|
0:00:13
|
Ok, so let's start out on Switch1
|
|
0:00:15
|
and let's just take a look and do a sh cdp ne, and see what we have,
|
|
0:00:20
|
and we see that we have 3 phones
|
|
0:00:26
|
and those phones are on Fas 0/10, Fas 0/11,
|
|
0:00:31
|
and Fast Ethernet 0/12.
|
|
0:00:35
|
And if we do a sh cdp ne fa0/10 det,
|
|
0:00:43
|
We know that...See it's Skinny version
|
|
0:00:47
|
we see what type of a phone it is, a 7961.
|
|
0:00:53
|
And we see that it's drawing 6.3 Watts of power
|
|
0:00:56
|
or at least it says it is.
|
|
0:00:57
|
But if we do a sh powe in,
|
|
0:01:02
|
we actually see that Fa0/10 has no power.
|
|
0:01:05
|
It's not taking any power at all.
|
|
0:01:07
|
So this is what I was talking about in terms of the tunneling
|
|
0:01:11
|
that you can expect to see in the real lab.
|
|
0:01:14
|
Ok, so it looks like the phone is connected to Fa0/10,
|
|
0:01:17
|
to this particular switch, this...
|
|
0:01:25
|
This is a 3560
|
|
0:01:28
|
Ok, it looks like it's connected to this 3560 switch,
|
|
0:01:31
|
it looks like it's drawing power from it,
|
|
0:01:33
|
in one...
|
|
0:01:34
|
Via CDP,
|
|
0:01:35
|
but really that's all....
|
|
0:01:38
|
CDP is being relayed from the real switch, which
|
|
0:01:40
|
is actually providing the power.
|
|
0:01:42
|
And everything is tunneled through Layer 2.
|
|
0:01:44
|
So another good thing to do...
|
|
0:01:46
|
I'll clear off my screen, would be to do...
|
|
0:01:48
|
sorry, sh run | in cdp
|
|
0:01:53
|
And we see currently the only thing is
|
|
0:01:55
|
cdp timer 6 is enabled globally.
|
|
0:01:59
|
Globally we see that we can do cdp advertise-v2.
|
|
0:02:04
|
So if I go ahead and key that in and do sh run | in cdp
|
|
0:02:10
|
I note that nothing shows up, that's because it's the default
|
|
0:02:12
|
So if I took that off,
|
|
0:02:16
|
and then did the sh run,
|
|
0:02:18
|
now I would see no cdp advertise-v2.
|
|
0:02:20
|
So again just a good idea to do a sh run | in cdp
|
|
0:02:26
|
and see what is configured related to CDP on your switch port.
|
|
0:02:33
|
I'm going to, do sh run int fa0/10
|
|
0:02:38
|
and I actually did 0/10 but it...
|
|
0:02:40
|
0/010, but that still works.
|
|
0:02:43
|
And currently I see that I'm using access vlan 11
|
|
0:02:46
|
and switchport mode access.
|
|
0:02:48
|
Now, vlan 11...do sh vlan br
|
|
0:02:57
|
vlan 11 is my Voice VLAN.
|
|
0:02:59
|
So, another way that we could do things is..
|
|
0:03:03
|
We talked about we could have a trunk mode where
|
|
0:03:05
|
this is switchport mode trunk
|
|
0:03:06
|
and I've got switchport voice vlan
|
|
0:03:09
|
and access vlan being something...
|
|
0:03:10
|
I'm sorry, switchport mode voice vlan
|
|
0:03:13
|
and a Native VLAN ID being something separate from each other,
|
|
0:03:16
|
a Voice and a Data vlan.
|
|
0:03:17
|
I could also do access mode where this is set to switchport mode access
|
|
0:03:22
|
and the access vlan is let's say vlan 12 as we see down here
|
|
0:03:26
|
which is the Data VLAN
|
|
0:03:29
|
And the Voice VLAN is vlan 11.
|
|
0:03:35
|
So, switchport voice vlan 11.
|
|
0:03:37
|
And there's another way which is just simply using access mode
|
|
0:03:41
|
and having everything in the same VLANs.
|
|
0:03:43
|
So access vlan 11, as long as my phone is in the Voice VLAN
|
|
0:03:48
|
Its PC port is not in a separate VLAN which is not the best for security
|
|
0:03:53
|
but it does work.
|
|
0:03:55
|
Ok, both ports are in the same VLAN,
|
|
0:03:58
|
there is no separation of VLAN ID
|
|
0:03:59
|
for traffic classification, for anything such as security.
|
|
0:04:06
|
And again it's not the best idea for an enterprise environment,
|
|
0:04:09
|
but it is an acceptable configuration, it will work.
|
|
0:04:12
|
Ok..
|
|
0:04:14
|
and I'm actually not going to change it because of my Layer-2 Tunneling,
|
|
0:04:17
|
I'm going to leave it in access vlan.
|
|
0:04:20
|
Ok..
|
|
0:04:21
|
In the real lab they may have it set up differently,
|
|
0:04:23
|
and they may want you to use the Voice VLAN,
|
|
0:04:26
|
you certainly know how to do that,
|
|
0:04:28
|
it shouldn't be too big of an issue.
|
|
0:04:33
|
Ok, so I've got all my phones in their proper...Whoops..
|
|
0:04:36
|
I meant to...
|
|
0:04:42
|
I meant to do the sh vlan br again
|
|
0:04:45
|
I've got all their phones,
|
|
0:04:46
|
Fast Ethernet 10, 11 in their proper ones,
|
|
0:04:51
|
my Fast Ethernet 0/12,
|
|
0:04:53
|
which is a phone, is actually my PSTN phone
|
|
0:04:57
|
and so that's connected there
|
|
0:04:58
|
as well as port 4
|
|
0:05:03
|
which goes out to my PSTN device.
|
|
0:05:06
|
So everything is in their proper VLAN
|
|
0:05:09
|
from this perspective.
|
|
0:05:10
|
And actually let's go ahead and bring up a topology as well.
|
|
0:05:20
|
OK.
|
|
0:05:21
|
So, I'm going to zoom in just a little bit and then we'll scroll around with this.
|
|
0:05:26
|
But here's the topology that we're going to use, this is
|
|
0:05:30
|
is very similar to the topology you'll see in the real lab.
|
|
0:05:33
|
The real CCIE Voice Lab is actually one of the few
|
|
0:05:38
|
if maybe the only CCIE Labs that really publishes the topology
|
|
0:05:42
|
and has...they publish it as a sample topology, but
|
|
0:05:45
|
have for the most part stuck with it
|
|
0:05:49
|
throughout the testing,
|
|
0:05:51
|
so it's one of the nice things I suppose about it.
|
|
0:05:55
|
It being a very difficult test in enough itself already.
|
|
0:05:58
|
So we see that we have all of our...
|
|
0:06:05
|
We see that we've got all of our servers
|
|
0:06:07
|
up here in the CorpHQ Site.
|
|
0:06:12
|
And they're hanging off of VLAN 10
|
|
0:06:14
|
using the 177.1.10.0/24 so,255.255.255.0 subnet mask,
|
|
0:06:26
|
we've got a Voice and Data VLAN being 11 and 12 where our phones sit.
|
|
0:06:31
|
We do have our PSTN phone connected to Switch 1.
|
|
0:06:35
|
This is the same way we have it in our racks,
|
|
0:06:38
|
this is not what you would probably see in the real lab.
|
|
0:06:40
|
You would actually see that phone really connected
|
|
0:06:44
|
off of the PSTN router or
|
|
0:06:51
|
a separate PSTN switch.
|
|
0:06:52
|
You really wouldn't see a switch per se with that on there,
|
|
0:06:55
|
but that's the way that we're doing it
|
|
0:06:57
|
so that you have control over it and
|
|
0:06:59
|
you can see it and access it and change anything
|
|
0:07:01
|
that might need to be changed.
|
|
0:07:03
|
We're doing a trunk between our switch, our 3560 switch
|
|
0:07:08
|
which is really no different than a 3750 for all intents purposes
|
|
0:07:14
|
Really everything is the same except for the
|
|
0:07:17
|
stacking capability of the 3750,
|
|
0:07:20
|
and therefore the naming of the 3750.
|
|
0:07:23
|
In the 3560 we have names like Fa0/5
|
|
0:07:28
|
and if this were a 3750, it would be Fa1/0/5
|
|
0:07:33
|
indicating the stacking switch number that we're working with.
|
|
0:07:40
|
Ok, we've got, if I scroll down a little bit.
|
|
0:07:46
|
And I guess let me go back and say
|
|
0:07:48
|
for our PUB and SUB
|
|
0:07:50
|
our PUB is .10, our Subscriber Server is .20,
|
|
0:07:54
|
Unity Connection is .30,
|
|
0:07:56
|
UCCX is .40,
|
|
0:07:58
|
Presence is .50,
|
|
0:08:00
|
Our XP Utility test machine is .100
|
|
0:08:03
|
where we'll use things like CUPC and,
|
|
0:08:09
|
you know,
|
|
0:08:11
|
that's most of what we'll do on there
|
|
0:08:13
|
various other things...
|
|
0:08:15
|
Oh, RTMT might be one of the things that we'll do on there.
