Advanced
CCIE Routing & Switching
4.0
www.MicronicsTraining.com
Narbik Kocharians
CCIE #12410
R&S, Security, SP
VOL-ITTable of Content:
Subject
Topology
3560 Switching
Lab 1 Basic 3560 configuration - I
Lab 2 Basic 3560 configuration - II
Lab 3 Configuring Trunks
Lab 4 Configuring EtherChannels
Lab 5 Advanced STP Configuration
Lab 6 Multiple Spanning-tree (802.15)
Lab 7 Configuring Private VLANs
Lab 8 QinQ Tunneling
Lab 9 Fallback Bridging
Frame-relay
Lab 1 Hub-n-Spoke Using Frame Map Statements
Lab 2 Hub-n-Spoke Frame-relay Point-to-point
Lab 3 Mixture of P2P and Multipoint
Lab 4 Multipoint Frame-relay W/O Frame maps
Lab 5 Frame-relay and Authentication
Lab 6 Frame-relay End-to-End Keepalives
Lab 7 Tricky Frame-relay Configuration
Lab 8 Frame-relay Multilinking
Lab 9 Back-to-Back Frame-relay connection
ODR
Lab 1 On Demand Routing
RIPy2
Lab 1 RIPv2 and Frame-relay
Lab 2 RIPv2 Authentication
Lab 3 Advanced RIPy2 Mini Mock Lab
EIGRP
Lab 1 Eigrp configuration
Lab 2 Advanced Eigrp Stub Configuration
Lab 3 Kigep & Default-information
Lab 4 Eigrp FilteringTable of Content:
Subject
OSPF
Lab 1 Advertising Networks
Lab 2 Optimization of OSPF & Adjusting Timers
Lab 3 OSPF Authentication
Lab 4 OSPK Cost
Lab 5 OSPF Summarization
Lab 6 Virtual-links and GRE Tunnels
Lab 7 OSPF Stub, T/Stub, and NSSAs
Lab 8 OSPF Filtering
Lab 9 Additional OSPF Filtering
Lab 10 Redirecting Traffic in OSPF
Lab 11 Database Overload Protection
Lab 12 OSPF Non-Broadcast Networks
Lab 13 OSPF Broadcast Networks
Lab 14 OSPF Point-to-Point Networks
Lab 15 OSPF Point-to-Multipoint Networks
Lab 16 OSPF Point-to-Multi Network - II
Lab 17 OSPF P-to-M Non-Broadcast Net
Lab 18 OSPF and NBMA
Lab 19 Forward Address Suppression
Lab 20 OSPF NSSA no-redistribution & Injection
of default routes
BGP.
Lab 1 Establishing Neighbor Adjacency
Lab 2 Route Reflectors
Lab 3 Conditional Adv & Back door
Lab 4 Route Dampening
Lab 5 Route Aggregation
Lab 6 The community Attribute
Lab 7 BGP Cost Community
Lab 8 BGP & Load Balancing —1
Lab 9 BGP Load Balancing - II
Lab 10 BGP Unequal Cost Load Balancing
Lab 11 BGP Local Preference —T
Lab 12 BGP Local Preference — I
Lab 13 The AS-Path Attribute
Lab 14 The Weight Attribute
Lab 15 MED
Lab 16 Filtering Using ACLs & Prefix-listsLab 17 Regular Expressions
Vol-l
Lab 18 Adv BGP Configurations
Vol-l
Lab 19 Administrative Distance
Volt
Lab 20 BGP Confederation
Vol-I
Lab 21 BGP Hiding Local AS Number
Vol-T
Lab 22 BGP Allowas-in
Vol-l
Policy Based Routing
Lab 1 PBR based on Source IP address
Vol-l
Redistribution
Lab 1 Basics of Redistribution-I
Vol-l
Lab 2 Basics of Redistribution-II
Vol-l
Lab 3 Advanced Redistribution
Vol-I
Lab 4 Routing Loops
Vol-l
IP SLA
Lab LIP SLA.
Vol-T
Lab 2 Reliable Static Routing using IP SLA.
Vol-l
Lab 3 Reliable Conditional Default Route
Injection using IP SLA
Vol-I
Lab 4 Object Tracking in HSRP Using SLA
Vol-T
Lab 5 Object Tracking
Vol-l
GRE Tunnels
Lab 1 Basic Configuration of GRE Tunnels
Vol-I
Lab 2 Configuration of GRE Tunnels IT
Vol-I
Lab 3 Configuration of GRE Tunnels III
Vol-l
Lab 4 GRE & Recursive loops
Vol-I
Qos
Lab 1 MLS QOS
Vol-ll
Lab 2 DSCP Mutation
Vol-Il
Lab 3 DSCP-CoS Mapping
Vol-Il
Lab 4 CoS-DSCP Mapping
Vol-II
Lab 5 IP-Precedence-DSCP Mapping
Vol-Il
Lab 6 Individual rate Policin;
Vol-ll
Lab 7 Policed DSCP
Vol-II
Lab 8 Aggregate Policer
Vol-Il
Lab 9 Priority Queuin;
Voll
Lab 10 Custom Queuing
Vol-Il
Lab 11 WFQ
Vol-II
Lab 12 RSVP.
