Advanced Boot Camp Day 1 To 4

Advanced Boot camp
Day 1 to Day 4
Technology Labs
CCIE Routing and Switching Boot Camp Day 1 to 4 Lab Page 1 of 136
2008 Network Learning, Inc. All Rights reserved Unauthorized dulication is a violation o! "ederal Law.
Day 1
Switching
In order to properly configure switches for the CCIE Lab examination the subsequent topics
and configurations must be understood. At the time of writing this Technology workbook
!""#s and !"$#s were co%resident in the &'( Lab. )owe*er by the time of reading this
document you may ha*e + x !"$#s in your lab. Thus !"$#s are used in the following section
labs and for explanatory purposes.
MAC Address expiration
All modern Cisco switching platforms store and forward Ethernet frames and need to build a
Content Addressable ,emory -CA,. table to understand which source ,ac addresses are
connected to which ports. If a switch does not ha*e a CA, table entry for a destination ,ac
address it must forward the frame out e*ery port. /eedless to say forwarding unicast
multicast and broadcast to e*ery switch port could cause security as well as bandwidth
issues. In *olume II we discuss the security issues in great detail but for now we will use the
,ac address expiration to limit the chances of forwarding traffic out e*ery port. (ome de*ices
can not or will not send gratuitous A&0s on regular inter*als1 therefore there is a chance their
dynamically learned ,ac%addresses may be remo*ed from the CA, table. Instead of allowing
the switch to forward traffic destined to this de*ice out e*ery switch port the ,ac address
aging timer can be increased from the default -!## seconds. to a greater *alue.
Switch(config)# mac address-table aging-time 4000 (increases timer to a little
over an hour)
0 This *alue disables aging. (tatic address entries are ne*er aged or remo*ed
from the table.
2#%2###### Aging time in seconds. The range is 2# to 2###### seconds.
vlan *lan%id -3ptional. (pecify the 4LA/ I5 to which to apply the aging time. The range
is 2 to +#6+.
STATC Mac addresses
7nfortunately there are some de*ices that can ne*er send gratuitous A&0s to the switch. 8or
these de*ices we can statically configure their ,AC Addresses to a*oid flooding.
Switch(config)# mac address-table static 1234.1234.1234 vlan 4 interface
gigabitethernet0/2
mac%addr 5estination ,AC address -unicast or multicast. to add to the address table.
0ackets with this destination address recei*ed in the specified 4LA/ are
forwarded to the specified interface.
vlan *lan%id (pecify the 4LA/ for which the packet with the specified ,AC address is
recei*ed. The range is 2 to +#6+.
interface
interface%id
Interface to which the recei*ed packet is forwarded. 4alid interfaces include
physical ports and port channels.
Another useful *ariant of the static command is the drop option. 9y including the keyword
drop than unicast ,AC address filtering will allow the switch to drop traffic with a specific
source or destination ,AC address. :hy only unicast you may ask; This is because multicast
creates a multicast ,ac%address by using the last <!bits of the ,ulticast I0 address and
starting with #2##"E. 8or example the multicast address of <!6.<"".#.2 translates to a ,ac%
address of #2##"E=8###2. (econdly broadcast would also be exempt because they always go
to a destination ,ac%address of 8888.8888.8888.
To block -filter. a ,ac%address in a switch we would configure something like this>
Switch(config)# mac address-table static 1111.1111.1111 vlan 2 drop
!LA"S
)ey here is a topic that should be pretty familiar. If not than please read this brief
explanation. A 4irtual Local Area /etwork -4LA/. is simply a broadcast domain. In other
words a 4LA/ is a layer < boundary. Typically a 4LA/ is associated with a Layer ! subnet but
in reality they are independent. 8or example on a (4I -(witched 4irtual Interface. A?A
-interface 4LA/ . I can configure a primary subnet -I0 Address. and se*eral secondary I0
addresses. :hat we do find with 4LA/s at least with !""# or !"$# switches in particular is
that this broadcast domain is usually mapped to an instance of (panning Tree or 04(T.
To configure 4LA/s we need to add them to the 4LA/ database. 5epending on the switch
model this is performed from the global configuration or from the 4LA/ 5ATA9A(E prompt
-depreciated.. 4irtual Trunk 0rotocol -4T0. adds some automation to this process but for now
we assume we are in the default (er*er ,ode and can manually add 4LA/s to the 4LA/
database.
The recommended method for adding 4LA/s when possible is from the global configuration
prompt.
switch(config)# vlan 100
switch(config-vlan)# name VOIC
switch(config-vlan)# e!it
To assign the new *lans to a switch port you must configure the following>
switch(config)# int fa0/1
switch(config-if)# s"itchport mode access
switch(config-if)# s"itchport access vlan 100
Tr#n$s
:ith trunks we can than transport the 4LA/s we ha*e created o*er a single uplink. Trunks are
said to carry multiple colors or tags. :ith @#<.2A trunks all *lans are tagged except for the
/ati*e 4lan. 9y default the /ati*e 4lan is 4LA/ 2 but this can be changed. )owe*er use the
same nati*e *lan on both ends of the trunk. 3ptionally 4LA/s can be remo*ed -pruned.
completely from a trunk if they are not required to tra*erse the switch.
Basic Configuration:
switch(config)# int fa0/1
switch(config-if)# s"itchport tr#n$ encaps#lation dot1%
switch(config-if)#s"itchport tr#n$ native vlan &&&
switch(config-if)# s"itchport mode tr#n$
switch(config-if)# s"itchport tr#n$ native vlan 100
Static VLA B!oc"ing:
switch(config-if)# s"itchport tr#n$ allo"ed vlan add '2(3(4)
switch(config-if)# s"itchport tr#n$ allo"ed vlan remove '*)
As mentioned earlier normally a nati*e 4LA/ is not tagged for tra*ersing a trunk. This allows
the nati*e 4LA/ to function as a static access 4LA/. If for some reason the Trunk -on auto
or desirable. were not working than the nati*e 4LA/ would still pass traffic. Contrary to this
beha*ior ser*ice pro*iders can tag their customerBs nati*e 4LA/ so that it can be tunneled
o*er a pro*iderBs leased Ethernet ser*ice.
If we needed to tag nati*e 4LA/ traffic into a pro*iderBs connection we would configure the
following on the customer edge switch>
Switch# config#re terminal
Switch (config)# vlan dot1% tag native
Switch (config)# end
!T%
Cisco pro*ides the 4LA/ Trunking 0rotocol -4T0. to automate the configuration of 4LA/s. If
you recall from the pre*ious 4LA/ section in order to add a 4LA/ to a switch we needed to
add the 4LA/ to the switchBs 4LA/ database. This exercise could be daunting if we had 2##
switches in a large office building. Instead of configuring each switch to support se*eral
4LA/( with 4T0 you only ha*e to create the 4LA/s on a switch configured as a ser*er and
allow the other switches to dynamically learn the 4LA/s o*er their trunks. 9est practice is to
run these other switches in a read only client mode. If more than one switch is configured as
a ser*er than the switch with the highest re*ision number would control the 4LA/ database.
Transparent mode is a third option that is used to allow 4T0 information to pass%through a
switch but that specific switch will ignore the 4T0 and refer to its own manually assigned
4LA/s.
It is important to remember that all switches by default are 4T0 ser*ers. The 4T0 ser*er is
where you would create remo*e or modify 4LA/s. If for some reason you remo*e a switch
from a lab or spares en*ironment that was configured as a ser*er and then introduce the
switch into the production network e*en if for only a few minutes before you reconfigure it as
a client if it has a higher re*ision number it will take control of the 4T0 database.
This 4T0 ser*er sends ad*ertisements across the 4T0 domain e*ery " minutes or whene*er a
change is made in the 4LA/ database. The ad*ertisement contains all the different 4LA/
names 4LA/ numbers what switches ha*e ports in what 4LA/s and a re*ision number.
:hene*er a switch recei*es an update with a larger re*ision number than the last one it
applied it applies that re*ision.
4T0 switches can operate in three different modes>
Server C the default where all 4LA/ adds changes and remo*als are allowed
Client C where no changes can be made only new re*isions can be recei*ed from the
4T0 ser*er switches.
Transparent C where local 4LA/ information can be changed but that information is
not sent out to other switches. Transparent switches also do not apply 4T0
ad*ertisements from other switches but they do forward those ad*ertisements on.
4T0 pruning is the process of not sending unnecessary broadcast traffic for 4LA/s to switches
that do not ha*e any ports assigned to those 4LA/s. 0runing sa*es bandwidth because
broadcasts donBt ha*e to be sent to switches that donBt need them to configure 4T0 you use
the *tp global configuration mode command. :ith this command you can specify the
following>
VTP domain C the name of the 4T0 domain. All switches communicating with 4T0 in
the same domain must ha*e the same 4T0 domain name.
VTP mode C either ser*er client or transparent
VTP password C a password to control who can and cannot recei*e 4T0 information
VTP pruning C 4T0 pruning is either turned on or off
VTP version C 9e aware that most switches do not support 4!
CCIE Routing and Switching Boot Camp Day 1 to 4 Lab Page # of 136
D/ote the 4T0 password is highly recommended to a*oid switches from accidentally becoming
a 4T0 ser*er.
&ther'channel
Ether%channel allows a Cisco switch to bond together up to @ Ethernet ports into a single
channel. An Ether%channel uses a single port for spanning%tree purposes. If a link in the
channel were to fail than Ethernet frames would simply be forwarded across another port in
the channel without relearning the spanning%tree topology. In addition to failo*er and
redundancy ether%channels can be configured to pro*ide load balancing across each port in
the channel.
Ether%channels send traffic load across the links in a channel con*erting the frame from binary
to a new numeric *alue from source or destination ,ac%address or I0 address. The selected
mode weather it is I0 or ,ac%address is applied to all Ether%channels configured on the
switch.
If you configured load balancing based on source ,ac%addresses than different de*ices based
on their source ,ac%address would be distributed across each port per de*ice. 8or example
the first de*iceBs source ,ac%address would be forwarded on the first port of the Ether%
channel while the second de*ice would be forwarded out the second port of the Ether%
channel.
:hile source ,ac%address load balancing works well for equally distributing traffic across
Ether%channel ports because there are multiple 0C de*ices -sources. going to *arious
destinations 5estination ,ac%address load balancing works well with multiple ser*ers or
gateways that are accessed by 0Cs In other words traffic destined to each ser*er would use
a separate port in the Ether%channel.
If there is a mixture of end 0C de*ices and ser*ers than source%and%destination ,ac%address
forwarding is the best method for load balancing. 3f course ,ac%address based load
balancing is intended for layer Ether%channels. If we were configuring load balancing for layer
! Ether%channels we would simply use source I0 destination I0 or sourceEdestination load
balancing depending on the same scenarios as the ,ac%address load balancing.
%ort Aggregation %rotocol
0ort Aggregation 0rotocol -0Ag0. is a Cisco proprietary method of automatically creating
Ether%channel links. 0Ag0 packets are sent between Ethernet ports in order to negotiate the
forming of Ethernet%channels. 0Ag0 can not work properly on the following configurations>
5ynamic 4LA/s.
5ifferent speeds or port duplex..
The 0Ag0 modes are explained below.
1. on> 0Ag0 will not run. The channel is forced to come up.
2. off> 0Ag0 will not run. The channel is forced to remain down.
3. auto> 0Ag0 is running passi*ely. The formation of a channel is desired1 howe*er
it is not initiated.
desirable> 0Ag0 is running acti*ely. The formation of a channel is desired and initiated.
Lin$ Aggregate Control %rotocol (LAC%)
LAC0 is a standards based -IEEE @#<.!ad. method for configuring Ether%channels. LAC0
supports four modes of operation>
3n> ,anual with no without any LAC0 negotiation
3ff> The link aggregation will not be formed.
0assi*e> The switch does not initiate the channel but does understand inbound LAC0
packets. The peer -in acti*e state. initiates negotiation -when it sends out an LAC0
packet. which we recei*e and answer e*entually to form the aggregation channel with
the peer. 0.
Acti*e> The link aggregate will be formed if the other end runs in LAC0 acti*e or
passi*e mode. This is similar to the desirable mode of 0Ag0.
As mentioned pre*iously both LAC0 and 0Ag0 are used to dynamically pro*ision Ethernet
ports as Ether%channels. If the Ether%channel is manually pro*isioned by using the mode FonG
key word than neither LAC0 nor 0ag0 is used. In any case load balancing using source ,ac%
address destination ,ac%address sourceEdestination mac%address or source destination
sourceEdestination I0 addressing can be use with all methods.
The following global configuration example displays the load balancing choices a*ailable to
Ether%channels>
CCIE Routing and Switching Boot Camp Day 1 to 4 Lab Page $ of 136
The following is an example of a 0Ag0 Layer < Ether%channel configuration>
Layer 2
switch-config.H interface range fastEthernet0/ ! "
switch-config%if%range.H switchport mode access
switch-config%if%range.H switchport access vlan #00
switch-config%if%range.H channel!group # mode desira$le
The following is an example of a LAC0 Layer ! Ether%channel configuration>
Layer %
switch-config.H int port!channel #
switch-config%if.H no switchport
switch-config%if.H ip add #0&#&#&# 2&2&2&0
switch-config.H interface range fastEthernet 0/2 ' (
switch-config%if%range.H no switchport
switch-config%if%range.H channel!group # mode active(panning Tree
Spanning Tree
9y default the Cisco switch uses @#<.2d 0er 4LA/ spanning tree for each configured 4LA/.
This fla*or of (panning tree is notoriously slow. Typically @#<.2d takes "# seconds for ports
to complete the " state -5isabled 9locking Listening Learning and 8orwarding. and to build
the tree to the root bridge. 9ecause of this slowness port fast is used to disable listening and
learning states for ports with end stations connected and uplink fast is used for ports
connected between switches. E*en with these impro*ements @#<.2w &apid (panning Tree
-&(T0. is the configuration of choice for new deployments.
&(T0 only has three port states -5iscarding Learning and 8orwarding. and is able to
con*erge with a few seconds. &(T0 also has included two new port roles -Alternate port and
9ackup 0ort..
/ow take a step back and allow us to drill down into @#<.2d so we can further analyIe the
impro*ements of @#<.2w.
In all *ersions of (panning Tree we need a root bridge for each 4LA/. The following example
pro*ides the a*ailable options for setting the &oot>
switch-config.Hspanning!tree vlan 2 root primary )macro*
or
switch-config.H spanning!tree vlan 2 priority (0+,
The lower the priority -bridge. is more preferable to become the &33T
The switch that is designated as &33T only has designated ports to other connected switches.
The other switches -non%root. ha*e root ports to the connections that are closest to the &33T
switch as well as designated ports connected to other switches with a longer path back to the
&33T. 9ecause of a loop free topology when using spanning tree path costs and port
CCIE Routing and Switching Boot Camp Day 1 to 4 Lab Page % of 136
priorities are used to determine which switch and port needs to be blocked. 8or e*ery 4LA/
one port in a redundant patch must be blocked.
(panning tree calculates the longest path from &33T and determines the switch to be
blocked. This beha*ior can be o*erridden by manipulating the path costs and additionally
changing port priorities to manipulate which port -linear. on the longest path is chosen to be
blocked. Jou will notice in this example the layer < patch with a longer path cost of !# is
chosen as the segment to block. 9y manually configuring a higher port priority on (:! the
port on (:+ will be blocked.
Spanning Tree Diagram
&(T0 must also designate a &33T as well as calculating path costs and port priorities.
)owe*er instead of optionally enabling uplink fast to reduce the time to failo*er to redundant
uplinks @#<.2w has added Alternati*e and 9ackup ports. In the next example an additional
path was added between (:! and (:+. This new uplink can forward frames and if for some
reason it were to fail the alternati*e and backup port which are blocking would then
immediately start forwarding frames. This beha*ior is *ery similar to uplink fast in @#<.2d.
CCIE Routing and Switching Boot Camp Day 1 to 4 Lab Page & of 136
*ST% Diagram
S%A"+*S%A"
The (witch 0ort AnalyIer -(0A/. is used to monitor traffic from 4LA/s andEor Ethernet ports
on a switch. A *ery common application for this configuration is to connect a passi*e intrusion
detection system -I5(. or packet sniffing application. Ethereal is packet sniffing software that
can be downloaded from> http>EEwww.ethereal.comEdownload.html. In addition to capturing
traffic from a connected switch &(0A/ can be used to capture traffic from remote switch
connected to the destination -sniffing port. with a dot2q trunk.
The following example displays how to configure a remote span session>
Switch #
switch2-config%*lan.H vlan
switch2-config%*lan.H name remote!span
switch2-config%*lan.Hremote!span
switch2-config.- monitor session # source interface .a0/# $oth
switch2-config.- monitor session # destination remote vlan
S'itc( 2
switch2-config.- monitor session # source vlan r/
switch2-config.- monitor session # destination interface fastEthernet 0/#2
CCIE Routing and Switching Boot Camp Day 1 to 4 Lab Page 1) of 136
Controlling Telnet Access
Telnet is controlled from the 4TJ lines. The following configuration does not require a
password to access the de*ice with pri*ilege 2" access rights but limits access to the 4TJ line
to only the protocol Telnet from only the 2.2.2.2 I0 address.
line vty 0 (
access!class # in
e/ec!timeout 20 0
privilege level #
no login
transport input telnet
access!list # permit #&#&#&#
To hide addresses while trying to establish a Telnet session from the router or switch use the
service hide!telnet!address global command.
To a*oid the router from sending information to an idle telnet session use the ser*ice telnet!
0eroidle command. 5ata transfer is resumed if the logged in 4TJ user enters the resume
command for the idle session.
/ormally telnet only sends one character at a time. The service nagle command can
impro*e performance by sending multiple characters in each telnet packet.
Strom Control
This technique is used to pre*ent switch ports being o*erloaded by a broadcast multicast or
unicast traffic on a per port basis. (torm control creates threshold so excessi*e traffic is
dropped until traffic drops below threshold. The thresholds are set as a percentage of the
interface. 8or example if the traffic is set to 2## it is always permitted and if it were set to #.#
than that type of traffic is ne*er permitted. The following example illustrates how different
thresholds are set for unicast broadcast and multicast traffic.
switch-config%if.H storm!control $roadcast level 2
switch-config%if.H storm!control unicast level 2
switch-config%if.H storm!control multicast level 20
Bloc$ing
9locking pre*ents unicast or multicast from being flooded into the port when enabled. The default
beha*ior of a switch is to forward the packets with unknown destination ,AC addresses to all its ports.
This might not always be desirable especially in terms of security. If you configure a port block feature
then depending on what type of traffic you specified unicast or multicast packets are not forwarded
from one port to another
switch-config%if%range.Hswitchport block ;
multicast 9lock unknown multicast addresses
unicast 9lock unknown unicast addresses
%rotected %orts
0ri*ate 4LA/s will be discussed in 4olume II. 3ne thing to note about 0ri*ate 4LA/ is that
they can not co%exist with 4T0 *ersion < or lower. A workaround for this limitation is to
configure a switch in Transparent 4T0 mode. If for some reason the switch must be a 4T0
ser*er than protected ports can be used in a limited manner to pro*ide a subset of the same
isolation.
A protected port feature is used in those en*ironments where no traffic can be forwarded
between two ports on the same switch. This way one neighbor connected to one port does
not see the traffic that is generated by another neighbor connected to the second port. The
blocking of traffic -unicast broadcast or multicast. only works when both ports are protected.
:hen a protected port is communicating with an unprotected port the traffic is forwarded in
the usual manner. 3nce the ports are protected traffic between them can only be forwarded
by a Layer ! de*ice.
(w<-config%if%range.Hint range f0/#0 !##
(w<-config%if%range.Hswitchport protected
,-./10 a#thentication
IEEE @#<.2x is simply a standard for passing EA0 o*er a wired or wireless LA/.
EA0 -Extensible Authentication 0rotocol. traffic is used to authenticate wirelesses de*ices
using supplicants but also functions o*er wired media. The @#<.2K authentication using EA0
allows for switch le*el port authentication.
In order to authenticate the actual de*ices andEor users to an external database the switch is
required to use radius. &adius is the only authentication method supported as of now.
The switch works as a proxy between the client and the radius authentication ser*er. The
switch encapsulates and de%encapsulates the EA0 frames from the client into radius packets
.
0rior to authentication the switch ports start in the unauthoriIed state. This state disallows
ingress and egress traffic except @#<.2x packets. :hen a client gets authenticated the port
transitions to the authoriIed state. If the client doesnBt support @#<.2x the port stays in the
unauthoriIed state and no traffic is allowed on the switch.
The following states are supported by Cisco switches>
8orce%authoriIed> It bypasses the authentication state and all traffic is allowed.
8orce%7nauthoriIed> The port remains in unauthoriIed state regardless of clients
attempt to get authenticated.
Auto> Enables @#<.2x authentication the switch identifies the client by the ,AC
address.
This e/ample shows how to ena$le 111 and "02&#2 on .ast Ethernet port 0/#3
switch-config.H aaa new!model
switch-config.H aaa authentication dot#/ default group radius local
switch-config.H dot#/ system!auth!control
switch-config.H interface fastethernet 0/#
switch-config%if.H dot#/ port!control auto
switch-config%if.H end
switchH configure terminal
switch-config.H ip radius source!interface Vlan
switch-config.H radius!server host #0&#&#&#
switch-config.H radius!server 4ey cisco
switch-config.H end
Macros
,acros can be used to group common switch configurations together. ,acros along with the
interface%range command helps to reduce the amount of effort needed to deploy switches.

)ere is useful ,acro to be used in the switches for a ping script.

Sw1(config)#macro name P*+
Enter macro commands one per line. End with the character '@'.
do ping 142.22.12.1
do ping 142.22.13.1
do ping 144.21.1.1
do ping 1!.1.2".2
do ping 142.22.12.2
@
Sw1(config)# S'1,config-.macro g!oba! app!y P*+
Switching LAB
Scenario
This is the first Lab in a series of Labs that will build on themsel*es.
There is no need for initial configurations $ecause this first la$ will construct the
Layer 2 topology to $e used for all other la$s in Volume 5 of this technology
wor4$oo4. Please save your configurations after each la$ to avoid any rewor4 when
progressing to other la$s.
The point of this Lab is to build a new infrastructure for Turn%?ey Inc. This company has hired
you to interconnect -+. branch locations and -<. data centers. In addition to the internal :A/
there are two separate connections one each to two different I(0s. Turn%key has decided to
connect all internal sites with both frame relay and leased Ethernet. ,any Layer < issues will
be encountered in 9ranch -2. which is a large campus site with many 0C users. As the
integrator Turn%key is depending on you to translate their tasks -requirements. into a fully
functional system. Each Lab will include se*eral tasks that build towards a completed proLect.
The Turn%key network should be fully functional and tested after completion of all labs. The
maLority of the Tasks will draw from the Technology section of this workbook and lectures.
)owe*er some questions marked with F9onusG may ha*e not been co*ered in the lecture and
is meant to test your search skills on the Cisco web site.
0lease refer to> http>EEwww.cisco.comEuni*ercdEhomeEhome.htm. As the labs progress less
and less support information is pro*ided in the introduction section of the lab.
Topology
As pre*iously mentioned LA9 2 will build the Layer < infrastructure. At 9ranch 2 we will ha*e
a mixed L< and L! en*ironment. This is due to some de*ices needing so span 4LA/s across
the campus. In the I58 -Access Layer. some 4LA/s will be routed and others Trunked to the
C3&E.
In addition to the campus network at 9ranch -2. we will also build a 4LA/ between se*eral of
the routers to imitate a Leased Ethernet ser*ice.
This Topology is supported inn CC933TCA,0Bs rack rentals but should also work in other
&ack &ental sites or a home lab with -+. !"$# switches and -@. routers. The next page
pro*ides the physical Ethernet topology. As you progress to Lab < and others the topology
will include 8rame%relay and logical I0 addressing and &outing information.
%hysical Diagram
CCIE Routing and Switching Boot Camp Day 1 to 4 Lab Page 1# of 136
Switch1 Tas$s
Tas4 # )6asic VL17*3 Configure (:2 such that it pro*ides the database for the 4LA/s in
the following table. All other switches should learn the 4LA/s from (:2. 7se a control
mechanism to pre*ent new switches from accidentally controlling the 4LA/ database when
added into the network. Also add the appropriate hostnames and interface descriptions to all
de*ices based on the diagram.
#$%& #$%& &ame
2 V!an2/rspan
3 V!an3/trun"e0
4 V!an4/trun"e0
# V!an#/s'1tos'2
6 V!an6/s'1tor1
$ V!an$/s'2tor1
% V!an%/s'1tos'3
& V!an&/s'3tos'4
1) V!an1)/Lease0
11 V!an11/s'2tos'4
Tas4 2 )Load 6alance and Trun4s*3 4lan ! and + should be trunked on a pair -<. of ports
between e*ery switch. Ensure that this pair of ports is manually configured not dynamic.
9oth 4LA/ ! and + ha*e se*eral clients in the I58 that connect to the C3&E for a single
default gateway. Configure load balancing that would best distribute traffic across all layer <
ports for 4lan ! and +. 4lans ! and + are allowed on e*ery Trunk howe*er Turn%key would
like to limit unneeded broadcast on the Trunks as well as only allowing 4lan ! + and the
interconnect 4LA/ on each trunk. The interconnect 4LA/ should ha*e a (4I on the switch and
be configured to not be tagged on the trunk. 8or example 4LA/ 6 is the interconnect 4LA/
between sw! and sw+.
Tas4 % )Spanning Tree*3 Configure spanning tree such that (w2 is the root for 4lan !@ and
(w< in the root for 4lan +22. 6onus3 Ensure no other switch besides (w2 or (w< will e*er
be able to become root for these 4LA/ -!+@ and 22.s.
,anipulate (T0 so that ports 8#E<2 << -0o2. on sw! are blocked for 4lan ! and +. In order
to reduce failo*er times con*ert the (T0 configuration from @#<.2d to @#<.2w 04(T.
Tas4 ( )8ac 1ddresses*3 Turn%key Inc. desires to pre*ent unnecessary unicast traffic from
being flooded out switch ports. Configure the switch to best pre*ent flooding based on the
following table.
8ac 1ddress Switch Vlan 5ssue
2222.2222.2222 ! f#E22 ! Mratuitous A&0 e*ery
!# min
222<.222<.222< + f#E22 ! /e*er sends
Mratuitous A&0
2<!+.2<!+.2<!+ All + 5etected as rogue
de*ice and desire to
not forward it.
8or a ser*er connected to (w< f#E2$ we want to make sure no unknown unicast are e*er
flooded into this port.
Tas4 )8onitoring*3 Turn%key would like to connect a packet sniffer to 8#E2" on sw! to
analyIe the 4LA/2# traffic on &<. Configure a session to allow for these connections.
Tas4, )5P 1ddresses*3 Configure I0 addresses based on the following table>
D/ote *irtual I0 addresses will be used later.
VL17 VL17 7ame 9evice 5P
< 4lan<Nrspan
! 4lan!Ntrunked (w2
(w<
*irtual
2#.!.!.2E<+
2#.!.!.<E<+
2#.!.!.<"+E<+
+ 4lan+Ntrunked (w2
(w<
*irtual
2#.+.+.2E<+
2#.+.+.<E<+
2#.+.+.<"+E<+
" 4lan"Nsw2tosw< (w2
(w<
2#.".".2E!#
2#.".".<E!#
$ 4lan$Nsw2tor2 (w2
&2
2#.$.$.2E!#
2#.$.$.<E!#
= 4lan=Nsw<tor2 (w<
&2
2#.=.=.2E!#
2#.=.=.<E!#
@ 4lan@Nsw2tosw! (w2
(w!
2#.@.@.2E!#
2#.@.@.<E!#
6 4lan6Nsw!tosw+ (w!
(w+
2#.6.6.2E!#
2#.6.6.<E!#
2# 4lan2#NLeased (w2
&<
&!
&+
&"
&$
&6 A?A 992
26<.2$@.2#.2E<+
26<.2$@.2#.<E<+
26<.2$@.2#.!E<+
26<.2$@.2#.+E<+
26<.2$@.2#."E<+
26<.2$@.2#.$E<+
26<.2$@.2#.6E<+
22 4lan22Nsw<tosw+ (w<
(w+
2#.22.22.<E!#
2#.22.22.2E!#
Tas4: )"02&#/*3 Ensure sw! 8#E2" is authenticated with @#<.2x. There is no &adius
a*ailable so create a local userEpass userEcisco and make it the fallback. 8or configuration
purposes point your switch to the radius ser*er at 26<.2$@.<.2#2. If you are using
CC933TCA,0 rack rental there is a &adius ser*er connected to (:2 8#E<+.
Tas4" )Telnet*3 3n the de*ices at the 9ranch location restrict telnet access to only de*ices
from 2#.#.#.#. 6onus3 only allow telnet access from @am to "pm ,onday through 8riday and
log it. Configure the 4TJ lines such that only telnet and (() are supported. 3n &2 configure
telnet so that multiple characters are transmitted in each telnet packet. If allowed from the
2#.#.#.# network users should ha*e le*el 2" pri*ileges without needing to log in.
CCIE Routing and Switching Boot Camp Day 1 to 4 Lab Page 1$ of 136
Switch1 Answers (Don2t pee$)
Try to complete these labs with minimal looking at the answers. The completed answers will
be pro*ided on a thumb dri*e.
Tas4 # )6asic VL17*3
The 4T0 and 4lan information was supposed to be configured on (:2>
Sw1(config)#'tp domain t(rn)e*
Sw1(config)#'tp mode ser'er
Sw1(config)#'tp password cisco
Sw1(config)#'lan 2
Sw1(config+'lan)#name #lan2,rspan ,same for ot(er V!ans-
The other switches <%+ were supposed to be 4T0 clients>
on the other switches>
Sw-(config)#'tp mode client
Sw-(config)#'tp domain t(rn)e*
Sw-(config)#'tp password cisco
In order to pre*ent accidental 4lan changes we set the 4T0 password to Cisco
The names and interface description should be based from the Table.
8or example>
interface #lan
description #lan,sw1tosw2
ip address 1!...2 2.2.2.22
To test your configuration issue the following commands>
Sw1#sh 'tp stat(s
#./ #ersion 0 2
1onfig(ration 2e'ision 0 13
4a-im(m #$%&s s(pported locall* 0 1!!
&(m5er of e-isting #$%&s 0 23
#./ 6perating 4ode 0 Ser'er
#./ 7omain &ame 0 t(rn)e*
#./ /r(ning 4ode 0 Ena5led
#./ #2 4ode 0 7isa5led
#./ .raps 8eneration 0 7isa5led
47 digest 0 !-31 !-31 !-"9 !-93 !-24 !-" !-:4 !-;1
1onfig(ration last modified 5* !.!.!.! at 3+1+33 !20!3042
$ocal (pdater <7 is 1!...1 on interface #l (lowest n(m5ered #$%& interface f
Sw1#'lan data
Sw1#'lan data5ase
Sw1('lan)#sh c(rrent
#$%& <S$ <d0 1
&ame0 defa(lt
4edia .*pe0 Ethernet
#$%& 9!2.1! <d0 1!!!!1
State0 6perational
4.=0 1!!
;ac)(p 12: 4ode0 7isa5led
CCIE Routing and Switching Boot Camp Day 1 to 4 Lab Page 1% of 136
2emote S/%& #$%&0 &o
#$%& <S$ <d0 2
&ame0 #lan2,rspan
#$%& 9!2.1! <d0 1!!!!2
State0 6perational
4.=0 1!!
2emote S/%& #$%&0 &o
#$%& <S$ <d0 3
&ame0 #lan3,tr(n)ed
#$%& 9!2.1! <d0 1!!!!3
State0 6perational
4.=0 1!!
2emote S/%& #$%&0 &o
#$%& <S$ <d0 4
&ame0 #lan4,tr(n)ed
#$%& 9!2.1! <d0 1!!!!4
State0 6perational
4.=0 1!!
2emote S/%& #$%&0 &o
#$%& <S$ <d0
&ame0 #lan,sw1tosw3
#$%& 9!2.1! <d0 1!!!!
State0 6perational
4.=0 1!!
2emote S/%& #$%&0 &o
#$%& <S$ <d0 >
&ame0 #lan>,sw1tor1
#$%& 9!2.1! <d0 1!!!!>
State0 6perational
4.=0 1!!
2emote S/%& #$%&0 &o
#$%& <S$ <d0 "
&ame0 #lan",sw2tor1
#$%& 9!2.1! <d0 1!!!!"
State0 6perational
4.=0 1!!
2emote S/%& #$%&0 &o
#$%& <S$ <d0 9
&ame0 #lan9,sw1tosw3
#$%& 9!2.1! <d0 1!!!!9
State0 6perational
4.=0 1!!
2emote S/%& #$%&0 &o
#$%& <S$ <d0 3
#$%& 9!2.1! <d0 1!!!!3
State0 6perational
CCIE Routing and Switching Boot Camp Day 1 to 4 Lab Page 1& of 136
4.=0 1!!
2emote S/%& #$%&0 &o
#$%& <S$ <d0 1!
&ame0 #lan1!,$eased
#$%& 9!2.1! <d0 1!!!1!
State0 6perational
4.=0 1!!
2emote S/%& #$%&0 &o
#$%& <S$ <d0 11
#$%& 9!2.1! <d0 1!!!11
State0 6perational
4.=0 1!!
2emote S/%& #$%&0 &o
Tas4 2 )Load 6alance and Trun4s*3 In this task we were supposed to configure manual
Ether%channels and trunks from the redundant inter%switch connections as specified on the
following lab diagram.
Sw10
port+channel load+5alance src+dst+mac
interface /ort+channel1
switchport tr(n) encaps(lation dot1?
switchport tr(n) nati'e 'lan
switchport tr(n) allowed 'lan 2+
switchport mode tr(n)
@
switchport tr(n) nati'e 'lan 9
switchport tr(n) allowed 'lan 2+4A9
@
@
interface :astEthernet!B13
channel+gro(p 1 mode on
@
interface :astEthernet!B2!
@
@
interface #lan1
no ip address
sh(tdown
@
interface #lan3
description #lan3,tr(n)ed
ip address 1!.3.3.1 2.2.2.!
@
interface #lan4
ip address 1!.4.4.1 2.2.2.!
@
interface #lan
description #lan,sw1tosw2
ip address 1!...1 2.2.2.22
@
interface #lan9
description #lan9,sw1tosw3
ip address 1!.9.9.1 2.2.2.22
8or the load balancing we needed source ,ac%address L9 closest to the 0C de*ices so that
each de*ice would be load balanced based on source ,ac addresses to equally use each port
in the Ether%channel.
3n (w! and (w+>
port+channel load+5alance src+mac
The other two switches (w2 and (w< need src%dst%mac because they will be the default
gateways for these de*ices.
Tas4 % )Spanning Tree*3 The following configurations were needed on the following de*ices
in order to set the &33T and 9locked ports per Task ! specifications>
Sw10
spanning+tree mode rapid+p'st
spanning+tree e-tend s*stem+id
spanning+tree 'lan 1A3A9 priorit* !
Sw20
spanning+tree 'lan 4A11 priorit* !
Sw30
spanning+tree 'lan 3 cost 2!!!!!!!!
@
Sw40
@