|
|
0:08:18
|
And then our Active Directory is actually on a separate subnet.
|
|
0:08:22
|
It's drawn up here with the rest of the servers, but
|
|
0:08:25
|
the IP address is in red to let you know that it's a separate subnet.
|
|
0:08:30
|
This is our DNS and Active Directory server,
|
|
0:08:32
|
it's 177.1.100 instead of the third octet being 10, it's .100.110
|
|
0:08:41
|
Ok, so if you might potentially have an Active Directory
|
|
0:08:46
|
LDAP or DNS server in the real lab
|
|
0:08:49
|
it would be on some sort of backbone,
|
|
0:08:52
|
but...
|
|
0:08:55
|
it's really up to the lab as to whether you might have one on any given day.
|
|
0:09:00
|
Ok, so let's scroll down
|
|
0:09:04
|
We see that our CorpHQ Site
|
|
0:09:06
|
is attached with a T1 PRI to the PSTN
|
|
0:09:12
|
as is our Branch1 Router2.
|
|
0:09:15
|
And our Branch2 Router3 is connected with an E1 PRI for international.
|
|
0:09:23
|
We're connected through a frame relay
|
|
0:09:24
|
network which is what the real lab has.
|
|
0:09:28
|
So we've got, out to the frame cloud
|
|
0:09:30
|
we've essentially got a T1
|
|
0:09:32
|
and then we've got a single PVC over to Branch1
|
|
0:09:35
|
and a single PVC over to Branch2.
|
|
0:09:37
|
So we are using a Hub-and-spoke topology.
|
|
0:09:43
|
Whoops.
|
|
0:09:48
|
Ok, down at Branch2,
|
|
0:09:49
|
I'm sorry down at Branch1
|
|
0:09:52
|
we've got the same VLAN 11 and 12,
|
|
0:09:54
|
but you can see those hang directly off of the router.
|
|
0:09:56
|
Ok, so that means that we are using the Ethernet switch module
|
|
0:10:00
|
NM4-ESW here
|
|
0:10:03
|
and we've got one phone hanging off of that Ethernet switch module.
|
|
0:10:09
|
Over at Branch2...
|
|
0:10:12
|
The real lab would either use at Branch1 or Branch2
|
|
0:10:16
|
or potentially both, the 4-port Ethernet switch module,
|
|
0:10:20
|
or it might use two 3750s,
|
|
0:10:23
|
and then one Site will definitely have the 4-port Ethernet switch module.
|
|
0:10:29
|
It might...It would most likely be that two
|
|
0:10:31
|
Sites have the 4-port Ethernet switch module.
|
|
0:10:33
|
We, just to save some cost so that we didn't have to pass it on to you,
|
|
0:10:36
|
we're still using an older 3550 here.
|
|
0:10:39
|
It's simply for Layer 2 connectivity.
|
|
0:10:41
|
All of your configuration and testing for 4-port Ethernet switch
|
|
0:10:45
|
can be done on Router2.
|
|
0:10:47
|
And of course all of your testing for the 3750/3560
|
|
0:10:55
|
can be done back at CorpHQ.
|
|
0:10:58
|
Ok, but for the sake of this rack we do have a 3550.
|
|
0:11:02
|
You don't ever have to configure it if you're renting rack time from us.
|
|
0:11:05
|
We won't configure it in this lab,
|
|
0:11:07
|
or this class just because it's not part of what you would be doing.
|
|
0:11:14
|
You won't be using the 3550 for anything.
|
|
0:11:16
|
Ok, but we can test out everything else
|
|
0:11:18
|
on the other two switches.
|
|
0:11:20
|
We've got two phones over at Branch2,
|
|
0:11:24
|
so we've got two 7961 phones at Branch2,
|
|
0:11:26
|
one at Branch1,
|
|
0:11:29
|
and we've got
|
|
0:11:32
|
two 7961 phones at CorpHQ,
|
|
0:11:34
|
and then we've got one 7960 phone for the PSTN.
|
|
0:11:40
|
Now in this particular topology, just so no one's confused,
|
|
0:11:43
|
you do see a number of phones and
|
|
0:11:47
|
indicator, a router that says
|
|
0:11:48
|
your router, your place of study.
|
|
0:11:50
|
This is just if you happen to be using,
|
|
0:11:52
|
you know, your study with our racks
|
|
0:11:56
|
your routers, your phones with our racks
|
|
0:11:58
|
to extend the network out through network extension mode
|
|
0:12:01
|
and IPsec, then EzVPN, we allow that,
|
|
0:12:06
|
but we're not going to be using that at all for this particular class,
|
|
0:12:09
|
so you can ignore that any time I pull up the topology for this class,
|
|
0:12:12
|
but that's certainly available if you want to rent rack time from us.
|
|
0:12:18
|
Ok,
|
|
0:12:21
|
so, we've got the CorpHQ set up.
|
|
0:12:28
|
Let's go and bring up our Router1,
|
|
0:12:32
|
and ignore this, this just some scripts that I have set every time
|
|
0:12:36
|
I telnet in, I turn on term mon and debug ISDN Q.931
|
|
0:12:40
|
which, when you're testing your dial plan
|
|
0:12:43
|
or actually, testing just about anything
|
|
0:12:46
|
unless you haven't yet got a PRI configured yet,
|
|
0:12:51
|
it's a good idea to be doing that
|
|
0:12:53
|
in your self-study and in the real lab.
|
|
0:12:57
|
Ok, so let's just clear this off,
|
|
0:12:59
|
and let's go ahead and setup some DHCP pools as we talked about.
|
|
0:13:04
|
So, the first thing we'll do is we'll look at
|
|
0:13:10
|
ip dhcp excluded-address command.
|
|
0:13:13
|
If we, first of all if I do sh run | s dhcp
|
|
0:13:19
|
I don't believe I have anything in here currently,
|
|
0:13:21
|
no I don't, good, ok.
|
|
0:13:22
|
If we set up our DHCP pools,
|
|
0:13:26
|
if I go ahead and set up a pool called HQ-PHONES,
|
|
0:13:31
|
then the problem with this is, as soon as
|
|
0:13:34
|
I see a request, I'm going to go ahead and start handing out IP addresses.
|
|
0:13:41
|
Now, if my first IP address, in let's say pool
|
|
0:13:44
|
177.1.11.0 would be 177.1.11.1
|
|
0:13:54
|
because that's....The IOS routers hand out beginning from .1
|
|
0:13:59
|
the CUCM server being a Linux server,
|
|
0:14:02
|
the DHCP daemon hands out beginning at .254
|
|
0:14:06
|
Ok,
|
|
0:14:09
|
I would run into a conflict because
|
|
0:14:11
|
do sh run |...Actually I should say
|
|
0:14:13
|
do sh ip int br | ex unass
|
|
0:14:19
|
so just those interfaces with an IP address assigned.
|
|
0:14:23
|
I see that I have one already, so I would sense the conflict
|
|
0:14:26
|
or I would ping it and it should avoid it
|
|
0:14:30
|
and everything should work fine.
|
|
0:14:31
|
However, maybe you were told to have an exclusion range,
|
|
0:14:37
|
so, let's say, only hand out addresses
|
|
0:14:40
|
between .15 and .20
|
|
0:14:44
|
Something like that.
|
|
0:14:45
|
If you don't configure your exclusion range first,
|
|
0:14:49
|
you'll go ahead and begin handing out IP addresses
|
|
0:14:51
|
in essentially the exclusion range.
|
|
0:14:54
|
Now, you can put it the exclusion later,
|
|
0:14:56
|
but what you'll have to do after that,
|
|
0:14:58
|
if that's what happens, is just power cycle your phone.
|
|
0:15:01
|
Ok, just pull the power, put it back in
|
|
0:15:04
|
or you could go into the phone settings, whichever you think is quicker,
|
|
0:15:07
|
and do a dhcp release,
|
|
0:15:09
|
save and then release, set that back to no,
|
|
0:15:12
|
save and you would get a new IP address.
|
|
0:15:15
|
Ok, but I'm going to go ahead and do
|
|
0:15:18
|
177.1.11.1 being my low address that I want to exclude,
|
|
0:15:28
|
and my high address being 177.1.11.
|
|
0:15:31
|
now we said, say 15 through 20
|
|
0:15:35
|
So I would exclude through .14,
|
|
0:15:37
|
so that the first IP would be 15 that was handed out.
|
|
0:15:41
|
Now I would also need to... Even though I should never
|
|
0:15:44
|
hand out anything higher than 20,
|
|
0:15:45
|
I would also need to go ahead and say...
|
|
0:15:48
|
if I was 15 through 20,
|
|
0:15:51
|
my next low address would be 21, and then
|
|
0:15:54
|
177.1.11. let's say 254
|
|
0:15:57
|
255 is of course the broadcast IP.
|
|
0:16:01
|
Ok, so that would be a way that I would ensure
|
|
0:16:04
|
that it would only hand out IPs .15 through 20,
|
|
0:16:09
|
so after the IP of 14, before 21.
|
|
0:16:13
|
Now I could go ahead and say ip dhcp pool,
|
|
0:16:17
|
and call it CorporateHQ-PHONES
|
|
0:16:22
|
and give it a network address.
