This blog was originally started to better help me understand the technologies in the CCIE R&S blueprint; after completing the R&S track I have decided to transition the blog into a technology blog.
CCIE #29033

This blog will continue to include questions, troubleshooting scenarios, and references to existing and new technologies but will grow to include a variety of different platforms and technologies. Currently I have created over 185 questions/answers in regards to the CCIE R&S track!! Note: answers are in the comment field or within "Read More" section.

You can also follow me on twitter @FE80CC1E

Sunday, October 31, 2010

Question 163

How do you ensure that MSDP peers use the same IP address as there respective RPs (rendezvous point)?

Saturday, October 30, 2010

Question 162

What is the difference between "police" and "police rate"?

Question 161

Alot of people seem to struggle with BGP regular expressions so I put them together the following questions

Here are a list of AS paths  (I just threw them together so we can create regular expressions). The AS that you are in is AS1.

100 110 2009 20093 20100 54 321
100 110 2009 20111 129 22 10
10 200 19 24 39 4 32
16 100 888 1339 2

Create a regular expression that filters routes that originate in AS321
Create a regular expression that filters routes that have instances of AS200 in the path
Create a regular expression that filters routes that are learned from AS10
Create a regular expression that filters routes that are locally originated
Create a regular expression that filters all routes from any AS
Create a regular expression that filters routes that pass through AS39
Create a regular expression that filters routes that have a number "20" anywhere within the AS number or path

Regular Expressions and their usage


^ Start of string                            
$ End of string                              
[] Range of characters                        
- Used to specify range ( i.e. [0-9] )        
( ) Logical grouping                            
. Any single character                        
* Zero or more instances                      
+ One or more instance                        
? Zero or one instance                        
_ Comma, open or close brace, open or close parentheses, start or end of string, or space


Have fun!

Thursday, October 28, 2010

Question 160

What would you configure to monitor jitter? You must provide an example using R1 and R2.

Wednesday, October 27, 2010

Question 159

Create an ACL that allows WWW traffic to enter the external interface and no other traffic unless it is return traffic generated within the inside network. The return traffic can be UDP, TCP, and IP. You cannot use the keyword "established".
F0/0 - Inside
F0/1 - Outside

Question 158

How do you clear a dynamic access list?

Question 157

How would you ensure when using telnet that it always uses fastethernet 0/1 as the source interface without using "telnet 1.1.1.1  /source-interface fastethernet 0/1"



Tuesday, October 26, 2010

Question 156

You must ensure that traffic that is IP precedence 5 is limited to 128000 bps has a burst size of 24000 to 32000. Conform action should be forwarded as is and exceeded traffic should be marked IP precedence 3.

You cannot use CQ, PQ or MQC.

Question 155

Explain what technology is being used and determine the packet byte size used? This is from the running-config.

interface FastEthernet0/1
 custom-queue-list 1
!
queue-list 1 protocol ip 2 tcp smtp
queue-list 1 protocol ip 1 tcp www
queue-list 1 protocol ip 1 tcp ftp
queue-list 1 protocol ip 1 tcp ftp-data
queue-list 1 default 3
queue-list 1 queue 1 byte-count 4500
queue-list 1 queue 3 byte-count 9000
!


sh queueing custom
Current custom queue configuration:

List   Queue  Args
1      3      default
1      2      protocol ip          tcp port smtp
1      1      protocol ip          tcp port www
1      1      protocol ip          tcp port ftp
1      1      protocol ip          tcp port ftp-data
1      1      byte-count 4500
1      3      byte-count 9000

Question 154

What is happening in the configuration below. What other technologies can provide a similar solution?


access-list 10 permit 10.0.0.100
priority-list 1 protocol ip low tcp www
priority-list 1 protocol ip low tcp ftp
priority-list 1 protocol ip low tcp ftp-data
priority-list 1 protocol ip normal list 1
priority-list 1 protocol ip medium gt 500
priority-list 1 protocol ip medium lt 550
priority-list 1 protocol ip high udp rip
priority-list 1 protocol ip high udp ntp
priority-list 1 protocol ip high tcp bgp
priority-list 1 protocol pppoe high lt 1492

interface Serial1/0
 ip address 192.168.0.1 255.255.255.0
 priority-group 1

Monday, October 25, 2010

Question 153

Why would you use "ip msdp msdp-group [name] [MSDP-PeerIP]"?

