You are on page 1of 117

Internetwork Expert’s CCIE™ Routing and Switching Lab Workbook (IEWB-RS) Sample Lab

Version 2.20 By: Brian Dennis, CCIE™ #2210 Brian McGahan, CCIE™ #8593

Internetwork Expert, Inc. www.InternetworkExpert.com Toll Free (US & Canada): 877.224.8987 International: +1.775.826.4344

Internetwork Expert’s CCIE™ R&S Lab Workbook Sample Lab Copyright Information
Copyright © 2005 Internetwork Expert, Inc. All rights reserved. The following publication, CCIE Routing and Switching Lab Workbook Sample Lab, was developed by Internetwork Expert, Inc. All rights reserved. No part of this publication may be reproduced or distributed in any form or by any means without the prior written permission of Internetwork Expert, Inc. Cisco®, Cisco® Systems, CCIE™, and Cisco Certified Internetwork Expert, are registered trademarks of Cisco® Systems, Inc. and/or its affiliates in the U.S. and certain countries. All other products and company names are the trademarks, registered trademarks, and service marks of the respective owners. Throughout this manual, Internetwork Expert, Inc. has used its best efforts to distinguish proprietary trademarks from descriptive names by following the capitalization styles used by the manufacturer.

Copyright © 2005 Internetwork Expert

i

Internetwork Expert’s CCIE™ R&S Lab Workbook Sample Lab Disclaimer
The following publication, CCIE Routing and Switching Lab Workbook Sample Lab, is designed to assist candidates in the preparation for Cisco Systems’ CCIE Routing & Switching Lab exam. While every effort has been made to ensure that all material is as complete and accurate as possible, the enclosed material is presented on an “as is” basis. Neither the authors nor Internetwork Expert, Inc. assume any liability or responsibility to any person or entity with respect to loss or damages incurred from the information contained in this workbook. This workbook was developed by Internetwork Expert, Inc. and is an original work of the aforementioned authors. Any similarities between material presented in this workbook TM and actual CCIE lab material is completely coincidental.

ii

Copyright © 2005 Internetwork Expert

.................................................................................................................................... xxv IEWB-RS Lab 1...............................................................................................................................viii Technology Domains.....................................................................................xiii CCIE R&S Lab Workbook...........xvii Point Values .......................................................................................... vii Tier 2 – Applying the Technologies ........................................................... xiv CCIE R&S Mock Lab Workshop .........................................................................................Internetwork Expert’s CCIE™ R&S Lab Workbook Sample Lab Table of Contents About IEWB-RS .............................................................................................................................................................................................. xiv How to Use IEWB-RS .................................................................... 1 IEWB-RS Lab 1 Solutions........................................................................................................................................................................................................................................................................................... xx Feedback ...........................................................................................................xvii Grading ...............xxi IEWB-RS Physical Cabling Connections............... 17 IEWB-RS Lab 1 Addressing Diagram ....... xii Tier-2 Products.............................................................................................................................................. 89 IEWB-RS Lab 1 Protocol Diagram ...................................................... xix Support............................................................................. xi CCIE R&S Advanced Technologies Labs .......................................................................................................................... xiv CCIE R&S Mock Lab Exams ........................................................................................................................................................................................................................................................................ xix Rack Rentals ..................................................................... xii CCIE R&S Lab Workbook................... xx Hardware Specification ........................ v IE’s End-to-End CCIE Program...................... xi CCIE R&S Advanced Technologies Audio Class..........................vii Tier 1 – Learning the Technologies ................. xix Initial Configurations........................................ xi CCIE R&S Advanced Technologies Class-on-Demand................................................ xv Restrictions ........................................................... 90 Copyright © 2005 Internetwork Expert iii ............................................................................................xviii Solutions Guide ...................................................................................................... xvi Difficulty Rating ................... ix Tier-1 Products......................xxiv IEWB-RS Physical Interface Connections ..... x CCIE R&S Advanced Technologies Class............................................

Internetwork Expert’s CCIE™ R&S Lab Workbook Sample Lab iv Copyright © 2005 Internetwork Expert .

The labs contained in IEWB-RS are designed to simulate the actual CCIE Routing & Switching Lab Exam and at the same time illustrate the principles behind the technologies which it covers.Internetwork Expert’s CCIE™ R&S Lab Workbook Sample Lab About IEWB-RS Internetwork Expert’s CCIE Routing & Switching Lab Workbook (IEWB-RS) is designed to be used as a supplement to other self-paced and instructor-led training materials in preparation for Cisco Systems’ CCIE Routing & Switching Lab Exam. IEWB-RS consists of various lab scenarios designed from the ground up based on Cisco Systems’ newest specification for the CCIE Routing & Switching Lab Exam. Copyright © 2005 Internetwork Expert v . and is a highly integral part of Internetwork Expert’s End-to-End CCIE Program.

Internetwork Expert’s CCIE™ R&S Lab Workbook Sample Lab vi Copyright © 2005 Internetwork Expert .

of preparation. Candidates are assumed to already have a CCNP-level of knowledge and experience of the topics covered at this level. The CCIE program consists of two tiers. This tier focuses on how to configure. Copyright © 2005 Internetwork Expert vii . Note It is vital that students gain a solid CCIE-level understanding of the topics covered at this tier as these technologies are the building blocks of the real CCIE Lab Exam. is where CCIE candidates obtain a true understanding of CCIE-level technologies. Keep in mind that this tier is not "Introduction to Networking" of any sorts. Tier 1 – Learning the Technologies The first tier of the program. or stages. Learning the Technologies. and troubleshoot both core and advanced CCIE technologies. Attempting the CCIE Lab without mastering this knowledge leaves the candidate with no realistic chance of passing the exam. This program is targeted for the serious candidate that is willing to invest both the time and effort to pass the CCIE lab and become a true Internetwork Expert.Internetwork Expert’s CCIE™ R&S Lab Workbook Sample Lab IE’s End-to-End CCIE Program Internetwork Expert's End-to-End CCIE Program is a complete solution designed for candidates who want a structured approach to the CCIE Routing & Switching certification. verify.

Topics at this tier are designed to push your problem-solving skills and technological know-how to its limits. This level is for networking professionals that are almost ready for the actual CCIE Lab Exam. as well as implementing the technologies in the real world.Internetwork Expert’s CCIE™ R&S Lab Workbook Sample Lab Tier 2 – Applying the Technologies The second tier of the program. is where CCIE candidates are tested on the skills they have accumulated throughout their preparation. Applying the Technologies. viii Copyright © 2005 Internetwork Expert . but are looking for final preparation before The Big Day. Using this approach commonly results in candidates having critical gaps in their knowledge base that are detrimental to passing the CCIE R&S Lab Exam. Caution Attempting to use Tier-2 products to learn the technologies covered in the CCIE R&S Lab Exam is not the proper way to prepare.

Copyright © 2005 Internetwork Expert ix . This approach leads to more focused preparation.Internetwork Expert’s CCIE™ R&S Lab Workbook Sample Lab Technology Domains Topics within Internetwork Expert's End-to-End CCIE Program are divided into three technology domains. and QoS/Security/Services. These domains are Layer 2 Technologies. Routing Protocols. By clearly defining which topics fall into which category it makes it easier to survey what topics you have a sound understanding of. and which topics you need to focus on in your preparation. CCIE Program Technologies IPv4 and IPv6 Ethernet Switching Frame Relay ATM ISDN PPP RIP EIGRP OSPF IS-IS BGP IP Multicast QoS DLSw+ Security IOS Features IOS Management IP Services Layer 2 Technologies Routing Protocols QoS/Security/Services Each of the above technology domains includes both the IPv4 and IPv6 functionality. which ultimately results in savings of time and money.

Learning the Technologies. as at least a CCNP-level of knowledge of the topics covered here is required before using products at this level. x Copyright © 2005 Internetwork Expert . While this order is not written in stone we have found that candidates who use this structured approach have a higher rate of success not only in passing the CCIE lab exam but retaining their knowledge afterwards. as the topics at this level are the building blocks of the CCIE lab. Tier 1: Learning the Technologies Instructor-Led Advanced Technologies Class Week 1 Advanced Technologies Audio Class Advanced Technologies Labs Level 1 Difficulty Instructor-Led Advanced Technologies Class Week 2 Lab Workbook Volume I Level 5 – 6 Difficulty Advanced Technologies Labs Level 2 Difficulty On to Tier-2 For self-paced programs the Advanced Technologies Class-on-Demand series should be substituted for the Instructor-Led Advanced Technologies Class. At this level a true understanding of the nature of the technologies covered in the CCIE R&S Lab Exam is obtained. is the foundation of our entire program. It is essential that the topics covered at this level are learned before progressing further.Internetwork Expert’s CCIE™ R&S Lab Workbook Sample Lab Tier-1 Products The first tier of our End-to-End CCIE Program. The below diagram illustrates the recommended progression through this tier. Do not mistake products at this level as "Introduction to Networking".

Internetwork Expert’s CCIE™ R&S Lab Workbook Sample Lab The products that make up this tier are as follows: CCIE R&S Advanced Technologies Class The CCIE Routing & Switching Advanced Technologies Class (IEATC-RS) is a two-week instructor-led class delivered through our state-of-the-art online classroom. CCIE R&S Advanced Technologies Class-on-Demand The CCIE Routing & Switching Advanced Technologies Class-on-Demand series (IECOD-RS) is a self-paced version of the CCIE Routing & Switching Advanced Technologies Class series. This class uses a hands-on lecture approach that is designed to provide students with a CCIE-level understanding of the technologies covered in Cisco Systems’ CCIE Routing and Switching Lab Exam. This series allows candidates to attend the instructor-led class series at their own pace. CCIE R&S Advanced Technologies Audio Class The CCIE Routing & Switching Advanced Technologies Audio Class series (IEAC-RS) is a CD audio series which takes an in-depth look at the technologies covered in the CCIE Routing & Switching Lab exam. and gives previous attendants of the live class a convenient way to go back and review the topics covered in the class at a later time. This product is the ideal solution for networking professionals who are preparing for their CCIE Routing & Switching Lab Exam but don't have the luxury of regularly scheduled study times. but is available in streaming video format. you see the configuration live on the IOS command line. Not only do you hear the instructor's explanation of the technologies in question. and is an excellent companion to the CCIE Routing & Switching Advanced Technologies Class. Copyright © 2005 Internetwork Expert xi . This series uses the exact same hands-on lecture approach seen in the CCIE R&S Advanced Technologies Class series.

and what the specific implications of a configuration are. By understanding these fundamental operations of the protocols candidates will be able to predict advanced and sometimes subtle interactions when the various technologies are configured together. IEWB-RS was designed from the ground up based on the newest CCIE Lab Exam specification to teach the fundamental principles behind the advanced networking technologies covered in the CCIE Routing & Switching Lab Exam. is the most comprehensive self-paced resource available for the CCIE Routing & Switching Lab exam on the market today. At Tier-1 candidates are expected to master IEWB-RS Volume I labs with a difficulty rating of 6 or lower. This series is used to isolate topics on their own allowing candidates to see firsthand the various ways to configure each technology. Internetwork Expert's CCIE Routing & Switching Lab Workbook (IEWB-RS). goal-oriented stepby-step approach.Internetwork Expert’s CCIE™ R&S Lab Workbook Sample Lab CCIE R&S Advanced Technologies Labs The CCIE Routing & Switching Advanced Technologies Labs (IETL-RS) are a hands-on lab series that present topics in an easy to follow. xii Copyright © 2005 Internetwork Expert . IEWB-RS is a two-volume publication consisting of 30 full-scale 8-hour lab scenarios and a solution guide consisting of more than 1000 pages of detailed explanation. and at the same time is designed to simulate the actual CCIE Routing & Switching Lab Exam. CCIE R&S Lab Workbook Our flagship product.

The below diagram illustrates the recommended progression through this tier. For self-paced programs the CCIE Routing & Switching Mock Labs should be substituted for the CCIE Routing & Switching Mock Lab Workshop. Candidates will rely on all of the knowledge they have acquired throughout the first tier of the program as they implement all the technologies in tandem in final preparation for the actual CCIE R&S Lab Exam. is the culmination of all technologies covered throughout the course of the program. Tier 2: Applying the Technologies Lab Workbook Volume I Level 7 – 10 Difficulty Instructor-Led Mock Lab Workshop Lab Workbook Volume II Take and Pass CCIE Lab Exam! Copyright © 2005 Internetwork Expert xiii .Internetwork Expert’s CCIE™ R&S Lab Workbook Sample Lab Tier-2 Products The second tier of our End-to-End CCIE Program. At this level. Applying the Technologies. topics are presented in full scale 8-hour lab format with intense difficulty.

Taking the mock lab exams prior to the actual exam ensures that candidates do not have critical gaps in their knowledge base.Internetwork Expert’s CCIE™ R&S Lab Workbook Sample Lab The products that make up this tier are as follows: CCIE R&S Lab Workbook At Tier-2 candidates are expected to master IEWB-RS Volume I labs with a difficulty rating of 7 or higher. and fully prepare them as they lead up to their CCIE R&S Lab Exam date. This product gives candidates the opportunity to take mock lab simulations at their own pace. +1-775-826-4344 outside the US xiv Copyright © 2005 Internetwork Expert . CCIE R&S Mock Lab Exams Internetwork Expert's CCIE Routing & Switching Mock Lab Exams (IEML-RS) are a self-paced version of the CCIE Routing & Switching Mock Lab Workshop.internetworkexpert. IEW-RS is not intended for candidates without a complete knowledge of the topics covered in Tier-1. After the mock lab is graded by our instructors candidates meet the instructor online for a one hour one-on-one breakdown session to discuss their performance in real time. For More Information For more information on Internetwork Expert’s End-to-End CCIE Program visit us on the web at http://www. This class is designed for students to solidify their existing knowledge. expose weaknesses. CCIE R&S Mock Lab Workshop The CCIE Routing and Switching Mock Lab Workshop (IEW-RS) is a five-day instructor-led hands-on lab class delivered through our state-of-the-art online classroom.com or call toll free 877-224-8987. and all labs in IEWB-RS Volume II. but still allows them to get live feedback from our instructors through our online classroom. as the lab scenarios covered during IEW-RS are designed to be more technically challenging than the real CCIE Lab Exam.

12. 11. For each lab scenario. 13. 2. 8. stop where you are and fall back to the Tier-1 approach to the topic. Catalyst 3550 Frame Relay ATM ISDN/PPP Interior Gateway Routing Exterior Gateway Routing IP Multicast IPv6 QoS Security System Management IP Services DLSw+ Each of the above sections is then further subdivided into particular tasks. 9. 5.Internetwork Expert’s CCIE™ R&S Lab Workbook Sample Lab How to Use IEWB-RS Internetwork Expert’s CCIE Routing & Switching Lab Workbook falls into both the Tier-1 and Tier-2 category of the End-to-End CCIE Program. 3. 4. Each of these lab scenarios presented in IEWB-RS is divided into thirteen technology sections: 1. you must configure the presented tasks while conforming to various predefined restrictions. Using this method will ensure that you are not overlooking key fundamentals of the technology that may not be apparent in their application here. 10. 6. Candidates using this product should already have a working knowledge of 90% of the topics covered. 7. If at any time throughout the progression of these labs you find that you do not fully understand a presented technology. Copyright © 2005 Internetwork Expert xv .

not using default routes. etc. These restrictions may include not using static routes. not creating a certain type of interface. xvi Copyright © 2005 Internetwork Expert . Note You may do whatever is necessary to complete a task unless the general requirements for the lab scenario or the specific requirements for the task explicitly prohibit you from doing so. These restrictions are defined in the Lab Do’s and Don’ts introductory section for each lab scenario. This may include using policy routing. configuring GRE tunnels. Caution Ensure that you always read the Lab Do’s and Don’ts section carefully. etc. as the restrictions may vary from lab to lab. not adding additional IP addressing. not using the legacy configuration for a technology. These restrictions may include not issuing a particular configuration command. redistributing IGPs or BGP.Internetwork Expert’s CCIE™ R&S Lab Workbook Sample Lab Restrictions For each lab scenario. There may also be certain restrictions for particular tasks within a lab scenario. there are explicit general restrictions that you must conform to while configuring the lab. etc.

The labs within IEWB-RS are designed to be more technically challenging than the actual CCIE™ Routing & Switching Lab Exam. fall back to the Tier-1 approach to the topic. it is advisable to solve the task by whatever means necessary in order to complete future tasks which depend on it. Point Values Like the actual CCIE lab exam. However. If you are having trouble with a certain area. Using this method will ensure that you are not overlooking key fundamentals of the technology that may not be apparent in their application here. Caution Points will never be awarded for a task for which you have violated the requirements. certain solutions may negatively impact previous or future tasks. However. If you cannot come up with an appropriate solution for a task. Copyright © 2005 Internetwork Expert xvii . No partial credit is awarded for any task. points will be awarded for that task.Internetwork Expert’s CCIE™ R&S Lab Workbook Sample Lab Difficulty Rating We have given each lab scenario a difficulty rating. Do not get discouraged if you are scoring low or do not understand a particular set of technologies. A minimum score of 80 points is required to ‘pass’ a particular scenario. and try your best to come up with an appropriate solution. with 10 being the hardest. each task within a lab is assigned a specific point value. and does not violate any preset restrictions. Some tasks may have multiple solutions. Make sure that you carefully read all presented requirements. keep in mind the relative point value of the task in question as compared to other future tasks. Ratings are on a scale of 1 to 10. As long as the presented solution meets the given requirements. Points are only awarded if the presented solution meets all the given requirements.

which technologies you need to work on. Correctly configured areas may also include hints and pointers to improve your configurations in the future. At the end of each score report. the authors of IEWB-RS have devised a detailed grading and feedback process for these lab scenarios to enable you to quickly determine the areas that you need to work on. Although Cisco does provide a score report for unsuccessful lab attempts. this report does not give you an accurate picture of what was wrong with your configurations. xviii Copyright © 2005 Internetwork Expert . you will know for certain what technologies you thoroughly understand.Internetwork Expert’s CCIE™ R&S Lab Workbook Sample Lab Grading The authors of this workbook have noted throughout their many years of teaching CCIE preparation programs that many CCIE candidates fail the lab without understanding why. which may include links to recommended readings. By utilizing Internetwork Expert’s grading services. Sections that were configured incorrectly include a detailed description of what was incorrect. why it was incorrect. In order to eliminate this guesswork. Grading includes a detailed score report that illustrates which sections were configured correctly and which sections were configured incorrectly. and whether or not you are ready to take and pass the CCIE Routing & Switching Lab Exam. we provide a recommendation as to what areas need improvement. and what the expected solution was to be.