To configure the bonus than root guard was needed on (w!
spanning+tree g(ard root
@
interface :astEthernet!B2!
spanning+tree g(ard root
Tas4 ( )8ac 1ddresses*3 In the first part of this task we are changing the ,ac aging timer
to be in synch with how often the ser*er sends gratuitous A&0s.
Sw30
mac+address+ta5le aging+time 19!! 'lan 3
In the next section we must configure a static ,ac%address for a de*ice that is unable to send
gratuitous A&0s.
Sw40
mac+address+ta5le static 1112.1112.1112 'lan 3 interface :astEthernet!B11
The next requirement was to block a ,ac%address from all switches>
mac+address+ta5le static 1234.1234.1234 'lan 4 drop
The Last requirement was to make sure that unicast traffic going to mac%address destinations
not known in the CA, table were not flooded into (w< port f#E2$
interface :astEthernet!B1>
switchport 5loc) (nicast
Tas4 )8onitoring*3 The following configuration would setup a monitoring session on sw! to
sniff traffic toEfrom &< *lan 2#
Sw3
monitor session 1 destination interface :a!B1
monitor session 1 so(rce remote 'lan 2
Sw1
monitor session 1 so(rce interface :a!B2
monitor session 1 destination remote 'lan 2
Tas4, )5P 1ddresses*3 Configure I0 addresses per specifications.
Tas4: )"02&#/*3
Sw30
(sername (ser password ! cisco
aaa new+model
aaa a(thentication dot1- defa(lt gro(p radi(s local
dot1- s*stem+a(th+control
int f!B24
switchport access 'lan 3
switchport mode access
dot1- pae a(thenticator
dot1- port+control a(to
@
radi(s+ser'er host 132.1>9.2.1!1 a(th+port 1>4 acct+port 1>4>
radi(s+ser'er so(rce+ports 1>4+1>4>
radi(s+ser'er )e* cisco
Tas4" )Telnet*3 The first part of the Task asks us to restrict telnet or (() access to 2#.#.#.#
and gi*e those administrators pri*ilege le*el 2" when they log into the de*ices. In order to
configure the bonus this access must be restricted to ,on%8riday between 6am and "pm.
The following configuration on each de*ice would satisfy the abo*e requirements>
ip access+list e-tended telnet
permit ip 1!.!.!.! !.2.2.2 an* log time+range wee)da*s
time+range wee)da*s
periodic wee)da*s 90!! to 1"0!!
line 't* ! 4
access+class telnet in
pri'ilege le'el 1
transport inp(t telnet ssh
line 't* 1
access+class telnet in
pri'ilege le'el 1
transport inp(t telnet ssh
3n &2 configure telnet so that multiple characters are transmitted in each telnet packet.
210
ser'ice nagle
Day 1
3rame *elay
Basic 3acts
8rame &elay is a Layer < protocol.
(erial interfaces use 59%$# connectors.
Connection%oriented to transport data between a 5TE de*ice and a 8rame
&elay switch.
(imple error checking is pro*ided by appending a 8rame Check (equence
-8C(. to each frame -similar to a C&C..
/o error correction -error checking but no correctionOthatBs left to the
host..
8rame &elay uses )5LC 000 or I(5/ELA05 encapsulations.
,aximum speed of 8rame is +" ,bps.
Data Lin$ Connection denti4ier (DLC)
5LCIBs are assigned by the 8rame &elay circuit pro*ider and ha*e local significance only.
They pro*ide an identifier for the connection between the router at your site and the big
8rame &elay switch at the pro*ider. There is often confusion about this so to make it clearO
the 5LCI is used only between your site and the pro*iderBs point%of%presence it has no
significance beyond that.
5LCI states are>
9eleted;/o L,I signal is being recei*ed from switch or no ser*ice is
a*ailable from switch.
1ctive;Lines are up1 connections are acti*e. &outers are exchanging data.
5nactive;8rame relay switch to local connection is working. The remote
routersB connection to the frame switch is not working.
Local Management nter4ace (LM)
L,I pro*ides the control protocol for 04C setup and management. There are three types
a*ailable> Cisco A/(I and q.6!!a -default is Cisco.. The ser*ice pro*ider will specify the L,I
in use. L,IPs control data keepali*es and *erify the dataflow. The L,I type must be identical
between the local de*ice -router. and the local 8rame &elay switch1 it does not ha*e to be
identical for the end de*ices.
&ncaps#lation
The encapsulation choices are Cisco and IET8 with Cisco being the default. This designation
can be made through 5LCI. The encapsulation type must be identical at both end de*ices. If
Cisco de*ices are used across the entire network Cisco encapsulation will likely be the
encapsulation type1 howe*er since the Cisco encapsulation type is proprietary if another
manufacturerBs de*ices are used at the 8rame &elay endpoints then IET8 encapsulation type
will be required. &emember encapsulation can be set per interface or per destination.
Split 5ori6on and 3rame *elay nter4aces
(plit horiIon dictates that if a router has recei*ed a route ad*ertisement from another router
it will not re%ad*ertise it back out the interface on which it was learned. The default condition
for 8rame &elay interfaces is>
0hysical interfacesOsplit%horiIon is disabled by default
,ultipoint sub interfacesOsplit%horiIon is enabled by default
0oint%to%point sub interfacesOsplit%horiIon is enabled by default
nverse'A*%
In*erse A&0 when enabled is used to automatically map frame%relay 5LCIs which are
configured in the frame%relay switch to I0 addresses configured on the remote routers. Jou
may be requested to disable frame%relay in*erse A&0 on you physical or point%to%multipoint
sub interface if so than you can use frame%relay map statements after you disable the
in*erse%A&0. (econdly it is best practice to make these changes while the interfaces are shut
to a*oid rebooting the router later.
In*erse%A&0 is not recommended for frame%relay hub%and%spoke topologies because it could
take in*erse%A&0 up to $# seconds to con*erge from a site failure. In a ,E() topology this
short coming is not as impacting because e*ery site has an alternate 5LCI to e*ery site but
in hub%and%spoke the spokes must always communicate *ia the hub.
Mesh
A full mesh requires 5LCIs to interconnect 04Cs between each router. Total 04CsQ<k-k%2.
where kQrouter. Each router would be configured on a common I0 subnet.
:ith in*erse%A&0 turned on at the 0hysical circuit or sub%interface point%to%multipoint le*el
no ,A0 entry is required. )owe*er with in*erse%A&0 turned off the ,A0 entries are required.
In fact a ,A0 entry to one of the 5LCIs to a routers own interface I0 is required for a router
to e*en ping itself.
In order to satisfy the requirement the destination I0 address to be in the routing table there
must be a frame%relay map for the destination I0 address. The destination I0 address can be
any I0 address including yours. -need a map statement to ping your own interface.
8or the ,ultipoint sub interface option each ,A0 statement adds a E!< connected interface.
And finally whene*er ,A0 statements are required the optional broadcast keyword must be
added to the end of the statement if required for routing protocols or other multicast
functionality to work o*er the frame relay.
5#b and spo$e
Again with )ub%and%spoke the &outers are configured on a common I0 subnet and we ha*e
some differences in configuration depending on if in*erse%A&0 is enabled.
A hub%and spoke with in*erse are needs to ha*e ,A0 statements from on the hub to a*oid
issues with extra 5LCIs configured on the frame relay switch. In other words these frame
relay switches in rack rentals typically ha*e 5LCIs pre%configured between each de*ice -,esh.
and you would need to o*er ride this configuration otherwise you would ha*e a ,E(). The
same issue with needing ,A0s exists with the spokes too. If this hub%and%spoke configuration
were pro*isioned on a carrierBs network the spokes would not need to ha*e ,A0 entries
because the pro*ider would only configure the needed 5LCI back to the )ub site.
:ith In*erse%A&0 off which is the recommended configuration all routers will ha*e ,A0
statements from )ub to all spokes and from spokes to hub. 5epending on the neighbor
requirements of the routing protocol we may find oursel*es later adding map statements
between spokes or needing to enable the broadcast keyword.
%oint'to'point
In this configuration each 0<0 sub%interface frame relay connection is own a unique subnet
and we must use the frame relay interface%dlci instead of the ,A0 statement. It doesnBt
matter if in*erse%A&0 in enabled because 0<0 will connect to whate*er is on the other side of
the 04C similar to 000. )owe*er 0<0 frame relay will listen and respond to in*erse%A&0
because it is possible to ha*e a 0hysical interface on one end with in*erse%A&0 enabled and a
0<0 sub%interface on the other end.
Combination
Any combination of 0<0 or ,ultipoint -0artial ,E(). can be configured with multiple subnets
and proper ,apping of 5LCIs.
H/ote 8rame &elay traffic shaping and other Ao( related issues will be discussed in 4olume
II.
3rame *elay LAB
Scenario
Turn%?ey Inc. has purchased frame relay ser*ice from a pro*ider. Jou must configure each
router to connect to the proper 5LCI and interface as outlined in the following Lab < tasks and
from the following diagram that displays the 5LCI numbers that correspond to
CC933TCA,0Bs &'( rack rentals. If you are using home equipment or another &ack rental
you can simply use different interfaces and 5LCIs but try to model this topology as close as
possible. Turn%key is using a combination of Leased Ethernet and 8rame &elay to interconnect
all of their sites.
3rame *elay DLC+%!C and % addressing
S!B!B!.2
3rame1 Tas$s
Tas4 # )8esh*3 Configure a mesh between &2 &< and &!. Configure 0hysical or ,ultipoint
(ub interfaces based from the abo*e diagram. The diagram contains the subnets for each
frame%relay connections. (imply use the routerBs I5 for the host octet with the exception of
992 which is -.6.. In*erse A&0 is allowed for this ,E() only on &2 so configure the frame%
relay mappings to be dynamic only on &2 but do not allow 5LCIs that are not part of this
,E() connection to be acti*e on &2. Also add descriptions to the interfaces.
Tas4 2 )<u$ and Spo4e*3 Configure a hub and spoke between &! &" and &$. &! is on a
sub interface and &" and $ are on physical interfaces. /o in*erse%A&0 is allowed at all
between these routers. Configure the I0 addresses from the abo*e diagram using the router
I5 as the host octet. Also add descriptions to the interfaces.
Tas4 % )Point!to!Points*3 Configure 0<0 frame relay connections between the *arious
routers as per the abo*e diagram. Configure the I0 addresses from the abo*e diagram using
the router I5 as the host octet. Also add descriptions to the interfaces.
Tas4 ( )PPP*3 Configure a 000 connection between &= and &@. :e did not include the basic
configuration explanation for this in the technology section so you are tasked with using the
uni*erC5 at http>EEwww.cisco.comEuni*ercdEhomeEhome.htm and search the 2<.+
configuration or command references for 000 examples. )6onus*3 configure < way
authentications between these two routers but allow &= to send the username I(02 instead of
&=. Also add descriptions to the interfaces.
3rame1 Answers
Tas4 # )8esh*3 &emember to keep your interfaces shut until you ha*e configured all of your
frame relay on each interface or sub interface. (ometimes clear frame%relay inarp helps but
usually you will ha*e to either reboot or default interface to fix frame relay issues. These
simple problems can cost you time in the real Lab. ,ake sure to test each connection with
ping as you no shut the interfaces.
210
interface Serial!B!B!
description 4ESC,to,22,23
ip address 1"2.1>.1.1 2.2.2.!
encaps(lation frame+rela*
no frame+rela* in'erse+arp </ 1!4
no frame+rela* in'erse+arp </ 1!
no frame+rela* in'erse+arp </ 1!>
no frame+rela* in'erse+arp </ 1!"
frame+rela* lmi+t*pe ansi
220
no ip address
interface Serial!B!B!.1 m(ltipoint
ip address 1"2.1>.1.2 2.2.2.!
frame+rela* map ip 1"2.1>.1.3 2!3 5roadcast
no frame+rela* in'erse+arp
230
no ip address
@
ip address 1"2.1>.1.3 2.2.2.!
21#sh frame+rela* map
Serial!B!B! ((p)0 ip 1"2.1>.1.3 dlci 1!3(!->"A!-19"!)A d*namicA
5roadcastA
1<S16A stat(s definedA acti'e
Serial!B!B! ((p)0 ip 1"2.1>.1.2 dlci 1!2(!->>A!-19>!)A d*namicA
5roadcastA
1<S16A stat(s definedA acti'e
21#ping 1"2.1>.1.2
.*pe escape se?(ence to a5ort.
Sending A 1!!+5*te <14/ Echoes to 1"2.1>.1.2A timeo(t is 2 seconds0
@@@@@
S(ccess rate is 1!! percent (B)A ro(nd+trip minBa'gBma- D >B>B>! ms
21#ping 1"2.1>.1.3
Sending A 1!!+5*te <14/ Echoes to 1"2.1>.1.3A timeo(t is 2 seconds0
@@@@@
S(ccess rate is 1!! percent (B)A ro(nd+trip minBa'gBma- D >B"B>! ms
21#
Tas4 2 )<u$ and Spo4e*3 This one simply needs the proper ,A0 statements.
230
description C(5+and+spo)e+2+2>
ip address 1"2.1>.3.3 2.2.2.!
frame+rela* map ip 1"2.1>.3. 3! 5roadcast
frame+rela* map ip 1"2.1>.3.> 3!> 5roadcast
frame+rela* map ip 1"2.1>.3.3 3!
20
description C(5+and+spo)e+to+23+2>
ip address 1"2.1>.3. 2.2.2.!
frame+rela* map ip 1"2.1>.3.3 !3 5roadcast
frame+rela* map ip 1"2.1>.3. !3
frame+rela* map ip 1"2.1>.3.> !3 5roadcast
2>0
description C(5+and+spo)e+to+23+2
ip address 1"2.1>.3.> 2.2.2.!
frame+rela* map ip 1"2.1>.3.3 >!3 5roadcast
frame1re!ay map ip 1$2216232# 6)3 broa0cast ,3(is is configure0 to assist in t(e 4ip section !ater-
frame+rela* map ip 1"2.1>.3.> >!3
3as" 3 ,Point1to1Points-:
;;10
interface Serial0/0/0.1 point-to-point
description P2P-to-R2
ip address 172.16.2.9 255.255.255.0
frame-relay interface-dlci 902
R7:
interface Serial0/0/0.1 point-to-point
description P2P-to-R2
ip address 172.16.5.7 255.255.255.0
frame-relay interface-dlci 702
R8:
interface Serial!B!B!.1 point+to+point
description /2/+to+23
ip address 1"2.1>.>.9 2.2.2.!
frame+rela* interface+dlci 9!3
Configure the opposite on &< or &! to connect to the 0<0 8& connections.
Tas4 ( )PPP*3 Configure a 000 connection and then enable Chap authentication with
7sername user password cisco.
2"0
(sername 29 password ! cisco
interface Serial!B!B1
description ///+to+29
ip address 1"2.1>.4." 2.2.2.!
encaps(lation ppp
cloc) rate 2!!!!!!
ppp a(thentication chap
ppp chap hostname (ser
ppp chap password ! cisco
290
(sername (ser password ! cisco
description ///+to+2"
ip address 1"2.1>.4.9 2.2.2.!
encaps(lation ppp
Day 1
*%v.
There are two *ersions of &I0O*ersions 2 and <Oboth of which are 5istance 4ector routing
protocols. &I0*2 -*ersion 2. is classful and must use 8ixed Length (ubnet ,asks -8L(,.1
&I0*< adds additional features such as classless routing *ariable subnet masks -4L(,. and
authentication. 9oth *ersions use hop count as their only metric and are limited to 2" hops. A
hop is simply a single pass through a router. 9y default &I0 routers send their entire routing
table out e*ery interface in !# seconds increments.
9oth *ersions of &I0 operate on 750 port "<#. )owe*er &ip*2 uses a broadcast and &ip4<
uses a multicast <<+.#.#.6. A metric of 2 signifies a directly connected network by the
ad*ertising router and 2$ as an unreachable network. The timers for update in*alid hold%
down and flush can be manually configured. 8or the purposes of this workbook and for Lab
preparation we will focus on &ip*<.
7pdates
&ip*< is able to send a mask in the updates that are sent out e*ery !# seconds so we can use
4L(,. If needed the update time can be changed>
8or example>
&@-config%router.Htimers $asic 20
Changes the updates from !# to <# second update inter*als. ?eep in mind you will need to
change it on the other connected neighbors.
:e can go a step farther and set the in*alid hold down and flush timers>
&@-config%router.Htimers $asic 20 (0 ,0 #20
Also Tags can be used in &ip*< for redistribution.
It is possible to still send or recei*e &ip*2 updates when configured for &ip4< from the
interface le*el>
&@-config%if.Hip rip send version #
&@-config%if.Hip rip receive version #
The update timer can be set for Lust on connected neighbor at the interface le*el>
&@-config%if.Hip rip advertise 20
And lastly an &I0*< router can broadcast instead of multicast form an interface using the
following command>
&@-config%if.Hip rip v2!$roadcast
"eighbors
Connected neighbors simply need &I0*< enabled globally and a connected network entry and
they are ready to exchange updates. (econdly no auto summary needs to be configured if
classless summaries are required.
ro(ter rip
networ) 1"2.1>.!.!
no a(to+s(mmar*
If it is desired to not send updates to interfaces without connected neighbors than the passi*e
interface command can be used. There are two different approaches to using this
configuration. The first is to use the Rpassi*e%interface defaultS and the specify which
interfaces will allow the updates>
2o(ter rip
passi'e+interface defa(lt
no passi'e+interface :astEthernet!B!
The second choice is to Lust do a passi*e%interface command to the specific interfaces that
you desire to disable the updates>
2o(ter rip
passi'e+interface f!B!
There are times when broadcast updates or multicast are permitted or limited because of the
frame%relay map statements. In these cases the passi*e interface commands can be used to
suppress the broadcastEmulticast with the combination of the neighbor command to send a
unicast update to the neighbors I0 address>
2o(ter rip
neigh5or 1"2.1>.>.3
And lastly it is possible to send updates to a neighbor that is not physically connected. Two
scenarios come to mind neighbors o*er 000 with non%connected and different subnets or a
&(0A/ session. The former is an ad*anced topic so we will lea*e it for 4olume II but the
ladder is something we can configure with are current bag of tricks. In order to recei*e &I0*<
updates o*er a &(0A/ session we need to configure>
2o(ter rip
no 'alidate (pdate so(rce
This command makes it so the &I0 router doesnBt care who is sending the update.
Loop %rotection
The split horiIon rule reduces the incidence of routing loops. (plit horiIon pre*ents two%node
loops between neighbors -tight loops. by not ad*ertising the routes on the same interface
from which they were learned. (plit horiIon also eliminates unnecessary updates.
(plit horiIon with the addition of poison re*erse allows the routing protocol to ad*ertise all
routes out an interface but those learned from earlier updates coming into that interface are
marked with infinite distance metrics. 0oison re*erse guards against loops spanning multiple
&I0 routers.
7nfortunately there are some issues with (plit )oriIon in a )ub and (poke /etwork
In a hub and spoke network routes from remote frame relay sites will not be sent to other
remote locations because of the split horiIon enabled by default on the sub interfaces. It is
possible to disable split horiIon but than we loose the loop protection. 5isabling (plit )oriIon
will ensure full connecti*ity between all locations in a hub and spoke topology using &I0*<.
(plit horiIon can be turned off on a sub%interface on the hub with out impacting the other
sub%interfaces. If split horiIon is enabled neither auto%summary nor interface summary
addresses -those configured with the ip summary%address rip command. are ad*ertised. If
summary addresses or a hub router are required than disable split horiIon and use filtering or
discard routes -null. for pre*enting loops.
3iltering
&ip can filter routes by using a distribute list. A distribute list are used to filter the contents of
inbound or outbound routing protocol updates. (tandard I0 access lists are used to define a
list against which the contents of the routing updates are matched. &emember that the
access list is applied to the contents of the update not to the source or destination of the
routing update packets themsel*es.
The distribute%list command is entered at the global or router configuration le*els and there
is an option to apply the list to specific interfaces. 8or any gi*en routing protocol it is possible
to define one interface%specific distribute%list per interface and one protocol%specific
distribute%list for each processEautonomous%system pair.
)ere is an example>
access+list 1 permit 1!.!.!.! !.2.2.2
access+list 2 permit 1"2.1>.3.! !.!.!.2
ro(ter rip
distri5(te+list 1 in ethernet !
distri5(te+list 2 o(t
9ecause distribute%list can use access%list we can ha*e some *ery complex filtering using
binary. The following example is filtering only the odd prefixes using an access%list based
prefix list>
Allow only odd routes from 2.2.#.# from &2 to other routers.
&etwor) 1.1.1.! !.!.24.2
4* networ) D!
4* mas) D 1
;inar* 6ctet 129 >4 32 1> 9 4 2 1
1.1.1.! ! ! ! ! ! ! ! 1
1.1.3.! ! ! ! ! ! ! 1 1
1.1..! ! ! ! ! ! 1 ! 1
4as) 11111111.11111111.1111111!.!!!!!!!!
&etwor) !!!!!!!1.!!!!!!!1.!!!!!!!1.!!!!!!!!
:irst host !!!!!!!1.!!!!!!!1.!!!!!!!1.!!!!!!!!
2
nd
host !!!!!!!1.!!!!!!!1.!!!!!!11.!!!!!!!!
The <"+ in the in*erse mask translates to 2222222# which tells the ACL to not care about
anything in that octet except the least significant bit. In this case that position is 2 in the third
octet. 3nly 3dd numbers ha*e a 2 in that bit placement. Thus we ha*e a match for e*ery
odd network.
S#mmary
In &I0*< summaries are applied to an interface. Jou can still use auto summary but it will
only summariIe to the classful boundary the summary%address allows for classless
summariIation
r2lab-config%if.H ip summary!address rip #0&20&0&0 2&2&2&0
In order for summaries to work split horiIon must be disabled on the interface. )owe*er the
interface summary does not insert a /7LL# entry into the routing table so beware of routing
loops.
A#thentication
&ip*< uses a key chain on the interface to protect updates with Clear text or ,5".
r2lab-config.H interface s0
r2lab-config%if.H ip rip authentication 4ey!chain cisco
r2lab-config%if.H ip rip authentication mode =md>te/t?
r2lab-config.H 4ey chain cisco
r2lab-config%keychain.H 4ey #
r2lab-config%keychain%key.H 4ey!string cisco
De4a#lt *o#tes
5efault routes can be ad*ertised in &I0*< in the following ways>
&edistribute static Rip route #.#.#.# #.#.#.# null# permanentS
5efault information originate
Rip default network 2.#.#.#S
*%v. LAB
Scenario
(o far we ha*e setup the basic campus network at Turn%?ey IncBs branch office as well as the
leased Ethernet and 8rame relay :A/ connections between the sites. /ormally in a proLect
similar in scope we would not configure any of the network management or security features
until after we ha*e tested the network stability and performance. In most network
deployments it is a also a good idea to enable an easy to configure routing protocol so we can
test the infrastructure. In this scenario we will use basic rip and a few tweaks to test
connecti*ity. Afterwards we can enable more complex features and optimiIe the routing with
other protocols.
*%1 Tas$s
Tas4 # )6asic @5Pv2*3 Configure e*ery router with &I0*< including the I(0 router &= and
&@. 0ut the existing connected networks into &I0*< on each router. 7se a single network
statement to configure this. After all routers are configured for &I0*< make any necessary
adLustments for sites ha*ing difficulties exchanging updates. /ow that basic &I0*< is
configured from &2 ping e*ery I0 address configured so far to *alidate and troubleshoot any
connecti*ity issues. )<int* Create a TCL script to make the ping testing easier mo*ing
forward. It is 3? the &2 can not ping its own (#E#E# interface -2=<.2$.2.2..
Tas4 2 )@oute Aptimi0ation*3
Turn%key would like us to pro*e that we can utiliIe the Leased Ethernet to reach the 9ranch
campus from the I(0 and *ice *ersa before they allow us to mo*e forward with implementing
other routing protocols. Test Trace routes to the 9ranch site I0 addresses to ensure traffic
flows inEout of 4lan2# -26<.2$@.2#.#..
Tas4 % )1uthentication*3
The connections toEfrom the I(0 are not trusted by Turn%key and the customer desires some
security for the routing protocols between &<%&= and &!%&@. 7se the most security method
with cisco as the password.
Tas4 ( )<u$!and!Spo4e*3 Turn%key would like to not ha*e broadcast or multicast from the
routing protocols on this :A/ segment between &!%&"%&$.
Tas4 ).iltering*3 only allow e*en networks to be learned in &I0 from &= to &< and only
allow odd networks to be learned from &@ to &!. 9ecause &= and &@ ha*e a 000 connection
between each other you may need some additional filtering to pre*ent the routes from
passing through the other router. Configure the following loop back and I0 addresses on &=
and &@>
&=>
Int lo#
Ip address 2!#.#.2.2 <"".<"".<"".#
Ip address 2!#.#.<.2 <"".<"".<"".# secondary
Ip address 2!#.#.!.2 <"".<"".<"".# secondary
Ip address 2!#.#.+.2 <"".<"".<"".# secondary
Ip address 2!#.#.".2 <"".<"".<"".# secondary
Ip address 2!#.#.$.2 <"".<"".<"".# secondary
&@>
Int lo#
Ip address 2!2.#.2.2 <"".<"".<"".#
Ip address 2!2.#.<.2 <"".<"".<"".# secondary
Ip address 2!2.#.!.2 <"".<"".<"".# secondary
Ip address 2!2.#.+.2 <"".<"".<"".# secondary
Ip address 2!2.#.".2 <"".<"".<"".# secondary
Ip address 2!2.#.$.2 <"".<"".<"".# secondary
)6onus* 3n the same connections toEfrom &=E&< &@E&! configure &I0 so that only updates
are sent when route changes occur and not e*ery !# seconds.
*%1 Answers
Tas4 # )6asic @5Pv2*3
To use the least amount of /etwork statements on e*ery router configure>
ro(ter rip
'ersion 2
networ) !.!.!.!
no a(to+s(mmar*
3n the switches we would configure 2#.#.#.# because (4I interfaces -4lan. do not configure
under #.#.#.#>
ro(ter rip
'ersion 2
networ) 1!.!.!.!
no a(to+s(mmar*
(:2> also needs 26<.2$@.2#.# for neighbors on the Leased Ethernet 4lan 2#
To make sure updates are learned from both &" and &$ disable split horiIon on &! s#E#E#.<
230
ip address 1"2.1>.3.3 2.2.2.!
no ip split+horiEon
To test all the I0 address connecti*ity from &2 use the following TCL script>
tclsh
foreach address F
1!.3.3.1
1!.3.3.2
1!.4.4.1
1!.4.4.2
1!...1
1!...2
1!.>.>.1
1!.>.>.2
1!.".".1
1!.".".2
1!.9.9.1
1!.9.9.2
1!.3.3.1
1!.3.3.2
132.1>9.1!.1
132.1>9.1!.2
132.1>9.1!.3
132.1>9.1!.
132.1>9.1!.>
132.1>9.1!.3
1"2.1>.1.2
1"2.1>.1.3
1"2.1>.2.2
1"2.1>.2.3
1"2.1>.3.3
1"2.1>.3.
1"2.1>.3.>
1"2.1>..2
1"2.1>.."
1"2.1>.>.3
1"2.1>.>.9
G Fping HaddressG
Tas4 2 )@oute Aptimi0ation*3
3n &2 &< &! &" and &$ an offset list can be used to manipulate the &I0 routing.
210
ro(ter rip
'ersion 2
offset+list rip in 3 Serial!B!B!
networ) !.!.!.!
no a(to+s(mmar*
ip access+list standard rip
permit 132.1>9.1!.!
permit 1"2.1>.!.! !.!.2.2
Show ip ro(te
8atewa* of last resort is not set
2 132.1>9.1!.!B24 I12!B1J 'ia 1!.>.>.1A !!0!!01A :astEthernet!B!
1"2.1>.!.!B1> is 'aria5l* s(5nettedA 9 s(5netsA 2 mas)s
2 1"2.1>.4.9B32 I12!B3J 'ia 1!.>.>.1A !!0!!01A :astEthernet!B!
2 1"2.1>.4.!B24 I12!B3J 'ia 1!.>.>.1A !!0!!01A :astEthernet!B!
2 1"2.1>..!B24 I12!B2J 'ia 1!.>.>.1A !!0!!01A :astEthernet!B!
2 1"2.1>.>.!B24 I12!B2J 'ia 1!.>.>.1A !!0!!01A :astEthernet!B!
1 1"2.1>.1.!B24 is directl* connectedA Serial!B!B!
2 1"2.1>.2.!B24 I12!B2J 'ia 1!.>.>.1A !!0!!01"A :astEthernet!B!
2 1"2.1>.4."B32 I12!B3J 'ia 1!.>.>.1A !!0!!01"A :astEthernet!B!
2 1"2.1>.3.!B24 I12!B2J 'ia 1!.>.>.1A !!0!!01"A :astEthernet!B!
1!.!.!.!B9 is 'aria5l* s(5nettedA 9 s(5netsA 2 mas)s
220
ro(ter rip
'ersion 2
offset+list rip in 2 Serial!B!B!.1
networ) !.!.!.!
no a(to+s(mmar*
permit 1!.!.!.! !.2.2.2
permit 132.1>9.1!.!
Show ip ro(te
2 1!.11.11.!B3! I12!B2J 'ia 132.1>9.1!.1A !!0!!0!3A :astEthernet!B!
2 1!.".".!B3! I12!B2J 'ia 132.1>9.1!.1A !!0!!0!3A :astEthernet!B!
2 1!.>.>.!B3! I12!B1J 'ia 132.1>9.1!.1A !!0!!0!3A :astEthernet!B!
2 1!...!B3! I12!B1J 'ia 132.1>9.1!.1A !!0!!0!3A :astEthernet!B!
2 1!.4.4.!B24 I12!B1J 'ia 132.1>9.1!.1A !!0!!0!3A :astEthernet!B!
2 1!.3.3.!B24 I12!B1J 'ia 132.1>9.1!.1A !!0!!0!3A :astEthernet!B!
230
ro(ter rip
'ersion 2
networ) !.!.!.!
no a(to+s(mmar*
permit 1!.!.!.! !.2.2.2
permit 132.1>9.1!.!
2 1!.11.11.!B3! I12!B2J 'ia 132.1>9.1!.1A !!0!!02!A :astEthernet!B!
2 1!.".".!B3! I12!B2J 'ia 132.1>9.1!.1A !!0!!02!A :astEthernet!B!
2 1!.>.>.!B3! I12!B1J 'ia 132.1>9.1!.1A !!0!!02!A :astEthernet!B!
2 1!...!B3! I12!B1J 'ia 132.1>9.1!.1A !!0!!02!A :astEthernet!B!
2 1!.4.4.!B24 I12!B1J 'ia 132.1>9.1!.1A !!0!!02!A :astEthernet!B!
2 1!.3.3.!B24 I12!B1J 'ia 132.1>9.1!.1A !!0!!02!A :astEthernet!B!
3n &= and &@ run a TCL script with Trace route>
tclsh
foreach address F
1!.3.3.1
1!.3.3.2
1!.4.4.1
1!.4.4.2
1!...1
1!...2
1!.>.>.1
1!.>.>.2
1!.".".1
1!.".".2
1!.9.9.1
1!.9.9.2
1!.3.3.1
1!.3.3.2
G Ftrace HaddressG
.*pe escapes se?(ence to a5ort.
.racing the ro(te to 1!.3.3.1
1 1"2.1>..2 29 msec 29 msec 29 msec
2 132.1>9.1!.1 29 msec 29 msec K
1 1"2.1>..2 29 msec 29 msec 29 msec
2 132.1>9.1!.1 29 msec 29 msec 29 msec
3 1!.3.3.2 29 msec 29 msec K
1 1"2.1>..2 29 msec 29 msec 29 msec
2 132.1>9.1!.1 29 msec 29 msec K
1 1"2.1>..2 29 msec 29 msec 29 msec
2 132.1>9.1!.1 29 msec 29 msec 29 msec
3 1!.4.4.2 29 msec 29 msec K
.racing the ro(te to 1!...1
1 1"2.1>..2 29 msec 29 msec 29 msec
2 132.1>9.1!.1 29 msec 29 msec K
.racing the ro(te to 1!...2
1 1"2.1>..2 29 msec 29 msec 29 msec
2 132.1>9.1!.1 29 msec 29 msec 29 msec
3 1!...2 29 msec 29 msec K
.racing the ro(te to 1!.>.>.1
1 1"2.1>..2 29 msec 29 msec 29 msec
2 132.1>9.1!.1 29 msec 29 msec K
.racing the ro(te to 1!.>.>.2
1 1"2.1>..2 29 msec 29 msec 29 msec
2 132.1>9.1!.1 29 msec 29 msec 29 msec
3 1!.>.>.2 29 msec 29 msec K
.racing the ro(te to 1!.".".1
1 1"2.1>..2 29 msec 29 msec 29 msec
2 132.1>9.1!.1 29 msec 29 msec 29 msec
3 1!.3.3.2 29 msec "> msec K
.racing the ro(te to 1!.".".2
1 1"2.1>..2 29 msec 29 msec 29 msec
2 132.1>9.1!.1 29 msec 29 msec 29 msec
3 1!...2 29 msec 29 msec 29 msec
4 1!.".".2 29 msec 29 msec K
1 1"2.1>..2 29 msec 29 msec 29 msec
2 132.1>9.1!.1 29 msec 29 msec K
1 1"2.1>..2 29 msec 29 msec 29 msec
2 132.1>9.1!.1 29 msec 29 msec 29 msec
3 1!.9.9.2 29 msec 29 msec K
1 1"2.1>..2 29 msec 29 msec 29 msec
2 132.1>9.1!.1 29 msec 29 msec 29 msec
3 1!.9.9.2 29 msec 29 msec K
1 1"2.1>..2 29 msec 29 msec 29 msec
2 132.1>9.1!.1 29 msec 29 msec 29 msec
3 1!.9.9.2 29 msec 29 msec 29 msec
Tas4 % )1uthentication*3 ,5" authentication is the correct answer.
6n 2" and 90
int s!B!B!.3
ip rip a(thentication mode md
ip rip a(thentication )e*+chain cisco
)e* chain cisco
)e* 1
)e*+string cisco
6n 22 and 30
int s!B!B!.1
)e* chain cisco
)e* 1
)e*+string cisco
Tas4 ( )<u$!and!Spo4e*3 0assi*e%interface commands are needed to disable the <<+.#.#.6
and neighbor commands allow us to use unicast between &I0 routers. (ince we disabled split
horiIon we can opt to connect the spokes together on &" and &$E
230
ro(ter rip
'ersion 2
timers 5asic 3! 19! ! 24!
passi'e+interface Serial!B!B!.2
networ) !.!.!.!
neigh5or 1"2.1>.3.>
neigh5or 1"2.1>.3.
distri5(te+list ripin in Serial!B!B!.3
20
ro(ter rip
'ersion 2
passi'e+interface Serial!B!B!
networ) !.!.!.!
neigh5or 1"2.1>.3.>
neigh5or 1"2.1>.3.3
no a(to+s(mmar*
2>0
ro(ter rip
'ersion 2
passi'e+interface Serial!B!B!
networ) !.!.!.!
neigh5or 1"2.1>.3.
neigh5or 1"2.1>.3.3
no a(to+s(mmar*
2>0
de5(g ip rip
L(l 2 130230!3.>10 2</0 recei'ed '2 (pdate from 1"2.1>.3.3 on Serial!B!B!
KL(l 2 130230!3.>10 1!.3.3.!B24 'ia !.!.!.! in 2 hops
KL(l 2 130230!3.>10 1!.4.4.!B24 'ia !.!.!.! in 2 hops
KL(l 2 130230!3.>10 1!...!B3! 'ia !.!.!.! in 2 hops
KL(l 2 130230!3.>10 1!.>.>.!B3! 'ia !.!.!.! in 2 hops
KL(l 2 130230!3.>10 1!.".".!B3! 'ia !.!.!.! in 3 hops
KL(l 2 130230!3.>10 1!.9.9.!B3! 'ia !.!.!.! in 2 hops
KL(l 2 130230!3.>10 1!.3.3.!B3! 'ia !.!.!.! in 3 hops
KL(l 2 130230!3.>10 1!.11.11.!B3! 'ia !.!.!.! in 3 hops
KL(l 2 130230!3.>10 13!.!.2.!B24 'ia !.!.!.! in 3 hops
KL(l 2 130230!3.>10 13!.!.4.!B24 'ia !.!.!.! in 3 hops
KL(l 2 130230!3.>130 13!.!.>.!B24 'ia !.!.!.! in 3 hops
KL(l 2 130230!3.>130 131.!.1.!B24 'ia !.!.!.! in 2 hops
KL(l 2 130230!3.>130 131.!.3.!B24 'ia !.!.!.! in 2 hops
KL(l 2 130230!3.>130 131.!..!B24 'ia !.!.!.! in 2 hops
KL(l 2 130230!3.>130 1"2.1>.1.!B24 'ia !.!.!.! in 1 hops
KL(l 2 130230!3.>130 1"2.1>.2.!B24 'ia !.!.!.! in 2 hops
KL(l 2 130230!3.>130 1"2.1>.3.!B24 'ia !.!.!.! in 1 hops
KL(l 2 130230!3.>130 1"2.1>..!B24 'ia !.!.!.! in 2 hops
KL(l 2 130230!3.>130 1"2.1>.>.!B24 'ia !.!.!.! in 1 hops
KL(l 2 130230!3.>130 132.1>9.1!.!B24 'ia !.!.!.! in 1 hops
KL(l 2 130230!>.1430 2</0 recei'ed '2 (pdate from 1"2.1>.3. on Serial!B!B!
KL(l 2 130230!>.1430 1!.3.3.!B24 'ia !.!.!.! in 2 hops
KL(l 2 130230!>.1430 1!.4.4.!B24 'ia !.!.!.! in 2 hops
KL(l 2 130230!>.1430 1!...!B3! 'ia !.!.!.! in 2 hops
KL(l 2 130230!>.1430 1!.>.>.!B3! 'ia !.!.!.! in 2 hops
KL(l 2 130230!>.1430 1!.".".!B3! 'ia !.!.!.! in 3 hops
KL(l 2 130230!>.1430 1!.9.9.!B3! 'ia !.!.!.! in 2 hops
KL(l 2 130230!>.1430 1!.3.3.!B3! 'ia !.!.!.! in 3 hops
KL(l 2 130230!>.1430 1!.11.11.!B3! 'ia !.!.!.! in 3 hops
KL(l 2 130230!>.1430 13!.!.2.!B24 'ia 1"2.1>.3.3 in 4 hops
KL(l 2 130230!>.1430 13!.!.4.!B24 'ia 1"2.1>.3.3 in 4 hops
KL(l 2 130230!>.1430 13!.!.>.!B24 'ia 1"2.1>.3.3 in 4 hops
KL(l 2 130230!>.1430 131.!.1.!B24 'ia 1"2.1>.3.3 in 3 hops
KL(l 2 130230!>.14"0 131.!.3.!B24 'ia 1"2.1>.3.3 in 3 hops
KL(l 2 130230!>.14"0 131.!..!B24 'ia 1"2.1>.3.3 in 3 hops
KL(l 2 130230!>.14"0 1"2.1>.1.!B24 'ia 1"2.1>.3.3 in 2 hops
KL(l 2 130230!>.14"0 1"2.1>.2.!B24 'ia !.!.!.! in 2 hops
KL(l 2 130230!>.14"0 1"2.1>.3.!B24 'ia !.!.!.! in 1 hops
KL(l 2 130230!>.14"0 1"2.1>..!B24 'ia !.!.!.! in 2 hops
KL(l 2 130230!>.14"0 1"2.1>.>.!B24 'ia 1"2.1>.3.3 in 2 hops
KL(l 2 130230!>.14"0 132.1>9.1!.!B24 'ia !.!.!.! in 1 hops
Tas4 ).iltering*3 A distribute%list is needed to filter these routes. &emember &I0 waits for
the 8L7() time to remo*e routes. Mi*e it a few minutes and then look at the routing tables.
220
ro(ter rip
'ersion 2
networ) !.!.!.!
no a(to+s(mmar*
ip access+list standard ripin
permit 13!.!.!.! !.!.24.2
permit 131.!.1.! !.!.24.2
I12!B1J 'ia 1"2.1>.1.3A !!0!!0!3A Serial!B!B!.1
13!.!.!.!B24 is s(5nettedA 3 s(5nets
2 13!.!.2.! I12!B1J 'ia 1"2.1>.."A !!0!!01!A Serial!B!B!.3
2 13!.!.>.! I12!B1J 'ia 1"2.1>.."A !!0!!012A Serial!B!B!.3
2 13!.!.4.! I12!B1J 'ia 1"2.1>.."A !!0!!012A Serial!B!B!.3
2 131.!.3.! I12!B2J 'ia 132.1>9.1!.3A !!0!!014A :astEthernet!B!
I12!B2J 'ia 1"2.1>.1.3A !!0!!0!A Serial!B!B!.1
2 131.!.1.! I12!B2J 'ia 132.1>9.1!.3A !!0!!01>A :astEthernet!B!
I12!B2J 'ia 1"2.1>.1.3A !!0!!0!>A Serial!B!B!.1
2 131.!..! I12!B2J 'ia 132.1>9.1!.3A !!0!!01>A :astEthernet!B!
I12!B2J 'ia 1"2.1>.1.3A !!0!!0!>A Serial!B!B!.1
230
ro(ter rip
'ersion 2
networ) !.!.!.!
no a(to+s(mmar*
ip access+list standard ripin
permit 13!.!.!.! !.!.24.2
permit 131.!.1.! !.!.24.2
2 13!.!.2.! I12!B2J 'ia 132.1>9.1!.2A !!0!!013A :astEthernet!B!
I12!B2J 'ia 1"2.1>.>.9A !!0!!0!1A Serial!B!B!.3
I12!B2J 'ia 1"2.1>.1.2A !!0!!0!3A Serial!B!B!.1
2 13!.!.>.! I12!B2J 'ia 132.1>9.1!.2A !!0!!02!A :astEthernet!B!
2 13!.!.4.! I12!B2J 'ia 132.1>9.1!.2A !!0!!02!A :astEthernet!B!
131.!.!.!B24 is s(5nettedA 3 s(5nets
2 131.!.3.! I12!B1J 'ia 1"2.1>.>.9A !!0!!0!4A Serial!B!B!.3
2 131.!.1.! I12!B1J 'ia 1"2.1>.>.9A !!0!!0!4A Serial!B!B!.3
2 131.!..! I12!B1J 'ia 1"2.1>.>.9A !!0!!0!4A Serial!B!B!.3
;on(s0 1onfig(re on the interface of 22A3A"Aand 9 (config1subif-.ip rip triggere0 to onl* send (pdates when changes occ(r.
Day 1
&8*%
9verview
EIM&0 is a Cisco proprietary protocol that combines the attributes of a Link (tate and a
5istance 4ector routing protocol. It is considered a ThybridB routing protocol. EIM&0 was
released as an enhancement to CiscoPs other proprietary routing protocol IM&0. EIM&0
supports automatic route summariIation 4L(, addressing multicast updates non%periodic
updates unequal%cost load balancing and independent support for I0K and AppleTalk.
EIM&0 added many features to o*ercome the limitations of IM&0>
The 5iffusing 7pdate Algorithm -57AL.
Loop%free networks
Incremental updates instead of periodic -only send changes as they occur.
?nowledge about neighbors as opposed to the entire network
Independent (upport for I0 I0K and AppleTalk
Classless routing
Efficient summariIation of networks
Efficient use of link bandwidth for routing updates
Authentication
EIM&0 uses the same metrics as IM&0
7pdates
EIM&0 sends hello packets e*ery " seconds on high bandwidth links like 000 and )5LC leased
lines Ethernet T& 855I and 8rame &elay point%to%point and AT,. It sends helloBs e*ery $#
seconds on low bandwidth multipoint links like 8& multipoint and AT, multipoint links.
EIM&0 reliable packets are> 7pdate Auery and &eply.
EIM&0 unreliable packets are> )ello and Ack.
7pdates are always transmitted reliably. 7pdates con*ey reachability of destinations. 3n
disco*ery of a new neighbor update packets are sent so the neighbor can build its topology
table. These update packets are unicast. In other cases such as a link cost change updates
are multicast.
9oth queries and replies are transmitted reliably. :hen destinations go into acti*e state
queries and replies are sent. Aueries are always multicast unless they are sent in response to
a recei*ed query. In this case a reply is unicast back to the successor that originated the
query. &eplies are always sent in response to queries to indicate to the originator that it does
not need to go into acti*e state because it has feasible successors. &eplies are unicast to the
originator of the query.
A#thentication
Authentication inn EIM&0 is *ery similar to &I0 4< Authentication except for EIM&0 only
supports ,5" Authentication. EIM&0 uses key chains and interface commands to configure
authentication.
r2lab-config.H interface s0
r2lab-config%if.H ip authentication mode eigrp 222 md
r2lab-config%if.H ip authentication 4ey!chain eigrp 222 cisco
r2lab-config.H 4ey chain cisco
r2lab-config%keychain.H 4ey #
r2lab-config%keychain%key.H 4ey!string ccie
De4a#lt *o#tes
5efault routes can be configured in EIM&0 in three different ways>
Rip summary address eigrp 2## #.#.#.# #.#.#.#S
Rip default network
Rredistribute ip route #.#.#.# #.#.#.# null #S
M Rredistribute static or network #.#.#.#
The ip default network must be a classful network that is used as the candidate default
network in EIM&0. This method is legacy left o*er from IM&0.
S#mmari6ation
In EIM&0 Auto summary is on by default and it is used to summariIe to classful boundaries.
/o auto%summary allows the router to summariIe to bit boundaries. This type of
summariIation is configured on the interface and split horiIon must be disabled for it to work.
As you can see in the following example an A5 of " is assigned to summaries>
r2lab-config%if.H ip summary%address eigrp <<< 2#.<.#.# <"".<"".<"".# "
Also there is no way to get rid of the /7LL# entry in EIM&0 it is added to a*oid loops. Jou can
set the A5 to <"" and it will remo*e the summary from the originating routerBs route table
and will still send the summary to another router. Care must be taken to filter the summary
from returning by implementing a route map etc. since split horiIon is disabled and there
would be no /ull # protection.
Metrics
57AL selects primary and backup routes using the composite metric and guarantees that the
selected routes are loop free. The primary routes are then mo*ed to a routing table. The rest
-up to $. are stored in the topology table as feasible successors.
EIM&0 uses the same composite metric as IM&0 to determine the best path. The default
criteria used are>
6andwidth;The smallest bandwidth cost between source and destination
9elay;Cumulati*e interface delay along the path
@elia$ility;:orst reliability between source and destination depending on
keepali*es
Load;7tiliIation on a link between source and destination measured in bits
per second on its worst link
8TB;The smallest ,aximum Transmission 7nit
The default for EIM&0 is to use only bandwidth and delay when calculating the metric. EIM&0
uses the following scaled *alues to determine the total metric to the network>
EIM&0 ,etric Q
<"$D--?2D9w. U -?<D9w.E-<"$%Load. U -?!D5elay.D-?"E-&eliability U ?+...
The default *alues for ? are>
?2 Q 2
?< Q #
?! Q 2
?+ Q #
?" Q #
8or the default you can simplify the formula as> ,etric Q 9andwidth U 5elay
After two routers become neighbors each will send routing updates -and other packets. to
the other using a reliable multicast scheme.
8or example assume that router 2 has a series of packets such as a routing table update
which must be transmitted to routers 2 ! and +. &outer 2 will send the first packet to the
EIM&0 multicast address <<+.#.#.2# and then will wait for acknowledgment from each of its
neighbors on its Ethernet interface -in this case routers < ! and +..
Assume that routers < and + answer the multicast packet but router ! does not. &outer 2 will
wait until the multicast flow timer expires on the Ethernet interface then send out a special
packet a sequence TL4 telling router ! not to listen to any further multicast packets from
router 2. &outer 2 will then continue transmitting the remainder of the update packets as
multicast to all other routers on the network. The sequence TL4 indicates an out%of%sequence
multicast packet.
Those routers not listed in the packet enter Conditional &ecei*e -C&. mode and continue
listening to multicast. :hile there are some routers in this mode the Conditional &ecei*e bit
will be set in multicast packets. In this case router 2 will send out a sequence TL4 with router
! listed so routers < and + will continue listening to further multicast updates. If a router
recei*es an update packet with the init flag set it clearly implies that this packet is the first
after a new neighbor relationship has been established. If we clear the I0 EIM&0 neighbor
relationship it will automatically cause the EIM&0 neighbor relationship to be restarted.
nit 3lag
There is an @%bit flag *alue in the EIM&0 header. The rightmost bit is init. :hen init is set to
#x#######2 the enclosed route entries are treated as the first in a new neighbor relationship.
/ote that route entries are carried in update packets not hello packets.
This debug output displays the Init (equence increasing only with the update packet>
&outerH debug eigrp packet
EIM&0> (ending )ELL3 on Ethernet#E2
A( $$$ 8lags #x# (eq # Ack #
A( $$$ 8lags #x# (eq # Ack #
A( $$$ 8lags #x# (eq # Ack #
EIM&0> &ecei*ed 705ATE on Ethernet#E2 from 2#.<!.<!.<!
A( $$$ 8lags #x2 (eq 2 Ack #
EIM&0> (ending )ELL3EAC? on Ethernet#E2 to 2#.<!.<!.<!
A( $$$ 8lags #x# (eq # Ack 2
EIM&0> (ending )ELL3EAC? on Ethernet#E2 to 2#.<!.<!.<!
A( $$$ 8lags #x# (eq # Ack 2
EIM&0> &ecei*ed 705ATE on Ethernet#E2 from 2#.<!.<!.<!
A( $$$ 8lags #x# (eq < Ack #
Successor;A route selected as the primary route to reach a destination
network specified by the 8easibility Condition. (uccessors are entries kept in the
routing table.
.easi$le Successor;A backup route to a specified network. ,ultiple
feasible successors for a destination network can be retained in a topology table.
Thus when a route goes down the entire routing table does not ha*e to be
recomputed.
3easibility Condition
:hen the recei*ing router has a 8easible 5istance -85. to a specified network and when it
recei*es an update from a neighbor with a lower ad*ertised or &eported 5istance -&5. to that
network the 8easible Condition is met. The neighbor then becomes a 8easible (uccessor -8(.
for that route because it is one hop closer to the destination network. In a meshed network
en*ironment there can be a number of 8easible (uccessors.
The &5 for a neighbor to reach a specified network must always be less than the 85 for the
local router to reach the network. In this way EIM&0 a*oids routing loops. This is the reason
why routes that ha*e &5 larger than the 85 are not entered into the Topology table.
Load Balancing
&outes with a metric equal to the minimum metric will be installed in the routing table -equal
cost load balancing.. 7p to six entries in the routing table for the same destination can be
stored but the default is four.
The number of entries is configured with the ma/imum!paths command.
7nequal cost load balancing will be discussed in 4olume II.
"etwor$s and 3iltering
/etworks are configured from the routing process Lust like &I0*<. 0assi*e interface and
network commands also work.
As for filtering offset lists and distribute lists work too.
&8*% St#b
A (T79 set a flag bit in the hello packets and affects what the router will ad*ertise. Typically it
is use to send a reduced routing table so it reduces processing on the router and controls
what networks are ad*ertised.
8our options exist for what a stub router can send> recei*e%only summary connected and
static
&8*% LAB
Scenario
5isable &I0 and configure EIM&0 as per the following diagram.
CCIE Routing and Switching Boot Camp Day 1 to 4 Lab Page #) of 136
Topology
&8*%1 Tas$s
Tas4 # )6asic E5C@P*3 Configure EIM&0 on all &outers and switches. 3nly use a single
network statement on the routers. The switches can be configured as you wish.
&= and &@ will be configured as a stub with only summaries of 2=<.2$.#.#E2$
26<.2$@.2#.#E<+ and 2#.#.#.#E@ being learned from Turnkey but does not use the stub
command under the EIM&0 routing process to accomplish this.
Tas4 2 )Summaries*3 ,ake sure the 9ranch site only ad*ertises a 2#.#.#.#E@ out bound. &2
can also ad*ertises a longer mask for itBs loop back. Configure extra filters to make sure (w2
is always preferred for the 2#.#.#.# networks. 3nly (w2 can ha*e a null # route in this Lab
CCIE Routing and Switching Boot Camp Day 1 to 4 Lab Page #1 of 136
Tas4 % )9efaults*3 &< and &! should send a default route into EIM&0 to reach the I(0
routers make sure the I(0 routers -&=&@. do not use this default route.
Tas4 ( )@outing Ta$le*3 4erify the routing tables in your equipment and make adLustments
until they look the same as Task +.
220
8atewa* of last resort is 1"2.1>.." to networ) !.!.!.!
1 132.1>9.1!.!B24 is directl* connectedA :astEthernet!B!
7 1"2.1>.4.9B32 I3!B291>39>J 'ia 1"2.1>.."A !!012043A Serial!B!B!.3
7 1"2.1>.4.!B24 I3!B291>39>J 'ia 1"2.1>.."A !!012043A Serial!B!B!.3
1 1"2.1>..!B24 is directl* connectedA Serial!B!B!.3
7 1"2.1>.>.!B24 I3!B21"!112J 'ia 132.1>9.1!.3A !!012042A :astEthernet!B!
1 1"2.1>.1.!B24 is directl* connectedA Serial!B!B!.1
7 1"2.1>.4."B32
I3!B291"!112J 'ia 132.1>9.1!.3A !!012044A :astEthernet!B!
7 1"2.1>.3.!B24 I3!B21"!112J 'ia 132.1>9.1!.>A !!012044A :astEthernet!B!
I3!B21"!112J 'ia 132.1>9.1!.A !!012044A :astEthernet!B!
13!.!.!.!B24 is s(5nettedA > s(5nets
7 13!.!.2.! I3!B223"9>J 'ia 1"2.1>.."A !!01204>A Serial!B!B!.3
7 13!.!.>.! I3!B223"9>J 'ia 1"2.1>.."A !!01204>A Serial!B!B!.3
7 13!.!..! I3!B223"9>J 'ia 1"2.1>.."A !!01204>A Serial!B!B!.3
7 1!.13.13.!B24 I3!B139>J 'ia 132.1>9.1!.3A !!01302A :astEthernet!B!
1 1!.12.12.!B24 is directl* connectedA $oop5ac)1
7 1!.1!.1!.!B24 I3!B21"49>3!3J 'ia 1"2.1>.1.1A !!01204>A Serial!B!B!.1
7 1!.!.!.!B9 I3!B2>112J 'ia 132.1>9.1!.1A !!01204A :astEthernet!B!
131.!.!.!B24 is s(5nettedA > s(5nets
7 131.!.3.! I3!B2239112J 'ia 132.1>9.1!.3A !!01204A :astEthernet!B!
7 131.!.1.! I3!B2239112J 'ia 132.1>9.1!.3A !!01204>A :astEthernet!B!
7 131.!.>.! I3!B2239112J 'ia 132.1>9.1!.3A !!01204>A :astEthernet!B!
7 131.!..! I3!B2239112J 'ia 132.1>9.1!.3A !!01204>A :astEthernet!B!
2!9.1.1.!B32 is s(5nettedA 2 s(5nets
7 2!9.1.1.1 I3!B223"9>J 'ia 1"2.1>.."A !!01204"A Serial!B!B!.3
7 2!9.1.1.2 I3!B2239112J 'ia 132.1>9.1!.3A !!01204>A :astEthernet!B!
SK !.!.!.!B! I1B!J 'ia 1"2.1>.."
230
8atewa* of last resort is 1"2.1>.>.9 to networ) !.!.!.!
7 1"2.1>.4.9B32
7 1"2.1>.4.!B24 I3!B291>39>J 'ia 1"2.1>.>.9A !!014031A Serial!B!B!.3
7 1"2.1>..!B24 I3!B21"!112J 'ia 132.1>9.1!.2A !!014031A :astEthernet!B!
1 1"2.1>.>.!B24 is directl* connectedA Serial!B!B!.3
7 1"2.1>.2.!B24 I3!B21"!112J 'ia 132.1>9.1!.3A !!014032A :astEthernet!B!
7 1"2.1>.4."B32 I3!B291>39>J 'ia 1"2.1>.>.9A !!014031A Serial!B!B!.3
7 13!.!.2.! I3!B2239112J 'ia 132.1>9.1!.2A !!014032A :astEthernet!B!
7 13!.!.>.! I3!B2239112J 'ia 132.1>9.1!.2A !!014033A :astEthernet!B!
7 13!.!..! I3!B2239112J 'ia 132.1>9.1!.2A !!014033A :astEthernet!B!
7 1!.1!.1!.!B24 I3!B21"49>3!3J 'ia 1"2.1>.1.1A !!014034A Serial!B!B!.1
7 131.!.3.! I3!B223"9>J 'ia 1"2.1>.>.9A !!014032A Serial!B!B!.3
7 131.!.>.! I3!B223"9>J 'ia 1"2.1>.>.9A !!014034A Serial!B!B!.3
7 131.!..! I3!B223"9>J 'ia 1"2.1>.>.9A !!014034A Serial!B!B!.3
7 2!9.1.1.1 I3!B2239112J 'ia 132.1>9.1!.2A !!014034A :astEthernet!B!
7 2!9.1.1.2 I3!B223"9>J 'ia 1"2.1>.>.9A !!014034A Serial!B!B!.3
SK !.!.!.!B! I1B!J 'ia 1"2.1>.>.9
2"0
7 132.1>9.1!.!B24 I3!B21"!112J 'ia 1"2.1>..2A !10!"0!4A Serial!B!B!.1
1 1"2.1>.4.9B32 is directl* connectedA Serial!B!B1
1 1"2.1>.4.!B24 is directl* connectedA Serial!B!B1
7 1"2.1>.!.!B1> I3!B2>919>J 'ia 1"2.1>..2A !10!"0!3A Serial!B!B!.1
1 13!.!.2.! is directl* connectedA $oop5ac)!
1 13!.!.>.! is directl* connectedA $oop5ac)!
1 13!.!..! is directl* connectedA $oop5ac)!
7 1!.!.!.!B9 I3!B21"!3>9J 'ia 1"2.1>..2A !!01>0!>A Serial!B!B!.1
1 2!9.1.1.1 is directl* connectedA $oop5ac)2
290
7 132.1>9.1!.!B24 I3!B21"!112J 'ia 1"2.1>.>.3A !10!9033A Serial!B!B!.1
7 1"2.1>.!.!B1> I3!B2>919>J 'ia 1"2.1>.>.3A !10!9033A Serial!B!B!.1
1 1"2.1>.4."B32 is directl* connectedA Serial!B!B1
7 1!.!.!.!B9 I3!B21"!3>9J 'ia 1"2.1>.>.3A !!01"033A Serial!B!B!.1
1 131.!.3.! is directl* connectedA $oop5ac)!
1 131.!.>.! is directl* connectedA $oop5ac)!
1 131.!..! is directl* connectedA $oop5ac)!
Tas4 )Testing*3 0ing test connecti*ity to e*ery I0 address from (w!.
&8*%1 Answers
Tas4 # )6asic E5C@P*3 Configure EIM&0 on all &outers and switches. 3nly use a single
network statement on the routers. The switches can be configured as you wish.
3nly an example of a router and switch are shown because the remainders are redundant1
210
ro(ter eigrp 1!!
networ) !.!.!.!
no a(to+s(mmar*
Sw10
ro(ter eigrp 1!!
networ) 1!.!.!.!
networ) 132.1>9.1!.!
no a(to+s(mmar*
&= and &@ will be configured as a stub with only summaries of 2=<.2$.#.#E2$
26<.2$@.2#.#E<+ and 2#.#.#.#E@ being learned form Turn%key but do not use the stub
command under the eigrp routing process to accomplish this. To make the I(0 routers appear
to be a stub we will only send summaries from &< and &!. The 2#.#.#.#E@ was already
summariIed by (w2 and &2 sow we Lust need to summariIe 2=<.2$.#.# and filter it between
&= and &@.
220
ro(ter eigrp 1!!
redistri5(te static metric 1 1 1 1 1
offset+list Eero in 214"493>4" Serial!B!B!.1
networ) !.!.!.!
no auto1summary ,3(is a!!o's us to use0 VLS5-
ip address 1"2.1>..2 2.2.2.!
ip rip triggered
ip summary1a00ress eigrp 1)) 1$22162)2) 2##22##2)2) 2## ,6e are setting t(e AD to 2## to remo7e t(e u!!)-
ip ospf 1 area >
frame+rela* interface+dlci 2!"
230
ro(ter eigrp 1!!
networ) !.!.!.!
no auto1summary
description /2/+to+2>
ip address 1"2.1>.>.3 2.2.2.!
ip rip triggered
ip summary1a00ress eigrp 1)) 1$22162)2) 2##22##2)2) 2##
ip ospf 1 area
2"0
ro(ter eigrp 1!!
networ) !.!.!.!
0istribute1!ist prefi8 nu!! out ,Pre7ent t(e summaries from going bac" to 3urn1"ey-
distri5(te+list prefi- defa(lt in
no a(to+s(mmar*
description ///+to+29
ip address 1"2.1>.4." 2.2.2.!
encaps(lation ppp
ip summary1a00ress eigrp 1)) 1$22162)2) 2##22##2)2) 2## ,9n!y sen0 a summary bet'een 4$: 4% an0 no u!! )-
dela* 1!!!!!!
cloc) rate 2!!!!!!
ppp chap hostname (ser
ppp chap password ! cisco
ip prefi81!ist nu!! se; # 0eny 1)2)2)2)<%
ip prefi81!ist nu!! se; 1) 0eny 1$22162)2)<16
ip prefi81!ist nu!! se; 1# 0eny 1&2216%21)2)<24
ip prefi81!ist nu!! se; 2) permit )2)2)2)<) !e 32 ,a!!o' t(e !eft o7er net'or"s-
290 Same config(ration as 2" 5asicall*
Tas4 2 )Summaries*3 ,ake sure the 9ranch site only ad*ertises a 2#.#.#.#E@ out bound. &2
can also ad*ertises a longer mask for itBs loop back -2#.2#.2#.#E<+..
Sw10
interface #lan1!
description #lan1!,$eased
ip address 132.1>9.1!.1 2.2.2.!
ip summary1a00ress eigrp 1)) 1)2)2)2) 2##2)2)2) # ,3(is summary a00s a u!!) for !oop protection-
@
ro(ter eigrp 1!!
networ) 1!.!.!.!
networ) 132.1>9.1!.!
no a(to+s(mmar*
210
ro(ter eigrp 1!!
networ) !.!.!.!
no a(to+s(mmar*
ip address 1"2.1>.1.1 2.2.2.!
ip summary1a00ress eigrp 1)) 1)2)2)2) 2##2)2)2) 2## !ea"1map !ea"y ,A !ea" map a!!o's a more specific mas" 1)21)21)2)<24 an0 AD of 2##
remo7es t(e nu!!)2-
ip ospf 1 area !
CCIE Routing and Switching Boot Camp Day 1 to 4 Lab Page ## of 136
Configure extra filters to make sure (w2 is always preferred for the 2#.#.#.# networks. 3nly
(w2 can ha*e a null # route in this Lab. This is configured on &< and &!.
220
ro(ter eigrp 1!!
offset1!ist =ero in 214$4%364$ Seria!)<)<)21 ,3(is offset set a (ig( metric for t(e summary o7er t(e framere!ay-
offset1!ist =ero in 214$4%364$ Seria!)<)<)22
networ) !.!.!.!
no a(to+s(mmar*
ip access+list standard Eero
permit 1)2)2)2) )22##22##22## ,9n!y matc(es t(e 1)2)2)2) summary-
Same config(ration for 23
Tas4 % )9efaults*3 &< and &! should send a default route into EIM&0 to reach the I(0
routers make sure the I(0 routers -&=&@. do not use this default route.
&edistribute a static route to the I(0 on both &< and &! and filter the default route on &= and
&@.
220
ro(ter eigrp 1!!
re0istribute static metric 1 1 1 1 1 ,3(is 'i!! re0istribute t(e static 0efau!t route to 4$-
networ) !.!.!.!
no a(to+s(mmar*
ip ro(te !.!.!.! !.!.!.! 1"2.1>.."
230 ;asicall* same config(ration as 22
2"0
ro(ter eigrp 1!!
networ) !.!.!.!
distri5(te+list prefi- n(ll o(t
0istribute1!ist prefi8 0efau!t in ,3(is 'i!! pre7ent t(e 4$ from !earning a 0efau!t route from 3urn1>ey-
no a(to+s(mmar*
ip prefi-+list defa(lt se? permit 1!.!.!.!B9 ,3(is on!y a!!o's t(e summaries t(at 'e 0esire an0 pre7ents t(e )2)2)2)-
ip prefi-+list defa(lt se? 1! permit 1"2.1>.!.!B1>
ip prefi-+list defa(lt se? 1 permit 132.1>9.1!.!B24
Ne co(ld ha'e denied !.!.!.! and allowed e'er*thing else too.
29 has a similar config(ration.
Tas4 ( )@outing Ta$le*3 ,ake sure the routing tables for &< &! &= and &@ look the same
in your configuration.
220
7 1"2.1>.4.9B32 I3!B291>39>J 'ia 1"2.1>.."A !!012043A Serial!B!B!.3
7 1"2.1>.4.!B24 I3!B291>39>J 'ia 1"2.1>.."A !!012043A Serial!B!B!.3
7 1"2.1>.>.!B24 I3!B21"!112J 'ia 132.1>9.1!.3A !!012042A :astEthernet!B!
7 1"2.1>.4."B32
7 1"2.1>.3.!B24 I3!B21"!112J 'ia 132.1>9.1!.>A !!012044A :astEthernet!B!
I3!B21"!112J 'ia 132.1>9.1!.A !!012044A :astEthernet!B!
7 13!.!.>.! I3!B223"9>J 'ia 1"2.1>.."A !!01204>A Serial!B!B!.3
7 13!.!..! I3!B223"9>J 'ia 1"2.1>.."A !!01204>A Serial!B!B!.3
7 1!.1!.1!.!B24 I3!B21"49>3!3J 'ia 1"2.1>.1.1A !!01204>A Serial!B!B!.1
7 131.!.>.! I3!B2239112J 'ia 132.1>9.1!.3A !!01204>A :astEthernet!B!
7 131.!..! I3!B2239112J 'ia 132.1>9.1!.3A !!01204>A :astEthernet!B!
7 2!9.1.1.1 I3!B223"9>J 'ia 1"2.1>.."A !!01204"A Serial!B!B!.3
7 2!9.1.1.2 I3!B2239112J 'ia 132.1>9.1!.3A !!01204>A :astEthernet!B!
SK !.!.!.!B! I1B!J 'ia 1"2.1>.."
230
8atewa* of last resort is 1"2.1>.>.9 to networ) !.!.!.!
7 1"2.1>.4.9B32
7 1"2.1>.4.!B24 I3!B291>39>J 'ia 1"2.1>.>.9A !!014031A Serial!B!B!.3
7 1"2.1>..!B24 I3!B21"!112J 'ia 132.1>9.1!.2A !!014031A :astEthernet!B!
7 1"2.1>.2.!B24 I3!B21"!112J 'ia 132.1>9.1!.3A !!014032A :astEthernet!B!
7 1"2.1>.4."B32 I3!B291>39>J 'ia 1"2.1>.>.9A !!014031A Serial!B!B!.3
7 13!.!.>.! I3!B2239112J 'ia 132.1>9.1!.2A !!014033A :astEthernet!B!
7 13!.!..! I3!B2239112J 'ia 132.1>9.1!.2A !!014033A :astEthernet!B!
7 1!.1!.1!.!B24 I3!B21"49>3!3J 'ia 1"2.1>.1.1A !!014034A Serial!B!B!.1
CCIE Routing and Switching Boot Camp Day 1 to 4 Lab Page #$ of 136
7 131.!.>.! I3!B223"9>J 'ia 1"2.1>.>.9A !!014034A Serial!B!B!.3
7 131.!..! I3!B223"9>J 'ia 1"2.1>.>.9A !!014034A Serial!B!B!.3
7 2!9.1.1.1 I3!B2239112J 'ia 132.1>9.1!.2A !!014034A :astEthernet!B!
7 2!9.1.1.2 I3!B223"9>J 'ia 1"2.1>.>.9A !!014034A Serial!B!B!.3
SK !.!.!.!B! I1B!J 'ia 1"2.1>.>.9
2"0
7 132.1>9.1!.!B24 I3!B21"!112J 'ia 1"2.1>..2A !10!"0!4A Serial!B!B!.1
1 1"2.1>.4.9B32 is directl* connectedA Serial!B!B1
7 1"2.1>.!.!B1> I3!B2>919>J 'ia 1"2.1>..2A !10!"0!3A Serial!B!B!.1
1 13!.!.>.! is directl* connectedA $oop5ac)!
1 13!.!..! is directl* connectedA $oop5ac)!
7 1!.!.!.!B9 I3!B21"!3>9J 'ia 1"2.1>..2A !!01>0!>A Serial!B!B!.1
290
7 132.1>9.1!.!B24 I3!B21"!112J 'ia 1"2.1>.>.3A !10!9033A Serial!B!B!.1
7 1"2.1>.!.!B1> I3!B2>919>J 'ia 1"2.1>.>.3A !10!9033A Serial!B!B!.1
1 1"2.1>.4."B32 is directl* connectedA Serial!B!B1
7 1!.!.!.!B9 I3!B21"!3>9J 'ia 1"2.1>.>.3A !!01"033A Serial!B!B!.1
1 131.!.>.! is directl* connectedA $oop5ac)!
1 131.!..! is directl* connectedA $oop5ac)!
Tas4 )Testing*3 0ing test connecti*ity to e*ery I0 address from (w!.
3n a switch we need to use a macro>
+tep 1, Sw4(config)#macro name PING
Enter macro commands one per line End with the character !"!