|
|
0:16:23
|
I actually like to put in all the rest of my specifics first
|
|
0:16:26
|
before a network because as soon as
|
|
0:16:28
|
I enter my network, I am able to hand out IPs.
|
|
0:16:31
|
I've given it an IP range to hand out.
|
|
0:16:33
|
I want to make sure that the phone gets other things such as
|
|
0:16:37
|
Option 150, or you can do Option 66,
|
|
0:16:41
|
Option 66 can be used for an IP address
|
|
0:16:45
|
or for an ASCII domain name.
|
|
0:16:50
|
So, you know maybe CCM-CL1-Pub
|
|
0:16:58
|
something like that .ine.com
|
|
0:17:00
|
A fully qualified domain name, of course the phone
|
|
0:17:03
|
would also have to have a DNS server, so that
|
|
0:17:06
|
would have to be one of the options I handed out.
|
|
0:17:09
|
Option 66 can do an IP address
|
|
0:17:11
|
Option 150 can only do IP addresses, It cannot...
|
|
0:17:15
|
I mean you can configure ASCII, but it's not a
|
|
0:17:18
|
valid value or argument type per the RFC.
|
|
0:17:26
|
So, Option 150 is when I want to hand out IPs
|
|
0:17:30
|
and I want to hand out more than one IPs,
|
|
0:17:32
|
that is I want to have an array.
|
|
0:17:35
|
If I'm handing out Option 66,
|
|
0:17:37
|
I said you could do an IP, but you can only do one.
|
|
0:17:39
|
So it's a fully qualified domain name or a single IP.
|
|
0:17:44
|
Ok, so here we'll do 177.1.10.10 which is our Publisher,
|
|
0:17:50
|
we might also have 177.1.10.20
|
|
0:17:53
|
as a Subscriber, as a backup.
|
|
0:17:56
|
Ok, just depends on what out lab exam tells us.
|
|
0:17:58
|
I'll go ahead and put it in as a backup.
|
|
0:18:01
|
177.1.10.20, ok notice I just have a space separating the two
|
|
0:18:08
|
I must have my default router,
|
|
0:18:10
|
177.1.11 is the subnet that they're on,
|
|
0:18:13
|
.1 is the IP address of this router,
|
|
0:18:15
|
and now I can...Let's go ahead and add DNS as well.
|
|
0:18:19
|
So, DNS server 177.1.100.110 as we saw on our topology
|
|
0:18:29
|
is our DNS server, and then I'll go ahead and I'll do network
|
|
0:18:33
|
177.1.11.0 and I can either key in 255.255.255.0
|
|
0:18:40
|
or just /24.
|
|
0:18:44
|
So let's clear off this screen, do sh run | s dhcp.
|
|
0:18:48
|
I see my excluded addresses,
|
|
0:18:51
|
and I see my phones' pool.
|
|
0:18:54
|
Now because this router is the same router
|
|
0:18:58
|
as where my phones are...I should say
|
|
0:19:02
|
this router is a part of the broadcast domain, so
|
|
0:19:05
|
vlan 11 from Switch1
|
|
0:19:07
|
which is 177.1.11
|
|
0:19:11
|
Ok, the second octet is what we use in our topology
|
|
0:19:15
|
to define Site number.
|
|
0:19:17
|
177.1.11, those phones are here local
|
|
0:19:21
|
if I was debugging, which I will be doing
|
|
0:19:23
|
in just a minute for the next pool.
|
|
0:19:26
|
Then you would see that the request is coming through
|
|
0:19:31
|
and I'm handing out IPs.
|
|
0:19:32
|
Now I can go ahead and just do, or just exit out and say
|
|
0:19:37
|
sh ip dhcp bi
|
|
0:19:39
|
and I should see that I have handed out two IPs,
|
|
0:19:42
|
to my two phones at CorpHQ .15 and 16
|
|
0:19:48
|
Ok, I didn't see the request because I wasn't debugging.
|
|
0:19:51
|
We will do that for the next one.
|
|
0:19:53
|
So over in Router2 which is our Branch1 router,
|
|
0:19:58
|
again let's do a sh ip int br | ex unas
|
|
0:20:06
|
I see that I've got...I already have a Vlan11 created.
|
|
0:20:09
|
Well at least I have an SVI, Switch Virtual Interface.
|
|
0:20:13
|
Let's do a sh inventory to see what hardware we have,
|
|
0:20:18
|
and this is where our 4-port Ethernet switch module is.
|
|
0:20:27
|
Ok, so, if I do a sh cdp ne
|
|
0:20:33
|
I see that CorpHQ router
|
|
0:20:36
|
is attached, it's a 2811 through serial 0/0/1:0
|
|
0:20:43
|
because it's a....
|
|
0:20:47
|
I 've got a channel group up set as channel group 0,
|
|
0:20:50
|
and .1, it's a sub interface.
|
|
0:20:52
|
And it happens to be the same IP, or sorry the same interface naming
|
|
0:20:56
|
on the other side, the CorpHQ side.
|
|
0:21:00
|
And on Fas 0/1/3,
|
|
0:21:03
|
I have my IP phone, it's Layer 2 VPN, it looks like it's here.
|
|
0:21:10
|
Ok, by the way I know it's going to be 01, even before I looked over there
|
|
0:21:17
|
simply because if I look up at the show inventory,
|
|
0:21:20
|
I've got my 4-port Ethernet switch on Slot 0,
|
|
0:21:23
|
so there's the first 0,
|
|
0:21:26
|
SubSlot 1, so Slot 0 is the motherboard,
|
|
0:21:30
|
SubSlot is the slot port that I have on the front of the router
|
|
0:21:35
|
or back depending on how you want to look at it or call it.
|
|
0:21:38
|
So it's not the first slot.
|
|
0:21:41
|
The first slot, Slot 0, I'm sorry SubSlot 0
|
|
0:21:46
|
on Slot 0 or the actual Slot 0 on the motherboard
|
|
0:21:50
|
is my 2-port VWIC-MFT.
|
|
0:21:56
|
So 2MFT-T1.
|
|
0:21:57
|
So this is the second port counting canonically, Slot 1
|
|
0:22:03
|
So I'm going to be 0/1/.. and if I'm counting canonically
|
|
0:22:07
|
0,1,2,3, it's the last port.
|
|
0:22:09
|
That's where I find my phone.
|
|
0:22:13
|
Ok, and if we do a sh run int Fa0/1/3,
|
|
0:22:18
|
I'll see that I've got this set up for access vlan11
|
|
0:22:23
|
and spanning-tree portfast.
|
|
0:22:25
|
Ok, so let's do sh vlan
|
|
0:22:27
|
and remember there is sh vlans or vlan-switch,
|
|
0:22:31
|
so we want vlan-switch,
|
|
0:22:32
|
and here I do see that I have vlan11,
|
|
0:22:36
|
it's not named, I could certainly do that.
|
|
0:22:38
|
say vlan 11 name Voice,
|
|
0:22:41
|
vlan 10, I'm sorry 12,
|
|
0:22:44
|
name Data,
|
|
0:22:48
|
not Date, Data
|
|
0:22:49
|
there we go, and do sh vlan-switch.
|
|
0:22:56
|
Oh, and I actually have to exit out before that vlan 12
|
|
0:22:59
|
will take effect in its naming.
|
|
0:23:01
|
Ok, and now they've got their proper names.
|
|
0:23:06
|
So as I mentioned, sh ip int br
|
|
0:23:13
|
I also have an SVI,
|
|
0:23:15
|
so let's do a sh run int vlan11
|
|
0:23:19
|
And I see that I've got my SVI, Switch Virtual Interface
|
|
0:23:24
|
with my IP address, and I actually
|
|
0:23:26
|
already happen to have a helper address.
|
|
0:23:29
|
I'm going to go ahead and change that,
|
|
0:23:31
|
I thought I'd deleted all the config,
|
|
0:23:33
|
I think that's the one thing I forgot was the helper address.
|
|
0:23:36
|
So I'm going to jump into interface Vlan11,
|
|
0:23:39
|
and I'm going to change my IP helper-address
|
|
0:23:43
|
to, let's say...
|
|
0:23:46
|
You know what, let's leave it there, that's the...
|
|
0:23:48
|
that's the loopback of Router1 at CorpHQ.
|
|
0:23:51
|
I'm going to go ahead and leave that there.
|
|
0:23:52
|
We'll send Router2 or the Branch2 Site phones
|
|
0:23:56
|
to the CUCM to get their IP addresses from there.
|
|
0:23:59
|
So let's just go ahead and leave that right now set to the loopback,
|
|
0:24:04
|
and what we're going to go ahead and do is
|
|
0:24:06
|
let's debug,
|
|
0:24:09
|
ip dhcp server events here on the CorpHQ router.
|
|
0:24:16
|
So we've already got term mon turned on
|
|
0:24:18
|
which is useful if I'm telnetting in of course.
|
|
0:24:21
|
It echoes the syslog, sends it out to my terminal session as well.
|
|
0:24:26
|
Just because I have that turned on does not mean that
|
|
0:24:29
|
I'll see syslog or console messages.
|
|
0:24:31
|
I need to make sure that logging is turned on as well.