Internetwork Expert offers cost effective equipment rentals specifically designed to be used with our self-paced training product lines in order to eliminate the cost of buying all the equipment used in IEWB-RS. a detailed solutions guide for Internetwork Expert’s CCIE Routing & Switching Lab Workbook is included free of charge. Rack Rentals We have built Internetwork Expert’s CCIE Routing & Switching Lab Workbook to the publicly stated hardware specification used in the actual CCIE lab exam. These rack rentals not only minimize your investment in training.Internetwork Expert’s CCIE™ R&S Lab Workbook Sample Lab Solutions Guide In addition to this workbook. Initial Configurations Internetwork Expert’s CCIE Routing & Switching Lab Workbook includes initial configuration scripts for all devices in each lab scenario.internetworkexpert.internetworkexpert. For the most recent copy of these configuration scripts see Internetwork Expert’s members site at http://members. it is necessary to load the provided configuration files for the backbone devices.internetworkexpert.com.com. Therefore. Copyright © 2005 Internetwork Expert xix . In addition to these initial configuration scripts. These configuration scripts should be loaded on your equipment before beginning the configuration of the scenario. The final configurations for IEWB-RS are broken down on a task by task basis. but also enable you to use value added services such as grading. The solutions guide includes the final configurations for each lab scenario along with a thorough explanation of each task. you will know exactly which command or commands correspond to which task.com. The solutions guide for IEWB-RS is as much of an integral part of this product as the workbook itself. For more information on rack rentals visit Internetwork Expert on the web at http://www. For the most recent copy of the IEWB-RS solutions guide see Internetwork Expert’s members site at http://members. For more detail on the hardware requirements for the internal and external devices in IEWB-RS see the accompanying Hardware Specification section of this document. There is no need to sort through a long configuration file to guess which commands correspond to which question.

internetworkexpert.com/chat/ via the web. comments.internetworkexpert. and engineers around the world preparing for the CCIE Lab Exam via our web forum and IRC server.Internetwork Expert’s CCIE™ R&S Lab Workbook Sample Lab Support Interact with countless CCIEs.com.com and on our live IRC chat server at irc. xx Copyright © 2005 Internetwork Expert . or http://www. Feedback We want to hear from you! Internetwork Expert is committed to your satisfaction and to improving our product lines. or concerns about this or any other Internetwork Expert product submit feedback to us via email to feedback@internetworkexpert. If you have any questions.com. To get the most out of this and other Internetwork Expert products join the IEWB-RS discussion on the Internetwork Expert Forum at http://forum. including the actual authors of the workbook.internetworkexpert.

In addition to this. an ISDN switch. and an ATM switch. This includes six routers with Ethernet. All routers run 12. two Catalyst 3550 series switches running the enhanced multilayer software image (EMI) are also included. As per the actual CCIE lab hardware specification. This change results in minor discrepancies in references to FastEthernet as opposed to Ethernet of R1 and R2 in lab documents.Internetwork Expert’s CCIE™ R&S Lab Workbook Sample Lab Hardware Specification Internetwork Expert’s CCIE Routing & Switching Lab Workbook uses the same hardware specification that is used in the actual CCIE lab exam.2T IOS. The physical topology of IEWB-RS remains the same throughout the entire workbook. These devices include a Frame Relay switch. IEWB-RS also includes various external devices that are not within the control of the candidate. and ISDN. Please note that these discrepancies are cosmetic. and solutions. Serial. Copyright © 2005 Internetwork Expert xxi . diagrams. three backbone routers are included to inject routes and facilitate in the testing of ATM configurations. there is no need to change the cabling in order to complete each lab. one of which has ATM. Therefore once your lab has been physically cabled to meet the workbook’s specification. Note The following hardware specification has been updated to reflect platform changes made for IEWB-RS Volume II. and do not affect any protocol or feature functionality throughout IEWBRS Volume I. In addition to the six routers. FastEthernet.

ATM 24 .ISDN 2 .2(15)T14 12.NM-4A/S 1 .VIP2-40 1 .PA-FE-FX 1 .GigEthernet 24 .2(25)SEA 12.FastEthernet 2 .PA-A1-OC3MM N/A N/A R6 SW1 SW2 7505 128 24 3550-24-EMI Default Default 3550-24-EMI Default Default xxii Copyright © 2005 Internetwork Expert .Serial 1 .FastEthernet 2 .WIC-1T 1 .FastEthernet 2 .Serial 2 .FastEthernet 2 .WIC-1B-U 1 .WIC-1T 1 .Ethernet 1 .WIC-1T 2 .Internetwork Expert’s CCIE™ R&S Lab Workbook Sample Lab The generic devices used in IEWB-RS include the following: Device R1 R2 R3 R4 Software Version 12.Serial 1 .GigEthernet R5 R6 SW1 SW2 12.2(25)SEA Enterprise Plus Enterprise EMI EMI The specific devices used in design of IEWB-RS were the following Device R1 R2 R3 R4 R5 Platform 2620 2620 2611 2611 3640 DRAM 64 64 64 64 128 Flash 32 32 16 16 32 Installed WICs / Modules 2 .NM-2E2W 1 .FastEthernet 1 .2(15)T14 12.2(13)T14 12.Ethernet 1 .RSP2 2 .2(15)T14 Software Feature Set Enterprise Plus Enterprise Plus Enterprise Basic Enterprise Basic Interfaces 1 .2(15)T14 12.WIC-1T 1 .Serial 2 .Serial 1 .WIC-1B-U 1 .ISDN 1 .2(15)T14 12.Ethernet 4 .

Serial. such as Ethernet.ISDN BRI U Interfaces * BB1 and BB3 will need to peer via iBGP with each other.Ethernet 1 .2(2)T4 12.2(15)T14 12.Ethernet 6 .ATM OC3 2 .ATM 1 .2(2)T4 N/A N/A N/A Software Feature Set Enterprise Plus Enterprise Plus Enterprise Plus N/A N/A N/A Interfaces 1 . This can be done over any interface.Serial 2 . or even an AUX port to AUX port connection Copyright © 2005 Internetwork Expert xxiii .Internetwork Expert’s CCIE™ R&S Lab Workbook Sample Lab The external core devices used in IEWB-RS include the following Device BB1* BB2 BB3* Frame Relay Switch ATM Switch ISDN Switch Software Version 12.

Internetwork Expert’s CCIE™ R&S Lab Workbook Sample Lab IEWB-RS Physical Cabling Connections BB1 Connection for BGP Peering BB2 Backbone 2 Ethernet ATM Fa1/0/0 ATM0/0/0 BB3 BB3 Backbone 3 Ethernet Fa0/0 S0/1 R1 S0/0 R6 Fa0/0 S0/1 R2 S0/0 S1/2 S1/3 S1/1 R3 R3 Frame-Relay S1/0 E0/0 BRI0/0 R4 ISDN S0/0 E0/1 E0/0 E0/1 BRI0/0 E0/0 R5 S0/0 E0/1 xxiv Copyright © 2005 Internetwork Expert .

Internetwork Expert’s CCIE™ R&S Lab Workbook Sample Lab IEWB-RS Physical Interface Connections ISDN Switch Type R4 BR0/0 SPID1 R5 BRI0/0 SPID1 basic-ni 52720X4 52720X5 Frame Relay Switch Configuration Local Router Local Interface Local DLCI Remote Router Remote Interface Remote DLCI Local Router Ethernet Connections Local Interface Remote Router Remote Interface R1 R1 R1 R1 R1 R2 R2 R2 R2 R2 R3 R3 R3 R3 R3 R3 R3 R3 R4 R4 R4 R4 R4 R5 R5 R5 R5 R5 S0/0 S0/0 S0/0 S0/0 S0/0 S0/0 S0/0 S0/0 S0/0 S0/0 S1/0 S1/0 S1/0 S1/0 S1/1 S1/1 S1/1 S1/1 S0/0 S0/0 S0/0 S0/0 S0/0 S0/0 S0/0 S0/0 S0/0 S0/0 102 103 113 104 105 202 203 213 204 205 301 302 304 305 311 312 314 315 401 402 403 413 405 501 502 503 513 504 R2 R3 R3 R4 R5 R1 R3 R3 R4 R5 R1 R2 R4 R5 R1 R2 R4 R5 R1 R2 R3 R3 R5 R1 R2 R3 R3 R4 S0/0 S1/0 S1/1 S0/0 S0/0 S0/0 S1/0 S1/1 S0/0 S0/0 S0/0 S0/0 S0/0 S0/0 S0/0 S0/0 S0/0 S0/0 S0/0 S0/0 S1/0 S1/1 S0/0 S0/0 S0/0 S1/0 S1/1 S0/0 201 301 311 401 501 102 302 312 402 502 103 203 403 503 113 213 413 513 104 204 304 314 504 105 205 305 315 405 R1 R2 R3 R3 R4 R4 R5 R5 R6 SW1 SW1 SW1 SW1 SW1 SW1 SW1 SW1 SW1 SW1 SW2 SW2 SW2 SW2 SW2 SW2 SW2 Fa0/0 Fa0/0 E0/0 E0/1 E0/0 E0/1 E0/0 E0/1 Fa1/0/0 Fa0/1 Fa0/2 Fa0/3 Fa0/4 Fa0/5 Fa0/6 Fa0/13 Fa0/14 Fa0/15 Fa0/24 Fa0/3 Fa0/4 Fa0/5 Fa0/13 Fa0/14 Fa0/15 Fa0/24 SW1 SW1 SW1 SW2 SW1 SW2 SW1 SW2 SW1 R1 R2 R3 R4 R5 R6 SW2 SW2 SW2 BB3 R3 R4 R5 SW1 SW1 SW1 BB2 Fa0/1 Fa0/2 Fa0/3 Fa0/3 Fa0/4 Fa0/4 Fa0/5 Fa0/5 Fa0/6 Fa0/0 Fa0/0 E0/0 E0/0 E0/0 Fa1/0/0 Fa0/13 Fa0/14 Fa0/15 N/A E0/1 E0/1 E0/1 Fa0/13 Fa0/14 Fa0/15 N/A Copyright © 2005 Internetwork Expert xxv .

Internetwork Expert’s CCIE™ R&S Lab Workbook Sample Lab xxvi Copyright © 2005 Internetwork Expert .

Lab Do’s and Don’ts: • • • • • Do not change or add any IP addresses from the initial configuration unless otherwise specified Do not change any interface encapsulations unless otherwise specified Do not change the console. For a current copy of these scripts. or policy routing unless otherwise specified Save your configurations often Copyright © 2005 Internetwork Expert 1 . However. take the time to research the networking technology in question and gain a deeper understanding of the principles behind its operation. ensure that the initial configuration scripts for this lab have been applied.com Refer to the attached diagrams for interface and protocol assignments. Specifically. including any networks generated by the backbone routers unless explicitly specified. remember that in addition to being designed as a simulation of the actual CCIE™ lab exam. while any reference to Y in an IP address refers to your router number. Any reference to X in an IP address refers to your rack number. AUX. see the Internetwork Expert homepage at http://www.internetworkexpert. this practice lab should be used as a learning tool. default routes.Internetwork Expert’s CCIE™ R&S Lab Workbook Sample Lab IEWB-RS Lab 1 Difficulty Rating (10 highest): 5 Lab Overview: The following scenario is a practice lab exam designed to test your skills at configuring Cisco® networking devices. Upon completion. this scenario is designed to assist you in your preparation for Cisco® Systems’ CCIE™ Routing and Switching Lab exam. all devices should have full IP reachability to all networks in the routing domain. default networks. Lab Instructions: Prior to starting. Instead of rushing through the lab in order to complete all the configuration steps. and VTY passwords or access methods unless otherwise specified Do not use any static routes.

If a section has multiple possible solutions. See Internetwork Expert’s homepage at http://www. A section must work 100% with the requirements given in order to be awarded the points for that section.internetworkexpert. choose the solution that best meets the requirements. Point Values: The point values for each section are as follows: Section Catalyst 3550 Frame Relay ATM ISDN/PPP Interior Gateway Routing Exterior Gateway Routing IP Multicast IPv6 QoS Security System Management IP Services DLSw+ Point Value 10 6 2 7 17 10 8 5 7 5 11 9 3 GOOD LUCK! 2 Copyright © 2005 Internetwork Expert .Internetwork Expert’s CCIE™ R&S Lab Workbook Sample Lab Grading: This practice lab consists of various sections totaling 100 points. Grading for this practice lab is available when configured on Internetwork Expert’s racks. or the racks of Internetwork Expert’s preferred vendors. A score of 80 points is required to achieve a passing score.com for more information. No partial credit is awarded.

1. Authenticate the VTP domain with the password CISCO.Internetwork Expert’s CCIE™ R&S Lab Workbook Sample Lab 1. Configure the VTP domain CISCO between SW1 and SW2. 1.E0/0 R2 .E0/0 R3 .3.E0/1 R4 .E0/0 R4 .E0/0 R5 .2. Create and configure the VLAN assignments on SW1 and SW2 as follows: Catalyst Port SW1 Fa0/1 SW1 Fa0/2 SW1 Fa0/3 SW1 Fa0/4 SW1 Fa0/5 SW1 Fa0/6 SW1 Fa0/10 SW1 Fa0/11 SW1 Fa0/13 SW1 Fa0/14 SW1 Fa0/15 SW1 Fa0/24 SW2 Fa0/3 SW2 Fa0/4 SW2 Fa0/5 SW2 Fa0/13 SW2 Fa0/14 SW2 Fa0/15 SW2 Fa0/24 SW2 Interface R1 .E0/1 R5 . Catalyst 3550 1.E0/0 R6 – Fa1/0/0 N/A N/A SW2 Fa0/13 SW2 Fa0/14 SW2 Fa0/15 BB3 R3 .1.E0/1 SW1 Fa0/13 SW1 Fa0/14 SW1 Fa0/15 BB2 VLAN 82 VLAN Routed 2 33 N/A 58 46 2 2 Trunk Routed 58 33 N/A 46 N/A Trunk Routed Routed 82 82 3 Points Copyright © 2005 Internetwork Expert 3 .

After implementing the change in spanning-tree configuration for VLAN 2. R2. 2.2.7. 2 Points 1. 3 Points 1. one of your users plugged a switch into the conference room and crashed your entire network. This link should never become an access port under any circumstance. In order to prevent this problem in the future. 1. Recently your network administrator has been getting complaints that when users plug their laptops into the conference room it either takes a very long time to get an address from the DHCP server. Do not use any dynamic layer 3 to layer 2 mappings over these Frame Relay connections. Ports in VLAN 2 connect to your corporate conference room. you have discovered that a spanning-tree loop was to blame. 2. 1. Using only physical interfaces configure a Frame Relay hub-and-spoke network between R1. After further investigation. 3 Points 4 Copyright © 2005 Internetwork Expert . Use only the DLCIs specified in the diagram.5.3. 2 Points 2. Configure SW1 so that users in VLAN 2 do not have to wait for spanning-tree’s forwarding delay when they connect to the network.1.6. Configure a trunk between SW1’s interface Fa0/13 and SW2’s interface Fa0/13.Internetwork Expert’s CCIE™ R&S Lab Workbook Sample Lab 1. ensure that any ports in VLAN 2 will be shut down if a device running spanning-tree protocol is detected. and R3 with R2 as the hub.8. After further investigation. Do not send any redundant broadcast traffic from the spokes to the hub. and vice versa.4. 2. 2.5. Traffic from R1 destined for R3 should transit R2. Frame Relay 2. or the DHCP request times out.4. Traffic from VLAN 46 should not be tagged with a VLAN header when it is sent over this trunk link. you have discovered that spanning-tree convergence time is to blame.

7. R4. 4. 2. 3. Use only the DLCIs specified in the diagram. and R5 with R5 as the hub. 4.8.2. Do not rely on any dynamic layer 3 to layer 2 protocol mappings. R4 and R5 should authenticate each other across this ISDN link. Do not use any dynamic layer 3 to layer 2 mappings over these Frame Relay connections. and vice versa.254 should be sent over this VC. 3. 2.Internetwork Expert’s CCIE™ R&S Lab Workbook Sample Lab 2. ISDN/PPP 4. Either device should be allowed to initiate an ISDN call if there is IP traffic destined for the other side of the link. 4. Configure legacy ISDN DDR between R4 and R5.3. 2.6.9.5. Do not send any redundant broadcast traffic from the spokes to the hub. 2 Points Copyright © 2005 Internetwork Expert 5 . Configure PPP encapsulation on the ISDN link between R4 and R5.X. 2. Using only physical interfaces configure a Frame Relay hub-and-spoke network between R3.1. Ensure that R6 can send broadcast and multicast traffic over the PVC as a replicated unicast.3. Both R4 and R5 should send their hostname along with the clear text password CISCO across the ISDN link for authentication. An ISDN call should be disconnected if neither router has sent or received IP traffic for more than 3 minutes. ATM 3.2. Traffic from R3 destined for R4 should transit R5.1.4. 2 Points 4. IP traffic destined for 54.1.4. 3 Points 4. 3 Points 3. 3. Using the physical ATM interface configure a PVC 0/10X on R6.10.

