Disjointed Area 0 MPLS

The purpose is :
- Make R1 use MPLS to join area2 (router 3 included)
- Make R3 use backdoor to join area2 and backdoor + mpls to join Area 1
- Serial interfaces are unnumbered :

The Clue :
- Area 0 need to be extended via a virtual-link to PE4 to prevent summary lsa from area 0 to be rejected
- Virtual-link between R3 to PE5 could not be established as it's an unnumbered interface
- Without this second Vlink, R3 will prefer R2 to join R1-R2-R4 as the summary routes of area 1 received by R6 is a summary from a non-backbone area, R3 should ignore it as he is connected to backbone. The summary of area 1 received from the bacbkone is valid and installed in R3
- We need that the summary received from PE5 is also comming from backbone : We use GRE between PE5 and R3 to also extends area 0.
- Then we create a sham-link between both PE, to make routes from area 0 appears as intra-area and be prefered.
- Finally, interface serial between R2 and R3 should be configured with a low bandwidth to make tunnel the prefered routes.

Some tips :
- To prevent recursive routing with the gre, the source destination should be on the same area 2 as the tunnel itself will be on area 0 : as this we are sure source or destination will be prefered out of the tunnel as they will appear intra-area routes inside the tunnel.
-On R3 use a physical link for GRE source in order if the backdoor link goes down the tunnel will also goes down.

IP SLa

Some notes Regarding SLA :


On the responder Sides :

ip sla responder

Control message from the sender side will automatically ask responder to activate the asked responders (udp ports, tcp ports, ...)
If control is disabled a permanent responder could be configured specifying udp or tcp ports.


On the sender side :

Configuration of the monitoring with ip sla for udp-echo, tcp-connect, jitter ...
Scheduling of the task
Configuration of the alarms : based on syslog, for snmp traps it's necessary to activate trap for syslog messages :

ip sla reaction-configuration ...
ip sla logging traps
snmp-server enable traps syslog
snmp-server host

Optionnaly if the reaction type is also of trigger type, you could fire up another sla on a certain threshold

MPPPoFR + LFI

Principe
- A dual FIFO is created on the physical interface to interleave priority packet with fragmented packet

Prerequiste :
- Needs a service-policy with LLQ
- Needs FRTS on the serial interface
- Configure a Virtual-template with ppp multilink interleave and ppp multilink fragment.
- Optionnaly ppp multilink multiclass should be activated if there is multiple links.

To know :
- The configured delay is used by IOS to calculate the fragment size. (in this case 128/8 = 16kb)
- The serialization delay will be calculated according to the physical link speed (in this case 16/2000 = 8ms)
- In case of multilink, multiclass is needed in order to force priority packet to also have the MPPP header and be reordered.

interface Virtual-Template1
bandwidth 128
ip unnumbered Loopback1
ppp multilink
ppp multilink interleave
ppp multilink fragment delay 125
service-policy output QOS

interface Serial0/0
no ip address
encapsulation frame-relay
no keepalive
clock rate 2000000
frame-relay traffic-shaping
frame-relay interface-dlci 102 ppp Virtual-Template1

sh ppp multi

With a single link :

Virtual-Access3
Bundle name: Router
Remote Endpoint Discriminator: [1] Router
Local Endpoint Discriminator: [1] Router
Bundle up for 00:34:33, total bandwidth 256, load 3/255
Receive buffer limit 24384 bytes, frag timeout 1000 ms
Interleaving enabled
0/0 fragments/bytes in reassembly list
0 lost fragments, 0 reordered
0/0 discarded fragments/bytes, 0 lost received
0x6C8 received sequence, 0x891E sent sequence
Member links: 1 (max not set, min not set)
Vi1, since 00:34:33, 2048 weight, 1496 frag size
No inactive multilink interfaces


Router(config-if)#do sh int s0/0
Serial0/0 is up, line protocol is up
Hardware is GT96K Serial
MTU 1500 bytes, BW 1544 Kbit/sec, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation FRAME-RELAY, loopback not set
Keepalive not set
CRC checking enabled
LMI DLCI 1023 LMI type is CISCO frame relay DTE
FR SVC disabled, LAPF state down
Broadcast queue 0/64, broadcasts sent/dropped 0/0, interface broadcasts 0
Last input 04:04:29, output 00:00:04, output hang never
Last clearing of "show interface" counters 04:04:27
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: dual fifo
Output queue: high size/max/dropped 0/256/0




With Multilink multiclass :

interface Serial0/0
no ip address
encapsulation frame-relay
no keepalive
clock rate 2000000
frame-relay traffic-shaping
frame-relay interface-dlci 102 ppp Virtual-Template1
frame-relay interface-dlci 103 ppp Virtual-Template1
no shut


interface multilink1
ppp multi multiclass
band 128
ip unnumbered Loopback1
ppp multilink interleave
ppp multilink fragment delay 125
service-policy output QOS

int virtual-template 1
ppp multilink group 1

Virtual-Access4
Bundle name: Router
Remote Endpoint Discriminator: [1] Router
Local Endpoint Discriminator: [1] Router
Bundle up for 00:02:59, total bandwidth 256, load 1/255, 2 receive classes, 2 transmit classes
Receive buffer limit 24384 bytes per class, frag timeout 1000 ms
Interleaving enabled
Receive Class 0:
0/0 fragments/bytes in reassembly list
0 lost fragments, 0 reordered
0/0 discarded fragments/bytes, 0 lost received
0x40 received sequence
Receive Class 1:
0/0 fragments/bytes in reassembly list
0 lost fragments, 0 reordered
0/0 discarded fragments/bytes, 0 lost received
0xBBB received sequence
Transmit Class 0:
0x37 sent sequence
Transmit Class 1:
0x6D sent sequence
Member links: 2 (max not set, min not set)
Vi1, since 00:03:01, 2048 weight, 1496 frag size
Vi3, since 00:03:00, 2048 weight, 1496 frag size
No inactive multilink interfaces



http://www.cisco.com/en/US/docs/ios/wan/configuration/guide/wan_frque_frag_if_ps6350_TSD_Products_Configuration_Guide_Chapter.html

http://blog.ine.com/2008/01/26/ppp-multilink-interleaving-over-frame-relay/

IPEXPERT Vol3 Lab 10

Troubleshooting

Ticket 4 Vrf leaking

The purpose was to interconnect 2 ospf area0 thrue another router that shoudn't be aware of those routes without GRE.
Solution is VRF. I used one vrf on the middle routers, put the interface interconnecting the domains on the vrf and an ospf process. The routes then appears as intra-area whereas it was asked to be inter-area. The solution for it :

- 1 vrf by domain
- 1 ospf process by domain redistributing bgp
- Vrf leaking between both vrf with import/export route-targer
- Redistributing of bgp<->ospf of each Vrf.