I have added an image to go with my comment.

Troubleshooting 5


NTP needs to be authenticated between R5 and R6. All clocks need to be synchronized. Good Luck and by the way time is ticking.


R5
__
hostname R5
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
!
interface FastEthernet0/0
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial1/0
 ip address 192.168.56.5 255.255.255.0
 serial restart-delay 0
 no fair-queue
!
interface Serial1/1
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial1/2
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial1/3
 no ip address
 shutdown
 serial restart-delay 0
!
!
router ospf 1
 router-id 5.5.5.5
 log-adjacency-changes
 network 192.168.56.5 0.0.0.0 area 0
!
ip http server
no ip http secure-server
ip forward-protocol nd
!
control-plane
!
mgcp behavior g729-variants static-pt
!
line con 0
 exec-timeout 0 0
line aux 0
line vty 0 4
 login
!
ntp authentication-key 1 md5 060506324F41 7
ntp authenticate
ntp master 3
!
end





R6
__
hostname R6
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
ip cef
!
class-map match-all CMAP
 match access-group name NTPAllowed
!
!
policy-map PMAP
 class CMAP
   drop
!
interface Serial1/0
 ip address 192.168.56.6 255.255.255.0
 serial restart-delay 0
 no fair-queue
!
interface Serial1/2
 ip address 192.168.67.6 255.255.255.0
 serial restart-delay 0
!
router ospf 1
 router-id 6.6.6.6
 log-adjacency-changes
 network 192.168.56.6 0.0.0.0 area 0
 network 192.168.67.6 0.0.0.0 area 0
!
ip http server
no ip http secure-server
ip forward-protocol nd
!
ip access-list extended NTPAllowed
 permit udp any any eq ntp
 deny   ip any any
!
control-plane
 service-policy input PMAP
!

line con 0
 exec-timeout 0 0
line aux 0
line vty 0 4
 login
!
ntp authentication-key 1 md5 060506324E41 7
ntp authenticate
ntp trusted-key 1
ntp clock-period 17179839
ntp source Serial1/0
ntp server 192.168.56.5
!
end

R7
__

hostname R7
!
boot-start-marker
boot-end-marker
!
no aaa new-model
memory-size iomem 5
!
ip cef
!
interface Serial1/0
 ip address 192.168.67.7 255.255.255.0
 ip access-group 100 in
 serial restart-delay 0
 no fair-queue
!
interface Serial1/1
 no ip address
 shutdown
 serial restart-delay 0
!
router ospf 1
 router-id 7.7.7.7
 log-adjacency-changes
 network 192.168.67.7 0.0.0.0 area 0
!
ip http server
no ip http secure-server
ip forward-protocol nd
!
access-list 100 deny   udp any any eq ntp
access-list 100 permit ip any any
!
control-plane
!
mgcp behavior g729-variants static-pt
!
line con 0
 exec-timeout 0 0
line aux 0
line vty 0 4
 login
!
ntp clock-period 17179811
ntp peer 192.168.67.6
!
end

Sunday, October 24, 2010

Troubleshooting 4

The routing table on R3 should be able to reach 192.168.1.0/24 through 192.168.2.2 and not through 192.168.3.5.

Restrictions: You cannot modify administrative distance or do any type of filtering. The network192.168.1.0/24 must be advertised on R2 in both OSPF and BGP. You must ensure that R2 and R3 are not sending OSPF advertisements to R5. R5 can only use BGP as its routing protocol and must advertise its loopback.