Vol-Il
Lab 13 Match Access-group
Voll
Lab 14 Match Destination & Source Add MAC
Vol-II
Lab 15 Match Input-Interface
Vol-Il
Lab 16 Match FR-de & Packet Length
Vol-ll
Lab 17 Match IP Precedence vs. Match Precedence
Vol-IlLab 18 Match Protocol HTTP URL, MIME & Host
Vol-II
Lab 19 Match Fr-dlei
Vol-Il
Lab 20 Frame-relay Traffic Shaping
Vol-ll
Lab 21 Frame-relay Traffic-shaping — II
Vol-Il
Lab 22 Frame-relay Fragmentation
Vol-Il
Lab 23 Frame-relay PIPQ
Vol-IL
Lab 24 Frame-relay DE
Vol-Il
Lab 25 Frame-relay and Compression
Vol-II
Lab 26 CBWFQ
Vol-Il
Lab 27 CBWFQ- IT
Vol-ll
Lab 28 Converting Custom Queuing to CBWFQ
Vol-Il
Lab 29LLQ
Vol-Il
Lab 30 CAR
Vol-I
Lab 31 Class Based Policing — I
Vol-ll
Lab 32 CB Policing— 11
Vol-I
Lab 33 WRED & CB WRED
Vol-Il
NAT
Lab 1 Static NAT Configuration
Vol-Il
Lab 2 Advanced Static NAT Configuration
Vol-II
Lab 3 Configuration of Dynamic NAT - I
Vol-Il
Lab 4 Configuration of Dynamic NAT — IT
Voll
Lab 5 Configuration of Dynamic NAT - II
Vol-II
Lab 6 NAT and Load Balancin;
Vol-Il
Lab 7 Configuring PAT
Voll
Lab 8 Configuring PAR
Vol-Il
Lab 9 Configuring Static NAT Redundancy W/HSRP
Vol-II
Lab 10 Stateful Translation Failover With HSRP.
Vol-II
Lab II Translation of the Outside Source
Voll
Lab 12NAT ona Stick
Vol-II
IP Services
Lab 1 DHCP Configuration
Vol-Il
Lab 2 HSRP Configuration
Vol-Il
Lab 3 VRRP Configuration
Vol-IL
Lab 4 GLBP Configuration
Vol-Il
Lab 5 IRDP Configuration
Vol-I
Lab 6 Configuring DRP
Vol-ll
Lab 7 Configuring WCCP
Vol-ll
Lab 8 Core Dump Using FTP
Vol-I
Lab 9 HTTP Connection Management
Vol-Il
Lab 10 Configuting NTP
Vol-I
Lab 11 More IP Stuff
Vol-Il
IP Prefix-List
Lab 1 Prefix-Lists
Vol-IlIPv6
Lab 1 Configuring Basic IPv6
Voll
Lab 2 Configuring OSPFv3
Vol-II
Lab 3 Configuring OSPFv3 Multi-Area
Vol-Il
Lab 4 Summarization of Internal & External N/W
Voll
Lab 5 OSPFV3 Stub, T/Stub and NSSA networks
Vol-Il
‘ost and Auto-cost
Vol-II
Lab 7 Tunneling IPv6 Over IPv4
Vol-II
Lab 8 Kigep and IPv6
Vol-ll
Security
Lab 1 Basic Router Security Configuration
Vol-ll
Lab 2 Standard Named Access List
Vol-II
Lab 3 Controlling Telnet Access and SSH
Vol-Il
Lab 4 Extended Access List IP and ICMP
Vol-II
Lab 5 Extended Access List OSPF & Eigrp
Vol-Il
Lab 6 Using MQC as a Filtering tool
Voll
Lab 7 Extended Access List With Established
Vol-Il
Lab 8 Dynamic Access List
Vol-ll
Lab 9 Reflexive Access-Lists
Vol-I
Lab 10 Access-list & Time Range
Vol-Il
Lab 11 Configuring Basic CBAC
Vol-II
Lab 12 Configuring CBAC
Vol-I
Lab 13 Configuring CBAC & Java Blocking
Voll
Lab 14 Configuring PAM
Vol-Il
Lab 15 Configuring uRPF
Vol-ll
Lab 16 Configuring Zone Based Firewall
Vol-II
Lab 17 Control Plane Policing
Vol-Il
Lab 18 Configuring 10S IPS
Vol-II
Lab 19 Attacks
Vol-Il
Lab 20 AAA Authentication
Vol-ll
Multicasting
Lab 1 Configuring IGMP
Voll
Lab 2 Dense Mode
Vol-II
Lab 3 Static RP Configuration
Vol-I
Lab 4 Auto-RP.
Vol-II
Lab 5 Auto-RP Filtering & Listener
Vol-ll
Lab 6 Configuring BSR
Vol-Il
Lab 7 Configuring MSDP
Vol-Il
Lab 8 Anycast RP
Vol-ll
Lab 9 MSDP/MP-BGP.