Configuration
Task 2.5

Use of community local-as : use in a confederation, permits to advertise only inside the local-as and not to ebgp peers nor ebgp inside the confederation.

Task 5.1

AAA authentication.
Usually, the list of methods used for authentication is used in order if the first fails it uses the second. Fails means no answer and not an authentication failure due to missing user or wrong password.
It seems that there is an exception with local. If local is put first it will first try local if wrong password the process stop. But if the user doesn't exist on local database it will goes to next :

username ccie password ipexpert
aaa authentication login default local group radius

Will authethenticate ccie locally, and use radius for others users.

IPExpert V3 Lab9

1.1 VTP pruning in transparent mode

A sh vtp status output show transparent mode with vtp pruning enabled.
Need to configure pruning in server then switch to transparent. Be careful if extended vlan are configured !

1.2 Load Balancing method over etherchannel

By default source mac.
The question was about being sure One host will not saturate one link. Load balancing source and destination IP was the key ( or the mac)

1.4 Layer 2 protection Task

The task asked about making part of the topology unknow to CE routers. Sould be implemented in 2 manners :
- 2 devices sould interconnect on 1 vlans that sould not be propagated on the network -> QinQ
A new vlan is attibuted to encapsulate the forbidden network on trunks links.
-R4 should be connected at Cat4 on vlan X, there is a switch between R4 & Cat4, the switch sould not know vlan X. Easy just with access ports:

R4 vlanX ------- vlan Y Cat vlanY ------ vlanX Cat4

1.7 Load-Sharing

By default equal-costIP load-balancing is done by CEF on a per-dest basis.
Could be configured per-packet

int C
ip load-sharing per-packet

2.7 BGP redistribution as-path

When redistributing local, if you want them appear from an as

st origin egrp as-path

3.3 L2VPN AToM

The purpose was about L2VPN over MPLS .
- Use xconnect with encapsulation mpls. The destination is the remote PE device and the circuit is identified by an identical id on boths sides.
- Needs LDP
- Could be done under subinterfaces.

4.0 Multicast VPN

Steps for multicast vpn :
-Configure provide network with PIM
-If pim-ssm is used the address-family mdt should be activated between PE to share PE source of the mdt tunnels.
-Configure multicast for each vrf : activate, and choose a unique mdt group adress for each multicast domain
-activate pim on the client side interface of the PE
-configure the multicast domain client side as usual.

The provider network is seen as a lan.

5.0 Parser view

- enable secret
- aaa new-model
- Go into enable view root
- Configure authentication login and authorization exec
- Configure the view
parser view XXX
commands exec include ping

6.3 VRF Aware NAT

Performing nat between a vrf and the global outside table is pretty the same as normal nat except :
- ip nat inside source ... should use the vrf keyword specifying vrf is inside
- A route leak should be configured from the vrf to the global routing table

ip route vrf VPNA 0.0.0.0 0.0.0.0 10.0.0.1 global.

Indicate inside the vrf that to goes out use 10.0.0.1 that is in the global RIB

IPExpert V2 Lab20

1.2 IRB

IP is the same on both vlan -> consider IRB.
Don't forget to active both commands to make the BVI up :

bridge 1 protocol ieeee
bridge 1 route ip

3.4 Default-Route in NSSA

NSSA -> default route is Type7 with area 40 nssa default-originate
Totally NSSA -> default-metric is Type 3

On the first case the metric could be defined adding a metric command after default-originate
On the second the metric used is the defined default-cost for stub/nssa default : 1
Could be changed with

area 40 default-cost X


6.2 Redistribution

Task to redistribute all Loopback to relevant protocol. As there redistribution is not transitive, we have to redistribute loopback on all the protocols used on a given router.

Don't forget when route-map is used on redistribute connected for only redistributing loopback, it will prevent any connected interface activated for a protocol A to be redistributed on protocol B. Route-map should be modified to also accept this interface.

7.3 BGP AS filtering

AS50 permits only directly connected clients of 102 to transit :
Understood that AS102 could use AS50 as transit and othe learned route from 102 could be learned but no used AS50 as transit. Match all other route than coming from 102 and tag as no-export.

Proctor solution was to accept 102 or 102 + 1AS and filter all other. regexp to match 102 + directly 102 connected AS

^102(_[0-9]+)?$

8.4 PBR + Tunnel

The task ask for a certain traffic between 2 BB to transit transparently :

-Create a GRE between egress and ingress tunnel
-Match the traffic
-PBR it to tunnel interface

9.2 Modifying COS to DSCP value.

Default values ares found on the doccd

mls qos map cos-dscp ....

11.2 prevent access to telnet to R2 except from R6. No config R2

I configured ACL on neighbor routers.
Solution guide configured Vlan ACL, wich is wrong as R2 as 2 serials.
Anyway VACL is a good way to think of it in other cases.

IPExpert V2 Lab18

5.3 EIGRP Timer

The task was to make eigrp warn about neighbor down half the default time.
That means hold-time of 7.5 s, but don't forget to change the hello time because the default 5s can cause instability.

Important things : in eigrp, hold-time could be different on each side because waht we configure on R1 for example means "Hello i'm R1, if you neighbor don't hear about me in X seconds i'm dead'

In ospf timers should be the same and changing hello will automatically change dead-time to x4


6.1 OSPF Loopback

Bonehead error : Forgot about what the guidelines asked " the prefix should apperas in RIB with original mask". I dumbly advertised loopback being /32 :
- change the ip ospf network type of lo0
- redistribute connected
- put lo0 on another area and summarize to the regular mask.

7.3 BGP Prefix length route filtering

The task was about filtering all prefixes having /24 or more prefix.
I've done the more but let go the /24 itself. As all routes were /24 I missed the point to find a way of summarize to /23 to let them enter !!

8.1 Time to wait before timeout a output telnet session

Play with syn timeout :

ip tcp synwait-time 5

8.2 default NTP stratum

Is 8 not 16. So 2 less than the default is 6. stupid error.

10.2 Policing on subinterface

MQC policing on subinterface is permitted. The other way the design guide choose is too apply on interface and match the subinterface vlan.

