Today, I tried to configure my borrowed only home router (Cisco 1841) to connect to the IPV6 world.

I used  Hurricane Electric’s as my IPV6 to IPV4 broker (6to4), basically I established an IPv6 tunnel from my dsl connection at home connected to a Cisco router to Hurricane Electric’s server.

My router now is able to reached the IPv6 world. Next thing to do is to enable my home PC to be IPv6 capable and I should be able to reach www.kame.net with the dancing turtle and www.apnic.net with my source IP address as IPV6. See my running config below. You can ping me at 2001:470:1F06:4C8::2 hostname mar.tunnel.tserv4.nyc4.ipv6.he.net .

R1-PakWai#sh run int tunnel 0
Building configuration…

Current configuration : 231 bytes
!
interface Tunnel0
 description My Link to Hurricane Electric IPv6 Tunnel Broker
 no ip address
 ipv6 address 2001:470:1F06:4C8::2/64
 ipv6 enable
 tunnel source 219.79.190.x
 tunnel destination 209.51.161.14
 tunnel mode ipv6ip
end

R1-PakWai#ping www.apnic.net

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:DC0:2001:0:4608:20::, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 552/628/768 ms
R1-PakWai#ping www.kame.net

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:200:0:8002:203:47FF:FEA5:3085, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 432/432/432 ms
R1-PakWai#sh clo
*17:22:37.523 UTC Mon Jun 23 2008
R1-PakWai#

Verification:

************************** route-server.he.net **************************

route-server.he.net>ping 2001:470:1F06:4C8::2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:470:1F06:4C8::2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 328/328/328 ms
route-server.he.net>traceroute 2001:470:1F06:4C8::2

Type escape sequence to abort.
Tracing the route to 2001:470:1F06:4C8::2

  1 2001:470:1FFF:3::2 4 msec 0 msec 0 msec
  2 2001:470:0:1F::1 4 msec 0 msec 0 msec
  3 2001:470:0:2F::2 0 msec 0 msec 4 msec
  4 2001:470:0:33::2 84 msec 80 msec 88 msec
  5 2001:470:0:5D::2 84 msec 84 msec 80 msec
  6 2001:470:1F06:4C8::2 328 msec 328 msec 328 msec
route-server.he.net>sh clo
10:40:04.226 pst Mon Jun 23 2008
route-server.he.net>

My SOHO running config.

ip cef
!
ip dhcp excluded-address 10.10.10.1 10.10.10.2
!
ip dhcp pool LOCAL-PAKWAI
   network 10.10.10.0 255.255.255.240
   dns-server 218.102.23.77
   default-router 10.10.10.1
!
ip name-server 218.102.23.77
ip ddns update method IOS
 HTTP
  add http://username:password@members.dyndns.org/nic/updatesystem=dyndns&hostname=<h>&myip=<a>
!
interface FastEthernet0/0
 no ip address
 duplex auto
 speed auto
 pppoe enable group global
 pppoe-client dial-pool-number 1
!
interface FastEthernet0/1
 description LAN-INSIDE-HOME
 ip address 10.10.10.1 255.255.255.240
 ip nat inside
 ip virtual-reassembly
 duplex auto
 speed auto
!
interface Dialer1
 description DSL-PPPOE-LINK-OUTSIDE
 ip ddns update hostname mydnsname.dyndns.org
 ip ddns update IOS
 ip address negotiated
 ip mtu 1492
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 ppp authentication pap callin
 ppp pap sent-username dsluser@dslcompany password 0 passwordhere
!
ip route 0.0.0.0 0.0.0.0 Dialer1
!
ip nat inside source list 1 interface Dialer1 overload
!
access-list 1 permit any
dialer-list 1 protocol ip permit
!

3:30 AM 6/20/2008 HKT: , I have successfully configured my cisco 1841 router at home (borrowed) to run the following services:

-NAT overloading
-PPPoe client to dial-up my DSL connection to the internet.
-Dynamic DNS.

N: To try, IOS firewall, Qos, IPS/IDS configuration.

