I’ve got a few switches daisy chained together with single links and have enabled UplinkFast on them.  This switch is not the root bridge; F0/24 is the root port and F0/23 is a blocked alternate port. I’ve got debug spanning-tree uplinkfast on to help out.

SW3#sh span | incl 0/2[34]
Fa0/23           Altn BLK 3019      128.23   P2p
Fa0/24           Root FWD 3019      128.24   P2p

Now let’s unplug F0/24 and see what happens.

I was doing some STP labs tonight and found something that caught me off guard a bit.  I had been meddling with some EtherChannels between a pair of 3750s earlier today, and I forgot to reset the configs before starting on the STP stuff.  One my secondary root switch, I ran a show spanning-tree vlan 1 to see what status the ports were in, and I noticed the root path cost.

Did you guys have any trouble with the solution to the STP exercise?  Let’s work through it and see what happens.  I got a few responses to the solution, and everyone seems to get the same answer, so I assume we’re all right.

Before we get started, I wanted to mention the tie breakers since there can be ties in STP.  If there is a tie in any calculation, the same tie breakers are used, so I’ll list them here to use as we move through the calculations.

Here’s an STP exercise for you.  Given the bridge priorities, MAC addresses, and interface types in the diagram, calculate the root bridge, root ports, designated ports, and blocked ports.  You can click on the image to enlarge it.  I’ll post a solution in the next few days.  As always, feel free to comment and ridicule my utter idiocy.  Be gentle, though; I don’t usually post exercises like this.

Send any configuration BPDUs questions my way.

Yeled left a comment earlier this week asking if I’d seen Google’s Capirca.  I’d heard of it and checked out some presentation slides on it, but I’d never actually tried it out, so, in keeping with the script, I downloaded it to see what it could do.  Remember, now, that I’ve been playing with it for about 2 hours now, so I’m no expert on its use.

Capirca is a Python-based solution that Google came up with to automate ACL creation on their many thousands of routers around the world.  You can’t blame them for wanting to automate it, either.  How many times do you think they ran into problems with typos or keying errors from their network guys across those devices?

Two down, two to go.  After much groaning and moaning, I’ve finally passed my ONT test.  The path to this point has been full of road blocks and covered in potholes, but I finally managed to power through it.  Thank $deity.

If you remember, I’ve had quite a time with finding a testing center that’s convenient (or open for that matter), so I took the test at yet another center to see what they offer.  The facility was great; it was very quiet and clean, and the people were wonderfully friendly, which is a new concept to me.  Usually, the people don’t care about testers, but, being a center for inmates at state prisons (yes, prisoners), they do nothing but vocational and professional testing there.  That’s a lot better than the facilities who give their own students priority or who make money on training instead of testing.  The center is just over 2 hours away, but I think this place may be the best so far.  I’ll have to see what the future holds, though.

A few years ago, I developed a Perl-based application that take a template file and pukes out standardized access rules for new hosts as they’re added to the network.  This works great for making sure that each host is able to be managed properly.  This solution, however, is not very flexible.  If I need to remove a host’s access, I may have to take out 20 rules individually.  That’s not really cool, so, at the suggestion of a coworker, I’m working on a solution that uses objects, object-groups, and nested object-groups.  This should minimize the configured rules and allow new host rules to be added and removed by simply adding hosts to object-groups.

It’s not what you think.

I was talking with a buddy online last night, and he made a good point.  If you keep putting off taking a test, you’ll never make any progress.  I took that to heart, went online, and scheduled another sitting of ONT for today at 3pm at the closest center.  I took the day off, too, so I could get some tax stuff done and get over to the center and back before dinner.  I got some really good rest last night for sure, too, and had some very productive study time before heading off for my day’s adventures.

I took the ONT again today.  The stench of failure is upon me for a second time, and I’m beginning to think I’m not the god-like person that everyone thinks I am.  I went into the test very confidently.  I did extra time on my weak points from the last attempt and knew it inside and out.  I put hours and hours of lab time in and got other books and online materials involved.  I was absolutely convinced that I would blow this thing away, but, alas, it was not to be.

I’ll start off with a warning.  I’ve been running 8.3.1 on my home 5505 for a few hours now.  Not only is this not really enough time for a thorough review, it’s also not the environment to test enterprise-level configurations.  There are also a lot of details missing that I just don’t know about yet, so please do some research on your own to figure out what’s going to break if you upgrade your ASA.