do ping 1!.3.3.1
do ping 1!.3.3.2
CCIE Routing and Switching Boot Camp Day 1 to 4 Lab Page #% of 136
do ping 1!.4.4.1
do ping 1!.4.4.2
do ping 1!...1
do ping 1!...2
do ping 1!.>.>.1
do ping 1!.>.>.2
do ping 1!.".".1
do ping 1!.".".2
do ping 1!.9.9.1
do ping 1!.9.9.2
do ping 1!.3.3.1
do ping 1!.3.3.2
do ping 132.1>9.1!.1
do ping 132.1>9.1!.2
do ping 132.1>9.1!.3
do ping 132.1>9.1!.
do ping 132.1>9.1!.>
do ping 132.1>9.1!.3
do ping 1"2.1>.1.2
do ping 1"2.1>.1.3
do ping 1"2.1>.2.2
do ping 1"2.1>.2.3
do ping 1"2.1>.3.3
do ping 1"2.1>.3.
do ping 1"2.1>.3.>
do ping 1"2.1>..2
do ping 1"2.1>.."
do ping 1"2.1>.>.3
do ping 1"2.1>.>.9
do ping 1!.1!.1!.1
do ping 1!.12.12.1
do ping 1!.13.13.1
do ping 2!9.1.1.1
do ping 2!9.1.1.2
"