A simple recall it's queueing techniques that are not allowed on subinterace (LLQ and CBWFQ). To make this works you need to apply shaping on a default-class and nest a LLQ OR CBWF policy-map on it

11.3 Rate-limit Mcast

I configured it with mqc. Can also use ip multicast rate-limit

IPExpert V2 Lab19

2.2 OSPF Max LSA

Only configured max-lsa 1000 wich will by default stop adjacency for a certain amout of time whereas only warning was asked when 1000 is reached :

max-lsa 1000 warning-only 100

5.1 IPv6 Multicast

A simple rp static ipv6 multicast task, BUT the joined group was a non-ipv6 interface ! Have to enable ipv6 on mcast joined group even if no ip is configured

int f0/0.21
ipv6 enable
ipv6 mld join FF15::2

5.2 SSM Multicast

- As the joined-group is set on the vlan, we need to enable igmp on the downstream router interface to process the join message. (remember there is no RP to report the source)
- Doesn't seems to work with IGMP v3lite need IGMP version 3

8.3 3560 Queue-set configuration

IPExpert V3 Lab8

Troubleshooting

Ticket 6

Classical EIGRP<->OSPF loop :

- Filter with tagging
brings with suboptimal that could be resolved by
- increasing ospf distance for other 'mutual redistribution router' to somethig more than external eigrp.


Ticket 9 L3 VPN

The Workbook comes with a problem I don't have because I corrected suboptimal routing :

A PE loopback is learned from ospf on a partial-mesh NBMA network hub which prevent label switching for it because the next-hop is the spoke and the ldp neighbor advertising the label is the hub router.
show ip cef, show no label for the PE loopbakc prefix.
Make the prefix learn by eigrp is a workaround.
Another if we want it work on NBMA : goes with point-to-multipoin ospf type network. The hub will be the next-hop, so it will match the ldp neighbor address.


Ticket 10 RP

The BSR/RP is not learned. Still a problem of RPF. The pim enabled interface is not the RPF interface for the RP address. Change it by advertising the RP in EIGRP or play with distance to make eigrp prefered for the RP address.


Configuration
1.6 IPhones

The purpose was to configure both access vlan and voice vlan in one command.
This was a good time to use pre-defined cisco macro command listed with

sh parser macro

The one to use is cisco-phone :
sh parser macro name cisco-phone to discover how to use it :
And to apply on it do :
macro apply cisco-phone $access_vlan X $voice_vlan Y

1.7 Private vlan

Don't forget to map secondary vlans on SVI and to set routers on the vlan as promiscious :


vlan P
private-vlan primary
vlan I
private-vlan isolated
vlan C
private-vlan community
vlan P
private-vlan association C,I
int vlan P
private-vlan mapping C,I
int I
sw mode private-vlan host
sw private-vlan host-association P I
int C
sw mode private-vlan host
sw private-vlan host-association P C
Int R
sw mode private-vlan promiscious
sw private-vlan mapping P add C,I

2.0 MPPPoFR

A Reminder on all kind of Multilink :

MLPPP with Multilink interface

int s0/0
encap ppp
ppp multilink group 1

int s0/0
encap ppp
ppp multilink group 1

Int Multilink 1
encap ppp
ppp multilink group 1
Where goes IP and stuff.

MLPPP with Virtual-template

multilink virtual-template 1
int s0/0
encap ppp
ppp multilink

int s0/0
encap ppp
ppp multilink

Int virtual-template
encap ppp
ppp multilink
Where goes IP and stuff.

The difference with Multilink is that virtual-template will be cloned in virtual-access and can create multiple bundle all with same IP !!! a kind of multipoint PPP.
Example 2x2 serials arriving on a router, the 4 serial on the hub router call one VI interface, the 3 routers will use one subnet between them.
PPP will installed a /32 for each peer.

Multilink frame Relay FR16

Permits to use multiple physical link as one Frame-relay bundle

int mfr1
IP stuffs and frame-relay mapping goes there
int s0/0
encap frame mfr 1
int s0/1
encap frame mfr 1

MPPPoFR with virtual-interface
permits to use multiple DLCI on one interface

Like for PPP with virtual-interface but the VI is called with

frame-relay interface-dlci DLCIx ppp virtual-template 1
frame-relay interface-dlci DLCIy ppp virtual-template 1

Point-to-multipoin is still available as the IP of the VI will be replicated on each bundle.

int virtual-template 1
encap ppp
Where ip stuff goes

WRONG WAY :

MPPPoFR with multilink

Not very interesting as configuration is much the same as for Vi but only permits point-to-point :

frame-relay interface-dlci DLCIx ppp virtual-template 1
frame-relay interface-dlci DLCIy ppp virtual-template 1

int virtual-template 1
encap ppp
ppp multilink group X
Where ip stuff goes

Information of Bandwidth for routing protocol will goes on physical if Multilink interface is used or on virtual-template, the bundle will be the addition of the physical or the vi interface.

IP on a virtual-link could prevent OSPF to make adjacency or exchange routes, use unnumbered on the VI and the real IP on a loopback.

3.2 Interconnecting 2 EIGRP AS

Easy task but missed it : Gre tunnel

3.5 redistribution

- Mutual redistribution between OSPF and EIGRP, make one router better for output and other for input. Play on redistribution metric on both. Be carefull a router also learn route by RIP making it better than external eigrp. need to change metric of external eigrp to 109.

5.1 BGP Redistribution of ospf.

- Redistribute only our network into bgp by filtering with ACL on the RR. Be carefull to also include external routes
- Border router will summarize to external neighbor (preventing to redistribute also connected routes of border). Those summarization should be filtered back to inside.
- Border router will import external routes with no-export community.
- To choose default prefered route. Set local-preference in order of preference and make distance of BGP for default prefered over others protocols.

7.0 NAT

Nat task Was ok, but forget to redistribute the Pool into IGP for the return routes be knonw by neighbor.

IPExpert V3 Lab7

Troubleshooting

Difficulties with an inter-as mpls peering, option C like, using bgp to exchange label for bgp routes.

Configuration

1.5 PPPOE with DHCP reservation

Multiple ways to assign IP in PPP/PPPOE:

Client Server
IPCP (ip add negot) Local pool (peer default ip address pool )
dhcp pool (peer default ip address dhcp-pool )
DHCP (ip add dhcp) dhcp pool (nothing)

For manual bindings, user full dhcp version : a host pool should exist and client should be configured with client-identifier
Client
ip address dhcp client f0/0

Server
ip dhcp pool R1
host 10.1.1.1 /24
client-identifier 01+mac-adress of client F0/0

For IPCP you could force client to request mask
PPP ipcp mask request on client
ppp ipcp mask 255... on server

If Vrf is used the pool should be configured with vrf command

3.2 BGP loop because of RIP summarization

RIP summarize a route. Later it's asked to redistribute RIP in BGP, this cause a loop with summary. The summary has to be filtered in redistribution to BGP

4.4 AS Override

Took a while to find again this command that permits the PE to override originator AS by this OWN (in case every vpn site use the same AS, loop prevention will prevent to re-enter)
Another solution could be allow-as in on CE.

5.3 MSDP Oringiator

MSDP orignator id in case of anycast has to be set to the anycast address.
Took a while to discover that I should another route for multicast between to AS as direct link for not allowed for multicast

7.1 NTP multicast

On server side
int
ntp multicast group

On client side
int
ntp multicas client group

IPExpert V3 Lab6

Not so difficult labs, but some bonehead errors

- forgot the mapping of itseld on ipv6 Frame-Relay map
- forgot mtu-ignore on the router side and for ipv6
- Gone with making multicast answering with MPBGP whereas the task didn't ask for it.
- To secure logins attemps in ssh I used 'login block-for' commands proctor user ip ssh max-attemps and timeout commands wich is better as login-block prevent from retrying with another tcp session but you could retry on same connection.

IPExpert V2 Lab17

1.1 Vty timeout

Bonehead error, timeout for vty is exec-timeout and not session-timeout used for physical

2.5 Fallback bridging

Not available on dynamips but permits to bridge between 2 vlan for non IP protocols :

bridge 1 proto vlan-bridge
int vlan X
bridge-group 1
int vlan Y
bridge-group 1

4.0 Cisco RIP timer

Task was about disabling the Cisco defined RIP timer, which is holdown :
timers basic 30 180 0 180

4.3 Forbidden RIP to accept routes from future gateway

I used a distribute-list or offset-list, other solution was a distance default of 255 except for the current neighbor.

6.3 OSPF

DR/BDR election timeout : configured by the dead-intervall timer !
Make an ospf neighbor prefered without using cost or bandwidth : AD of course :

distance 109 gateway acl

6.4 OSPF Misc

LSA expiration in DB : configured by pacing on lsa-group

No Null0 with summarization : no discard-route

7.0 BGP

An AS with 2 routers peered with iBGP, each as one eBGP peer, sync and IGP redistribution is forbidden.
Due to sync rule, an iBGP learnt route will not be installed if it's not learnt by an IGP. So eBGP learnt root from one routers will no be learnt by the other thrue iBGP. The solution is using confederation, as sub-as peering become eBGP like peering.


7.5 BGP Community override

The task was to prevent prefix to be sent out of AS (no-export community) except for one router. Only way to do that is re-write the prefix on inbound for this router (internet community)

IPExpert V3 Lab5

Troubleshooting
Ticket 1

Spent some time figuring out why IP of the frame relay where /32 -> The network type was point-to-multipoint nonbroadcast so the /32 is learned from elswhere. As it was forbidden to change IGP we see that the problem is multihop with ebgp connection.

Ticket 4

PG set the distance of BGP mulitcast to be prefered, this seems a bit unusefull as there is no RPF tie because no PIM on the interface use for Unicast.

Ticket 7

Sham link to make MLPS prefered path :

-Ospf domain-id should be set in order the routes be IA.
-Shame link is done between 2 loopback own by the VRF and redistributed on the BGP vrf.
-The loopbakc could be filtered toward OSPF VRF.

Configuration
1.3 PPP secured without CHAP

Only EAP
ppp authent eap
ppp eap identify (no default identity in EAP)
ppp eap password
ppp eap local (to use local username database

1.5 Catalyst Interface tracking

Permits to group multiple 'server interface' (downstream) with uplink interface (upstream) for redundancy purposes. When all upstream are down, downstreams are shut.
In this case the purpose was to err-disabled some links when uplinks are unavailable.

int Uplink
link state group 1 upstream

int ToServer
link state group 1downpstream

link state track 1

2.4 Redistribution

Tricky redistribution scenario. Follow those pinciples :
-Don't forget 170 external AD of EIGRP wich prevent external be preferes
-RIP areas were stub. Playing with distance >170 for external routes and 120 for rip routes prevent a lot of problems
-Between eigrp and ospf as there is mutual redistribution, filtering with tag is necessary. Proctor use a tag of the advertising router.

3.5 OER/PFR

Setting oer/pfr network component is ok, others phase less :

Profile : choose the optimized traffic
Measure : monitor the traffic and give threshold
Control : choose the way to play on best route.

Everything is done on master thrue an oer-map

oer-map TEST
match traffic-clas .... (profile)
set delay threshold ... (measure)
set active-probe ...
set mode route control (control, bgp)
set mode router metric bgp local-pref ..)

To review

IPExpert V2 Lab16

1.0 TCP header-compression

Bonehead error, used UDP compression and forgot to specify frame-relay before ip tcp header-compression.

Verify with show frame tcp header-compression

4.6 IPV6 Multicast RPF

Spent some times resolving an RPF issue. BSR was refused because announced from an interface that was not the RPF interface (because pim was disabled on the RPF int)
Wanted to plays with MPBGP of ipv6 multicast but rules for RPF are differents thant ipv4 :

-No Ipv6 unicast bgp check by default
- longest prefix is choosen in unicast and multicast tables of all routing tables
- Best AD is choosed in case of tie

So BGP IPV6 multicast AF is not prefered as it's the case in IPV4. Need to modify the AD of the IPV6 multicast AF and it works !

6.4 Inter AS MPLS

Did not remember the command to accept prefix with a route-target not attached to a VRF :

no bgp default route-target filter

7.2 RSVP signalling tag with DSCP 46

I used service-policy.
Simlpler :

ip rsvp sig dscp 46

IPExpert V2 Lab15

3.2 BGP No-export

Bonehead error, I set the community via route-map on the aggregate adress but forgot the send-community ower the neighbor.


6.2 MPLS Label Filtering

New way (don't forget to disable mpls ldp advertise-labels for the ACL works, else everythin will be authorized):

mpls ldp advertise-labels for ACL_num
no mpls ldp advertise-labels

Old style (defining oldstyle means only what is on acl is authorized)

mpls ldp advertise-labels for ACL_num
mpls ldp advertise-labels oldstyle

6.3 Broken LSP

Loopback 5 of router 5 is /24 but ospf advertised it with a /32 as it's loopback.
The problem is R5 have only the /24 in its routing table and will then advertized a label for the /24. Other network will have a route to the /32 with no mls label toward R5 and do a broken LSP.

this could be verified with show mpls forward :
Local Outgoing Tag Prefix
Tag
20 Untagged 100.23.5.5/32

After loopback is set to point-to-point ospf network type
Local Outgoing Tag Prefix
Tag
20 Pop Tag 100.23.5.0/24

2nd Point,

On a NBMA network, the next-hop of a speak network will be the speak, but there will be no LDP relationship between speaks, so no labels for the speak network. The idea is to force the Hub to reset the next-hop to self in order to match the peer of the advertised label. Or to add a route to speak network to the hub, the best-route next-hop will then match the label advertised by the hub.


7.6 As-override and Site Of Origin

The task was about customer of AS 100 always using AS18 in loop-free manner.
I only configured allow-as 1 on customer side.

Proctor use a Service Provider side solution :
AS-override in order all routes be from AS18 be replaced by the AS 100. As customer are in AS 18 incoming routes from 100 will be accepted creating routing loop.

Using Soo prevent it in cse of multihoming
Incoming route of a site is tagged on the PE
route-map SoO permit 10
set extcomm soo 100:18
neighbor x.x.x.x SoO in

It will automatically prevent the same SoO to re-enter in the same site.

8.4 Identd

Even with doccd didnt found this : it's about telnetting to 113 and know which port my others connection to this router use.

IPExpert V2 Lab14

3.2 PPP Authentification with MPPP

Authentification pap or chap should be done on physical and not on the mu1 or virtual-template interface !! -> Wrong event if Proctor apply it on physical it's ok to put it on multilink interface or virtual-template.

4.4 OSPF Max-metric

The task was about making ospf wait for BGP to converge before advertising links for a maximum of 600 second of wait time.

The idea is to use the max-metric command to make the generated lsa the least prefered until bgp has converged :

max-metric router-lsa on-startup wai-for-bgp

5.1 BGP new configuration style

was just about configuring the peers inside the IPV4 AF.

12.3 filtering Imported route into a VRF

I used a route-map on the neighbor in the VPNv4 family but it's not scalable as it will filter the prefix for all VRF (not a problem in this case because there's one but in real life ...)

Filtering with route-map could be done inside the vrf with

ip vrf ccie
import map ROUTE-MAP-NAME

IPExpert V2 Lab13

1.0 PVC Bandwidth

Was only about setting bandwidth information for routing protocol and no Traffic shaping

3.1 DCE Clocking

to see wich side is DCE/FT
sh controller serial
The clock rate is set only on DCE side.
On dynamips both sides are DCE

6.2 BGp Aggregation

Bonehead mak error!

IPExpert V3 Lab4

2.1 Unicast RIP

Using neighbor was the right way, but to prevent multicast I used access-list a simpler way was to make the interface passive. Neighbor command override the passive. Network is also needed


2.3 EIGRP Weight

A bit of recall :

Metric order with set metric command is : bandwidth delay reliabiliy load mtu
K order for weight command is : TOS K1(bandwidth) K2(load) K3(delay) K4(reliability) K5(mtu)

5.2 QOS on subinterface

I used hierarchical policy-map to apply CBWFQ on a fast-ethernet sub-interface.

Other solution was to apply on physical and match the vlan of the subinterface :

class-map PIN
match dscp af31
match vlan 211

6.3 Activate ssh

crypto key generate rsa
ip domain-name ipexpert.com

line vty 0 4
transport input telnet ssh

6.4 Archive Backup

Permits to perform backup of running-conf on a regulary basis or when a running-conf is done, and keep a revision history.

archive
maximum 10
path flash:backup
time-period 30
write-memory


show archive

IPExpert V3 Lab3

2.3 OSPF

- On Area 2223, with R7-BB2-BB3 on a broadcast network, in preceding task we prevent any layer2 BB2 to BB3 communication we must then be sure that R7 is the DR
-On R6 attached to multiple areas a virtual-link is needed to an area 0 router, even if others areas are connected to area 0.

3.1 BGP

This task is about distributing connected interface with minimal conf and appearing as IGP.
Network is a solution but doesn't use minimal conf :
redistribute connected with a route-map setting origin as igp

4.1 Inter-domain Multicast

Multiple PIM domains are interconnected via MSDP.
In order interdomain multicast work, I activated pim sparse-mode along the path between inter-domain.
Proctor didn't do that, He advertise the multicast sources on a BGP multicast adress family.

5.1 Filter PIM and BGP active-passive

I only used ACL to filter PIM and to force the way BGP is initiated between 2 routers. Other solution :
- ip pim neighbor-filter ACL
-router bgp xXX
neighbor x.x.x.x transport connection-mode passive

6.2 Netflow

Forgot the ip flow ingress on the interfaces.

IPExpert V3 Lab2

Task 1.3 : MST -3

Question was about minimal impact STP : means minimal instance.
But Vlan 1314 is only on one link that could be blocked if one instance because not connected to the root. Assuming Cat3 could assist Cat2 in root role, we'll use an instance with Cat3 as root for vlan 1314.

Task 2.4 : EIGRP

The goal was to summarize without Null route.
I used static with redistribute.
Proctor solution is used summary-address command with distance of 255 wich prevent IOS from installing a Null0.

IPExpert V2 Lab12

Task 7.2 GRE Tunnel,

A bonehead error, I created another eigrp process for the GRE tunnel wich simplify the task :
-don't need to filter the GRE network in order to not see it on the ospf network
-no problem with recursive routing as loopback are not redistributed thrue the tunnel.

For the loopback, I add the loopback on routing process, proctor redistribute static with filtering. With this method no recursive routing problem as R9 loopback is seen thrue the tunnel as external making the ospf the prefered route.

In my solution as R9 loopback is internal to eigrp I needed to set distance on R5 to make ospf the prefered route.

Task 9.3 IP services

I configure NAT, the answer seems to be mobile ARP but not sure it's still in v4 BluePrint

IPExpert V2 Lab11

Task 2.1 VTP pruning

Forgot to activate pruning missing the phrase 'ensure broadcast frames withtin any given vlan are not sent to switch that don't have access port in that vlan'

Task 5.4 Eigrp Tuning

Forgoten task : prevent SIA process after 300 seconds

timers active-time

Wrong task : drop routes from inactive neighbors after half the default value.

I configured an hold-time of 90 as default for NBMA is 180se
The question was more about to use NSF, permitting using during a normal nsf enabled neighbor failure (restart or maintenace) . default is 240s. to configure it
timers nsf route-hold 120
or
timers graceful-restart purge-time 120

Task 6.1 RIP

Forgotten task : RIP updates should be sent to the broadcast adress :
ip rip v2-broadcast

Task 8.6/7 BGP

Advertising same networks throught 2 different as in AS 567 make one preferable. I manipulate AS_PATH. other solutions was:
- Setting a local preference on input ebgp.
- Setting a weight on all routers of the as 567
- Setting a med with the options of ignoring as-path and always comparing med (because coming of differents as)

Aggregate an adress without routing loops :
- Filtering where the route is propagated (my solution)
- Setting as-set in order the route be automatically filtered from when the more specifics routes come from.

Task 9.2 MPLS VPN

As i used ospf between PE-CE and CE was using vrf I needed to activate vrf-lite capability on CE ospf process in order the coming routes from the PE be accepted. A PE router will set DN or domain-tag in order another PE on the same segment not reinject the route. So a PE will not accept lsa with dn or domain-tag set. As the CE has vrf activated it's considered PE and will not accept any ospf route from the PE. vrf-lit permits to disable this check on the CE

IPExpert V2 Lab9

Task 1.1 Tag native vlan

To override the fact that native vlan is not tagged in 802.1q, use the global command :

vlan dot1q native vlan

To not use A trunk even if you need 2 vlan to be used on a link, use voice vlan.

