:32
|
and we'll talk about that when we get to media resources.
|
|
0:32:35
|
But for the multicast portion, we can do "no igmp snooping"
|
|
0:32:41
|
on either the Ethernet switch module in the router,
|
|
0:32:44
|
router IOS or the Catalyst IOS,
|
|
0:32:47
|
if we wish to turn it off just to avoid any possible troubleshooting.
|
|
0:32:52
|
Ok, we can also just under any Layer 3 interface
|
|
0:32:56
|
that's either a incoming or an outgoing,
|
|
0:32:59
|
so coming from the server,
|
|
0:33:02
|
and we'll look at a topology and draw this up on the white board in a moment.
|
|
0:33:06
|
Probably more so, when we get to the...
|
|
0:33:08
|
do it again when we get to the Media Resources section.
|
|
0:33:13
|
We would need it first incoming from these server VLAN
|
|
0:33:17
|
because the Publisher and Subscriber,
|
|
0:33:19
|
at least one of the two is where Music On Hold Server is going to lie.
|
|
0:33:23
|
so we need PIM Dense Mode there on the incoming server VLAN
|
|
0:33:28
|
Layer 3 interface, most likely
|
|
0:33:31
|
Layer 3 sub interface of a Fast Ethernet at our corporate headquarter or Site 1.
|
|
0:33:39
|
We'll also need it outgoing to the Voice VLAN
|
|
0:33:42
|
Layer 3 interface on the corporate headquarter or Router 1.
|
|
0:33:48
|
We'll also need it on the serial, one or two serial sub interfaces
|
|
0:33:53
|
as they point to the Branch 1 and Branch 2 routers
|
|
0:33:56
|
respectively depending on where we need multicast traffic to go.
|
|
0:34:01
|
Ok, so the PIM Dense Mode, it's safe to go ahead and put it on every interface.
|
|
0:34:05
|
Again, in a lab environment you never heard Mark telling you
|
|
0:34:08
|
that it's safe to use PIM Dense Mode everywhere.
|
|
0:34:12
|
Ok, in real production environment you would never want to do that.
|
|
0:34:15
|
In fact, you really wouldn't even want to do
|
|
0:34:17
|
PIM Sparse-Dense Mode because getting into a quick technical aside on that,
|
|
0:34:23
|
it uses Sparse Mode if there is a [...] who point to
|
|
0:34:26
|
manage group membership and if there's not,
|
|
0:34:28
|
it falls back to Dense Mode and so you just have the same, huge...
|
|
0:34:35
|
just you know, bursting of information,
|
|
0:34:38
|
flooding in of information is the word I was looking for,
|
|
0:34:40
|
out to all the interfaces, and out across your WAN and wherever else,
|
|
0:34:45
|
and you can get into a really high bandwidth or oversubscription
|
|
0:34:49
|
or problem if it's not managed properly with QoS.
|
|
0:34:53
|
Ok, but even if it is, you really don't want to leave multicast to
|
|
0:34:58
|
Dense or Sparse-Dense, you really want to keep it on Sparse Mode only.
|
|
0:35:03
|
That's in the real environment. In the lab we're going to use Dense Mode.
|
|
0:35:07
|
And then on let's say your Branch 1 you'd want it on your serial interface
|
|
0:35:10
|
coming in from the corporate headquarter site,
|
|
0:35:13
|
and then you'd also want it on your Voice VLAN.
|
|
0:35:18
|
So either a Fast Ethernet Sub interface out to a switch
|
|
0:35:20
|
or if it's an Ethernet switch module,
|
|
0:35:22
|
then it would be the SVI, the Voice VLAN switched Virtual Interface.
|
|
0:35:26
|
You do not ever need it on your loopbacks to get out to the PSTN,
|
|
0:35:30
|
that was an old configuration,
|
|
0:35:32
|
now all you need is ccm-manager,
|
|
0:35:34
|
it can't hurt to put it on your loopbacks,
|
|
0:35:37
|
that's perfectly fine if you want to do that.
|
