Eric Stewart: Running Off At The Mouth

It’s been my experience that “ip access-group <acl> in” is rarely used. Most of the time, people look at the “out” form of the command. In this post, I will explain how to view the different directionality of the “in” vs “out” and then review the issues that you can encounter with respect to DHCP and HSRP when it comes to ending an “in” ACL with a “deny all” at the end.

$JOB is getting into some new and interesting stuff; stuff that, if you’re not an Internet Service Provider, could be a bit of a black box to you; you might be used to your ISP saying “Here’s a cable, your equipment is on the other end”. Here’s what we’ve been working on and what I’ve been able to make of it so far.

Attempting (in my scatterbrained manner) to cover all the bases of an interesting issue I encountered recently and failed to fix without assistance. It illustrates why I’m not a CCIE yet, and why, no matter what you see, you shouldn’t assume anything when working through odd issues.

A revisit to an earlier post and why what I outlined there was a bad idea. Using Bank Chaining, while allowing you to use more banks for ACLs, has its penalties …

Two things covered in this post: what I learned about how “auto-summary” on RIPv2 works, and also some particulars about RIPv2 (and possibly other routing protocols) and how it advertises routes to neighbors.

Cisco Live 2015. Yeah, there are things I can say about it that are negative. But even with all that, it was, for me, the best so far. Here’s my review and a few pictures …

Just a couple of notes for myself that Google didn’t make as clear as it should have for me.

Restating what I’ve pulled from other sources, and clarifying that there actually is a difference. It’s commonly said that “E2 routes will not include path cost,” but that’s an oversimplification of the difference and a somewhat misleading statement, because, in some cases, path cost is considered. Here’s the scoop.

$JOB doesn’t have as much of a testing environment as one might like to have, so sometimes you discover issues during implementation that, once you resolve them, you can’t go back and pick apart. An issue with the vPC Peer link appears to have prevented one of our 7710’s going into our data center from properly forming an OSPF adjacency with the DR.

I get an error message while pasting in some VLAN interfaces:

ERROR: Module 1, 2, 10 returned status: Tcam will be over used, please enable bank chaining and/or turn off atomic update.If bank-chaining is enabled on other modules and this is a new linecard insertion,please enable bank-chaining prior to reloading this module.

Well, this (I think) is what it means, and how I resolved the situation.