Vol-I
Lab 10 Configuring SSM
Vol-ll
Lab 11 Helper-Map
Vol-II
Lab 12 Bidirectional PIM
Vol-IlMPLS & L3VPNs
Lab 1 Configuring Label Distribution Protocol
Voll
Lab 2 Static & RIPy?2 Routing in a VPN
Vol-II
Lab 3 OSPF Routing ina VPN
Vol-Il
Lab 4 Backdoor links & OSPF
Voll
Lab 5 Eigrp Routing in a VPN
Vol-Il
Lab 6 BGP Routing in a VPN
Vol-II
Lab 7 Complex VPNs and Filters
Vol-IISwitch -1 Switch-2
FO/1 FO/1
Fo/2 Fo/2
FO/3 FO/3
FO/4 FO/4
FO/5 FO/5
Fo/é FO/6é
FOr" FO/14
Fo/12 > Switch-3
FO/13 Fo/12
F0/13The Serial connection between R1 and R3
so DTE
DCE con
The Serial connection between R4 and RS
SO __BIE
DCE
CCTE R&S by Narbik KochariansFrame-relay Switch connections
CCTE R&S by Narbik KochariansFrame-relay DLCI connections:
Local DLCI
Connecting to:F0/21-22
ee-bz/0dAdvanced
CCIE Routing & Switching
4.0
www.MicronicsTraining.com
Narbik Kocharians
CCIE #12410
R&S, Security, SP
QosLab Setup:
> Configure FO/19 interface of SWI and SW2 as a Dot!Q trunk,
> Configure SW1 and SW2 in VTP domain called TST
Configure FO/1 and F0/2 interface of SW1 in VLAN 100.
> Configure F0/3 interface of SW2 as a Dot! Q trunk.
> Configure FO/1 interface of R3 as a DotlQ trunk for VLAN 100,
You can copy and paste the initial configuration from the init directory
IP addressing:
Router Interface / IP address
RI FO/O=10.1.1.1 24
R2 FO/0 = 10.1.1.2 (24
R3 FO/1.100 = 10.1.1.3 /24Task 1
Assign a hostname of SW1 to Switeh 1 and a hostname of SW2 to Switch 2. Shutdown
all ports on these switches.
Qn Switch 1
Switch (config) {Host SW1
SW1(config)#Int range £0/1-24
SWI (config-if-range) #Shut
itch 2
(config) #Host SW2
(config) #Int range £0/1-24
(conf ig-if-range) #Shut
Task 2
Configure SW1’s port FO/2 such that it marks All ingress traffic with a CoS marking of 2
For vetification purpose, R3 should be configured to match on CoS values of 0-7
ingress on its FO/1.100 sub-interface.
In this step R3 is configured to match on incoming CoS values of 0 — 7, this is done so the policy can be
tested and verified.
On R3
R3 (config) #class-map cos0
R3 (config-cmap) #match CoS
R3 (config) #elass-map cos1
R3(config-cmap) #match CoS
R3 (config) #class-map cos2
3 (config-cmap) #match CoS
R3 (config) #elass-map cos3
R3(config-cmap) #match CoSR3 (config) #elass-map cos4
R3(config-cmap) #mateh CoS 4
R3 (config) #elass-map cos5
R3(config-cmap) #match CoS 5
R3 (config) #elass-map cos6
R3(config-cmap) #match CoS 6
config) #elass-map cos7
R3(config-cmap) #match CoS 7
R3 (config) #Policy-map TST
R3 (config-pmap) #Class cos
R3(config-pmap) {Class cos]
R3 (config-pmap) #Class cos2
R3 (config-pmap) #Class cos3
R3(config-pmap) #Class cos4
R3 (config-pmap) #Class cos5
R3 (config-pmap) #Class cosé
R3 (config-pmap) #Class cos7
R3 (config) #Int FO/1.100
R3 (config-subif) #Service-policy in TST
On SW1
By default, QOS is disabled and the switch will NOT modify the CoS, IP-Precedence or the DSCP
values of received traffic. To verify:
SW1#Show mls qos
ges is disanies 4
QoS ip packet dscp rewrite is enabled
The following command enables MLS QOS; to perform any kind of QOS configuration, MLS QOS.
must be enabled,
SW1 (config) #MLS Qos
To fy the configuration:
On SW1SW1#Show mls qos
cosiisiemanisa
QoS ip packet dscp rewrite is enabled
To continue with the configuration:
SW1 (config) #int FO/1
The following command assigns a default CoS value of 2 to untagged traffic received through this
interface,
SW1(config-if}#mls qos cos 2
To fy the configuration:
On SW1
SW1#Show mls qos inter £0/1
FastEthernet0/1
trust state: not trusted
trust mode: not trusted
trust enabled £1.
CoS override: d
Mutation »
Trust device: no
qos mode: port-b
To test the configuration
On RI
R1#Ping 10.1.1.3
Type pe sequence to abs .
Sending 5, 100-byte ICMP Echos to 10
ttt!
Success rate is 80 percent (4/5), round-trip min/avg/max
To veiOn R3
R3#Show policy-map interface | S cos0
Class-map: cos0
4 packets, 472 bytes
5 minute offered rate 0 bps
Match: cos 0
R3#Show policy-map interface | $ cos2
Class-map: cos2 (match-all)
0 packets, 0 bytes
5 minute offered rate
Match: cos 2
Note, even though the interface is configured with “Mls qos cos 2” the traffic coming in on that
interface is NOT affected. To mark ALL traffic with a CoS marking of 2, which means all traffic
regardless of their marking, the port must be configured to override the existing CoS.