|
|
0:24:34
|
It is by default, but it's helpful to just do a show logging,
|
|
0:24:39
|
and make sure that...
|
|
0:24:43
|
In fact, monitor logging is set to level debugging.
|
|
0:24:46
|
Ok, console logging might be on.
|
|
0:24:49
|
You can certainly go in through the console and you should expect to see
|
|
0:24:52
|
log mesages or syslog messages,
|
|
0:24:54
|
but again remember inherent troubleshooting,
|
|
0:24:56
|
they might have just turned off logging globally for you.
|
|
0:25:00
|
Ok, and here my logging to vty 514
|
|
0:25:03
|
if I do a who...oops sorry, sh user...
|
|
0:25:10
|
sh users,
|
|
0:25:12
|
there we go, oh it did show it.
|
|
0:25:15
|
vty 514 is who I am, I can tell because it'll ask for xpside of it
|
|
0:25:19
|
and "show logging" showed that there was a...
|
|
0:25:26
|
If I can find it again...
|
|
0:25:27
|
in all my scrollback messages.
|
|
0:25:35
|
There we go, it showed that it was also logging onto vty514,
|
|
0:25:38
|
that's the term mon, if you want to turn off term mon
|
|
0:25:40
|
it's not "no term mon", it's "term no mon"
|
|
0:25:43
|
It's one of the few times when I have a little bit different wording
|
|
0:25:47
|
term, terminal and then no monitor.
|
|
0:25:51
|
Ok, that turns it off, sh logging shows me that monitor is still logging, however,
|
|
0:25:56
|
it's not logging out to any particular VTYs or terminals.
|
|
0:26:00
|
Ok, enough about that.
|
|
0:26:02
|
So let's go to tem mon back on,
|
|
0:26:09
|
and we were seeing some dhcp requests,
|
|
0:26:11
|
let's look and see back at Branch1,
|
|
0:26:14
|
sh cdp ne
|
|
0:26:18
|
the MAC address ended in BAAE.
|
|
0:26:23
|
So we should see some requests from that
|
|
0:26:29
|
dhcp, ok, this is f1de,
|
|
0:26:33
|
so that's a IP that's actually over at CorpHQ still.
|
|
0:26:39
|
Here we go, here's our baae,
|
|
0:26:41
|
let me scroll up so we can stop the...
|
|
0:26:45
|
So seeing if there is an internally specified pool class,
|
|
0:26:49
|
character address 001b.5452.baae
|
|
0:26:55
|
and it says there is no pool for 177.2.11.1,
|
|
0:27:00
|
Why did it say 177.2.11.1?
|
|
0:27:04
|
Because if I'm back over on Router2,
|
|
0:27:08
|
177.2.11.1 is the IP address,
|
|
0:27:12
|
the Layer 3 IP of the person or entity node
|
|
0:27:17
|
that took the broadcast for a DHCP,
|
|
0:27:20
|
and turned it into a unicast,
|
|
0:27:21
|
so it's essentially being a relay.
|
|
0:27:24
|
It's taking that, it's going to relay that information,
|
|
0:27:27
|
and it's saying, hey, you know I've got an IP
|
|
0:27:30
|
but I need an IP addreess for this MAC address
|
|
0:27:34
|
even though you can't reach that MAC address locally
|
|
0:27:36
|
because we're on different broadcast domains.
|
|
0:27:38
|
Can you assign an IP and hand it back to me,
|
|
0:27:41
|
and I'll hand it back to that individual?
|
|
0:27:43
|
So this Switch Virtual Interface is handing it back to
|
|
0:27:47
|
the phone, or would be if there was a pool defined.
|
|
0:27:51
|
OK, so we're going to see some messages here,
|
|
0:27:54
|
but let's just go ahead and say conf t,
|
|
0:27:57
|
and we're not going to do an exclusion range on this one,
|
|
0:28:01
|
we know we could.
|
|
0:28:03
|
ip dhcp pool,
|
|
0:28:06
|
and we'll say Branch1-PHONES,
|
|
0:28:09
|
there is no need to type exotic names for anything
|
|
0:28:13
|
just make sure they're intuitive,
|
|
0:28:14
|
make sure you remember what they are in the lab,
|
|
0:28:17
|
Let's do sh run | s dhcp
|
|
0:28:19
|
because we can reuse a lot of what's in here.
|
|
0:28:22
|
So I'll just copy most of what's in here,
|
|
0:28:24
|
whoops...
|
|
0:28:27
|
and I'm going to edit, grab my Text Edit,
|
|
0:28:30
|
and I'm going to paste it in here,
|
|
0:28:33
|
and I'm going to change the variables,
|
|
0:28:38
|
so you would do this in the real lab if you can copy and paste.
|
|
0:28:41
|
You may be using SecureCRT in the real lab,
|
|
0:28:45
|
use may be using PuTTY,
|
|
0:28:48
|
so be familiar with both
|
|
0:28:50
|
SecureCRT, you copy and paste
|
|
0:28:52
|
with control insert to paint, I'm sorry
|
|
0:28:55
|
control insert to copy, just remember
|
|
0:28:58
|
c for control for copy,
|
|
0:29:00
|
so control insert to copy,
|
|
0:29:02
|
and shift insert to paste.
|
|
0:29:05
|
Or you can right click if you
|
|
0:29:07
|
have right click capabilities,
|
|
0:29:08
|
just depends on how their Microsoft Group Policy Objects have the
|
|
0:29:12
|
candidate PC locked down.
|
|
0:29:15
|
Ok, the TFTP addresses stay the same.
|
|
0:29:18
|
The default router changes,
|
|
0:29:20
|
and the DNS server stays the same.
|
|
0:29:27
|
Ok, so I believe I'm already in the pool for Branch1-PHONES,
|
|
0:29:29
|
and I can paste all that in there.
|
|
0:29:33
|
And now,
|
|
0:29:38
|
Ok, so all the sudden we saw this add 177.2.11.1
|
|
0:29:44
|
to 254, we've got the range available,
|
|
0:29:47
|
so now all we have to do is wait for that request to come back in.
|
|
0:29:51
|
Right now we're seeing requests from Router 3,
|
|
0:29:55
|
or Branch2 Site.
|
|
0:30:05
|
Ok, these are some more CorpHQ phones,
|
|
0:30:09
|
just doing their every so often request,
|
|
0:30:13
|
we could change the lease time,
|
|
0:30:16
|
they're not really asking for a new IP,
|
|
0:30:17
|
they're just making sure that one is available,
|
|
0:30:20
|
since they can't really contact the
|
|
0:30:22
|
TFTP server to download their config yet.
|
|
0:30:25
|
They're just checking to see if DHCP was really being honest
|
|
0:30:28
|
and telling them the right TFTP server.
|
|
0:30:33
|
So we just need to wait for another request to come in.
|
|
0:30:35
|
Here we go.
|
|
0:30:36
|
We've got the request from baae.
|
|
0:30:44
|
And here we go, we've got a
|
|
0:30:45
|
DHCP ping conflict,
|
|
0:30:47
|
let me scroll up,
|
|
0:30:50
|
of 177.2.11.1,
|
|
0:30:54
|
so we're adding a binding to the tree
|
|
0:30:56
|
for the next available IP,
|
|
0:30:58
|
we've assigned that next IP of 177.2.11.2
|
|
0:31:01
|
to the client and notice this is a little bit different
|
|
0:31:07
|
than the MAC address that we saw earlier.
|
|
0:31:09
|
This is the client-identifier which
|
|
0:31:11
|
always starts with 01 for Ethernet.
|
|
0:31:14
|
So we see a client-identifier as opposed to a MAC address.
|
|
0:31:20
|
It is the MAC address, but it's got 01 prefixed to it.
|
|
0:31:23
|
That shifts the dotted decimal notation over.
|
|
0:31:27
|
We've got four characters and then a dot,
|
|
0:31:30
|
four characters and then a dot,
|
|
0:31:32
|
four characters and then the last two characters of the MAC address.
|
|
0:31:36
|
This portion is the MAC address,
|
|
0:31:38
|
and this specifies that it's on Ethernet.
|
|
0:31:42
|
The client-identifier rather than the MAC address is what we would
|
|
0:31:44
|
use if we're trying to assign an IP address to a specific
|
|
0:31:50
|
client or specific node,
|
|
0:31:52
|
whether it's a phone, PC, MAC,
|
|
0:31:54
|
it really doesn't matter as long as it's on Ethernet.
|
|
0:31:57
|
Ok, so if you're trying to isolate a single pool
|
|
0:32:01
|
for a single client, make sure...
|
|
0:32:04
|
just do a...
|
|
0:32:08
|
create a normal class, let's just undebug all here
|
|
0:32:12
|
create a normal dhcp pool,
|
|
0:32:14
|
and do a sh ip dhcp bi,
|
|
0:32:19
|
and see that the client-identifier,
|
|
0:32:22
|
see how that works,
|
|
0:32:23
|
see how it's assigned, and grab it in its existing format,
|
|
0:32:27
|
delete your other pool,
|
|
0:32:29
|
and put in the client-identifier.
