CCIE Pilot

Detailed Checklist of Topics to Be Covered – Routing and Switching (Expanded by Cisco).

Please be advised that this topic checklist is not an all-inclusive list of Cisco CCIE Routing and Switching lab exam subjects. Instead, Cisco provides this outline as a supplement to the existing lab blueprint to help candidates prepare for their lab exams. Other relevant or related topics may also appear in the actual lab exam.

Notes comment from IP Expert:

• PPP over Frame Relay is explicitly mentioned
• Regular and smart macros for switches are explicitly mentioned
• Redistribution between OSPF and RIP isn’t mentioned, but we shouldn’t ignore it
• BGP peer groups are mentioned, but not templates
• There is no mention on OER/PfR!
• Bidirectional PIM is mentioned
• Dense-mode PIM is mentioned
• Bootstrap ROuter (BSR) is not mentioned
• Multicast Routing Monitor isn’t mentioned
• Zone Based Firewall with deep packet inspection is mentioned
• Policy-based NAT is mentioned
• TCP intercept is mentioned
• “Old” QoS reappears – CQ, PQ, CAR and FRTS

Petr Lapukhov wrote a great (and very long) article describing MSTP. It covers everything, from the basics to multi-region design and interoperability issues. Highly recommended reading.

Introduction

There is sometimes confusion between the two Border Gateway Protocol (BGP) configuration commands bgp deterministic-med and bgp always-compare-med. This document explains the differences in how the bgp deterministic-med and bgp always-compare-med commands can affect Multi Exit Discriminator (MED)-based path selection and how each command changes the behavior of BGP when choosing a best route.
Prerequisites
Requirements

There are no specific requirements for this document.
Components Used

The information in this document is based on the Cisco IOS® Software Release 12.2(10b).

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.
Conventions

For more information on document conventions, refer to the Cisco Technical Tips Conventions.
Background Information

There are two BGP configuration commands that can influence the MED-based path selection, the bgp deterministic-med and the bgp always-compare-med commands.

Enabling the bgp deterministic-med command ensures the comparison of the MED variable when choosing routes advertised by different peers in the same autonomous system. Enabling the bgp always-compare-med command ensures the comparison of the MED for paths from neighbors in different autonomous systems. The bgp always-compare-med command is useful when multiple service providers or enterprises agree on a uniform policy for setting MED. Thus, for network X, if Internet Service Provider A (ISP A) sets the MED to 10, and ISP B sets the MED to 20, both ISPs agree that ISP A has the better performing path to X.

Note: The bgp deterministic-med and bgp always-compare-med commands are not enabled by default. Also, the two commands are separate; enabling one does not automatically enable the other.
Command Examples

The examples in this section demonstrate how the bgp deterministic-med and bgp always-compare-med commands can influence MED-based path selection.

Note: Cisco Systems recommends enabling the bgp deterministic-med command in all new network rollouts. For existing networks, the command must either be deployed on all routers at the same time, or incrementally, with care to avoid possible internal BGP (iBGP) routing loops.

For example, consider the following routes for network 10.0.0.0/8:

entry1: AS(PATH) 500, med 150, external, rid 172.16.13.1
entry2: AS(PATH) 100, med 200, external, rid 1.1.1.1
entry3: AS(PATH) 500, med 100, internal, rid 172.16.8.4

The order in which the BGP routes were received is entry3, entry2, and entry1. (Entry3 is the oldest entry in the BGP table, and entry1 is the newest one.)

Note: When BGP receives multiple routes to a particular destination, it lists them in the reverse order that they were received, from the newest to the oldest. BGP then compares the routes in pairs, starting with the newest entry and moving toward the oldest entry (starting at top of the list and moving down). For example, entry1 and entry2 are compared. The better of these two is then compared to entry3, and so on.
Example 1: Both Commands Disabled

Entry1 and entry2 are compared first. Entry2 is chosen as the better of these two because it has a lower router ID. The MED is not checked because the paths are from a different neighbor autonomous system. Next, entry2 is compared to entry3. Entry2 is chosen as the best path because it is external.
Example 2: bgp deterministic-med Disabled, bgp always-compare-med Enabled

Entry1 is compared to entry2. These entries are from different neighbor autonomous systems, but since the bgp always-compare-med command is enabled, MED is used in the comparison. Of these two entries, entry1 is better because it has a lower MED. Next, entry1 is compared to entry3. The MED is checked again because the entries are now from the same autonomous system. Entry3 is chosen as the best path.
Example 3: bgp deterministic-med Enabled, bgp always-compare-med Disabled

When the bgp deterministic-med command is enabled, routes from the same autonomous system are grouped together, and the best entries of each group are compared. The BGP table looks like this:

entry1: AS(PATH) 100, med 200, external, rid 1.1.1.1
entry2: AS(PATH) 500, med 100, internal, rid 172.16.8.4
entry3: AS(PATH) 500, med 150, external, rid 172.16.13.1

There is a group for AS 100 and a group for AS 500. The best entries for each group are compared. Entry1 is the best of its group because it is the only route from AS 100. Entry2 is the best for AS 500 because it has the lowest MED. Next, entry1 is compared to entry2. Since the two entries are not from the same neighbor autonomous system, the MED is not considered in the comparison. The external BGP route wins over the internal BGP route, making entry1 the best route.
Example 4: Both Commands Enabled

The comparisons in this example are the same as in Example 3, except for the last comparison between entry2 and entry1. The MED is taken into account for the last comparison because the bgp always-compare-med command is enabled. Entry2 is selected as the best path.

Featured Article: Flexible Packet Matching By Steve Means

One of the issues facing network and security engineers is defending the network against dynamic threats. This means traffic that cannot easily be identified by regular means, such as an application that changes layer 4 ports or tunnels within an existing protocol. Because of this, a solution is needed to match and filter based on specific information within the packet that is unique to the application you want to block.