‘The “mls qos cos” command on its own does NOTHING, it should be combined with either the “Mls
gos cos override” or “Mls qos trust cos”, When its combined with *MLS qos trust cos”, ONLY the
untagged traffic is affected, but if is combined with “MLS qos cos override”, then, all traffic (Tagged
or untagged) is affected.
The following command configures the switch port to trust the CoS value in ALL incoming traffic
through F0/2 interface, the “Mls qos cos override” command will be tested later:
SW (config) #int FO/L
SW1(config-if)#mls qos trust cos
To fy the configuration:
On SWI
sW1#Sh mls qos interface £0/1
FastEthernet0/1
trust state: trust cos
trust mode: trust cos
trust enabled flag: ena
COS override: dis
default cos: 2
DSCP Mutation Map: Default DSCP Mutation MapTrust device: none
qos mode: port-based
o test the configuration:
On R3
R3#Clear counters
Clear "show interface" counters on a faces [confir
Press Enter to allow the counters to be cleared
OnR1
R1#Ping 10.1.1.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10,1.1.3, timeout is 2 seconds:
ey
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
To verify the tes
On R3
R34Sh policy-map inter | § cos0
Class-map: cos0 (match~all)
, 0 bytes
5 minute offered rate 0 bps
R3#Show policy-map interface | $ cos2
Note the output of the above show command reveals that all traffic that sourced from RI is marked
with a CoS value of 0; the reason for this outcome is because SW1 is configured with “Mls qos” global
configuration command, therefore, the switch will mark all untagged incoming traffic through its F0/1
interface with a CoS value of 2.Task 3
Configure SW! and R1 as follows:
+ FO/l interface of SW1 should be configured as a Dotlq trunk.
* Disable “Mls QOS” and remove the “Mls qos cos 2” command from F0/1
interface of SWI
Configure F0/0.100 sub-interface on R1, this sub-interface should be configured
based on the following
. R1’s F0/0,100 interface should be configured as trunk for VLAN 100
+ RI's F0/0,100 should be assigned an IP address of 10.1.1.1 /24
+ RI's F0/0,100 should be configured to mark all egress traffic with a CoS
value of 6,
On SW1
SW1 (config) #int FO/L
SW1(config-if) #Default inter £0/1
fig)#int FO/1
fig-if)#swi trunk enc do
nfig-if} #swi mode trunk
SW1 (config) #NO Mls qos
To fy the configuration
On SW1
sil#Show int trunk
Port Mode Encapsulation Status Native vlan
F on 802.14 trunking 1
on 802.14 trunking
Vlans allowed on trunk
1-4094
11-4094
Vlans allowed and active in management domain
1,100
1,100Vlans in spanning tree forwarding state and not pruned
one
1,100
Rl (config) #Default inter F0/0
Rl (config-if) #int F0/0.100
R1(config-subif) #encap dot1 100
Ri (config-subif)#ip addr 10.1.1.1 255.255.255.0
Rl (config) #Policy-map TST
Rl (config-pmap) #class class-default
Rl (config-pmap-c) #set cos 6
R1(config-pmap-c) #int F0/0.100
Rl (config-subif) #service-policy out TST
To the configuration:
On R3
R3#Clear counters
OnR1
R1fPing 10.1.1.3 rep 60
ype escape sequence t
Sending 60, 100-byte s to 10.1.1.3, timeout is 2 seconds:
POPPEPEPEP PPE reer ee eeeeeeeriey
Success rate is 100 percent (60/60), round-trip min/avg/max = 1/1/4 ms
On R3
R3#Sh policy-map inter | S cos60
Note traffic generated by R1 has a CoS marking of 6.Task 4
SW1 should be configured to trust the CoS marking of any traffic coming through its
FO/1 interface.
On SW1
SW1 (config) #mls qos
config) #int FO/1
fig-if)#mls qos trust Cos
To test the configuration
On R3
R3#Clear counters
On RI
R1Ping 10.1.1.3 repeat 60
Type escape sequence to abort.
Sending 60 MP Ec 3, timeout is 2 seconds:
Vereeeeenenny rereetreneens VIPEVtreneenreetenny
Success rate is 100 percent (60/60), round-trip min/avg/max = 1/1/4 ms
Note the output of the following show command reveals that the traffic retained its CoS marking.
On R3
R3#Show policy-map interface | S$ cosé
-all)
080 bytes
5 minute offered rate 0 bps
Task 5
Configure R1, R2 & SW1 using the following policy:1. If the ingress traffic from R2 is NOT marked with a CoS value, SW1 should be
configured to mark that traffic with a CoS value of 0.
If the ingress traffic from R1 is NOT tagged, SW1 should be configured to rewrite
the CoS value to 1, however, if the traffic is tagged, SW1 should NOT rewrite the
CoS value of the incoming traffic.