|
|
0:32:32
|
Ok, so here's what I mean by that,
|
|
0:32:33
|
sh run | sec dhcp,
|
|
0:32:38
|
if I was told just to hand out just an IP address
|
|
0:32:40
|
to that one Branch1-PHONE, but no one else,
|
|
0:32:45
|
I could jump into my Branch1-PHONES pool,
|
|
0:32:49
|
and instead of saying network...
|
|
0:32:53
|
well actually I could still say network but
|
|
0:32:55
|
I could give it a host IP instead,
|
|
0:33:00
|
ok instead of a network,
|
|
0:33:01
|
but I could say client-identifier,
|
|
0:33:05
|
and the client-identifier is, copy and paste,
|
|
0:33:10
|
and now what I've done is...
|
|
0:33:13
|
And it says I can't use it with network, I have to use it with host.
|
|
0:33:17
|
Ok, so I'd have to change the network command,
|
|
0:33:19
|
I'd have to delete that, and make that a host,
|
|
0:33:22
|
and I'd have to give it a valid host IP,
|
|
0:33:24
|
and then I could use the client-identifier,
|
|
0:33:26
|
and I would lock that pool down to
|
|
0:33:28
|
attributes and then IP for one specific client or node.
|
|
0:33:32
|
As it sits, I didn't modify it,
|
|
0:33:36
|
and we see the Branch1 pool is left untouched.
|
|
0:33:39
|
Ok
|
|
0:33:41
|
So, over at Router2, if I do a sh cdp ne de
|
|
0:33:46
|
I should see that this phone has 177.2.11.2
|
|
0:33:53
|
Likewise, at my CorpHQ-Switch,
|
|
0:33:55
|
sh cdp ne de, I'm actually going to do fa0/10 de
|
|
0:34:00
|
because I want to isolate it,
|
|
0:34:01
|
Looks like I've got 18 as an IP,
|
|
0:34:06
|
and if I look at 11, I've got 16 as an IP.
|
|
0:34:11
|
Does Router 1 reflect that?
|
|
0:34:13
|
sh ip dhcp binding,
|
|
0:34:15
|
Yep,
|
|
0:34:16
|
.16 and .18
|
|
0:34:19
|
so we probably handed out... I believe we started at 15
|
|
0:34:22
|
We probably handed out 15 and 16, and then
|
|
0:34:25
|
a phone is sitting there frantically trying to register
|
|
0:34:29
|
with the DHCP instructed TFTP server,
|
|
0:34:33
|
can't do it, so it goes through a recycle,
|
|
0:34:36
|
and tries to get a new IP and new TFTP,
|
|
0:34:39
|
and like I said, a frantic attempt to register.
|
|
0:34:41
|
And It'll keep doing that until it either burns up,
|
|
0:34:44
|
or finally gets registered.
|
|
0:34:49
|
Ok, so let's go over and take a look at our Router 3.
|
|
0:34:53
|
sh cdp n
|
|
0:34:54
|
I don't have any phones connected here because
|
|
0:34:55
|
I've got my Branch2-Switch.
|
|
0:34:57
|
As I mentioned, there is nothing you need to do on this Branch2-Switch.
|
|
0:35:00
|
If you're using our racks, we always pre-configure them,
|
|
0:35:04
|
pre-configure this particular switch
|
|
0:35:06
|
because as I mentioned sh ver | in 3550,
|
|
0:35:12
|
Ok, so sh vlan br
|
|
0:35:16
|
we've got our Vlan 11 set up,
|
|
0:35:19
|
we've got Fa0/10 and 11,
|
|
0:35:21
|
and 1 and 2 is if you were renting our racks,
|
|
0:35:25
|
that's where you would find the phones connected but,
|
|
0:35:29
|
with me being a developer having the Layer 2 VPN remotely,
|
|
0:35:33
|
this is how I have mine connected,
|
|
0:35:35
|
it's also how we do them in the live class.
|
|
0:35:37
|
And so, sh cdp n,
|
|
0:35:40
|
we've got our phones connected there,
|
|
0:35:42
|
If I sh run int f0/10,
|
|
0:35:45
|
and or 11,
|
|
0:35:47
|
I see that they have the access vlan 11.
|
|
0:35:51
|
And they're in switchport mode access.
|
|
0:35:53
|
And we're going to leave them there just for our tunnel.
|
|
0:35:56
|
So, actually let's do sh ip int br | ex unas
|
|
0:36:04
|
And I have a vlan 11 SVI,
|
|
0:36:08
|
so let's do sh run int vlan 11,
|
|
0:36:11
|
I do not have a helper address here,
|
|
0:36:13
|
that is one place I could put a helper address.
|
|
0:36:16
|
Ok, it's on the same subnet, it's part of the broadcast domain,
|
|
0:36:19
|
it would work to put a helper address there.
|
|
0:36:21
|
But, as we mentioned, we're not using the 3550 switch.
|
|
0:36:25
|
We're going to do everything on the Branch2 Router.
|
|
0:36:29
|
So, sh ip int br | ex unas,
|
|
0:36:34
|
I do have a .11 interface here as well.
|
|
0:36:37
|
177.3.11.1, it's a part of this sub interface.
|
|
0:36:43
|
So, let's do sh run int FastEthernet0/0.11
|
|
0:36:49
|
I also forgot to take out pim dense-mode.
|
|
0:36:54
|
In fact, we'll go back and put that on
|
|
0:36:57
|
as part of the network infrastructure section here in just a moment
|
|
0:37:00
|
back on our other router and switch devices.
|
|
0:37:04
|
So, right now, let's go ahead and dive into this interface.
|
|
0:37:09
|
And I'm going to change the ip helper-address
|
|
0:37:12
|
to 177.1.10.10,
|
|
0:37:17
|
so that's the Publisher,
|
|
0:37:18
|
and that's where I'm going to say we want the phones
|
|
0:37:21
|
at Branch2 to get their IP addresses from.
|
|
0:37:26
|
And I'm going to have ip pim dense-mode so,
|
|
0:37:28
|
let's do sh run int fa0/0...Whoops,
|
|
0:37:33
|
fa0/0.11,
|
|
0:37:38
|
And notice when I added that IP helper-address,
|
|
0:37:40
|
it did not take the old one away
|
|
0:37:41
|
which means it will send two broadcasts out.
|
|
0:37:45
|
One to the Router 1 loopback0,
|
|
0:37:48
|
and one to the Publisher.
|
|
0:37:50
|
And whoever responds first will be the one that we use.
|
|
0:37:53
|
Well, I don't want that to be the way it is, so
|
|
0:37:55
|
I'm going to take out the helper address that points to the
|
|
0:38:01
|
Router1 loopback0,
|
|
0:38:03
|
so now we only have one helper address
|
|
0:38:05
|
pointing to the Publisher,
|
|
0:38:06
|
and we've got pim dense-mode,
|
|
0:38:09
|
I'm also going to exit out of the sub interface
|
|
0:38:12
|
and turn on ip multicast-routing.
|
|
0:38:15
|
Ok, so multicast-routing and pim dense-mode
|
|
0:38:19
|
on that interface,
|
|
0:38:21
|
do sh ip int br,
|
|
0:38:22
|
I'm going to put pim dense-mode on my serial interface
|
|
0:38:27
|
that points back to my CorpHQ router.
|
|
0:38:29
|
How do I know which interface that is?
|
|
0:38:31
|
do sh cdp n,
|
|
0:38:34
|
Ok, it's this interface that points
|
|
0:38:35
|
back to the CorpHQ router.
|
|
0:38:39
|
So ip pim, Protocol Independent Multicast,
|
|
0:38:42
|
dense-mode, ok
|
|
0:38:45
|
and that's good enough.
|
|
0:38:46
|
Remember we said you don't have to have it on the loopback0
|
|
0:38:50
|
We will take a look at when you might need that,
|
|
0:38:53
|
when it comes to media resources.
|
|
0:38:55
|
I believe that's tomorrow we said, at the end of tomorrow,
|
|
0:38:59
|
and that would be only if we're serving
|
|
0:39:03
|
traffic from the local router.
|
|
0:39:08
|
So, let's go ahead and exit out.
|
|
0:39:10
|
and we'll write wr for write, that's the quickest way
|
|
0:39:13
|
rather than copy run start.
|
|
0:39:15
|
We need to have shortcuts in the lab,
|
|
0:39:17
|
so that's the quickest way to write a router config.
|
|
0:39:20
|
We'll go over to Router 2, I'm sorry.. Yeah, Branch1 Router 2,
|
|
0:39:23
|
and we'll do the same thing
|
|
0:39:24
|
do sh cdp n
|
|
0:39:29
|
also...Actually do sh ip int br
|
|
0:39:34
|
So we've got our Serial0.0.1, :0.1 is our Layer.
|
|
0:39:40
|
These are frame relay.
|
|
0:39:44
|
Layer 2 interface at /Layer 3,
|
|
0:39:46
|
so we're going to first turn on ip multicast-routing.
|
|
0:39:50
|
Now we may turn this back off if we're doing
|
|
0:39:53
|
alternate multicast music on hold
|
|
0:39:55
|
or router spoofed music on hold.
|
|
0:39:57
|
But again we'll come there later.
|
|
0:39:58
|
We'll get to that.
