802.1q tunnelling and l2 prtocol tunnels (QINQ)

802.1q Tunnelling QINQ

•  Was addded to allow for layer 2 tunnelling over service provider a scalable way of deciphering your traffic from the service providers + other customers
• Service provider assigns a unique vlan tag to each customer with all traffic coming from customer getting this new dot1q tag. The customers existing dot1q tag remains the service provider switches the traffic with it added dot1q tag then removes this tag on egress revealing the original customer tag
• Layer 2 traffic appears transparent accross service provider network
• Things to watch are to avoid native vlan matches as of no dot1q tag on customer side + service provider side to deal with this we could use isl (no native vlan) or dot1q tag or native vlan
• Service provider will need to support the added over head the dot1q tag so we will need to increase mtu mtu max for gi 9000 bytes for fa0/0 1988. To facilty one tag needs to be increased 1504
• Tunnel ports do not support layer 3 acl and other layer 3 features layer 3 qos 
• Fall back bridging is not supported
• DTP is not compatiable
• There are 2 types of qinq 

            1)basic qinq-qinq tag added no matter if there is existing dot1q tag or not   
            2)selective qinq- adds a specfied vlan tag according to the recieved vlan tag if none a default  
               tag is added

SP SIDE
            int fa0/0
            switchport mode-dot1q tunnel.
            switchport access vlan 'metro/sp vlan id'

There is design issues with qinq

There is firstly scalability issues for the service provider. The service provider vlan needs to know the arp address of customer clients this could thousands

It is complete layer 2 flat design relaying on mac and switching no layer 3

Most service providers now will opt for MPLS which willl allow layer 2 vpns across the a layer 3  backbone

.

Layer 2 Tunnel Protocol
There are some features that you can run over QinQ but they do need advanced configuration

• Spanning-tree traffic can now be carried between each site to allow for properly building the spanning-tree topology between both sites.
• CDP packets can now be carried between devices to properly recognize the “Pseudo” connected device.
• VTP can be carried between both sites
• LACP PAGP and UDLD traffic can be shared between two point-to-point interfaces.

Basically the isssue is that qinq is adding an additional doq1tag in the frame so it can go safely across the service provider and then it removes this tag one egress.  That is essentially all it does.

Control Plane protocols have nothing to do with tagging etc these tend to multicast to specific  well known mac address etc on the native vlan untagged.  The issue being if i send it to the well known mac address the service provider switches are going to process it,

Now rather than the service providers switches processing this tag the ingress switch will be aware for particular address to do a mac address rewrite of the frame destination so it is not processed by any switches in the path and then on egreess the service provider will rewrite well known mac so it can be recieved and processed on the other end.

This requires the addition of another protocol known as the l2 tunelling protocol

To enable this. On the pe routers under the interface that dot1q tunnelling is configured. Issue the following command
l2protocol-tunnel {cdp/vtp/stp)
or
l2protocol-tunnel point-to-point (lacp/Pagp/UDLD)

to troubleshoot 
  sh l2protocol-tunnel
   sh l2protocol-tunnel summary

Tunneling, note that LACP and UDLD are only support in a point-to-point operation.  This is the reason we used two different VLAN’s, 114 and 124, for the two ports connected to the customer.

LAYER 3 ROUTING,SVI,ROUTER ON STICK & ETHERCHANNEL

SVI

• Svi is logical interface on layer 3 switch which acts as default gateway for vlans.
• With svi the vlan must be created in the database. If you issue the

                 int vlan 10
                 ip address 10.229.254.8 255.255.255.0
                 no shut

this will not create the vlan in vlan database. The int vlan 10 will no go up up until
a vlan is created.
A quick way to see if you are experencing the issue you can do sh spanning tree vlan
10 you will see it is not in the forwarding state. If there is no port forwarding for
the vlan in spanning  tree the svi will not go up  up this specfically what it looks at.
You simply just need to create the vlan in typical layer 2

router(config)#vlan 10 or int fa0/1 switchport access vlan 10 will create vlan 10 in
databse.

• For routing on l3 switches ip routing  needs to be enabled if you do not enable you will see

          the following

Default gateway is not set
Host               Gateway           Last Use    Total Uses  Interface
ICMP redirect cache is empty

• The svi will not be up up unless a particular  port is in the forwarding in the vlan. If for some reason you want to exclude ports from the calculation maybe ports to traffic analyser or similar you can use

                           autostate exclude commad

• Routing also has to be enabled

                              ip routing

Routed Port


To create a routed port on layer 3 you simply need to go interface mode and issue the
command no switchport. Then you can do the typical layer 3 config it can do
everything apart from sub interfaces which can not be configured.