Enter “Flexible Packet Matching”, otherwise known as FPM. FPM works by loading XML files called “Protocol Header Description Files” that define fields within the protocol header: IP, TCP, UDP, ICMP, etc…. Once defined, information within the fields can be matched and acted on using MQC.

As a simple example, we’re going to allow ICMP but block echo requests that come from 192.168.9.10 with a length greater than 500.

To enable FPM, you need to first load the PHDFs for the protocol stack you’ll be working with. We’ll be using ETHER, IP and ICMP, so those files are loaded with the “load” command:

load protocol system:/fpm/phdf/ether.phdf
load protocol system:/fpm/phdf/ip.phdf
load protocol system:/fpm/phdf/icmp.phdf

Next you have to tell FPM the correct protocol stack to examine. This is done with a class-map type stack. Notice that we start at layer 2, match the ethertype for IP, then move to layer 3, matching IP protocol 1 or ICMP.

class-map type stack match-all IP_ICMP
stack-start l2-start
match field ether type eq 0×800 next IP
match field layer 3 IP protocol eq 1 next ICMP

With the stack defined, we’re now free to match the specific information we’re after, FPM uses “class-map type access-control”.

class-map type access-control match-all BAD_ICMP
match field icmp type eq 8
match field ip source-addr eq 10.6.6.6
match field ip length gt 500

Now we’ll create a “policy-map type access-control” to drop any traffic that is a part of this class. This policy map is then nested within another policy map that matches our previously defined protocol stack. It is then applied to the interface:

policy-map type access-control DROP_BAD_ICMP
class BAD_ICMP
drop
policy-map type access-control FPM
class IP_ICMP
service-policy DROP_BAD_ICMP
!
int fa0/1
service-policy type access-control input FPM

Verification is simple. First we’ll ping from a router with an interface IP of 192.168.2.10 with no options:

R2# ping 10.6.6.6
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.6.6.6, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 50/58/60 ms

The ping is successful as expected. It matches the stack, ICMP type and source address, but not the size. Now we can repeat the ping, upping the size:

R2# ping 10.6.6.6 size 1000
Type escape sequence to abort.
Sending 5, 1000-byte ICMP Echos to 10.6.6.6, timeout is 2 seconds:
….
Success rate is 0 percent (0/5)

This time the packets were dropped. We can further verify by checking the policy-map on the router using FPM. Notice that we have lots of packets matching the stack class-map, but only our 5 echo requests were dropped:

R1#sho policy-map type access-control interface
FastEthernet0/1

Service-policy access-control input: FPM

Class-map: IP_ICMP (match-all)
136 packets, 15468 bytes
5 minute offered rate 0 bps
Match: field ETHER type eq 0×800 next IP
Match: field layer 3 IP protocol eq 1 next ICMP

Service-policy access-control : DROP_BAD_ICMP

Class-map: BAD_ICMP (match-all)
5 packets, 5070 bytes
5 minute offered rate 0 bps
Match: field ICMP type eq 8
Match: field IP length gt 500
Match: field IP source-addr eq -1062729462
drop

This is a fairly basic example that is easy to verify and learn with. FPM can be much more detailed, even going so far as to match specific strings within the data payload itself. The preferred method of applying this in the field is to sniff the traffic you’re interested in, find something that is unique to this traffic and match based on it.

Here is Narbik’s post from GS

To All,

First of all I would like to apologize for the delay.

Secondly, please excuse any typos, I kind of rushed to get this out so you guys will enjoy the lab.

Once again there are no registrations, no sign-ins or any other requirements to download the lab.

Please go to

http://www.micronicstraining.com/classes/index.php?dispatch=categories.view&category_id=93

And then, click on *CCIE Routing and Switching Trouble Shooting Workbook* and then, click on *Download FREE sample chapter*.

Please let me know if you experience any problems.

The initial config file is also included. You need to have winrar to unzip the directory, it also includes the diagrams.

This lab is one of the 10 Troubleshooting Mock labs and hope it would NOT be a waste of your precious time. PLease go through and read the answers and see the steps that one has to go through to resolve a trouble ticket.

I have also included another FREE lab work book that you guys can download; it has 338 pages of good labs (They help reduce your blood pressure, whereas, the TS labs help reducing the cholestrol). You should see it there as well.

The security work book and the SP will be our next priority and they should be completed before the end of the year.

There will also be a FREE VOD on ZBFW, that should be finished within a week or so.

Enjoy and I hope to see you guys later.

–
Narbik Kocharians
CCSI#30832, CCIE# 12410 (R&S, SP, Security)
www.MicronicsTraining.com
Sr. Technical Instructor
YES! We take Cisco Learning Credits!

• Border Gateway Protocol (BGP)
• Classless Interdomain Routing (CIDR)
• Enhanced Interior Gateway Routing Protocol (EIGRP)
• Integrated Intermediate System-to-Intermediate System (IS-IS)
• Interior Gateway Routing Protocol (IGRP)
• Multiprotocol BGP (MBGP)
• On-Demand Routing (ODR)
• Open Shortest Path First (OSPF)
• Routing Information Protocol (RIP)