|
|
0:40:01
|
So we'll join in the interface serial,
|
|
0:40:04
|
and do ip pim dense-mode,
|
|
0:40:07
|
We're just setting up the necessary infrastructure, should we need it.
|
|
0:40:11
|
And then, for vlan 11 because this our Ethernet switch module router.
|
|
0:40:15
|
Our phones our hanging directly off the router.
|
|
0:40:18
|
We'll go into the SVI, interface Vlan11,
|
|
0:40:21
|
and ip pim dense-mode.
|
|
0:40:24
|
Now remember we also could do..
|
|
0:40:27
|
I didn't meant to end..
|
|
0:40:28
|
We could do no ip igmp snooping.
|
|
0:40:36
|
But we're not going to turn it off, we're going to leave it on.
|
|
0:40:40
|
And we can do, sh ip igmp me
|
|
0:40:49
|
And right now we only have the 224.0.1.40
|
|
0:40:51
|
which is actually Auto-RP which we don't need to worry about that.
|
|
0:40:56
|
For multicast, we can do sh ip mroute
|
|
0:41:00
|
instead of sh ip route.
|
|
0:41:02
|
OK, we're still only seeing the Auto-RP traffic.
|
|
0:41:06
|
We'll see actual music on hold traffic later.
|
|
0:41:09
|
We'll write a router config,
|
|
0:41:11
|
and we'll go back to CoprHQ,
|
|
0:41:13
|
and do ip multicast-routing.
|
|
0:41:17
|
And do sh ip int br | ex unas,
|
|
0:41:23
|
and we're going to want it out the interface for our servers,
|
|
0:41:31
|
or actually in,
|
|
0:41:32
|
the music is coming in from that interface.
|
|
0:41:36
|
Also to our phones,
|
|
0:41:41
|
ip pim dense-mode and then of course out the two serial interfaces.
|
|
0:41:50
|
ip pim dense-mode, end, ip pim dense-mode.
|
|
0:41:54
|
And we see that we have Pim neighbor change occurring
|
|
0:41:59
|
whenever...
|
|
0:42:01
|
and DR, Designated Router change whenever we add pim
|
|
0:42:05
|
on devices that speak pim to each other.
|
|
0:42:09
|
Ok.
|
|
0:42:10
|
So write that router config.
|
|
0:42:12
|
If we switch back over to our Switch1,
|
|
0:42:16
|
our 3750 or 3560,
|
|
0:42:20
|
we can sh ip igmp, let's do snooping
|
|
0:42:25
|
just to make sure it's on,
|
|
0:42:27
|
we see that it's enabled, version 3 is enabled.
|
|
0:42:30
|
It's enabled per vlan, it's enabled on Vlan11.
|
|
0:42:34
|
Ok,
|
|
0:42:36
|
and as far as memberships,
|
|
0:42:42
|
we see that we don't have anything yet.
|
|
0:42:44
|
Ok, that's no problem. That's fine.
|
|
0:42:47
|
The reason we saw a membership on Router 2
|
|
0:42:49
|
was because it was actually the router Auto-RP was joining in
|
|
0:42:53
|
the Auto-RP group or at least attempting to.
|
|
0:42:58
|
Ok, this is a switch, it's just listening to the nodes,
|
|
0:43:01
|
the individual phones,
|
|
0:43:02
|
no one has requested group membership yet.
|
|
0:43:05
|
Ok, so our multicast is set up,
|
|
0:43:08
|
our DHCP in regards to
|
|
0:43:13
|
CorpHQ and Branch1 Site is setup.
|
|
0:43:16
|
Let's go ahead and setup our NTP before we go any further.
|
|
0:43:20
|
And then we'll set up DHCP for Branch2.
|
|
0:43:23
|
So, sh ip...I'm sorry sh ntp ass.
|
|
0:43:29
|
It's not enabled.
|
|
0:43:31
|
Let's just go ahead and set it up
|
|
0:43:33
|
and for this class and multiclasses on our racks
|
|
0:43:37
|
we're actually just going to make the Router1
|
|
0:43:42
|
our NTP master.
|
|
0:43:43
|
Now the reason I'm not making PSTN
|
|
0:43:45
|
router my master, and the lab certainly may,
|
|
0:43:48
|
is because our PSTN is actually a 3750,
|
|
0:43:53
|
and the newer ISRs have hardware clocks,
|
|
0:43:57
|
but the older 3750s, or sorry 3725 routers
|
|
0:44:02
|
did not have a hardware clock
|
|
0:44:03
|
also known as a calendar.
|
|
0:44:06
|
Cisco calls the hardware clock or BIOS clock a calendar.
|
|
0:44:09
|
So they only had software running memory clocks which they called clock.
|
|
0:44:16
|
And so the problem is every time that reboots you lose the actual time.
|
|
0:44:22
|
Ok, so I'm going to say ntp master,
|
|
0:44:28
|
and I'm going to say ntp master with a..
|
|
0:44:31
|
Oh whoops I'm on the CorpHQ switch.
|
|
0:44:37
|
By the way, switches don't have hardware clocks either.
|
|
0:44:40
|
So, do sh run | s ntp
|
|
0:44:47
|
So I'm going to say ntp master
|
|
0:44:50
|
and I'm going to give it a Stratum of let's say 2.
|
|
0:44:54
|
I'm going to say ntp source address or source interface
|
|
0:44:57
|
is going to be my loopback0 interface.
|
|
0:45:01
|
And of course I need to have my time set and my clock zone.
|
|
0:45:05
|
Or clock time zone set as well.
|
|
0:45:07
|
So let's say clock timezone
|
|
0:45:09
|
CorpHQ is let's say it's in Seattle,
|
|
0:45:13
|
so let's make this PST -8 from GMT.
|
|
0:45:20
|
And let's go ahead and add a clock summer-time.
|
|
0:45:24
|
Is going to be called PDT and
|
|
0:45:27
|
it's going to be reoccurring every year.
|
|
0:45:30
|
Let's also just sh clo,
|
|
0:45:33
|
and it says that it's 4:23 in the morning,
|
|
0:45:40
|
That's certainly not right, so let's say
|
|
0:45:44
|
it is...Let's do a clock set.
|
|
0:45:47
|
This is notice not from config t, but EXEC mode.
|
|
0:45:50
|
clock set 11:23,
|
|
0:45:53
|
or 11:24:00 on April 25th 2011.
|
|
0:46:06
|
Ok, is that the date? Yeah.
|
|
0:46:10
|
So the clock has been updated,
|
|
0:46:11
|
if I do a sh ntp ass,
|
|
0:46:14
|
I can see the tilde by the IP address,
|
|
0:46:17
|
which means that it's configured per the Legend,
|
|
0:46:19
|
but it's not actually a system peer yet.
|
|
0:46:22
|
So we're not synchronized.
|
|
0:46:23
|
And that is we're not even synchronized with ourself.
|
|
0:46:27
|
The internal loopback that it chooses is 127.
|
|
0:46:30
|
remember the entire class A of 127 is set aside for loopback,
|
|
0:46:34
|
so anything that begins with a 127. is a loopback address.
|
|
0:46:37
|
So 127.127.1.1 is the internal IP it chooses.
|
|
0:46:43
|
Its reference clock is .LOCL
|
|
0:46:46
|
So it's on local clock.
|
|
0:46:48
|
It's set up as stratum 1 because we told it to be stratum 2,
|
|
0:46:51
|
so it's going to synchronize with itself, it's stratum 2.
|
|
0:46:54
|
But it's sort of.. Its route clock is 1.
|
|
0:46:58
|
And it will eventually sync with itself. It has to.
|
|
0:47:00
|
But that hasn't happened yet.
|
|
0:47:02
|
So let's go over to Router2,
|
|
0:47:05
|
and we'll do ntp server as 177.1.254.1,
|
|
0:47:12
|
which is the loopback0
|
|
0:47:14
|
because that's where we told Router 1 to serve from.
|
|
0:47:19
|
And actually before we do this,
|
|
0:47:21
|
let's say do sh clo
|
|
0:47:26
|
Ok, let's first of all set up our clock time zone
|
|
0:47:29
|
as CST -6 and
|
|
0:47:37
|
clock summer-time as CDT re.
|
|
0:47:44
|
Now let's say do sh clo and it says it's 6:25,
|
|
0:47:49
|
we just said the other one was...
|
|
0:47:58
|
Ok this Router1 is synchronized with itself now.
|
|
0:48:00
|
And do sh..Oops sorry, sh clo
|
|
0:48:04
|
is 11:25,
|
|
0:48:08
|
Central Time is two hours off so that would be 1.
|
|
0:48:12
|
So let's do a, do clock set,
|
|
0:48:14
|
do, because it's actually an EXEC command,
|
|
0:48:18
|
to 13:26:00,
|
|
0:48:27
|
we're just trying to get it close so that NTP syncs up quickly
|
|
0:48:32
|
on April 25 2011,
|
|
0:48:38
|
and now, we'll go ahead and
|
|
0:48:42
|
say ntp source lo0,
|
|
0:48:47
|
ntp server is 177.1.254.1,
|
|
0:48:51
|
the loopback0 IP,
|
|
0:48:55
|
and that's good enough.
