is an independent personal blog of Gabor Kis-Hegedus focusing on advanced, unusual or under-documented features of Cisco IOS, the software running on routers and switches produced by Cisco Systems.
June 25th, 2013 | Tags: , , , ,

Let’s join to the conference through


June 16th, 2013 | Tags: , , , , , ,

Approximately 3 months ago I decided, that after I prepared 2 years lightly to broaden my Tier 1 knowledge, and to take the written Exam, I have to prepare more aggressively to the LAB exam. So the idea was to use all my free time, and my time from the work what I had available, to improve my practical knowledge. I also booked my LAB date, to create a real deadline.

During this time:

  • I went through most of the INE VOL 1. workbooks. (usually I configured the first 10 section, and read the other part of the book, just to know about the solutions, features)
  • I have done 10 VOL II labs.
  • I solved 10 TS labs
  • I have done  3 VOL III labs.
  • I took INE’s Adv. Troubleshooting Class
  • I took  INE’s QoS, Multicast and Security Deep Dive courses.
  • I went through the INE CCIE Boot camp v4 VoD

I also enjoyed Mock labs:

  • 3 TS mock labs (usually with a 50-60% success)
  • INE Mock lab #1: 84%
  • INE Mock lab #2: 58%
  • INE Mock lab #3: 77%

I think INE has very great tools for you to prepare for the CCIE exam (and this is not an Advertisement). I like the energy how they speak about the technologies in their VoDs, and it gave me energy also.. :)..However keep in mind, this is a practical exam, and we can only beat it with practice. 

So the days are passed, and finally I went to Brussels. I like the city very much, and I was there before with my friends to get some Belgian beers.

I had a flight to Charleroi from Budapest on Thursday (it is a lot more cheaper, then flying directly to Brussels main airport. From Charleroi you can take the local bus to the train station (Charleroi-Sud). From here you can easily get to Diegem (the town, where the Pegasus Park is).

After 2 hours I arrived to Hotel NH Brussels. I strongly advise you to stay here, because it is very close to the train station, and to the LAB Exam location. The Hotel is very expensive, but if you pay 2000 EUR’s for an Exam, the last thing what you need is to miss it.

So on Thursday I had a great dinner in the Hotel, and I also drunk two Belgian Kriek. I was very calm, and I could fall asleep around 22.00. 

I planned to wake up at 6.00 am, and I also ordered a wake up call. Breakfast is open from 6.30, so I could take a shower, and eat something. I arrived to Cisco around 7.45.

It was funny, that the Proctor and one of the other CCIE candidate was also Hungarian 🙂

Well some notes about the Exam:

  • My Exam experience was very good.

You can use colored pencils, one 24” HD monitor and an English keyboard. The Exam interface is great, you have to click to the router on the network diagram, and it will start a putty session. For me it was new, that you have multiple network diagrams (L2, L3, BGP, IGP, IPv6, etc.). 

There is absolutely no problem with the speed in Brussels (that’s true for the TS and Configuration session also). I thought the telnet client will be an issue, because for example it takes a lot of time in the INE TS Mock lab to jump into the devices. No, that’s not the case. We can log in to 5-10 devices in seconds during the Exam..

The DocCD access was very very slow. I think it’s best if we know everything :-), and just use the configuration reference from the DocCD if we have to.

  • The TS part is very close to INE’s TS mock lab. (INE’s practice TS labs are a lot more easier, but I think they plan to retire it, and create more TS Mock Labs.).

The main issue is the Time. The topology is so big, that you have to troubleshoot big areas, and that takes time.

I will develop commands like this to quickly find the problems on multiple routers.

sh run | include interface_| access-group|zone|control-plane|service-policy|policy

sh run | include mpls|ldp|tdp|cef|mtu

sh run | include pim|msdp|igmp|multicast|mroute

Also, we have to use show and debug commands for identifying the problems. Using primary the running config is not suitable, because it cost you time, and it is easy to miss information in the heat of the battle.

So basically I couldn’t finish the tasks (I left 3-4 tickets on the table ).

BTW, solving a ticket is not hard, but quickly finding the problem, now that is art.

  • The configuration part: A lot of tasks. I lost my motivation after the TS, but I tried to forget about it, and reach the maximum amount of points. Well it’s hard to earn max point, if you finish the L2 1 hour after the lunch. I don’t know what happened, but doing a lot of administrative tasks isn’t so easy if you are there. It takes a lot of brain CPU, and because there are no sub-points, you have to be very careful. After I realized, that I spent too much time on this, I was angry. I even caused an L2 loop during configuring one of the section.. :/ They create you traps, and you can easily walk in to them..

The topology is not complex, and even the tasks are not always. Just, you have to know by heart every non-core topics also, to quickly implement them. I will go back to VOL 1, and study it further. I will also do a lot of VOL III labs.

