hostname Router1
!
ip domain-name cciepilot.com
!
crypto key generate rsa
!
!
username cisco password 0csic
username x secret y
!
ip ssh version 2
!
line vty 0 4
login local
Posted by: Mar Apuhin | November 12, 2009
Mininum SSH Server IOS Configuration
Posted in CCIE | Tags: Security CCIE
Posted by: Mar Apuhin | November 8, 2009
Internetwork Experts CCIE 2.0 Program
Audio Classes
CCIE 2.0
- CCIE R&S Core Knowledge Simulation
- R&S Lab Meet-Up Series Class-on-Demand
- R&S Open Lecture Series Class-on-Demand
Classes-on-Demand
- R&S Advanced Technologies 10-Day Class-on-Demand v4.5
- R&S Advanced Technologies 5-Day Class-on-Demand v4.5
- R&S Advanced Troubleshooting Bootcamp Class-on-Demand
- R&S Bootcamp Class-on-Demand (5-Day)
Workbooks
- R&S Lab Workbook Volume I v4.1
- R&S Lab Workbook Volume I v5.0
- R&S Lab Workbook Volume II v4.1
- R&S Lab Workbook Volume II v5.0 for CCIE v3.0
- R&S Lab Workbook Volume II v5.0 for CCIE v4.0
- R&S Lab Workbook Volume III v4.1
- R&S Lab Workbook Volume IV
Lab Breakdown for R&S Lab Workbook Volume II v4.1
- R&S Lab Workbook Volume II v4.1 Breakdown #1
- R&S Lab Workbook Volume II v4.1 Breakdown #2
- R&S Lab Workbook Volume II v4.1 Breakdown #3
- R&S Lab Workbook Volume II v4.1 Breakdown #4
- R&S Lab Workbook Volume II v4.1 Breakdown #5
- R&S Lab Workbook Volume II v4.1 Breakdown #6
- R&S Lab Workbook Volume II v4.1 Breakdown #7
- R&S Lab Workbook Volume II v4.1 Breakdown #8
Posted in CCIE
Posted by: Mar Apuhin | November 4, 2009
CCIE Routing & Switching Open Lecture Series
* IP Multicast – 11/13/2008 Part 1
o PIM Dense Mode
o RPF Failure
o Static Mroutes
* IP Multicast – 11/13/2008 Part 2
o PIM Sparse Mode
o Static RP Assignment
o IGMP Join
o PIM Join
o PIM Register
* IP Multicast – 11/13/2008 Part 3
o PIM Register Troubleshooting
* IP Multicast – 11/14/2008 Part 1
o PIM Sparse Dense Mode
* IP Multicast – 11/14/2008 Part 2
o PIM Sparse Dense Mode with Auto-RP
* IP Multicast – 11/14/2008 Part 3
o PIM AutoRP Listener
* IP Multicast – 11/14/2008 Part 4
o PIM NBMA Mode
* IP Multicast – 11/14/2008 Part 5
o PIM NBMA Mode
o Default RP Placement
* OSPF – 11/18/2008 Part 1
o OSPF Intra-Area Routing
* OSPF – 11/18/2008 Part 2
o OSPF Inter-Area Routing
* OSPF – 11/18/2008 Part 3
o OSPF Inter-Area Routing with Multiple ABRs
* OSPF – 11/18/2008 Part 4
o OSPF External Routing
* OSPF – 11/20/2008 Part 1
o OSPF Virtual Links
* OSPF – 11/20/2008 Part 2
o Traffic Engineering with Virtual-Links
* BGP – 11/26/2008
o BGP Traffic Engineering with Aggregation
* QoS – 12/03/2008
o Custom Queuing
* QoS – 12/04/2008
o WFQ
o CBWFQ
o Bandwidth Reservations
o Prioritization with LLQ
* Bridging & Switching – 12/09/2008
o EtherChannel
o Dot1q Tunneling
o EtherChannel over Dot1q Tunneling
* IP Routing – 12/16/2008
o IP SLA
o Enhanced Object Tracking
o Reliable Static Routing
o Reliable Policy Routing
* RIP – 12/17/2008
o RIP Filtering
* Redistribution – 12/23/2008
o Advanced IPv4 Redistribution
* IPv6 – 12/30/2008
o Advanced IPv6 Design
* NAT – 01/14/2009
o Advanced NAT Design
* First Hop Redundancy – 01/15/2009
o Advanced First Hop Redundancy Protocols
* Redistribution – 01/23/2009
o Advanced IPv4 Redistribution
* BGP – 01/28/2009
o BGP Conditional Route Injection
* BGP – 01/29/2009
o BGP Next-Hop Processing
* Security – 02/04/2009
o Reflexive Access-Lists
o CBAC
o TCP Intercept
* Security – 02/06/2009
o Dynamic Access-Lists
o Time Based Access-Lists
* Multicast – 02/11/2009
o IP Multicast Helper Map
o Broadcast to Multicast Conversions
* Security – 02/12/2009
o LAN Security
o DHCP Snooping
o IP Source Guard