A BGP peer is advertising more than 14 routes.
An overloaded receiving peer with a “max-prefix” command will result in “Idle (PfxCt)” state.

neighbor 140.1.0.2 maximum-prefix 14

Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
140.1.0.2       4   145    3850    2302        0    0    0 00:00:46 Idle (PfxCt)

Edge#clear ip bgp * in

18:24:01: %BGP-4-MAXPFX: No. of prefix received from 140.1.0.2 (afi 0) reaches 11, max 14
18:24:01: %BGP-3-MAXPFXEXCEED: No. of prefix received from 140.1.0.2 (afi 0): 15 exceed limit 14
Edge#
18:24:02: %BGP-5-ADJCHANGE: neighbor 140.1.0.2 Down Peer over prefix limit

With a filter applied, I received a warning:

18:27:18: %BGP-4-MAXPFX: No. of prefix received from 140.1.0.2 (afi 0) reaches 11, max 14

Since by default, a warning message is generated when 75% of the maximum number of prefixes is reached.

Q: Will the neighbor session that was brought down due to exceeded maximum-prefixes go up again automatically?
A: No. You have to issue the clear ip bgp exec command before it goes up.

Q: Did the routes get filtered out immediately after applying the prefix-list to the neighbor session? Why or why not? What did you have to do?
A: The routes where not filtered out after applying the prefix-list, as the neighbor is not resending the routes automatically. You have to restart the BGP session using the clear ip bgp command.

Solution: Apply filter to limit the number of routes advertise to this peer. i.e. prefix-list, as-path-access-list, default-routing, etc.

• In address range 193.0.0.0 – 193.255.255.255, do not accept prefixes with subnet masks longer than /20.
• In address range 128.0.0.0 – 191.255.255.255, do not accept prefixes with subnet masks longer than /18.
• In address range 0.0.0.0 – 63.255.255.255, do not accept prefixes with subnet masks longer than /12.
• Never accept prefixes longer than /24.

Answer:

ip prefix-list Incoming seq 5 deny 10.0.0.0/8 le 32
ip prefix-list Incoming seq 10 deny 172.16.0.0/12 le 32
ip prefix-list Incoming seq 15 deny 192.168.0.0/16 le 32
ip prefix-list Incoming seq 20 deny 193.0.0.0/8 ge 21
ip prefix-list Incoming seq 25 deny 128.0.0.0/2 ge 19
ip prefix-list Incoming seq 30 deny 0.0.0.0/2 ge 13
ip prefix-list Incoming seq 35 permit 0.0.0.0/0 le 24

ip prefix-list list-E permit 128.0.0.0/1 ge 16
ip prefix-list list-E permit 191.0.0.0/3 le 23

Can somebody explain pls. Does this one matches all Class B range?

Fix lenght Class A = 1.0.0.0/1 ge 8 le 8, Class B =128.0.0.0/2 ge 16 le 16, Class C = 192.0.0.0/3 ge 24 le 24

Using Dynamips for CCIE Lab Preparation on a PC (How To Run Cisco IOS On Your PC)
By: Brian McGahan, CCIE #8593 (R&S/Service Provider/Security)

Click here to view the Class-on-Demand on using Dynamips for CCIE Lab Preparation

Click here to view the CCIE Routing & Switching Dynamips Hardware Specification

Using Dynamips for CCIE Lab Preparation on Mac OS X

Since the beginning of networking related certification one of the recurring problems that have faced candidates is getting access to hardware to familiarize themselves with how network operating systems work. Traditionally candidates have been limited to hunting for great deals on old or refurbished equipment to buy, renting equipment time from rack rental vendors, using severely limited router simulator programs, or testing configurations on live customer networks and praying that the help desk’s phone doesn’t ring. Today candidates now have an additional option for creating a Cisco IOS testbed, an emulation program known as “Dynamips”.