What I have done wrong?

  • Use INE’s VOL 1 Workbook to master the topics. I used VOL II labs for this, and that’s not the way..
  • 3 months is simple not enough 🙂 At least, not for me. But I needed this deadline in order to begin the Journey. I also happy, that I have done like this. This was a huge step towards the Certificate, and I learned a lot.
  • I simple need more configuration experience. The Exam is very far from your daily job, where you have time to configure and think:D

What if you fail a CCIE exam?

According to Cisco:

Thank you for taking the CCIE Routing and Switching Lab exam. We regret to inform you that your test performance did not meet certification standards. Although you did not pass on this attempt, take pride in being among the few internetworking engineers who have qualified to take a Cisco CCIE Certification Lab examination. This in itself is an accomplishment and we hope that you will continue to pursue your certification goal.

The CCIE Exam is just an Exam, and we took a lot of them during our University days anyway.

I think, it’s not the CCIE number, what makes you a good Engineer, but you will be a better Network Engineer by mastering the technologies, and by understanding them. And that is, why I really like this exam, because it’s force us in this direction.

So, I will take my summer time, and go back to the study in a more controlled-realistic way, in 2 weeks.

Next planned attempt in T-228 days!

May 21st, 2013 | Tags:

One of my friend, Balint found this nice verse about the Spanning Tree Protocol:


       I think that I shall never see
       a graph more lovely than a tree.
       A tree whose crucial property
       is loop-free connectivity.
       A tree that must be sure to span
       so packet can reach every LAN.
       First, the root must be selected.
       By ID, it is elected.
       Least-cost paths from root are traced.
       In the tree, these paths are placed.
       A mesh is made by folks like me,
       then bridges find a spanning tree.

                        Radia Perlman

May 8th, 2013 | Tags: , , ,

Static route redistribution is straightforward in EIGRP, you need to use the redistribution keyword under the EIGRP process, and add a seed metric to it.


router eigrp 1
redistribute static metric 1 1 1 1 1

ip route

Thanks to the loop prevention behavior of the protocol, EIGRP will advertise this route as an EIGRP External route, which has an AD of 170.

R1’s neighbor:

D EX [170/2560512256] via, 00:00:06, Serial1/2

If you point the route to an interface (which you can, if it’s a point-to-point interface), the protocol will do something very different. According to Cisco’s technical whitepaper:

When you install a static route to an interface, and configure a network statement using router eigrp, which includes the static route, EIGRP redistributes this route as if it were a directly connected interface

It will do this redistribution even if you don’t use the redistribute static keyword.

It is also funny, that if you do static redistribution, and you point the route to the interface, it will redistribute the route as an EIGRP internal route, which has an AD of 90.


ip route
ip route Serial1/0
ip route

R1’s neighbor router: is variably subnetted, 9 subnets, 2 masks
D [90/2681856] via, 00:28:53, Serial1/2
D EX [170/2560512256] via, 00:07:59, Serial1/2
D [90/2681856] via, 00:29:23, Serial1/2


That’s something what we should keep in mind 🙂

May 6th, 2013 | Tags: , , , , , , ,

On Cisco IOS you can suspend any actively running process (ping, traceroute, etc. ) using the Ctrl-Shift-6, X (^^X) key sequence. (The X is only needed through a Modem connection). This is the default behavior, we can change this using escape-character  command under the line vty x y section.

Now sometimes we initiate telnet connection from a router/switch to another IOS device. In this case using the above method will suspend the telnet connection itself.

So how can we stop a traceroute started on the second device?

We can found the solution in the command reference: “To send an escape sequence over a Telnet connection, press Ctrl-Shift-6 twice.”

So if you are configuring the device through an access server, you can always suspend a process on the second device using the CTRL – SHIFT – 6 – 6 key sequence!

March 18th, 2013 | Tags: ,

Check out this Cisco article about how IOS internally provides priority for certain control plane protocols.


While the IP precedence value specifies treatment of a datagram within its transmission through the network, the pak_priority mechanism specifies treatment of a packet during its transmission inside the router.

Which protocols are marked with high priority?

The RIP and OSPF routing processes that run on the core CPU of a router mark all traffic they originate with both IP precedence 6 and pak_priority. In contrast, the Border Gateway Protocol (BGP) instructs TCP to mark its traffic with IP precedence 6, but does not set pak_priority.