o Dynamic ARP Inspection
* Security – 02/18/2009
o Local Command Authorization
o Role Based CLI
* Security – 02/19/2009
o AAA
* BGP – 02/25/2009
o BGP Route Reflection and Clusters
* BGP – 02/26/2009
o BGP Aggregation
* BGP – 03/05/2009
o BGP Synchronization
o BGP and IGP Redistribution
* IPv6 – 03/10/2009
o IPv6 BGP
* BGP – 03/18/2009
o BGP Communities
* Bridging & Switching – 03/19/2009
o 802.1q Tunnelling and EtherChannel
* Core Knowledge – 04/01/2009
o Open Ended Questions
o Core Knowledge Simulation
* IP Multicast – 04/02/2009
o Understanding RPF Check
* Security – 04/08/2009
o Content Based Access Control (CBAC)
* CCIE Lab Strategy – 04/09/2009
o Task Tracker
* Dynamips with GNS3 – 04/22/2009
o Using GNS3 For Lab Preparation
* IP Routing – 04/23/2009
o Route Config BP
* Security – 04/30/2009
o Calculating Complex Access Lists
* BGP – 05/01/2009
o BGP Bestpath Selection
* Bridging & Switching – 05/07/2009
o Spanning Tree Features
* Bridging & Switching – 05/08/2009
o Multiple Spanning Tree (MST)
* Bridging & Switching – 05/13/2009
o MST – Multiple Regions
* Bridging & Switching – 05/14/2009
o Point-to-Point Protocol (PPP)
o PPP over Frame Relay (PPPoFR)
* Bridging & Switching – 05/20/2009
o Layer 2 Catalyst QoS
* IP Routing – 05/21/2009
o GRE Tunnelling
o Recursive Routing
* EIGRP – 05/28/2009
o EIGRP Unequal Cost Load Balancing
* RIP – 06/03/2009
o RIPv2 Filtering
* EIGRP – 06/04/2009
o EIGRP Filtering and Stub Routing
* Security – 06/10/2009
o Security – BGP Remotely Triggered Blackhole Filtering
* Security – 06/12/2009
o BGP Sinkhole Filtering
* Bridging & Switching – 06/25/2009
o Transparent Bridging
o IRB
* QoS – 06/24/2009
o Frame Relay Traffic Shaping
* OSPF – 06/30/2009
o OSPF Filtering
* IGP – 07/02/2009
o IGP Summarization
* IP Services – 07/07/2009
o NAT TCP Load Balancing
o Server Load Balancing
o IOS SLB
* BGP – 07/09/2009
o BGP Communities
* Using the Cisco Documentation – 07/16/2009
o Using the Cisco Documentation
* MPLS – 07/17/2009
o CCIE R&S v4.0 Blueprint
o MPLS Introduction
* MPLS – 07/23/2009
o MPLS Configuration
* MPLS – 07/24/2009
o MPLS Configuration (Cont)
* MPLS – 07/28/2009
o MPLS L3VPN Verification
* Security – 07/30/2009
o Zone Based Policy Firewall
The CCIE Lab
CCIE Lab inside look in San Jose (I think).
Posted in CCIE
Posted by: Mar Apuhin | September 10, 2009
The complete official IPV6 configuration library from CISCO.COM
I found this very interesting URL from DOC CD.
Cisco IOS IPv6 Configuration Library
http://www.cisco.com/en/US/docs/ios/12_2t/ipv6/ipv6_vgf.html#wp1000700
As I progress on my study I realized the best workbook for CCIE
Study is nothing but the DOC CD itself.
Right?
Posted by: Mar Apuhin | September 7, 2009
EIGRP stub feature demonstration.
Diagram:
<RIP>—–R1——-<EIGRP>——-R2—<RIP>
|
Loopbacks0-3
Loopbacks0-3
R1:
router eigrp 100
redistribute static metric 1 1 1 1 1
redistribute rip metric 1 1 1 1 1
network 1.0.0.0
network 131.1.0.0
no auto-summary
router rip
version 2
passive-interface default
no passive-interface FastEthernet1/0
network 200.1.1.0
no auto-summary
R1#r stat
S 11.0.0.0/8 is directly connected, FastEthernet1/0
R1#r c
1.0.0.0/8 is variably subnetted, 5 subnets, 2 masks
C 1.1.0.0/24 is directly connected, Loopback0
C 1.1.1.0/24 is directly connected, Loopback1
C 1.1.2.0/24 is directly connected, Loopback2
C 1.1.3.0/24 is directly connected, Loopback3
C 200.1.1.0/24 is directly connected, FastEthernet1/0
131.1.0.0/24 is subnetted, 1 subnets
C 131.1.12.0 is directly connected, Serial0/0.12
R1#i s0/0.12
Building configuration…
Current configuration : 195 bytes
!