Task 3.5 Default route without any routing protocol

I used DHCP between R9 and BB3 in order to send a gateway.
The protocol used odr.

Task 4.2

R2 will redistribute osfp into BGP but, the redistributed need to only be sent to eBGP neighbor.
I filtered locally generated routes toward iBGP neighbor.

Protocol use another solution :
On redistribution to BGP it set a community for ospf routes. This community is filtered toward iBGP neighbor :

router bgp 245
redi ospf route-map FROMOSPF
neighbor 100.0.0.6 route-map TO6

route-map FROMOSPF
set community 100:100
route-map TO6 deny
match community 1
route-map TO6 permit
ip community-list permit 100:100

Task 4.5 Specific BGP dampening

When setting specific dampening for a route, it should be set with the set dampening command under the route-map and bgp dampeing route-map command.

Task 5.2 SSM

The goal was to permit only one source to ping a group joined on R6 without any filtering.
The solution was on R6 to join a group with a specific sender and use SSM :

ip igmp join-group 236.6.6.6 source 100.0.0.2

As default SSM group is 232.0.0.0/8
the command ip pim ssm range 236.6.6.6 was needed in order to change the default SSM group.

Task 6.1 Dhcp option TFTP

I used tftp option 150 whereas protocol use 66.
66 is the rfc one and allow on tftp server whereas 150 permit more than on address

Frame Relay Traffic Shaping Summary

GTS

- Interface/subinterface level (no pvc level)
- Internal shaper is WFQ
- Could be used with WFQ/PQ/CQ at interface level

interface Serial0/0/0:0.1 point-to-point
ip address 177.0.112.1 255.255.255.0
traffic-shape rate 512000
traffic-shape adaptive 256000
traffic-shape fecn-adapt
frame-relay interface-dlci 112


Legacy FRTS

- Enabled with frame-relay traffic-shaping
- PVC granularity
- Default to 56k/125ms once activated
- Could be used with WFQ/PQ/CQ per PVC
- Could not be used with WFQ/PQ/CQ at interface level (if FRF.12 2 dual fifo is enabled at interface level)
- Could use FRF12 of the map-class, per VC fragmentation

map-class frame-relay SHAPE_384K
frame-relay cir 384000
frame-relay bc 3840
frame-relay be 0
frame-relay adaptive-shaping becn
frame-relay adaptive-shaping interface-congestion
frame-relay fair-queue

interface Serial 0/0/0:0
frame-relay traffic-shaping
!
interface Serial 0/0/0:0.1
ip address 177.0.112.1 255.255.255.0
frame-relay interface-dlci 112
class SHAPE_384K



MQC based FRTS

- Needed for Voice-Adaptive Traffic Shaping
- Could use FRF 12 at interface level (for all vc of the interface)
- Incompatible with the command frame-relay traffic-shaping

policy-map CBWFQ
class VOICE
priority 64
class DATA
bandwidth 128
class class-default
fair-queue

policy-map SHAPE_384K
class class-default
shape average 384000
shape adaptive 192000
service-policy CBWFQ

map-class frame-relay SHAPE_384K
service-policy output SHAPE_384K

interface Serial 0/0/0:0.1
ip address 177.0.112.1 255.255.255.0
frame-relay interface-dlci 112
class SHAPE_384K


MQC based Class based traffic shaping

- Use map-class
- Incompatible with frame-relay traffic-shaping
- Incompatible with adaptive shaping
- Use service policy with shaping configured on default-class or by pvc matching a dlci
- CBFWQ could be used to child policy
- FRF.12 is applied at interface level

policy-map CBWFQ
class VOICE
priority 64
class DATA
bandwidth 128
class class-default
fair-queue

policy-map SHAPE_384K
class class-default
shape average 384000
shape adaptive 192000
service-policy CBWFQ

interface Serial 0/0/0:0.1
ip address 177.0.112.1 255.255.255.0
service-policy output SHAPE_384K
frame-relay interface-dlci 112

IPExpert V3 Lab1

Task 2.2 CHAP Authentication with same hostname

By default chap refuse to authenticate both sides with same hostname

no ppp chap ignoreus is the magicall command that authorize that.

Task 2.5 MPLS

The missed task was to configure ldp authentication without "mpls ldp neighbor password" command.

Ways to configure LDP password :

Neighbor by neighbor
mpls ldp neighbor X.X.X.X password pass

For neighbor in an acl with multiple options :
mpls ldp password option X for ACL_NUM1 pass
mpls ldp password option Y for ACL_NUM2 pass

If not specifically defined try this password, else no password.
mpls ldp password fallback pass

Password could be required for all peer or peer in an acl
mpls ldp password required
mpls ldp password required for ACL_NUM


Task 3.5 RIP

Mask was different between 2 adjacents due to IPCP adress negotiated. Need the command "no validate-update-source'

Task 3.5 EIGRP load-sharing

When eigrp load-balance between same cost multi-past or different cost multi-path. The load-balancing done by CEF could be configured (default is per-destination) :

ip load-sharing per-parcket
ip load-sharing per-destination

IPExpert V2 Lab8

Task 3.2 RIP Triggered update

Can only be used on point-to-point interface and need to be configured on both sides.

Task 3.2 Redistribution

It seems that using the command distance distance neigbhor with eigrp only affect internal route.
Whereas in ospf it affect all routes


Task 3.2 MPLS Tag of default-route

The command mpls ip default-route permit to tag a default-route if neighbor has advertised one in it's routing table and advertized a label for it.



Task 6.2 Bidir

Task was to use exclusively shared tree
My solution was to put an spt-threshold of infinity but in this case the source to SPT is a source-tree.
Exclusively shared is the fac of bidir.

Just add :
On all routers
ip ipm bidir-enable
On R8
ip pim rp-candidate lo1 bidir

Task 7.4 NTP

When filtering who ntp server can server don't forget 127.127.7.1 which is used by master to sync with himself

Task 9.2 Finding TCP/UDP port

A good command to know is : sh ip nbar port-map

Task 9.3 FRTS

Access-rate or burst-rate is Be+Bc every Tc.
Ex CIR =64k and Access-rate=96k for 20ms
Bc=1280 be=640
I've done wrong calculating be independantly of bc (setting be to 1920 so an access-rate to 160kb)

IPExpert V2 Lab7

Task 2.2 Frame-relay Wan

don't why, instead of using a multipoint fr interface to create hub & spoke I use 2 pt-to-pt bridged on the hub. The way the task was formulated make me wrong

Task 3.1 RIP

Read to quickly, use RIP v2 instead of v1

Task 5.5 Redistribution

The solution guide redistributed all connected routes. On my solution redistributing between protocols is enough. On R8 I activate ospf in passive mode where no peer.

Task 9.2 Xml Logging

Forgot to enable it only for error

loggin monitor xml errors

Task 9.3 Optimize tcp connection to send multiple character on one frame

service nagle
(Basic system management on DocCD)

IPExpert V2 Lab10

2.1 Spanning-tree etherchannel guard

Spanning-tree etherchannel is automatically activated to erredisable ports when ehterchannel misconfiguration is detected. To only display a message but no errdisable :

no spanning-tree ethernchannel guard misconfig

2.4 Telnet to switch

Forgot default-gateway !

2.6 Frame-relay multilink

Quite simple :

int mfr XX

int s0/0
encap frame-relay mfr XX

Some timers could be set with frame-relay multilink command under the physical interface
Hello : 10s
Ack :4s
Retry :2

5.0 EIGRP

The purpose was to make a route muche more better by a router by setting a high delay on interface and on redistribution on one of the router.

Reported distance was so high that impossible to load-balance with variance.

Solution 1 : change the delay on the other router (with delay X on interface and during redistribution)
Solution 2 : don't take into account the delay parameter (metric weigh 010000)

13.1 QOS

Configured a priority queue but the words 'configure a strict queue unless there is more than 1Mbps' is more an LLQ

13.2 General traffic shaping

Must be configured directly on physical interface with
traffic-shape rate ...
traffic-shape fecn-adapt

GTS apply for all VC on the physical interface whereas FRTS
I used FTRS (frame-relay class command)

IPExpert V2 Lab6

3.2 Ospf Stub & virtual-link

-WB says only a default route should exist on R1 received from R2. Stub no-summary is not enough as LO1 of R2 is in same area. We could filter with a distribute-lsit in ospf

-WB says virtual-link should be secured. Means 2 point of attachment in area 0 and authentication.

3.4 GRE recursive routing

A GRE tunnel is run between the 2 eigrp as 100. Problem is when tunnel is up the destination of the tunnel is learned through the tunnel. Need to change the distance of the internal route to be prefered over tunnel route

7.3 IPv6 connectivity

Without redistribution eigrp/ospf domains should be reachable.
Eigrp side : summary-route
OSPF side : area range-route (put the lo1 of R7 in area 1 is necessary)

IPExpert V2 Lab5

done on paper

1.1 VTP domain with special caracter

User ctrl-V

1.2 Backup interface

2 links between 2 switchs, workbook said that one link should be used until one fail. My solution was letting spanning-tree do the job. Solution use a backup interface

int fa0/13
switchport backup int fa0/14

2.1 Force DE for packet <512

My solution
class-map DE
match packet length min 512
policy-map DE
class DE
set fr-de
int s2/0
service-policy out DE

Proctor solution
int s2/0
frame-relay de-group 1 502
de-list 1 protocol ip gt 512

3.3 EIGRP on frame-RelayMultipoint interface

Don't forget to disable split-horizon on multipoint interface.

3.5 EIGRP <-> OSPF mutual redistribution

External EIGRP(AD170) routes when redistributed in OSPF are prefered through OSPF (AD110). In order to change this, in ospf process of the redistributing routers, routes learned from the other router doing redistribution, modify the AD to > 170. filter routes learned from ospf.

Ex
distance 172 172.16.6.6 0.0.0.0 10
access-list 10 deny ospf routes

-> All routes learnt from 172.16.6.6 excpet OSPF routes will have an AD of 171 making IGRP better routes.

4.2 BGP aggregate without summary-only

Use of suppress map
OR
Use community no-advertise

IPExpert V2 Lab4

2.1 Modify frame-Relay Full status update without mdifying keepalive

By default keepalive every 10s and full status every 6 keepalive.

frame-relay lmi-n391dte 18 permit a full update eveyr 18 keepalive (180s)

4.0 BGP AS number manipulation

neighbor x.x.x.x local YY no-prepend replace-as
Permit to replace the real as number by YY
Using YY with a private-as and the command
neighbor x.x.x.x remove-private-as at the neighbor permit to remove or replace AS information.

5.3 Activate BGP multicast

On this task, proctor active bgp multicast, even if all the networks are redistributed in Igp???


7.3 redistributing EIGRPv6 to OSPFv3

In IPv4 the process to see if a route is redistributed is (ex OSPF to EIGRP):
-Is the route appears when doing a sh ip route ospf.
-Is OSPF activated on the connected interface.

In IPv6 only the first phase is done :

For EIGRPv6 : the keyword include-connected permit to redistribute attached network where EIGRPv6 is activated
For OSPFv3 : need to manually redistribute connected

8.4 IP Precedence mask

To match multiple precedencewith CAR, you could use ip precedence mask. Each precedence is a bit, beginning at 0.
Ex to match IP precedence 1 and 7, in bit : 10000010 -> in Hex 82

9.2 Lock User

2 methods :
Quiet time (lock all users during a time :
login block-for 60 attempts 3 within 60

Or via AAA
aaa local authentication attempts max-fail 3
aaa authentication login vty local
line vty 0 15
login authent local

IPExpert V2 Lab3

2.1 Set MTU

Two ways to set mtu : interface MTU (on physical interface) and protocol mtu (ex ip mtu)

3.2 Ospf authentication

ip ospf authentication-key ipexpert -> Use for cleartext password
ip ospf message-digest-key 1 ipexert -> Use for Md5 password

Verify with show ip ospf int

3.5 RIP

3 routers on a broadcast media, find a way to learn only from one.
My solution :

Passive interface on the BB2 router.
Summary and split horizon disable on the middle router and neighbor command between BB2 & Cat4

Proctor solution
Disable split horizon on Cat4.
Put a default distance of 255 on R8 rip process except for Cat4

-> With the proctor solution routes are learn from Cat4 (metric = 2) but the next-hop is still BB2


4.1 BGP

Forgot the peering between cat2 & cat3 on same AS, not explicitly said but mandatory inside as !!

6.2 Logging

The only purpose of the list of the message to syslog was to define the trap error level.

7.1 IPv6

On Catalyst, when ipv6 is used you should configer an SDM template to support it :

sdm prefer dual-ipv4-and-ipv6 default
sdm prefer dual default

As for Ipv4, it could be necessary to configure ipv6 mtu-ignore if ospf adjacency stuck in Extart. (it disable the auto detection of the mtu of the peer)

8.4 DSCP Rewrite

My solution : MQC based
Proctor solution : dscp-mutation map that rewrite all dscp to AF32, apply it to interface with

mls qos dscpèmutation ResetAF32

9.3 Zone Based firewall

No time to finish.

Route Filtering with distribute-list

3 ways to filter routes for redistribution :

- Standard ACL
access-list permit ip 10.0.0.0 0.0.15.255

Match 10.0.0.0/20 but also 10.0.0.0/21 .. 21 etc any smaller mask.

To match also the mask use Extended ACL

-Extended ACL
access-list 101 permit ip 10.0.0.0 0.0.0.0 255.255.248.0 0.0.0.0

Match only 10.0.0.0/20

-Prefix-list
ip prefix-list TEST 10.0.0.0/20

But permit to limit a range of valid mask
ip prefix-list TEST 10.0.0.0/20 le 24
It match 10.0.0.0/24 and also 10.0.4.0/22

ip prefix-list TEST 10.0.0.0/20 ge 24
It match 10.0.0.0/24 but also 10.0.0.0/25 ...

IPExpert V2 Lab2

6.0 redistribution

In case of mutual redistribution between 3 process (R5 & R6), keep in mind to tag redistributed route in the transit area (ospf) with the originating tag.

cycle redistribution RIP -> OSPF -> EIGRP -> RIP

Ex : redistribute rip in ospf with tag 25, redistribute ospf with tag 58 and ospf coming from RIP with tag 25 into eigrp. When redistributing to orignating RIP, filter tag 25, redistribute 58 with tag 58 and EIGRP with tag 20.

7.6 BGP MED

In order to make the R5 route prefered MED must be compared, as R5 set a MED and R6 not, R6 is preferedd.

bgp bestpath med missing-as-worst permits to set a MED TO THE LARGEST VALUE WHEN HE IS NO SET
Easier to do

8.2 NTP Authentication

Authentication permit to authentication the clock source not the recipient and on the demand of the recipient.

Case 1 : Server Y, Client N : sync but no authenticated
Case 2 : Server N, Client Y : no sync
Case 3 : Server Y, Client Y :

Server Side
ntp authentication-key 1 md5 060F1F24545E0C0B11 7
ntp authenticate
ntp master

Client side
ntp authentication-key 1 md5 060F1F24545E0C0B11 7
ntp authenticate
ntp server 10.10.10.4 key 1
ntp trusted-key 1


10.2 Qos

In order to drop traffic and use NBAR, use policy-amp with action drop

policy-map DROP
class P2P
drop

IPExpert V2 Lab1

Review :

1.0 Etherchannel load balancing
Load balance according to where frame are headed : means where frame goes so it's destination mac load-balancing type.

1.4 PPPoE
PPPoE is on aggregation & DSL on the doc CD.
Virtual-template and bba-group on the server side
Dialer with ppp encap on the client side

2.1 Frame-Relay
Don't forget local frame-relay map on physical or multipoint interface to ping ourselves
Broadcast keyword is no necessary for spoke on frame-relay map

3.1 RIP
When more passive than active it's easier to do :
passive-interface default
no passive-interface f0/0

To add dely between rip update

router rip
output-delay 25

7.3 Snmp Trap configuration
Event after snmp-host x.x.x.x configuration don't forget to enable trap
snmp-server enable traps

10.1 DHCP Server Secure ARP
In order arp table secured by dhcp entry

update arp


11.3 RSVP

Activate RSVP on interface
ip rsvp bandwidth

ip rsvp sender-host and ip rsvp reservation-host are used to simulate a PATH message between 2 router and verify that reservation is done on the path.


12.3 EEM
event maanger applet denytcl
event cli pattern "tclsh" sync yes
action syslog msg "Attempted tclsh command by user at $_$event_pub_time"
set _exit_status 0

PPPoE

PPPOE with static IP

Server Configuration

bba-group pppoe PPPOE
virtual-template 1

int f0/0
pppo enable group PPPOE

int virtual-template
ip add 150.50.17.1 255.255.255.0


Client Configuration

int dialer 1
mtu 1492
ip add 150.50.17.2 255.255.255.0
encap ppp
dialer pool 1

int f0/0
pppoe enable
pppoe-client dial-pool-number 1

INE - LAB10 review

3.4 Configure Area 1 without Network Command

Int lo0
ip ospf 1 area 1


3.6 Ospf Authentication

Authentication all area 0 adjacencies without area 0 command :
Don't forget the virtualink authentication

router ospf 1
area 1 virtual-link 150.1.4.4 authentication
area 1 virtual-link 150.1.4.4 authentication-key CISCO

4.2 BGP Summarization

After aggregating all the IGP domain adress space with

aggregate-address 164.1.0.0 255.255.0.0 summary-only

A 164.1.0.0/16 route to Null0 is put on the RIB. As R4 use a default route to join a part of 164.1.0.0 it will use the more specific route to Null0 instead. A way to prevent Null0 from being installed in the RIB is make the distance for the local route 255

router bgp 100
distance 20 200 255

4.3 BGP Default Route

Advertized a BGP default route, only the default, and make it prefered from OSPF default route :

On R1 filter all bgp routes except default

R1
router bgp 300
neighbor 164.1.18.8 default-originate
neighbor 164.1.18.8 prefix-list DEFAULT ou

ip prefix-list DEFAULT seq 5 permit 0.0.0.0/0

On sw2 change the distance for the neighbor lower than distance of ospf 110

Sw2
router bgp 300 distance 100 164.1.18.1 0.0.0.0


4.5 BGP Reachability

During network breakdown, the traffic transit by a non-bgp router causing a routing black hole (non-bgp router doesn't have any bgp route). The idea is then to redistribute bgp onto OSPF. It 's necessary to filter which router redistribute wich AS in

bgp redistribute-internal

Is needed as BGP only redistribute EBGP learned route into IGP by default.


5.4 IGMP Multicast for a group

Prevent a group from being sent to an interface for a given group

int e0/1
ip multicast boundary 1
access-list 1 deny 226.37.1.1
access-list 1 permit any


6.3 RIPng Overs Frame Relay

Don't forget to map pv6 Link Local adress with DLCI for physical or multipoint interface for RIP adjacencies working


7.1 Frame Relay Traffic Shaping

Minimum TC is 10ms.
So for a CIR of 256000 the Bc to configure is 2560
In order packet are fragment to be transmitted in one interval, the size of fragment should be 2560/8 = 320 Bytes

map-class frame-relay DLCI_305
frame-relay cir 256000
frame-relay bc 2560
frame-relay fragment 320

Ping Macro & Tcl

For IOS, use tcl to script ping

tclsh
foreach address {
164.1.1.1
164.2.2.2
} { ping $address
}

For Catalyst

macro name PINGALL
do ping 164.1.1.1
do ping 164.2.2.2
@
macro global apply PINGALL