To configure the first policy:
Since the “Mls Qos” command is configured on SW1, when traffic without a CoS marking enters any
port on SW1, that traffic is marked with a CoS value of 0, therefore, SW1 does NOT need to be
configured for this policy:
To verify and test the first policy:
OnR3
R3#Clear counter
OnR2
R2#Ping 10.1.1.3 rep 60
Type escape sequence to abort.
Sending 60, 100-byte ICMP Echos to timeout is 2 seconds:
Pererereny rere rereny
Success rate is 100 percent (60/60), round-trip min/avg/max = 1/1/4 ms
On R3
Since the traffic generated by R2 did not haye a CoS marking, the traffic will arrive with a CoS
marking of zero,
R3#Show policy-map interface | S$ cosé
te offered rate 0 bps
R3#Show policy-map interface | S cos05 minute offered rate 0
To configure the second policy:
The “Mls qos trust cos” command that was configured in the previous task will trust the CoS value in
the incoming traffic and will NOT rewrite the CoS value; since the task stats that the untagged traffic
should be re-written to a CoS value of 1, whereas, the tagged traffic should NOT be affected at all, the
following should be configured:
To test the configuration:
ons
R3#Clear counters
On SWI
SW1 (config) #Int FO/1
SW1(config-if)#mls qos cos 1
The above command ONLY affects the untagged traffic, since RI’s FO/I interface is configured as a
truck link, this configuration should NOT have any affect. The following show command reveals this
information
OnRI
R1#Ping 10.1.1.3 repeat 10
Type escape sequence to abort.
Sending 10, 100-byte ICMP Bchos to 10.1.1.3, timeout is 2 seconds:
Pereeteeny
Success rate is 100 percent (10/10), round-trip min/avg/max = 1/1/4 ms
On R3
The output of the following show command reveals that the traffic from R1 retained its CoS value of 6:
R348h policy-map inter | s coséTo test the untagged traffic:
OnR1
Rl (config) #int FO/0.100
Rl (config-subif) #eneap dotl 100 native
NOTE: In the above and the following configuration, VLAN 100 is configured to be the Native VLAN
so the traffic arrives with NO tagging:
On SW1
SWl(config-if) #int FO/1
SW1(config-if)#swi trunk native vlan 100
To see SW1’s configurati
On SW1
sW1#Sh run int F0/1 | B interface
FastEthernet0/1
s port trunk encapsulatii
s port trunk native vlan 100
switchport mode trunk
mls gos cos 1
mls gos trust cos
To verify the configuration:
On SW1
SW1#Sh interface trunk
Port Mode Encapsulation Status
20/19 on 802.1q trunking
(The rest of the output is omitted)
On R3
R3#Clear_ countersOnR1
R1#Ping 10.1.1.3 rep 100
Type escape sequence to abort.
ding 100, 100-byte ICMP Echos to 10.1.1.3, timeout i
Veeerererenes POCPECePeCOePeeeeee rere eeeeeeeceereeereeeenreregy
reeererers rerererenes
Success rate is 100 percent (100/100), round-trip min/avg/max = 1/1/4 ms
On R3
R3#Show policy-map interface | $ cosé
Clas
0 packets, 0 bytes
5 minute offered rate 0 bps
0 packets,
te offered rate 0 bps
R3#Show policy-map interface | S$ cosl
(ma:
The following shows R1’s policy-map configuration:
On RI
R1#Show policy-map TST
Policy Map TSTTask 6
SW2 should be configured such that it marks all traffic from any router/s connected to
SWI (Tagged or Untagged) with a CoS value of 7. DO NOT configure R1, R2 or SW1 to
accomplish this task
On SW2
SWi2 (config) MLS Qos
NOTE: This configuration is performed on the trunk link of SW2 so it can affect all traffic coming
from SW1; this affects the traffic that has marking, the traffic that does NOT have any marking,
tagged or untagged:
SW2 (config) #int FO/19
SW2(config-if)#mls qos cos 7
(config-if) #mls qos cos override
To fy the configuration:
On SW2
SW2#Sh mls qos inter £0/19
FastEthernet0/19
trust state: not trusted
trust mode: not trusted
trust enabled flag: ena
COS override: ena
default Cos: 7
DSCP Mutation Map: Default DSCP Mutation Map
Tru: device: none
gos mode: port-based
To test the configuration:
On R3
R3#Clear counter
On RI
R1#Ping 10.1.1.3 rep 100pe sequence to abort
g 100, 100-byte ICMP Echos to 10.1.1.3, timeout onds:
rerererenenty PEPEOCCePOeeeeeeeeeeerereteeererend reerenren
Success rate is 100 percent (100/100), round-trip min/avg/max = 1/1/4 ms
On R3
Note the traffic matched to CoS 7
Show policy-map interface | S cos7
(match-all)
, 11800 bytes
5 minute offered rate 0 bps
On R2
R2#Ping 10.1.1.3 rep 200
‘Type escape sequence to abort.