interface Serial0/0.12 point-to-point
ip address 131.1.12.1 255.255.255.0
ip summary-address eigrp 100 1.1.0.0 255.255.252.0 12
snmp trap link-status
frame-relay interface-dlci 102
end
R1#
R1#e n
IP-EIGRP neighbors for process 100
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
0 131.1.12.2 Se0/0.12 12 00:01:49 152 1368 0 124
R1#
This is the normal routing table of R2
R2#r e
1.0.0.0/22 is subnetted, 1 subnets
D 1.1.0.0 [90/2297856] via 131.1.12.1, 00:02:01, Serial0/0.12
D EX 200.1.1.0/24 [170/2560512256] via 131.1.12.1, 00:02:01, Serial0/0.12
D EX 11.0.0.0/8 [170/2560512256] via 131.1.12.1, 00:02:01, Serial0/0.12
R2#
On R2 we received the following from R1:
- static routes of R1
- connected but summarized routes of R1 – EX 11.0.0.0/8
- External IGP routes (from R1’s RIP) – EX 200.1.1.0/24
Now we will demonstrate the EIGRP stub feature.
In this scenario we will configure R1 for EIGRP stub feature.
R1(config)#router eigrp 100
R1(config-router)#?
Router configuration commands:
eigrp EIGRP specific commands
R1(config-router)#eigrp ?
stub Set IP-EIGRP as stubbed router
R1(config-router)#eigrp stub ?
connected Do advertise connected routes
leak-map Allow dynamic prefixes based on the leak-map
receive-only Set IP-EIGRP as receive only neighbor
redistributed Do advertise redistributed routes
static Do advertise static routes
summary Do advertise summary routes
Here we will demonstrate the following options:
connected Do advertise connected routes
leak-map Allow dynamic prefixes based on the leak-map
receive-only Set IP-EIGRP as receive only neighbor
redistributed Do advertise redistributed routes
static Do advertise static routes
summary Do advertise summary routes
Results:
ORIGINAL Routing table on R2:
R2#show ip route e
1.0.0.0/22 is subnetted, 1 subnets
D 1.1.0.0 [90/2297856] via 131.1.12.1, 00:02:01, Serial0/0.12
D EX 200.1.1.0/24 [170/2560512256] via 131.1.12.1, 00:02:01, Serial0/0.12
D EX 11.0.0.0/8 [170/2560512256] via 131.1.12.1, 00:02:01, Serial0/0.12
R2#
%DUAL-5-NBRCHANGE: IP-EIGRP(0) 100: Neighbor 131.1.12.1 (Serial0/0.12) is down: Interface Goodbye received
R2#r e
%DUAL-5-NBRCHANGE: IP-EIGRP(0) 100: Neighbor 131.1.12.1 (Serial0/0.12) is up: new adjacency
2. eigrp stub connected
R1(config-router)#eigrp stub connected
R2#show ip route e
1.0.0.0/24 is subnetted, 4 subnets
D 1.1.0.0 [90/2297856] via 131.1.12.1, 00:00:05, Serial0/0.12
D 1.1.1.0 [90/2297856] via 131.1.12.1, 00:00:05, Serial0/0.12
D 1.1.2.0 [90/2297856] via 131.1.12.1, 00:00:05, Serial0/0.12
D 1.1.3.0 [90/2297856] via 131.1.12.1, 00:00:05, Serial0/0.12
R2#
Result of R1(config-router)#eigrp stub summary on R2:
R2#show ip route e
1.0.0.0/22 is subnetted, 1 subnets
D 1.1.0.0 [90/2297856] via 131.1.12.1, 00:00:05, Serial0/0.12
Result of R1(config-router)#eigrp stub static on R2:
R2#show ip route e
D EX 11.0.0.0/8 [170/2560512256] via 131.1.12.1, 00:00:01, Serial0/0.12
Result of R1(config-router)#eigrp stub receive-only on R2: – NOTHING IS RECEIVED!
R2#show ip route e
R2#
Gets?