Question 152

Why is the network 2.2.2.2/32 preferring the next-hop 192.168.1.10 even though the next-hop 192.168.2.22 as-path is shorter?

show ip bgp
BGP table version is 2, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
*>2.2.2.2/32 192.168.1.10 150 100 0 (65050) 100 i
* 192.168.2.22 50 100 0 100 i

Question 151

What is being accomplished in the configuration below?

!
interface FastEthernet0/0
ip address 2.2.2.2
ip route-cache policy
ip policy route-map PBR
duplex auto
speed auto

access-list 100 permit tcp any any eq telnet
!
route-map PBR permit 10
match ip address 100
set ip precedence flash
!
route-map PBR permit 999
set ip precedence routine

Question 150

What does "ip route-cache policy" accomplish?

Question 149

What is being accomplished in the configuration below?
What technology is being used to identify the telnet traffic?

class-map match-all CMAP-Q149
match protocol telnet
!
policy-map PMAP-Q149
class CMAP-Q149
set ip precedence 3
class class-default
set ip precedence 0
!
interface FastEthernet0/1
ip address 192.168.1.1
duplex auto
speed auto
service-policy input Q149

Question 148

How would you prevent a router from returning its IP address during a Reconnaissance Attack.

Saturday, October 23, 2010

Question 147

What is the difference between "ip verify unicast source reachable-via any" and "ip verify unicast source reachable-via rx"?

Troubleshooting 3

You must use the authentication type configured within the standby command. Preemption should work on both devices and you must monitor the serial 1/0 link on the opposite router.



R1
__

key chain HSRP
key 1
key-string cisco
accept-lifetime 00:00:00 Jan 1 1993 infinite
send-lifetime 00:00:00 Jan 1 2010 infinite


interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.0
duplex auto
speed auto
no keepalive
standby 1 ip 192.168.1.11
standby 1 priority 255
standby 1 preempt
standby 1 authentication md5 key-string HSRP
standby 1 name HSRP1
standby 2 ip 192.168.1.12
standby 2 priority 50
standby 2 authentication secur3
standby 2 name HSRP2


R2
__

key chain HSRP
key 1
key-string cisco
accept-lifetime 00:00:00 Jan 1 1993 infinite
send-lifetime 00:00:00 Jan 1 1993 infinite


interface FastEthernet0/0
ip address 192.168.1.2 255.255.255.0
duplex auto
speed auto
no keepalive
standby 1 ip 192.168.1.111
standby 1 priority 50
standby 1 authentication md5 key-string HSRP
standby 1 name HSRP1
standby 2 ip 192.168.1.12
standby 2 priority 255
standby 2 authentication s3cur3
standby 2 name HSPR2
standby 2 preempt

Friday, October 22, 2010

CCIE SP Blueprint Update

Cisco has updated the CCIE SP Blueprint and it is very impressive. Cisco seems to have done a good job to cover carrier-grade service provider technologies.

More can be found here CCIE SPv3 Checklist

Thursday, October 21, 2010

CCVP and CCSP Changing

Couple of changes are going to take place for the CCVP and CCSP tracks.

CCVP will be changing to the "CCNP Voice" track.
CCSP will be changing to the "CCNP Security" track.

More information can be found here CCNP Security and CCNP Voice.

Wednesday, October 20, 2010

Question 146

How would you intercept and drop random TCP connections to servers 192.168.1.1, 192.168.2.2 as well as the network 10.0.1.0/24?

Tuesday, October 19, 2010

Troubleshooting 2


RB should have a default route to serial 1/0 (172.16.18.252) on RA. Domain name, DNS, netbios, netbios type, and lease is required. Lab it up if required.



RA
__
no ip dhcp use vrf connected
ip dhcp excluded-address 172.16.18.1 172.16.18.254
!
ip dhcp pool 0
   network 172.16.0.0 255.255.0.0
   domain-name packetsanalyzed.com
   dns-server 172.16.1.250 172.16.2.251
   netbios-name-server 172.16.1.18
   default-router 172.16.18.252 172.16.18.253
   netbios-node-type p-node
   lease 30
!
ip dhcp pool 1
   network 172.16.18.0 255.255.255.0
  default-router 10.0.0.1
!
ip dhcp pool 2
   network 172.16.22.0 255.255.255.0
   dns-server 172.16.22.250 172.16.22.251


interface Serial1/0
 ip address 172.16.18.253 255.255.255.0
 ip address 172.16.18.252 255.255.255.0 secondary
 encapsulation ppp
 peer default ip address dhcp-pool 0
 serial restart-delay 0
 no fair-queue


RB
__


interface FastEthernet0/1
 ip address 10.0.0.250 255.255.255.0
 duplex auto
 speed auto
!
interface Serial1/0
 ip address negotiated
 encapsulation ppp
 serial restart-delay 0
 no fair-queue


do sh ip route

Gateway of last resort is not set

     172.16.0.0/32 is subnetted, 2 subnets
C       172.16.18.253 is directly connected, Serial1/0
C       172.16.18.13 is directly connected, Serial1/0
     10.0.0.0/24 is subnetted, 1 subnets
C       10.0.0.0 is directly connected, FastEthernet0/1



Monday, October 18, 2010

Question 145

What is the difference in output when using "show ip bgp" using AS-SET vs no AS-SET?

Question 144

What is the maximum number of network statements allowed in BGP?

Question 143

How do you ensure that  packets sourced from 192.168.1.1 uses serial 1/0 as the default route and packets sourced from 192.168.1.2 uses serial 1/1 as its default route? Note: the default route should only be use when there is not a more explicit route in the routing table. 

Sunday, October 17, 2010

Question 142

How do you ensure that any www traffic uses serial 1/0 and telnet and ssh traffic uses serial 1/1? All other packets use the best route. Provide an example


Question 141

How do you ensure that any packet sized from 64 - 99 bytes uses serial 1/0 and packets sized 100 - 1000 bytes uses serial 1/1? All other packets use the best route. Provide an example



Question 140

How do you ensure that any packet sourced from 192.168.1.1 uses serial 1/0 and packets sourced from 192.168.1.2 uses serial 1/1? All other packets use the best route.


Saturday, October 16, 2010

Question 139

What is the maximum diameter in EIGRP and what is the default value?

Friday, October 15, 2010

Question 138

How do you configure RIP to use unicast when performing updates?

Thursday, October 14, 2010

Question 137

When using EIGRP and the variance command and having 2 routes to a destination what is the * indicate in "show ip route"? You may need to lab it up. I would suggest to do a "show ip route" make note of the * do a ping then check it again.

Question 136

When doing "debug ip ospf packets" what do the following fields mean?


OSPF: rcv. v:2 t:1 l:48 rid:10.1.1.1
      aid:0.0.0.0 chk:3437 aut:0 auk: from 
serial 0/1

Wednesday, October 13, 2010

Question 135

What is the difference between "area # range" and "summary-address" ?

Tuesday, October 12, 2010

Troubleshooting 1

Determine what the issue/issues in the configuration below. Lab it up!


R1
__
interface loopback 0
 ip address 1.1.1.1 255.255.255.255
interface serial 1/0
 encapsulation frame-relay
 ip address 192.168.1.1 255.255.255.0
 frame-relay map ip 192.168.1.2 102 broadcast
 frame-relay map ip 192.168.1.3 103 broadcast
 ip ospf network-type point-to-multipoint

router ospf 1
 network 192.168.1.1 0.0.0.0 area 0
 network 1.1.1.1 0.0.0.0 area 0


R2
__
interface loopback 0
 ip address 2.2.2.2  255.255.255.255
interface serial 1/0
 encapsulation frame-relay
 ip address 192.168.1.2 255.255.255.252
 frame-relay map ip 192.168.1.1 201 broadcast
 frame-relay map ip 192.168.1.3 201
 ip ospf network-type point-to-multipoint

router ospf 1
 network 192.168.1.2 0.0.0.0 area 0
 network 2.2.2.2 0.0.0.0 area 0

R3
__
interface loopback 0
 ip address 3.3.3.3 255.255.255.255
interface serial 1/0
 encapsulation frame-relay
 ip address 192.168.1.3 255.255.255.0
 frame-relay map ip 192.168.1.2 301 broadcast
 frame-relay map ip 192.168.1.1 301 broadcast

router ospf 1
 network 192.168.1.3 0.0.0.0 area 0
 network 3.3.3.3 0.0.0.0 area 0

Question 134

How would you connect noncontiguous area's to area 0 ? You cannot use a virtual-link.