+tep 2, Sw4(config)#macro glo#al appl$ PING
S%&'
Sw1#sh ip eigrp topolog*
</+E<82/ .opolog* .a5le for %S(1!!)B<7(132.1>9.1!.1)
1odes0 / + /assi'eA % + %cti'eA = + =pdateA O + O(er*A 2 + 2epl*A
r + repl* Stat(sA s + sia Stat(s
/ !.!.!.!B!A 2 s(ccessorsA :7 is 2>!!!!12
'ia 132.1>9.1!.2 (2>!!!!12B2>!!!!2>)A #lan1!A serno >"
'ia 132.1>9.1!.3 (2>!!!!12B2>!!!!2>)A #lan1!
/ 1!.13.13.!B24A 1 s(ccessorsA :7 is 13!91>
'ia 132.1>9.1!.3 (13!91>B1292>)A #lan1!
/ 1!.12.12.!B24A 1 s(ccessorsA :7 is 13!91>
'ia 132.1>9.1!.2 (13!91>B1292>)A #lan1!
CCIE Routing and Switching Boot Camp Day 1 to 4 Lab Page #& of 136
/ 1!.1!.1!.!B24A 1 s(ccessorsA :7 is 13!91>
'ia 1!.>.>.2 (13!91>B1292>)A #lan>
/ 1!.>.>.!B3!A 1 s(ccessorsA :7 is 291>
'ia 1onnectedA #lan>
/ 1!.!.!.!B9A 1 s(ccessorsA :7 is 291>
'ia S(mmar* (291>B!)A &(ll!
/ 1!.".".!B3!A 3 s(ccessorsA :7 is 3!"2
'ia 1!...2 (3!"2B291>)A #lan
'ia 1!.3.3.2 (3!"2B291>)A #lan3
'ia 1!.4.4.2 (3!"2B291>)A #lan4
/ 1!.3.3.!B3!A 1 s(ccessorsA :7 is 3!"2
'ia 1!.9.9.2 (3!"2B291>)A #lan9
/ 1!.11.11.!B3!A 3 s(ccessorsA :7 is 3!"2
'ia 1!.3.3.2 (3!"2B291>)A #lan3
'ia 1!.4.4.2 (3!"2B291>)A #lan4
'ia 1!...2 (3!"2B291>)A #lan
/ 1!.9.9.!B3!A 1 s(ccessorsA :7 is 291>
'ia 1onnectedA #lan9
/ 1!...!B3!A 1 s(ccessorsA :7 is 291>
'ia 1onnectedA #lan
/ 1!.3.3.!B24A 1 s(ccessorsA :7 is 291>
/ 1!.4.4.!B24A 1 s(ccessorsA :7 is 291>
/ 132.1>9.1!.!B24A 1 s(ccessorsA :7 is 291>
'ia 1onnectedA #lan1!
/ 1!.2.3."B32A 1 s(ccessorsA :7 is 2>!!!!12
'ia 132.1>9.1!.2 (2>!!!!12B2>!!!!2>)A #lan1!
/ 143.3.3.!B24A ! s(ccessorsA :7 is <naccessi5le
'ia 132.1>9.1!.3 (13!91>B1292>)A #lan1!
/ 1!.3.3.!B24A 1 s(ccessorsA :7 is 13!91>
'ia 132.1>9.1!.3 (13!91>B1292>)A #lan1!
/ 1!.2.2.!B24A ! s(ccessorsA :7 is <naccessi5le
'ia 132.1>9.1!.2 (13!91>B1292>)A #lan1!
/ 1!.1.1.!B24A 1 s(ccessorsA :7 is 13!91>
'ia 132.1>9.1!.2 (13!91>B1292>)A #lan1!
'ia 132.1>9.1!.3 (13!91>B1292>)A #lan1!
'ia 132.1>9.1!.2 (13!91>B1292>)A #lan1!
'ia 132.1>9.1!.3 (13!91>B1292>)A #lan1!
'ia 132.1>9.1!.2 (13!91>B1292>)A #lan1!
/ 1!.9.9.9B32A 1 s(ccessorsA :7 is 2>!!!!12
'ia 132.1>9.1!.3 (2>!!!!12B2>!!!!2>)A #lan1!
/ 1"2.1>..!B24A 1 s(ccessorsA :7 is 21"!112
'ia 132.1>9.1!.2 (21"!112B21>39>)A #lan1!
/ 1"2.1>.>.!B24A 1 s(ccessorsA :7 is 21"!112
'ia 132.1>9.1!.3 (21"!112B21>39>)A #lan1!
/ 1"2.1>.1.!B24A 1 s(ccessorsA :7 is 21"!112
'ia 1!.>.>.2 (21"!112B21>39>)A #lan>
/ 1"2.1>.2.!B24A 1 s(ccessorsA :7 is 21"!112
'ia 132.1>9.1!.3 (21"!112B21>39>)A #lan1!
/ 1"2.1>.3.!B24A 3 s(ccessorsA :7 is 21"!112
'ia 132.1>9.1!.> (21"!112B21>39>)A #lan1!
'ia 132.1>9.1!.3 (21"!112B21>39>)A #lan1!
Day 1
*ed#ndancy
5ot Standby *o#ter %rotocol (5S*%)
)ot (tandby &outer 0rotocol -)(&0. is a Cisco proprietary redundancy protocol for
establishing a fault%tolerant default gateway. The protocol establishes a framework between
network routers in order to achie*e default gateway failo*er if the primary gateway should
become inaccessible in close association with a rapid%con*erging routing protocol like EIM&0
or 3(08. 9y multicasting packets )(&0 sends its hello messages to the multicast address
<<+.#.#.< -all routers. using 750 port 26@" to other )(&0%enabled routers defining priority
between the routers. The primary router with the highest configured priority will act as a
*irtual router with its own I0 and ,AC address which the hosts on the local segment will be
configured to use as a gateway to the destination in question. If the primary router should
fail or the link to the destination drop the router with the next%highest priority would take
o*er communications through alternati*e routes within seconds without maLor interruption to
network connecti*ity.
)(&0 is not a routing protocol as it does not ad*ertise I0 routes or affect the routing table in
any way. 9y using )(&0 a set of routers works in concert to present the illusion of a single
*irtual router to the hosts on a LA/. This set is known as an )(&0 group or a standby group.
A single router elected from the group is responsible for forwarding the packets that hosts
send to the *irtual router. This router is known as the Acti*e router. Another router is elected
as the (tandby router. In the e*ent that the Acti*e router fails the (tandby assumes the
packet%forwarding duties of the Acti*e router. Although an arbitrary number of routers may
run )(&0 only the Acti*e router forwards the packets sent to the *irtual router. To minimiIe
network traffic only the Acti*e and (tandby routers send periodic
)(&0 messages once the protocol has completed the election process. If the Acti*e router
fails the (tandby router takes o*er as the Acti*e router. If the (tandby router fails or
becomes the Acti*e router then another router is elected as the (tandby router. 3n a
particular LA/ multiple hot standby groups may coexist and o*erlap. Each standby group
emulates a single *irtual router. The indi*idual routers may participate in multiple groups. In
this case the router maintains separate state and timers for each group. Each standby group
has a single well%known ,AC address as well as an I0 address.
)(&0 is designed for networks that require continuous access to resources off the local
network. The )(&0 default *alue is 2## and the higher%*alued priority defines which router
is to be designated as primary acti*e router.
)(&0 routers exchange three types of multicast messages>
<ello;The hello message passes information about )(&0 priority and state
information. It also acts as a heartbeat on the primary making sure the others
know itBs ali*e. 9y default hello messages are sent at three second inter*als.
Coup;:hen a standby router takes o*er the function of an acti*e router
coup message is sent.
@esign;:hen the acti*e router is about to shut down or when a router
with a higher priority sends its hello message the acti*e router will send out a
resign message.
At any time )(&0%configured routers are in one of the following states>
1ctive;The router is doing what it does route.
Stand$y;:aiting waiting waiting.
Spea4ing and listening;The router is sending and recei*ing hello
messages.
Listening;The router is recei*ing hello messages.
The following example configures a (4I interface to ha*e a *irtual I0 address of 2#.<.<.2
which would be used as a default gateway for end%de*ices. This routerBs priority is 2<# and if
it has the highest priority than after a failure the *irtual I0 should become acti*e after a delay
of !## seconds. The default hello timers ha*e been set to " seconds with 2" seconds causing
a standby switch o*er.
config(re terminal
interface 'lan 2
stand5* ip 1!.2.2.1
stand5* priorit* 12! preempt dela* 3!!
stand5* 1 timers 1
!irt#al *o#ter *ed#ndancy %rotocol (!**%)
4irtual &outer &edundancy 0rotocol -4&&0. is a non%proprietary -VE79A@ 7EBT@1L.
redundancy protocol designed to increase the a*ailability of the default gateway ser*icing
hosts on the same subnet. This increased reliability is achie*ed by ad*ertising a V*irtual
routerV -an abstract representation of master and backup routers acting as a group. as a
default gateway to the host-s. instead of one physical router. Two or more physical routers
are then configured to stand for the *irtual router with only one doing the actual routing at
any gi*en time. If the current physical router that is routing the data on behalf of the *irtual
router fails an arrangement is made for another physical router to automatically replace it.
The physical router that is currently forwarding data on behalf of the *irtual router is called
the master router. 0hysical routers standing by to take o*er from the master router in case
something goes wrong are called backup routers. 4&&0 can be used o*er Ethernet ,0L( and
token ring networks. Implementations for I0*$ are in de*elopment but not yet a*ailable. The
4&&0 protocol is more widely implemented than its competitors. 4endors like Extreme
/etworks 5ell /okia /ortel /etworks Cisco (ystems Inc Allied Telesis Wuniper /etworks
)uawei 8oundry /etworks &adware and !Com Corporation all offer routers and Layer !
switches that can use the 4&&0 protocol. 4&&0 implementations for Linux and 9(5 are also
a*ailable. 4&&0 is not a routing protocol as it does not ad*ertise I0 routes or affect the
routing table in any way.
The following is an example of a router with an I0 address of 2#.<.<.< and using a *irtual I0
of 2#.<.<.2 as a gateway for end%de*ices.
interface 'lan 2
ip address 1!.2.2.2
'rrp 1 ip 1!.2.2.1
'rrp 1 priorit* 1!
'rrp 1 timers ad'ertise 4
8ateway Load Balancing %rotocol (8LB%)
Mateway Load 9alancing 0rotocol -ML90. is a Cisco proprietary protocol that attempts to
o*ercome the limitations of existing redundant router protocols by adding basic load balancing
functionality. In addition to being able to set priorities on different gateway routers ML90 also
allows a weighting parameter to be set. 9ased on this weighting -compared to others in the
same *irtual router group. A&0 requests will be answered with ,AC addresses pointing to
different routers. Thus load balancing is not based on traffic load but rather on the number
of hosts that will use each gateway router.
The Acti*e 4irtual Mateway -A4M. maintains a table of the 4irtual Mateway I0 address to mac%
address mapping of the Acti*e 4irtual 8orwarders -A48.. :hen the end hosts A&0 than the
A4M decides which router A48Bs mac%address to respond to the A&0. In other words de*ices
will be equally di*ided between multiple routers with unique mac%addresses but sharing a
common *irtual I0 address. This way 5)C0 can hand out a single gateway address while the
A4M pro*ides the load balancing mechanism.
The following example shows a basic ML90 example>
*o#ter 1
trac( )* interface Serial)+* line-protocol up dela$ )*
,
interface -astEthernet&+*
ip address &*&&& .//.//.//*
duple0 full
gl#p & ip &*&&&*
gl#p & weighting &** lower 1/
gl#p & weighting trac( )*
gl#p & forwarder preempt dela$ minimum *
*o#ter .
trac( )* interface Serial)+* line-protocol up dela$ )*
,
interface -astEthernet&+*
ip address &*&&. .//.//.//*
duple0 full
gl#p & ip &*&&&*
gl#p & priorit$ 1/
gl#p & weighting &** lower 1/
gl#p & weighting trac( )*
gl#p & forwarder preempt dela$ minimum *
D/ote at the time of writing this workbook the !"$#s do not support the ML90 feature.
5S*% Lab
5S*%1 Tas$s
Tas4 # )<S@P*3 Configure redundancy such that (w2 is the gateway for de*ices on 4lan !
and (w< is the gateway for de*ices on 4lan +. If there is a failo*er and reco*ery make the
routers wait 2 minute prior to re*erting back to the primary. 9oth routers must track their
connection to &2.
5S*%1 Answers
Tas4 # )<S@P*3 The answer is to make (w2 the acti*e router for 4lan ! and (w< the acti*e
router for 4lan +. 9oth routers need the track command to monitor the status to &2.
Sw10
interface #lan3
ip address 1!.3.3.1 2.2.2.!
stand5* ip 1!.3.3.24
stand5* priorit* 2
stand5* preempt dela* minim(m >!
stand5* name #lan3
stand5* trac) :astEthernet!B1
@
interface #lan4
ip address 1!.4.4.1 2.2.2.!
stand5* 1 ip 1!.4.4.24
stand5* 1 name #lan4
Sw1#sh stand5*
#lan3 + 8ro(p !
State is Acti7e
2 state changesA last state change !10440>
#irt(al </ address is 1!.3.3.24
%cti'e 'irt(al 4%1 address is !!!!.!c!".ac!!
$ocal 'irt(al 4%1 address is !!!!.!c!".ac!! ('1 defa(lt)
Cello time 3 secA hold time 1! sec
&e-t hello sent in 1.33 secs
/reemption ena5ledA dela* min >! secs
%cti'e ro(ter is local
Stand5* ro(ter is 1!.3.3.2A priorit* 1!! (e-pires in ".2!" sec)
/riorit* 2 (config(red 2)
.rac) interface :astEthernet!B1 state =p decrement 1!
</ red(ndanc* name is P#lan3P (cfgd)
#lan4 + 8ro(p 1
State is Stan0by
1 state changeA last state change !104403"
%cti'e 'irt(al 4%1 address is !!!!.!c!".ac!1
$ocal 'irt(al 4%1 address is !!!!.!c!".ac!1 ('1 defa(lt)
&e-t hello sent in 1."33 secs
/reemption disa5led
%cti'e ro(ter is 1!.4.4.2A priorit* 2 (e-pires in ".3>1 sec)
Stand5* ro(ter is local
/riorit* 1!! (defa(lt 1!!)
Sw1#
Sw20
interface #lan4
stand5* 1 ip 1!.4.4.24
stand5* 1 priorit* 2
stand5* 1 preempt dela* minim(m >!
stand5* 1 name #lan4
stand5* 1 trac) :astEthernet!B1
@
interface #lan3
stand5* ip 1!.3.3.24
stand5* name #lan3
SN2#sh stand5*
#lan3 + 8ro(p !
State is Stan0by
1 state changeA last state change !104>0!9
%cti'e 'irt(al 4%1 address is !!!!.!c!".ac!!
$ocal 'irt(al 4%1 address is !!!!.!c!".ac!! ('1 defa(lt)
&e-t hello sent in 1." secs
/reemption disa5led
%cti'e ro(ter is 1!.3.3.1A priorit* 2 (e-pires in ".2"4 sec)
Stand5* ro(ter is local
/riorit* 1!! (defa(lt 1!!)
#lan4 + 8ro(p 1
State is Acti7e
2 state changesA last state change !104>023
%cti'e 'irt(al 4%1 address is !!!!.!c!".ac!1
$ocal 'irt(al 4%1 address is !!!!.!c!".ac!1 ('1 defa(lt)
&e-t hello sent in !.3"! secs
/reemption ena5ledA dela* min >! secs
%cti'e ro(ter is local
Stand5* ro(ter is 1!.4.4.1A priorit* 1!! (e-pires in 9.492 sec)
/riorit* 2 (config(red 2)
.rac) interface :astEthernet!B1 state =p decrement 1!
Day .
9S%3
3(08 is a Link (tate routing protocol that uses 5iLkstraBs shortest path first -(08. algorithm.
3(08 is an open standard -following &8C 2<"!. and is often used in multi%*endor
en*ironments.
(e*eral of 3(08Bs ad*antages include fast con*ergence classless routing 4L(, support
authentication support support for much larger inter%networks the use of areas to minimiIe
routing protocol traffic and a hierarchical design.
9ther 9S%3 3eat#res1
Equal cost load balancing
,ulticast routing updates
&oute tagging for tagging of external routing information
Classless beha*ior which allows the use of discontiguous networks
9S%3 "etwor$ Types
5ntra!area;Traffic passed between routers within a single area.
5nter!area;Traffic passed between routers in different areas.
E/ternal;Traffic passed between an 3(08 router and a router in another
autonomous system.
M Type 2 E/ternals use a cost defined at redistribution -default.
M Type # E/ternals calculate the actual cost with 3(08
/etworks can be added to 3(08 in three different methods
#& /etwork command Cnetwor4 #&#&#&0 0&0&0&2 area 0
2& &edistribute connected
%& 7nder the interface % ip ospf # area 2
*D
The 3(08 router I5 -&I5. Identifies an 3(08 neighbor. It consists of a 5otted 5ecimal !< bit
identifier but does not ha*e to be a routable I0 address.
The *alue <<!.<"".<"".<"" highest possible router I5. (tatically setting the &outer I5 is
preferred to allowing the router choose the I5. If a &I5 is not configured than the router will
do the following after an 3(08 process is first started cleared or the router is rebooted>