• Achieve Optimal Routing and Reduce BGP Memory Consumption
  28/Feb/2008
• BGP Best Path Selection Algorithm
  24/May/2006
• BGP Case Studies
  30/Oct/2008
• BGP Peer Groups
  30/Oct/2008
• BGP Policy Accounting and BGP Policy Accounting Output Interface Accounting Features
  29/Dec/2005
• Configuring a Gateway of Last Resort Using IP Commands
  10/Aug/2005
• Host and Subnet Quantities
  10/Aug/2005
• How BGP Routers Use the Multi-Exit Discriminator for Best Path Selection
  10/Aug/2005
• How Does Load Balancing Work?
  10/Aug/2005
• How the bgp deterministic-med Command Differs from the bgp always-compare-med Command
  10/Aug/2005
• How to Block One or More Networks From a BGP Peer
  11/May/2006
• IP Addressing and Subnetting for New Users
  26/Sep/2005
• Removing Private Autonomous System Numbers in BGP
  10/Aug/2005
• Route Selection in Cisco Routers
  02/Jan/2008
• Route-Maps for IP Routing Protocol Redistribution Configuration
  10/Aug/2005
• Specifying a Next Hop IP Address for Static Routes
  30/Oct/2006
• The “%TUN-5-RECURDOWN” Error Message and Flapping EIGRP/OSPF/BGP Neighbors Over a GRE Tunnel
  10/Aug/2005
• Troubleshooting BGP
  01/Jan/2008
• Troubleshooting Flapping BGP Routes (Recursive Routing Failure)
  10/Aug/2005
• Troubleshooting High CPU Caused by the BGP Scanner or BGP Router Process
  25/Jul/2008
• Troubleshooting When BGP Routes Are Not Advertised
  24/Jul/2006
• Understanding Policy Routing
  10/Aug/2005
• Understanding Redistribution of OSPF Routes into BGP
  10/Aug/2005
• Understanding Route Aggregation in BGP
  10/Aug/2005
• Using Regular Expressions in BGP
  10/May/2006
• Using the Extended ping and Extended traceroute Commands
  28/Jul/2006
• What Does the “#%BGP-3-INSUFCHUNKS: Insufficient chunk pools for aspath” Error Message Mean?
  12/Apr/2005
• What Is Administrative Distance?
  06/Mar/2007
• When Are ICMP Redirects Sent?
  24/Jun/2008
• Why Do BGP Neighbors Toggle Between Idle, Connect, and Active States?
  10/Aug/2005

• Host and Subnet Quantities
  10/Aug/2005
• IP Addressing and Subnetting for New Users
  26/Sep/2005
• Specifying a Next Hop IP Address for Static Routes
  30/Oct/2006

• AppleTalk Module for EIGRP
  28/Jan/2008
• Configuration Notes for the Implementation of EIGRP over Frame Relay and Low Speed Links
  10/Aug/2005
• Configuring a Gateway of Last Resort Using IP Commands
  10/Aug/2005
• Filtering Routing Updates on Distance Vector IP Routing Protocols
  10/Aug/2005
• Host and Subnet Quantities
  10/Aug/2005
• How Does Load Balancing Work?
  10/Aug/2005
• How Does the Passive Interface Feature Work in EIGRP?
  28/Mar/2005
• How Does Unequal Cost Path Load Balancing (Variance) Work in IGRP and EIGRP?
  03/Jun/2009
• Introduction to EIGRP
  10/Aug/2005
• IP Addressing and Subnetting for New Users
  26/Sep/2005
• OSPF and EIGRP Neighbor Loss, RIP and IGRP Update Loss after Upgrading to Cisco IOS 11.2 or Later
  01/Jan/2008
• Preventing Duplicate EIGRP Router IDs
  18/Jan/2008
• Redistributing Between Classful and Classless Protocols: EIGRP or OSPF into RIP or IGRP
  10/Aug/2005
• Redistributing Routing Protocols
  07/Sep/2006
• Route Selection in Cisco Routers
  02/Jan/2008
• Route-Maps for IP Routing Protocol Redistribution Configuration
  10/Aug/2005
• Setting a Preferred Route by Influencing EIGRP Metrics
  10/Aug/2005
• Specifying a Next Hop IP Address for Static Routes
  30/Oct/2006
• The “%TUN-5-RECURDOWN” Error Message and Flapping EIGRP/OSPF/BGP Neighbors Over a GRE Tunnel
  10/Aug/2005
• Troubleshooting EIGRP
  21/Jul/2008
• Understanding IPX-EIGRP
  04/Oct/2005
• Understanding Policy Routing
  10/Aug/2005
• Using the Extended ping and Extended traceroute Commands
  28/Jul/2006
• What Does the EIGRP DUAL-3-SIA Error Message Mean?
  10/Aug/2005
• What Is Administrative Distance?
  06/Mar/2007
• When Are ICMP Redirects Sent?
  24/Jun/2008

• Configuring a Gateway of Last Resort Using IP Commands
  10/Aug/2005
• Host and Subnet Quantities
  10/Aug/2005
• How Does Load Balancing Work?
  10/Aug/2005
• Intermediate System-to-Intermediate System (IS-IS) TLVs
  10/Aug/2005
• IP Addressing and Subnetting for New Users
  26/Sep/2005
• IS-IS Network Types and Frame Relay Interfaces
  10/Aug/2005
• IS-IS Route Leaking Overview
  13/May/2008
• MTU Mismatch Problem in IS-IS
  10/Aug/2005
• Redistributing Routing Protocols
  07/Sep/2006
• Route Selection in Cisco Routers
  02/Jan/2008
• Route-Maps for IP Routing Protocol Redistribution Configuration
  10/Aug/2005
• Specifying a Next Hop IP Address for Static Routes
  30/Oct/2006
• Understanding IS-IS Pseudonode LSP
  10/Aug/2005
• Understanding Policy Routing
  10/Aug/2005
• Uses of the Overload Bit with IS-IS
  25/Oct/2005
• Using the Extended ping and Extended traceroute Commands
  28/Jul/2006
• What Is Administrative Distance?
  06/Mar/2007
• When Are ICMP Redirects Sent?
  24/Jun/2008