Sending 200, 100-byte ICMP Echos to 10.1.1.3, timeout is 2 seconds:
POCUCEPePeCCeCeCe UP eee ee eee reeeeeeeeeeereeeeeeeeeeeeeeeeeereeeereeregy
PEPEPEeenerer PUPIEPEEO PP ereeeeeeeneereneeneer Pereereny
Hererreenerer POEPOPPPereOererernireennreer
Success rate is 100 percent (200/200), round-trip min/avg/max = 1/1/4 ms
On R3
R3#Show policy-map interface
5 minute offered rate 0 bps
Note all traffic regardless of their marking are marked with a CoS value of 7.Task 7
Erase the startup configuration on R1-3 and SW1 & SW2 and reload these routers and
switches before proceeding to the next lab,VIP Domain
1sT
Trunk F019
Lab Setup:
The lab topology and setup is based on the previous lab, with the exception of R3’s
configuration and the FO/3 interface of SW2; R3’s FO/1 interface should be configured
with an IP address of 10.1.1.3 /24 and the F0/3 interface of SW2 should be configured in
VLAN 100.
‘You can copy and paste the initial configuration from the init directory
Task1
Configure an MQC on R1 such that all packets going out of its F0/0 interface are marked
with a DSCP value of 1. For verification purpose, R3’s FO/1 interface should be
configured to match on DSCP 0-7 for all ingress traffic. Ensure that “Mls qos” is
disabled on both switches.
On Both Switch
Siix#Sh mls gosQoS ip packet dscp rewrite is enabled
The following configuration on R1 marks all egress traffic with a DSCP value of 1:
OnR1
Rl (config) #Policy-map TST
Rl (config-pmap) #elass class-default
Ri (config-pmap-c) #set ip dsep 1
Ri (config) #int F0/0
Rl (config-if) #Service-policy out TST
On R3
‘The following configuration is done for verification and testing purposes:
R3 (config) #Class-map DSCPO
R3(config-cmap) #match ip dsep
R3 (config) #Class-map DSCP1
R3(config-cmap) #match ip dscp
R3 (config) #Class-map DSCP2
R3(config-cmap) #match ip dsep
R3 (config) #Class-map DSCP3
R3(config-cmap) #match ip dsep
R3 (config) #Class-map DSCP4
R3(config-cmap) #match ip dscp
R3 (config) #Class-map DSCP5
R3(config-cmap) #match ip dscp
R3 (config) #Class-map DSCP6
R3(config-cmap) match ip dsep
R3 (config) #Class-map DSCP7
R3(config-cmap) #mateh ip dsep
R3 (config) 4policy-map TST
R3 (config-pmap) #Class DSCPOR3 (config-pmap) #Class DSCP1
R3(config-pmap) #Class DSCP2
R3(config-pmap) #Class DSCP3
R3(config-pmap) #Class DSCP4
R3(config-pmap) #Class DSCP5
R3 (config-pmap) #Class DSCP6
R3 (config-pmap) #Class DSCP7
R3 (config) #int FO/1
R3 (config-if) #service-policy in TST
To test the configuration:
OnR1
R1#Ping 10.1.1.3 rep 10
Type escape sequence to abort.
Sending 10, 100-byte ICMP Echos to 10.1.1.3, timeout is 2 seconds:
VEPEPttees
Success rate is 90 percent (9/10), round-trip min/avg/max = 1/1/4 ms
On R3
R3#Sh Policy-map inter | S DSCP1
Note since “Mls qos” is disabled on both switches, the packets traversing the switches will retain their
marking.
Task 2
Configure $W2 such that if the incoming traffic is marked with DSCP 1, they are
overwritten to a DSCP value of 60. DO NOT configure a class-map or Policy-map to
accomplish this task. Use R3 to verify the configuration.
DSCP Mutation can be configured to accomplish this task; there are five steps in configuring DSCPmutation, and they are as follows:
Step 1:
Mis qos MUST be enabled:
On SW2
SW2 (config) #M1s qos
To verify the configuration of this step:
On SW2
Si2#Show mls QoS
QoS ip packet dscp rewrite is enabled
Step 2:
In this step a custom DSCP-Mutation map is configured, remember that if this custom mapping is
NOT configured, the default DSCP-Mutation map will be used, the default DSCP-Mutation map ean
be changed and it is configured as one to one, meaning that the incoming DSCP value will always
match to the same outgoing DSCP value:
In this step a custom DSCP-Mutation map named TST is configured, this custom DSCP-Mutation
maps the incoming DSCP value (in this case 1) to an outgoing DSCP value of 6
‘o see the default D: jutation map:
sW2#Show mls qos map dscp-mutation
Dsep-dsep mutation map:
efault DSCP Mutation Map:
Note the d1: column (highlighted in yellow) specifies the most significant digit of the DSCP value ofincoming packets, whereas, the d2: row (highlighted in blue) specifies the least significant digit of the
DSCP value of incoming packets.
‘The intersection of the d1 and d2 values (this is the body of the output) provides the DSCP value of the
outgoing packets.
NOTE: the output of the above show command reveals that the incoming DSCP value of 1, is re-
written to the outgoing DSCP value of 1.