7ses highest I0 address of all configured loopbacks
If no loopback is present it uses the highest I0 address of an interface
If Interfaces are added later the router could choose a different &I5 after a reboot. (ince the
&I5 is used for *irtual%link commands 5& election and must be the same as a 9M0 &I5 when
synchroniIation is enabled it is recommended to manually control the &I5.
/oteD )ighest &outer I5 wins 5& election C 0riority can offset election
To configure a &I5 under the 3(08 process than program the following>
router%id 2.2.2.2
LSA
There are + general L(As
&outer L(As -Type 2 L(As. describe the routers attached to a network.
/etwork L(As -Type < L(As. describe the networks attached to an 3(08 router.
(ummary L(As -Type ! and Type + L(As. condense routing information at area
borders.
External L(As -Type " and Type = L(As. describe routes to external networks.
Type 2 L(As are router link ad*ertisements that are passed within an area by all 3(08
routers. They describe the router links to the network. Type 2 L(As are only flooded within a
particular area.
Type < L(As are network link ad*ertisements that are flooded within an area by the
5esignated &outer. They describe ALL the routers attached to specific networks including the
5&. These L(As are flooded only in the originating area.
Type ! L(A are summary link ad*ertisements that are passed between areas. They describe
the networks within an area.
Type + L(As are summary link ad*ertisements that are passed between areas. They describe
the path to the A(9&. Type + L(As do not get flooded into stub areas.
Type " L(As are passed between and flooded into areas by A9(&s. They describe routes
external to the A(. (tub areas and /((As do not recei*e these L(As.
Type = L(As are /((A A(%external routes that are flooded by the A(9&. They are similar to
Type " L(As but unlike Type " L(As which are flooded into multiple areas Type = L(As are
only flooded into /((As. Type = L(As are con*erted to Type " L(As by A9&s before being
flooded into the area backbone.
Area types
7ormal 1reas3 These areas can either be standard areas or transit -backbone. areas.
(tandard areas are defined as areas that can accept intra%area inter%area and external
routes. The backbone area is the central area to which all other areas in 3(08 connect.
7ote3 Intra%area routes refer to updates that are passed within the area. Inter%area routes
refer to updates that are passed between areas. External routes refer to updates passed from
another routing protocol into the 3(08 domain by the Autonomous (ystem 9order &outer
-A(9&..
Stu$ 1reas3 These areas do not accept routes belonging to external autonomous systems
-A(.1 howe*er these areas ha*e inter%area and intra%area routes. In order to reach the
outside networks the routers in the stub area use a default route which is inLected into the
area by the Area 9order &outer -A9&.. A stub area is typically configured in situations where
the branch office need not know about all the routes to e*ery other office instead it could use
a default route to the central office and get to other places from there. )ence the memory
requirements of the leaf node routers is reduced and so is the siIe of the 3(08 database.
To define an area as a stub area use the 3(08 router configuration command area =area
id? stu$
Totally Stu$ 1reas3 These areas do not allow routes other than intra%area and the default
routes to be propagated within the area. The A9& inLects a default route into the area and all
the routers belonging to this area use the default route to send any traffic outside the area.
To define a totally stub area use the 3(08 router configuration command area =area id?
stu$ no!summary on the A9&.
7SS13 This type of area allows the flexibility of importing a few external routes into the area
while still trying to retain the stub characteristic. Assume that one of the routers in the stub
area is connected to an external A( running a different routing protocol it now becomes the
A(9& and hence the area can no more be called a stub area. )owe*er if the area is
configured as a /((A then the A(9& generates a /((A external link%state ad*ertisement
-L(A. -Type%=. which can be flooded throughout the /((A area. These Type%= L(As are
con*erted into Type%" L(As at the /((A A9& and flooded throughout the 3(08 domain.
External network L(As -type ". redistributed from other routing protocols into 3(08 are not
permitted to flood into a stub area.
To define a /((A use the 3(08 router configuration command area =area id? nssa
If you desire to allow a #.#.#.# into the /((A area in addition to the Type !+ summaries than
configure area =area id? nssa default!information!originate
Totally 7SS13 This area still can send the Type = L(As to the A9& but only recei*es a #.#.#.#
default route from the A9&. To configure a Totally /((A configure area =area id? nssa no!
summary
S#mmaries
There two methods for summariIing networks on 3(08
M Area range used to summariIe between 3(08 areas. Always done on an A9&
area 2 range 20"&&0&0 2&2&2&0
M (ummary%address used to summariIe external routes redistributed into 3(08.
Always done on an A(9&
summary!address 20"&&0&0 2&2&2&0
(ummaries will inLect a /7LL# route into the routing table. If you are required to remo*e the
/7LL# the following commands can be entered for the 3(08 process.
no discard!route internal ' used with area range
no discard!route e/ternal ' used with summary!address
9S%3 Metrics
E*ery routing protocol has metric used to prefer one route o*er the other. 8or 3(08 the
metric that is used is cost. :ith 3(08 the cost is a number that is in*ersely proportional to
the bandwidth of the link. In other words the higher the cost the LE(( the link is preferred.
The lower the cost the ,3&E the link is preferred. 9y default 3(08 load balances on up to
four equal cost paths.
The formula that 3(08 uses to calculate the cost of a link is>
Cost Q 2######## E bandwidth of the link
3r
CCIE Routing and Switching Boot Camp Day 1 to 4 Lab Page $) of 136
Cost Q 2#
@
E bandwidth of the link
8or example a 2#,b 2#9ase%T Ethernet linkBs cost would be calculated as>
Cost Q 2######## E 2####### Q 2#
3r
Cost Q 2#
@
E 2#
=
Q 2#
:ith this formula the cost of a $+k 8rame &elay link would be 2"$< and the default cost of a
T%2 would be $+.
(o you may be asking Fwhat about a 2##,b Ethernet link or a Migabit Ethernet link;G The
cost of a 2##,b Ethernet link or faster when calculated with this formula ends up being Lust
2.
/ote that the bandwidth of 2#
@
is the same as the bandwidth of 2##,b Ethernet or
2######## -commas are placed to show the @ Ieros in two sets of +.. This *alue is the
default Freference bandwidthG. This can be changes thus causing all 3(08 cost *alues to be
changed on that router with the ospf auto%cost reference%bandwidth command.
To manually change the cost of a link you would use the following command on the interface
that you wish to change>
ip ospf cost Xnew costY
3(08 prefers Intra Area 0ath o*er Inter Area 0aths.
%assive 9S%3 nter4ace
:ith a passi*e%interface no hello packets are sent and therefore an adLacency will ne*er occur
with this interface.
9S%3 M#lticast Addresses
<<+.#.#." is the all%3(08 routers multicast address
<<+.#.#.$ is the 5esignated &outers multicast address.
De4a#lt *o#tes
An 3(08 router will need a default route itself before inLecting a default route into an area
unless the keyword always is used in the configuration. 8or example default!information
originate always.
9S%3 Timers
5efault timers for a broadcast network -LA/. are> )ello 2# seconds 5ead
+# seconds.
5efault timers for an /9,A network -8rame &elay. are> )ello !# seconds
5ead 2<# seconds.
Changing the <ello!interval3
interface serial 2E#
ip ospf hello%inter*al <# C automatically changes the dead%inter*al to @# dead Q hello x +
1hanging the 7ead+inter'al0
interface serial 2E#
ip ospf dead%inter*al "# C does /3T change the hello%inter*al
If you desire to change the hello timer from the dead inter*al than you must first configure on
the interface>
ip ospf dead!interval minimal hello!multiplier
CCIE Routing and Switching Boot Camp Day 1 to 4 Lab Page $1 of 136
8or example C to set the hello to <"#ms
ip ospf dead!interval minimal hello!multiplier (
!irt#al Lin$s
4irtual links are used to connect a discontigous 3(08 area # together without using a M&E
tunnel. 4Ls should be a*oided in real word. 8or lab purposes they are used to connect an area
to the backbone through another area C extension of area #.
In order to configure a 4L use the router%id so be careful of what number is being used as the
I5. If authentication is configured on area # it must also be configured on the *irtual link and
the far side router. 3(08 authentication will be co*ered in 4olume II.
The following is an e/ample of configuring one side of a virtual lin4&
r2lab-config.H router ospf #
r2lab-config%router.H area # virtual!lin4 2&2&2&2
It is important to note that a 4L cannot tra*erse o*er a stub area and if you are required to
tra*erse a 4L instead of another connected router with area # connecti*ity you must negate
capability transit on the other router.
9S%3 LAB
Scenario
/ow that we ha*e successfully configured and tested EIM&0 for Turn%key Inc. we can mo*e
on to 3(08. Turn%key would like us to keep EIM&0 configured but disabled on the routers in
case we need to roll back. Their desire is for us to enable the same networks in 3(08 and for
those networks to be seen as 3(08 routes in the routing tables. Turn%key belie*es in
hierarchical designs so we must build a hierarchy into the 3(08 design. The 3(08 must
support the Leased Ethernet and 8rame &elay networks concurrently and act as a back up if
either were to fail. Again Turn%keyBs desire is to use the Leased Ethernet to reach the 9ranch
3ffice from the 5ata Centers.
The following 5iagram includes the design for the 3(08 topology and Area types>
9S%3 Topology
9S%31 9S%3 Tas$s
V!ans 3:4:#:%:&:11
Tas4 # )6asic ASP.*3 Add the following loop backs>
210
$o1
</ address 1!.1!.1!.1 2.2.2.!
220
$o1
</ address 1!.12.12.1 2.2.2.!
230
$o1
</ address 1!.13.13.2 2.2.2.!
Add the loop backs and existing networks into 3(08 -for the loopbacks use any areas of your
choice. but you can not use redistribute connected or network commands from within the
3(08 process. Create &I5s that are not currently being routed and use network commands to
add networks for the switches at the branch site.
3n &= add the e*en addresses and on &@ add the 3dd. This time you must use redistribute
connected for the loop back I0s but make sure the 000 network is not added. Jou can use
network commands for the (#E#E#.2. Configure Areas based on the abo*e diagram.
Tas4 2 )9efault @oute*3 Add a new loop back to &= -<#@.2.2.2E!<. and &@ -<#@.2.<.<E!<.
and make sure these networks are not redistributed into 3(08 from connected. Configure &=
and &@ to be a*ailable as default routes using per router costs to reach them in 3(08 from &!
and &<. ,ake sure your routers can ping <#@.2.2.2E!< and <#@.2.<.<E!< and there is no
specific routing table entry for either. &edistribute &ip and 3(08 at &@ and only allow
<#@.2.2.2 and <#@.2.<.< to be exchanged between rip and 3(08.
Tas4 % )@edundancy*3 Ensure that if there were any failures to A&EA# that the rest 3(08
topology would be operational. The configuration of M&E tunnels is not an acceptable work
around.
Tas4 ( )Summaries*3 (ummariIe the 2#.#.#.# networks in the branch site to the smallest
bit boundaries and ad*ertise them to the other sites not at the branch office. 5o not allow any
null routes in the routing tables or E!< ad*ertised to any neighbors. Lea*e the three new loop
backs with a E<+ subnet in the routing tables do not try to summariIe them with the branch
site
Tas4 )7681*3 ,ake sure 3(08 is /9,A on the )ub and (poke and that the hello timer is
<"# msec for those interfaces. The hello timer command can not be used to accomplish this.
Tas4 , )Testing*3 0ing test connecti*ity from &2 to e*ery network.
9S%31 9S%3 Answers
Tas4 # )6asic ASP.*3
5eacti*ating &I0*< on all routers except &= and &@
ro(ter rip
'ersion 2
networ) 1!.!.!.!
0istance 2##
no a(to+s(mmar*
Sw10
interface #lan9
ip address 1!.9.9.1 2.2.2.22
ip ospf priorit* 2 ,ee0e0 to force D4 e!ection-
ip ospf mt(+ignore ,5tu mismatc(-
ro(ter ospf 1
router1i0 1212121) ,5anua!!y set t(e 4*Ds to a7oi0 prob!ems !ater-
log+adQacenc*+changes
no discard+ro(te internal
area ! range 1!.!.!.! 2.!.!.!
area 2 'irt(al+lin) 1.1.1.1
area 4 'irt(al+lin) 1.1.1.2!
networ) 1!.3.3.1 !.!.!.! area 4
networ) 1!.4.4.1 !.!.!.! area 4
networ) 1!...1 !.!.!.! area 4
networ) 1!.>.>.1 !.!.!.! area 2
networ) 1!.".".1 !.!.!.! area 1
networ) 1!.9.9.1 !.!.!.! area 4
networ) 132.1>9.1!.1 !.!.!.! area !
Sw20
ro(ter ospf 1
ro(ter+id 1.1.1.2!
area 1 'irt(al+lin) 1.1.1.1
area 4 range 1!.!.!.! 2.!.!.!
networ) 1!.3.3.2 !.!.!.! area 4
networ) 1!.4.4.2 !.!.!.! area 4

networ) 1!...2 !.!.!.! area 4
networ) 1!.".".1 !.!.!.! area 1
networ) 1!.11.11.1 !.!.!.! area 4
Sw30
interface #lan3
description 'lan3,sw3tosw4
ip address 1!.3.3.1 2.2.2.22
ip ospf mtu1ignore ,mismatc(e0 53?-
@
ro(ter ospf 1
ro(ter+id 1.1.1.3!
networ) 1!.9.9.2 !.!.!.! area 4
networ) 1!.3.3.1 !.!.!.! area 4
CCIE Routing and Switching Boot Camp Day 1 to 4 Lab Page $# of 136
Sw40
interface #lan3
ip address 1!.3.3.2 2.2.2.22
ip ospf mtu1ignore
@
@
ro(ter ospf 1
ro(ter+id 1.1.1.4!
area 4 range 1!.!.!.! 2.!.!.!
networ) 1!.!.!.! !.2.2.2 area 4
210
interface $oop5ac)1
ip address 1!.1!.1!.1 2.2.2.!
ip ospf net'or" point1to1point ,remo7es <32-
ip ospf 1 area 2 ,A!ternati7e to using t(e net'or" comman0-
@
interface :astEthernet!B!
description #lan>,sw1tor1
ip address 1!.>.>.2 2.2.2.22
ip ospf 1 area 2
d(ple- a(to
speed a(to
@
description #lan")sw2tor1
ip address 1!.".".2 2.2.2.22
ip ospf 1 area 1
d(ple- a(to
speed a(to
@
ip address 1"2.1>.1.1 2.2.2.!
ip ospf 1 area )
@
@
ro(ter ospf 1
ro(ter+id 1.1.1.1
area ! range 1!.!.!.! 2.!.!.!
@
220
interface $oop5ac)1
ip address 1!.12.12.1 2.2.2.!
ip ospf networ) point+to+point
ip ospf 1 area >
@
ip address 132.1>9.1!.2 2.2.2.!
ip ospf 1 area !
d(ple- a(to
speed a(to
@@
ip address 1"2.1>.1.2 2.2.2.!
ip ospf 1 area !
frame+rela* map ip 1"2.1>.1.3 2!3 5roadcast (4esh /#1s to 23 and 21)
@
description /2/+to+;;1
ip address 1"2.1>.2.2 2.2.2.!
ip ospf 1 area "
@
ip address 1"2.1>..2 2.2.2.!
ip rip triggered
ip ospf 1 area >
frame+rela* interface+dlci 2!"
@
ro(ter ospf 1
ro(ter+id 1.1.1.2
area > nssa no+s(mmar*
redistri5(te static metric+t*pe 1 s(5nets
defa(lt+information originate metric+t*pe 1
distri5(te+list prefi- area! in
@
230
interface $oop5ac)1
ip address 1!.13.13.1 2.2.2.!
ip ospf networ) point+to+point
ip ospf 1 area 3
@
ip address 132.1>9.1!.3 2.2.2.!
ip ospf 1 area !
d(ple- a(to
speed a(to
@
no ip address
sh(tdown
d(ple- a(to
speed a(to
@
no ip address
@
ip address 1"2.1>.1.3 2.2.2.!
ip ospf 1 area !
@
ip address 1"2.1>.3.3 2.2.2.!
no ip split+horiEon
ip ospf dead+inter'al minimal hello+m(ltiplier 4
CCIE Routing and Switching Boot Camp Day 1 to 4 Lab Page $$ of 136
ip ospf 1 area 3
@
description /2/+to+2>
ip address 1"2.1>.>.3 2.2.2.!
ip rip triggered
ip ospf 1 area
ro(ter ospf 1
ro(ter+id 1.1.1.3
area ! range 1!.!.!.! 2.!.!.!
area 3 st(5
area nssa
neigh5or 1"2.1>.3.
neigh5or 1"2.1>.3.>
20
ip address 132.1>9.1!. 2.2.2.!
ip ospf 1 area !
d(ple- a(to
speed a(to
@
no ip address
sh(tdown
d(ple- a(to
speed a(to
@
ip address 1"2.1>.3. 2.2.2.!
ip ospf 1 area 3
frame+rela* map ip 1"2.1>.3. !3 5roadcast
@
no ip address
cloc) rate 2!!!!!!
@
ro(ter ospf 1
ro(ter+id 1.1.1.
area 3 st(5
neigh5or 1"2.1>.3.3 priorit* 1!!
290
interface $oop5ac)!
ip address 131.!.2.1 2.2.2.! secondar*
CCIE Routing and Switching Boot Camp Day 1 to 4 Lab Page $% of 136
ip address 131.!..1 2.2.2.! secondar*
ip address 131.!.>.1 2.2.2.! secondar*
ip address 131.!.1.1 2.2.2.!
ip rip ad'ertise 2!
@
interface $oop5ac)2
ip address 2!9.1.1.2 2.2.2.2
ip rip ad'ertise 2!
@
description /2/+to+23
ip address 1"2.1>.>.9 2.2.2.!
ip rip triggered
ip rip ad'ertise 2!
@
description ///+to+2"
ip address 1"2.1>.4.9 2.2.2.!
ip rip ad'ertise 2!
encaps(lation ppp
@
ro(ter ospf 1
ro(ter+id 1.1.1.9
area nssa
redistri5(te connected metric+t*pe 1 s(5nets ro(te+map ospf
re0istribute rip subnets route1map re0ist
networ) 1"2.1>.>.9 !.!.!.! area
@
ro(ter rip
'ersion 2
timers 5asic 2! 4! ! 12!
re0istribute ospf 1 metric 1 route1map ospf2rip
passi'e+interface defa(lt
no passi'e+interface Serial!B!B1
networ) 1"2.1>.!.!
networ) !.!.!.!
neigh5or 1"2.1>.>.3
no a(to+s(mmar*
.o 'iew the 5asic 6S/: config(rations for 2"A>A and ;;1 refer to answers pro'ided in the th(m5 dri'e
Tas4 2 )9efault @oute*3 Add a new loop back to &= -<#@.2.2.2E!<. and &@ -<#@.2.2.<E!<.
and make sure these networks are not redistributed into 3(08.
&=>
interface Loopback<
ip address <#@.2.2.2 <"".<"".<"".<""
router ospf 2
redistribute connected metric%type 2 subnets route%map ospf
ip access!list standard ospfevens )This access!list does not permit 20"&#&#&#*
permit #%0&0&0&0 0&0&2(&2
D
Z
route%map ospf permit 2#
match ip address ospfe*ens
CCIE Routing and Switching Boot Camp Day 1 to 4 Lab Page $& of 136
&@> same configuration on &@ except>
ip access!list standard ospfodd )This access!list does not permit 20"&#&#&2*
permit #%#&0&#&0 0&0&2(&2
Configure &= and &@ to be a*ailable as default routes using per router costs to reach them in
3(08 from &! and &<. ,ake sure your routers can ping <#@.2.2.2E!< and <#@.2.2.<E!< and
there is no specific routing table entry for either.
220
redistri5(te static metric+t*pe 1 s(5nets ,4e0istributes t(e static route into 9SP@ as A8 1-
defa(lt+information originate metric+t*pe 1 ,Sen0s t(e )2)2)2) to t(e ot(er 9SP@ routers 'it( a AB 1-