|
|
0:48:57
|
Actually one other thing we could do that's helpful is
|
|
0:48:59
|
ntp update-calendar, so that once it does synchronize with NTP
|
|
0:49:03
|
it will update its hardware clock so the subsequent reboots will
|
|
0:49:07
|
set to the proper time.
|
|
0:49:10
|
Ok, we'll writer our router configuration,
|
|
0:49:12
|
and do sh ntp ass
|
|
0:49:15
|
where we see it's configured,
|
|
0:49:17
|
but it's not set.
|
|
0:49:19
|
We see the reference clock.
|
|
0:49:21
|
This is who we're supposed to be synchronizing to.
|
|
0:49:23
|
The reference clock says who our IP that we're supposed to be syncing to
|
|
0:49:28
|
who they're synced with.
|
|
0:49:29
|
Currently stratum is set to 16.
|
|
0:49:31
|
It doesn't go higher than 15, 16 means we have no idea
|
|
0:49:35
|
about this NTP peer yet.
|
|
0:49:38
|
We're initializing, we haven't gotten anywhere yet.
|
|
0:49:41
|
If I keep doing sh ntp ass,
|
|
0:49:46
|
we'll eventually see this reference clock go to
|
|
0:49:48
|
127.127.1.1 which is who Router1 thinks it's synced with,
|
|
0:49:54
|
its own self, its loopback,
|
|
0:49:57
|
it's internal loopback, non configurable.
|
|
0:50:00
|
Ok, there we go.
|
|
0:50:01
|
So now the reference clock is changed to 127.127.1.1,
|
|
0:50:05
|
and the stratum is set to 2.
|
|
0:50:07
|
But we notice this is still just configured,
|
|
0:50:10
|
it's not yet synchronized.
|
|
0:50:14
|
Ok.
|
|
0:50:14
|
Let's go ahead and setup Router3 as well.
|
|
0:50:18
|
So let's sh clo,
|
|
0:50:21
|
let's do clock set,
|
|
0:50:23
|
so let's say 19:28:00 for April 25 2011.
|
|
0:50:38
|
By the way, I can also do
|
|
0:50:41
|
clock update-calendar from here,
|
|
0:50:45
|
so I can go ahead and write it to the
|
|
0:50:48
|
hardware clock, whatever I've set manually.
|
|
0:50:53
|
Ok, so let's do clock timezone and let's say CEST,
|
|
0:50:58
|
Central European Standard Time,
|
|
0:51:00
|
our Branch2 is going to be
|
|
0:51:01
|
most of our examples we've used so far,
|
|
0:51:04
|
I'm just going to stay with this for this class
|
|
0:51:06
|
have been this Site at Amsterdam.
|
|
0:51:08
|
The Branch1 Site is in Austin, Texas,
|
|
0:51:10
|
and the Branch...CorpHQ Site is in Seattle, Washington,
|
|
0:51:14
|
both in the US.
|
|
0:51:16
|
And this is going to be minus or sorry +1
|
|
0:51:22
|
So then also, clock summer-time
|
|
0:51:27
|
I can't remember if they do summer-time, if so,
|
|
0:51:30
|
then it would actually be six hours off rather than five which I set it at.
|
|
0:51:34
|
Either way, in the real lab you would be told certainly what to do.
|
|
0:51:38
|
CEDT re,
|
|
0:51:41
|
ok, ntp source lo0,
|
|
0:51:45
|
ntp server,
|
|
0:51:48
|
177.1.254. actually I'm not going to put this in just yet.
|
|
0:51:55
|
Instead I'm going to do ntp update-calendar,
|
|
0:51:58
|
and I'm going to say do...
|
|
0:51:59
|
actually exit, debug ntp events,
|
|
0:52:07
|
and now I'm going to put in my ntp server address,
|
|
0:52:11
|
177.1.254.1
|
|
0:52:17
|
and I want to see my NTP packets.
|
|
0:52:21
|
Go ahead and write this router configuration,
|
|
0:52:24
|
sh ntp ass
|
|
0:52:26
|
I see that I'm still in initialization.
|
|
0:52:28
|
While I'm waiting for some NTP packets to go back and forth,
|
|
0:52:32
|
I'm going to switch back to Router2,
|
|
0:52:35
|
and see...It's still not synchronized yet,
|
|
0:52:37
|
I'm not going to sit here and wait for it to,
|
|
0:52:38
|
we'll come back and take a look at it later.
|
|
0:52:44
|
Ok, so we'll come back and take a look at NTP packets
|
|
0:52:49
|
and actual synchronization a little bit later.
|
|
0:52:51
|
Don't sit there and watch NTP try to synchronize,
|
|
0:52:54
|
it's like watching a pot of water try to boil.
|
|
0:52:57
|
It never will as long as you're watching it.
|
|
0:52:59
|
Ok,
|
|
0:53:00
|
all right,
|
|
0:53:01
|
so let's go ahead and switch over to our CUCM server,
|
|
0:53:06
|
and we're going to log in with admin in CCIE Cisco.
|
|
0:53:11
|
And actually before we do anything,
|
|
0:53:12
|
we're going to go ahead and go to the top right.
|
|
0:53:16
|
Unified Serviceability,
|
|
0:53:23
|
and we're going to tell this to go there,
|
|
0:53:26
|
and we're going to go into our Tools -> Service Activation,
|
|
0:53:30
|
and we'll choose our Pub and our Sub,
|
|
0:53:37
|
one at a time of course,
|
|
0:53:38
|
and notice some of these services have already been activated for you.
|
|
0:53:43
|
That's part of the default server configuration that we have set.
|
|
0:53:46
|
Again, remember the real lab may have certain things done for you.
|
|
0:53:50
|
There might be service parameters that are already set,
|
|
0:53:53
|
there might be enterprise parameters that are already set.
|
|
0:53:56
|
It's entirely possible that anything could go.
|
|
0:53:59
|
So you really need to be alert.
|
|
0:54:04
|
Go check everything.
|
|
0:54:05
|
We're going to enable TFTP,
|
|
0:54:08
|
and CTIManager,
|
|
0:54:10
|
we don't need Messaging Interface,
|
|
0:54:12
|
this is not for Unity or Unity Connection or Unity Express,
|
|
0:54:16
|
it's only for Legacy SMDI.
|
|
0:54:18
|
We don't have any of that.
|
|
0:54:19
|
And we're going to enable DirSync.
|
|
0:54:22
|
Everything else has been activated for us.
|
|
0:54:26
|
Once we're done with that, we're going to go ahead and switch over to the Subscriber
|
|
0:54:29
|
and make sure that everything is activated
|
|
0:54:32
|
that we need to have activated.
|
|
0:54:37
|
We do see that DHCP Monitor Service is one of them that's activated.
|
|
0:54:41
|
Ok.
|
|
0:54:43
|
That's one of the ones that we need
|
|
0:54:45
|
certainly to get DHCP able to hand out IPs.
|
|
0:54:54
|
It can't hurt to go ahead and do Check All Services.
|
|
0:54:57
|
The only way that that would hurt is in the real lab
|
|
0:55:00
|
if you were instructed to only activate relevant services.
|
|
0:55:04
|
Ok.
|
|
0:55:06
|
So, as soon as this finishes activating...
|
|
0:55:14
|
I'm going to note that we should always go up to
|
|
0:55:16
|
Tools-> Control Center-Feature Services
|
|
0:55:20
|
and check to make sure that they're not only activated,
|
|
0:55:22
|
but that they're actually started and running.
|
|
0:55:26
|
Ok,
|
|
0:55:27
|
and it does look like our DHCP Monitor Service is
|
|
0:55:30
|
started and so forth.
|
|
0:55:34
|
Also if you ever have devices that are registered
|
|
0:55:37
|
let's say I have a phone that's registered,
|
|
0:55:39
|
but when I'm in the Administration Interface under phones
|
|
0:55:43
|
the Registration Status or Registered to, says unknown.
|
|
0:55:48
|
If that ever happens, you'll want to come to
|
|
0:55:50
|
Tools->Control Center-Network Services
|
|
0:55:54
|
choose whichever server, probably you would do both,
|
|
0:55:57
|
but choose whichever server you 're looking at
|
|
0:56:00
|
or you should see it registered to
|
|
0:56:04
|
and restart the Cisco RIS Data Collector Service.
|
|
0:56:08
|
That's the one responsible for gathering the information from the
|
|
0:56:11
|
database and reporting it to the web server.
|
|
0:56:15
|
Ok,
|
|
0:56:16
|
so let's go ahead and go back to Administration now,
|
|
0:56:18
|
actually let's go down to OS Administration.
|
|
0:56:20
|
Operating System Administration,
|
|
0:56:22
|
and we're going to go here to deal with NTP for the system.
|
|
0:56:28
|
The Operating System itself.
|
|
0:56:31
|
So first of all, remember that I said
|
|
0:56:34
|
Software Upgrades-> Install Upgrade,
|
|
0:56:36
|
actually sorry.. -> TFTP File Management,
|
|
0:56:39
|
this is where we go to find and, or add files to TFTP.
|
|
0:56:43
|
Just remember whenever we do that we need to go back to Serviceability,
|
|
0:56:47
|
and restart the TFTP Service.
|
|
0:56:49
|
And if we do it both on Pub and Sub,
|
|
0:56:52
|
we need to not only upload each file to Pub and Sub,
|
|
0:56:55
|
so change the IP address from, you know, .10 to .20
|
|
0:57:00
|
and upload it there as well.
|
|
0:57:02
|
And then also restart the TFTP Services for both.
|
|
0:57:07
|
Ok, we're going to up here to Settings->NTP Servers.
|
|
0:57:11
|
And we see that there's zero records found currently.
|
|
0:57:13
|
So we're going to add a new server,
|
|
0:57:16
|
give it 177.1.254.1, the loopback0 of Router1,
|
|
0:57:22
|
and we see that upon save,
|
|
0:57:24
|
it's going to show us..
|
|
0:57:28
|
The NTP service is not accessible.
|
|
0:57:31
|
No problem, come right back up here
|
|
0:57:33
|
click on it again to refresh,
|
|
0:57:37
|
and now it should say...Uh, still says not accessible.
|
|
0:57:39
|
Ok,
|
|
0:57:40
|
We'll give it a little bit of time.
|
|
0:57:42
|
This should change to "The NTP Service is accessible."
|
|
0:57:48
|
And it didn't like me hitting refresh, or Control-R.
|
|
0:57:52
|
There we go, now it says "The NTP Service is accessible".
|
|
0:57:55
|
This doesn't mean that it's synchronized, it just means
|
|
0:57:58
|
we've received a valid NTP reply packet,
|
|
0:58:02
|
and we know that we can get to it as an NTP server.
|
|
0:58:05
|
But it doesn't mean we're yet synchronized.
|
|
0:58:07
|
Ok, so let's go back to our router Branch 2,
|
|
0:58:11
|
it's changed from initialization to having a reference clock.
|
|
0:58:14
|
But it's not yet synchronized.
|
|
0:58:16
|
What about Branch1?
|
|
0:58:18
|
Branch1 changed from not only having the reference clock,
|
|
0:58:21
|
but now it's also synchronized.
|
|
0:58:24
|
So give Branch2 some time and it will become synchronized as well.
|
|
0:58:29
|
The CUCM server,
|
|
0:58:32
|
we can SSH into that,
|
|
0:58:33
|
you're able to SSH into it in the lab.
|
|
0:58:36
|
You'll probably have to do it from PuTTY,
|
|
0:58:38
|
from your XP candidate machine,
|
|
0:58:40
|
and you can do utils ntp status,
|
|
0:58:45
|
and we see that we're actually synchronized.
|
|
0:58:48
|
Ok, this synchronizes very quickly.
|
|
0:58:52
|
We also have a backup which is our own local loopback.
|
|
0:58:58
|
But the stratum is higher, 10
|
|
0:59:00
|
whereas this stratum is set to 2.
|
|
0:59:05
|
Ok.
|
|
0:59:08
|
And if we were to go over to our Subscriber,
|
|
0:59:13
|
utils ntp status
|
|
0:59:17
|
we would see that we're synchronized with our Publisher.
|
|
0:59:22
|
Ok.
|
|
0:59:23
|
So, it is stratum or we see it as stratum 11
|
|
0:59:27
|
because it actually sees itself as 10,
|
|
0:59:30
|
so it's advertising one less than what it sees itself as.
|
|
0:59:35
|
Ok.
|
|
0:59:37
|
So now we need to go back to our CUCMA
|
|
0:59:41
|
or Cisco Unified Communications Manager Administration User Interface.
|
|
0:59:49
|
CUCMA also referred to as Puma.
|
|
0:59:53
|
And we're going to just go ahead and go to our DHCP server
|
|
0:59:59
|
We can click find and see that we have none.
|
|
1:00:02
|
So we'll add a server.
|
|
1:00:04
|
We'll say the server is the Pub,
|
|
1:00:08
|
and we don't need to fill out everything in here,
|
|
1:00:10
|
the only thing we want to fill out here at the server level
|
|
1:00:13
|
is stuff that does not change
|
|
1:00:15
|
regardless of which scope or subnet we're handing out for,
|
|
1:00:18
|
such as a DNS server maybe.
|
|
1:00:21
|
177.1.100.110
|
|
1:00:26
|
a TFTP server, 177.1.10.10.
|
|
1:00:29
|
Primary and secondary.
|
|
1:00:32
|
So we see this is Option 150.
|
|
1:00:34
|
TFTP Server Name would be Option 66.
|
|
1:00:39
|
Domain name if we had it.
|
|
1:00:42
|
Renewal Time, ARP Cache Time,
|
|
1:00:45
|
other things that we don't have to put in there
|
|
1:00:47
|
because they have their default.
|
|
1:00:51
|
0 isn't really their actual seconds, it's the default
|
|
1:00:54
|
which if do help for this page it will tell us what the actual value is.
|
|
1:00:59
|
Ok.
|
|
1:00:59
|
And now that we have our server setup,
|
|
1:01:01
|
we can go to DHCP subnet
|
|
1:01:03
|
off of the system drop-down menu.
|
|
1:01:06
|
So now we will create our DHCP subnet.
|
|
1:01:10
|
Let's add a new one.
|
|
1:01:12
|
And we'll choose the server that we just created.
|
|
1:01:15
|
The subnet IP address, this for the actual subnet,
|
|
1:01:19
|
not the beginning IP.
|
|
1:01:21
|
Ok,
|
|
1:01:22
|
but the actual subnet itself.
|
|
1:01:25
|
So 177.3.11.0
|
|
1:01:30
|
The first address, just copy that,
|
|
1:01:32
|
will be .15
|
|
1:01:35
|
Now, of course CUCM is going to hand, this being
|
|
1:01:39
|
DHCP daemon in Linux, it's going to...
|
|
1:01:43
|
CUCM is going to hand out the IP addresses in reverse.
|
|
1:01:46
|
So whatever we put here, which will be .20,
|
|
1:01:49
|
it should begin handing out IPs with .20
|
|
1:01:55
|
And the Primary Router, we can't forget that.
|
|
1:01:58
|
Beware, there are a number of fields that are required.
|
|
1:02:02
|
We can see with the asterisk.
|
|
1:02:05
|
The Primary Router is not one that's required
|
|
1:02:07
|
which is a little strange if you ask me.
|
|
1:02:09
|
But it's easy to...
|
|
1:02:13
|
Let's say you click save and it tells you, you have to have a subnet mask.
|
|
1:02:16
|
Ok, no problem.
|
|
1:02:17
|
So we create 255.255.255.0,
|
|
1:02:21
|
we click save, it doesn't give us an error,
|
|
1:02:24
|
but your phones won't be able to route back,
|
|
1:02:27
|
you might be able route to them, but they won't be able return any traffic
|
|
1:02:30
|
because they don't know where to send all default traffic.
|
|
1:02:32
|
So don't forget the default gateway.
|
|
1:02:38
|
Ok, so we've got our subnet,
|
|
1:02:41
|
and our phones have been trying to get an IP address this whole time,
|
|
1:02:45
|
so we can go over, and I've brought up Switch 2,
|
|
1:02:48
|
I've also gone ahead and increased the size of the font,
|
|
1:02:50
|
per some of your feedback
|
|
1:02:55
|
and all my terminal session.
|
|
1:02:58
|
And if we do a sh cdp ne,
|
|
1:03:00
|
we see we've got phones on Fas 10 and 11
|
|
1:03:04
|
which we know already,
|
|
1:03:06
|
so let's do a sh cdp ne Fas 0/10 det
|
|
1:03:11
|
and we can see that this phone has got
|
|
1:03:14
|
IP address 177.3.11.19
|
|
1:03:19
|
And if we do one for 11,
|
|
1:03:22
|
Fas 0/11,
|
|
1:03:23
|
we see one's got .18
|
|
1:03:25
|
So, did this mean that my handing out beginning with 20,
|
|
1:03:29
|
that actually isn't the first IP address to hand out?
|
|
1:03:35
|
No, what that means is if I do a
|
|
1:03:38
|
sh ip int br | ex unas here on Switch2...
|
|
1:03:47
|
there is an SVI that already has the IP address of 177.3.11.20
|
|
1:03:51
|
So the DHCP daemon in the Linux box,
|
|
1:03:55
|
the CUCM server, actually went out and did a ping first to
|
|
1:04:00
|
make sure that there was not going to be any conflict.
|
|
1:04:02
|
There was with .20, so it did a ping for 19,
|
|
1:04:06
|
there was no conflict, so it handed out .19
|
|
1:04:10
|
as its first IP address and 18 as the second.
|
|
1:04:14
|
So we've got our subnet up, our DHCP scope,
|
|
1:04:18
|
our phones have IP addresses,
|
|
1:04:20
|
they should have all the rest of the information,
|
|
1:04:22
|
we can go check them,
|
|
1:04:29
|
We see that we have reachability to them, that's good,
|
|
1:04:33
|
and they have all their proper information.
|
|
1:04:35
|
The TFTP Server, the DNS server from the actual DHCP Server
|
|
1:04:41
|
portion in CUCM that we set up, the Default Router,
|
|
1:04:44
|
obviously the subnet mask.
|
|
1:04:46
|
And they're ready to go.
|