Router on a stick

• is the legacy version of svi
• layer 2  frames are sent up to tagged (802.1q) to the router port.if it is to be routed to another vlan in the layer 2 domain the router removes tag puts the new destination layer 2 dot1q tag and sends it backdown the line it came
• Inefficent as the trunk to the router acts a bottlekneck

                     *The subinterface does not have to match the vlan but generally for organisation but not
int fa0/0.'subinterfaceno'
encap dot1q vlan number
ip address 10.229.254.1 255.255.255.0
int fa0/0.'subinterface 2'
encap dot1q vlan number 2

the switch side connecting will be a trunk. If you are running vtp pruning you will
need manually prune on this connection as routers done not support vtp
The native vlan must match between switch + routers trunk if you change the native vlan on the switch from 1 you need
to change it on the router or it will cause problems. To change on the router under
interface fa0/.subint
encap dot1q native 'vlan number'

An interesting point is if you do not change the native vlan on the router and it is not the same as the switch the untagged traffic will go to
the primary interface i.e interface f0/0 so you could in actually fact configure 
an ip address on the  main interface and the untagged traffic would go there
You could also set the native vlan to tag in dot1q on the switch.
with the  command vlan dot1q tag native


Etherchannel

• Aggregating between 2-8 links
• Seen as single port in spanning-tree
• You can nott configure 2 protocols on 1 channel
• must be the same speed + duplex, same vlan allowed if trunk,same vlan if access
• the members can have different spanning tree costs
• Pagp-cisco propetiary desirable auto
• Lacp-open standard active passive
• default load balancing is src mac
• load balancing can be configured different depending on direction
• optios are src-dst mac,src-dstip,tcp/udp
• In Lacp switch lowest priority + lowest mac will which ports will in the etherchannel and which will be in standby
• On port you can influence discussion by configuring lacp port priority

ISL , DOT1Q,DTP,VTP VTPVTP PRUNING,

ISL

This cisco propietart protocol for differenting vlans that are traversing switch trunk links. It encaspulates the layer 2 frame rather than tagging. It adds a new 26byte header and 4 byte FCS
It  does not use the concept of native vlan it encapusaltes all it frames including management traffic.

The ISL header structure:

40	4	4	48	16	8	24	15	1	16	16bit
DA	Type	User	SA	Len	AAA03	HSA	VLAN	BP DU	Index	Resv

• DA - 40-bit multicast destination address.
• Type - 4-bit descriptor of the encapsulated frame types - Ethernet (0000), Token Ring (0001), FDDI (0010), and ATM (0011).
• User - 4-bit descriptor used as the type field extension or to define Ethernet priorities. This is a binary value from 0, the lowest priority, to 3, the highest priority.
• SA - 48-bit source MAC address of the transmitting Catalyst switch.
• LEN - 16-bit frame-length descriptor minus DA type, user, SA, LEN, and CRC.
• AAAA03 - Standard SNAP 802.2 LLC header.
• HSA - First 3 bytes of SA (manufacturer's ID or organizational unique ID).
• VLAN - 15-bit VLAN ID. Only the lower 10 bits are used for 1024 VLANs.
• BPDU - 1-bit descriptor identifying whether the frame is a Spanning Tree bridge protocol data unit (BPDU). Also set if the encapsulated frame is a Cisco Discovery Protocol (CDP) frame.
• INDEX - 16-bit descriptor that identifies the transmitting port ID. Used for diagnostics.
• RES - 16-bit reserved field used for additional information, such as Token Ring and Fiber Distributed Data Interface (FDDI) frame Frame Check (FC) field.

It supports 4094 vlans

DOT1Q

Open standard for differentiating traffic as traverse trunk. It uses a concept of tagging rather than encaspsulation of the frame. It inserts a 4 byte 'vlan tag' this is put in between the src mac and the ethertype

 It uses the concept of native vlan. Where native vlans should match both sides and are used for management. Native vlan is traffic that is sent untagged across a trunk any traffic sent untagged across a trunk is put into the native vlan. Supports 4094 vlans


DTP

Dynamic Trunking Protocol is a cisco properitary  protocol for dynmaically configuring trunk links. It is dynamic desirable by default . You can specify ISL or dot1q in the config.