• Behavior of RIP and IGRP When Sending and Receiving Updates
  10/Aug/2005
• Configuring a Gateway of Last Resort Using IP Commands
  10/Aug/2005
• Fast IGRP Details
  10/Aug/2005
• Filtering Routing Updates on Distance Vector IP Routing Protocols
  10/Aug/2005
• Host and Subnet Quantities
  10/Aug/2005
• How Does Load Balancing Work?
  10/Aug/2005
• How Does Unequal Cost Path Load Balancing (Variance) Work in IGRP and EIGRP?
  03/Jun/2009
• How Split Horizon Affects RIP/IGRP Routing Updates when Secondary Addresses Are Involved
  18/Aug/2005
• IGRP Metric
  10/Aug/2005
• IP Addressing and Subnetting for New Users
  26/Sep/2005
• OSPF and EIGRP Neighbor Loss, RIP and IGRP Update Loss after Upgrading to Cisco IOS 11.2 or Later
  01/Jan/2008
• Redistributing Between Classful and Classless Protocols: EIGRP or OSPF into RIP or IGRP
  10/Aug/2005
• Redistributing Routing Protocols
  07/Sep/2006
• Route Selection in Cisco Routers
  02/Jan/2008
• Route-Maps for IP Routing Protocol Redistribution Configuration
  10/Aug/2005
• Specifying a Next Hop IP Address for Static Routes
  30/Oct/2006
• Understanding Policy Routing
  10/Aug/2005
• Using the Extended ping and Extended traceroute Commands
  28/Jul/2006
• What Is Administrative Distance?
  06/Mar/2007
• When Are ICMP Redirects Sent?
  24/Jun/2008
• Why Doesn’t RIP or IGRP Support Discontiguous Networks?
  10/Aug/2005
• Why Don’t RIPv1 and IGRP Support Variable-Length Subnet Mask?
  12/Aug/2005

• Specifying a Next Hop IP Address for Static Routes
  30/Oct/2006
• What Is Administrative Distance?
  06/Mar/2007

• Specifying a Next Hop IP Address for Static Routes
  30/Oct/2006

• Common Routing Problem with OSPF Forwarding Address
  29/Dec/2005
• Configuring a Gateway of Last Resort Using IP Commands
  10/Aug/2005
• Guide to OSPF Application on the CSS 11000
  03/May/2004
• Host and Subnet Quantities
  10/Aug/2005
• How Does Load Balancing Work?
  10/Aug/2005
• How Does OSPF Generate Default Routes?
  10/Aug/2005
• Initial Configurations for OSPF over Non-Broadcast Links
  29/Dec/2005
• IP Addressing and Subnetting for New Users
  26/Sep/2005
• OSPF and EIGRP Neighbor Loss, RIP and IGRP Update Loss after Upgrading to Cisco IOS 11.2 or Later
  01/Jan/2008
• OSPF Demand Circuit Feature
  21/Jul/2005
• OSPF Neighbor Problems Explained
  10/Aug/2005
• OSPF Neighbor States
  10/Aug/2005
• OSPF Not-So-Stubby Area (NSSA)
  10/Aug/2005
• OSPF show Commands Respond Slowly
  10/Aug/2005
• Problems with Running OSPF in NBMA and Broadcast Mode over Frame Relay
  29/Dec/2005
• Redistributing Between Classful and Classless Protocols: EIGRP or OSPF into RIP or IGRP
  10/Aug/2005
• Redistributing Connected Networks into OSPF
  29/Dec/2005
• Redistributing Routing Protocols
  07/Sep/2006
• Route Selection in Cisco Routers
  02/Jan/2008
• Route-Maps for IP Routing Protocol Redistribution Configuration
  10/Aug/2005
• Scalable ISDN Backup Strategy for Large OSPF Networks
  25/May/2005
• Specifying a Next Hop IP Address for Static Routes
  30/Oct/2006
• Suboptimal Routing When Redistributing Between OSPF Processes
  01/Jan/2008
• The “%TUN-5-RECURDOWN” Error Message and Flapping EIGRP/OSPF/BGP Neighbors Over a GRE Tunnel
  10/Aug/2005
• The Effects of the Forwarding Address on Type 5 LSA Path Selection
  28/Mar/2005
• Troubleshooting Duplicate Router IDs with OSPF
  16/Mar/2007
• Troubleshooting OSPF
  15/Sep/2008
• Understanding Policy Routing
  10/Aug/2005
• Using the Extended ping and Extended traceroute Commands
  28/Jul/2006
• What Are OSPF Areas and Virtual Links?
  18/Dec/2005
• What Do %OSPF-4-ERRRCV Error Messages Mean?
  10/Aug/2005
• What Does the show ip ospf interface Command Reveal?
  10/Aug/2005
• What Does the show ip ospf neighbor Command Reveal?
  10/Aug/2005
• What Is Administrative Distance?
  06/Mar/2007
• When Are ICMP Redirects Sent?
  24/Jun/2008
• Why Are OSPF Neighbors Stuck in Exstart/Exchange State?
  10/Aug/2005
• Why Are Some OSPF Routes in the Database but Not in the Routing Table?
  15/Sep/2008
• Why Does the show ip ospf neighbor Command Reveal Neighbors in the Init State?
  10/Aug/2005
• Why Does the show ip ospf neighbor Command Reveal Neighbors Stuck in Two-Way State?
  10/Aug/2005
• Why Doesn’t OSPF Form Adjacency on a PRI, BRI, or Dialer Interface?
  10/Aug/2005
• Why Is the ip ospf interface-retry 0 Configuration Command Added to All Interfaces?
  01/Jan/2008
• Why OSPF Demand Circuit Keeps Bringing Up the Link
  10/Aug/2005

• Behavior of RIP and IGRP When Sending and Receiving Updates
  10/Aug/2005
• Configuring a Gateway of Last Resort Using IP Commands
  10/Aug/2005
• Filtering Routing Updates on Distance Vector IP Routing Protocols
  10/Aug/2005
• Host and Subnet Quantities
  10/Aug/2005
• How Does Load Balancing Work?
  10/Aug/2005
• How Split Horizon Affects RIP/IGRP Routing Updates when Secondary Addresses Are Involved
  18/Aug/2005
• ICMPv6 Packet Types and Codes
  10/Aug/2005
• IP Addressing and Subnetting for New Users
  26/Sep/2005
• OSPF and EIGRP Neighbor Loss, RIP and IGRP Update Loss after Upgrading to Cisco IOS 11.2 or Later
  01/Jan/2008
• Redistributing Between Classful and Classless Protocols: EIGRP or OSPF into RIP or IGRP
  10/Aug/2005
• Redistributing Routing Protocols
  07/Sep/2006
• Route Selection in Cisco Routers
  02/Jan/2008
• Route-Maps for IP Routing Protocol Redistribution Configuration
  10/Aug/2005
• Specifying a Next Hop IP Address for Static Routes
  30/Oct/2006
• Understanding Policy Routing
  10/Aug/2005
• Using the Extended ping and Extended traceroute Commands
  28/Jul/2006
• What Is Administrative Distance?
  06/Mar/2007
• When Are ICMP Redirects Sent?
  24/Jun/2008
• Why Doesn’t RIP or IGRP Support Discontiguous Networks?
  10/Aug/2005
• Why Don’t RIPv1 and IGRP Support Variable-Length Subnet Mask?
  12/Aug/2005

I found the above link from Cisco’s website very usefule.

Happy Labbing!

To all my active and loyal CCIEPILOT.COM’s followers…

Training session Webex Recordings

Cisco IOS Zone-Based Firewall Concept, Configuration, and Troubleshooting

https://ciscosupport.webex.com/ciscosupport/ldr.php?AT=pb&SP=MC&rID=1908767&rKey=af5f55c7874a225b

Cisco IOS Intrusion Prevention System Overview and Troubleshooting

https://ciscosupport.webex.com/ciscosupport/ldr.php?AT=pb&SP=MC&rID=1922807&rKey=22339b09e0dc96d0

Trivia: PPP

Diagram:

R4-s0/1<<——–Serial-back-2-back———>>s0/1-R5

Question:

Configure PPP on the Serial connection between R4 and R5 using dialer
interfaces.

Answer:

R4 and R5

interface Serial0/1
no ip address
encapsulation ppp
dialer in-band
dialer pool-member 1
pulse-time 1

interface Dialer0
ip address 45.45.45.x 255.255.255.0
encapsulation ppp
dialer pool 1
dialer idle-timeout 0
dialer persistent
end

Routing Table:

C       45.45.45.x/32 is directly connected, Dialer0
C       45.45.45.0/24 is directly connected, Dialer0

R4#sh dialer

Se0/1 – dialer type = IN-BAND SYNC NO-PARITY
Dialer pool 1, priority 0
Idle timer (never), Fast idle timer (20 secs)
Wait for carrier (30 secs), Re-enable (15 secs)
Dialer state is data link layer up
Interface bound to profile Di0
Time until disconnect never
Connected to <unknown phone number> (<unknown phone number>)

Di0 – dialer type = DIALER PROFILE
Idle timer (never), Fast idle timer (20 secs)
Wait for carrier (30 secs), Re-enable (15 secs)
Dialer state is data link layer up
Number of active calls = 1

Dial String      Successes   Failures    Last DNIS   Last status

Trivia: PPP – I dont want the /32 in you.

We always see a /32 host route every time we use PPP. What if you dont like and want it? What

will you do?

Diagram:

R1-s0/1<<—–Serial-Connection——>s0/1-R2

Answer Configuration: use “no peer neighbor-route” interface command.

R1 and R2

interface Serial0/1
ip address 12.12.12.x 255.255.255.0
encapsulation ppp
no peer neighbor-route

Routing Table:

12.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C       12.12.12.0/24 is directly connected, Serial0/1
C       12.12.12.2/32 is directly connected, Serial0/1 <<<<< Get rid of this!

After:

Gateway of last resort is not set

12.0.0.0/24 is subnetted, 1 subnets
C       12.12.12.0 is directly connected, Serial0/1

Verification:

R1#ping 12.12.12.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 12.12.12.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/38/56 ms
R1# ping 12.12.12.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 12.12.12.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 52/68/120 ms
R1#

Show to know:

R1#sh int s0/1 | i Open
Encapsulation PPP, LCP Open
Open: IPCP, CDPCP, crc 16, loopback not set
R1#

That’s it!

Audio Classes

• R&S Audio Bootcamp

CCIE 2.0

• CCIE R&S Core Knowledge Simulation
• R&S Lab Meet-Up Series Class-on-Demand
• R&S Open Lecture Series Class-on-Demand

Classes-on-Demand

• R&S Advanced Technologies 10-Day Class-on-Demand v4.5
• R&S Advanced Technologies 5-Day Class-on-Demand v4.5
• R&S Advanced Troubleshooting Bootcamp Class-on-Demand
• R&S Bootcamp Class-on-Demand (5-Day)

Workbooks

• R&S Lab Workbook Volume I v4.1
• R&S Lab Workbook Volume I v5.0
• R&S Lab Workbook Volume II v4.1
• R&S Lab Workbook Volume II v5.0 for CCIE v3.0
• R&S Lab Workbook Volume II v5.0 for CCIE v4.0
• R&S Lab Workbook Volume III v4.1
• R&S Lab Workbook Volume IV

Lab Breakdown for R&S Lab Workbook Volume II v4.1

• R&S Lab Workbook Volume II v4.1 Breakdown #1
• R&S Lab Workbook Volume II v4.1 Breakdown #2
• R&S Lab Workbook Volume II v4.1 Breakdown #3
• R&S Lab Workbook Volume II v4.1 Breakdown #4
• R&S Lab Workbook Volume II v4.1 Breakdown #5
• R&S Lab Workbook Volume II v4.1 Breakdown #6
• R&S Lab Workbook Volume II v4.1 Breakdown #7
• R&S Lab Workbook Volume II v4.1 Breakdown #8

* IP Multicast – 11/13/2008 Part 1
o PIM Dense Mode
o RPF Failure
o Static Mroutes

* IP Multicast – 11/13/2008 Part 2
o PIM Sparse Mode
o Static RP Assignment
o IGMP Join
o PIM Join
o PIM Register

* IP Multicast – 11/13/2008 Part 3
o PIM Register Troubleshooting

* IP Multicast – 11/14/2008 Part 1
o PIM Sparse Dense Mode

* IP Multicast – 11/14/2008 Part 2
o PIM Sparse Dense Mode with Auto-RP

* IP Multicast – 11/14/2008 Part 3
o PIM AutoRP Listener

* IP Multicast – 11/14/2008 Part 4
o PIM NBMA Mode

* IP Multicast – 11/14/2008 Part 5
o PIM NBMA Mode
o Default RP Placement

* OSPF – 11/18/2008 Part 1
o OSPF Intra-Area Routing

* OSPF – 11/18/2008 Part 2
o OSPF Inter-Area Routing

* OSPF – 11/18/2008 Part 3
o OSPF Inter-Area Routing with Multiple ABRs

* OSPF – 11/18/2008 Part 4
o OSPF External Routing

* OSPF – 11/20/2008 Part 1
o OSPF Virtual Links

* OSPF – 11/20/2008 Part 2
o Traffic Engineering with Virtual-Links

* BGP – 11/26/2008
o BGP Traffic Engineering with Aggregation

* QoS – 12/03/2008
o Custom Queuing

* QoS – 12/04/2008
o WFQ
o CBWFQ
o Bandwidth Reservations
o Prioritization with LLQ

* Bridging & Switching – 12/09/2008
o EtherChannel
o Dot1q Tunneling
o EtherChannel over Dot1q Tunneling

* IP Routing – 12/16/2008
o IP SLA
o Enhanced Object Tracking
o Reliable Static Routing
o Reliable Policy Routing

* RIP – 12/17/2008
o RIP Filtering

* Redistribution – 12/23/2008
o Advanced IPv4 Redistribution

* IPv6 – 12/30/2008
o Advanced IPv6 Design

* NAT – 01/14/2009
o Advanced NAT Design

* First Hop Redundancy – 01/15/2009
o Advanced First Hop Redundancy Protocols

* Redistribution – 01/23/2009
o Advanced IPv4 Redistribution

* BGP – 01/28/2009
o BGP Conditional Route Injection

* BGP – 01/29/2009
o BGP Next-Hop Processing

* Security – 02/04/2009
o Reflexive Access-Lists
o CBAC
o TCP Intercept

* Security – 02/06/2009
o Dynamic Access-Lists
o Time Based Access-Lists

* Multicast – 02/11/2009
o IP Multicast Helper Map
o Broadcast to Multicast Conversions

* Security – 02/12/2009
o LAN Security
o DHCP Snooping
o IP Source Guard
o Dynamic ARP Inspection

* Security – 02/18/2009
o Local Command Authorization
o Role Based CLI

* Security – 02/19/2009
o AAA

* BGP – 02/25/2009
o BGP Route Reflection and Clusters

* BGP – 02/26/2009
o BGP Aggregation

* BGP – 03/05/2009
o BGP Synchronization
o BGP and IGP Redistribution

* IPv6 – 03/10/2009
o IPv6 BGP

* BGP – 03/18/2009
o BGP Communities

* Bridging & Switching – 03/19/2009
o 802.1q Tunnelling and EtherChannel

* Core Knowledge – 04/01/2009
o Open Ended Questions
o Core Knowledge Simulation

* IP Multicast – 04/02/2009
o Understanding RPF Check

* Security – 04/08/2009
o Content Based Access Control (CBAC)

* CCIE Lab Strategy – 04/09/2009
o Task Tracker

* Dynamips with GNS3 – 04/22/2009
o Using GNS3 For Lab Preparation

* IP Routing – 04/23/2009
o Route Config BP

* Security – 04/30/2009
o Calculating Complex Access Lists

* BGP – 05/01/2009
o BGP Bestpath Selection

* Bridging & Switching – 05/07/2009
o Spanning Tree Features

* Bridging & Switching – 05/08/2009
o Multiple Spanning Tree (MST)

* Bridging & Switching – 05/13/2009
o MST – Multiple Regions

* Bridging & Switching – 05/14/2009
o Point-to-Point Protocol (PPP)
o PPP over Frame Relay (PPPoFR)

* Bridging & Switching – 05/20/2009
o Layer 2 Catalyst QoS

* IP Routing – 05/21/2009
o GRE Tunnelling
o Recursive Routing

* EIGRP – 05/28/2009
o EIGRP Unequal Cost Load Balancing

* RIP – 06/03/2009
o RIPv2 Filtering

* EIGRP – 06/04/2009
o EIGRP Filtering and Stub Routing

* Security – 06/10/2009
o Security – BGP Remotely Triggered Blackhole Filtering

* Security – 06/12/2009
o BGP Sinkhole Filtering

* Bridging & Switching – 06/25/2009
o Transparent Bridging
o IRB

* QoS – 06/24/2009
o Frame Relay Traffic Shaping

* OSPF – 06/30/2009
o OSPF Filtering

* IGP – 07/02/2009
o IGP Summarization

* IP Services – 07/07/2009
o NAT TCP Load Balancing
o Server Load Balancing
o IOS SLB

* BGP – 07/09/2009
o BGP Communities

* Using the Cisco Documentation – 07/16/2009
o Using the Cisco Documentation

* MPLS – 07/17/2009
o CCIE R&S v4.0 Blueprint
o MPLS Introduction

* MPLS – 07/23/2009
o MPLS Configuration

* MPLS – 07/24/2009
o MPLS Configuration (Cont)

* MPLS – 07/28/2009
o MPLS L3VPN Verification

* Security – 07/30/2009
o Zone Based Policy Firewall

Diagram:

<RIP>—–R1——-<EIGRP>——-R2—<RIP>
                  |
         Loopbacks0-3

Loopbacks0-3

R1:
router eigrp 100
redistribute static metric 1 1 1 1 1
redistribute rip metric 1 1 1 1 1
network 1.0.0.0
network 131.1.0.0
no auto-summary
router rip
version 2
passive-interface default
no passive-interface FastEthernet1/0
network 200.1.1.0
no auto-summary

R1#r stat
S 11.0.0.0/8 is directly connected, FastEthernet1/0
R1#r c
1.0.0.0/8 is variably subnetted, 5 subnets, 2 masks
C 1.1.0.0/24 is directly connected, Loopback0
C 1.1.1.0/24 is directly connected, Loopback1
C 1.1.2.0/24 is directly connected, Loopback2
C 1.1.3.0/24 is directly connected, Loopback3
C 200.1.1.0/24 is directly connected, FastEthernet1/0
131.1.0.0/24 is subnetted, 1 subnets
C 131.1.12.0 is directly connected, Serial0/0.12
R1#i s0/0.12
Building configuration…

Current configuration : 195 bytes
!
interface Serial0/0.12 point-to-point
ip address 131.1.12.1 255.255.255.0
ip summary-address eigrp 100 1.1.0.0 255.255.252.0 12
snmp trap link-status
frame-relay interface-dlci 102
end

R1#

R1#e n
IP-EIGRP neighbors for process 100
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
0 131.1.12.2 Se0/0.12 12 00:01:49 152 1368 0 124
R1#

This is the normal routing table of R2

R2#r e
1.0.0.0/22 is subnetted, 1 subnets
D 1.1.0.0 [90/2297856] via 131.1.12.1, 00:02:01, Serial0/0.12
D EX 200.1.1.0/24 [170/2560512256] via 131.1.12.1, 00:02:01, Serial0/0.12
D EX 11.0.0.0/8 [170/2560512256] via 131.1.12.1, 00:02:01, Serial0/0.12
R2#

On R2 we received the following from R1:

- static routes of R1
- connected but summarized routes of R1 – EX 11.0.0.0/8
- External IGP routes (from R1′s RIP) – EX 200.1.1.0/24

Now we will demonstrate the EIGRP stub feature.
In this scenario we will configure R1 for EIGRP stub feature.

R1(config)#router eigrp 100
R1(config-router)#?
Router configuration commands:
eigrp EIGRP specific commands
R1(config-router)#eigrp ?
stub Set IP-EIGRP as stubbed router

R1(config-router)#eigrp stub ?
connected Do advertise connected routes
leak-map Allow dynamic prefixes based on the leak-map
receive-only Set IP-EIGRP as receive only neighbor
redistributed Do advertise redistributed routes
static Do advertise static routes
summary Do advertise summary routes

Here we will demonstrate the following options:

connected Do advertise connected routes
leak-map Allow dynamic prefixes based on the leak-map
receive-only Set IP-EIGRP as receive only neighbor
redistributed Do advertise redistributed routes
static Do advertise static routes
summary Do advertise summary routes

Results:

ORIGINAL Routing table on R2:

R2#show ip route e
1.0.0.0/22 is subnetted, 1 subnets
D 1.1.0.0 [90/2297856] via 131.1.12.1, 00:02:01, Serial0/0.12
D EX 200.1.1.0/24 [170/2560512256] via 131.1.12.1, 00:02:01, Serial0/0.12
D EX 11.0.0.0/8 [170/2560512256] via 131.1.12.1, 00:02:01, Serial0/0.12
R2#
%DUAL-5-NBRCHANGE: IP-EIGRP(0) 100: Neighbor 131.1.12.1 (Serial0/0.12) is down: Interface Goodbye received
R2#r e
%DUAL-5-NBRCHANGE: IP-EIGRP(0) 100: Neighbor 131.1.12.1 (Serial0/0.12) is up: new adjacency

2. eigrp stub connected

R1(config-router)#eigrp stub connected

R2#show ip route e
1.0.0.0/24 is subnetted, 4 subnets
D 1.1.0.0 [90/2297856] via 131.1.12.1, 00:00:05, Serial0/0.12
D 1.1.1.0 [90/2297856] via 131.1.12.1, 00:00:05, Serial0/0.12
D 1.1.2.0 [90/2297856] via 131.1.12.1, 00:00:05, Serial0/0.12
D 1.1.3.0 [90/2297856] via 131.1.12.1, 00:00:05, Serial0/0.12

R2#

Result of R1(config-router)#eigrp stub summary on R2:

R2#show ip route e
1.0.0.0/22 is subnetted, 1 subnets
D 1.1.0.0 [90/2297856] via 131.1.12.1, 00:00:05, Serial0/0.12

Result of R1(config-router)#eigrp stub static on R2:

R2#show ip route e
D EX 11.0.0.0/8 [170/2560512256] via 131.1.12.1, 00:00:01, Serial0/0.12

Result of R1(config-router)#eigrp stub receive-only on R2: – NOTHING IS RECEIVED!

R2#show ip route e
R2#

Gets?