Do not send EIGRP packets out any other interfaces. 2 Points 4. 5. R4. SW2. Configure EIGRP AS 100 on R1. Advertise the Loopback 0 interfaces of R1. Configure OSPF area 0 on the Frame Relay connection between R3. 5.Internetwork Expert’s CCIE™ R&S Lab Workbook Sample Lab 4.8.9. & R5 into OSPF area 0. R5. 5.6.7. 2 Points 6 Copyright © 2005 Internetwork Expert . Configure EIGRP on the Ethernet segments between R1. Advertise the Loopback 0 interfaces of R3. Do not use the neighbor statement under the OSPF process to accomplish this.14. OSPF should not keep the ISDN link up as long as the OSPF topology remains stable.12. Advertise R6’s Loopback 0 interface into OSPF area 46.10.1. and VLAN 2. 3 Points 5. R2.11. Configure OSPF area 45 on the ISDN link between R4 and R5. This fragmentation should occur regardless of the utilization of the first B channel. R2. 5. and R3. R3. 5. Configure OSPF area 46 on VLAN 46 between R4 and R6.3. 5.4. & R5. SW1. SW1. OSPF should be allowed to trigger an ISDN call if there is a change in the OSPF topology.6. In order to maximize throughput on the ISDN circuit configure your network so that R4 and R5 fragment all traffic amongst both ISDN B channels. R2. 5. Ensure that R5 is always elected the designated router for this segment. 5.5.13. and R5. 5. Configure EIGRP on the Frame Relay segment between R1. and SW2. and SW2 into the EIGRP domain. 5. SW1. 5. R4. 3 Points 5.2. Interior Gateway Routing 5. 5.7.

2 Points 5.X.27. Administrators of your network are concerned about false routing information being injected from the ATM cloud.19. 5. In order to protect against false route injection from RIP as well. This prefix should appear as follows throughout the EIGRP domain: D EX 204.24. 5. Enable EIGRP on the ATM segment between R6 and BB1.15.17. 4 Points Copyright © 2005 Internetwork Expert 7 . use the most secure authentication with any neighbor relationships formed on this interface.18.16. 5. Use key 1 with a password of CISCO for this authentication. You should be receiving prefixes via RIP from BB2.26.25. Advertise VLAN 33 into the EIGRP domain. 2 Points 5.0 [170/… 1 Point 5. 5.Internetwork Expert’s CCIE™ R&S Lab Workbook Sample Lab 5. Redistribute between RIP and EIGRP on SW2. In order to ensure that all routes learned over the ATM cloud are legitimate. Redistribute between OSPF and EIGRP on R6.12. Configure RIP on SW2.23.22. configure SW2 to use the strongest authentication on any RIP updates received on this Ethernet segment using key 1 and the password CISCO. Configure EIGRP AS 10 on R6. Ensure that R4 and R6 maintain full IP reachability to the rest of the routing domain in the case that R4 loses its connection to the Frame Relay cloud.20. Enable RIP on the Ethernet segment connecting to BB2. 5.21. 5. Redistribute between OSPF and EIGRP on R5. 5. 5. R6 should be receiving prefixes via EIGRP from BB1. 5.

Configure the BGP peering sessions as follows: Device 1 R6 R5 R5 R5 R5 SW2 SW2 SW1 R1 R3 R3 Device 2 BB1 R3 R4 R6 SW2 BB2 SW1 R1 R2 R2 BB3 6. Configure SW2 to authenticate its BGP peering session with BB2 using the password CISCO. Configure BGP on the following devices with the following AS numbers: Device R1 R2 R3 R4 R5 R6 SW1 SW2 BB1 BB2 BB3 BGP AS 200 200 100 100 100 100 200 200 54 254 54 6. 4 Points 8 Copyright © 2005 Internetwork Expert .1. Administrators of your network are concerned about insecure BGP updates being passed over VLAN 82.3. The BGP peering sessions between R4 & R5 and R5 & R6 should remain up if R4 loses its connection to the Frame Relay cloud.4.2.Internetwork Expert’s CCIE™ R&S Lab Workbook Sample Lab 6. Exterior Gateway Routing 6. 6.

In order to maximize throughput. 7. AS 100 should still have reachability to AS 54 via the Ethernet segment between R3 and BB3. 6.7. Configure PIM on the following interfaces: Device R2 R2 R3 R3 R3 R5 R5 Interface E0/0 S0/0 E0/0 S1/0 S1/1 E0/0 S0/0 2 Points Copyright © 2005 Internetwork Expert 9 . R3.11. Do not use weight to accomplish this. Do not use AS-Path prepending to accomplish this. In the case that the ATM link between R6 and BB1 goes down. 6. Configure AS 200 so that all traffic from AS 100 destined to this prefix traverses the Ethernet segment between SW2 and R5. 6. Configure a new Loopback interface on R1 with the IP address 150. Configure IP Multicast routing on R2. 6. In the case that the route is lost between SW2 and R5.11. 7. and R5.6. The use of multicast static routes is permitted.3. AS 100 has multiple connections to AS 54. traffic destined for the 150.8. 3 Points 7. IP Multicast 7. your corporate policy dictates that all traffic destined for prefixes originated in AS 54 should traverse the ATM link between R6 and BB1. For the purposes of load-sharing and redundancy.10.9. 6.11. 3 Points 6.1/24 and advertise it into BGP.2.0/24 prefix should traverse the Frame Relay link between R2 and R3.Internetwork Expert’s CCIE™ R&S Lab Workbook Sample Lab 6.X.X.5.1.

7.Internetwork Expert’s CCIE™ R&S Lab Workbook Sample Lab 7. Development engineers located on VLAN 58 are testing a new multicast application prior to its deployment in your network. Configure R3 to announce its most reliable interface as the RP for all multicast groups. 7.26. R2 should be responsible for group to RP mappings. configure R3 so that hosts in VLAN 33 are not allowed to join any groups in this range. Administrators of your network have been getting complaints from users on VLAN 58 that they are unable to receive this feed. your administrators have requested for you to configure R5 to join the multicast group 226. 1 Point 10 Copyright © 2005 Internetwork Expert .26.8. This application is generating random multicast streams destined for addresses in the administratively scoped multicast range. Ensure that R5 responds to ICMP echo-requests sourced from R2’s Ethernet interface which are sent to this multicast group address.5.26. 2 Points 7.4. 3 Points 7.7. In order to help track down the source of this problem.6. In order to prevent this test traffic from being unnecessarily forwarded throughout the network. There is a Windows® Media Server located on VLAN 2 that is streaming a video feed into your network.

The network administrator has requested that VLAN 46 and VLAN 58 be configured to support a test deployment of IPv6.Internetwork Expert’s CCIE™ R&S Lab Workbook Sample Lab 8. 8. 2 Points Copyright © 2005 Internetwork Expert 11 .2. Enable RIPng on VLAN 46.3. The tunnel should use the addresses 2001:CC1E:X:4545::Y/64. VLAN 58 and on the tunnel interfaces. use the Loopback0 interfaces of R4 and R5 to build the connection.1. 2 Points 8. Ensure that R4 and R5 can ping each other's IPv6 enabled Ethernet interfaces using their respective hostnames. In order to connect these two isolated networks you have decided to tunnel IPv6 over your existing IPv4 infrastructure. 8.7.6. Use CISCO as the identifier string for the RIP process on both R4 and R5. 8.4. 8. Address R4's interface E0/1 with the IPv6 network of 2001:CC1E:X:404:: /64 and R5's interface E0/0 with the IPv6 network of 2001:CC1E:X:505:: /64. This tunnel should use a mode that specifies IPv6 as the passenger protocol and IPv4 as the encapsulation and transport protocol.5. 1 Point 8. IPv6 8. In order to ensure that this connection survives a failure of the Frame Relay circuit between R4 and R5.

4. R5’s DLCI 513 to R3 is 128Kbps. 3 Points 12 Copyright © 2005 Internetwork Expert .10. You have been noticing drops on R5’s connection to the Frame Relay cloud. a new policy has been implemented which states that R1 should not send more than 128Kbps of ICMP out this Ethernet interface. 9. One of your NOC engineers has noticed suspiciously high utilization on the Ethernet segment of R1. R5 should reduce its sending rate to no lower than 96Kbps for the DLCI to R3.3. 9.7. Configure your network so that ICMP traffic is limited to 128Kbps. After further investigation. 9. After further investigation you have found that a large number of ICMP packets have been traversing this link. and 384Kbps for the DLCI to R4. 9. 9.2.8. 4 Points 9. R5’s connection to the Frame Relay cloud supports a transmission rate of 1536Kbps. Bursting on the circuit to R3 should not be allowed. 9.6. Configure Frame Relay Traffic Shaping on R5 in order to resolve this issue. In the case that the Frame Relay cloud notifies R5 of congestion. Allow for a burst of 1/4th of this rate. 9. you have discovered that R5 has been overwhelming R3 and R4’s connections to the Frame Relay cloud. In order to alleviate this congestion.9. QoS 9. 9.5. R5’s DLCI 504 to R4 is 512Kbps.Internetwork Expert’s CCIE™ R&S Lab Workbook Sample Lab 9. Assume an interval (Tc) of 50ms. In the case that R5 has accumulated credit it should be allowed to burst up to the maximum transmission rate supported on the circuit to R4.1.

4. 3 Points Copyright © 2005 Internetwork Expert 13 . System Management 11. 2 Points 11. 10.X.1.2.100. an event should be generated that reads “Above 15000 for ifInUcastPkts”. configure your network so that traffic will not be accepted from BB1.X. an event should be generated that reads “Below 5000 for ifInUcastPkts”.2. you have determined that this server is undergoing a TCP SYN flood denial of service attack. 10.5. 11. These log messages should include the MAC address of the device which forwarded the packet onto the segment.17. 11. This server will be expecting the community string to be IETRAP.Internetwork Expert’s CCIE™ R&S Lab Workbook Sample Lab 10.3. 11.2. Your network administrators have been getting complaints from users that the web server at IP address 183.4. When the value falls back to 5000. In order to help detect possible flood attacks in the future.1) value rises more than 15000 per minute.0/16.11. 3 Points 10. and when the value falls back below 5000 per minute. configure R3 and SW2 to generate a log message when HTTP SYN packets are received on R3’s interface Ethernet 0/0 or SW2’s interface VLAN 82 and are destined for 183.2. After reviewing your log files.1. you have determined that the DoS attack on your web server came from hosts with spoofed source addresses. In order to assist in tracking down the source of this attack. or BB3 if it sourced from your address space 183. Security 10.0. After further investigation.X. it has been suggested that R2 should generate an SNMP trap when the interface input unicast packets (ifEntry.X. The sampling interval should be every sixty seconds. BB2.3. When the 15000 threshold is breached. The server to send these SNMP traps to is 183. 11.100 is inaccessible. To help prevent this type of attack in the future.100.

and vice versa. SW1 and SW2 should send log messages using facility local6.11.13.17. In order to keep track of important device notifications. R3 and R6 should authenticate them with the password CISCO. your NOC engineers have noticed inconsistent timestamps on your device logs. ensure that all devices source their logging messages from their respective Loopback 0 interfaces. your corporate policy requires that all devices send their log messages to a syslog server. Configure all devices in the network to send syslog messages to the network management station located at 183.7. 11. R1 through R6 should send log messages using facility local5. R5.10. R3 should fail over and get network time from R6 in the event that BB3 becomes unavailable.9.X. R2.8. and SW2 to get network time from R6. In order to ease in identifying where specific log messages are originated from. you have decided to maintain consistent time by implementing Network Time Protocol (NTP). 11. 3 Points 11.6.100. and SW1 to get network time from R3.Internetwork Expert’s CCIE™ R&S Lab Workbook Sample Lab 11. 2 Points 14 Copyright © 2005 Internetwork Expert . 11. 11. Configure R3 and R6 to get network time from BB3 and BB1 respectively. 11. Configure R1. 11. Configure R4.15. 11. After implementing syslog logging.14.16. In order to assure that BB1 and BB3 are the correct time sources.12. 3 Points 11. 11. In order to resolve this problem.

Instead. 3 Points Copyright © 2005 Internetwork Expert 15 . it should respond to ARP requests sent to this IP address. R2 and R3 should store up to 50000 of these entries in their memory. Configure your network to reflect this policy.Internetwork Expert’s CCIE™ R&S Lab Workbook Sample Lab 12. the administrators would like to prefer SW2 as the default gateway for their hosts. 3 Points 12. you have assigned the virtual IP address 183.5. network administrators need to know if packets transiting this link already have an IP precedence value set. In the event that R5’s Frame Relay connection is lost. Configure R2 and R3 to collect usage statistics on packets with an IP precedence value and store them locally.1.8. 12.0.58.3. BB3 should only have reachability to your network if a connection is initiated from inside your network. 3 Points 12.254 as the default gateway for these hosts. Your design team would like to implement a new QoS policy using IP precedence on the Frame Relay circuit between R2 and R3. Ensure that all devices in the 183.4.6. IP Services 12. You are concerned about redundancy for the hosts on VLAN 58. Your operations team does not want BB3 and its customers to have specific reachability information about your network. In order to allow them to survive a network failure.7.X.X. 12. As long as R5’s Frame Relay connection is up. Configure your network to reflect this policy. 12.2. 12.0/16 network can successfully ping BB3. Prior to implementing this new QoS policy. 12.

4.3. 13. 2 Points 16 Copyright © 2005 Internetwork Expert . 13.1.5. Configure your network so that non-routable traffic can be bridged between VLAN 2 and VLAN 46 over this DLSw+ session. This peering session should provide both reliable transport and localacknowledgement for any traffic sent across the WAN. DLSw+ 13. Use the Loopback 0 address for the local-peer IDs. Configure DLSw+ on R2 and R6. 1 Point 13. Configure a DLSw+ peering between R2 and R6.Internetwork Expert’s CCIE™ R&S Lab Workbook Sample Lab 13.2. 13.

255.IEWB-RS Solutions Guide Lab 1 1. Quick Note VTP mode command is optional as the default VTP mode is server.1 – 1.33.3 SW1: vtp domain CISCO vtp mode server vtp password CISCO vlan 2.1.1.1.78.8 255.0 ! interface FastEthernet0/2 switchport access vlan 2 ! interface FastEthernet0/3 switchport access vlan 33 ! interface FastEthernet0/5 switchport access vlan 58 ! interface FastEthernet0/6 switchport access vlan 46 ! interface FastEthernet0/10 switchport access vlan 2 ! interface FastEthernet0/11 switchport access vlan 2 ! interface FastEthernet0/14 no switchport ip address 183.7 255.58.7 255.255. Catalyst 3550 Task 1.255.82 ! interface FastEthernet0/1 no switchport ip address 183.0 ! interface FastEthernet0/15 switchport access vlan 58 ! interface FastEthernet0/24 switchport access vlan 33 SW2: vtp domain CISCO vtp mode server vtp password CISCO ! interface FastEthernet0/4 switchport access vlan 46 ! interface FastEthernet0/14 no switchport ip address 183.46.78.255.0 ! Quick Note VTP mode command is optional as the default VTP mode is server.17. Copyright © 2005 Internetwork Expert 17 .255.255.

0 Lab 1 Task 1. routed ports.255. Since both SW1 and SW2 are VTP servers.255. By default. 18 Copyright © 2005 Internetwork Expert .3 Breakdown The first step in configuring VLAN Trunking Protocol (VTP) is to define the VTP domain name. This is accomplished by issuing the vtp password [password] command on both switches. issue the show vtp status command. some interfaces in the VLAN assignment table are listed as ‘routed’ and ‘VLAN’ interfaces.255. This is accomplished by issuing the vtp domain [name] command in either the vlan database or global configuration mode.10. Further Reading Understanding and Configuring VLAN Trunk Protocol (VTP) In addition to access ports and trunk ports. Configuring the VTP domain name on either SW1 or SW2 will result in the opposite switch inheriting the VTP domain name. The Catalyst 3550 series switch is a layer 3 switch and defines three different interface modes: switchports. To check whether VTP is properly configured. the VLANs must be defined.8 255.255. Also note that the VTP mode on both switches will default to server. ensure that the domain names are identical. issue the VLAN [vlan] command in either the VLAN database or global configuration mode.1.1. the MD5 hash value of the VTP passwords are the same. this step may be performed on either switch. it is only necessary to configure the VTP domain name on one switch. Therefore. and the configuration revision number matches.8 255. Finally. and switched-virtual interfaces (SVIs). To define a VLAN. In order to verify the above configuration.IEWB-RS Solutions Guide interface FastEthernet0/15 no switchport ip address 183. The next step is to define the VTP password.1 – 1.0 ! interface FastEthernet0/24 switchport access vlan 82 ! interface Vlan82 ip address 192. the VTP domain is NULL.58.

‘Routed’ ports are native layer 3 interfaces. Further Reading Configuring Inter-VLAN Routing on the Catalyst 3550 Series Switch Copyright © 2005 Internetwork Expert 19 .IEWB-RS Solutions Guide Lab 1 ‘Switchports’ include layer 2 access and trunk ports. issue the no switchport command on the interface. Lastly. simply issue the interface vlan [vlan] command in global configuration mode. a ‘switched virtual interface’ (SVI) is a logical layer 3 interface that represents a domain of switchports. SVIs are used to configure inter-VLAN routing. The default mode for all interfaces on the 3550 is to be a switchport. and can be directly configured with IP. To configure a routed interface. To configure an SVI.

To configure 802.1q offers a standards based trunking encapsulation. To change this.1q encapsulation on a trunk link. and tags all traffic sent over the trunk link with an ISL header. ISL is a Cisco® proprietary trunking protocol.6 SW1: interface FastEthernet0/13 switchport trunk encapsulation dot1q switchport trunk native vlan 46 switchport mode trunk SW2: interface FastEthernet0/13 switchport trunk encapsulation dot1q switchport trunk native vlan 46 switchport mode trunk Lab 1 Task 1. By default.IEWB-RS Solutions Guide Task 1. all interfaces on the Catalyst 3550 series switch default to dynamic desirable mode.4 – 1. 802. 802. 20 Copyright © 2005 Internetwork Expert . Any frames received over a dot1q trunk that do not have a VLAN header are assumed to belong to the native VLAN. issue the switchport trunk encapsulation dot1q command on the interface. Note that both ends of the trunk link must agree on the native VLAN.1q tags all traffic sent over the trunk link with a dot1q header with the exception of the ‘native’ VLAN.6 Breakdown By default. the native vlan for a dot1q trunk is VLAN 1. issue the switchport trunk native vlan [vlan] command. As an alternative to running ISL encapsulation over a trunk link. Unlike an ISL trunk.4 – 1. This will result in the interconnected ports negotiating an Inter Switch Link (ISL) trunk through Dynamic Trunking Protocol (DTP).

remove the port from ‘dynamic’ mode by issuing the switchport mode trunk interface command.IEWB-RS Solutions Guide Lab 1 Since ports of the 3550 are dynamic ports. and belongs to one VLAN. Note A switchport cannot run in static trunking mode while the trunking encapsulation is set to auto-negotiate. ‘Access’ mode implies that the interface will be connected to an end node. be sure to issue the switchport trunk encapsulation command before issuing the switchport mode trunk command. Therefore. Further Reading Configuring VLANs: Configuring VLAN Trunks Copyright © 2005 Internetwork Expert 21 . a failed negotiation in trunking will result in the port reverting to access mode. To ensure that the interface always maintains trunking status.