Modes
on	Forces the link into permanent trunking, even if the neighbor doesn't agree
off	Forces the link to permanently not trunk, even if the neighbor doesn't agree
desirable	Causes the port to actively attempt to become a trunk, subject to neighbor agreement (neighbor set to on, desirable, or auto )
auto	Causes the port to passively be willing to convert to trunking. The port will not trunk unless the neighbor is set to on or desirable . This is the default mode. Note that auto-auto (both ends default) links will not become trunks.
nonegotiate	Forces the port to permanently trunk but not send DTP frames. For use when the DTP frames confuse the neighboring (non-Cisco) 802.1q switch. You must manually set the neighboring switch to trunking.

DTP frames are sent to multicast address neighboring switches listen on multicast address for the DTP. It uses the same multicast address as VTP and is differentiated by it ethertype.

DTP has a field for vtp this implies that vtp domain must match in order for DTP to work.

The multicasts are sent to the same multicast address as VTP 01-00-0C-CC-CC-CC

VTP


VTP is vlan trunk protocol is cisco propetiary. It deals with the creation,deletion and renaming of vlans on layer 2 switches in the same 'vtp domain'. It allows for automatic creation\deleteion\renaming of vlans on servers in the vtp domain. It provides a consistenet vlan view between server and clients.

The vtp frame consists of a vtp header and vtp message field. It is put in the data field of either an 802.1q or ISL packet.

This frame will have a destination mac of 01-00-0C-CC-CC-CC, which is the reserved multicast address of vtp.

There are 3 different message types common to all vtp version

summary advertisments which inform of vtp domain name+ revision  + md5 password

Subset Advertisements- follow a summary advertisment contains vlan information +sequence             numbers

Advertisement Request- Are used to request when change occur i.e switch reloaded recieved a summary advertisment with higher revision number

3 modes for VTP Operation

Server Mode-  Meaning you can update delete rename vlans and these will propgated to other switches
                        You update other switches vlan databases. These is based on configuration revision number
                        Higher configuration revisions numbers will be taken as newer vlan config and be propgated                         to other switches in the domain. VTP server is the default mode for VTP so cares needs to                           be taken if putting a new switch online with higher vtp revision numbers. We can reset the                             vtp revision number by setting the switch to transparent then back to server. The server will  keep track of each others configuration number via VTP updates sent every 5 minutes and update when they recieve. Also when vlan is edited or added or deleted the server vlan will generate a summary update to other switches in the vtp domain.

Client Mode- Can not update delete rename vlans. You will forward updates to all other switches though recieved . Vlan information is saved in a vlan database not in nvram so when a client reboots it will request information from a server when it boots up.

Transparent Mode- Can create + delete + rename vlans locally on the transparent mode switch but will not propgate these to other switches. It will forward on updates it recieves out all trunk links from other switches. It will not modify the vlan database of any other switch. The vlans in transparent mode will be saved in nvrm meaning they will be there after reload.

VTP 1 + 2 do not differ that much mainly VTP 2 added support for token ring

VTPV3 was a major overhaul it added support for 4095 vlans,pvlans,MST config, A better client server model to deal with mistaken overwrites,clear text and hidden password

IN vtpv3 there is one primary server per vtp domain responsible for updating all devices.

the server is specfied with specified with vtp primary vlan

VTPv3 is backward compatiable with vtpv2 but not with v1

VTPv2 and VTPv1 are not compatiable.

VTPv3 added a new role of off which will not process or forward vtp messages

VTP PRUNING


Cisco Propetiary

Only availible for first 1k vlans

Vlan 1 + 1002-1005 are prune inelgible

Switches use vtp prune (vtp join messages) to inform what vlans have active ports on them
for vlans that are not active the flood traffic is pruned

Switches will not have vlans pruned if they are in the transit path of another switch with active ports in particular vlan

Nice Command for viewing status
Sh interface Pruning - shows what vlans are pruned on trunk and what vlan are requested on trunk


As regards VTP pruning problems it is cisco properitary so if you are in mixed enviorment you can have problems using it as the non cisco equitment will not respond to vtp requests sent by cisco switches
What happens then is that cisco switches asssume that all vlans are required for that trunk when it does not recieve a respones and in turn starts requesting of other swithces all vlans as it thinks it is in the transit path to all vlans this then goes through the L2 enviorment it does not cause major issue but negates sort of using vtp pruning in the first place