Monday, October 11, 2010

Question 133

How would you connect noncontiguous area's to area 0 ? You cannot use a tunnel interfaces.

Question 132

What should you be concerned with when running RIP or EIGRP in a hub and spoke frame-relay network?

Cisco umi





Thoughts?

Cisco InfiniBand



Share your experiences with InfiniBand Pros/Cons

Sunday, October 10, 2010

Question 131

Can you authenticate using frame-relay and if so how?

Question 130

When is mincir used in frame-relay shaping and what does it accomplish?

Saturday, October 9, 2010

Labs


GNS3 is an application that allows you to simulate complex networks. If you have not had a chance to use it then give it a try GNS3.

Check out these sites for some great labs.
AlwaysTheNetwork

Stay tuned as I will be adding my own labs in the very near future

Thursday, October 7, 2010

Question 129

How can you configure a frame switch to route DLCI's without using the "frame-relay route" command?

Feedback

I am looking to get some feedback on what people would like to see on my blog. Whether you would like more questions, technical scenarios or real life examples just drop me an email (or provide a comment) and I will try to accommodate the request.

BTW send me an email if you are interested in contributing to my blog.

Wednesday, October 6, 2010

Question 128

How do you configure a frame switch with dlci 101 on serial 1/0 and dlci 102 on serial 1/1?

Tuesday, October 5, 2010

Question 127

How do you configure AutoQoS on a router using serial 0/0? Provide a configuration example.

Cisco Unified Communications

Saturday, October 2, 2010

CCIE Journey RTP

Well, here is the story as it stands today.

I attempted the LAB in July 2010 and had a lot of technical difficulties (the infrastructure itself) and Cisco provided me with a free retake (by the way this was a mobile lab). Please note that if you have any issues or concerns you must work with the Proctor immediately and in most cases these issues are easily resolved. Since March 2010 I have been doing a lot of labs totalling well over 400 hours and after the July fiasco I decided to dig even deeper into the technologies and felt that I was well prepared.

Primary Study Tools
• IPX Blended Learning Solution
• Proctor labs (Rack Time)
• Recommended books in the blueprint
• Cisco Doc-CD
• IPX Online Study Group
Secondary Study Tools
• INE WB2 and WB3
• Graded Labs (Rack Time)
• Dynamips

Anyways, on to the retake and my official first attempt of the CCIE route and switch lab exam. The morning of the LAB started out very much like to trip down to RTP that consisted of a couple of issues ( Trip to RTP ). The person that does the complementary breakfast and shuttle service at the hotel decided not to show up to work and the hotel had no alternatives. (That’s right no ride to Cisco). While trying to resolve the issue another candidate showed up that drove down from Georgia and was kind enough to offer me a ride. (Life happens, I did not let this affect my ability to give a 100% during the lab) We arrived at the Cisco facility on time and the exam began. I can’t say anything about the exam due to NDA but I felt that I did well but I knew at the end of the day that the results could go either way.

I understand all the technologies and have no issues configuring any of them in the lab or in the real world; the issue is being able to do it in the timeframe allowed. That being said my CCIE journey continues and I will be scheduling my second attempt sometime in the very near future. I will be coming up with a strategy to help me with my speed as well as leverage my existing studying tools to dig even deeper into some of the technologies. Stay tuned, if anyone has any additional tips please add it to the comment section or email me through OSL.


Of Note: I have read that the average attempt of a candidate passing the CCIE R&S lab is 3 and the average cost to the candidate is around $10,000.


BTW: The hotel tried to right the wrong and upgraded my room to a suite