8/8 27/8 8/10

Tshoot slow down

oh wow, its been exactly a week since my switch exam. Ever since then I have not seriously sat down to do my Tshoot studies. So many things just transpired over the last couple of days. I started teaching at TAFE (yuhu!) I am filling in for a teacher who’s going to be out on a sick leave for atleast 6 weeks. I am just happy its cisco subjects that he’s was handling.

This semester I will be teaching units related to Network Security, Business requirements and of course Cisco stuff both cert 4 and diploma students. Oh yeah I am also teaching cert 3 students who are going through the IT Essential stuff which could lead to Comptia A+ if they do decide to take the certification path.

Hopefully after the smoke settles with this time table thing I can go back and focus on my Tshoot and finish my Cert IV in Training and Assessment this semester.


mixed GNS3+3750s+2950s+Ubuntu…an awesome tshoot lab

I was so pumped knowing I will be using actual gear for my practice lab studying for Tshoot. I had a copy of the labs that will be covered for the exam and realized I am short of routers. I am short of atleast 2 routers, I have no choice then but to use mixed emulation and actual gear.

All of my routers will be in GNS3 while switches will be the same gear I used in my Switch exam, 2 3750s and 2 2950s.

For some reason I have been having issues bridging my routers using the cloud. NIC cards are not showing up however with Ubuntu its been working. I got stuck in a bit when I tried to console in one of the switches. It was giving me a /dev/ttyS0 permission deny error.

Apparently all I had to do was to add my user account to the dialout group by issuing the following commands:

groups delan <delan is my username in ubuntu>

sudo gpasswd –add delan dialout

Let the labs begin!!!! Oh yeah connection from GNS3 router to actual switch can only run in half duplex so I had to do the following with the switch

int fa0/1

duplex half

speed auto

Protected Ports

It can sometimes be annoying when you have schoolers just come to school to do their LAN parties. We there are times I can’t blame them since the teacher does not have anything for them to do. There came a day were we had to use something to create heavy traffic to slow their game down. 

While studying during the CCNP switch exam, I came across the switchport protected command. It is like your basic isolated private vian. Protected ports won’t see each other but unprotected can. If that’s the case I can configure all host ports in protected mode while the uplink as unprotected. All host can still access the internet while stopping them from doing their LAN parties.

configure terminal

int range fa0/2 – 24

switchport mode access

switchport protected

* All ports by default are unprotected. To verify you can issue

show interface fa0/2 | inc protected


642-813 done!


The photo says it all, I have just cleared my cisco 642-813 exam more popularly known as the CCNP switch exam. I am pretty happy with it considering I took the exam only a month and a week since I took my Route exam. That would prove then that it is possible to study for a CCNP exam within the month.

Observations would be the same, simulation is still clunky, does not allow me to save my configs in some of the switches. I do not know if it was misconfiguration or a bug but instructions stated I should configure a radius-server, the command is available but the moment I press enter its saying the command is not available, its just weird.

Oh well, at least it was a better score than the route exam. Pass is pass and its off to Tshoot, the last and final exam for me to make me a Cisco Certified Network Professional for Routing and Switching..2nd highest certification that can be achieved in the Cisco Universe:)

2960 Plus vs. 2950

This morning I was playing with a new switch that arrived at work which was the 2960plus. It was so new it says on the sticker with was just assembled 2 months before the date it was received.

I have always wondered if there’s a huge difference between the 2960s and my 2950s at home. Mind you my switches are running on IOS ver 12.1(22) while the 2960s were running the latest IOS ver 15 on them.

For some uncanny reason you can activate layer 3 switch commands on that newer switch but routing doesn’t actually work. You can see private-vlans on some of the show interface commands but that is just it, its just for display and no function at all.

I tried to create a lab on ip dhcp snooping on it but to my surprise, it wasn’t working. Configs are as follows:

configure terminal
ip dhcp snooping
ip dhcp snooping vlan 10

interface range fa0/1 – 8
switchport access vlan 10
switchport mode access
spanning-tree portfast

interface fa0/1
ip dhcp snooping trust

To confirm, i did a show ip dhcp snooping command


To test, i plugged in a rogue dhcp isr on one of the untrusted ports and its now receiving ip addresses from that port…Connor (the other tutor) was checking the web what we missed but so far we’ve done everything correctly. Double checked the configs they were all fine.

Went home, did the same thing on my 2950 and lo and behold, its working properly. But…..according to cisco documentation it is supposed to place the rogue dhcp’s port in err disable mode but so far all its doing is just dropping packets and port is still up. Super mystery of the week.

Note: on a lighter note, I will be taking my CCNP switch exam tomorrow morning, lets see how that goes…