Posts Tagged ‘CCIE’

There has been some slight confusion and ambiguity around the “single-connection” configuration statement provided by Cisco switches and routers, including SAN MDS switches. As of this writing, Cisco Nexus 9000 NXOS switches on 7.0.3.I5.1 code do not support single-connection in their tacacs host configuration; however, certain MDS switches do. In either case, if you do find yourself wondering here for the answer, let me elaborate for you.

The purpose of single-connection is to multiplex all of your TACACS authentication requests using a single TCP oriented connection from the switch to the TACACS server. Using tac_plus, an open source TACACS server, you can absolutely set the single-connection bit from say, a Cisco 9706 MDS switch; however, upon packet analysis of any TACACS authentication requests you may discover the single-connection bit is set to 0.

Refer to draft-grant-tacacs-02 and scroll to the FLAGS section for an explanation of where you will, and should, see the single-connection bit set in the TACACS flag. Basically, you’ll only ever find the bit set in the initial setup of the connection so both the TACACS server and the client agree on single-connection TCP. Thus, instead of each and every TACACS request coming through as a unique TCP connection (essentially having to use multiple sockets, sockets being the 4-tuple of SRC IP, DST IP, SRC port, and DST port) the TACACS query and response messages are just carried over the single TCP connection.

If your system supports this, its worth attempting to see if it works as it can save some resources; however, your mileage may vary.

Want to know what subnets are being discovered/learned off a specific interface? The the show ip cef [interface]

wan-gw1#show ip cef ser2/0
nexthop Serial2/0
nexthop Serial2/0
nexthop Serial2/0
.....Lines omitted for brevity

Just that simple, just remember the purpose of CEF, if you forgot, read: Cisco IP CEF Overview

Let’s just get down to business, we all use it but few of us understand what any of it means. The documentation is a little, well, complicated for some people so I aim to give you a better understanding of the Cisco configuration register, also known as the config register or config-reg. Read the rest of this entry »

No, this is NOT a place where you will find brain dumps! Instead, I am writing this because I recently discovered this COULD be dumped! This explains why I have seen so many people with: CCIE(w) on their resume and yet never take the lab. If you’re one of these people I would appreciate you stepping in front of a meteorite because this is ALL you are good for. If you found this because you Google searched for a braindump, you ought to just stop spending time trying to cheat and EARN the certification. I have said it before and I will say it again, ALL you do to the industry is water it down and lower our salary.

Just though I would put this out there for the world to read…use new network cables! If the cable doesn’t have a locking clasp you’re begging to have someone just brush by and jiggle it loose and then you’re troubleshooting an issue that looks complex when in reality all you have to is plug in a cable! ALWAYS USE NEW CABLES