In addition to being unnecessary. In order to minimize these effects. issue the spanning-tree portfast command on the interface. or hubs. Note that portfast should not be configured on interfaces that connect to routers. switches. running spanning-tree on ports that connect to end stations may result in undesirable effects.7 Breakdown Spanning-tree ‘forwarding delay’ refers to the time it takes a port to transition through the listening and learning phases of spanning-tree protocol (STP). spanning-tree portfast should be configured on interfaces which connect to end nodes. These effects may include hosts not being able to negotiate addresses through DHCP. log on to a network domain. a spanning-tree loop cannot occur on these ports under normal circumstances. To configure portfast. as this may result in a loop in the spanning-tree domain. and to avoid a loop in the spanning-tree topology if one is detected.IEWB-RS Solutions Guide Task 1. etc. Since end stations by definition are stub connections to the switch block. Further Reading Using PortFast and Other Commands to Fix Workstation Startup Connectivity Delays 22 Copyright © 2005 Internetwork Expert . Portfast reduces the delay associated with STP by skipping the listening and learning phases. and transitioning a port directly to forwarding state. These phases are used to determine what type of traffic is being received on an interface.7 SW1: interface FastEthernet0/10 spanning-tree portfast ! interface FastEthernet0/11 spanning-tree portfast Lab 1 Task 1.

In order to prevent this case. A bridge protocol data unit (BPDU) is the packet used to advertise spanning-tree protocol information.IEWB-RS Solutions Guide Task 1. a loop can not be immediately detected if portfast is enabled. Further Reading Spanning Tree Portfast BPDU Guard Enhancement Copyright © 2005 Internetwork Expert 23 . To enable BPDU guard. When portfast is enabled. the interface will be put into err-disabled state. the 3550 supports a feature known as ‘BPDU guard’. Since these are the phases used to determine if there is a loop in the topology.8 SW1: interface FastEthernet0/10 spanning-tree bpduguard enable ! interface FastEthernet0/11 spanning-tree bpduguard enable Lab 1 Task 1. use the interface command spanning-tree bpduguard enable.8 Breakdown As stated in the previous section. it implies that there is a device running STP connected to that interface. switches. as this may result in a loop in the spanning-tree domain. or hubs. If a BPDU is received on an interface. the listening and learning phases of STP are skipped. portfast should not be configured on interfaces that connect to routers. BPDU guard can therefore be used in combination with portfast to prevent a loop if a switch or bridge is connected to a port running portfast. If an BPDU is received on an interface which is configured with BPDU guard.

1.255.5.255.123.1.3 203 broadcast no frame-relay inverse-arp R1 (Spoke): interface Serial0/0 ip address 183.2 255.1 201 broadcast frame-relay map ip 183.255. Frame-Relay Task 2.123.IEWB-RS Solutions Guide Lab 1 2.255. 24 Copyright © 2005 Internetwork Expert .123.2 302 broadcast no frame-relay inverse-arp Quick Note Broadcast keyword not included to meet the requirements of task 2.0 encapsulation frame-relay frame-relay map ip 183.255.123.0 encapsulation frame-relay frame-relay map ip 183.1.1.1.2 102 broadcast frame-relay map ip 183.255.123.1.1.123.123.3 102 no frame-relay inverse-arp R3 (Spoke): interface Serial1/0 ip address 183.1.1 302 frame-relay map ip 183.1 255.123.5 R2 (Hub): interface Serial0/0 ip address 183.3 255.0 encapsulation frame-relay frame-relay map ip 183.1 – 2.1.123.

3 255.255.1.0.0 encapsulation frame-relay frame-relay map ip 183.10 R5 (Hub): interface Serial0/0 ip address 183.1.0 encapsulation frame-relay frame-relay map ip 183.1.3 405 frame-relay map ip 183.0.1.4 504 broadcast no frame-relay inverse-arp R3 (Spoke): interface Serial1/1 ip address 183.3 513 broadcast frame-relay map ip 183.5 255.255.4 255.1.0.4 315 frame-relay map ip 183.0.1.0 encapsulation frame-relay frame-relay map ip 183.5 405 broadcast no frame-relay inverse-arp Lab 1 Copyright © 2005 Internetwork Expert 25 .0.0.0.255.255.1.1.1.6 – 2.5 315 broadcast no frame-relay inverse-arp R4 (Spoke): interface Serial0/0 ip address 183.0.IEWB-RS Solutions Guide Task 2.255.255.0.

and dialer interfaces in ISDN. 26 Copyright © 2005 Internetwork Expert . Frame-Relay Inverse-ARP may be disabled on a per protocol/DLCI pair basis by issuing the interface command no frame-relay inverse-arp [protocol] [dlci]. or may be disabled for all protocols on all DLCIs on the interface by issuing the interface command no frame-relay inverse-arp.10 Breakdown Lab 1 Frame-Relay is a non-broadcast multi-access (NBMA) media.1 – 2. Note Layer 3 to layer 2 protocol resolution is not necessary when using point-to-point interfaces. since the only destination for any traffic sent out a point-to-point interface is the device residing on the other end of the link. This applies to Frame-Relay point-to-point interfaces. Frame-Relay Inverse-ARP may also be disabled on a per protocol/DLCI pair basis by creating a static protocol mapping for that protocol/DLCI pair. nor does it natively support the transmission of broadcast or multicast packets. By default. Both physical interfaces and multipoint subinterfaces in Frame-Relay and ATM are by definition ‘multipoint’. multipoint interfaces running Frame-Relay encapsulation will send Frame-Relay Inverse-ARP requests out all DLCIs configured on the interface for all supported protocols running on that interface.IEWB-RS Solutions Guide Task 2. The next step is to determine whether layer 3 to layer 2 address resolution will be obtained through FrameRelay Inverse-ARP or through a static layer 3 to layer 2 mapping statement. an NBMA media does not support an automatic mechanism for address resolution (ARP). ATM point-to-point interfaces. Unlike a true broadcast media such as Ethernet or Token-Ring. This is accomplished by issuing the encapsulation frame-relay interface command. The first step in configuring Frame-Relay is to enable Frame-Relay encapsulation on the interface. Note A ‘multipoint’ interface by definition is an interface that may connect to multiple end points of a network.

the above command only applies to multipoint interfaces. For partially-meshed NBMA configurations. it may be necessary to configure multiple layer 3 mappings that resolve to the same layer 2 address. in which case a single endpoint (hub) of the network has a direct layer 2 connection to all other endpoints (spokes). Copyright © 2005 Internetwork Expert 27 . Note Frame-Relay Inverse-ARP automatically maps ‘broadcast’. one or more endpoints of the network do not have direct layer 2 connectivity to all other endpoints of the network. Partial-mesh is sometimes also referred to as ‘hub-and-spoke’. When a router is routing IP. Therefore. since native broadcast and multicast transmission is not supported on an NBMA media. the broadcast keyword instructs the router to send both broadcast and multicast traffic out the DLCI as a replicated unicast. the packet must be replicated for each layer 2 circuit which it is destined for. a static layer 3 to layer 2 protocol mapping is defined through the frame-relay map [protocol] [protocol_address] [dlci] [broadcast] interface command. This can be seen in the above configuration example where R1 has multiple frame-relay map statements that point to the same DLCI. Also. assuming that the hub of the network is routing IP. R1 only has the broadcast keyword applied to the mapping statement to R2. In the above configuration.IEWB-RS Solutions Guide Lab 1 In the case of Frame-Relay. an IP broadcast will never be forwarded from one interface to another by default. An IP broadcast can be forwarded between interfaces if the router is transparently bridging but will not be forwarded out the same interface it was received on. however ATM InARP does not. Use the broadcast keyword under the ATM VC configured for InARP to include broadcast support on a dynamic ATM mapping. When using multipoint NBMA interfaces in a partially-meshed configuration. Since layer 3 to layer 2 protocol resolution is not required on point-to-point interfaces. spoke devices on the NBMA network can neither send nor receive broadcast or multicast packets between each other. while all other endpoints of the networks (spokes) only have direct layer 2 connectivity to the hub. A ‘replicated unicast’ means that unlike a true broadcast or multicast transmission where only one packet is encapsulated on the interface.

28 Copyright © 2005 Internetwork Expert . This may result in degraded performance on slower speed WAN links or at the very least waste bandwidth.IEWB-RS Solutions Guide Lab 1 Furthermore. while adding additional broadcast statements which point to the same layer 2 address is not only unnecessary. To avoid this behavior. it will also cause the router to send redundant broadcast and/or multicast streams out the circuit. ensure that there is never more than one broadcast statement mapped to a single protocol on a single DLCI on a spoke in a hub and spoke environment.

4 R6: interface ATM0/0/0 ip address 54.1 – 3. Static mappings may also be defined by using the legacy map-list and map-group commands.1. Both physical interfaces and multipoint subinterfaces in Frame-Relay and ATM are by definition ‘multipoint’.0 pvc 0/101 protocol ip 54. multipoint ATM interfaces require layer 3 to layer 2 protocol resolution through either ATM ARP (CLIP). is a non-broadcast multi-access (NBMA) media.255. By default. Therefore.254 broadcast Task 3. ATM Task 3.6 255.0 map-group LEGACY_ATM atm pvc 1 0 101 aal5snap Copyright © 2005 Internetwork Expert 29 .6 255.1.1. ATM InARP or through a static protocol mapping. a ‘multipoint’ interface by definition is an interface that may connect to multiple end points of a network.254 atm-vc 1 broadcast ! interface ATM0/0/0 ip address 54.1. R6: map-list LEGACY_ATM ip 54.1.1 – 3. The above example utilizing the legacy configuration would be as follows.1. Note As previously stated. like Frame-Relay and ISDN.255.4 Breakdown ATM.255.255. ATM InARP may be disabled by configuring a static protocol mapping by using the protocol [protocol] [protocol_address] [broadcast] VC level command.1. ATM InARP is enabled on all interfaces on all configured VCs for all supported protocols.1.IEWB-RS Solutions Guide Lab 1 3.

1 – 4. Note A dialer interface may be a multipoint interface when it is configured in a dialer rotary group.IEWB-RS Solutions Guide Lab 1 4. the ISDN switch-type in question is Basic-NI. while a dialer interface configured in a dialer profile is a point-to-point interface. The first step in configuring ISDN is to define the ISDN switch-type.255.1. layer 3 to layer 2 protocol resolution must be obtained.248 dialer idle-timeout 180 either dialer map ip 183. For other switch-types such as Basic-5ESS.4 255.255.4 broadcast 5272014 dialer-group 1 isdn switch-type basic-ni isdn spid1 5272015 Task 4. Note that Basic-NI requires Service Provider Identification (SPID) numbers. As previously mentioned.255.45.45. 30 Copyright © 2005 Internetwork Expert .248 dialer idle-timeout 180 either dialer map ip 183. ISDN/PPP Task 4.1.5 255.1 – 4. SPID numbers are not required.1. The main BRI interface in ISDN is multipoint.255.5 broadcast 5272015 dialer-group 1 isdn switch-type basic-ni isdn spid1 5272014 R5: dialer-list 1 protocol ip permit ! interface BRI0/0 ip address 183. ISDN is an NBMA media much like Frame-Relay and ATM.3 Breakdown The term ‘legacy’ ISDN refers to dial on demand configuration applied to the physical BRI interface. Next.1. In the above configuration example.3 R4: dialer-list 1 protocol ip permit ! interface BRI0/0 ip address 183.45.45.

only traffic that satisfies the dialer-list will keep the circuit up. To apply the interesting traffic to the interface. The router that is receiving the call does not necessarily need this mapping configured. To configure this static layer 3 to layer 2 mapping. as the dynamic mapping will occur once the call is up. use the interface level command dialer-group [list_number]. such as through the application of an access-list. Dial configurations are referred to as ‘dial-on demand’ due to the fact that the circuit must be initiated by predefined traffic. This traffic is commonly referred to as ‘interesting’ traffic. Therefore. it also implies that layer 3 to layer 2 resolution must be configured. the router must be configured with a dialer map when using legacy DDR. However. native support for broadcast and multicast transmission does not exist on multipoint ISDN interfaces. However. Note Once a DDR call is initiated. In the case of ISDN. Like other NBMA medias. and is defined through the dialer-list global configuration command. this resolution comes in the form of the interface command dialer map. the broadcast keyword must be added to any static protocol mapping statements in order to send broadcast or multicast traffic out the circuit as a layer 2 replicated unicast. Therefore. ISDN does support the notion of a dynamic layer 3 to layer 2 mapping. in order to initiate an ISDN call. all protocol traffic will flow over the interface unless it is manually blocked. this mapping will not be created until a call has connected in the first place. use the interface command dialer map [protocol] [protocol_address] name [remote-name] [broadcast].IEWB-RS Solutions Guide Lab 1 Since legacy DDR configuration implies using the physical multipoint interface. Pitfall Much like Frame-Relay Inverse-ARP and ATM InARP. Copyright © 2005 Internetwork Expert 31 .

1. and defaults to 120 seconds. or both inbound and outbound traffic. The first step in configuring PPP is to issue the encapsulation ppp interface level command. Note By default.45.4 name Rack1R4 broadcast 5272014 ppp pap sent-username Rack1R5 password CISCO Task 4. compression. Once a packet transits the circuit which satisfies the configured dialer-list. the idle timer is only reset by outgoing traffic that matches the dialer-list. and link quality monitoring that may not be natively supported on the underlying media. 32 Copyright © 2005 Internetwork Expert . ppp authentication pap dialer map ip 183. PPP offers enhanced features such as authentication. additional features such as authentication may be configured.5 name Rack1R5 broadcast 5272015 ppp pap sent-username Rack1R4 password CISCO R5: Quick Note username Rack1R4 password CISCO The name entered in the dialer ! map command should match the interface BRI0/0 name the remote end is sending encapsulation ppp for authentication.IEWB-RS Solutions Guide Lab 1 The duration that the circuit remains up is determined by the dialer idletimeout. PAP transmits usernames and passwords in clear-text.45.1. To match on inbound traffic.6 Breakdown Point-to-Point Protocol (PPP) is a media independent encapsulation that is defined in RFC 1661. Two commonly used authentication protocols that are supported in PPP are Password Authentication Protocol (PAP) and Challenge Handshake Authentication Protocol (CHAP).4 – 4.5 – 4. while CHAP transmits an MD5 hash value generated from a magic number and the password. Once this step is completed. the idle timer will be reset.5 Quick Note R4: ’name’ option added username Rack1R5 password CISCO ! interface BRI0/0 encapsulation ppp ppp authentication pap dialer map ip 183. Task 4. add the outbound or either option on to the end of the dialer idle-timeout command.

and fragment traffic amongst the member interfaces.IEWB-RS Solutions Guide Lab 1 To authenticate a remote device using PAP. issue the ppp authentication pap interface level command.7 R4: interface BRI0/0 ppp multilink ppp multilink links minimum 2 R5: interface BRI0/0 ppp multilink ppp multilink links minimum 2 An additional useful feature of PPP is the ability to bind multiple interfaces together as one logical interface. One option while implementing PPP multilink on ISDN is to bind both B channels together once the utilization of the first channel exceed a certain threshold. However. Further Reading Multilink PPP for DDR – Basic Configuration and Verification Copyright © 2005 Internetwork Expert 33 . To enable multilink. it is necessary to configure the username and password that will be sent over the line. PAP does not automatically send the router’s hostname for authentication. issue the interface command ppp multilink. To verify that authentication was successful. use the debug ppp authentication command. This value is user definable through the interface level command dialer load-threshold. In the case of ISDN BRI.6 – 4. PPP multilink may also be initiated on ISDN regardless of the link utilization by configuring the ppp multilink links minimum interface command. enabling PPP multilink will allow both ISDN B channels to be bound together as one logical link. The username and password value must be manually configured with the ppp pap sent-username command under the interface. Task 4. Pitfall Unlike CHAP. This is accomplished by issuing the ppp pap sent-username [username] password [password]. This feature is known as PPP multilink. To be authenticated by a remote device using PAP.

3 network 150. Although this step is not necessary.0.0.0 area 0 network 183.3 0.0.1 – 5.4 R3: router ospf 1 router-id 150. Next.1.1.4 0.5 0. Interior Gateway Routing Task 5.0 area 0 ! interface Serial0/0 ip ospf network broadcast ip ospf priority 0 R5: router ospf 1 router-id 150.0.0.3 0.0 area 0 ! interface Serial1/1 ip ospf network broadcast ip ospf priority 0 R4: router ospf 1 router-id 150.0 area 0 ! interface Serial0/0 ip ospf network broadcast Task 5.1.0.0.1 – 5.IEWB-RS Solutions Guide Lab 1 5.4 Breakdown The first step in enabling OSPF is to define the OSPF process.1.5.4.0 area 0 network 183.5 0.1.1.3.4 0.1.0.0. it will prevent certain problems that will be evident later.5. 34 Copyright © 2005 Internetwork Expert .1.0.0 area 0 network 183.1. The OSPF process ID is a locally significant number.0. This is accomplished with the global configuration command router ospf [process_id].0.3.5 network 150.0.0.4.4 network 150. specify the OSPF router-id by issuing the command router-id [router_id] under the OSPF process.0.