Let’s configure a custom DSCP-Mutation map called TST that maps the incoming DSCP value of 1 to
an outgoing DSCP value of 60:
SW2 (config) #M1s qos map dscp-mutation TST 1 to 60
To verify the configuration:
On SW2
SW2#Show mls qos map dscp-mutation TST
Dsep-dscp mutation map:
TST:
Step 3:
In this step, the custom DSCP-Mutation map called TST is applied to the F0/19 interface (Trunk
interface) of SW2
Swi2 (config) #int FO/19
SW2(config-if)#mls qos dscp-mutation TST
To fy the configuration:
On SW2
Svi2#Show mls qos int F0/19 | Inc DSCPDSCP Mutation Map: TST
Reenbe, if the “Mls qos trust DSCP” is NOT configured, the configuration will NOT have any
affect on the packets:
To see the trust trust state (What’s being trusted) of the F0/19 interface:
On SW:
Si2#Show mls qos int FO/19 | Inc trust state
trust state: not trusted
On SW2
SW2 (config) #int FO/19
$W2(config-if)#mls gos trust dscp
To verify the configuration:
On SW2
Si2#Show mls qos int FO/19 | Inc trust state
trust state: trust dscp
NOTE: If CoS was trusted, the output of the above command would have stated “trust state: trust
CoS”, since ONLY DSCP is trusted, the trust state is DSCP.
Step 5:
Ensure that the DSCP re-writes are enabled, if this is disabled, then, the DSCP marking will NOT be
re-written,
To verify if the DSCP re-writes are enable
On SW2
Shi2#Show mls qos
is enabledIf the DSCP re-writes are disabled, then, the DSCP marking in the outgoing packets will NOT be re-
written, There are times that this feature must be disable, to disable this feature, the “NO mls qos
rewrite ip dsep” global command can be used.
To prepare R3 for verification purpose
OnR3
The following configuration is required for testing and verification.
R3 (config) #Class-map DSCP60
config-cmap) #match ip dscp 60
R3 (config) #policy-map TST
R3 (config-pmap) #Class DSCP60
Remember, the policy-map TST is already applied.
To verify the configuration:
On SW2
R3#Show policy-map TST
To test the configuration:
On R3
R3fclear counters
OnRiR1#Ping 10.1.1.3 rep 60
escape sequence to abort.
nding 60, 100-byte ICMP Echos to 10.1.1.3, timeout i,
Herren rere rerens
Success rate is 100 percent (60/60), round-trip min/avg/max = 1/1/4 ms
On R3
R3#Show policy-map interface | S$ DSCP60
(match-all)
, 6840 bytes
5 minute offered rate 0 bps
Task 3
Configure the “Default interface F0/1” command on R3 before proceeding to the next
lab.Lab 3—DSCP-CoS Mapping
10.4.1,0/24 VIPDomain
1st
wss9.20
Trunk Forts ron Fanon
4044.0 124
Lab Setup:
® Based on lab 1
You can copy and paste the initial configuration from the init directory
Task 1
For testing and verification of this lab configure R3 to match on incoming CoS marking
of 0-7 using an MQC and applying it ingress on F0/1.100 interface.
On R3
R3 (config) #class-map COsO
R3(config-cmap) #match CoS 0
R3 (config) #elass-map COS1
R3 (config-cmap) #match CoS 1
R3 (config) #elass-map COS2
R3 (config-cmap) #match CoS 2
R3 (config) #elass-map COS3R3(config-cmap) #match CoS 3
R3 (config) #elass-map COS4
R3(config-cmap) #match CoS 4
R3 (config) #class-map COSS
R3(config-cmap) #match CoS 5
R3 (config) #elass-map COS6
3 (config-cmap) #match CoS 6
R3 (config) #elass-map COS7
R3 (config-cmap) #match CoS 7
R3 (config) #Policy-map TST
R3(config-pmap) #Class COSO
R3 (config-pmap) #Class COS1
R3(config-pmap) #Class Cos2
R3 (config-pmap) #Class COs3
R3 (config-pmap) #Class COS4
R3 (config-pmap) #Class COs5
R3 (config-pmap) #Class COS6
fig-pmap) #Class COS7
R3
R3
config) #Int F0/1.100
(config-subif) #Service-policy in TST
Task 2
Configure RI such that it marks all outgoing packets with a DSCP value of 5.
On RI
R1 (config) #policy-map TST
R1(config-pmap) #elass class-default
Rl (config-pmap-c) #set ip dsep 5
R1 (config) #Int FO/0
Rl (config-if) #service-policy Out TSTTask 3
Configure $W2 such that it maps the DSCP value of 5 in incoming packets to a CoS
value of 6.
Before configuring this task, the default DSCP-CoS mapping should be displayed, using the following
command:
On SW2
sw2#Sh mls qos map
Dsep-cos map:
al: azo
00 00 00 00
01 01 o1 1
02 02 02 02
03 03 04 04
05 05 05 05
06 06 06 06
07 07 07 07
Note the output of the above show command displays the default DSCP to CoS mapping, it means that
IE the “Mls qos trust dsep” command is configured, then, the DSCP marking of incoming packets are
mapped to outgoing CoS values according to the DSCP-CoS map.
The incoming DSCP values are shown in the di column and the d2 row, whereas, the outgoing CoS
values are identified in the body of this display, this is the intersection of di column and d2 row.
NOTE: Every eight DSCP values are mapped to a single CoS value. This mapping effects the entire
switch, and a custom mapping can NOT be configured. By default, incoming DSCP value of S is
rewritten to an outgoing CoS value of 0. To accomplish this task, we have to modify this mapping so the
incoming DSCP value of 5 is rewritten to an outgoing CoS value of 6.