Posted by: Mar Apuhin | September 3, 2009
Show and tell (part 1 of many)
Configure R5 to have an output the same as below:
R5#sh queueing int f0/0 Interface FastEthernet0/0 queueing strategy: random early detection (WRED) Random-detect not active on the dialer Exp-weight-constant: 9 (1/512) Mean queue depth: 0 class Random drop Tail drop Minimum Maximum Mark pkts/bytes pkts/bytes thresh thresh prob 0 0/0 0/0 20 40 1/10 1 0/0 0/0 22 40 1/10 2 0/0 0/0 24 40 1/10 3 0/0 0/0 26 40 1/10 4 0/0 0/0 28 40 1/10 5 0/0 0/0 31 40 1/10 6 0/0 0/0 33 40 1/10 7 0/0 0/0 35 40 1/10 rsvp 0/0 0/0 37 40 1/10 R5#sh queueing int f0/1 Interface FastEthernet0/1 queueing strategy: fair Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: Class-based queueing Output queue: 0/1000/64/0 (size/max total/threshold/drops) Conversations 0/1/256 (active/max active/max total) Reserved Conversations 0/0 (allocated/max allocated) Available Bandwidth 75000 kilobits/sec R5#sh policy-map int f0/1 FastEthernet0/1 Service-policy output: WRED Class-map: class-default (match-any) 25550 packets, 2163646 bytes 5 minute offered rate 0 bps, drop rate 0 bps Match: any Queueing Flow Based Fair Queueing Maximum Number of Hashed Queues 256 (total queued/total drops/no-buffer drops) 0/0/0 exponential weight: 9 class Transmitted Random drop Tail drop Minimum Maximum Mark pkts/bytes pkts/bytes pkts/bytes thresh thresh prob 0 13809/1396426 0/0 0/0 20 40 1/10 1 0/0 0/0 0/0 22 40 1/10 2 0/0 0/0 0/0 24 40 1/10 3 0/0 0/0 0/0 26 40 1/10 4 0/0 0/0 0/0 28 40 1/10 5 0/0 0/0 0/0 30 40 1/10 6 11741/767220 0/0 0/0 32 40 1/10 7 0/0 0/0 0/0 34 40 1/10 rsvp 0/0 0/0 0/0 36 40 1/10 R5#Answer: (highlight to answer)
interface FastEthernet0/0 random-detect interface FastEthernet0/1 service-policy output WRED policy-map WRED class class-default fair-queue random-detect
Posted in CCIE
Posted by: Mar Apuhin | September 2, 2009
Which FILTER is the most appropriate?
Configure R5 so that these hosts can only use
normal HTTP applications from 9am – 5pm Monday – Friday. All traffic should be dropped during the hours outside of this.
R5:
interface FastEthernet0/1
ip access-group FILTER1 in
!
ip access-list extended FILTER1
permit tcp any any eq www time-range WORK_HOURS
deny ip any any
!
time-range WORK_HOURS
periodic weekdays 9:00 to 17:00
or
R5:
interface FastEthernet0/1
ip access-group FILTER2 in
ip access-list extended FILTER2
permit tcp any any eq www time-range WORK_HOURS
deny tcp any any eq www
permit ip any any
time-range WORK_HOURS
periodic weekdays 9:00 to 17:00
Which FILTER is the most appropriate?
Posted in CCIE
Posted by: Mar Apuhin | August 17, 2009
Effects of disabling spanning-tree STP between two path switches.
During my lab sessions I tried to disable STP between 2 switches with 2 links connected in parallel. These are the effects of disabling spanning tree between two path switches.
Rack1SW3(config)#no spanning-tree vlan 1363
Rack1SW3(config)#
*Mar 2 12:38:37.862: %SW_MATM-4-MACFLAP_NOTIF: Host 0014.f2ef.f300 in vlan 1363 is flapping between port Fa0/20 and port Fa0/21
Rack1SW3(config)#
*Mar 2 12:38:47.834: %SW_MATM-4-MACFLAP_NOTIF: Host 0014.f2ef.f300 in vlan 1363 is flapping between port Fa0/20 and port Fa0/21
Rack1SW3(config)#
*Mar 2 12:39:02.994: %SW_MATM-4-MACFLAP_NOTIF: Host 0014.f2ef.f300 in vlan 1363 is flapping between port Fa0/20 and port Fa0/21
Rack1SW3(config)#
After putting the switcport backup interface
Rack1SW4(config-if)#switchport backup interface f0/21
*Mar 2 12:41:04.494: %SPANTREE-6-PORTDEL_ALL_VLANS: FastEthernet0/20 deleted from all Vlans
*Mar 2 12:41:04.494: %SPANTREE-6-PORTDEL_ALL_VLANS: FastEthernet0/21 deleted from all Vlans
Rack1SW4(config-if)#switchport backup interface f0/21?
:
Rack1SW4(config-if)#switchport backup interface f0/21 ?
mmu mac-address move update
preemption preemption parameters
prefer load-balancing
Posted by: Mar Apuhin | August 14, 2009
The Proper CCIE Study Approach
• The first step is to get a basic
understanding
• The second step is to gain hands-on
experience to reinforce and expand your
understanding
• The third step is to gain an expert level of
understanding
• The fourth step is to finally gain the expert
level hands-on experience