Copyright © 2005 Internetwork Expert 35 . In order to compensate. The next step in configuring OSPF is to enable OSPF on an interface.1. Using a router-ID selection method of X. the OSPF process assumes that multipoint Frame-Relay interfaces do not support the transmission of multicast packets.3 may not be unique.2 and 3. The task in question states that although R5 must be elected DR.Y. only the broadcast and non-broadcast network types support a designated router (DR) and a backup designated router (BDR) election. This is accomplished by issuing the neighbor statement under the OSPF process. BGP and even EIGRP should be unique. 2=R2. To change the OSPF network type. the neighbor statement should not be configured.3. To help guard against this possibility. This is accomplished by issuing the network [address] [wildcard] area [area_number] command under the OSPF process. The ‘address’ field specifies the IP address of an interface or a range of IP addresses. issue the ip ospf network [network_type] interface level command.3.Y where X is your rack number and Y is the device number (1=R1. These network types are: Broadcast Non-Broadcast Point-to-Point Point-to-Multipoint Point-to-Multipoint Non-Broadcast Loopback The default OSPF network type on multipoint Frame-Relay interfaces is non-broadcast. you could possibly end up using the same router-ID as another candidate.1.IEWB-RS Solutions Guide Lab 1 Pitfall Router-IDs used for OSPF.1.X. Of the above network types. and therefore do not support the transmission of OSPF hello packets. In the above case. This requirement implies that the chosen OSPF network type for the Frame-Relay network should therefore be broadcast. OSPF hello packets must be sent as unicast packets. By default. etc) will also suffice. 2.2. OSPF is configured over Frame-Relay. choose an existing loopback address to ‘hard code’ as your router-ID. while the ‘wildcard’ field specifies which bits of the address field are checked. In order to establish adjacency on an OSPF non-broadcast network segment. In a home lab environment they may be unique but in an environment with shared backbone routers that connect to other candidate’s racks. OSPF defines various ‘network types’.2. Router-IDs like 1.

the router with the highest router-iID wins. Therefore. The OSPF priority value has a range of 0-255. there may be devices in the network with a higher priority than the current DR or BDR. to ensure that R5 is always elected the DR for the aforementioned segment. where 255 is most likely to be elected and 0 indicates that the router will never be elected. no other device may assume this status unless the DR goes down. If there is a tie in the OSPF priority. R3 and R4 should be configured with an ip ospf priority of 0. Pitfall Although it is true that the device with the highest OSPF priority value will be elected as the DR. This also implies that the only way to ensure that a device is elected as the DR is to remove all other devices from the election process by setting their priority to 0.IEWB-RS Solutions Guide Lab 1 The OSPF DR for a segment is determined through an election process. the OSPF election does not support preemption. 36 Copyright © 2005 Internetwork Expert . This means that once a device is elected the DR. Therefore. This process first looks for the router with the highest OSPF priority.

0.45.1.0.0 area 45 R4 or R5: interface BRI0/0 ip ospf demand-circuit R6: router ospf 1 router-id 150.6.0.0.5 – 5.6 0.1.0.IEWB-RS Solutions Guide Task 5.1.0.6 0.0 area 46 R5: router ospf 1 network 183.6.0.0.0 area 46 network 183.5 0.45.4 0.6 network 150.0 area 45 network 183.1.0.46.46.0.4 0.1. Copyright © 2005 Internetwork Expert 37 .1.9 R4: router ospf 1 network 183.0 area 46 Lab 1 Quick Note Only one router will need to be configured with the demand-circuit option.

it must maintain active adjacencies with other neighboring OSPF enabled routers in order to retain an accurate view of the current network topology. OSPF is configured on the ISDN circuit. In the above task.9 Breakdown Lab 1 Since OSPF is a link state protocol. Since OSPF is part of the IP stack. The ip ospf demand-circuit feature prohibits routers on the segment from generating periodic heartbeat keepalives (hellos).5 – 5. In order to reduce unnecessary usage of DDR links. the previously defined dialer-list will consider OSPF as interesting traffic. OSPF supports a special feature known as demand circuit. Standard RFC 1793 Extending OSPF to Support Demand Circuits 38 Copyright © 2005 Internetwork Expert . the dial circuit will only be initiated by OSPF if there is a state change somewhere in the network. This ensures that unnecessary usage of the DDR circuit is minimized. OSPF traffic will only be allowed to transit the demand circuit if there is a change in the OSPF topology. which will prevent the so called ‘paranoid’ update which normally occurs every 30 minutes. Therefore.IEWB-RS Solutions Guide Task 5. Demand circuit also sets the ‘do not age’ flag on all LSAs learned over the DDR interface. while an accurate view of the network topology is maintained. This implies that the ISDN line will remain up indefinitely due to OSPF hello packets transiting the link.

0.0.14 R1: router eigrp 100 eigrp router-id 150.1 0.0.0.0.1.8 0.8 0.0.1.0.58. Copyright © 2005 Internetwork Expert 39 .0.0.0 no auto-summary ! interface Serial0/0 no ip split-horizon eigrp 100 R3: router eigrp 100 eigrp router-id 150.0.0.78.1.7.58.2 0.0.0 no auto-summary SW2: ip routing ! router eigrp 100 eigrp router-id 150.0.8 0.1.5.0 network 183.1.2.2.0.0.0.1.1.IEWB-RS Solutions Guide Task 5.0.0 network 183.123.1.17.1.1.0.0.3.1.0 network 183.1.0 network 183.0.0.0 network 183.0.8.0 network 183.0 network 183.0 no auto-summary Lab 1 Recommended Command Quick Note Unlike RIP and IGRP split-horizon is never automatically disabled for EIGRP.2.78.123.1.1.0 no auto-summary R2: router eigrp 100 eigrp router-id 150.1.2 0.1 0.1 0.3 0.1.0.1.7 network 150.0.7 0.8 network 150.7.1.10 – 5.1.7 0.0.5 network 183.17.1 network 150.1.0.0.8.0 no auto-summary SW1: ip routing ! router eigrp 100 eigrp router-id 150.0 network 183.1.1.2 network 150.7 0.0 no auto-summary R5: router eigrp 100 eigrp router-id 150.5 0.0.3 network 183.2 0.123.

to enable EIGRP on an interface. Lastly. Like OSPF.14 Breakdown Lab 1 The first step in enabling EIGRP is to start the EIGRP process and define the EIGRP AS number.0. based on the range of IP their IP addresses. This is accomplished by issuing the router eigrp [as_number] global configuration command.0. the network command syntax includes both an address and a wildcard as of IOS 12. issue the ip routing global configuration command. or range of interfaces. a good general practice is to disable auto summarization by issuing the no auto-summary command under the routing process. In the above example the wildcard mask is 0. This implies that only the interface with that specific IP address will be running EIGRP.IEWB-RS Solutions Guide Task 5. By default.10 – 5. auto-summary must be disabled since discontiguous networks exist throughout the routing domain. split-horizon must be disabled to ensure that R1 learns about R3’s routes and vice versa. based on their IP address. Specifically in the above case. This will ensure that networks are not automatically summarized to the classfull boundary when passing between major network boundaries.0. To enable the IP routing process. These two fields in combination specify which interfaces. the no ip split-horizon eigrp [as_number] command is configured on R2. Since from R2’s perspective both R1 and R3 are reachable out the same interface. issue the network command under the EIGRP process.0(4)T. split-horizon is enabled for EIGRP on all interfaces. Note IP routing is disabled by default on the Catalyst 3550 series switches. 40 Copyright © 2005 Internetwork Expert . Once the EIGRP process has been defined. will run EIGRP. Next.

Therefore. In the above case the network in question is a connected interface.15 Breakdown As seen in the show ip route output. the interface is injected in as an external route by issuing the redistribute connected routing process subcommand.IEWB-RS Solutions Guide Task 5. routes with the D EX prefix denote external EIGRP routes. External routes are those which have been injected from a different routing domain through redistribution. a route-map has been created which matches the interface in question.15 R3: router eigrp 100 redistribute connected metric 10000 100 255 1 1500 route-map CONNECTED2EIGRP ! route-map CONNECTED2EIGRP permit 10 match interface Ethernet0/0 Lab 1 Task 5. other networks are not unnecessarily injected into the EIGRP domain as external routes. Therefore. Copyright © 2005 Internetwork Expert 41 . In addition to this.

! interface ATM0/0/0 ip authentication mode eigrp 10 md5 ip authentication key-chain eigrp 10 EIGRP ! router eigrp 10 eigrp router-id 150. enable MD5 authentication on the interface with the ip authentication mode eigrp [as_number] md5 command. specify the key number and the associated key-string (password).1.0. Next.0 no auto-summary Lab 1 Quick Note Task 5. To enable EIGRP authentication. Pitfall The key numbers within the key-chain must match between neighbors for authentication to be successful. first define the key chain in global configuration.1. Finally.19 R6: Be careful to not put key chain EIGRP a ‘space’ at the end key 1 of the password in key-string CISCO the key-string.IEWB-RS Solutions Guide Task 5.1.6 network 54. EIGRP supports MD5 authentication of adjacency relationships through the usage of a key chain. and apply the key chain with the ip authentication key-chain eigrp [as_number] [key-chain] command.6 0.0.16 – 5.19 Breakdown For added network security.16 – 5.6. 42 Copyright © 2005 Internetwork Expert .

RIP authentication is only supported for RIPv2.0 no auto-summary Lab 1 Recommended Command Task 5. Copyright © 2005 Internetwork Expert 43 .23 Breakdown Like EIGRP. RIP supports both clear-text and MD5 authentication. the above task implies that RIPv2 should be enabled.1.20 – 5. RIP uses a key-chain configuration for authentication. In either case.23 SW2: key chain RIP key 1 key-string CISCO ! interface Vlan82 ip rip authentication mode md5 ip rip authentication key-chain RIP ! router rip version 2 network 192.IEWB-RS Solutions Guide Task 5.20 – 5. Therefore. Unlike EIGRP however.10.

27 R4: router ospf 1 area 45 virtual-link 150.5 R5: router eigrp 100 redistribute ospf 1 metric 10000 100 255 1 1500 ! router ospf 1 area 45 virtual-link 150.4.4 redistribute eigrp 100 subnets R6: router eigrp 10 redistribute ospf 1 metric 10000 100 255 1 1500 ! router ospf 1 redistribute eigrp 10 subnets SW2: router eigrp 100 redistribute rip metric 10000 100 255 1 1500 ! router rip redistribute eigrp 100 metric 1 Lab 1 44 Copyright © 2005 Internetwork Expert .IEWB-RS Solutions Guide Task 5.1.5.1.24 – 5.

a virtual-link has been created across the transit area. all routes are assigned a default metric of 20. OSPF area 46 loses its connection to area 0. When creating a virtual-link. once R4 loses connectivity to the Frame-Relay cloud. Copyright © 2005 Internetwork Expert 45 . the above tasks states to ensure IP reachability when R4 loses connectivity to the Frame-Relay cloud. area 45. However. When redistributing into OSPF. However. there are only single points of mutual redistribution. RIP and EIGRP do not have default routing metrics for redistribution. Therefore. a metric value must be manually specified. and does not reflect any discernible value. Lastly.27 Breakdown Lab 1 In this scenario. Note that this metric value is arbitrary. and the redistribute commands are configured in both directions without any filters applied. R4’s only exit point to the rest of the network is through the ISDN circuit. Therefore. in this particular case there is little or no chance for routing loops due to redistribution. the IP addressed referenced is the OSPF router-ID of the remote ABR. between the area border routers (ABRs) R4 and R5.24 – 5.IEWB-RS Solutions Guide Task 5. Since all areas in OSPF must be connected to area 0. This means that redistribution is not happening between the same protocols at multiple points in the network. In this case the routing process itself will prevent any route feedback. this is not a problem. the router-id command was previously issued when the OSPF process was initialized. Note When redistributing between EIGRP and IGRP a default metric is not needed. When this is the case. Since OSPF has been previously configured on the ISDN circuit. To ensure that this ID does not change.

1.1.5 no synchronization neighbor 150.5.1.1.4.3 remote-as 100 R3: router bgp 100 bgp router-id 150.4 remote-as 100 neighbor 150.1.3.4.12.1.5 remote-as 100 neighbor 150.4 no synchronization neighbor 150.4.123.6 remote-as 100 neighbor 150.17.3 no synchronization neighbor 183.1.5.58.2 remote-as 200 neighbor 204.4 update-source Loopback0 neighbor 150.3 route-reflector-client neighbor 183.2 remote-as 200 R2: router bgp 200 bgp router-id 150.1.1.0.17.6.1.8 remote-as 200 R6: router bgp 100 bgp router-id 150.5.1.2 no synchronization neighbor 183.123.IEWB-RS Solutions Guide Lab 1 6. Exterior Gateway Routing Task 6.1.123.5 remote-as 100 neighbor 183.1.0.5 update-source Loopback0 46 Copyright © 2005 Internetwork Expert .1 remote-as 200 neighbor 183.1.5.1.5 remote-as 100 neighbor 150.0.1.6 update-source Loopback0 neighbor 150.6 no synchronization neighbor 54.4 R1: router bgp 200 bgp router-id 150.1.6.1.254 remote-as 54 neighbor 150.1.1 no synchronization neighbor 183.6.1.2.1.1.3 remote-as 100 neighbor 183.7 route-reflector-client neighbor 183.1.7 remote-as 200 neighbor 183.5.4 route-reflector-client neighbor 150.6 route-reflector-client neighbor 183.1.1.5 update-source Loopback0 R5: router bgp 100 bgp router-id 150.4.1.1.254 remote-as 54 R4: router bgp 100 bgp router-id 150.1 – 6.6.1.123.1.1.

BGP does not supply its own transport protocol.8 no synchronization neighbor 183.10. synchronization has been disabled.1.1. One fundamental rule about BGP peering relationships is that all iBGP peering sessions must be fully meshed by default.1 – 6. As of 12. Since BGP does not use a discernible metric value as IGPs do.1.8 remote-as 200 SW2: router bgp 200 bgp router-id 150.58.254 remote-as 254 neighbor 192.7 remote-as 200 neighbor 192.254 password CISCO Lab 1 Task 6.78.1.IEWB-RS Solutions Guide SW1: router bgp 200 bgp router-id 150. Note that only one BGP process may run on the router at any given time.5 remote-as 100 neighbor 183. Unlike most IGPs.8.1 route-reflector-client neighbor 183. This implies that to establish a BGP peering relationship.1. end-to-end IP reachability must already be established.17. Therefore. BGP synchronization is disabled by default.7 no synchronization neighbor 183. the first step in enabling BGP is to issue the router bgp [as_number] command in global configuration mode.1.2(8)T.7. Instead. Note Since all devices in the transit path throughout the network are running BGP. the main loop prevention mechanism built into iBGP is that fact that routes learned from an iBGP neighbor cannot be advertised onto another iBGP neighbor.1.10.1. this stipulation implies that all iBGP speaking devices must establish direct peering relationships with all other iBGP devices within your autonomous system. BGP uses TCP to provide reliable transport. To form a BGP peering relationship. use the BGP subcommand neighbor [address] remote-as [remote_as_number].17. Copyright © 2005 Internetwork Expert 47 .78.1.1 remote-as 200 neighbor 183. Implications of BGP synchronization will be covered in depth in later scenarios.4 Breakdown Like other routing protocols.

This option designates that the peer in question is a ‘client’ of the route-reflector. When a route is received from a client peer. 48 Copyright © 2005 Internetwork Expert . the AS may be broken down into smaller sub-autonomous systems. Inter sub-AS communication in confederation is treated as an EBGP peering session. Route advertisement is processed differently depending on what type of peer a route is received from. When a route is received from a nonclient peer. all prefixes learned from the peer will automatically be candidate to be advertised onto all other peers.IEWB-RS Solutions Guide Lab 1 Note There are two exceptions to this rule. confederation implies that fully meshed iBGP must only be maintained within the sub-autonomous system. Therefore. These roles are the route-reflector. which can significantly reduce the amount of internal BGP peering sessions required. this implies that route-reflection must be configured. To understand which specific devices should act as route-reflectors throughout the network. the client of the route-reflector. it is candidate to be advertised on to all client peers. and non-clients of the routereflector. If the client in question is an EBGP neighbor. A router is designated as a route-reflector by adding the routereflector-client option onto a BGP peering statement. it is important to understand how a route-reflect behaves when a prefix is learned from a BGP neighbor. Three different roles are defined in BGP route-reflection. route-reflection and confederation. Other peering sessions configured on the route-reflector that do not have the route-reflectorclient option attached are considered non-clients of the route-reflector. Since the aforementioned rule does not apply to EBGP peerings. In a confederation. Route-reflection allows the establishment of one or more points of distribution for iBGP learned prefixes. Based on the provided table used to illustrate the BGP peerings in the above task. Route-reflection may be used within a subAS in confederation to further reduce the amount of peering sessions. it is evident that fully meshed iBGP peering relationships do not exist in either AS 100 or AS 200. the route is candidate to be advertised on to all client peers and all non-client peers.

there are certain cases when the prefix will not be advertised. the destination peering address must be independent of any physical interface. SW1 should be configured as a route-reflector for SW2. and R6. OR 2b. a BGP peering session may route asynchronously (different forward path than return path) and may be rerouted due to changes in the IGP topology. Since BGP relies on TCP transport. while R1 is configured as a route-reflector for SW1. Further Reading BGP Case Studies: Route Reflectors The next step in configuring BGP for this task states that the BGP peerings between R4 & R5 and R5 & R6 should remain active if R4’s connection to the Frame-Relay cloud is lost. By default. SW1 should be configured as a route-reflector for R1. Copyright © 2005 Internetwork Expert 49 . This means that if R4 peers with the IP address of R5’s Frame Relay interface. while R1 is configured as a route-reflector for R2. Some of these include because the route is not a ‘best’ path. Based upon the above described reflection behavior and the design of the BGP peering sessions in this particular task. 2a. the packet will always be generated from R4’s directly connected Frame-Relay interface. BGP packets destined for that particular peer are generated with the source IP address of the outgoing interface as listed in the IP routing table. Both of the aforementioned cases for AS 200 will result in all routes being candidate for propagation through AS 200.IEWB-RS Solutions Guide Lab 1 Pitfall The term ‘candidate to be advertised’ is used here because although the route is eligible to be advertised on to another peer. distribute-list filtering is applied to a neighbor. However. etc. the following can be inferred: 1. R4. in order to reroute the BGP peering session due to a failure of the Frame Relay connection. when a BGP peering relationship is established. the route is part of a community that dictates it not to be advertised. R5 must be configured as a route-reflector for R3. These cases will be covered in more detail later.

an extra hop is added in the transit path for the BGP packet. When an EBGP peering relationship is established between Loopback addresses. However. If unspecified. Further Reading BGP Case Studies: BGP and Loopback Interfaces Sample Configuration for iBGP and eBGP With or Without a Loopback Address 50 Copyright © 2005 Internetwork Expert . As mentioned above.IEWB-RS Solutions Guide Lab 1 As a solution to this issue. This is accomplished by issuing the neighbor [address] ebgp-multihop [ttl] BGP routing process subcommand. Pitfall The time-to-live (TTL) of an EBGP packet defaults to one. This command allows for the modification of the TTL of EBGP packets. Based on the IGP design of this network. the peering session between both R4 & R5 and R5 & R6 is configured to use their respective Loopback 0 interfaces as the destination address. the TTL value of this command defaults to the maximum (255). In order to resolve this problem. this type of peering has additional implications. will require modification of the TTL of the BGP packet. the BGP process of R4 and R5 will reject packets from the respective peers if the source address does not match the configured peering address. Therefore. regardless of whether or not the neighbors are directly connected. the outgoing interface for R4 to reach R5’s Loopback 0 interface will be R4’s Serial interface connected to the Frame Relay cloud. since the peering relationship is configured to use the Loopback 0 IP addresses. EBGP peering relationships that are established with the Loopback address as the update source. When configured. the source IP address of BGP packets destined towards a particular BGP neighbor can be manually specified. the source IP address of a BGP packet by default is dependent on the interface that the packet leaves out of. This is accomplished by adding the update-source [interface] option to the BGP neighbor statement of the appropriate peer.

this above task states that the BGP peering session between SW2 and BB2 should be authenticated by using the password CISCO. Further Reading Thwarting TCP-Reset Attacks At Public Peering Points Standard RFC 2385: Protection of BGP Sessions via the TCP MD5 Signature Option Copyright © 2005 Internetwork Expert 51 .IEWB-RS Solutions Guide Lab 1 Lastly. BGP authentication uses an MD5 hash value derived from a configured password on the neighbor statement. This password is configured by simply adding the password [password] field onto the appropriate BGP neighbor statement.

1.1.5 – 6.254 route-map LOCAL_PREFERENCE in Lab 1 52 Copyright © 2005 Internetwork Expert .IEWB-RS Solutions Guide Task 6.7 R6: ip as-path access-list 1 permit _54$ ! route-map LOCAL_PREFERENCE permit 10 match as-path 1 set local-preference 200 ! route-map LOCAL_PREFERENCE permit 1000 ! router bgp 100 neighbor 54.

it is necessary to first understand the order of the best path selection process. any value above the default of 100 is sufficient. AS-Path and MED are used to affect how traffic enters the AS. AS 100 wants traffic destined for prefixes originated in AS 54 to exit the network through the ATM circuit. the order is as follows: Weight (highest) Local-Preference (highest) Locally Originated AS-Path (shortest) Origin (IGP > EGP > ?) MED (lowest) As a general rule. the easiest way to match all these prefixes at once is by matching on the AS-Path.5 – 6. the prefixes for which the traffic flow needs to be affected are those which are originated in AS 54. Since all of these prefixes will have the common attribute of AS 54 being last (right most) AS in the path.7 Breakdown Lab 1 To understand how to affect the BGP best path selection process. Next. and the appropriate attribute is applied. you (generally) have control of how traffic leaves your AS. the AS-Path list is matched inside a route-map. Since this task specifically states to not use weight. The first step in affecting a traffic flow is to match the prefixes in question. the only option left to use is localpreference. Since AS 100 is trying to affect its outbound traffic flow. these attributes should be applied in the following manner to affect the following traffic flow: Attribute Weight Local-Preference AS-Path MED Direction Applied Inbound Inbound Outbound Outbound Traffic Flow Affected Outbound Outbound Inbound Inbound Weight and Local-Preference are used to affect how traffic leaves the autonomous system. In the above case. In the above task. Copyright © 2005 Internetwork Expert 53 . either the weight or local-preference of the prefixes in question should be modified to attain the desired behavior.IEWB-RS Solutions Guide Task 6. Since Weight and Local-Preference are higher in the decision process than AS-Path and MED. Since a higher local-preference value is preferred. Briefly. This is accomplished by defining an as-path access-list. The regular expression specified in this list will match all routes originated in AS 54.

8 – 6.11.0 R2: ip prefix-list R1_BGP_LOOPBACK seq 5 permit 150.IEWB-RS Solutions Guide Lastly. the route-map is applied to the neighbor statement pointing towards BB1 inbound.1.1.58.255.11.0 mask 255.1.1. Therefore.255.123. all routes learned from BB1 that were originated in AS 54 will have a more preferable local-preference value set.3 route-map MED out SW2: ip prefix-list R1_BGP_LOOPBACK seq 5 permit 150. Lab 1 Further Reading BGP Best Path Selection Algorithm Regular Expressions Task 6.255.0 ! router bgp 200 network 150.0/24 ! route-map MED permit 10 match ip address prefix-list R1_BGP_LOOPBACK set metric 200 ! route-map MED permit 1000 ! router bgp 200 neighbor 183.1.255.1.11.11.1 255.0/24 ! route-map MED permit 10 match ip address prefix-list R1_BGP_LOOPBACK set metric 100 ! route-map MED permit 1000 ! router bgp 200 neighbor 183.5 route-map MED out 54 Copyright © 2005 Internetwork Expert .11 R1: interface Loopback1 ip address 150.

8 – 6. Recall from the previous section how to affect traffic flow through BGP policy: Attribute Weight Local-Preference AS-Path MED Direction Applied Inbound Inbound Outbound Outbound Traffic Flow Affected Outbound Outbound Inbound Inbound To affect how traffic enters your AS. Since a lower MED value is preferred. and the metric (MED) value is set accordingly. Further Reading How BGP Routers Use the Multi-Exit Discriminator for Best Path Selection Copyright © 2005 Internetwork Expert 55 . Ensure to include the mask field in the network statement if the prefix that is being originated is not a classful network (either a subnet or a supernet). First. as long as they are both positive integers and the lower of the values is sent to R5. Since in this case there is only one prefix. modify either the AS-Path or MED attribute. which specifies which interface to enable the protocol on. a prefix-list is created which specifies an exact match for the network. Specifically. a lower value is sent to R5 than is sent to R3. The actual metric values chosen are arbitrary. AS 200 is trying to affect how traffic is entering its AS and being forwarded towards the prefix originated by R1.11 Breakdown Lab 1 The first step in originating a network into BGP is to issue the network command under the BGP process. the prefix-list is matched in a route-map. Next. as opposed to where R2 connects to R3. the prefix or prefixes in question must be matched. Since this task says that modifying the AS-Path attribute is not allowed. AS 200 would prefer traffic destined for this prefix to enter where SW2 connects to R5. the network command in BGP advertises a network into the routing domain. Unlike the IGP network command. The mechanism of setting the attribute is similar to how the localpreference value was modified in the previous section. modifying the MED attribute is the remaining option. In this particular task.IEWB-RS Solutions Guide Task 6.

1 .3 Breakdown The first step in configuring multicast routing is to issue the global configuration command ip multicast-routing.IEWB-RS Solutions Guide Lab 1 7. IP Multicast Routing Task 7.3 R2: ip multicast-routing ! interface Ethernet0/0 ip pim sparse-dense-mode ! interface Serial0/0 ip pim sparse-dense-mode R3: ip multicast-routing ! interface Ethernet0/0 ip pim sparse-dense-mode ! interface Serial1/0 ip pim sparse-dense-mode ! interface Serial1/1 ip pim sparse-dense-mode R5: ip multicast-routing ! interface Ethernet0/0 ip pim sparse-dense-mode ! interface Serial0/0 ip pim sparse-dense-mode Task 7.1 . 56 Copyright © 2005 Internetwork Expert .7. See the following section breakdown for the reasoning as to why sparse-dense-mode has been configured in this section.7. Next. Protocol Independent Multicast (PIM) should be enabled on all interfaces in the transit path of the multicast network by issuing the interface level command ip pim [sparse | dense | sparse-dense] mode.

IEWB-RS Solutions Guide Task 7.4 - 7.5
R2: interface Loopback0 ip pim sparse-dense-mode ! ip pim send-rp-discovery Loopback0 scope 16 R3: interface Loopback0 ip pim sparse-dense-mode ! ip pim send-rp-announce Loopback0 scope 16

Lab 1

Task 7.4 - 7.5 Breakdown Protocol Independent Multicast (PIM) is a multicast routing protocol that is independent of the underlying unicast reachability mechanism. Therefore, as long as IP reachability is established through the usage of some IGP, PIM can be configured independently of this IGP. PIM runs in three ‘modes’, which are defined as sparse, dense, or sparse-dense which is a combination of both. Dense mode PIM is designed for networks which have many multicast clients which are tightly spaced together. Dense mode PIM may be considered ‘implicit join’, as all devices in the PIM domain are assumed to be members of all multicast groups. If a device in the network does not wish to receive a multicast feed, it sends a ‘prune’ message towards the source. This prune message instructs upstream routers to stop sending the traffic for the particular group. This is commonly referred to as ‘flood and prune’ behavior. Sparse mode PIM is designed for network which have multicast clients that are few and far between. Unlike PIM dense mode, devices in the sparse mode domain will not receive traffic for any multicast groups unless they send a join message for that group. Sparse mode is therefore considered to be an ‘explicit join’ mechanism. In order to optimize initial forwarding of streams through the sparse multicast domain, a central ‘rendezvous point’ (RP) is an integral part of PIM sparse mode. When a client wishes to send a multicast feed into the network, the feed is first sent to the RP. Similarly, when a client wishes to join a multicast feed, a ‘register’ message is sent to the RP. Once the multicast feed has successfully propagated from the sender to the receiver, devices in the transit path will automatically optimize the transit path by converting from a shared multicast tree to a shortest path multicast tree.

Copyright © 2005 Internetwork Expert

57

IEWB-RS Solutions Guide

Lab 1

An RP may be configured in the PIM domain manually or through an automatic advertisement method. Automatic advertisement methods include Auto-RP and bootstrap router (BSR). Auto-RP defines two roles in the PIM domain, the candidate-RP and the mapping agent. The candidate RP uses multicast messages to advertise itself to the mapping agent. The mapping agent advertises itself through multicast messages, and is responsible for group to RP mappings. Bootstrap router (BSR), much like Auto-RP, defines two roles in the PIM domain. The bootstrap router is responsible for group to RP mappings, while the candidate RP advertises itself to the BSR via unicast messages. Although BSR would be a valid solution to this task, Auto-RP configuration is shown in the above code output. When configuring Auto-RP, is important understand the implications in the fact that both the RP announce and RP discovery messages are sent via multicast. Routers in a sparse mode PIM domain must know about a RP in order to join a multicast group. However, since the Auto-RP advertisement messages are multicast, a sparse mode router must join the Auto-RP groups (224.0.1.39 & 224.0.1.40) in order to learn about candidate RPs that exist in the network. This results in a paradox like recursive error. To join a group, the router must first know who the RP is, but to know who the RP is, it must first join a group. To deal with this inherent design flaw, sparse-dense-mode PIM was conceived. In sparse-dense-mode, groups which have a valid RP will be marked as sparse, while groups that do not have an RP will be marked as dense. Therefore, a sparse-dense device may be dense for groups 224.0.1.39 & 224.0.1.40, while at the same time it can be sparse for any groups advertised through Auto-RP. In order to define the mapping agent, issue the ip pim send-rp-discovery [interface] scope [scope] global configuration command, where interface is the IP address to advertise as the mapping agent and scope is the TTL of the discovery message. In order to define a candidate RP, issue the ip pim send-rpannounce [interface] scope [scope] global configuration command, where interface is the IP address to advertise as the candidate RP and scope is the TTL of the advertisement message.

Pitfall
When using a Loopback interface for the discovery or candidate-RP advertisement, ensure to enable PIM on the Loopback interface.

58

Copyright © 2005 Internetwork Expert

IEWB-RS Solutions Guide

Lab 1

Further Reading
Configuring a Rendezvous Point Task 7.6 - 7.7
R5: interface Ethernet0/0 ip igmp join-group 226.26.26.26 ip mroute 183.1.2.0 255.255.255.0 183.1.0.3 ip mroute 150.1.2.2 255.255.255.255 183.1.0.3

Task 7.6 - 7.7 Breakdown In order to facilitate in testing IP multicast reachability throughout the network, a router can be instructed to receive multicast traffic. This is accomplished by issuing the interface command ip igmp join-group [group_address]. Unlike the ip igmp static interface command, when a router issues an IGMP ‘join’, the CPU must actually process the multicast group. Therefore, a router configured with an IGMP join statement will respond to ICMP echo requests sent to the group that is has joined. In order to prevent looping of multicast feeds the router performs a reverse-path forwarding (RPF) check whenever a multicast packet is received on an interface. If the outgoing interface for the unicast route to the source IP address of the multicast packet is different than the interface that the multicast packet was received on, the RPF check will fail. In the above task, R5’s unicast route to R2 is out its Ethernet interface. However, multicast packets sent from R2 to R5 will be received in R5’s serial interface. In order to prevent the RPF check from failing on these multicast packets, a static multicast route (mroute) has been configured on R5. Unlike a unicast static route, a static multicast route does not actually direct any traffic in or out a particular interface. Instead, a static mroute is used to change the interface for which the incoming multicast feed is expected. Therefore, configuring a static mroute on R5 for both R2’s Loopback 0 and Ethernet0/0 interfaces (the source of the Auto-RP and ICMP messages) will force the RPF check to be successful.

Further Reading
IP Multicast Technology Overview: Reverse Path Forwarding (RPF)

Copyright © 2005 Internetwork Expert

59

8 Breakdown By default.8 R3: access-list 1 deny 239.255.0 0.IEWB-RS Solutions Guide Task 7.255 access-list 1 permit any ! interface Ethernet0/0 ip igmp access-group 1 Lab 1 Task 7. 60 Copyright © 2005 Internetwork Expert .255. create a standard IP access-list that permits or denies the groups in question.0.0. and apply it to the interface with the command ip igmp access-group [accesslist]. a host can join any multicast group that it wishes to on a segment running IP multicast routing. To control which groups a host can join.

the 24-bit vendor-id and the 24-bit extension-id.8004. global unicast IPv6 addressing is configured on the Ethernet interfaces of R4 and R5.FE04. In the above case the EUI-64 addresses are specifically derived as follows. The modified EUI-64 address is derived from the MAC address of the interface. Per RFC 2373 all addresses the in the global unicast range (001 in the 3 most significant bits) are required to have 64-bit interface identifiers in this EUI-64 format. the MAC address is split into two portions. from the MAC address pool of the router.8e01 (bia 0050.IEWB-RS Solutions Guide Lab 1 8. The host portions of these addresses are derived from the modified EUI-64 addressing format. line protocol is up Hardware is AmdP2.8004. First. This not only allows the routing of IPv6 datagrams through dynamic protocols such as RIPng and IS-IS.8e01) Next. but also enables ICMPv6 processing on IPv6 enabled interfaces.1 Breakdown The first step in enabling IPv6 is to issue the ipv6 unicast-routing command in global configuration mode. address is 0050. Between these fields the hex sequence 0xFFFE is inserted. Once IPv6 routing is enabled. the MAC address of the Ethernet interface is examined: Rack1R4#show interface ethernet0/1 Ethernet0/1 is up. or if the interface does not have a MAC address (such as a serial or tunnel interface).80FF. Copyright © 2005 Internetwork Expert 61 .1 R4: ipv6 unicast-routing ! interface Ethernet0/1 ipv6 address 2001:CC1E:1:404::/64 eui-64 R5: ipv6 unicast-routing ! interface Ethernet0/0 ipv6 address 2001:CC1E:1:505::/64 eui-64 Task 8. In the above case this results in the address 0050. IPv6 Task 8.8E01.

80FF.8E01: 0050.2 .8.80FF. The host address is appended to the network prefix. the 7th most significant bit.FE04.5 tunnel destination 150.5.1.VLAN 4 Global unicast address(es): 2001:CC1E:1:404:250:80FF:FE04:8E01.8E01 00 = 00000000 = 00000010 (inverted) = 02 Lab 1 Lastly the dots are replaced with colons to follow the IPv6 address notation and any leading zeros are dropped.IEWB-RS Solutions Guide Next.5 tunnel mode ipv6ip R5: interface Tunnel0 ipv6 address 2001:CC1E:1:4545::5/64 tunnel source 150.1.4. line protocol is up IPv6 is enabled. link-local address is FE80::250:80FF:FE04:8E01 Description: . resulting in the final global unicast address: 2001:CC1E:1:404:250:80FF:FE04:8E01 This address can be verified on the command line by issuing either the show ipv6 interface ethernet0/0 command or the show ipv6 interface brief command: Ethernet0/1 is up.FE04.4 tunnel mode ipv6ip 62 Copyright © 2005 Internetwork Expert .4.1. is inverted resulting in the address 0250.4 tunnel destination 150. subnet is 2001:CC1E:1:404::/64 <output omitted> Rack1R4#show ipv6 interface brief | begin Ethernet0/1 Ethernet0/1 [up/up] FE80::250:80FF:FE04:8E01 2001:CC1E:1:404:250:80FF:FE04:8E01 <output omitted> Task 8.4 R4: interface Tunnel0 ipv6 address 2001:CC1E:1:4545::4/64 tunnel source 150.5.1. known as the universal/local bit. resulting in the final host address 250:80FF:FE04:8E01.

To verify that the protocol is enabled. With IPv6IP tunneling there is less overhead than GRE.IEWB-RS Solutions Guide Task 8.4 Breakdown Lab 1 The above configuration demonstrates how to tunnel IPv6 datagrams over an existing IPv4 transit network using IPv6IP encapsulation. RIPng uses IPv6 multicasts to the address FF02::9 using UDP port 521. where tag is a locally significant process-id name. IPv6. Copyright © 2005 Internetwork Expert 63 .2 – 8. IPX. The default mode for tunnel interfaces is to use GRE encapsulation. IPv6IP tunnels use IP protocol number 41.8. where tag is the process-id previously defined. issue the show ipv6 protocols or show ipv6 rip.8.5 .7 R4: ipv6 host Rack1R5 2001:CC1E:1:505:206:D7FF:FEA8:3021 ! interface Tunnel0 ipv6 rip CISCO enable Quick Note ! R5’s global unicast address interface Ethernet0/1 based off of EUI-64 host portion. With GRE tunneling.5 . ! ipv6 router rip CISCO Task 8. ipv6 rip CISCO enable ! ipv6 router rip CISCO R5: ipv6 host Rack1R4 2001:CC1E:1:404:250:80FF:FE04:8E01 ! interface Tunnel0 ipv6 rip CISCO enable ! Quick Note interface Ethernet0/0 R4’s global unicast address ipv6 rip CISCO enable based off of EUI-64 host portion. and can be enabled by issuing the statement tunnel mode ipv6ip on the tunnel interface. enable RIPng processing on the interface with the interface level command ipv6 rip [tag] enable. Task 8. Next. From the below output it can be seen that RIPng is enabled on the Ethernet0/1 and Tunnel0 interfaces of R4. multiple layer 3 protocols are supported. and CLNS. such as IP.7 Breakdown The first step in enabling RIP for IPv6 (RIPng) is to issue the ipv6 router rip [tag] command. but similar to IPIP tunneling only IPv6 can be in the payload of the IPv4 encapsulated packet.

link-local address is FE80::9601:404 Global unicast address(es): 2001:CC1E:1:4545::4. subnet is 2001:CC1E:1:4545::/64 Joined group address(es): FF02::1 FF02::2 Quick Note FF02::9 Tunnel is listening for FF02::1:FF00:4 RIPng multicast packets.BGP U . IA .OSPF ext 2 R 2001:CC1E:1:505::/64 [120/2] via FE80::9601:505.Per-user Static route I1 . FF02::1:FF01:404 MTU is 1480 bytes ICMP error messages limited to one every 100 milliseconds ICMP redirects are enabled ND DAD is enabled. poison reverse is off Default routes are not generated Periodic updates 7.RIP. port 521. Lab 1 Rack1R4#show ipv6 route rip IPv6 Routing Table . line protocol is up IPv6 is enabled.7 entries Codes: C . OI . multicast-group FF02::9. pid 168 Administrative distance is 120.ISIS L2.OSPF inter. Tunnel0 64 Copyright © 2005 Internetwork Expert . garbage collect after 120 Split horizon is on. OE1 . expire after 180 Holddown lasts 0 seconds.ISIS interarea O . S .IEWB-RS Solutions Guide Rack1R4#show ipv6 protocols IPv6 Routing Protocol is "connected" IPv6 Routing Protocol is "static" IPv6 Routing Protocol is "rip CISCO" Interfaces: Ethernet0/1 Tunnel0 Redistribution: None Rack1R4#show ipv6 rip RIP process "CISCO".ISIS L1.Static. trigger updates 2 Interfaces: Ethernet0/1 Tunnel0 Redistribution: None Rack1R4#show ipv6 interface tunnel0 Tunnel0 is up.Local. B . R .OSPF intra.OSPF ext 1. OE2 . L . Maximum paths is 16 Updates every 30 seconds.Connected. I2 . number of DAD attempts: 1 ND reachable time is 30000 milliseconds Hosts use stateless autoconfig for addresses.

End with CNTL/Z. such as the main interface in Frame Relay or ATM. layer 3 to layer 2 resolution for this address is not required.temporary. This task also demonstrates how to configure static DNS entries for IPv6 with the ipv6 host command. static layer 3 to layer 2 resolution is required for the link-local address of the remote end. OK .IEWB-RS Solutions Guide Lab 1 Note that in the above output the network 2001:CC1E:1:505::/64 recurses to the IPv6 next-hop address FE80:: 9601:505 out the Tunnel0 interface. Rack1R4(config)#ipv6 host Rack1R5 2001:CC1E:1:505:206:D7FF:FEA8:3021 Rack1R4(config)#do show hosts Default domain is not set Name/address lookup uses static mappings Codes: UN . To find the appropriate address to use issue the show ipv6 interface brief command to see the full global-unicast address assigned to the interface.expired. round-trip min/avg/max = 4/7/8 ms Copyright © 2005 Internetwork Expert 65 . This is the link-local IPv6 address of R5’s Tunnel0 interface.unknown.Not Applicable None . Sending 5. EX . timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5). Since the tunnel is a pointto-point interface. For situations where dynamic routing is enabled over multipoint NBMA interfaces. 100-byte ICMP Echos to 2001:CC1E:1:505:206:D7FF:FEA8:3021. Sending 5. OK) 0 IPv6 Rack1R4(config)#do ping Rack1R5 Translating "Rack1R5" Address(es) 2001:CC1E:1:505:206:D7FF:FEA8:3021 Type escape sequence to abort. one per line.revalidate temp . ?? . 100-byte ICMP Echos to 2001:CC1E:1:505:206:D7FF:FEA8:3021.permanent NA .OK. perm . timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5). round-trip min/avg/max = 8/8/8 ms Rack1R4#conf t Enter configuration commands.Not defined Host Port Flags Age Type Rack1R5 None (perm. Rack1R5#show ipv6 int brief | begin Ethernet0/0 Ethernet0/0 [up/up] FE80::206:D7FF:FEA8:3021 2001:CC1E:1:505:206:D7FF:FEA8:3021 <output omitted> Rack1R4#ping 2001:CC1E:1:505:206:D7FF:FEA8:3021 Type escape sequence to abort.

and a 1500 byte packet will take 1.9. Each device has a T1 connection to the Frame Relay cloud (1. The first case is required when the physical interface clocking differs from the provisioned rate on the circuit.1 .7 Breakdown Frame Relay Traffic Shaping is designed to control the amount of traffic the router sends out an interface or a particular DLCI.536 Mbps).9.1 . one of which is the hub for the other three devices.5 ms to be transmitted. Common reasons for using Frame Relay Traffic Shaping are to force the router to conform to the rate subscribed with the Frame Relay service provider. QoS Task 9. the hub will be receiving three times T1. or 1000 bits per millisecond. The second case typically occurs in a partial mesh environment. This is due to the fact that the router always sends traffic out an interface at the line rate. or to throttle a higher speed site so that it does not overrun a lower speed site. If each spoke sends at line rate. Traffic sent in short bursts can quickly exceed a service providers policing interval if the serialization delay is much faster than the provisioned rate.7 R5: map-class frame-relay DLCI_504 frame-relay cir 512000 frame-relay bc 25600 frame-relay be 51200 frame-relay mincir 384000 frame-relay adaptive-shaping becn ! map-class frame-relay DLCI_513 frame-relay cir 128000 frame-relay bc 6400 frame-relay be 0 frame-relay mincir 96000 frame-relay adaptive-shaping becn ! interface Serial0/0 frame-relay interface-dlci 504 class DLCI_504 frame-relay interface-dlci 513 class DLCI_513 Task 9.144 Mbps. a 100Mbps Ethernet interface will always send traffic at one-hundred million bits per second. This rate is called the serialization delay.512 ms to be transmitted. 6. Suppose that there are four devices on an NBMA cloud. 66 Copyright © 2005 Internetwork Expert . For example. This is clearly beyond what the interface can support.IEWB-RS Solutions Guide Lab 1 9. That means that a 64 byte packet will take .

Policing differs in that the router is allowed to borrow future credits. This is the rate in bits per second that the router will attempt to average over a one second period. AR is commonly referred to as “port speed”. Traffic-shaping differs from traffic-policing in that shaping is designed to buffer traffic in excess of the target rate. To understand Frame Relay Traffic Shaping it is first necessary to understand the terms used in FRTS: AR . the amount of credit equaling the packet’s size in bits must have been earned. The default CIR when traffic-shaping is enabled on an interface is 56kbps. CIR . Copyright © 2005 Internetwork Expert 67 . Traffic-shaping does not permit the borrowing of future credits. Before a packet can be sent. When the AR is the physical speed of the interface. or the rate at which the Frame Relay service provider is policing all traffic received. This may or may not equal the provider’s provisioned rate. and in turn is permitted to go into a debt situation of having to “pay” back credits. the CIR value in the FRTS algorithm is simply the average output rate. it is determined by the configured clock rate on the DCE end. Traffic cannot be sent in to the Frame Relay cloud at above this rate.Committed Information Rate. After this point all credits must be earned. For this reason shaping must be enabled on the hub in order to ensure that the spokes are not overwhelmed. but the spokes have differing port speeds that are much lower than 1. R5 has a T1 connection to the Frame Relay cloud. This value is either the actual physical speed of the interface.Available Rate or Access Rate.IEWB-RS Solutions Guide Lab 1 This is the case that is described in this scenario. whereas policing is designed to drop traffic in excess of the target rate.536 Mbps. traffic-shaping uses a system of credits. the router is given a full allotment of credits. Note When traffic-shaping is applied to an interface. To accomplish this. Pitfall The CIR configured on the router is not related to the rate at which the Frame Relay service provider has provisioned the circuit. Although the service provider may refer to the provisioned rate as the CIR. CIR as also referred to as “target rate”.

The rate at which the router will throttle down to at a minimum if a BECN is received from the Frame Relay cloud. The Bc bucket is refilled at each new Tc. It is a common misconception that Be can only store credits from the previous interval or the previous second.Minimum CIR. they roll over to the Be bucket. The largest amount of traffic that can be sent in a single interval is Bc + Be.IEWB-RS Solutions Guide Lab 1 MINCIR . Typically this is set to the provisioned rate that the Frame Relay service provider guarantees to accept. and the minimum value is 10ms (1/100th of a second). Be defaults to zero bits. The shaping algorithm is allowed to send Bc bits out the interface per Tc interval. Theoretically the Frame Relay provider will set the DE bit for all traffic above this rate. The number of committed bits allowed to be sent during a given interval. Commonly this is referred to as the committed bits the Frame Relay service provider has agreed to accept. the credits are lost. The maximum value of Tc is 125ms (1/8th of a second). If the Be bucket is full. as there should never be a reason to throttle down to a speed lower than is provisioned for the circuit in the provider cloud. The number of non-committed bits the router is allowed to send above Bc if there is sufficient credit. This is not true. If there are bits left in the Bc bucket that were not used in the previous interval. Tc – Time Committed. 68 Copyright © 2005 Internetwork Expert . Be - Note There is no limit to how long Be can “store” unused Bc credits. Time in milliseconds in which the second is divided.1 Bc Committed Burst. but this is only true if the configured CIR equals the provisioned CIR of the Frame Relay service provider. Excess Burst. The amount of Be “credits” is derived from unused Bc credits in previous intervals. the output rate is CIR. This value is also used to calculate the available bandwidth value used in the MQC. MINCIR defaults to half the configured CIR Note For more information on the MQC “available bandwidth” value see Lab 3 Task 9. If Bc bits are sent per interval in every interval in that second.

IEWB-RS Solutions Guide Lab 1 The first step in configuring FRTS is to enable FRTS on the interface. For DLCIs which require a different output rate than 56000 bps. all DLCIs on that interface (including any subinterfaces) are assigned the default CIR value of 56000 bps. This is accomplished by issuing the interface level command frame-relay trafficshaping. the CIR must be adjusted. Verification R1# interface Serial0/0 encapsulation frame-relay frame-relay traffic-shaping R1#show traffic-shape Interface Access VC List 103 104 105 113 102 Se0/0 Target Byte Rate Limit 56000 875 56000 875 56000 875 56000 875 56000 875 Sustain bits/int 7000 7000 7000 7000 7000 Excess Interval Increment Adapt bits/int (ms) (bytes) Active 0 125 875 0 125 875 0 125 875 0 125 875 0 125 875 - VC – DLCI Target Rate – CIR Byte Limit – Bc * 8 Sustain bits – Bc Excess bits – Be Interval – Tc Adapt – BECN adapt Copyright © 2005 Internetwork Expert 69 . Pitfall Once FRTS has been enabled on the interface.

To define the map-class issue the map-class frame-relay [name] global configuration command. and is derived from the following formula: Bc = CIR * Tc/1000 70 Copyright © 2005 Internetwork Expert . the various FRTS parameters must be configured.Used to define the CIR for the map-class. Default = CIR/2 bps priority-group VC priority queueing tc Policing Measurement Interval (Tc) traffic-rate VC traffic rate voice voice options Once the map-class has been defined. Default = none bc Committed burst size (Bc). Verification R1(config)#map-class frame-relay FRTS R1(config-map-class)#frame-relay ? adaptive-shaping Adaptive traffic rate adjustment. Note that mincir is only used in conjunction with adaptive shaping. Default = 120 sec interface-queue PVC interface queue parameters ip Assign a priority queue for RTP streams mincir Minimum acceptable CIR. Default = 0 bits cir Committed Information Rate (CIR).Used to define the committed burst size (Bc). frame-relay bc bits .IEWB-RS Solutions Guide Lab 1 Next. FRTS parameters should be defined in a frame-relay map-class (not to be confused with the MQC class-map). Default = 56000 bps congestion Congestion management parameters custom-queue-list VC custom queueing end-to-end Configure frame-relay end-to-end VC parameters fair-queue VC fair queueing fecn-adapt Enable Traffic Shaping reflection of FECN as BECN fragment fragmentation . Setting the Bc indirectly sets the Tc. Default = 56000 bits be Excess burst size (Be). frame-relay mincir bps . This is the target rate the router will attempt to send data at.Requires Frame Relay traffic-shaping to be configured at the interface level holdq Hold queue size for VC idle-timer Idle timeout for a SVC. Mincir is the lowest rate at which the router will throttle down to in the event of congestion.Used to define the mincir for the map-class. These various options are: frame-relay cir bps . The default mincir value is half of the configured CIR.

Be = (AR – CIR) X Tc/1000 Again.Used to have the router reflect FECNs as BECNs. this value effectively specifies the difference between the average rate and the maximum rate per interval. and what the maximum output supported is (Be + Bc per interval. The token bucket revolves around the values of the CIR. This is normally used in situations where one router is only sending and the other is only receiving. Bc. What the above relation basically says is that if you send Bc bits per Tc milliseconds you are averaging CIR bits per second. frame-relay adaptive-shaping {becn | foresight} . The router will continue to throttle down 25% each Tc until BECNs are no longer received or until MINCIR is reached. As the CIR is in bits per second. An example would be where one site is streaming video to another site.Used to allow the router to throttle back in the event of congestion. or CIR per second). Be is effectively the difference between what the average output is (Bc per Tc.Used to define the excess burst size (Be). While this is true. milliseconds must be converted to seconds (1000ms per second). The second formula that the shaping algorithm uses is the Be calculation. The router will throttle back 25% per Tc when BECNs are received. Be is typically derived from the formula: Be = (AR – CIR) * Tc/1000. Copyright © 2005 Internetwork Expert 71 . or AR per second) Be can be calculated as follows. it is commonly confusing because the Tc value as the frame-relay map-class accepts it is in milliseconds. and Tc.IEWB-RS Solutions Guide Lab 1 frame-relay be bits . The Frame Relay Traffic Shaping algorithm uses a token bucket to manage the flow of traffic. where AR is the access rate of the interface. All of these values are mathematically related as follows: CIR = Bc X 1000/Tc Bc = CIR X Tc/1000 Tc = Bc/CIR X 1000 Most FRTS references state that Bc = CIR X Tc. frame-relay fecn-adapt .

The shaping interval (Tc) specified is 50ms. is provisioned 128Kbps. is provisioned 512Kbps. The second. The first. Since the provisioned rate on the circuits are different than the access rate of the interface. This task specifies that R5 supports a maximum transmission rate of 1536Kbps. which connects to R3. From this information we can infer that the following values should be configured on R5: DLCI CIR (bps) Tc (ms) Bc (bits) Be (bits) 513 128000 50 6400 0 504 512000 50 25600 51200 72 Copyright © 2005 Internetwork Expert .IEWB-RS Solutions Guide Lab 1 Now let’s apply the above calculation to the task in question. shaping should be applied. but not for VC 513. which connects to R4. It is also specified that R5 should be allowed to burst up to the access rate for VC 504. R5 has two VCs into the Frame Relay cloud.

it can be applied in two ways. When a class is applied with the interface level command frame-relay class [name].IEWB-RS Solutions Guide Lab 1 Once the map-class has been defined. Verification R1(config)#map-class frame-relay FRTS R1(config-map-class)#frame-relay cir 640000 R1(config-map-class)#interface serial0/0 R1(config-if)#frame-relay traffic-shaping R1(config-if)#frame-relay class FRTS R1#show traffic-shape Interface Access VC List 103 104 105 113 102 Se0/0 Target Rate 640000 640000 640000 640000 640000 Byte Limit 10000 10000 10000 10000 10000 Sustain bits/int 640000 640000 640000 640000 640000 Excess bits/int 0 0 0 0 0 Interval (ms) 125 125 125 125 125 Increment (bytes) 10000 10000 10000 10000 10000 Adapt Active - Copyright © 2005 Internetwork Expert 73 . all DLCIs on that interface (and all DLCIs on all subinterfaces if configured on the main interface) will inherit the class. on a per interface basis or a per DLCI basis.

IEWB-RS Solutions Guide FRTS can also be applied on a per DLCI basis by issuing the class [class] command under the frame-relay interface-dlci [dlci] mode. and compare your answers to those provided. Lab 1 Verification R1(config)#map-class frame-relay DLCI_103 R1(config-map-class)#frame-relay cir 512000 R1(config-map-class)#interface serial 0/0 R1(config-if)#frame-relay interface-dlci 103 R1(config-fr-dlci)#class DLCI_103 R1#show traffic-shape Interface Access VC List 103 104 105 113 102 Se0/0 Target Rate 512000 640000 640000 640000 640000 Byte Limit 8000 10000 10000 10000 10000 Sustain bits/int 512000 640000 640000 640000 640000 Excess Interval Increment bits/int (ms) (bytes) 0 125 8000 0 125 10000 0 125 10000 0 125 10000 0 125 10000 Adapt Active - Still confused? Try it some more! There are numerous examples of Frame Relay Traffic Shaping included in Internetwork Expert’s CCIE Routing & Switching Lab Workbook. Try the different sections on paper. see the following presentation by Brian Dennis: Frame-Relay Traffic Shaping 74 Copyright © 2005 Internetwork Expert . Further Reading For an in depth overview of Frame-Relay Traffic Shaping (FRTS).

CAR is configured using the MQC. call the predefined class-map by issuing the class [name] command. traffic that exceeds the configured burst per interval will be dropped. In the above example. can be configured in two ways.IEWB-RS Solutions Guide Task 9. The first step in configuring traffic policing using the MQC is to define the traffic that will be policed.10 Breakdown Traffic policing is a very effective method to enforce a maximum threshold of bandwidth that a certain type of traffic cannot exceed. and then specify the QoS mechanism to apply.9. Traffic policing. Under the policy-map. This is accomplished by creating a class-map. In the above task.9. In the case of CAR. Ensure to issue the global configuration command ip cef whenever using the match protocol statement under a class-map.10 R1: ip cef ! class-map match-all ICMP match protocol icmp ! policy-map POLICE_ICMP class ICMP police cir 128000 bc 4000 ! interface Ethernet0/0 service-policy output POLICE_ICMP Lab 1 Task 9. CAR can also be configured using the modular quality of service command line interface (MQC) by issuing the police statement under the policymap. it is requested that ICMP traffic be policed.8 . The policy-map defines what QoS mechanisms will be applied to a particular traffic class. By entering the police cir [bps] bc [burst] command. Copyright © 2005 Internetwork Expert 75 . The next step in configuring the MQC is to define the policy-map.8 . Note NBAR requires Cisco Express Forwarding (CEF) switching. The legacy application of CAR is to configure the rate-limit statement on the interface. ICMP can be matched using network based application recognition (NBAR) by issuing the match protocol command inside the class-map. also known as committed access rate (CAR) or rate-limiting. the policy-map sub-command is police.

Verification R1#show policy-map interface ethernet 0/0 Ethernet0/0 Service-policy output: POLICE_ICMP Class-map: ICMP (match-all) 0 packets. 0 bytes. bc 4000 bytes conformed 0 packets. 0 bytes. To verify your configuration. The input or output keyword determines the direction that the policy-map is applied. issue the show policy interface [interface] command. exceed 0 bps Class-map: class-default (match-any) 8 packets. to apply the policy-map to the interface. actions: drop conformed 0 bps. drop rate 0 bps Match: protocol icmp police: cir 128000 bps. 769 bytes 5 minute offered rate 0 bps. actions: transmit exceeded 0 packets. drop rate 0 bps Match: any 76 Copyright © 2005 Internetwork Expert . issue the service-policy [input | output] [policy-map] interface command.IEWB-RS Solutions Guide Lab 1 Lastly. 0 bytes 5 minute offered rate 0 bps.

100 eq www syn log-input permit ip any any ! interface Ethernet0/0 ip access-group SYN_ATTACK in SW2: ip access-list extended SYN_ATTACK permit tcp any host 183.2.IEWB-RS Solutions Guide Lab 1 10. Copyright © 2005 Internetwork Expert 77 .10. Security Task 10.3 R3: ip access-list extended SYN_ATTACK permit tcp any host 183.2.100 eq www syn log-input permit ip any any ! interface Vlan82 ip access-group SYN_ATTACK in Task 10.3 Breakdown One way to track what type of traffic is being received in an interface is to apply an access-list that is being logged.10.1 . By adding the log-input option to the end of an access-list.1 . both the incoming interface and the source layer 2 address that the packet originated from on that particular segment will be included in the log message.1.1.

255 any permit tcp any host 183.100 eq www syn log-input permit ip any any R6: ip access-list extended SYN_ATTACK deny ip 183. simply configure an extended IP access-list that denies traffic from your own address space.1.255.0 0. 78 Copyright © 2005 Internetwork Expert .0.255.IEWB-RS Solutions Guide Task 10.1.100 eq www syn log-input permit ip any any SW2: ip access-list extended SYN_ATTACK deny ip 183.0.4 R3: ip access-list extended SYN_ATTACK deny ip 183. Since your address space can only exist within your internal network. To prevent this.0 0.0.0 0.255 any permit ip any any ! interface ATM0/0/0 ip access-group SYN_ATTACK in Lab 1 Task 10.1.2.255 any permit tcp any host 183.2.1.1.255.0.4 Breakdown A common practice to prevent address spoofing is to deny traffic that is originated from your IP address space from entering your network. it is never valid when a packet is received on an outside interface of your network and it has been sourced from an address that is within your own address space.0. and apply it inbound on the outside interfaces of your network.0.

The second part of RMON consists of an event. events and alarms.1 60 delta rising-threshold 15000 1 falling-threshold 5000 2 rmon event 1 trap IETRAP description "Above 15000 for ifInUcastPkts" rmon event 2 trap IETRAP description "Below 5000 for ifInUcastPkts" snmp-server host 183.1 . An RMON event is the resulting action taken when an alarm is tripped.11. The SNMP trap is sent to a network management station (NMS) with the IP address 183. An RMON alarm is defined by issuing the rmon alarm global configuration command.100 IETRAP Task 11.100 using the community string IETRAP.1.17.5 R2: rmon alarm 1 ifEntry. System Management Task 11. Further Reading Configuring RMON Support Copyright © 2005 Internetwork Expert 79 .11. or the absolute change of the variable. Alarms define a particular situation that occurs on the router.17.5 Breakdown Remote Monitoring (RMON) can be used to create event driven SNMP traps based on arbitrary Management Information Bases (MIBs) that a particular device supports. and tracks the value of a MIB based on the delta (relative change) of the variable.1 . an SNMP trap is generated when the amount of input packets on an interface exceeds 15000.IEWB-RS Solutions Guide Lab 1 11. RMON is used to track interface utilization.11. In the above task. RMON consists of two parts. such as an increase or decrease in a MIB value. and again when the amount of input packets falls below 5000. In the above case.1.

syslog messages are sourced from the IP address of the outgoing interface used to reach the syslog server. Further Reading Enabling Management Protocols: Syslog 80 Copyright © 2005 Internetwork Expert .11.17.6 . use the global configuration command syslog sourceinterface [interface]. The logging ‘facility’ is a way to format log messages so that they can be more easily parsed from the syslog server’s log files. To change the facility that syslog messages are generated in. where address is the IP address of the server running the syslog service. issue the global command logging facility [facility]. To configure syslog logging.17.1.10 Breakdown Syslog is a service used to collect and store device logs.11.100 facility local6 source-interface Loopback0 Lab 1 Task 11. simply enter the global configuration command logging [address].100 logging facility local5 logging source-interface Loopback0 SW1 and logging logging logging SW2: 183.IEWB-RS Solutions Guide Task 11.6 .1. To adjust the source address of syslog packets. By default.10 R1 through R6: logging 183.

254 R1.15 R3: ntp server 204.6 R6: ntp server 54.1. R5.11 .6 Lab 1 Task 11. An NTP server relationship is when a client gets time from the server.254 ntp peer 150. To enable NTP. An NTP peering relationship is when two devices can get time from each other depending on which device has the lower stratum.6.3.3 R4.15 Breakdown Network Time Protocol (NTP) is a standards based protocol used to keep consistent time throughout the devices in the network.1. or hop count.11 .11.1. issue the global configuration command ntp [server | peer] [address]. Further Reading Performing Basic System Management: Configuring NTP Copyright © 2005 Internetwork Expert 81 . R2. NTP uses a ‘stratum’. and SW2: ntp server 150.1. to determine how far away neighboring devices are from the master time source in the network.6.IEWB-RS Solutions Guide Task 11.11. Devices with a lower stratum are considered to be more reliable time sources. and SW1: ntp server 150.12.1.1.

16 Breakdown Further Reading NTP authentication is used to ensure the authenticity of a time source.254 key 1 Task 11.1.12.1.1.IEWB-RS Solutions Guide Task 11.16 R3: ntp ntp ntp ntp R6: ntp ntp ntp ntp authentication-key 1 md5 CISCO authenticate trusted-key 1 server 204.254 key 1 Lab 1 authentication-key 1 md5 CISCO authenticate trusted-key 1 server 54. For particulars on NTP authentication. 82 Copyright © 2005 Internetwork Expert . see the white paper entitled Understanding Network Time Protocol (NTP) Authentication by Brian McGahan.

3 Breakdown IP accounting can be used to track how many packets are received or sent out an interface. how many packets violate an access-list policy configured on an interface.IEWB-RS Solutions Guide Lab 1 12. To account for packets based on IP precedence values. issue the global command ip accounting-threshold. To configure IP accounting. To show entries in the accounting table.12. and track packets with an IP precedence value that are sent or received out an interface.12.1 . add the precedence keyword to the accounting statement. To configure how many entries are kept in the local accounting table. IP Services Task 12. issue the ip accounting interface level command.1 .3 R2: interface Serial0/0 ip accounting precedence input ip accounting precedence output ! ip accounting-threshold 50000 R3: interface Serial1/0 ip accounting precedence input ip accounting precedence output ! ip accounting-threshold 50000 Task 12. Further Reading Configuring Precedence Accounting Copyright © 2005 Internetwork Expert 83 . issue the show ip accounting command.

the active router and the standby router.7 R5: interface Ethernet0/0 standby 1 ip 183. when a hosts ARPs for the configured virtual default gateway.4 . Preemption means that the router will forcibly take over the active status. This value is configurable.IEWB-RS Solutions Guide Task 12.12.12.7 Breakdown Hot Standby Routing Protocol (HSRP) is a method used to offer default gateway redundancy to end stations in the network.1. Therefore. Once a router is elected the active router.58.4 . and the default value is 100.254 standby 1 priority 50 standby 1 preempt Lab 1 Task 12. If the line protocol of the interface goes down. By issuing the track option of the standby statement. the active router responds on its behalf. In the case that the active router becomes unreachable. The active router is responsible for replying for ARP requests sent to the virtual IP address. its status cannot be taken away unless it becomes unreachable. the router’s priority is decremented by a default value of 10. or a device with a higher priority is configured to preempt the election. HSRP defines two roles.1. the standby router assumes the active role and begins to respond to traffic sent to the virtual address.58. a router can be configured to watch the status of an interface. HSRP uses a priority value to determine which device on the segment is the active router. or relinquishes active status due to an interface going down. issue the show standby command. To verify HSRP configuration. Further Reading Using HSRP for Fault-Tolerant IP Routing 84 Copyright © 2005 Internetwork Expert . HSRP offers the ability to decrement the device’s priority value when an interface goes down. In addition to losing active status due to becoming unreachable. A higher value is better.254 standby 1 preempt standby 1 track Serial0/0 100 SW2: interface FastEthernet0/15 standby 1 ip 183.

The first step in configuring NAT is to define the inside local address pool.0 0. the ‘inside’ and ‘outside’ addresses of the NAT process should be defined. all traffic sourced from the 183. packets matched by the inside local access-list will have their source addresses translated as they come in the inside interface and exit the outside interface.0 network is translated to the IP address that is shared with the interface Ethernet0/0.1.IEWB-RS Solutions Guide Task 12.0. since a state table of port numbers must be maintained so that multiple inside hosts can share the same globally routable IP address.0.255 ! ip nat inside source list 2 interface Ethernet0/0 overload ! interface Ethernet0/0 ip nat outside ! interface Serial1/0 ip nat inside ! interface Serial1/1 ip nat inside Lab 1 Task 12. Copyright © 2005 Internetwork Expert 85 . The latter part of the ip nat statement includes the option of translating to a pool of addresses.255. since sessions cannot be started from outside the network without specific routing information about your internal network. In the above case.8 R3: access-list 2 permit 183. the inside local address pool should be bound to the NAT process by issuing the ip nat inside source list [access-list] command. Next. This instructs the NAT process to translate the source addresses of hosts matched in the access-list. For this reason.1. In the case of an ‘inside source’ translation. devices outside your network need not have specific reachability information about your internal network. NAT can be considered a security mechanism.0.8 Breakdown Network Address Translation (NAT) is an effective way to hide the source IP address of a packet as it leaves your network. Finally. When NAT has been implemented. This is known as Port Address Translation (PAT). or a single interface. Inside local addresses are those which will have their addresses translated as they leave the network.

IEWB-RS Solutions Guide Lab 1 Further Reading How NAT Works 86 Copyright © 2005 Internetwork Expert .

IEWB-RS Solutions Guide

Lab 1

13. DLSw+
Task 13.1 - 13.2
R2: dlsw local-peer peer-id 150.1.2.2 R6: dlsw local-peer peer-id 150.1.6.6

Task 13.1 - 13.2 Breakdown The first step in enabling Data-Link Switching Plus (DLSw+) is to specify the router’s DLSw+ local-peer identifier. This ID should be an IP address on the router that other DLSw+ enabled devices have IP reachability to.

Note
In the case of direct peering relationships over SDLC, HDLC, or Frame-Relay, a local-peer ID must still be specified. In this case, the IP address need not be reachable by the direct DLSw+ peers.

To specify the local-peer ID, issue the global configuration command dlsw local-peer peer-id [ip address]. In the above case, the Loopback 0 addresses of R2 and R6 have been chosen for the DLSw+ local-peer IDs. To establish a DLSw+ peering session, the devices in question must agree on the peering address. This means that if R2 tries to peer with R6 using its FastEthernet1/0/0 IP address, the peering session will not be successful. Therefore as a general rule, it is good practice to use a Loopback address for the peer-id that has been configured on the device in question,

Copyright © 2005 Internetwork Expert

87

IEWB-RS Solutions Guide Task 13.3 - 13.5
R2: dlsw remote-peer 0 tcp 150.1.6.6 ! dlsw bridge-group 1 bridge 1 protocol ieee ! interface Ethernet0/0 bridge-group 1 R6: dlsw remote-peer 0 tcp 150.1.2.2 ! dlsw bridge-group 1 bridge 1 protocol ieee ! interface FastEtheret1/0/0 bridge-group 1

Lab 1

Task 13.3 - 13.5 Breakdown The next step in configuring DLSw+ is to establish the DLSw+ peering sessions. This is accomplished by issuing the global configuration command dlsw remote-peer [list] [encapsulation] [protocol_address]. The ‘list’ field refers to a ring-list, bgroup-list, or port-list. In the case that all local interface running DLSw+ are bound to the peering session, the ‘list’ number will be 0. These lists will be explained in more detail in further labs. The ‘encapsulation’ field refers to TCP, FST, Frame-Relay, or direct using HDLC or SDLC. Of the aforementioned encapsulation types, only TCP and Frame-Relay with an additional LLC2 header (DLSw+ Lite) provide reliable transport and localacknowledgement for traffic sent across the WAN. Furthermore, since R2 and R6 are not directly connected over the Frame-Relay cloud, the only choice for encapsulation that can fulfill the requirements of the above task is TCP. After the DLSw+ peering session have been established, the router must be configured to listed for non-routable traffic on LAN interfaces wishing to participate in DLSw+. For Ethernet, this is accomplished by creating a dlsw bridge-group by issuing the global command dlsw bridge-group [num], running spanning-tree protocol for the bridge-group by issuing the global command bridge [num] protocol ieee, and applying the group to the interface with the interface level command bridge-group [num].

88

Copyright © 2005 Internetwork Expert

www.InternetworkExpert.com
192.10.X.0/24 VLAN 82 183.X.78.0/24

Fa0/14 SW1 Fa0/1 Fa0/0
.7 .7

.8

V82 SW2
.8 .8

.254

BB2

Fa0/14

Fa0/15

183.X.17.0/24 .1

E0/0

183.X.58.0/24 VLAN 58 .5

BRI0/0 R1 S0/0
.1

R5 S0/0
.5

.5

183.X.2.0/24 VLAN 2

102 E0/0
.2

513 504

S0/0 R2
.2

201 203

Frame-Relay
183.X.123.0/24

315 Frame-Relay
183.X.0.0/24

ISDN
183.X.45.0/29

302

405 BB1
.4

.3

.3

S1/0 R3 E0/0
.3

S1/1

S0/0
.4

.254

R4
.4

BRI0/0 E0/1 Fa1/0/0
.6

ATM
54.X.1.0/24

204.12.X.0/24 VLAN 33 .254

183.X.46.0/24 VLAN 46 .6

IE R&S Workbook Lab 1 © 2004 Internetwork Expert

BB3

R6

ATM 0/0/0

com Legend BGP OSPF EIGRP ISIS RIP Fa0/14 SW1 Fa0/1 Fa0/0 Fa0/14 SW2 V82 RIPv2 BB2 BGP AS 254 Fa0/15 E0/0 BRI0/0 EIGRP AS 100 S0/0 R1 S0/0 R5 BGP AS 200 102 E0/0 S0/0 R2 201 203 Frame-Relay OSPF Area 0 OSPF Area 45 504 513 315 Frame-Relay ISDN BGP AS 54 405 BB1 302 S1/0 R3 E0/0 S1/1 BGP AS 100 S0/0 R4 E0/1 BRI0/0 ATM EIGRP AS 10 OSPF Area 46 Fa1/0/0 IE R&S Workbook Lab 1 © 2004 Internetwork Expert BGP AS 54 BB3 R6 ATM 0/0/0 .www.InternetworkExpert.