You can manually restrict to the trunks using the allowed list on the trunk to the non cisco device or non cisco layer 2 device

switchport trunk allowed  vlan 10,20

VTP Pruning can also have problems when switches are in transparent mode as they do not send out vtp requests for there own vlans but they do forward request from other switches connected to them in the vtp domain (typicall vtp transparent mode behaviiour forward vtp related traffic for vtp domain you are in but do process for your own database)

so this can cause issues in the flow path of the traffic  to vlan that are created on transparent switches. As other switches do not recieve the request for the transparent mode vlans it in turn prunes it on its trunk link.

RACK ARRIVED SETTING UP ACCESS SERVER

My rack arrived yesterday. Was very happy and suprised to see i actually got 4 x 3560 instead of 2 x 3550 and 2 x 3560. There was a mistake in the rack though i had 2620 xm
instead of 2611 for r3 of the ine topology. This is the router with the 4 serial and 2 ethernet ports. This will have to go back as firstly it just keeps booting to rom mon when trying to load the ios so obviously does not support and the hardware only has 1 ethernet port so it does not fit right in the rack. I should be able to get replacement by the end of next week i am hoping. I am not too disappointed as next week i will entirely be working on the 3560 switches as i am concertrating on switch technologies next week.
Overall the rack setup went fine it takes a while just to unpack and get all the cabling togther but the following guide from ine is straight forward to get the right setup
http://www.ine.com/topology.htm
I am just finishing setting up my access server. I was working all day today so did not get much time today. The access server is also straight forward to setup.But i notice alot of the documentation on the web just basically says do this command and it works which is not really true. Here is a bit more description of my findings of the process.

You basically need a router with 2 asynch cards & 2 octal cables. You plug the large connection (not very technical but works for simplicity) of the octal cable into your access server router then there is just whole bunch of rj45 connection of each octal labelled 0-7.
You plug a rj45 into each network devices console. Keeping track of the numbers to device.
Then the config 
Give your loopback any ip address
so
int lo0
ip address 90.90.90.90 255.255.255.255
no shut
then you want do a
sh line - this is to see what lines your async card has taken up it not always 1-16
access#sh line
   Tty Typ     Tx/Rx    A Modem  Roty AccO AccI   Uses   Noise  Overruns   Int
*    0 CTY              -    -      -    -    -      1       0     0/0       -
    33 TTY   9600/9600  -    -      -    -    -      0       0     0/0       -
    34 TTY   9600/9600  -    -      -    -    -      2       0     0/0       -
    35 TTY   9600/9600  -    -      -    -    -      1       0     0/0       -
    36 TTY   9600/9600  -    -      -    -    -      1       0     0/0       -
    37 TTY   9600/9600  -    -      -    -    -      1       0     0/0       -
    38 TTY   9600/9600  -    -      -    -    -      0       0     0/0       -
    39 TTY   9600/9600  -    -      -    -    -      0       0     0/0       -
    40 TTY   9600/9600  -    -      -    -    -      0       0     0/0       -
    41 TTY   9600/9600  -    -      -    -    -      0       0     0/0       -
    42 TTY   9600/9600  -    -      -    -    -      0       0     0/0       -
    43 TTY   9600/9600  -    -      -    -    -      0       0     0/0       -
    44 TTY   9600/9600  -    -      -    -    -      0       0     0/0       -
    45 TTY   9600/9600  -    -      -    -    -      0       0     0/0       -
    46 TTY   9600/9600  -    -      -    -    -      0       0     0/0       -
    47 TTY   9600/9600  -    -      -    -    -      0       0     0/0       -
    48 TTY   9600/9600  -    -      -    -    -      0       0     0/0       -
    65 AUX   9600/9600  -    -      -    -    -      0       0     0/0       -
*   66 VTY              -    -      -    -    -      8       0     0/0       -
    67 VTY              -    -      -    -    -      4       0     0/0       -
    68 VTY              -    -      -    -    -      0       0     0/0       -
    69 VTY              -    -      -    -    -      0       0     0/0       -
   Tty Typ     Tx/Rx    A Modem  Roty AccO AccI   Uses   Noise  Overruns   Int
    70 VTY              -    -      -    -    -      0       0     0/0       -
    71 VTY              -    -      -    -    -      0       0     0/0       -
    72 VTY              -    -      -    -    -      0       0     0/0       -
    73 VTY              -    -      -    -    -      0       0     0/0       -
    74 VTY              -    -      -    -    -      0       0     0/0       -
    75 VTY              -    -      -    -    -      0       0     0/0       -
    76 VTY              -    -      -    -    -      0       0     0/0       -
    77 VTY              -    -      -    -    -      0       0     0/0       -
    78 VTY              -    -      -    -    -      0       0     0/0       -
    79 VTY              -    -      -    -    -      0       0     0/0       -
    80 VTY              -    -      -    -    -      0       0     0/0       -
    81 VTY              -    -      -    -    -      0       0     0/0       -
Line(s) not in async mode -or- with no hardware support:
1-32, 49-64
From showline notice my lines start 33-48 are in asynch mode.
What you do now is enable telnet on these asynch line. Technically what is happening is you are reverse telnetting to the access server ip address.(90.90.90.90 in my case)
So you need to enable telnet on these asych lines
so in config mode
line 33-48 
transport input telnet

so 33 in my case will reference the first asynch card octal and it will be the rj45 labelled 0 cable
35- will be the octal rj45  label 1 and so on
when i get to 41 this is referencing rj45 labelled 0 on the second octal card 
so now what you need to do is name the devices and associate them with your octal rj45 numbers
so in config mode
ip host SW1 2033 90.90.90.90
ip host sw2 2033 90.90.90.90

and so on
so it is ip host "devicename" 20"octal rj 45 number"  ip address of lo0 of access server,

Then from exec mode just type the host name you give and enter
so
s1
this should then connect you to your s1 device.
To return to your access server type ctrl+shift 6 x
once you connect to all devices on the acccess server type
sh session
it will give a list of open telnet connections
To resume a telnet session with a device just type the number associated with it
like 1 and enter would bring me to switch 1 as it was my first open telnet session.
I have to try stop playing with the rack as i have to finish of the first ine cbt by the end of the weekend if i want to keep to schedule

RACK PURCHASE PHYSICAL, VIRTUAL

For Labbing through the CCNP/CCIP I had used GNS3 for layer 3 and up
http://www.gns3.net/  then some rack time on
http://www.packetlife.net/ for switch topic.

GNS3 is great application i can not rave about enough. For those not familar it is  software router similator you use the real cisco ios and as you
are using the real ios it is close as you can get on virtualised software based simulator to the real thing. I think it is more than adequate for CCNA/CCNP.
You can integrate vmware into to make very realistic network scenerio for Practice. 
When i came to start doing this CCIE i had initially decided that i would purchase 2 x 3560 multilayer switches and 2 x 3550 switches + connect them in to my pc at
home and intergrate them into gns3. So routers simulated on GNS3 and then switches physical.

http://www.ccie4you.info/wordpress/

There is however limitations in GNS3  for example i could not get QOS working ever on GNS3 and  in the end of day it is just not the real deal its very close but not the real equitment.
When i priced up the  hardware the multilayer switches are the bulk of the purchase of the lab price. Mainly the 3560's. (Just as a side note for anyone on the 3560 and 3550 switches there is no difference betweent the smi and emi in hardware it is just software difference. The enterprise software is supported on both emi and smi physical models)
In the end of the day I am definetly not going have the money as much as i would like to go on CCIE bootcamp so i bit the bullet and decided i would pay a bit extra on my equitment and go physical for everything.
Next i had started trying to look at configuration changes i could make to the physical enviorment to possible make it cheaper there alot on ebay of these kind of changes  i will give you 2 of the main one's i was thinking
and my opionion after looking into it a bit
replacing the 2 x 3560's with  2x 3550's -  There is a big saving on this i found. But if you move to this you lose support for QOS and IPV6 from my perspective they are 2 huge topic so decided against it. Also you lose  pvlans you could maybe live without. Also the lab is 4 x 3560's so you are praticising on hardware/ios that is not what you will be using. True that you can rent rack time to get familarity with the differences between the 3560's and the 3550 but for me i am creature of habit i want to be very comfortable of every aspect the equitment i am going be using.