Configure R5 to have an output the same as below:

R5#sh queueing int f0/0
Interface FastEthernet0/0 queueing strategy: random early detection (WRED)
    Random-detect not active on the dialer
    Exp-weight-constant: 9 (1/512)
    Mean queue depth: 0

  class                     Random drop      Tail drop    Minimum Maximum  Mark
                            pkts/bytes       pkts/bytes    thresh  thresh  prob
      0                         0/0              0/0           20      40  1/10
      1                         0/0              0/0           22      40  1/10
      2                         0/0              0/0           24      40  1/10
      3                         0/0              0/0           26      40  1/10
      4                         0/0              0/0           28      40  1/10
      5                         0/0              0/0           31      40  1/10
      6                         0/0              0/0           33      40  1/10
      7                         0/0              0/0           35      40  1/10
   rsvp                         0/0              0/0           37      40  1/10

R5#sh queueing int f0/1
Interface FastEthernet0/1 queueing strategy: fair
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: Class-based queueing
  Output queue: 0/1000/64/0 (size/max total/threshold/drops)
     Conversations  0/1/256 (active/max active/max total)
     Reserved Conversations 0/0 (allocated/max allocated)
     Available Bandwidth 75000 kilobits/sec

R5#sh policy-map int f0/1                 
 FastEthernet0/1

  Service-policy output: WRED

    Class-map: class-default (match-any)
      25550 packets, 2163646 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: any
      Queueing
        Flow Based Fair Queueing
        Maximum Number of Hashed Queues 256
        (total queued/total drops/no-buffer drops) 0/0/0
         exponential weight: 9

  class    Transmitted      Random drop      Tail drop    Minimum Maximum  Mark
           pkts/bytes       pkts/bytes       pkts/bytes    thresh  thresh  prob
      0   13809/1396426         0/0              0/0           20      40  1/10
      1       0/0               0/0              0/0           22      40  1/10
      2       0/0               0/0              0/0           24      40  1/10
      3       0/0               0/0              0/0           26      40  1/10
      4       0/0               0/0              0/0           28      40  1/10
      5       0/0               0/0              0/0           30      40  1/10
      6   11741/767220          0/0              0/0           32      40  1/10
      7       0/0               0/0              0/0           34      40  1/10
   rsvp       0/0               0/0              0/0           36      40  1/10

R5#

 
Answer: (highlight to answer)

 

interface FastEthernet0/0
 random-detect

interface FastEthernet0/1
 service-policy output WRED

policy-map WRED
 class class-default
  fair-queue
  random-detect

 

Configure R5 so that these hosts can only use
normal HTTP applications from 9am – 5pm Monday – Friday. All traffic should be dropped during the hours outside of this.

R5:
interface FastEthernet0/1
ip access-group FILTER1 in
!
ip access-list extended FILTER1
permit tcp any any eq www time-range WORK_HOURS
deny ip any any
!
time-range WORK_HOURS
periodic weekdays 9:00 to 17:00

or

R5:

interface FastEthernet0/1
ip access-group FILTER2 in

ip access-list extended FILTER2
permit tcp any any eq www time-range WORK_HOURS
deny tcp any any eq www
permit ip any any

time-range WORK_HOURS
periodic weekdays 9:00 to 17:00

Which FILTER is the most appropriate?

conf t
alias exec r show ip route
alias exec ss show run | s ^router
alias exec sr show run | b ^router
alias exec s show ip int brief
alias exec su show ip int brief | e unassigned

alias exec r6 show ipv6 route
alias exec s6 show ipv6 int brief
alias exec rc show run
alias exec i show run interface
alias exec b show ip bgp

alias exec o show ip ospf
alias exec e shwo ip eigrp
alias exec c config term
alias exec pm show policy-map
alias exec rm show route-map

alias exec al show access-list
alias exec pl show ip prefix-list
alias exec m show ip mroute
alias exec pp show ip pim
alias exec cm show class-map

alias exec v show vlan brief
alias exec pb ping 255.255.255.255
alias exec ciop clear ip ospf proce
alias exec cien clear ip eigrp nei
alias exec cib clear ip bgp *

alias exec cir clear ip route *
alias exec t show int trunk
end
wr

The upcoming Version 4.0 of Cisco CCIE® Routing and Switching certification will test hands-on troubleshooting, Multiprotocol Label Switching (MPLS), and VPN networking.

To reflect the growth of the network as a service platform, Cisco is revising the certification requirements for CCIE Routing & Switching (CCIE R&S)–the expert level certification for network engineers. The new requirements were developed with assistance from Cisco enterprise customers and reflect the expectations of employers across industries.

The competencies required for CCIE R&S v4.0 certification were released on May 5, 2009, and are available on the Cisco Learning Network under the CCIE R&S v4.0 Written Exam topics and CCIE R&S v4.0 Lab Exam topics. Exams based on the new requirements are scheduled for release on October 18, 2009, and will immediately replace the currently available v3.0 exams. Candidates who plan to take their exams on October 18, 2009, or later should prepare using the new v4.0 exam topics.

Both the written and lab exams will be refreshed with new questions and will cover MPLS and VPN networking. The written exam will add scenario-based questions to the multiple choice questions, and the lab will now require hands-on troubleshooting of preconfigured networks, in addition to configuration. Exam duration and pricing will remain the same, with the two-hour written exam at USD$350 and the eight-hour lab at USD$1400. A beta version of the new CCIE R&S v4.0 written exam (351-001) will be available to all customers in the July–August 2009 timeframe at a discounted price of USD$50. An announcement will be made when scheduling begins.

https://cisco.hosted.jivesoftware.com/docs/DOC-4605

What Cisco proprietary STP feature configured in a switch prevents it from becoming a transit node under most circumstances? 

Answer (Highlight to answer):  Uplink-Fast

Q5. Accoring to RFC specifications, what is the exact Administratively Scope Multicast address used in common/real practice?

Answer (Highlight to answer):  239.15.0.0/16 (but for CCIE exam its is 239.0.0.0/8)