CCIE Pilot

Question: On Router1, the users should be able to see the *number of packets and bytes IP packets in *transit* outbound interfaces to/from vlan 1 switched through router.  Statistics should be broken down based on destination and source IP address.

Final configuration:
R1:

interface fast0/0
  ip accounting output-packets

Verification:

On R1 ping any reachable host via this router.

R1#ping 172.20.0.6 

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.20.0.6, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/4 ms

Show to know:

R5#sho ip accounting
   Source           Destination              Packets               Bytes
 172.20.0.3       172.20.0.4                     386               46616
 172.16.107.1     232.19.19.19                   360               36000

Accounting data age is 11
R5#sho ip accounting
   Source           Destination              Packets               Bytes
 172.20.0.3       172.20.0.4                     439               53044
 172.16.107.1     232.19.19.19                   410               41000

Accounting data age is 13

By Anthony Sequeira, #15626

“Proctor, Proctor, give me the news, I got a bad case of Multicast blues!”

Are the proctors helpful or not? Many have plenty of opinions on this. At the very least, let’s consider some tips that might help us in working with them…

• Be polite! If you are confrontational, they are going to be far less likely to care about you and your silly question about the lab ☺ An example of politeness that I used was to always preface my question with a comment like “I am so sorry to bother you…” or “May I take a moment of your time?”

• Demonstrate your mastery of the subject matter in your question. Politely stress that your issue is vagueness or grammar in the task – DO NOT give any indication that it is the material you are struggling with. And while you might be a bit upset that the grammar in the lab is poor, certainly do not go to great lengths to point that out! The proctor you are speaking to may have written that task, and they might take great pride in it! Here is an example of demonstrating your mastery on a subject – “Sir, I am considering the use of Root Guard for this task as I believe it meets the requirements, yet I am concerned about the request that the interface must be Shut Down by a violation. Technically Root Guard does not do this. Root Guard blocks the port using what is termed a root-inconsistent state. Is it still a viable solution even though I am not truly shutting down the port?” You are going to get a lot further with the proctor that way then this way – “Should I use Root Guard for this task?”

• Do not be afraid to visit a proctor two or three times about the same question. I did this in the Multicast section and eventually got the guidance I needed.

• If you are getting nowhere with a particular proctor, try another one if that is possible at your testing center.

• Immediately following a lab attempt, spend some time with the proctors to pick their brains about ways you can improve, their grading system, etc. They are very willing to help typically!

• Do not attempt to bribe your proctors. They might take your money – BUT THEY DO NOT GRADE YOUR EXAM! Someone in another time zone grades your exam! ☺

Do you have other tips? Let us know in the comments! Thanks for reading my dear friends! And special thanks to Chris from my Mocklab Workshop for the sample proctor question! He asked it the correct way of course. ☺

Cross posted from http://blog.internetworkexpert.com/2008/10/15/tips-for-working-with-the-proctors/#comment-10175

Questions and Answers:

1. Advertise only odd network

210.8.40.0
210.8.41.0
210.8.42.0
210.8.43.0

even 40,42

40 0010 1000
42 0010 1010
0000 0010

odd 41,43

41 0010 1001
43 0010 1011
0000 0010

answer:
acl odd  210.8.41.0 0.0.2.x
acl even 210.8.40.0 0.0.2.x

x = 0 = route
x = 255 = host

dont care = 1
stings of 32 bits

————-

2. pick only even /24 from 202.78.0.0 / 16
make as few line as possible, permit no more no less.

202.78.00000000.0
202.78.00000010.0
202.78.x.0

0  0000 0000
2  0000 0010
4  0000 0100
6  0000 0110
8  0000 1000
10 0000 1010

1111 1110 = mask = 254

answer : 202.78.0.0 0.0.254.0

even: acl permit 202.78.0.0 0.0.254.0  .0 on last octed means a route!
odd : acl permit 202.78.1.0 0.0.254.0  .0 on last octed means a route!

————–

3. Group / Summarize: is a few lines a possible

172.16.31.0
172.16.32.0
172.16.33.0
172.16.34.0

answer:

31.0

32.0 /22
deny 35.0

acl deny   172.16.35.0 0.0.0.0
acl permit 172.16.31.0 0.0.0.0
acl permit 172.16.32.0 0.0.3.0

31 0001 1111

32 0010 0000
33 0010 0001

34 0010 0010
35 0010 0011 <<—-not present!

0000 0011 Mask = (3) , 2 bit position difference, so 2 to the 2 is 4, thats 32-35.

Tip: You can over permit but make sure you deny the over permitted route.

—————–

4.  Group / Summarize: is a few lines a possible

172.16.31.0

172.16.32.0
172.16.33.0
172.16.34.0
172.16.35.0

172.16.36.0
172.16.37.0

answers:

acl permit 172.16.31.0 0.0.0.0
acl permit 172.16.32.0 0.0.3.0
acl permit 172.16.36.0 0.0.1.0

or

acl deny   172.16.38.0 0.0.1.0
acl permit 172.16.31.0 0.0.0.0
acl permit 172.16.32.0 0.0.7.0

Tip: Depends on how you group the routing according the position, will result in same 3 line answer.

——————–

5. Summarize in as few lines a possible.

168.192.3.0  /24
168.192.14.0 /24
168.208.11.0 /24
168.208.14.0 /24
168.208.3.0  /24
168.192.11.0 /24

—

answer, group first.

168.192.3.0  /24
168.192.11.0 /24
168.208.3.0  /24
168.208.11.0 /24

168.192.14.0 /24
168.208.14.0 /24

then,

192 1100 0000
208 1101 0000
0001 0000 mask = 16

3   0000 0011
11  0000 1011
0000 1000 mask = 8

14  0000 1110

answer:
acl permit 168.192.3.0   0.16.8.0
acl permit 168.192.14.0  0.16.0.0

———
5. summarize in as few lines as possible

207.49.164.0 /24
208.49.164.0 /24
205.49.165.0 /24
207.49.165.0 /24
192.49.164.0 /24

answer, group!

192.49.164.0 /24
208.49.164.0 /24
192 1100 0000
208 1101 0000
0001 0000 mask 16

207.49.164.0 /24 <-stand alone.

207.49.165.0 /24
205.49.165.0 /24
205  1100 1101
207  1100 1111
0000 0010 mask 2

answer:

acl permit 192.49.164.0 16.0.0.0
acl permit 205.49.165.0 2.0.0.0
acl permit 207.49.164.0 0.0.0.0

or

192.49.164.0 /24
208.49.164.0 /24
192 1100 0000
208 1101 0000
0001 0000 mask 16

207.49.164.0 /24
207.49.165.0 /24

164 1010 0100
165 1010 0101
0000 0001 mask 1

205.49.165.0 /24 <-stand alone.

so, another answer is:

acl permit 192.49.164.0 16.0.0.0
acl permit 207.49.164.0 0.0.1.0
acl permit 205.49.165.0 0.0.0.0

————–
7. Create an ACLin as few line as possible

182.17.73.0

182.17.77.0
182.81.73.0
182.81.77.0
190.17.73.0
190.81.73.0
190.17.77.0
190.81.77.0

190 1011 1110
182 1011 0110
0000 1000 mask 8

17 0001 0001
81 0101 0001
0100 0000 mask 64

73 0100 1001
77 0100 1101
0000 0100 mask = 4

In every octet there is a differnce, so we can put this on a

single entry!

answer:

acl permit 182.17.73.0 8.64.4.0

checking tip: put the middle network say 190.81.73.0 and

mask, the router should put the lowest IP address (

182.17.73.0) to the running config. This will ensure you that

you have computed correctly the mask.

———–

I can’t help it, I have a feeling this should come out and be part of the exam. Therefore this should be a must for all CCIE candidate to master!