replacing the 4 x 1841 with 4 x 3725    -   Personally did not find there was a huge saving to justify it. There was a bit.  The 1841 are quite cheap if you look around. It is mainly the 1841 serial modules that are expensive. There is mpls support on the 3725 in older ios but this is been removed in the newer ios. This is bid by cisco to move users from the 3725 routers onto the 1841. The fact that the newer ios are not going support mpls for the 3725. It is a risk purchasing if new feature comes out and you can not upgrade your 3725 to the newer ios as you will lose mpls support it is not situation you want to be in.
In the end i decided the ine official topology
This is the equitment list
Device Our Platform Modules RAM Flash
R1 2610XM 2 - WIC-1T 128 32*
R2 2610XM 2 - WIC-1T 128 32*
R3 2611XM 1 - NM-4A/S 128 32
R4 1841 2 - WIC-1T 256 64
R5 1841 2 - WIC-1T 256 64
R6 1841 1 - WIC-1T 256 64
SW1 Catalyst 3560-24TS-E  N/A N/A N/A
SW2 Catalyst 3560-24TS-E N/A N/A N/A
SW3 Catalyst 3550-24 EMI N/A N/A N/A
SW4 Catalyst 3550-24 EMI N/A N/A N/A
BB1 / Frame Relay Switch 2522 N/A 16 16
BB2 2501 N/A 16 16
BB3 2501 N/A 16 16
Access Server 2511** N/A 16 16

. It is expensive and it took alot of justifying to myself :) The way i am looking at i should be recoup the cost and then some over my career. Also i am looking at it as a short term loan. Cisco equitment tends not to lose its value greatly.
The plan is when i complete i sell on the rack to the next CCIE hopeful making  back a good propertion of what i spent.
I bought of ebay and i will sell on ebay. Just for anyone doign this be very careful on what you are buying there is alot of knock off cisco gear in circualtion cheap chinesse knock off.
In general try stick with very well known recommended sellers is my advice.
The rack is due to be delivered this week.
I have a few concerns about power consumption and generally not tripping the electricity in my apartment. I have visions of the lights dimming on n off in the apartment. It is probably not justified from what i am reading on
the net. I have not got a clue about electricity etc so i am ring around alot of friends family asking. I will keep you posted on how the initial setup goes.

THE JOURNEY BEGINS

My name is Eoghan Treacy I am from Dublin in Ireland. I have held various different IT positions in the last 12 years. My main interest is networking. Vmware interest me also. My current certification status I am Microsoft MCSE 2000/2003, Vmware VCP and I hold Cisco CCNP  + CCIP.  I am begining studying for CCIE R&S and the purpose of this blog is to track my progress through this exam.

My CCIE R&S Journey began  15th of November 2011. I finished CCIP the end of August. Then was on holidays then took a break, got a bit lazy
but i have now got back and  I have began with  the ine CCIE R&S self paced cbt. Personally i am much prefer labbing and watching cbts than sitting down reading books.
I  do have the CCIE official press which i have started just reading over aswell. But as much as possible i am going  try watch CBT'S on topics and lab then use reading as a fill in the gaps exercise.
The ine self paced cbt is a review covering the bulk of the new ccie course. Not sure on the exact running time approx 30 hrs. Now at
the end of November i have nearly got through my first watch of it. It is good  overview watch but definetly lacks the detail for me just starting. I want something that goes into the topics a bit more indepth. It had a few things that i had not covered in my CCIP/CCNP  I have to be honest though the cbt has scared me a bit just on details that i have forgotten from CCNP/CCIP particular NP  studies.
My knowledge on multicasting is non existent at this stage bit freaked out by it. Vaguley remeber learning The review of this topic  on this INE series was way too quick for me
it will be back to basic on this topic and then work up to the review.
Overall i need a more indepth look on everything. It is amazing how much you forget. It is like one new thing goes in the old one goes out.
I am still finding my feet with the study materials. I have just found an 80 hour ine advanced technologies 4.5 which appears to be a more detailed look of the cbt that i just covered. This will be my next port of call. I am starting to look at planning my next few weeks.
  This weekend i have a DR test in work on saturday so that pretty much saturday gone. I will be happy by the end of this weekend if i have my physical lab setup with base config hooked up to access server and have wrapped up the cbt i am currently working on.

Next week i have to step it up.By next weekend I want to be at least 15 hrs into the ine advanced technologies  on demand 4,5  and have spent at least 5+ hrs labbing the technologies covered.
This will mainly see me doing alot of  switch work  in detail  (vlans,vtp,etherchnnel,router on stick,svi, and whole heap of STP )