Cisco IOS must also ensure a low drop probability for several types of non-IP control packets. These packet types include these:

  • Intermediate System-to-Intermediate System (IS-IS) routing protocol messages

  • Enhanced Interior Gateway routing protocol (EIGRP) messages

  • Point-to-Point Protocol (PPP) and high-level data link control (HDLC) keepalives on serial and packet over SONET (POS) interfaces

  • Operations, administration, and maintenance (OAM) cells and address resolution protocol (ARP) messages on ATM interfaces

Since such traffic is not IP, Cisco IOS cannot match on the IP precedence value to provide prioritization. Instead, it uses only the internal pak_priority value in the packet buffer header.

March 12th, 2013 | Tags: , , , ,

Auto-MDIX is enabled by default on all 3560 interfaces. In order this feature to work, you should however use speed and duplex auto on the interface. So this is one of the reasons, why you don’t want to hardcode speed and duplex settings ( at least during your CCIE Lab exam)

Auto-MDIX can be disabled with the following command: no mdix auto

You can verify the feature:

sh controllers ethernet-controller gi0/27 phy

GigabitEthernet0/27 (gpn: 27, port-number: 27)
0000: 1140 Control Register                      :  0001 0001 0100 0000
0001: 796D Control STATUS                        :  0111 1001 0110 1101
0002: 0020 Phy ID 1                              :  0000 0000 0010 0000
0003: 63B0 Phy ID 2                              :  0110 0011 1011 0000
0004: 0181 Auto-Negotiation Advertisement        :  0000 0001 1000 0001
0005: CDE1 Auto-Negotiation Link Partner         :  1100 1101 1110 0001
0006: 000F Auto-Negotiation Expansion            :  0000 0000 0000 1111
0007: 2001 Next Page Transmit                    :  0010 0000 0000 0001
0008: 0000 Next Page Receive                     :  0000 0000 0000 0000
0009: 0400 1000BaseT Control                     :  0000 0100 0000 0000
000A: 0000 1000Base-T Status                     :  0000 0000 0000 0000
000F: 3000 IEEE Extended Status                  :  0011 0000 0000 0000
0010: 4001 Phy Extended Control                  :  0100 0000 0000 0001
0011: 2323 Phy Extended Status                   :  0010 0011 0010 0011
0012: 0000 Receive Error Counter                 :  0000 0000 0000 0000
0013: 00FF False Carrier Sense Counter           :  0000 0000 1111 1111
0014: 1413 Receiver NOT_OK Counter               :  0001 0100 0001 0011
0019: FD1C Auxiliary Status Summary              :  1111 1101 0001 1100
001A: 267E Interrupt Status                      :  0010 0110 0111 1110
001B: FFFF Interrupt Mask                        :  1111 1111 1111 1111
001C: 7CFC Control Reg 2                         :  0111 1100 1111 1100
001D: 0244 Spare Control Register                :  0000 0010 0100 0100
001E: 0080 Test Register 1                       :  0000 0000 1000 0000
 Auto-MDIX                             :  Off   [AdminState=1   Flags=0x000108C8]

March 5th, 2013 | Tags: , ,

Check out Will’s blog post about how TPB can hide the location of their servers:

The Pirate Bay – North Korean hosting? No, it’s fake. (P2)

Just one note: They obviously corrected something:

root@RS1:~# tcptraceroute -f 128 -m 128                
Selected device eth0, address, port 56935 for outgoing packets
Tracing the path to ( on TCP port 80 (www), 128 hops max
128 ( [open]  486.677 ms  488.404 ms  488.069 ms

January 8th, 2013 | Tags: , ,

2012 was a busy year, but not really related to the CCIE practical study. I mainly enhanced my theoretical knowledge, so in 2013 I will go for practical areas. Last Sunday I tried to do my first INE VOL II LAB… well it was a fail, so I’m far away from the LAB Exam yet, but every beginning is hard.

And to share some information in this post also, here is the TCL script for checking IP addresses in an IOS router (from INE). This is definitely handy if you are doing a redistribution scenarios:

proc ping-test{} {
foreach i {

} { puts [ exec "ping vrf test $i" ] } 


Don’t forget to quit from the TCL Shell after you are ready.

September 17th, 2012 | Tags:

Last Friday RIPE region run out of unallocated IPv4 addresses. They serve addresses from the last /8. This isn’t a good news for the LIR’s:

“This section states that an LIR may receive one /22 allocation (1,024 IPv4 addresses), even if they can justify a larger allocation. This /22 allocation will only be made to LIRs if they have already received an IPv6 allocation from an upstream LIR or the RIPE NCC. No new IPv4 Provider Independent (PI) space will be assigned.

It is now imperative that all stakeholders deploy IPv6 on their networks to ensure the continuity of their online operations and the future growth of the Internet.”

As home/SMB user you don’t have to worry about anything, but until your ISP will be IPv6 ready, you can begin implementing and testing IPv6 by using freely a tunnelbroker.

Let’s start using IPv6, this will be legen…wait for it…dary!