ip ro(te !.!.!.! !.!.!.! 1"2.1>.." ,3(e gate'ay of !ast resort is 4$-
230
ro(ter ospf 1
ip ro(te !.!.!.! !.!.!.! 1"2.1>.>.9
Tas4 % )@edundancy*3 (ince A&EA # has se*eral points of failure in this topology it is
important to configure *irtual links on routers that could potentially become Areas separated
from Area #. The best way to determine where to place the *irtual links is draw out the
failure scenarios from the 3(08 topology. The following 4Ls were configured for this lab>
SN1
ro(ter ospf 1
ro(ter+id 1.1.1.1!
area 2 'irt(al+lin) 1.1.1.1 (to 21)
area 4 'irt(al+lin) 1.1.1.2! (to Sw2)
SN2
ro(ter+id 1.1.1.2!
area 1 'irt(al+lin) 1.1.1.1 (to 21)
SN4
21
Sw3
area 4 'irt(al+lin) 1.1.1.2! (to sw2)
CCIE Routing and Switching Boot Camp Day 1 to 4 Lab Page %) of 136
Tas4 ( )Summaries*3 (ummariIe the 2#.#.#.# networks in the branch site to the smallest
bit boundaries and do not allow any null routes in the routing tables or E!< ad*ertised to any
neighbors. Lea*e the three new loop backs with a E<+
Area range is used to summariIe the 2#.#.#.# networks from the switches. The following sites
were configured with the area range commands and no discardOroute internal to remo*e the
null# entry from the routing table>
Sw40
ro(ter ospf 1
area 4 range 1!.!.!.! 2.!.!.!
Sw20
ro(ter ospf 1
area 4 range 1!.!.!.! 2.!.!.!
Sw10
ro(ter ospf 1
area ! range 1!.!.!.! 2.!.!.!
3n all of the routers external to the branch site a distribute list in was needed to filter out the
more specific -longer mask. prefixes.
&<&!&"&$ and 992
ro(ter ospf 1
0istribute1!ist prefi8 area) in
ip prefi-+list area! se? 1 permit 1!.!.!.!B9
ip prefi-+list area! se? 2 permit !.!.!.!B32
ip prefi-+list area! se? 3 permit 1"2.1>.!.!B1> le 32
ip prefi-+list area! se? 4 permit 13!.!.2.!B24
ip prefi-+list area! se? permit 13!.!.4.!B24
ip prefi-+list area! se? > permit 13!.!.>.!B24
ip prefi-+list area! se? " permit 13!.!.9.!B24
ip prefi-+list area! se? 9 permit 131.!.1.!B24
ip prefi-+list area! se? 3 permit 131.!.3.!B24
ip prefi-+list area! se? 1! permit 131.!..!B24
ip prefi-+list area! se? 11 permit 131.!.".!B24
ip prefi-+list area! se? 12 permit 1!.1!.1!.!B24
ip prefi-+list area! se? 13 permit 1!.11.11.!B24
(how I0 route on &<>
1"2.1>.!.!B24 is s(5nettedA s(5nets
1 1"2.1>..! is directl* connectedA Serial!B!B!.3
CCIE Routing and Switching Boot Camp Day 1 to 4 Lab Page %1 of 136
6 <% 1"2.1>.>.! I11!B>J 'ia 132.1>9.1!.3A !104>042A :astEthernet!B!
1 1"2.1>.1.! is directl* connectedA Serial!B!B!.1
1 1"2.1>.2.! is directl* connectedA Serial!B!B!.2
6 <% 1"2.1>.3.! I11!B>J 'ia 132.1>9.1!.>A !104>042A :astEthernet!B!
I11!B>J 'ia 132.1>9.1!.A !104>042A :astEthernet!B!
I11!B>J 'ia 132.1>9.1!.3A !104>043A :astEthernet!B!
6 &1 13!.!.2.! I11!B94J 'ia 1"2.1>.."A !104>043A Serial!B!B!.3
6 &1 13!.!.>.! I11!B94J 'ia 1"2.1>.."A !104>043A Serial!B!B!.3
6 &1 13!.!.4.! I11!B94J 'ia 1"2.1>.."A !104>043A Serial!B!B!.3
6 <% 1!.13.13.!B24 I11!B2J 'ia 132.1>9.1!.3A !104>01A :astEthernet!B!
6 <% 1!.1!.1!.!B24 I11!B3J 'ia 132.1>9.1!.1A !104>01A :astEthernet!B!
9 *A 1)2)2)2)<% C11)<3D 7ia 1&2216%21)21: )1:44:24: @astAt(ernet)<)
131.!.!.!B24 is s(5nettedA 3 s(5nets
6 E1 131.!.3.! I11!B9J 'ia 132.1>9.1!.3A !104>01A :astEthernet!B!
6 E1 131.!.1.! I11!B9J 'ia 132.1>9.1!.3A !104>01A :astEthernet!B!
6 E1 131.!..! I11!B9J 'ia 132.1>9.1!.3A !104>01A :astEthernet!B!
SK !.!.!.!B! I1B!J 'ia 1"2.1>.."
Tas4 )7681*3 ,ake sure 3(08 is /9,A on the )ub and (poke and that the hello timer is
<"# msec for those interfaces. The hello timer command can not be used to accomplish this.
/eighbor commands gi*ing the )79 a priority <"" were used along with the command
ip address 1"2.1>.3. 2.2.2.!
ip ospf 0ea01inter7a! minima! (e!!o1mu!tip!ier 4 (.his command is a m(ltiplier of how man* times in 1 second the de'ice will send an 6S/:
hello.)
Tas4 , )Testing*3 0ing test connecti*ity from &2 to e*ery network.
tclsh
foreach address F
1!.3.3.1
1!.3.3.2
1!.4.4.1
1!.4.4.2
1!...1
1!...2
1!.>.>.1
1!.>.>.2
1!.".".1
1!.".".2
1!.9.9.1
1!.9.9.2
1!.3.3.1
1!.3.3.2
132.1>9.1!.1
132.1>9.1!.2
132.1>9.1!.3
132.1>9.1!.
132.1>9.1!.>
132.1>9.1!.3
1"2.1>.1.2
1"2.1>.1.3
1"2.1>.2.2
1"2.1>.2.3
1"2.1>.3.3
1"2.1>.3.
1"2.1>.3.>
1"2.1>..2
1"2.1>.."
1"2.1>.>.3
1"2.1>.>.9
1!.1!.1!.1
1!.12.12.1
1!.13.13.1
2!9.1.1.1
2!9.1.1.2
G Fping HaddressG
Sw10
6S/: 2o(ter with <7 (1.1.1.1!) (/rocess <7 1)
2o(ter $in) States (%rea !)
$in) <7 %7# 2o(ter %ge Se?# 1hec)s(m $in) co(nt
1.1.1.1 1.1.1.1 (7&%) !-9!!!!!!4 !-!!341% 3
1.1.1.2 1.1.1.2 >9 !-9!!!!!!9 !-!!2>:9 2
1.1.1.3 1.1.1.3 >!4 !-9!!!!!!9 !-!!3!E; 2
1.1.1. 1.1.1. 1">! !-9!!!!!!3 !-!!9%3% 1
1.1.1.> 1.1.1.> >2> !-9!!!!!!" !-!!913" 1
1.1.1.3 1.1.1.3 33 !-9!!!!!!" !-!!9>34 1
1.1.1.1! 1.1.1.1! 29 !-9!!!!!!3 !-!!2!9 4
1.1.1.2! 1.1.1.2! 1 (7&%) !-9!!!!!!4 !-!!;"41 4
1.1.1.3! 1.1.1.3! > (7&%) !-9!!!!!!2 !-!!339 1
1.1.1.4! 1.1.1.4! (7&%) !-9!!!!!!2 !-!!917: 2
&et $in) States (%rea !)
$in) <7 %7# 2o(ter %ge Se?# 1hec)s(m
132.1>9.1!.3 1.1.1.3 34 !-9!!!!!!> !-!!1"!
S(mmar* &et $in) States (%rea !)
1!.!.!.! 1.1.1.2! 1" (7&%) !-9!!!!!!1 !-!!9!3%
1!.!.!.! 1.1.1.4! 11 (7&%) !-9!!!!!!1 !-!!!9:E
1!.3.3.! 1.1.1.1! 32 !-9!!!!!!> !-!!>7%1
1!.3.3.! 1.1.1.3! 13 (7&%) !-9!!!!!!1 !-!!!3!1
1!.4.4.! 1.1.1.1! 32 !-9!!!!!!> !-!!>11
1!.4.4.! 1.1.1.3! 13 (7&%) !-9!!!!!!1 !-!!:11>
1!...! 1.1.1.1! 32 !-9!!!!!!> !-!!27E;
1!...! 1.1.1.3! 13 (7&%) !-9!!!!!!1 !-!!194!
1!.>.>.! 1.1.1.1 11 (7&%) !-9!!!!!!1 !-!!>1E
1!.>.>.! 1.1.1.1! 32 !-9!!!!!!> !-!!1>!1
1!.".".! 1.1.1.1 11 (7&%) !-9!!!!!!1 !-!!3:E3
1!.".".! 1.1.1.2! 1 (7&%) !-9!!!!!!3 !-!!194
1!.9.9.! 1.1.1.1! 32 !-9!!!!!!> !-!!E"2;
1!.9.9.! 1.1.1.3! 13 (7&%) !-9!!!!!!1 !-!!"39%
1!.3.3.! 1.1.1.1! 32 !-9!!!!!! !-!!7134
1!.3.3.! 1.1.1.3! 13 (7&%) !-9!!!!!!1 !-!!>23:
1!.1!.1!.! 1.1.1.1 11 (7&%) !-9!!!!!!1 !-!!!1!E
1!.1!.1!.! 1.1.1.1! 33 !-9!!!!!!4 !-!!7333
1!.11.11.! 1.1.1.1! 33 !-9!!!!!!4 !-!!;!7
1!.11.11.! 1.1.1.3! 13 (7&%) !-9!!!!!!1 !-!!3E;E
1!.12.12.! 1.1.1.2 "3 !-9!!!!!!4 !-!!714!
1!.13.13.! 1.1.1.3 >!3 !-9!!!!!!4 !-!!;4%
1!.13.13.! 1.1.1.> 393 !-9!!!!!!4 !-!!2%>
1"2.1>.2.! 1.1.1.2 " !-9!!!!!!4 !-!!4>E:
1"2.1>.2.! 1.1.1.3 4! !-9!!!!!!4 !-!!1113
1"2.1>.3.! 1.1.1.3 3>1 !-9!!!!!!9 !-!!27!3
1"2.1>.3.! 1.1.1.> 393 !-9!!!!!!> !-!!1:1!
1"2.1>..! 1.1.1.2 " !-9!!!!!!4 !-!!2!E
1"2.1>.>.! 1.1.1.3 >11 !-9!!!!!!4 !-!!1417
S(mmar* %S; $in) States (%rea !)
1.1.1.2 1.1.1.3 4! !-9!!!!!!4 !-!!"1">
2o(ter $in) States (%rea 1)
1.1.1.1! 1.1.1.1! 3 !-9!!!!!! !-!!;;>9 !
S(mmar* &et $in) States (%rea 1)
1!.3.3.! 1.1.1.1! 3 !-9!!!!!!> !-!!>7%1
1!.4.4.! 1.1.1.1! 3> !-9!!!!!!> !-!!>11
1!...! 1.1.1.1! 3" !-9!!!!!!> !-!!27E;
1!.>.>.! 1.1.1.1! 3" !-9!!!!!!> !-!!1>!1
1!.9.9.! 1.1.1.1! 3" !-9!!!!!!> !-!!E"2;
1!.3.3.! 1.1.1.1! 3" !-9!!!!!! !-!!7134
1!.1!.1!.! 1.1.1.1! 3" !-9!!!!!!4 !-!!7333
1!.11.11.! 1.1.1.1! 3" !-9!!!!!!4 !-!!;!7
1"2.1>.1.! 1.1.1.1! 3" !-9!!!!!!4 !-!!2;!3
132.1>9.1!.! 1.1.1.1! 3" !-9!!!!!!> !-!!1%1
S(mmar* %S; $in) States (%rea 1)
1.1.1.2 1.1.1.1! 3" !-9!!!!!!4 !-!!:233
1.1.1.3 1.1.1.1! 3" !-9!!!!!!4 !-!!E931
1.1.1.1 1.1.1.1 1 !-9!!!!!!3 !-!!E>1 2
1.1.1.1! 1.1.1.1! 3" !-9!!!!!!" !-!!7;!4 1
&et $in) States (%rea 2)
1!.>.>.1 1.1.1.1! 39 !-9!!!!!!4 !-!!1%3%
1!.3.3.! 1.1.1.1! 39 !-9!!!!!!> !-!!>7%1
1!.4.4.! 1.1.1.1! 39 !-9!!!!!!> !-!!>11
1!...! 1.1.1.1! 39 !-9!!!!!!> !-!!27E;
1!.".".! 1.1.1.1 2 !-9!!!!!!4 !-!!33E>
1!.9.9.! 1.1.1.1! 33 !-9!!!!!!> !-!!E"2;
1!.3.3.! 1.1.1.1! 33 !-9!!!!!! !-!!7134
1!.11.11.! 1.1.1.1! 33 !-9!!!!!!4 !-!!;!7
1"2.1>.1.! 1.1.1.1 2 !-9!!!!!!4 !-!!"E!
1"2.1>.1.! 1.1.1.1! 1"93 !-9!!!!!!; !-!!17!%
132.1>9.1!.! 1.1.1.1! 33 !-9!!!!!!> !-!!1%1
1.1.1.2 1.1.1.1 2 !-9!!!!!!4 !-!!33:%
1.1.1.2 1.1.1.1! 33 !-9!!!!!!4 !-!!:233
1.1.1.3 1.1.1.1 3 !-9!!!!!!4 !-!!23!4
1.1.1.3 1.1.1.1! 4! !-9!!!!!!4 !-!!E931
1.1.1.1! 1.1.1.1! 4! !-9!!!!!!3 !-!!111: 4
1.1.1.2! 1.1.1.2! 34 !-9!!!!!!3 !-!!>;%! 4
1.1.1.3! 1.1.1.3! >1 !-9!!!!!!3 !-!!4!7 2
1.1.1.4! 1.1.1.4! 24 !-9!!!!!!% !-!!94;3 2
&et $in) States (%rea 4)
1!.3.3.2 1.1.1.2! 3 !-9!!!!!!4 !-!!;E2;
1!.4.4.2 1.1.1.2! 3 !-9!!!!!!4 !-!!%"4!
1!...2 1.1.1.2! 3 !-9!!!!!!4 !-!!"E>%
1!.9.9.1 1.1.1.1! 41 !-9!!!!!!4 !-!!34%:
1!.3.3.2 1.1.1.4! 24 !-9!!!!!!4 !-!!9;13
1!.11.11.2 1.1.1.4! 24 !-9!!!!!!4 !-!!7!73
1!.>.>.! 1.1.1.1! 41 !-9!!!!!!> !-!!1>!1
1!.".".! 1.1.1.2! 3> !-9!!!!!!> !-!!1249
1!.1!.1!.! 1.1.1.1! 42 !-9!!!!!!4 !-!!7333
1"2.1>.1.! 1.1.1.1! 42 !-9!!!!!!4 !-!!2;!3
1"2.1>.1.! 1.1.1.2! 3> !-9!!!!!!4 !-!!EE3
132.1>9.1!.! 1.1.1.1! 42 !-9!!!!!!4 !-!!133:
1.1.1.2 1.1.1.1! 42 !-9!!!!!!4 !-!!:233
1.1.1.2 1.1.1.2! 3" !-9!!!!!!4 !-!!1!%
1.1.1.2 1.1.1.3! 19 !-9!!!!!!% !-!!"932
1.1.1.2 1.1.1.4! 2" !-9!!!!!!4 !-!!2;3
1.1.1.3 1.1.1.1! 43 !-9!!!!!!4 !-!!E931
1.1.1.3 1.1.1.2! 3" !-9!!!!!!4 !-!!;>>3
1.1.1.3 1.1.1.3! 19 !-9!!!!!!% !-!!>E3;
1.1.1.3 1.1.1.4! 2" !-9!!!!!!4 !-!!49;1
.*pe+ %S E-ternal $in) States
$in) <7 %7# 2o(ter %ge Se?# 1hec)s(m .ag
!.!.!.! 1.1.1.2 93 !-9!!!!!! !-!!9;3E 1
!.!.!.! 1.1.1.3 >2! !-9!!!!!!4 !-!!9"%2 1
1!.2.3." 1.1.1.2 94 !-9!!!!!!4 !-!!1>1 !
1!.9.9.9 1.1.1.3 >2! !-9!!!!!!4 !-!!9E3 !
CCIE Routing and Switching Boot Camp Day 1 to 4 Lab Page %# of 136
CC6AATC18P @ES 1dvanced La$s
Day :
B8%
9M0 *ersion + is a path *ector routing protocol used to exchange routing information between
autonomous systems and can be considered the routing protocol of the Internet. 9M0 is used
to exchange routing information for the Internet and is the protocol used between Internet
ser*ice pro*iders -I(0s.. 9M0 carries information as a sequence of A( numbers which
indicate the autonomous systems that must be used to get to a destination network. 9M0 is
defined inn &8Cs 22$! 2<$= and 2==2. 9M0 is considered an Exterior Mateway 0rotocol
-EM0. -not to be confused with the obsolete routing protocol also called FEM0G.. 9M0 is
designed to pre*ent loops from forming between systems.
There are both internal and external 9M0 -I9M0 and E9M0. configurations. 3rganiIational
networks such as uni*ersities and corporations usually employ an Interior Mateway 0rotocol
-IM0. such as &I0 or 3(08 for the exchange of routing information within their networks.
These networks connect to I(0s and I(0s use 9M0 to exchange customer and I(0 routes.
:hen 9M0 is used between autonomous systems -A(. the protocol is referred to as External
9M0 -E9M0.. If a ser*ice pro*ider is using 9M0 to exchange routes within an A( then the
protocol is referred to as Interior 9M0 -I9M0..
9M0 neighbors are defined in the configuration not by their physical location in the network.
E*en if two routers are physically connected they are not necessarily neighbors unless they
form a TC0 connection which is configured by the network engineer.
9M0Bs effecti*e use of classless inter%domain routing -CI5&. has been a maLor factor in
slowing the explosi*e growth of the Internet routing table. CI5& doesnBt rely on classes of I0
networks such as Class A 9 and C. In CI5& a prefix and a mask such as 26=.!<.#.#E2+
represent a network. This would normally be considered an illegal Class C network but CI5&
handles it Lust fine. A network is called a super%net when the prefix boundary contains fewer
bits than the networkBs natural mask.
9peration
Synchroni0ation/.ull 8esh
In order to a*oid routing loops inside an A( 9M0 doesnBt ad*ertise to internal 9M0 -I9M0.
peer routes that are learned *ia other I9M0 peers. Therefore one must maintain full I9M0
mesh within an A( or utiliIe other techniques such as route reflectors. 9M0 routing
information must be in sync with the Interior Mateway 0rotocol -IM0. such as 3(08 before
ad*ertising transit routes to other A(s. This beha*ior can be turned off using the Cisco I3(
command no sync. )owe*er this isnBt recommended unless all the routers in your 9M0 A(
are running 9M0 and are fully meshed or the A( in question isnBt a transit A(. The careless
use of the no sync command could cause non%9M0 routers within an autonomous system to
recei*e traffic for destinations that they donBt ha*e a route for. :ith synchroniIation enabled
9M0 waits until the IM0 has propagated routing information across the autonomous system
before ad*ertising transit routes to other A(s. 9y default synchroniIation is enabled on all
9M0 routers.
Things to what out for when synchroniIation is turned on>
3(08 and 9M0 must ha*e the same &I5
The mask lengths must be the same for IM0 and 9M0
9M0 only redistributes 3(08 internals by default
7e/t!<op!Self Command
In a non%meshed en*ironment such as confederations or route reflectors where you know that
a path exists from the current router to a specific address the 9M0 router command neigh$or
Xip%address [ peer%group%nameY ne/t!hop!self can be used to disable next%hop processing.
This will cause the current router to ad*ertise itself as the next hop for the specified neighbor
simplifying the network. 3ther 9M0 neighbors will then forward packets for that destination to
the current router. This would not be useful in a fully meshed en*ironment since it will result
in unnecessary extra hops where there may be a more direct path.
Private 1S num$ers
A( numbers from $+"2<%$""!" are pri*ate A( numbers. These numbers are *ery similar in
fashion to the &8C 262@ I0 addresses of 2#.#.#.#E@ 2=<.2$.#.#E2< and 26<.2$@.#.#E2$.
These A( numbers arenBt used anywhere in the Core 9M0 route tables. They are used to keep
the A( number requirement down. (maller 9M0 users will often use 0ri*ate A( numbers and
then ha*e them translated to public A( numbers by routers upstream toward the core of the
Internet. ,any of the larger I(0s may ha*e multiple public A( numbers. (maller I(0s will
usually only ha*e one public A( number
There is a manual method of confederations that must strip the pri*ate A( information in
order to pre*ent those Autonomous systems from leaking into the Internet.
neighbor 2.2.2.2 remo*e%pri*ate%as
State
/eighbors in 9M0 must go through the following states in order to form an adLacency>
Idle
Connect
o Acti*e C resets the retry timer kickbacks to idle
3pen send C *ersion must be +
3pen confirm
Established
If there are issues the routers may cycle from Acti*e back to connect. (ome of the isues that
pre*ent 9M0 routers from becoming neighbors are>
Incorrect I0 address
Incorrect A( number
/o route to source address
TTL to low
Attrib#tes
9M0 metrics are called path attributes and are categoriIed into well%known and optional
:ell%known attributes must be recogniIed by all compliant implementations and *endors
whereas optional attributes are only recogniIed by some implementations -could be pri*ate.
expected not to be recogniIed by e*eryone.
CCIE Routing and Switching Boot Camp Day 1 to 4 Lab Page %$ of 136
:ell%known attributes are di*ided into mandatory and discretionary. The :ell%known
mandatory attributes must be present in all update messages. The following attributes must
be in e*ery 9M0 update>
A(%path> A list of the Autonomous (ystems -A(. numbers that a route passes through
to reach the destination. As the update passes through an A( the A( number is
inserted at the beginning of the list. The A(%path attribute has a re*erse%order list of
A( passed through to get to the destination.
/ext%hop> The next%hop address that is used to reach the destination.
3rigin> Indicates how 9M0 learned a particular route. There are three possible types %%
IM0 -route is internal to the A(. EM0 -learned *ia E9M0. or Incomplete -origin
unknown or learned in a different way..
:ell%known discretionary attributes are optional % they could be present in update messages
or not. All well%known attributes are propagated to other 9M0 neighbors. )owe*er optional
9M0 attributes are transiti*e or non%transiti*e>
3ptional transiti*e attributes
o Aggregator> (pecifies the router I5 and A( of the router that originated an
aggregate prefix. 7sed in conLunction with the atomic aggregate attribute.
o Community> 7sed to group routes that share common properties so that
policies can be applied at the group le*el.
3ptional non%transiti*e attributes
o ,ulti%exit%discriminator -,E5.> Indicates the preferred path into an A( to
external neighbors when multiple paths exist.
&ecogniIed optional attributes are propagated to other neighbors based on their
meaning -not constrained by transiti*e bit.

Con4ig#ring Attrib#tes
Feight
The weight attribute is a Cisco%defined attribute used for the path selection process. The
weight is configued locally to a router and is not propagated to any other routers.
neigh$or #&#&#&# weight #00 The higher the number the more preferred
Arigin
The origin attribute indicates how 9M0 learned about a particular route. The origin attribute
can ha*e one of three possible *alues>
M IM0OThe route is interior to the originating A(. This *alue is set when the network
router configuration command is used to inLect the route into 9M0. \#] i
M EM0OThe route is learned *ia the Exterior 9order Mateway 0rotocol -EM0.. \2] e
M IncompleteOThe origin of the route is unknown or learned in some other way. An
origin of incomplete occurs when a route is redistributed into 9M0. \;]
Jou can issue the -sh ip bgp. command to *iew the origin.
1S!Path
The A(%path attribute is empty when a local route is first inserted in the 9M0 table. The
senderBs A( number is prepended to the A(%path attribute when the routing update crosses
the A( boundary. A 9M0 recei*er of 9M0 routing information can use the A(%path to
CCIE Routing and Switching Boot Camp Day 1 to 4 Lab Page %% of 136
determine through which A( the information has passed. Therefore an A( that recei*es
routing information with its own A( number in the A(%path silently ignores the information.
0repend as%path can be used as a metric to make a path appear less optimal.
routemap prepend permit #0
match ip address #
set as!path prepend #00 #00 #00
7e/t <op
The /ext%hop attribute indicates the next%hop I0 address used for packet forwarding and is
usually set to the I0 address of the sending 9M0 router.
8ulti!e/it discriminator )8E9*
The multi%exit discriminator -,E5. or metric attribute is used as a suggestion to an external
A( regarding the preferred route into the A( that is ad*ertising the metric.
The ,E5 only works from directly connected A(. It is not transiti*e so it has to be configured
on e*ery A( in the path. The default ,E5 is # which is more preferable if another router
within the A( does not enable a ,E5 *alue. The lower the *alue the more preferred. A route
map is sent with the neighbor command>
neigh$or #&#&#&# route!map med out
route!map med permit #0
set metric 200
Local Preference
The local preference attribute is used to prefer an exit point from the local autonomous
system -A(.. 7nlike the weight attribute the local preference attribute is propagated
throughout the local A(. If there are multiple exit points from the A( the local preference
attribute is used to select the exit point for a specific route. The default Local 0reference is
2##. The higher the *alue is more preferred.
route!map local permit #0
set local!preference 200
Communities
The community attribute has multiple options and will be explained in detail in 4olume II.
1S Path .iltering
(e*eral scenarios require 9M0 route filtering based on A(%path. A( paths are filtered using a
As%path access filter and regular expressions.
The following are examples of regular expressions that are used in A(%path filters>
N2##N Moing through A( 2##
^2##_ 5irectly connected to A( 2##
N2##_ 3riginated in A( 2##
CCIE Routing and Switching Boot Camp Day 1 to 4 Lab Page %& of 136
^2##N.D networks behind A( 2##
^ \#%6]U_ A( paths one A( long
^_ networks originated in local A(
.D matches e*erything
ip as!path access!list permit &G
neigh$or #&#&#&# filter!list out
9rder+%re4erence
2. If the path specifies a next hop that is inaccessible drop the update.
<. 0refer the path with the largest weight.
!. If the weights are the same prefer the path with the largest local preference.
+. If the local preferences are the same prefer the path that was originated by 9M0
running on this router.
". If no route was originated prefer the route that has the shortest A(Npath.
$. If all paths ha*e the same A(Npath length prefer the path with the lowest origin type
-where IM0 is lower than EM0 and EM0 is lower than incomplete..
=. If the origin codes are the same prefer the path with the lowest ,E5 attribute.
@. If the paths ha*e the same ,E5 prefer the external path o*er the internal path.
6. If the paths are still the same prefer the path through the closest IM0 neighbor.
2#. 0refer the path with the lowest I0 address as specified by the 9M0 router I5.
Aggregation
(pecify aggregation range in 9M0 routing process that you would like to summariIe.
The aggregate will be announced if there is at least one network in the specified range in the
9M0 table. Indi*idual networks will still be announced in outgoing 9M0 updates so other
option must be enabled to suppress the longer masks.
router $gp #
aggregate!address #:2&#,&0&0 2&2&0&0
If you desire to remo*e any longer mask than as the summary only keyword.
router $gp #
aggregate!address #:2&#,&0&0 2&2&0&0 summary!only
If you would like to protect against loops than add A(%set to pre*ent your own A( from
returning.
router $gp #
aggregate!address #:2&#,&0&0 2&2&0&0 as!set summary!only
3ther options that can be enabled are>
1ttri$ute maps are used to configure the attributes of the aggregate route since the
attributes of the original routes are used by default when summariIed
CCIE Routing and Switching Boot Camp Day 1 to 4 Lab Page &) of 136
1dvertise maps allow the aggregate to inherit the attributes from the specific
networks identified in the ad*ertise map. It is important to note the attribute map
o*errides the ad*ertise map
Suppress maps this command o*errides the summary only keyword and suppresses
on the routes configured in the suppress map.
Bn!suppress maps selecti*ely un%suppresses networks suppressed in a suppress%map
5nHect maps 7sed to inLect more specific into 9M0 based on existence of aggregated
route or originate default route based on certain route existence
CCIE Routing and Switching Boot Camp Day 1 to 4 Lab Page &1 of 136
B8% LAB
Scenario
Turn%key and the two I(0 pro*iders ha*e agreed to peer with 9M0 and to exchange routes.
Turn%key has decided to use EIM&0 as the IM0 and will connect to the I(0 with a new 3(08
0rocess between the e9M0 peers.
AS Topology
B8%1 Tas$s
Tas4 # )6asic 6CP*3 Configure &= to be in A( 2 and &@ in As <. Configure a static route on
&< and &= to each others Lo! address. Also configure Lo+ but do not add static routes for the
networks. 5isable EIM&0 2## with distance and passi*e interface default commands on &=
and &@ only.
220
$o3
<p address 1!.1.1.2B24
$o4
<p address 11.2.2.1B24 secondar*
2"0
$o3
<p address 1!.2.3."B24
$o4
<p address 2!3.!.!.1B1"
<p address 22!.!.!.1B1" secondar*
1onfig(re static ro(tes 5etween 23 and 29 for $o3 and add the $o! networ)s witho(t static ro(tes.
230
$o3
$o4
<p address 143.3.3.1B24
290
$o3
$o4
<p address 13!.!.!.1B1"
<p address 1>!.!.!.1B1" secondar*
7se the new Lo! interface on each of these -+. routers to peer 9M0 as defined in the abo*e
A( topology diagram. &= and &@ can use their 000 interface to peer. :ithin A( ! peer all
routers as shown in the diagram and note the bgp confederation identifier can not be used on
any of the routers. Mi*e each router the same &outer%id that was used pre*iously for 3(08. If
there is an existing loop back on the router use that as the update source if not use the
4lan2# interface when possible. 3n the connections within A( $"##2 make sure you
consolidate your commands to reduce the siIe of the 9M0 command line configuration.
Tas4 2 )7etwor4s*3 Ad*ertise the /ew Loopbacks from &= and &@ in 9M0. ,ake sure (w+
can ping them. Ad*ertise the new I0 addresses in the new loop backs of &< and &! as well as
26<.2$@.2#.# and a summary of the 2#.#.#.# network. ,ake sure your 9M0 table in &= looks
like the following>
6rigin codes0 i + <8/A e + E8/A R + incomplete
&etwor) &e-t Cop 4etric $oc/rf Neight /ath
KS 1!.!.!.! 1!.1.1.2 ! ! 3 i
K 1"2.1>.4.9 ! 2 3 i
KS 143.3.3.!B24 1!.1.1.2 ! 3 i
K 1"2.1>.4.9 ! 2 3 i
KS 1!.2.2.!B24 1!.1.1.2 ! ! 3 i
K 1"2.1>.4.9 ! 2 3 i
KS 11.2.2.!B24 1!.1.1.2 ! ! 3 i
K 1"2.1>.4.9 ! 2 3 i
KS 11.3.3.!B24 1!.1.1.2 ! 3 i
K 1"2.1>.4.9 ! 2 3 i
KS 12.2.2.!B24 1!.1.1.2 ! ! 3 i
K 1"2.1>.4.9 ! 2 3 i
KS 12.3.3.!B24 1!.1.1.2 ! 3 i
K 1"2.1>.4.9 ! 2 3 i
K 1>!.!.!.!B3 1!.1.1.2 ! 3 2 i
KS 1"2.1>.4.9 ! ! 2 i
KS 1"2.1>.!.! 1!.1.1.2 ! ! 3 i
&etwor) &e-t Cop 4etric $oc/rf Neight /ath
K 1"2.1>.4.9 ! 2 3 i
K 13!.!.!.!B3 1!.1.1.2 ! 3 2 i
KS 1"2.1>.4.9 ! ! 2 i
KS 2!3.!.!.!B3 !.!.!.! ! 32">9 i
KS 22!.!.!.!B3 !.!.!.! ! 32">9 i
Tas4 % )8E9s*3 Configure meds such that A( ! will prefer &@ to reach <#6.#.#.2 and
<<#.#.#.2. and &= will be a better path to 26#.#.#.2 and 2$#.#.#.2. ,ake sure you configure
&< and &! to pre*ent A( $"##2 from being ad*ertised to &= or &@. 0ing the routes from (w+
and ensure you can still reach them.
Tas4 ( )1s!filtering*3 Configure A( ! so that is can not be a transit A( between A(2 and
As<.
B8%1 Answers
Tas4 # )6asic 6CP*3 Configure &= to be in A( 2 and &@ in As <. Configure a static route on
&< at &= to each others Lo! address. Also configure Lo+ but do not add static routes for the
networks. 5isable EIM&0 2## on &= and &@ only. 7se the new Lo! interface on each of these
-+. routers to peer 9M0 as defined in the abo*e A( topology diagram. &= and &@ can use their
000 interface to peer.
2"0
ro(ter 5gp 1
no s*nchroniEation
5gp ro(ter+id 1.1.1."
5gp log+neigh5or+changes
neig(bor 1#)212122 remote1as 3 ,3(is 'i!! peer 4$ an0 42-
neig(bor 1#)212122 ebgp1mu!ti(op 3 ,3(is a!!o's t(e 3CP 33L to e8cee0 1 (op-
neig(bor 1#)212122 up0ate1source Loopbac"3 ,3(is a!!o's 4$ to originate B+P 3CP 1$& connections from t(e Lo3-
neigh5or 1"2.1>.4.9 remote+as 2
no a(to+s(mmar*
@
ip route 1#)212122 2##22##22##22## 1$22162#22 ,3(e static 4oute * use0 to reac( t(e 42 !oopbac"-
220
ro(ter 5gp 3
no s*nchroniEation
5gp ro(ter+id 1.1.1.2
neigh5or 1!.13.13.1 remote+as 3
neigh5or 1!.13.13.1 (pdate+so(rce $oop5ac)1
neigh5or 1!.2.3." remote+as 1
neigh5or 1!.2.3." e5gp+m(ltihop 3
neigh5or 1!.2.3." (pdate+so(rce $oop5ac)3
neigh5or 132.1>9.1!.1 remote+as >!!1
neigh5or 132.1>9.1!.1 e5gp+m(ltihop 2
neigh5or 132.1>9.1!.1 (pdate+so(rce $oop5ac)1
neigh5or 132.1>9.1!.3 remote+as 3
no a(to+s(mmar*
@
ip ro(te 1!.2.3." 2.2.2.2 1"2.1>.."
290
ro(ter 5gp 2
no s*nchroniEation
neigh5or 1!.3.3.2 e5gp+m(ltihop 3
neigh5or 1"2.1>.4." remote+as 1
no a(to+s(mmar*
@
ip ro(te 1!.3.3.2 2.2.2.2 1"2.1>.>.3
230
ro(ter 5gp 3
no s*nchroniEation
neigh5or 1!.1!.1!.1 remote+as >!!1
neigh5or 1!.1!.1!.1 e5gp+m(ltihop 3
neigh5or 1!.1!.1!.1 (pdate+so(rce $oop5ac)1
CCIE Routing and Switching Boot Camp Day 1 to 4 Lab Page &# of 136
neigh5or 132.1>9.1!. remote+as 3
neigh5or 132.1>9.1!. (pdate+so(rce $oop5ac)1
neigh5or 132.1>9.1!. ro(te+reflector+client
neigh5or 132.1>9.1!.> remote+as 3
neigh5or 132.1>9.1!.> (pdate+so(rce $oop5ac)1
neigh5or 132.1>9.1!.> ro(te+reflector+client
no a(to+s(mmar*
@
ip ro(te 1!.9.9.9 2.2.2.2 1"2.1>.>.9
:ithin A( -!. peer all routers as shown in the diagram and note the bgp confederation
identifier can not be used on any of the routers. Mi*e each router the same &outer%id that was
used pre*iously for 3(08. If there is an existing loop back on the router use that as the
update source if not use the 4lan2# interface when possible. 3n the connections within A(
$"##2 make sure you consolidate your commands to reduce the siIe of the 9M0 command
line configuration.
AS3
220
ro(ter 5gp 3
no s*nchroniEation
neigh5or 1!.13.13.1 remote+as 3 ,3(is peers t(e route ref!ectors 42 an0 43-
neigh5or 132.1>9.1!.1 remote+as >!!1 ,3(is connects an eB+P manua! confe0eration to S'1-
neigh5or 132.1>9.1!.3 ro(te+reflector+client ,Configures BB1 as a route ref!ector c!ient-
no a(to+s(mmar*
;;10
ro(ter 5gp 3
no s*nchroniEation
neigh5or 1!.12.12.1 (pdate+so(rce :astEthernet!B!
no a(to+s(mmar*
230
ro(ter 5gp 3
no s*nchroniEation
no a(to+s(mmar*
@
20
ro(ter 5gp 3
no s*nchroniEation
5gp ro(ter+id 1.1.1.
no a(to+s(mmar*
2>0
ro(ter 5gp 3
no s*nchroniEation
5gp ro(ter+id 1.1.1.>
no a(to+s(mmar*
3n the connections within A( $"##2 make sure you consolidate your commands to reduce the
siIe of the 9M0 command line configuration.
AS 6#))1
SN10
ro(ter 5gp >!!1
no s*nchroniEation
5gp ro(ter+id 1.1.1.1!
neig(bor Branc( peer1group ,Peer +roup comman0s are use0 to group simi!ar B+P comman0s toget(er for neig(bors-
neigh5or ;ranch remote+as >!!1
neigh5or ;ranch (pdate+so(rce #lan1!
neigh5or ;ranch ro(te+reflector+client ,3(e ot(er s'itc(es S'2:3:an0 4 'i!! become route ref!ector c!ients-
neigh5or 1!...2 peer+gro(p ;ranch
neigh5or 1!.9.9.2 peer+gro(p ;ranch
neigh5or 1!.1!.1!.1 (pdate+so(rce #lan1!
neigh5or 1!.12.12.1 (pdate+so(rce #lan1!
no a(to+s(mmar*
210
ro(ter 5gp >!!1
no s*nchroniEation
neigh5or ;ranch peer+gro(p
neigh5or ;ranch remote+as >!!1
neigh5or ;ranch (pdate+so(rce $oop5ac)!
neigh5or ;ranch ro(te+reflector+client
neigh5or 1!...2 peer+gro(p ;ranch
CCIE Routing and Switching Boot Camp Day 1 to 4 Lab Page &$ of 136
neigh5or 1!.13.13.1 (pdate+so(rce $oop5ac)!
neigh5or 132.1>9.1!.1 (pdate+so(rce $oop5ac)!
no a(to+s(mmar*
Sw20
ro(ter 5gp >!!1
no s*nchroniEation
neigh5or 1!.1!.1!.1 (pdate+so(rce #lan
neigh5or 132.1>9.1!.1 (pdate+so(rce #lan
no a(to+s(mmar*
Sw30
ro(ter 5gp >!!1
no s*nchroniEation
neigh5or 1!.1!.1!.1 (pdate+so(rce #lan9
neigh5or 132.1>9.1!.1 (pdate+so(rce #lan9
no a(to+s(mmar*
Sw40
ro(ter 5gp >!!1
no s*nchroniEation
neigh5or 1!.1!.1!.1 (pdate+so(rce #lan3
neigh5or 132.1>9.1!.1 (pdate+so(rce #lan3
no a(to+s(mmar*
Tas4 2 )7etwor4s*3 Ad*ertise the /ew Loopbacks from &= and &@ in 9M0. ,ake sure (w+
can ping them. Ad*ertise the new I0 addresses in the new loop backs of &< and &! as well as
26<.2$@.2#.# and a summary of the 2#.#.#.# network. ,ake sure your 9M0 table in &= looks
like the following>
2"0
ro(ter 5gp 1
no s*nchroniEation
net'or" 2)&2)2)2) mas" 2##212%2)2) ,3(is configuration a07ertises t(ese net'or"s into B+P-
net'or" 22)2)2)2) mas" 2##212%2)2)
no a(to+s(mmar*
220
ro(ter 5gp 3
no s*nchroniEation
CCIE Routing and Switching Boot Camp Day 1 to 4 Lab Page &% of 136
net'or" 1)2122122) mas" 2##22##22##2)
net'or" 1#)22222) mas" 2##22##22##2)
net'or" 1#122222) mas" 2##22##22##2)
net'or" 1#222222) mas" 2##22##22##2)
net'or" 1$22162#2) mas" 2##22##22##2)
aggregate1a00ress 1)2)2)2) 2##2)2)2) summary1on!y ,3(is comman0 configures a summary on!y for t(e 1)<% net'or"-
aggregate1a00ress 1$22162)2) 2##22##2)2) summary1on!y
neigh5or 132.1>9.1!.3 ro(te+reflector+client
no a(to+s(mmar*
290
ro(ter 5gp 2
no s*nchroniEation
networ) 1>!.!.!.! mas) 2.129.!.!
networ) 13!.!.!.! mas) 2.129.!.!
no a(to+s(mmar*
230
ro(ter 5gp 3
no s*nchroniEation
networ) 1!.13.13.! mas) 2.2.2.!
networ) 143.3.3.! mas) 2.2.2.!
networ) 11.3.3.! mas) 2.2.2.!
networ) 12.3.3.! mas) 2.2.2.!
networ) 1"2.1>.>.! mas) 2.2.2.!
aggregate+address 1!.!.!.! 2.!.!.! s(mmar*+onl*
aggregate+address 1"2.1>.!.! 2.2.!.! s(mmar*+onl*
no a(to+s(mmar*
Sw40
SN4#ping 2!3.!.!.1
Sending A 1!!+5*te <14/ Echos to 2!3.!.!.1A timeo(t is 2 seconds0
@@@@@
CCIE Routing and Switching Boot Camp Day 1 to 4 Lab Page && of 136
S(ccess rate is 1!! percent (B)A ro(nd+trip minBa'gBma- D !B"B3 ms
SN4#
SN4#ping 22!.!.!.1
Sending A 1!!+5*te <14/ Echos to 22!.!.!.1A timeo(t is 2 seconds0
@@@@@
S(ccess rate is 1!! percent (B)A ro(nd+trip minBa'gBma- D 9B9B3 ms
SN4#
SN4#ping 1>!.!.!.1
Sending A 1!!+5*te <14/ Echos to 1>!.!.!.1A timeo(t is 2 seconds0
@@@@@
S(ccess rate is 1!! percent (B)A ro(nd+trip minBa'gBma- D 1B>!B" ms
SN4#
SN4#ping 13!.!.!.1
Sending A 1!!+5*te <14/ Echos to 13!.!.!.1A timeo(t is 2 seconds0
@@@@@
S(ccess rate is 1!! percent (B)A ro(nd+trip minBa'gBma- D !B"B3 ms
SN4#
Tas4 % )8E9s*3 Configure meds such that A( ! will prefer &@ to reach <#6.#.#.2 and
<<#.#.#.2. and &= will be a better path to 26#.#.#.2 and 2$#.#.#.2. ,ake sure you configure
&< and &! to pre*ent A( $"##2 from being ad*ertised to &= or &@. 0ing the routes from (w+
and ensure you can still reach them.
2"0
ro(ter 5gp 1
no s*nchroniEation
networ) 1"2.1>.4.! mas) 2.2.2.!
networ) 2!3.!.!.! mas) 2.129.!.!
networ) 22!.!.!.! mas) 2.129.!.!
neig(bor 1#)212122 route1map me0 out ,3(is a!!o's us to use a route map to set t(e me0 7a!ue-
no a(to+s(mmar*
ro(te+map med permit 1!
match ip address prefi-+list med
set metric 1) ,Setting a !o'er metric for t(ese net'or"s 'i!! ma"e t(em more preferre0 o7er 4$
@
match ip address prefi-+list med2
set metric 2!!
set as1pat( prepen0 1 , *n B+P AS1Pat( attribute is more preffere0 t(an 5AD: so 'e nee0 to gi7e t(e AS patc( an e;ua! 7a!ue so t(at 5AD
'i!! be use0 as a tie brea"er-
ip prefi-+list med se? permit 1>!.!.!.!B3
ip prefi-+list med se? 1! permit 13!.!.!.!B3
@
ip prefi-+list med2 se? permit 2!3.!.!.!B3
ip prefi-+list med2 se? 1! permit 22!.!.!.!B3
290
ro(ter 5gp 2
no s*nchroniEation
CCIE Routing and Switching Boot Camp Day 1 to 4 Lab Page 1)) of 136
networ) 1>!.!.!.! mas) 2.129.!.!
networ) 1"2.1>.4.! mas) 2.2.2.!
networ) 13!.!.!.! mas) 2.129.!.!
neigh5or 1!.3.3.2 ro(te+map med o(t
no a(to+s(mmar*
match ip address prefi-+list med
set metric 1!
@
match ip address prefi-+list med2
set metric 2!!
set as+path prepend 2
ip prefi-+list med se? permit 2!3.!.!.!B3
ip prefi-+list med se? 1! permit 22!.!.!.!B3
@
ip prefi-+list med2 se? permit 1>!.!.!.!B3
ip prefi-+list med2 se? 1! permit 13!.!.!.!B3
Tas4 ( )1s!filtering*3 Configure A( ! so that is can not be a transit A( between A(2 and
As<.
To accomplish this task you must use an as path acl to enable a filter list.
CCIE Routing and Switching Boot Camp Day 1 to 4 Lab Page 1)1 of 136
Day :
M#lticast
2efer to slides from lect(re or =ni'ers17 for assistance.
8ulticast Tas4s
Tas4 # )8ulticast*> Configure ,ulticast support for &< &! and &2. Configure
multicast routing such that it can automatically find the &0s in a failure. Jou can not
use (parseE5ense or 5ense mode for this task. Also make sure &2 is configured with
the highest priority for any elections.
Tas4 2 )5C8P*3 3n &2 configure to Loin group <<+.<.<.<. After doing this &< and &!
should be able to ping this group.
Tas4 % )5C8P*3 3n (w + we are ha*ing a problem with ,ulticast on 4lan +. 8or
testing purposes configure (: + so that multicast is flooded to e*ery switch port.
8ulticast 1nswers
Tas4 # )8ulticast*> Configure ,ulticast support for &< &! and &2. Configure
multicast routing such that it can automatically find the &0s in a failure. Jou can not
use (parseE5ense or 5ense mode for this task. Also make sure &2 is configured with
the highest priority for any elections.
21
hostname 21
ip m(lticast+ro(ting 113(is 3urns on mu!ticast g!oba!!y
ip pim 5sr+candidate Serial!B!B! 3! 2111111113(is forces 41 to be t(e BS4 by using t(e (ig(est
priority
ip pim rp+candidate Serial!B!B! priorit* 2111111113(is forces 41 to be t(e 4P for 224222222 by using
t(e (ig(est priority
ip address 1!.>.>.2 2.2.2.22
ip pim sparse+mode1111111111113(is enab!es P*5 routing an0 contro! traffic
ip igmp Qoin+gro(p 224.2.2.211111113(is A!!o's 4outer 1 to Eoin 224222222
ip ospf 1 area 2
d(ple- a(to
speed a(to
ip address 1"2.1>.1.1 2.2.2.!
ip pim sparse+mode 1111111111113(is enab!es P*5 routing
22
ip m(lticast+ro(ting
ip pim 5sr+candidate Serial!B!B!.1 3! 1!!
ip pim rp+candidate Serial!B!B!.1 priorit* 1!!
ip address 1"2.1>.1.2 2.2.2.!
ip pim sparse+mode
23
ip address 1"2.1>.1.2 2.2.2.!
ip pim sparse+mode
23#sh ip pim 5sr+ro(ter
/<4'2 ;ootstrap information
;S2 address0 1"2.1>.1.1 (R)
=ptime0 !!0!304A ;S2 /riorit*0 2A Cash mas) length0 3!
E-pires0 !!0!101
.his s*stem is a candidate ;S2
1andidate ;S2 address0 1"2.1>.1.3A priorit*0 1!!A hash mas) length0 3!
1andidate 2/0 1"2.1>.1.3(Serial!B!B!.1)
Coldtime 1! seconds
%d'ertisement inter'al >! seconds
&e-t ad'ertisement in !!0!!01>
1andidate 2/ priorit* 0 1!!
23#ping 224.2.2.2
Sending 1A 1!!+5*te <14/ Echos to 224.2.2.2A timeo(t is 2 seconds0
2epl* to re?(est ! from 1"2.1>.1.1A "2 ms
23#
Tas4 2 )5C8P*3 3n &2 configure to Loin group <<+.<.<.< and only this group. After
doing this &< and &! should be able to ping this group.
Sw1
ip address 1!.>.>.2 2.2.2.22
ip igmp Qoin+gro(p 224.2.2.2
ip ospf 1 area 2
d(ple- a(to
speed a(to
Tas4 % )5C8P*3 3n (w + we are ha*ing a problem with ,ulticast on 4lan +. 8or
testing purposes configure (: + so that multicast is flooded to e*ery switch port.
SN4(config)#no ip igmp snooping 'lan 4
Day :
;oS
Ios Tas4s
Tas4# )Switch IoS*3 Enable Automatic Ao( features on (:2 such that an I0
phone can be connected to any of the ports except for the trunk ports or ports
connected between switches or the routers. Also if a 0C were to be conncted it
should not allow it to send Ao( information. 3n (w< configure f#E+ so that it will
only e*er send traffic at a maximum of "#megs
Tas42 )8LPP*3 3n &2 and &< first use ,AC to match all *oice traffic with a 5(C0
of +$ and set a priority of "2<k. (econd match signaling information with a C(! and
set the bandwidth to $+k. (et 9est effort traffic to 8air Aueue. Configure ,L00 to
pro*ide fragmentation and interlea*ing with a delay of 2# and 2+$#### as the CI&.
Tas4% )Congestion 1voidance*3 Configure congestion a*oidance on &" 8#E#. 8or
5(C0 A822 set the min threshold to 2# and when the queue reaches the max
threshold of 2## packets set the drop probability to drop 2 out of 2# packets.
CCIE Routing and Switching Boot Camp Day 1 to 4 Lab Page 1)# of 136
IoS 1nswers
Tas4# )Switch IoS*3 Enable Automatic Ao( features on (:2 such that an I0
phone can be connected to any of the ports except for the trunk ports or ports
connected between switches or the routers. Also if a 0C were to be conncted it
should not allow it to send Ao( information. 3n (w< configure
Sw1(config)#mls ?os
Sw1(config)#interface range f!B4 M (1hoose interfaces witho(t ro(ters or tr(n)s)
Sw1(config+if+range)# a(to ?os 'oip cisco+phone11111 3(is 'i!! on!y trust FoS from an *P P(one
ote t(e 3#6) (as 2 input ;ueus an0 4 egress ;ueues2
3(e auto FoS comman0 a00s t(e fo!!o'ing g!oba! configuration:
mls ?os map cos+dscp ! 9 1> 2> 32 4> 49 >
mls ?os srr+?(e(e inp(t 5andwidth 3! 1!
mls ?os srr+?(e(e inp(t threshold 1 9 1>
mls ?os srr+?(e(e inp(t threshold 2 34 >>
mls ?os srr+?(e(e inp(t 5(ffers >" 33
mls ?os srr+?(e(e inp(t cos+map ?(e(e 1 threshold 2 1
mls ?os srr+?(e(e inp(t cos+map ?(e(e 1 threshold 3 !
mls ?os srr+?(e(e inp(t cos+map ?(e(e 2 threshold 2 4 > "
mls ?os srr+?(e(e inp(t dscp+map ?(e(e 1 threshold 2 3 1! 11 12 13 14 1
mls ?os srr+?(e(e inp(t dscp+map ?(e(e 1 threshold 3 ! 1 2 3 4 > "
mls ?os srr+?(e(e inp(t dscp+map ?(e(e 1 threshold 3 32
mls ?os srr+?(e(e inp(t dscp+map ?(e(e 2 threshold 1 1> 1" 19 13 2! 21 22 23
mls ?os srr+?(e(e inp(t dscp+map ?(e(e 2 threshold 2 33 34 3 3> 3" 39 33 49
mls ?os srr+?(e(e inp(t dscp+map ?(e(e 2 threshold 2 43 ! 1 2 3 4 >
mls ?os srr+?(e(e inp(t dscp+map ?(e(e 2 threshold 2 " 9 3 >! >1 >2 >3
mls ?os srr+?(e(e inp(t dscp+map ?(e(e 2 threshold 3 24 2 2> 2" 29 23 3! 31
mls ?os srr+?(e(e inp(t dscp+map ?(e(e 2 threshold 3 4! 41 42 43 44 4 4> 4"
mls ?os srr+?(e(e o(tp(t cos+map ?(e(e 1 threshold 3
mls ?os srr+?(e(e o(tp(t cos+map ?(e(e 2 threshold 3 3 > "
mls ?os srr+?(e(e o(tp(t cos+map ?(e(e 3 threshold 3 2 4
mls ?os srr+?(e(e o(tp(t cos+map ?(e(e 4 threshold 2 1
mls ?os srr+?(e(e o(tp(t cos+map ?(e(e 4 threshold 3 !
mls ?os srr+?(e(e o(tp(t dscp+map ?(e(e 1 threshold 3 4! 41 42 43 44 4 4> 4"
mls ?os srr+?(e(e o(tp(t dscp+map ?(e(e 2 threshold 3 24 2 2> 2" 29 23 3! 31
mls ?os srr+?(e(e o(tp(t dscp+map ?(e(e 2 threshold 3 49 43 ! 1 2 3 4
mls ?os srr+?(e(e o(tp(t dscp+map ?(e(e 2 threshold 3 > " 9 3 >! >1 >2 >3
mls ?os srr+?(e(e o(tp(t dscp+map ?(e(e 3 threshold 3 1> 1" 19 13 2! 21 22 23
mls ?os srr+?(e(e o(tp(t dscp+map ?(e(e 3 threshold 3 32 33 34 3 3> 3" 39 33
mls ?os srr+?(e(e o(tp(t dscp+map ?(e(e 4 threshold 1 9
mls ?os srr+?(e(e o(tp(t dscp+map ?(e(e 4 threshold 2 3 1! 11 12 13 14 1
mls ?os srr+?(e(e o(tp(t dscp+map ?(e(e 4 threshold 3 ! 1 2 3 4 > "
mls ?os ?(e(e+set o(tp(t 1 threshold 1 139 139 32 139
mls ?os ?(e(e+set o(tp(t 1 threshold 2 139 139 32 4!!
mls ?os ?(e(e+set o(tp(t 1 threshold 3 3> "" 1!! 319
mls ?os ?(e(e+set o(tp(t 1 threshold 4 2! ! >" 4!!
mls ?os ?(e(e+set o(tp(t 2 threshold 1 143 143 1!! 143
mls ?os ?(e(e+set o(tp(t 2 threshold 2 119 119 1!! 23
mls ?os ?(e(e+set o(tp(t 2 threshold 3 41 >9 1!! 2"2
mls ?os ?(e(e+set o(tp(t 2 threshold 4 42 "2 1!! 242
mls ?os ?(e(e+set o(tp(t 1 5(ffers 1! 1! 2> 4
mls ?os ?(e(e+set o(tp(t 2 5(ffers 1> > 1" >1
mls ?os
srr+?(e(e 5andwidth limit ! +++3(is comman0 'i!! !imit traffic to #)G of t(e
actua! port ban0'i0t(
CCIE Routing and Switching Boot Camp Day 1 to 4 Lab Page 1)$ of 136
Tas42 )8LPP*3 9etween 992 and &< on the frame first use ,AC to match all *oice
traffic with a 5(C0 of +$ and set a priority of "2<k. (econd match signaling
information with a C(! and set the bandwidth to $+k. (et 9est effort traffic to 8air
Aueue. Configure ,L00 to pro*ide fragmentation and interlea*ing with a delay of 2#
and 2+$#### as the CI&.
class%map match%all (ignal !!! 8atch traffic mar4ed with the reJuested 9SCP
match ip dscp cs!
class%map match%all 43ICE
match ip dscp ef
Z
Z
policy%map 992to&< !! This set LLI for Voice and C6F.I for Signalling
class 43ICE
priority "2<
class (ignal
bandwidth $+
class class%default
fair%queue!!!!!!!!!!!! Set 6est Effort Iueue to fair Jueue not .5.A
interface (erial#E#E#
frame%relay traffic%shaping
Z
Z
interface (erial#E#E#.< point%to%point
description 0<0%to%992
frame%relay interface%dlci <#6 ppp 4irtual%Template2!sets 9LC5 to Virtual
Template
class 992to&<
Z
interface 4irtual%Template2
description 0<0%to%&<
bandwidth 2"+$
ip address 2=<.2$.<.< <"".<"".<"".#
ip ospf 2 area =
delay 2#####
ppp multilink !!!!!!!!!!8LPPP
ppp multilink fragment delay 2# !!!!Set delay to #0
ppp multilink interlea*e !!!5nterleave Voice into larger 9ata Pac4ets
ser*ice%policy output 992to&<
Z
map%class frame%relay 992to&< !!!!!!!!!!!.@TS
frame%relay cir 2+$####
frame%relay bc 2+$##
frame%relay be #
frame%relay mincir 2+$####
Z
CCIE Routing and Switching Boot Camp Day 1 to 4 Lab Page 1)% of 136
Tas4% )Congestion 1voidance*3 Configure congestion a*oidance on &" 8#E#. 8or
5(C0 A822 set the min threshold to 2# and when the queue reaches the max
threshold of 2## packets set the drop probability to drop 2 out of 2# packets.
interface 8astEthernet#E#
description 4lan2#NLeased
ip address 26<.2$@.2#." <"".<"".<"".#
ip ospf 2 area #
duplex auto
speed auto
ip*$ address <###>2>2>2<!+>>"E$+
ip*$ address 8E@#>>" link%local
ip*$ ospf 2 area #
random%detect dscp%based
random%detect dscp 2# 2# 2## 2#!!1.## K #0 decimal> min #0 ma/ #00 >
drop # out of #0 pac4ets&
CCIE Routing and Switching Boot Camp Day 1 to 4 Lab Page 1)& of 136
Day :
Sec#rity
Security Tas4s
Tas4# )9<CP security*3 Configure a 5)C0 ser*er on (:<. Create a scope for
network <#.<#.<#.#E<+ with a default gateway of <#.<#.<#.<"+ which will be
configured on sw<. Configure (w< for 5)C0 snooping and to examine the 5)C0
leases coming from (w< to &<. Create 4lan <# on the 4T0 ser*er and configure a
*lan <# to f#E< interface on (:< such that &< learns its I0 address from (w<.
Configure 5)C0 snooping on (w< and sa*e the bindings to flash>. &eset the I0 on
(w< and ensure 5)C0 snooping is tracking the 5)C0 lease.
Tas4 2 )Prevent Spoofing*3 3n (w< enable security features that can use the
5)C0 bindings to pre*ent (poofing I0 addresses already bound to f#E<. 3n &< and
&! pre*ent I0 spoofing from the I(0 connections.
Tas4 % )9oS*3 Configure &! and &< to prtotect against TC0 5o(. 7se 2## for low
and "## for high thresh old of half open connections.
3n &< and &!
ip tcp intercept ma-+incomplete low 1!!
ip tcp intercept ma-+incomplete high !!
@
Security 1nswers
Tas4# )DHCP security-: 1onfig(re a 7C1/ ser'er on SN2. 1reate a scope for networ)
2!.2!.2!.!B24 with a defa(lt gatewa* of 2!.2!.2!.24 which will 5e config(red on sw2.
1onfig(re Sw2 for 7C1/ snooping and to e-amine the 7C1/ leases coming from Sw2
to 22. 1reate #lan 2! on the #./ ser'er and config(re a 'lan 2! to f!B2 interface on
SN2 s(ch that 22 learns its </ address from Sw2. 1onfig(re 7C1/ snooping on Sw2 and
sa'e the 5indings to flash0. 2eset the </ on Sw2 and ens(re 7C1/ snooping is trac)ing
the 7C1/ lease.
(w<
ip dhcp excluded%address <#.<#.<#.<"+
Z
ip dhcp pool sw<
network <#.<#.<#.# <"".<"".<"".#
default%router <#.<#.<#.<"+
interface 4lan<#
ip address <#.<#.<#.<"+ <"".<"".<"".#
&2
&2-config.Hntp master!!!7TP is reJuired for 9<CP snooping
(w<
ntp ser*er 26<.2$@.2#.2%%%%%%%%%%% 7TP is reJuired for 9<CP snooping
ip dhcp snooping *lan <#
ip dhcp snooping database flash>file#2.txt%%%%%%%Stores the 9<CP lease info
ip dhcp snooping%%%%%%%%Ena$les 9<CP Snooping
(w<-config.int f#E<
(:<-config%if.Hip dhcp snooping trust
(:<Hsh ip dhcp snooping binding
,acAddress IpAddress Lease-sec. Type 4LA/ Interface
%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%% %%%%%%%%%% %%%%%%%%%%%%% %%%% %%%%%%%%%%
%%%%%%%%%%
##>2"><9>A5>$<>52 <#.<#.<#.2 @$!!! dhcp%snooping <# 8astEthern
et#E<
Total number of bindings> 2
Tas4 2 )Prevent Spoofing*3 3n (w< enable security features that can use the
5)C0 bindings to pre*ent (poofing I0 addresses already bound to f#E<. 3n &< and
&! pre*ent I0 spoofing from the I(0 connections.
Sw2
switchport access 'lan 2!
switchport mode access
ip 'erif* so(rce port+sec(rit* ++++++++Anab!es *P source guar0
SN2#sh ip 'erif* so(rce interface f!B2
<nterface :ilter+t*pe :ilter+mode </+address 4ac+address #lan
+++++++++ +++++++++++ +++++++++++ +++++++++++++++ +++++++++++++++++ +++++++
+++
:a!B2 ip+mac acti'e 2!.2!.2!.1 permit+all 2!
22
22(config)#int s!B!B!.3
22(config+s(5if)#ip 'erif* (nicast re'erse+path
23(config)#int s!B!B!.3
23(config+s(5if)#ip 'erif* (nicast re'erse+path
Tas4 % )9oS*3 Configure &! and &< to prtotect against TC0 5o(. 7se 2## for low
and "## for high thresh old of half open connections.
3n &< and &!
ip tcp intercept ma-+incomplete low 1!!
ip tcp intercept ma-+incomplete high !!
@
Day 4
%v<
The Internet Engineering Task 8orce -IET8. has de*eloped a suite of protocols and
standards known as I0 *ersion $ -I0*$.. This new *ersion pre*iously called I0%The
/ext Meneration -I0ng. incorporates the concepts of many methods for updating the
I0*+ protocol.
%v< Addressing
I04$ addresses are 2<@ bits long and are configured in hexadecimal. Consecuti*e
Ieroes can be eliminated ->>.. In the following example <##2>#>#>A2>>2E<AE$+ is the
full I0*$ address where <##2>#>#>A2 is the network portion and the interface -host.
portion is #>#>#>2E<A or >>2E<A.
%v< Address Scopes
I0*$ has the following three scopes>
Link%local (cope
7nique%local (cope
Mlobal (cope
Link Local
Identifies all hosts within a single layer < domain
7nicast addresses within this scope are called link%local addresses
They are assigned by default when ip*$ is enabled on an interface
/etwork address is always 8E@#>>E2#
)ost portion deri*ed from ,AC address -,odified E7I%$+.
Can be manually added too &!-config%if.Hip*$ address 8E@#>>! link%local
Independent of the global addressing scheme
Cannot be routed
7nique%local (cope
0re*iously referred to as site local
Identifies all de*ices within an administrati*e domain containing multiple
distinct links
7nicast addresses within this scope are called unicast%local addresses
)a*e a scope limited to the site
/etwork address is always 8EC#>>E2#
2$ bits in the network address identify the subnet
)ost portion deri*ed from ,AC address -,odified E7I%$+.
Mlobal
Addresses for generic use of I0*$
Identifies all de*ices reachable across the Internet
7nicast addresses within this scope are called global unicast addresses
)a*e to be globally unique and routable
Addresses reser*ed for global scope <### E!
Can ha*e a *ariable subnet portion
Last $+ bits for the interface identifier
IA/A assigns E+@
&nabling %v<
3n a router in global configuration mode configure>
Ip*$ unicast%routing
In interface mode>
ip*$ address <##2><##>2>2>>2E$+
Link%local addresses are generated by default or use manual configuration to change
them.
ip*$ address 8E@#>>! link%local
In order for a switch to understand I0*$ addresses configure>
In Mlobal configuration
sdm prefer dual%ip*+%and%ip*$ default
/ext you must reboot the switch for the changes to take place.
After a reboot the following global configuration can be entered
ip*$ unicast%routing
*%ng
In &I0ng neighbors need not be on the same global subnet since they are on the
same link%local subnet. )ence the router has to ad*ertise its own prefix for the link
on the actual interface. In addition to the frame%relay map ip*$ broadcast to the
Mlobal I0*$ Addresses you also need a map to the link local address. &I0 messages
are sent to the all &I0 routers link%local multicast address 88#<>>6E2<@. And lastly
&I0ng uses the authentication headers present in the I0*$ header for authentication
purposes and does not pro*ide ,5" authentication.
To configure &I0ng in interface mode>
ip*$ rip RstringS enable
To *erify the configuration>
show ip*$ protocol
show ip*$ rip
show ip*$ rip database
/ote D &edistribution between separate &I0ng processes is configure under the
routing process.
9S%3v:
In comparison wit 3(08*< 4ersion! has the same basic mechanisms such as
flooding 5& election areas and spf calculations remain the same. In contrast link
lsaBs announce link%local addresses and a list of ip*$ prefixes to associate with the
link. Intra%area prefix lsaBs carry all ip*$ prefixes to all ospf*! routers within an area
-correspond to router and network lsaBs in ip*+. Inter%area prefix lsa #x<##!
replaces summary or type ! lsaBs and Inter%area router lsa #x<##+ replaces type +
lsa. 3spf*! runs on a link basis rather than on a subnet basis as in ospf*<.
Authentication is also remo*ed from 3spf*! and relies on ip*$ for authentication
3(08*! is configured on the interfaces>
ip*$ ospf 2## area #
To *erify the configuration>

show ip*$ ospf
show ip*$ ospf neighbor
3(08*! still uses a !< bit router id at must be configured tunder ip*$ router ospf 2##
(ummaries can be configured under ip*$ router ospf 2## using the command area 2
range <##2>>E+@
The L(As in 3(08*!>
2o(ter+$S% !-2!!1
&etwor)+$S% !-2!!2
<nter+%rea+/refi-+$S% !-2!!3
<nter+%rea+2o(ter+$S% !-2!!4
%S+E-ternal+$S% !-2!!
8ro(p+mem5ership+$S% !-2!!>
.*pe+"+$S% !-2!!"
$in)+$S% !-2!!9
<ntra+%rea+/refi-+$S% !-2!!3
9S%3v: over "BMA
3(08*! o*er /9,A is *ery much similar to 3(08*< o*er /9,A. The hub interface
priority has to be increased manually to make it the 5&. The spokes should be
configured with a priority of # so that they ne*er participate in the 5& elections.
,oreo*er neighbors ha*e to be specified manually on the interface. The address for
the neighbor has to be the link local addresses. The neighbors ha*e to be specified
only on the hub not on the spokes.
8rame%relay maps ha*e to be configured pointing to the neighborBs link local address
on both hub and spokes as well as the global addresses -if configured.
sh ip*$ int s#E2E# displays the link%local address
The following example displays configuring 3(08*! on a hub interface>
interface (erial#E2E#

ip*$ ospf priority 2##
ip*$ ospf neighbor 8E@#>><#A>9@88>8E$9>A+=@
ip*$ ospf neighbor 8E@#>><#A>9@88>8E<C>=5C@
ip*$ ospf 2# area #
frame%relay map ip*$ 8E@#>><#A>9@88>8E$9>A+=@ 2#$
frame%relay map ip*$ 8E@#>><#A>9@88>8E<C>=5C@ 2#"
%v< over %v4
I0*$ can be tunneled under ip*+. The $to+ tunnel mode by default is gre and can to
be changed to ip*$ip. The tunnel itself needs an ip*$ address configured manually.
The tunnel source and destination will be ip*+ addresses. Afterwards a I0*$ capable
routing protocol can be enabled o*er the tunnel.
The following example tunnels I0*$ o*er I0*+>
interface .(nnel!
no ip address
ip'> address 2!!201!!02401002B>4
ip'> ospf 1!! area !
t(nnel so(rce 1!.9>."2.1"
t(nnel destination 1!.9>."2.19
In the abo*e example we are using M&E as the default encapsulation1 howe*er we
could also opt for ip*$ip with the Rtunnel mode ip*$ip command.

%v< "eighbor Discovery
/eighbor 5isco*ery determines the link%layer address of a neighbor on the
same link and helps both keep track of and find neighbor routers. /eighbor
disco*ery is achie*ed with the IC,0 protocol using multicast addresses. This
is also known as the solicited node address. A solicited%node address is a
,ulticast address with a link%local scope which is formed by a prefix and the
right%most <+ bits of the unicast or anycast address& The following diagram
illustrates how a neighbor is disco*ered in I0*$.
"eigbbor Discovery
Afterwards routers send periodic &outer Ad*ertisements -&A. to the all%nodes
multicast address. At reboot time the de*ices send &outer (olicitations to promptly
recei*e &outer Ad*ertisements. There is also a notion of a redirect which is used by
a router to signal the reroute of a packet to a better router.
D#plicate Address Detection
5uplicate Address 5etection -5A5. uses /eighbor (olicitation to *erify the existence
of an address to be configured to a*oid conflicts.
Stateless A#to'con4ig#ration
This time end de*ices or routers are configured to send router solicitations at boot up
to request &As for configuring thier interfaces. An I0*$ router configure to respond
will send the following information in the &outer ad*ertisements>
5efault router
I0*$ network prefix
Lifetime of ad*ertisement
The I0*$ router would configure an interface with the following parameters>
ip*$ nd prefix RprefixS [ default
\ \R*alid%lifetimeS Rpreferred%lifetimeS] [
\at R*alid%dateS Rpreferred%dateS]
\off%link] \no%autoconfig] ]
%v< LAB
Scenario
Turn%key is doing business with a partner that would like to connect with them o*er
I0*$ in the future. Turn%key has registered I0*$ address space and would like you to
configure I0*$ as outlined in the following diagram to pilot this capability o*er their
existing I0*+ infrastructure.
%v< Topology
%v< Tas$s
Tas4 # )Ena$le 5Pv,*3 enable on each de*ice identified in the abo*e diagram.
Configure I0*$ addresses based on the following Table0
*nterface De7ice *P76
#lan3,tr(n)ed Sw1
Sw2
2!!!02.201234002B>4
2!!!02.201234004B>4
#lan1!,$eased Sw1 2!!!010101234001B>4
23 :!B! 2!!!010101234003B>4
23 S!B!B!.2 2!!1010101234003B>4
2 :!B! 2!!!01010123400B>4
2 S!B!B! 2!!101010123400B>4
2> :!B! 2!!!01010123400>B>4
2> S!B!B! 2!!101010123400>B>4
1onfig(re the following loop 5ac) addresses0
23 M $o D 2!!!030303003B>4
2 M $o D 2!!!00000B>4
2>+ $o D 2!!!0>0>0>00>B>4
Tas4 2 )Lin4 Local*3 5# a Rsh ip*$ int on each of the configured addresses and
manually modify the link local address to make it easier to look at.
8or example on &!>
&!Hsh ip*$ int
8astEthernet#E# is up line protocol is up
I0*$ is enabled link%local address is .E"0332#:3E..3.E,(3600"
5escription> 4lan2#NLeased
Mlobal unicast address-es.>
<###>2>2>2>2<!+>>2 subnet is <###>2>2>2>>E$+
Woined group address-es.>
88#<>>2
88#<>><
88#<>>2>88##>2
88#<>>2>88$+>9##@
,T7 is 2"## bytes
IC,0 error messages limited to one e*ery 2## milliseconds
IC,0 redirects are enabled
/5 5A5 is enabled number of 5A5 attempts> 2
/5 reachable time is !#### milliseconds
/5 ad*ertised reachable time is # milliseconds
/5 ad*ertised retransmit inter*al is # milliseconds
/5 router ad*ertisements are sent e*ery <## seconds
/5 router ad*ertisements li*e for 2@## seconds
)osts use stateless autoconfig for addresses.
:e could shorten the address to 8E@#>>! by issuing the following interface
command>
&!-config%if.Hip*$ address 8E@#>>! link%local
Tas4 % )@5Png*3 Enable &I0ng for networks on (w2 and (w<
Tas4 ( )ASP.v%*3 Ena$le 3(08*! area # between (w2 &! &" and &$. 8or
redundancy 3(08 should run o*er the Leased Ethernet and 8rame &elay.
Tas4 )@edistri$ution*3 &edistribute 3(08*! and &I0ng on (w2 and ping test
from (w< to ensure all I0*$ networks are reacheable.
%v< Answers
Tas4 # )Ena$le 5Pv,*3 enable on each de*ice identified in the abo*e diagram.
In order to allow the Catalyst !"$# switches to support Ip*$ addresses we need to
change the (5, template to dual. (ince we ha*e configured so many L< options in
the pre*ious Lab we will lea*e the switch tuned for desktop.

Sw10
Sw1(config)#sdm R
prefer 1onfig .1%4 and :orwarding 2%4 siEes. Narning0 need to reset switch
for config(ration to ta)e effect.
Sw1(config)#sdm prefer R
access %ccess 5ias
defa(lt 7efa(lt 5ias
d(al+ip'4+and+ip'> S(pport 5oth </'4 and </'>
ro(ting =nicast 5ias
'lan #$%& 5ias
Sw1(config)#sdm prefer d(al
Sw1(config)#sdm prefer d(al+ip'4+and+ip'> R
defa(lt 7efa(lt 5ias
ro(ting =nicast 5ias
'lan #$%& 5ias
Sw1(config)#sdm prefer d(al+ip'4+and+ip'> ro(
Sw1(config)#sdm prefer d(al+ip'4+and+ip'> ro(ting
1hanges to the r(nning S74 preferences ha'e 5een storedA 5(t cannot ta)e effect
(ntil the ne-t reload.
=se 'show sdm prefer' to see what S74 preference is c(rrentl* acti'e.
Sw1(config)#do sh sdm prefer
.he c(rrent template is Pdes)top defa(ltP template.
.he selected template optimiEes the reso(rces in
the switch to s(pport this le'el of feat(res for
9 ro(ted interfaces and 1!24 #$%&s.
n(m5er of (nicast mac addresses0 >T
n(m5er of </'4 <84/ gro(ps U m(lticast ro(tes0 1T
n(m5er of </'4 (nicast ro(tes0 9T
n(m5er of directl*+connected </'4 hosts0 >T
n(m5er of indirect </'4 ro(tes0 2T
n(m5er of </'4 polic* 5ased ro(ting aces0 !
n(m5er of </'4B4%1 ?os aces0 12
n(m5er of </'4B4%1 sec(rit* aces0 1T
6n ne-t reloadA template will 5e Pdes)top </'4 and </'> ro(tingP template.
Sw1(config)#
Sw1(config)#sdm prefer d(al+ip'4+and+ip'> defa(lt
Sw1(config)#do sh sdm prefer
6n ne-t reloadA template will 5e Pdes)top </'4 and </'> defa(ltP template.
Sw1(config)#
Sw1#reload
/roceed with reloadR IconfirmJ
Sw1#show sdm prefer
.he c(rrent template is Pdes)top </'4 and </'> defa(ltP template.
n(m5er of (nicast mac addresses0 2T
n(m5er of directl*+connected </'4 hosts0 2T
n(m5er of </'> m(lticast gro(ps0 112
n(m5er of directl*+connected </'> addresses0 2T
n(m5er of indirect </'> (nicast ro(tes0 1T
n(m5er of </'> polic* 5ased ro(ting aces0 !
n(m5er of </'> ?os aces0 1!
n(m5er of </'> sec(rit* aces0 1!
Sw20
SN2(config)#sdm prefer d(al+ip'4+and+ip'> defa(lt
SN2(config)#do reload
S*stem config(ration has 5een modified. Sa'eR I*esBnoJ0 *
SN2#sh sdm prefer
Sw30
SN3#sh sdm prefer
Sw40
SN4#sh sdm prefer
6n ne-t reloadA template will 5e Pdes)top </'4 and </'> defa(ltP template.
230
23(config)#ip'> (nicast+ro(ting
20
2(config)#ip'> (nicast+ro(ting
2>0
2>(config)#ip'> (nicast+ro(ting
&oteK after the switches re5oot the* need the ip'> (nicast+ro(ting command as well.
Configure I0*$ addresses based on the abo*e Table and Tas42 Lin4 local
addresses0
230
interface $oop5ac)
no ip address
ip76 a00ress 2))):3:3:3::3<64 ,3(is is t(e +!oba! *P76 a00ress-
ip76 a00ress @A%)::3 !in"1!oca! ,3(is is a mo0ifie0 Lin" Loca! a00ress t(at is not routab!e so it can be 0up!icate02
ip address 1"2.1>.3.3 2.2.2.!
no ip split+horiEon
ip ospf 1 area 3
ip76 a00ress 2))1:1:1234::3<64
ip76 a00ress @A%)::3 !in"1!oca!
ip address 132.1>9.1!.3 2.2.2.!
ip ospf 1 area !
dela* 1
d(ple- a(to
speed a(to
ip76 a00ress 2))):1:1:1234::1<64
ip76 a00ress @A%)::3 !in"1!oca!
23#sh ip'> int 5rief
:astEthernet!B! I(pB(pJ
:E9!003
2!!!010101234001
:astEthernet!B1 Iadministrati'el* downBdownJ
Serial!B!B! I(pB(pJ
Serial!B!B!.1 I(pB(pJ
:E9!003
2!!1010101234003
Serial!B!B1 Iadministrati'el* downBdownJ
Serial!B1B! Iadministrati'el* downBdownJ
Serial!B1B1 Iadministrati'el* downBdownJ
$oop5ac)1 I(pB(pJ
$oop5ac)3 I(pB(pJ
$oop5ac)4 I(pB(pJ
$oop5ac) I(pB(pJ
:E9!003
2!!!030303003
20
interface $oop5ac)
no ip address
ip'> address 2!!!00000B>4
ip'> address :E9!00 lin)+local
@
ip address 132.1>9.1!. 2.2.2.!
ip ospf 1 area !
d(ple- a(to
speed a(to
ip'> address 2!!!01010123400B>4
ip address 1"2.1>.3. 2.2.2.!
ip ospf 1 area 3
ip'> address 2!!101010123400B>4
2#sh ip'> int 5rief
:E9!00
2!!!01010123400
Serial!B!B! I(pB(pJ
:E9!00
2!!101010123400
Serial!B!B1 I(pBdownJ
$oop5ac) I(pB(pJ
:E9!00
2!!!00000
2>0
interface $oop5ac)
no ip address
ip'> address 2!!!0>0>0>00>B>4
ip'> address :E9!00> lin)+local
@
ip address 132.1>9.1!.> 2.2.2.!
ip ospf 1 area !
d(ple- a(to
speed a(to
ip'> address 2!!!01010123400>B>4
@
@
ip address 1"2.1>.3.> 2.2.2.!
ip ospf 1 area 3
ip'> address 2!!1010123400>B>4
frame+rela* map ip 1"2.1>.3. >!3 5roadcast
frame+rela* map ip 1"2.1>.3.> >!3 5roadcast
2>#sh ip'> int 5rief
:E9!00>
2!!!01010100>
Serial!B!B! I(pB(pJ
:E9!00>
2!!101010100>
Serial!B!B1 Iadministrati'el* downBdownJ
$oop5ac) I(pB(pJ
:E9!00>
2!!!0>0>0>00>
Interfaces that are connected you should be able to ping the link locals
2>#ping ip'> fe9!003
6(tp(t <nterface0 fastethernet!B!
Sending A 1!!+5*te <14/ Echos to :E9!003A timeo(t is 2 seconds0
/ac)et sent with a so(rce address of :E9!00>
@@@@@
Sw10
interface #lan3
ip address 1!.3.3.1 2.2.2.!
ip'> address 2!!!020201234001B>4
stand5* ip 1!.3.3.24
stand5* priorit* 2
stand5* name #lan3
interface #lan1!
ip address 132.1>9.1!.1 2.2.2.!
ip s(mmar*+address eigrp 1!! 1!.!.!.! 2.!.!.!
ip'> address 2!!!010101234001B>4
Sw1#sh ip'> int 5rief
#lan1 Iadministrati'el* downBdownJ
(nassigned
#lan3 I(pB(pJ
:E9!001
2!!!020201234001
#lan4 I(pB(pJ
(nassigned
#lan I(pB(pJ
(nassigned
#lan> I(pB(pJ
(nassigned
#lan9 I(pB(pJ
(nassigned
#lan1! I(pB(pJ
:E9!001
2!!!010101234001
Sw20
interface #lan3
ip address 1!.3.3.2 2.2.2.!
ip'> address 2!!!020201234002B>4
stand5* ip 1!.3.3.24
stand5* name #lan3
#lan1 Iadministrati'el* downBdownJ
(nassigned
#lan3 I(pB(pJ
:E9!002
2!!!02020201234002
#lan4 I(pB(pJ
=nassigned
Tas4 % )@5Png*3 Enable &I0ng for networks on (w2 and (w<
Sw10
interface #lan3
ip address 1!.3.3.1 2.2.2.!
ip'> address 2!!!020201234001B>4
ip76 rip cisco enab!e ,3(is enab!es 4*P for t(is interface-
stand5* ip 1!.3.3.24
stand5* priorit* 2
stand5* name #lan3
interface #lan1!
ip address 132.1>9.1!.1 2.2.2.!
ip'> address 2!!!010101234001B>4
ip76 rip cisco enab!e
Sw1#sh ip'> rip
2</ process PciscoPA port 21A m(lticast+gro(p ::!2003A pid 234
%dministrati'e distance is 12!. 4a-im(m paths is 1>
=pdates e'er* 3! secondsA e-pire after 19!
Colddown lasts ! secondsA gar5age collect after 12!
Split horiEon is onV poison re'erse is off
7efa(lt ro(tes are not generated
/eriodic (pdates 3A trigger (pdates 1
<nterfaces0
$oop5ac)
#lan1!
#lan3
2edistri5(tion0
&one
Sw1#sh ip'> ro(te
</'> 2o(ting .a5le + entries
1odes0 1 + 1onnectedA $ + $ocalA S + StaticA 2 + 2</A ; + ;8/
= + /er+(ser Static ro(te
<1 + <S<S $1A <2 + <S<S $2A <% + <S<S interareaA <S + <S<S s(mmar*
6 + 6S/: intraA 6< + 6S/: interA 6E1 + 6S/: e-t 1A 6E2 + 6S/: e-t 2
6&1 + 6S/: &SS% e-t 1A 6&2 + 6S/: &SS% e-t 2
1 2!!!01010123400B>4 I!B!J
'ia 00A #lan1!
1 2!!!02020200B>4 I!B!J
'ia 00A #lan3
$ 2!!!02020201234001B129 I!B!J
'ia 00A #lan3
$ :E9!00B1! I!B!J
'ia 00A &(ll!
$ ::!!00B9 I!B!J
'ia 00A &(ll!
Sw20
interface #lan3
ip address 1!.3.3.2 2.2.2.!
ip'> address 2!!!020201234002B>4
ip76 rip cisco enab!e
stand5* ip 1!.3.3.24
stand5* name #lan3
SN2#sh ip'> rip
2</ process PciscoPA port 21A m(lticast+gro(p ::!2003A pid 234
%dministrati'e distance is 12!. 4a-im(m paths is 1>
=pdates e'er* 3! secondsA e-pire after 19!
Colddown lasts ! secondsA gar5age collect after 12!
Split horiEon is onV poison re'erse is off
7efa(lt ro(tes are not generated
/eriodic (pdates 11A trigger (pdates 1
<nterfaces0
#lan3
2edistri5(tion0
&one
SN2#sh ip'> ro(te
6&1 + 6S/: &SS% e-t 1A 6&2 + 6S/: &SS% e-t 2
2 2!!!01010123400B>4 I12!B2J
'ia :E9!001A #lan3
1 2!!!020200B>4 I!B!J
'ia 00A #lan3
$ 2!!!020201234002B129 I!B!J
'ia 00A #lan3
$ :E9!00B1! I!B!J
'ia 00A &(ll!
$ ::!!00B9 I!B!J
'ia 00A &(ll!
SN2#sh ip'> ro(te
6&1 + 6S/: &SS% e-t 1A 6&2 + 6S/: &SS% e-t 2
4 2))):1:1:1234::<64 C12)<2D ,3(is is a 4*P neto'r" !earne0-
'ia :E9!001A #lan3
1 2!!!020200B>4 I!B!J
'ia 00A #lan3
$ 2!!!020201234002B129 I!B!J
'ia 00A #lan3
$ :E9!00B1! I!B!J
'ia 00A &(ll!
$ ::!!00B9 I!B!J
'ia 00A &(ll!
SN2#ping 2!!!010101234001
Sending A 1!!+5*te <14/ Echos to 2!!!010101234001A timeo(t is 2 seconds0
@@@@@
S(ccess rate is 1!! percent (B)A ro(nd+trip minBa'gBma- D !B!B! ms
SN2#
Tas4 ( )ASP.v%*3 Ena$le 3(08*! area # between (w2 &! &" and &$. 8or
redundancy 3(08 should run o*er the Leased Ethernet and 8rame &elay.
SN10
interface #lan1!
ip address 132.1>9.1!.1 2.2.2.!
ip'> address 2!!!010101234001B>4
ip'> rip cisco ena5le
ip76 ospf 1 area ) ,3(is enab!es an 9SP@ process in *PV6-
Sw1#sh ip'> ospf data5ase
6S/:'3 2o(ter with <7 (132.1>9.1!.1) (/rocess <7 1)
%7# 2o(ter %ge Se?# :ragment <7 $in) co(nt ;its
1!.3.3.2 292 !-9!!!!!1 ! 2 &one
132.1>9.1!.1 29! !-9!!!!!!" ! 1 &one
132.1>9.1!. 29" !-9!!!!!!% ! 2 &one
132.1>9.1!.> 29 !-9!!!!!!3 ! 2 &one
%7# 2o(ter %ge Se?# $in) <7 2tr co(nt
1!.3.3.2 4>1 !-9!!!!!!4 21 3
132.1>9.1!.1 29" !-9!!!!!!3 2!"9 4
$in) (.*pe+9) $in) States (%rea !)
%7# 2o(ter %ge Se?# $in) <7 <nterface
1!.3.3.2 33! !-9!!!!!!2 4 #l1!
132.1>9.1!.1 >22 !-9!!!!!!2 2!"9 #l1!
132.1>9.1!. 23 !-9!!!!!!1 4 #l1!
132.1>9.1!.> 13"2 !-9!!!!!!1 4 #l1!
<ntra %rea /refi- $in) States (%rea !)
%7# 2o(ter %ge Se?# $in) <7 2ef+lst*pe 2ef+$S<7
1!.3.3.2 494 !-9!!!!!!3 ! !-2!!1 !
1!.3.3.2 4"3 !-9!!!!!!3 1!21 !-2!!2 21
132.1>9.1!.1 3"3 !-9!!!!!!2 3!"9 !-2!!2 2!"9
132.1>9.1!. 231 !-9!!!!!! ! !-2!!1 !
Sw1#
Sw1#sh ip'> ospf neigh5or
&eigh5or <7 /ri State 7ead .ime <nterface <7 <nterface
132.1>9.1!. 1 :=$$B726.CE2 !!0!!03 4 #lan1!
132.1>9.1!.> 1 :=$$B726.CE2 !!0!!033 4 #lan1!
1!.3.3.2 1 :=$$B;72 !!0!!033 4 #lan1!
Sw1#
Sw1#sh ip'> ro(te
</'> 2o(ting .a5le + 3 entries
6&1 + 6S/: &SS% e-t 1A 6&2 + 6S/: &SS% e-t 2
1 2!!!01010123400B>4 I!B!J
'ia 00A #lan1!
$ 2!!!010101234001B129 I!B!J
'ia 00A #lan1!
1 2!!!02020123400B>4 I!B!J
'ia 00A #lan3
$ 2!!!020201234001B129 I!B!J
'ia 00A #lan3
6 2!!!030303003B129 I11!B1J
'ia :E9!003A #lan1!
6 2!!!00000B129 I11!B1J
'ia :E9!00A #lan1!
6 2!!101010123400B>4 I11!B>J
'ia :E9!00>A #lan1!
'ia :E9!003A #lan1!
'ia :E9!00A #lan1!
$ :E9!00B1! I!B!J
'ia 00A &(ll!
$ ::!!00B9 I!B!J
'ia 00A &(ll!
Sw1#ping 2!!!030303003 (/inging some of the remote $oop 5ac)s)
@@@@@
S(ccess rate is 1!! percent (B)A ro(nd+trip minBa'gBma- D !B!B! ms
Sw1#ping 2!!!00000
@@@@@
S(ccess rate is 1!! percent (B)A ro(nd+trip minBa'gBma- D !B1B9 ms
Sw1#
230
interface $oop5ac)
no ip address
ip'> address 2!!!030303003B>4
ip76 ospf 1 area ) ,Anab!es t(is interface in 9SP@73 for *P76-
ip address 132.1>9.1!.3 2.2.2.!
ip ospf 1 area !
dela* 1
d(ple- a(to
speed a(to
ip'> address 2!!!010101234003B>4
ip76 ospf 1 area )
@
ip address 1"2.1>.3.3 2.2.2.!
no ip split+horiEon
ip ospf 1 area 3
ip'> address 2!!1010101234003B>4
ip76 ospf priority 2## ,3(ese comman0s use unicast to connect to t(e spo"es an0 gi7e t(em a priority of =ero '(ic(
0is;ua!ifies t(em from becoming a D4-
ip76 ospf neig(bor @A%)::#
ip76 ospf neig(bor @A%)::6
ip76 ospf 1 area )
frame+rela* map ip'> :E9!00 3! 5roadcast
frame+rela* map ip'> :E9!00> 3!> 5roadcast
frame+rela* map ip'> 2!!101010123400 3! 5roadcast
frame+rela* map ip'> 2!!101010123400> 3!> 5roadcast
23#sh ip'> ospf data5ase
6S/:'3 2o(ter with <7 (1!.3.3.2) (/rocess <7 1)
%7# 2o(ter %ge Se?# :ragment <7 $in) co(nt ;its
1!.3.3.2 11 !-9!!!!!1 ! 2 &one
132.1>9.1!.1 11 !-9!!!!!!" ! 1 &one
132.1>9.1!. 1" !-9!!!!!!% ! 2 &one
132.1>9.1!.> 1> !-9!!!!!!3 ! 2 &one
%7# 2o(ter %ge Se?# $in) <7 2tr co(nt
1!.3.3.2 >31 !-9!!!!!!4 21 3
132.1>9.1!.1 1" !-9!!!!!!3 2!"9 4
$in) (.*pe+9) $in) States (%rea !)
%7# 2o(ter %ge Se?# $in) <7 <nterface
1!.3.3.2 "1! !-9!!!!!!3 21 Se!B!B!.2
132.1>9.1!. 19>9 !-9!!!!!!3 > Se!B!B!.2
132.1>9.1!.> 1"12 !-9!!!!!!1 > Se!B!B!.2
1!.3.3.2 >19 !-9!!!!!!2 4 :a!B!
132.1>9.1!.1 94 !-9!!!!!!2 2!"9 :a!B!
132.1>9.1!. 2" !-9!!!!!!1 4 :a!B!
132.1>9.1!.> 1>!3 !-9!!!!!!1 4 :a!B!
<ntra %rea /refi- $in) States (%rea !)
%7# 2o(ter %ge Se?# $in) <7 2ef+lst*pe 2ef+$S<7
1!.3.3.2 "12 !-9!!!!!!3 ! !-2!!1 !
1!.3.3.2 "!> !-9!!!!!!3 1!21 !-2!!2 21
132.1>9.1!.1 >!2 !-9!!!!!!2 3!"9 !-2!!2 2!"9
132.1>9.1!. 13 !-9!!!!!! ! !-2!!1 !
23#
23#sh ip'> ro(te
</'> 2o(ting .a5le + 1! entries
6&1 + 6S/: &SS% e-t 1A 6&2 + 6S/: &SS% e-t 2
1 2!!!01010123400B>4 I!B!J
'ia 00A :astEthernet!B!
$ 2!!!010101234003B129 I!B!J
$ 2!!!01010123400>B129 I!B!J
1 2!!!03030300B>4 I!B!J
'ia 00A $oop5ac)
$ 2!!!030303003B129 I!B!J
'ia 00A $oop5ac)
6 2!!!00000B129 I11!B1J
'ia :E9!00A :astEthernet!B!
1 2!!101010123400B>4 I!B!J
'ia 00A Serial!B!B!.2
$ 2!!1010101234003B129 I!B!J
'ia 00A Serial!B!B!.2
$ :E9!00B1! I!B!J
'ia 00A &(ll!
$ ::!!00B9 I!B!J
'ia 00A &(ll!
23#ping 2!!!00000
@@@@@
S(ccess rate is 1!! percent (B)A ro(nd+trip minBa'gBma- D !B1B4 ms
23#ping 2!!!0>0>0>00>
Sending A 1!!+5*te <14/ Echos to 2!!!0>0>0>00>A timeo(t is 2 seconds0
@@@@@
S(ccess rate is 1!! percent (B)A ro(nd+trip minBa'gBma- D !B!B4 ms
23#
20
interface $oop5ac)
no ip address
ip'> address 2!!!00000B>4
ip'> ospf 1 area !
@
ip address 132.1>9.1!. 2.2.2.!
ip ospf 1 area !
d(ple- a(to
speed a(to
ip'> address 2!!!01010123400B>4
ip'> ospf 1 area !
ip address 1"2.1>.3. 2.2.2.!
ip ospf 1 area 3
ip'> address 2!!101010123400B>4
ip76 ospf neig(bor @A%)::3 priority 2## ,orma!!y 'e 0o not nee0 neig(bors on t(e spo"es but since 'e are connecting o7er
At(ernet too: it (e!p stabi!i=e t(e frame neig(bor re!ations(ip2-
ip'> ospf 1 area !
frame1re!ay map ip76 @A%)::3 #)3 broa0cast
frame1re!ay map ip76 2))1:1:1:1234::3 #)3 broa0cast
2>0
interface $oop5ac)
no ip address
ip'> address 2!!!0>0>0>00>B>4
ip'> ospf 1 area !
@
ip address 132.1>9.1!.> 2.2.2.!
ip ospf 1 area !
d(ple- a(to
speed a(to
ip'> address 2!!!01010123400>B>4
ip'> ospf 1 area !
ip address 1"2.1>.3.> 2.2.2.!
ip ospf 1 area 3
ip'> address 2!!101010123400>B>4
ip'> ospf 1 area !
frame+rela* map ip'> :E9!003 >!3 5roadcast
frame+rela* map ip 1"2.1>.3. >!3 5roadcast
frame+rela* map ip 1"2.1>.3.> >!3 5roadcast
frame+rela* map ip'> 2!!1010101234003 >!3 5roadcast
Tas4 )@edistri$ution*3 &edistribute 3(08*! and &I0ng on (w2 and ping test
from (w< to ensure all I0*$ networks are reachable
SN10
ip76 router ospf 1 ,4e0istribution is 0one from t(e *P76 routing process-
redistri5(te rip cisco metric+t*pe 1
@
ip'> ro(ter rip cisco
redistri5(te ospf 1 metric 2
Sw20
SN2#sh ip'> ro(te
</'> 2o(ting .a5le + 3 entries
6&1 + 6S/: &SS% e-t 1A 6&2 + 6S/: &SS% e-t 2
2 2!!!01010123400B>4 I12!B2J
'ia :E9!001A #lan3
1 2!!!02020123400B>4 I!B!J
'ia 00A #lan3
$ 2!!!020201234002B129 I!B!J
'ia 00A #lan3
2 2!!!030303003B129 I12!B3J
'ia :E9!001A #lan3
2 2!!!00000B129 I12!B3J
'ia :E9!001A #lan3
2 2!!!0>0>0>00>B129 I12!B3J
'ia :E9!001A #lan3
2 2!!101010123400B>4 I12!B3J
'ia :E9!001A #lan3
$ :E9!00B1! I!B!J
'ia 00A &(ll!
$ ::!!00B9 I!B!J
'ia 00A &(ll!
Day 4
% 3eat#res and Services
5P Tas4s
Tas4# )Distribute0 Director-:
There will be a 5istributed 5irector ser*er in the future on &$. Configure &$ for this
future implementation on 8#E# to The 5irector will need to accept the )TT0
connections appearing to be the requested web ser*er. The 5irector determines the
host name requested by the client based on the I0 address on which the )TT0
request arri*es.
Tas42 )Fe$ Cache service*3
.here will be a web%cache ser*ice in the future. Configure it so that &$ web users
will be redirected to a web%cache ser*er at 26<.2$@.2#.2##
5P 1nswers
Tas4# )Distribute0 Director-:
There will be a 5istributed 5irector ser*er in the future on &$. Configure &$ for this
future implementation on 8#E# to The 5irector will need to accept the )TT0
connections appearing to be the requested web ser*er. The 5irector determines the
host name requested by the client based on the I0 address on which the )TT0
request arri*es.
ip director access%group 2 !!!!!!!The 5P users are redirected to this 5P
ip director access%list 2 permit V^:::.V !!!!!! The interesting traffic $eing
redirected
ip director access%list 2 deny A/J
ip director enable!!!!!!!Ena$le 9irector
access%list 2 permit 26<.2$@.2#.$
access%list 2 deny any
Tas42 )Fe$ Cache service*3
.here will be a web%cache ser*ice in the future. Configure it so that &$ web users
will be redirected to a web%cache ser*er at 26<.2$@.2#.2##
&$-config.Hip wccp web%cache
&$-config.Hint f#E#
&$-config%if.Hip wccp web%cache redirect out
&$-config%if.H
Congratu!ations IIIIIIIIIIIIIIII Labs comp!ete0

Advanced Boot Camp Day 1 To 4

Hochgeladen von

Dokumentinformationen

Originalbeschreibung:

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Advanced Boot Camp Day 1 To 4

Hochgeladen von

Copyright:

Verfügbare Formate

Advanced Boot camp

To *erify the configuration>

Das könnte Ihnen auch gefallen