Quick Learning Modules

Building Scalable Cisco Internetworks (BSCI)

• Introducing the OSPF Protocol 

• Introducing EIGRP 

• Introducing the OSPF Protocol

• Configuring OSPF Special Area Types 

• Link State Advertisements

• Using IPv6 with OSPF and Other Routing Protocols

• Explaining Multicast

• Introducing IPv6  

Building Cisco Multilayer Switched Networks (BCMSN)

• Describing Spanning Tree Protocol 

• Describing Wireless LAN Topologies 

• Correcting Common VLAN Configuration Errors 

• Configuring Layer 3 Redundancy with VRRP and GLBP 

• Configuring Wireless LANs 

• Explaining WLAN Technology and Standards 

 Implementing Secure Converged Wide Area Networks (ISCW)

• Site-to-Site IPsec VPN Operations 

• Configuring IPsec Site-to-Site VPN 

• Configuring Interfaces on an Advanced Firewall 

• Configure AAA Login Authentication on Cisco Routers Using SDM 

• Advanced Firewall Security Configuration 

 Optimizing Converged Cisco Networks (ONT)

• Class-Based Weighted Fair Queuing (CBWFQ) and Low Latency Queuing (LLQ) 

• Introducing QoS 

• Introducing 802.1x 

• Introducing Traffic Policing and Shaping 

• SDM QoS Wizard 

Recommended Website for CCIE preparations:

    *  6CO Labs www.6colabs.com

    * BradshawLabs www.bradshawlabs.com

    * CC Online Labs www.cconlinelabs.com

    * CCBootcamp www.ccbootcamp.com

    * CCIE 4 U www.ccie4u.com

    * FatKid www.fatkid.com

    * GigaVelocity www.gigavelocity.com

    * InternetworkExpert www.internetworkexpert.com

    * IPExpert www.ipexpert.com

    * NetMasterClass www.netmasterclass.com

    * ProctorLabs www.proctorlabs.com

    * RackTimeRentals www.racktimerentals.com

    * CCBootCamp (NLI) www.ccbootcamp.com

    * Hello Computers www.hellocomputers.com

    * Internetwork Expert www.internetworkexpert.com

    * IPExpert www.ipexpert.com

    * NetMasterClass www.netmasterclass.com

Vendors Offering CCIE Boot Camps

     * CCBootCamp www.ccbootcamp.com

    * CCPrep www.ccprep.com

    * Cysco Expert www.cyscoexpert.com

    * Global Knowledge www.globalknowledge.com

    * Hello Computers www.hellocomputers.com

    * Internetwork Expert www.internetworkexpert.com

    * IPExpert www.ipexpert.com

    * NetMasterClass www.netmasterclass.com

    * Unitek www.unitek.com

IP Experts’s  Free vLectures (http://www.ipexpert.com/index.cfm/a/p/vlectures)

• CCIE R&S Related Topics
  • Basic Multicast Design/Operations
  • Frame Relay
  • OSPF 
  • Layer 2 Tunneling Techniques 
  • Spanning-Tree
  • Troubleshooting on the CCIE Lab
• CCIE Voice Related Topics
  • SRST
  • Unity
  • Campus QOS
  • H323 Gatekeeper Basics
  • IPMA
  • WAN QoS
• CCIE Security Related Topics
  • DMVPN
• CCIE Service Provider Related Topics
  • ATM Operations and Configuration

     * Redistribution

Internetwork Expert Free V-Seminar (http://www.internetworkexpert.com/seminar.htm)

Technology V-Seminars

CCIE Lab Strategy: A Structured Approach

Emerging Technologies: IPv6 and the CCIE Lab

CCIE Catalyst QoS

CCIE Route Redistribution Demystified

The Cisco IOS provides a wide range of monitoring, testing & debugging tools.

See more at http://www.netmasterclass.net/site/articles/cisco%20troubleshooting%20techniques.pdf

Nice Opening moves technique from Netmaster Class.

Read On. I like this move!

http://netmasterclass.net/site/articles/Opening_Moves_Options_Analysis_Diagram_for_IGP.pdf

I found some free, nice CCIE articles from Netmasterclass.com. Check it out.

http://www.netmasterclass.com/CCIE/Free-Resources/Public-Articles/

I found a CCIE preparation strategy from NetMasterClass.com, looks promising technique. Read on.

http://www.netmasterclass.com/site/articles/CCIE-PREPARATION-STRATEGY.pdf

W   Weight (Highest)
L   Local_Pref (Highest)
O   Originate (local originate)
AS  As_Path (shortest)
O   Origin Code (IGP < EGP < Incomplete)
M   MED (lowest)
P   Paths (External Paths preferred Over Internal)
R   Router ID (lowest)

Recommended book list to prepare for the CCIE exam.