To test & verify the default configur:
The following command MUST be configured, so the incoming DSCP values are trusted, if this is NOT
configured, the incoming DSCP values will NOT be rewritten to an outgoing CoS values.
On SW2
Swi2 (config) #int FO/19
SW2(config-if) #M1s gos trust DSCP
CCTE R&S by Narbik Kocharians Advanced CCIE R&S Work Book 4.0 Page 40 of 971Svi2#Show mls qos int F0/19 | Inc trust state
trust state: trust dscp
To test the configur:
A ping is generated from R1 with a repeat count of 60 and verifies on R3:
OnR1
R1#Ping 10.1.1.3 repeat 60
‘Type escape sequence to abo:
Sending 60, 100-byte ICMP Echos to 10.1.1.3, timeout is 2 seconds:
SEPPEEeeneee Tle tee
Success rate is 98 percent (59/60), round-trip min/avg/max = 1/1/4 ms
On R3
R3#Sh policy-map interface | s Cos
Note DSCP 5 is mapped to CoS value of 0, this is because of the default mapping that is in use.
In the next step the default DSCP-CoS mapping is changed to map incoming DSCP value of 5 to an
outgoing CoS value of 6:
On SW2
SW2(config)#Mls qos map dscp-cos-5 to 6
Note the first value (5)45 the DSCP value in the incoming packets and the second value (6) is the CoS
value in the outgoing packets,To test & verify the configuration:
On R3
R3#Clear counters
OnR1i
R1#Ping 10.1.1.3 repeat 60
ype escape sequenc :
Sending 60, 100-byte ICP to 10.1.1.3, timeout is 2 seconds:
TEEPE PEPePePePeeteneey Vetter HUPeereeeenegeeey
Success rate is 100 percent (60/60), round-trip min/avg/max = 1/1/4 ms
On R3
Note incoming packets that have a marking of DSCP 5 are mapped to outgoing CoS value of 6 and
NOT 0:
R3#Sh policy-map interface | s COSO
(match-al1)
, 0 bytes
5 minute offered rate 0 bps
R3#Sh policy-map interface |
(match=all)
, 7080 bytes
5 minute offered rate 0 bps
Match: cos 6
Task 4
DO NOT erase the startup configuration of the routers and the switches10.44.0124 VIP Domain
1st
: worsan
Trunk Forts fos rao
Tank 3
40.44.0124
2
Task 1
> Remove the “service-policy input TST” command from F0/1.100 sub-interface
of R3.
> Remove the “Mls qos trust dsep” command from F0/19 interface of SW2.
You can copy and paste the initial configuration from the init directory
On R3
nfig)#int FO/1.100
nfig-subif) #No service-policy input TST
On SW2
$W2 (config) #Int FO/19
SW2(config-if)#No mls qos trust dsep
The configuration of the interfaces should resemble the following:On SW2
Sw2#Sh run int F0/19
FastEthernet0/19
port trunk encapsulation dotiq
itchport mode trunk
SW2#Sh run int FO/3
FastEthernet0/3
port trunk encapsul
port mode trunk
Task 2
Configure F0/0 interface of R2 to match incoming traffic with marking of DSCP 0-7
and 56 using an MQC.
On R2
R2 (config) #Class-map DO
R2(config-cmap) #mateh ip dsep
R2 (config-cmap) #Class-map D1
R2(config-cmap) #match ip dsep
R2(config-cmap) #Class-map D2
R2(config-cmap) #match ip dscp
R2 (config-cmap) #Class-map D3
R2(config-cmap) #mateh ip dsep
R2(config-cmap) #Class-map D4
R2(config-cmap) #match ip dscp
R2(config-cmap) #Class-map D5
R2(config-cmap) #match ip dsep
R2 (conf ig-cmap) #Class-map D6
R2(config-cmap) #match ip dscpR2 (config-cmap) #Class-map D7
R2(config-cmap) #match ip dscp 7
R2 (config-cmap) #Class-map D56
R2(config-cmap) #match ip dscp 56
R2 (config) #policy-map TST
R2 (config-pmap) #elass DO
R2 (config-pmap-c) #elass D1
R2 (config-pmap-c) #elass D2
R2 (config-pmap-c) #elass D3
R2 (config-pmap-c) #elass D4
R2 (config-pmap-c) #elass D5
R2 (conf ig-pmap-c) #elass Dé
R2 (config-pmap-c) #elass D7
R2 (config-pmap-c) #elass D56
R2 (config-pmap-c) #int F0/0
R2 (config-if) #service-policy in TST
Task 3
Configure the F0/3 interface of $W2 so that it marks all incoming traffic with a cos value
of 7 regardless of their existing marking
On SW2
SW2 (config) #int FO/3
SH fig-if)#mls qos cos 7
SWi2(config-if)#mls qos cos override
sk 4
Configure SW so that it maps the CoS value of 7 in incoming packets to a DSCP value
of 7 in the outgoing packets.
Before configuring this task we should display the default mapping, the following command reveals the
default mapping of CoS to DSCP: