CCIE(R&S) Study Track
Lab Exam Blueprint
- Bridging and Switching
- Frame relay
- Catalyst configuration: VLANs, VTP, STP, MSTP, RSTP, Trunk, Etherchannel, management, features, advanced configuration, Layer 3
- Tunneling
- IP IGP Routing
- OSPF
- EIGRP
- RIPv2
- IPv6: Addressing, RIPng, OSPFv3
- GRE
- ODR
- Filtering, redistribution, summarization and other advanced features
- BGP
- IBGP
- EBGP
- Filtering, redistribution, summarization, synchronization, attributes and other advanced features
- IP and IOS Features
- IP addressing
- DHCP
- HSRP
- IP services
- IOS user interfaces
- System management
- NAT
- NTP
- SNMP
- RMON
- Accounting
- SLA
- IP Multicast
- PIM-SM, bi-directional PIM
- MSDP
- Multicast tools, source specific multicast
- DVMRP
- Anycast
- QoS
- Quality of service solutions
- Classification
- Congestion management, congestion avoidance
- Policing and shaping
- Signaling
- Link efficiency mechanisms
- Modular QoS command line
- Security
- AAA
- Security server protocols
- Traffic filtering and firewalls
- Access lists
- Routing protocols security, catalyst security
- CBAC
- Other security features
GNS3 Tutorial Graphical Network Simulator (learning and testing in a lab environment)
Ø Creating the Simplest Topology
Ø GNS3 Main Interface
Ø Building More Complex Topologies
Ø Adding PCs to Your Topology(VPCs/Loopback Adapters/Using Routers as PCs)
Ø Using Terminal Programs Like PuTTY or TeraTerm or Telconi Terminal
Ø WinTabber (Multiple tabs for Windows)
Ø Memory and CPU Usage
Ø I’m tired of those ###### across my screen!
Ø Frame Relay and ATM Devices
Ø Ethernet Switch Devices
Ø EtherSwitch Cards
Ø Packet Capture
Ø Saving and Loading Topologies
Ø Client/Server and Multi-Server Mode
Ø Console Window – DynaGen Commands
Ø Using a Newer Version of Dynamips with GNS3
Ø PIX Firewall Emulation
Ø Symbol Library
Ø Resources
Dynamips (Emulator) (Tutorial) (learning and testing in a lab environment)
Ø Introduction
Ø Installing
Ø IOS Images
Ø Resource Utilization
Ø Configuring your Telnet Client
Ø Network Files
Ø Running Simple Lab #1
Ø Working with the Management Console
Ø Calculating Idle-PC values
Ø Simple Lab #2
Ø Frame Relay Lab
Ø Communicating with Real Networks
Ø Ethernet Switch Lab
Ø 1700/2600/3600/3700 Routers
Ø WIC Modules
Ø PIX Emulation
Ø Dynamic Configuration Mode
Ø Client / Server and Multi-server Operation
Ø Memory Usage Optimizations
Ø Packet Capture
Ø Actual WAN Interface LAB (Blindhog.net)
Ø Two Systems Approach (with an actual switch)
Ø Hardware Currently Emulated
KnowledgeNet BCMSN CBT
|
|
|
||
|
|
|||
|
|
|
||
|
|
|||
|
|
|
||
|
|
|||
|
|
|
||
|
|
|||
|
|
|
||
|
|
|||
|
|
|
||
|
|
|||
|
|
|
Chap 6: Improving Availability on Multilayer Switched Networks |
|
|
|
|||
|
|
|
||
|
|
|||
|
|
|
||
|
|
|||
|
|
|
Chap 9: Optimizing and Securing Multilayer Switched Networks |
|
|
|
|||
|
|
|
||
KnowledgeNet BSCI CBT
Basic TCP/IP CBT
- Basic TCP/IP: Living in the OSI World ccna
- Basic TCP/IP: TCP and UDP Communication ccna
- Basic TCP/IP: Understanding Port Numbers ccna
- Basic TCP/IP: Journey of Packets ccna
- Basic TCP/IP: IP Addressing and VLSMs Sybex / – Subnetting: Understanding VLSM ccna
Stand-Alone Labs boson
Lab 1: Connecting to a Router
Lab 2: Introduction to the Basic User Interface
Lab 3: Introduction to the Basic Show Commands
Lab 4: CDP
Lab 5: Extended Basics
Lab 6: Banner MOTD
Lab 7: Copy Command
Lab 8: Introduction to Interface Configuration
Lab 9: Introduction to IP
Lab 10: ARP
Lab 11: Creating a Host Table
Lab 12: Static Routes
Lab 13: RIP
Lab 14: Troubleshooting RIP
Lab 15: IGRP
Lab 16: PPP With CHAP Authentication
Lab 17: Connectivity Tests With Traceroute
Lab 18: Saving Router Configurations
Lab 19: Loading Router Configurations
Lab 20: Copying and Pasting Configurations
Lab 21: ISDN
Lab 22: Introduction to the Switch
Lab 23: Introduction to Basic Switch Commands
Lab 24: Frame Relay
Lab 25: Frame Relay Hub-and-Spoke Topology
Lab 26: Frame Relay Full Mesh Topology
Lab 27: Standard Access Lists
Lab 28: Verify Standard Access Lists
Lab 29: Extended Access Lists
Lab 30: Verify Extended Access Lists
Lab 31: Named Access Lists
Lab 32: Advanced Extended Access Lists
Lab 33: Telnet
Lab 34: VLANs
Lab 35: VTP
Lab 36: OSPF Single Area Configuration and Testing
Lab 37: Implementing Network Address
Translation Part I
Lab 38: Implementing Network Address
Translation Part II
Lab 39: Basic Switch Configuration
Lab 40: Basic Router Configuration
Lab 41: Access Lists
Lab 42: Troubleshooting EIGRP
Lab 43: Variable Length Subnet Masks
Lab 44: Configuring OSPF
Lab 45: EIGRP Authentication
Lab 46: OSPF Authentication
Lab 47: EIGRP and Wildcard Masks
Lab 48: Configuring IPv6
Sequential Labs boson
LAB1 Basic Router Configuration
LAB2 Advanced Router Configurations
LAB3 CDP
LAB4 Telnet
LAB5 TFTP
LAB6 RIP
LAB7 IGRP
LAB8 EIGRP
LAB9 OSPF
LAB10 Catalyst 1900 Switch Configuration
LAB11 VLANs and Trunking (Catalysts 1900 Switches)
LAB12 Catalyst 2950 Switch Configuration
LAB13 VLANs and Trunking (Catalysts 2950 Switches)
LAB14 IP Access Lists
LAB15 NAT and PAT
LAB16 PPP and CHAP
LAB17 ISDN using BRI-BRI using legacy DDR
LAB18 ISDN BRI-BRI using Dialer Profiles
LAB19 Frame Relay
Scenario Labs boson
Lab1: Setting up a Serial Interface
Lab2: CDP
Lab3: IP Addressing
Lab4: Static Routes
Lab5: Default Routes
Lab6: RIP Routes
Lab7: IGRP Routes
Lab8: Using Loopback Interfaces
Lab9: RIP2 Routes
Lab10: CHAP and RIP
Lab11: Standard Access Lists with RIP
Lab12: Extended Access Lists with RIP
Lab13: EIGRP Routes
Lab14: OSPF Routes
Lab15: Static NAT
Lab16: Many-to-one NAT
Lab17: NAT Pool
Lab18: Telnet 2950 IP Addresses
Lab19: 2950 Trunk
Lab20: 2950 Trunk (Dynamic)
Lab21: 2950 VLANs
Lab22: 2950 Deleting VLANs
Lab23: 2950 VTP
Lab24: 2950 VTP with Client
Lab25: 2950 Telnet
BSCI Labs boson
Lab 1: Initial Configuration
Lab 2: Address Optimization
Lab 3: Network Address Translation
Lab 4: Configuring EIGRP
Lab 5: Configuring Single-Area OSPF
Lab 6: Configuring Multi-Area OSPF
Lab 7: Configuring Integrated IS-IS
Lab 8: Policy Routing
Lab 9: Route Redistribution
Lab 10: Configuring Basic Border Gateway Protocol
Lab 11: Multicast Routing
LAB 12: Configuring IPv6 Routing
Lab 13: Configuring Static and OSPFv3 Routing
Lab 14: Troubleshooting Routing Protocols Part 1
Lab 15: Troubleshooting Routing Protocols Part 1
Lab 16: Troubleshooting Routing Protocols Part 1
BCMSN boson
Lab1: IOS Switching Initial Configuration
Lab2: VLAN and VTP Configuration
Lab3: Trunking
Lab4: VTP Configuration
Lab5: Spanning Tree Protocol
Lab6: PortFast and UplinkFast
Lab7: Layer 3 Switching
Lab8: Configuring QoS
Lab9: Configuring IOS Security Part1 – VLAN ACL’s
Lab10: Configuring IOS Security Part2 – TACACS+
ISCW boson
Lab1: PPP/PAP/CHAP
Lab2: NAT
Lab3: IPSEC
Lab4: Frame Relay
Lab5: AAA
Lab6: Troubleshooting PPP/PAP/CHAP
Lab7: Troubleshooting Basic Frame Relay
ONT boson
Lab1: Backup Interface
Lab2: Low Latency Queuing
Advanced Labs boson
Lab1: Single Site Network
Lab2: Multi-Site Network
Lab3: Frame Relay with Dial Backup
Lab4: Hierarchical IP Addressing
Lab5: Implementing EIGRP
Lab6: Route Summarization
Lab7: Multi-Area OSPF and Routing Table Optimization
Lab8: Multi-Site Frame Relay and Policy Routing
Lab9: QoS
Lab10: Layer 3 Switching and Layer 2 Security
Supplemental Labs boson
Lab1: ISDN BRI
Lab2: ISDN Dialer Profile
Lab3: Troubleshooting ISDN BRI
LANs CBT
- LANs: Welcome to Ethernet ccna
- LANs: Understanding the Physical Connections ccna
- LANs: Understanding LAN Switches ccna
- LANs: Working with the Cisco Switch IOS ccna
- LANs: Initial Setup of a Cisco Switch ccna
- LANs: Configuring Switch Security ccna
- LANs: Configuring Switch Security, Part 2 ccna
- LANs: Optimizing and Troubleshooting Switches ccna
Lab 3-1: Configuring SDM on a Router (3.10.1) iscw (LAB Portfolio)
Scenario 7
Step 1: Lab Preparation 7
Step 2: Prepare the Router for SDM 7
Step 3: Configure Addressing 8
Step 4: Extract SDM on the Host 10
Step 5: Install SDM on the PC 13
Step 6: Run SDM from the PC 16
Step 7: Install SDM to the Router 19
Step 8: Run SDM from the Router 23
Step 9: Monitor an Interface in SDM 24
Lab 2-0a: Clearing an Isolated Switch (2.6.1) 5 bcmsn (LAB Portfolio)
Step 1 Getting Connected 5
Step 2 Deleting vlan.dat 5
Step 3 Erasing the startup-config File 6
Step 4 Reloading 6
Step 5 Ready for Configuration 9
Lab 2-0b: Clearing a Switch Connected to a Larger Network (2.6.1) 10 bcmsn (LAB Portfolio)
Step 1 Clearing an Isolated Switch 10
Step 2 Deleting vlan.dat 10
Step 3 Erasing the startup-config File 10
Step 4 Relearning VLANs from a Server 11
Step 5 Eliminating Relearned VLANs 12
Step 6 VTP Mode Transparent 13
VLANs CBT
- Switch VLANs: Understanding Trunks and VTP ccna
- Switch VLANs: Configuring VLANs and VTP, Part 1 ccna
- Switch VLANs: Configuring VLANs and VTP, Part 2 ccna
- VLANs: Configuration and Verification bcmsn
- VLANs: In-Depth Trunking bcmsn
- VLANs: VLAN Trunking Protocol bcmsn
Lab 2-1: Catalyst 2960 and 3560 Series Static VLANs, VLAN Trunking, and
VTP Domain and Modes (2.6.2) 14 bcmsn (LAB Portfolio)
Scenario: VLAN Trunking and Domains 14
Step 1 Preparing the Switch 14
Step 2 VLAN 1 15
Step 3 show vlan 15
Step 4 VTP Modes 17
Step 5 VTP Domains 18
Step 6 Dynamic Auto Trunking 19
Step 7 show interface Commands 21
Step 8 Switchport Mode Commands 23
Step 9 show vtp status 25
Step 10 VLAN Database 26
Step 11 Switchport Access VLAN 28
Step 12 Naming VLANs 29
Step 13 Preparation for the Next Lab 30
STP CBT
- Switch STP: Understanding the Spanning-Tree Protocol ccna
- Switch STP: Configuring Basic STP ccna
- Switch STP: Enhancements to STP ccna
- STP: Foundation Per-VLAN Spanning Tree Concepts, Part 1 bcmsn
- STP: Foundation Per-VLAN Spanning Tree Concepts, Part 2 bcmsn
- STP: Rapid Spanning Tree Concepts and Configuration bcmsn
Lab 3-1: Spanning Tree Protocol (STP) Default Behavior (3.5.1) 31 bcmsn (LAB Portfolio)
Scenario: How Spanning Tree Prevents Loops 31
Step 1 Basic Configurations 31
Step 2 BPDUs 32
Step 3 show spanning tree 32
Step 4 Diagraming Spanning Tree 36
Challenge: A New Root for Spanning Tree 36
Lab 3-2: Modifying Default Spanning Tree Behavior (3.5.2) 37 bcmsn (LAB Portfolio)
Scenario: Logically Removing Bridging Loops 37
Step 1 Deleting vlan.dat 37
Step 2 Verifying the Root Bridge 37
Step 3 Changing the Primary and Secondary Root 40
Step 4 Changing Forwarding and Blocking Ports 42
Step 5 PortFast 44
Step 6 Modifying Port Costs 46
Lab 3-3: Per-VLAN Spanning Tree Behavior (3.5.3) 49 bcmsn (LAB Portfolio)
Scenario: Configuring Spanning Tree Differently for Different VLANs 49
Step 1 Basic Preparation 49
Step 2 Setting up VTP Domains 49
Step 3 Modifying Spanning Tree on a per-VLAN Basis 52
Step 4 RSTP 58
Challenge: Spanning Tree Root Primary 60
Lab 3-4: Multiple Spanning Tree (3.5.4) 62 bcmsn (LAB Portfolio)
Scenario: Configuring Multiple Spanning Tree 62
Step 1 Basic Preparation 62
Step 2 VTP Domain Setup 62
Step 3 Verifying 11 Instances of Spanning Tree 63
Step 4 spanning-tree mode mst 66
Step 5 Grouping VLANs Using MST 67
Challenge: Modifying per-instance MST Attributes 70
EtherChannel CBT
- EtherChannel: Aggregating Redundant Links bcmsn
Lab 3-5: Configuring EtherChannel (3.5.5) 72 bcmsn (LAB Portfolio)
Scenario: Bundling Redundant Links into One Logical Link 72
Step 1 Basic Preparation 72
Step 2 channel group mode desirable 72
Step 3 channel group mode active 75
Step 4 Configuring EtherChannel on Layer 3 Connections 75
Step 5 Traffic Load Balancing 76
Challenge: Logically Aggregating Additional Redundant Links 77
Advanced LAN Technology CBT
- Advanced LAN Configuration (Part 1): Cat 3550, VLANs, VTP, and EtherChannel ccie
- Advanced LAN Configuration (Part 2): Cat 3550, Spanning Tree Protocol ccie
- Advanced LAN Configuration (Part 3): Cat 3550, Advanced Features ccie
L3 Switching CBT
- L3 Switching: InterVLAN Routing Extraordinaire bcmsn
- L3 Switching: Understanding CEF Optimization bcmsn
Lab 4-1: Inter-VLAN Routing with an External Router (4.4.1) 79 bcmsn (LAB Portfolio)
Scenario: A Cost Effective Solution to Segment a Network into Multiple
Broadcast Domains 79
Step 1 Basic Preparation 79
Step 2 Configuring up the Gateway and ISP Router 79
Step 3 ip default-gateway 80
Step 4 Verify Existing VLANs 81
Step 5 Configuring Trunking and EtherChannel 82
Step 6 Configuring the VTP Domain 83
Step 7 Configuring Switch Access Ports for Hosts 83
Step 8 Trunking with the External Router 83
Step 9 Trunking for VLANs 1, 100, and 200 84
Step 10 Verify inter-VLAN Routing 86
Lab 4-2: Inter-VLAN Routing with an Internal Route Processor and Monitoring
CEF Functions (4.4.2) 87 bcmsn (LAB Portfolio)
Scenario: Configuring Switched Virtual Interfaces to Route Between
VLANs 87
Step 1 Basic Preparation 87
Step 2 Basic Configuration 87
Step 3 Configuring Trunks and EtherChannel 89
Step 4 Changing the VTP Mode 91
Step 5 Creating the VTP Domain 92
Step 6 Configuring the Host Ports 92
Step 7 Creating Layer 3 VLAN interfaces 93
Step 8 Verifying inter-VLAN Routing 94
Step 9 CEF 94
Redundancy in the Campus CBT
- Redundancy in the Campus: HSRP, VRRP, and GLBP, Part 1 bcmsn
- Redundancy in the Campus: HSRP, VRRP, and GLBP, Part 2 bcmsn
Lab 5-1: Hot Standby Router Protocol (5.4.1) 99 bcmsn (LAB Portfolio)
Scenario: Redundant, Fault-tolerant Routing to the Internal Network 99
Step 1 Basic Preparation 99
Step 2 Basic Configuration 99
Step 3 Configuring Trunks and EtherChannel 101
Step 4 Changing the VTP Mode 104
Step 5 Creating the VTP Domain 105
Step 6 Configuring the Host Ports 105
Step 7 HSRP Configuration 106
Step 8 show standby 108
Step 9 Verify Connectivity Between VLANs 112
Step 10 Verify HSRP 112
Lab 5-2: HSRP Troubleshooting (5.4.2) 113 bcmsn (LAB Portfolio)
Initial Configurations 113
Lab 5-3: Gateway Load Balancing Protocol 114 bcmsn (LAB Portfolio)
Step 1 Basic Preparation 114
Step 2 Basic Configuration 114
Step 3 GLBP Configuration and Verification 114
Step 4 Adjusting the Weight to Prefer Certain Routers 120
Campus Security CBT
- General Switching: Troubleshooting and Security Best Practices ccna
- Campus Security: Basic Port Security and 802.1x bcmsn
- Campus Security: VLAN and Spoofing Attacks bcmsn
- Campus Security: STP Attacks and Other Security Considerations bcmsn
Lab 3-3: Configuring Wireshark and SPAN (3.10.3) 33 iscw (LAB Portfolio)
Scenario 33
Step 1: Configure the Router 33
Step 2: Install Wireshark and WinPcap 33
Step 3: Configure SPAN on a Switch 39
Step 4: Sniff Packets Using Wireshark 40
Lab 8-1: Securing the Layer 2 Switching Devices (8.7.1) 181 bcmsn (LAB Portfolio)
Scenario: Layer 2 Threats 181
Step 1 Basic Preparation 182
Step 2 Basic Configuration 182
Step 3 Configuring VLANs and VTP 184
Step 4 Layer 2 Attacks and Mitigation 186
Step 5 Protecting Against MAC Flooding 187
Step 6 DHCP Spoofing 188
Step 7 AAA 191
Lab 8-2: Securing Spanning Tree Protocol (8.7.2) 193 bcmsn
Scenario: Protecting the Root Bridge and Preventing Rogue Access Points 193
Step 1 Verify Configurations from Lab 8-1 193
Step 2 Locking Down the Spanning Tree Root 197
Step 3 spanning-tree guard root 199
Step 4 Verify Root Guard 199
Step 5 BPDU Guard 201
Step 6 UDLD 202
Lab 8-3: Securing VLANs with Private VLANs, RACLs, and VACLs
(8.7.3) 204 bcmsn (LAB Portfolio)
Scenario: Configuring the Network to Secure VLANs 204
Step 1 Verifying Loaded Configurations 204
Step 2 Private VLANs 207
Step 3 RACLs 210
Step 4 VACLs 211
Case Study 1: VLANs, VTP, and Inter-VLAN Routing 213 bcmsn (LAB Portfolio)
Case Study 2: Voice and Security in a Switched Network 215 bcmsn (LAB Portfolio)
IE LABs Volume I
BRIDGING & SWITCHING……………………………………………………………………………1
Understanding Layer 2 Access Switchports …………………………………………..2
Understanding ISL Trunk Ports…………………………………………………………….4
Understanding 802.1q Trunk Ports ……………………………………………………….6
Understanding 802.1q Trunk Ports and the Native VLAN…………………………8
Configuring Trunk Ports without DTP ………………………………………………….10
Router-on-a-Stick……………………………………………………………………………..12
Router-on-a-Stick and the Native VLAN ………………………………………………15
EtherChannel…………………………………………………………………………………..18
EtherChannel – PAgP ……………………………………………………………………….20
EtherChannel – PagP Auto…………………………………………………………………22
EtherChannel – LACP ……………………………………………………………………….24
EtherChannel – LACP Passive……………………………………………………………27
EtherChannel – Layer 3……………………………………………………………………..30
SPAN……………………………………………………………………………………………..32
RSPAN …………………………………………………………………………………………..34
Common Configuration for Ring Topology……………………………………………37
Using VTP to Propagate VLAN Information………………………………………….42
Mixing VTP Modes in Single Topology ………………………………………………..46
VTP Domain Name and DTP Operations …………………………………………….50
VLAN Load-Balancing using the allowed VLAN list ……………………………….52
Basic STP Features: Tuning Timers ……………………………………………………54
Basic STP Features: PortFast ……………………………………………………………56
Basic STP Features: UplinkFast …………………………………………………………58
Basic STP Features: BackboneFast ……………………………………………………61
Basic STP Features: BPDU Guard ……………………………………………………..64
Basic STP Features: Root Guard ……………………………………………………….66
Basic STP Features: BPDU Filter ……………………………………………………….68
Basic STP Features: Loopguard…………………………………………………………70
Configuring MSTP ……………………………………………………………………………73
Load-Balancing with STP Root Bridge Placement…………………………………78
VLAN Load-Balancing using STP Port-Priority ……………………………………..84
VLAN Load-Balancing using STP Port-Cost…………………………………………90
VLAN Load-Balancing using MSTP…………………………………………………….95
Configuring Private VLANs ………………………………………………………………..99
Using QinQ for Transparent Tunneling ………………………………………………106
QinQ and Layer 2 Protocol Forwarding ……………………………………………..110
Controlling Traffic-Rate with Storm-Control ………………………………………..113
Configuring Redundancy with Flex Links……………………………………………114
Using Smartport Macros ………………………………………………………………….117
Per-Port Per-VLAN Classification on the 3550 ……………………………………119
Using Hierarchical Policy-Maps for QoS Classification on the 3560 ……….122
Using Hierarchical Policy-Maps for Traffic Policing on 3560………………….125
Using Hierarchical Policy-Maps for Policing Markdown on 3560 ……………130
Using VLAN Access-Map for Non-IP Traffic Filtering……………………………135
Using VLAN Access-Map for IP Traffic Filtering ………………………………….140
Configuring Port-Security…………………………………………………………………142
Port-Security Violation Action …………………………………………………………..144
Port-Security Violation Recovery ………………………………………………………146
Port-Security and HSRP with Virtual MAC Address……………………………..148
Port-Security and HSRP with BIA MAC Address…………………………………151
IPSec VPNs CBT
- IPSec VPNs: VPN Concepts, Part 1 iscw
- IPSec VPNs: VPN Concepts, Part 2 iscw
- IPSec VPNs: VPN Site-to-Site CLI Configuration iscw
- IPSec VPNs: VPN Site-to-Site SDM Configuration iscw
- IPSec VPNs: IPSec Encrypted GRE Tunnels iscw
- IPSec VPNs: Remote Access Connections with Cisco Easy VPN iscw
Lab 3-2: Configuring a Basic GRE Tunnel (3.10.2) 26 iscw (LAB Portfolio)
Scenario 26
Step 1: Configure Loopbacks and Physical Interfaces 26
Step 2: Configure EIGRP AS 1 27
Step 3: Configure a GRE Tunnel 28
Step 4: Routing EIGRP AS 2 over the Tunnel 30
Lab 3-4: Configuring Site-to-Site IPsec VPNs with SDM (3.10.4) 43 iscw (LAB Portfolio)
Scenario 43
Step 1: Configure Addressing 43
Step 2: Configure EIGRP 44
Step 3: Connect to the Routers via SDM 45
Step 4: Configure Site-to-Site IPsec VPN via SDM 45
Step 5: Generate a Mirror Configuration for R3 53
Step 6: Verify the VPN Configuration Using SDM 56
Step 7: Verify the VPN Configuration Using the IOS CLI 59
Challenge: Use Wireshark to Monitor Encryption of Traffic 65
TCL Script Output 70
Lab 3-5: Configuring Site-to-Site IPsec VPNs with the IOS CLI (3.10.5) 74 iscw (LAB Portfolio)
Scenario 74
Step 1: Configure Addressing 74
Step 2: Configure EIGRP 75
Step 3: Create IKE Policies 76
Step 4: Configure Preshared Keys 78
Step 5: Configure the IPsec Transform Set and Lifetimes 78
Step 6: Define Interesting Traffic 80
Step 7: Create and Apply Crypto Maps 81
Step 8: Verify IPsec Configuration 82
Step 9: Verify IPsec Operation 83
Step 10: Interpret IPsec Event Debugging 85
Challenge: Use Wireshark to Monitor Encryption of Traffic 97
TCL Script Output 103
Lab 3-6: Configuring a Secure GRE Tunnel with SDM (3.10.6) 106 iscw (LAB Portfolio)
Scenario 106
Step 1: Configure Addressing 106
Step 2: Configure EIGRP AS 1 107
Step 3: Connect to the Router Using SDM 108
Step 4: Configure an IPsec VTI Using SDM 108
Step 5: Generate a Mirror Configuration for R3 117
Step 6: Verify Tunnel Configuration Through SDM 120
Challenge: Use Wireshark to Monitor Encryption of Traffic 124
TCL Script Output 128
Lab 3-7: Configuring a Secure GRE Tunnel with the IOS CLI (3.10.7) 133 iscw (LAB Portfolio)
Scenario 133
Step 1: Configure Addressing 133
Step 2: Configure EIGRP AS 1 134
Step 3: Configure the GRE Tunnel 134
Step 4: Configure EIGRP AS 2 over the Tunnel 135
Step 5: Create IKE Policies and Peers 136
Step 6: Create IPsec Transform Sets 136
Step 7: Define the Traffic to Be Encrypted 137
Step 8: Create and Apply Crypto Maps 137
Step 9: Verify Crypto Operation 138
Challenge: Use Wireshark to Monitor Encryption of Traffic 139
Lab 3-8: Configuring IPsec VTIs (3.10.8) 144 iscw (LAB Portfolio)
Scenario 144
Step 1: Configure Addressing 144
Step 2: Configure EIGRP AS 1 145
Step 3: Configure Static Routing 145
Step 4: Create IKE Policies and Peers 147
Step 5: Create IPsec Transform Sets 148
Step 6: Create an IPsec Profile 148
Step 7: Create the IPsec VTI 149
Step 8: Verify Proper EIGRP Behavior 151
Lab 3-9: Configuring Easy VPN with SDM (3.10.9) 154 iscw (LAB Portfolio)
Scenario 154
Step 1: Configure Addressing 154
Step 2: Configure EIGRP AS 1 155
Step 3: Configure a Static Default Route 156
Step 4: Connect to HQ Through SDM 156
Step 5: Configure Easy VPN Server Through SDM 156
Step 6: Install the Cisco VPN Client 166
Step 7: Test Access from Client Without VPN Connection 169
Step 8: Connect to the VPN 169
Step 9: Test Network Access with VPN Connectivity 175
Step 10: Verify Easy VPN Functionality with SDM 176
Step 11: Disconnect the VPN Client 178
Lab 3-10: Configuring Easy VPN with the IOS CLI 180 iscw (LAB Portfolio)
Scenario 180
Step 1: Configure Addressing 180
Step 2: Configure EIGRP AS 1 181
Step 3: Configure a Static Default Route 181
Step 4: Enable AAA on HQ 182
Step 5: Create the IP Pool 182
Step 6: Configure the Group Authorization 182
Step 7: Create an IKE Policy and Group 182
Step 8: Configure the IPsec Transform Set 184
Step 9: Create a Dynamic Crypto Map 184
Step 10: Enable IKE DPD and User Authentication 184
Step 11: Install the Cisco VPN Client 185
Step 12: Test Access from Client Without VPN Connection 187
Step 13: Connect to the VPN 188
Step 14: Test Inside VPN Connectivity 193
Step 15: Verify VPN Operation Using the CLI 194
Step 16: Disconnect the VPN Client 195
Lab 3-11: IPsec Challenge Lab 196 iscw (LAB Portfolio)
Lab 3-12: IPsec Troubleshooting Lab 198 iscw (LAB Portfolio)
Network Lockdown/Securing Technology CBT
- Routing: Internet Access with NAT and PAT ccna
- NAT: Understanding the Three Styles of NAT ccna
- NAT: Command-line NAT Configuration ccna
- Advanced Router Technology (Part 4): Network Address Translation (NAT) ccie
- Network Lockdown: Attacks and Defense iscw
- Network Lockdown: Cisco Auto-Secure and SDM Security Audit iscw
- Network Lockdown: Securing Management Access iscw
- Network Lockdown: Securing Management Access, Part 2 iscw
- Access-Lists: The Rules of the ACL ccna
- Access-Lists: Configuring ACLs ccna
- Access-Lists: Configuring ACLs, Part 2 ccna
- Network Lockdown: Using Access Lists iscw
- Advanced Router Technology (Part 6): Understanding IP Access-Lists ccie
- Management and Security: Telnet, SSH, and CDP ccna
- Management and Security: File Management ccna
- Network Lockdown: Securing Network Management iscw
- Network Lockdown: Implementing Cisco AAA iscw
Lab 5-1: Using SDM One-Step Lockdown (5.12.1) 241 iscw (LAB Portfolio)
Scenario 241
Step 1: Configure Addressing 241
Step 2: Install Nmap on the Host 242
Step 3: Run a Port Scan with Nmap 245
Step 4: Prepare a Router for SDM 245
Step 5: Use SDM One-Step Lockdown 246
Step 6: Use Nmap to See Changes 249
Conclusion 250
Lab 5-2: Securing a Router with Cisco AutoSecure (5.12.2) 251 iscw (LAB Portfolio)
Scenario 251
Step 1: Configure the Physical Interface 251
Step 2: Configure AutoSecure 251
Lab 5-3: Disabling Unneeded Services (5.12.3) 259 iscw (LAB Portfolio)
Scenario 259
Step 1: Configure the Physical Interface 259
Step 2: Ensure Services Are Disabled 259
Step 3: Manage Router Access 260
Step 4: Disable CDP 261
Step 5: Disable Other Unused Services 261
Step 6: Disabling Unneeded Interface Services 262
Lab 5-4: Enhancing Router Security (5.12.4) 263 iscw (LAB Portfolio)
Scenario 263
Step 1: Configure the Physical Interfaces 263
Step 2: Telnet to R1 264
Step 3: Configure Cisco IOS Login Enhancements 265
Step 4: Enforce a Minimum Password Length 269
Step 5: Modify Command Privilege Levels 270
Step 6: Create a Banner 273
Step 7: Enable SSH 273
Step 8: Encrypt Passwords 275
Lab 5-5: Configuring Logging (5.12.5) 276 iscw (LAB Portfolio)
Scenario 276
Step 1: Configure the Interface 276
Step 2: Install the Kiwi Syslog Daemon 276
Step 3: Run the Kiwi Syslog Service Manager 277
Step 4: Configure the Router for Logging 277
Step 5: Verify Logging 279
Step 6: Configure Buffered Logging 280
Lab 5-6a: Configuring AAA and TACACS+ (5.12.6a) 283 iscw (LAB Portfolio)
Scenario 283
Step 1: Configure the Interface 283
Step 2: Install CiscoSecure ACS 283
Step 3: Configure Users in CiscoSecure ACS 288
Step 4: Configure AAA Services on R1 292
Lab 5-6b: Configuring AAA and RADIUS (5.12.6b) 294 iscw (LAB Portfolio)
Scenario 294
Step 1: Configure the Interface 294
Step 2: Install CiscoSecure ACS 294
Step 3: Configure Users in CiscoSecure ACS 299
Step 4: Configure AAA Services on R1 303
Lab 5-6c: Configuring AAA Using Local Authentication (5.12.6c) 305 iscw (LAB Portfolio)
Step 1: Configure the Interface 305
Step 2: Configure the Local User Database 305
Step 3: Implement AAA Services 305
Lab 5-7: Configuring Role-Based CLI Views (5.12.7) 307 iscw (LAB Portfolio)
Scenario 307
Step 1: Configure an Enable Secret Password 307
Step 2: Enable AAA 307
Step 3: Change to the Root View 308
Step 4: Create Views 309
Step 5: Create a Superview 312
Lab 5-8: Configuring NTP (5.12.8) 313 iscw (LAB Portfolio)
Scenario 313
Step 1: Configure the Physical Interfaces 313
Step 2: Set Up the NTP Master 314
Step 3: Configure an NTP Client 314
Step 4: Configure NTP Peers with MD5 Authentication 315
Defending the Network CBT
- Defending the Network: Cisco IOS Firewall iscw
- Defending the Network: Cisco IOS IPS iscw
Lab 6-1: Configuring a Cisco IOS Firewall Using SDM (6.6.1) 319 iscw (LAB Portfolio)
Scenario 319
Step 1: Configure Loopbacks and Physical Interfaces 320
Step 2: Configure Routing Protocols 320
Step 3: Configure Static Routes to Reach the Internet 321
Step 4: Connect to FW Using SDM 322
Step 5: Use the SDM Advanced Firewall Wizard 323
Step 6: Modify the Firewall Configuration 331
Step 7: Monitor Firewall Activity 334
Conclusion 337
Lab 6-2: Configuring CBAC (6.6.2) 338 iscw (LAB Portfolio)
Scenario 338
Step 1: Configure the Physical Interfaces 338
Step 2: Configure Static Default Routes 339
Step 3: Enable Telnet Access 339
Step 4: Create IP Inspect Rules 339
Step 5: Block Unwanted Outside Traffic 341
Step 6: Verify CBAC Operation 341
Lab 6-3: Configuring IPS with SDM (6.6.3) 344 iscw (LAB Portfolio)
Scenario 344
Step 1: Configure the Physical Interfaces 344
Step 2: Configure Static Default Routes 345
Step 3: Enable Telnet Access 345
Step 4: Connect to FW Using SDM 345
Step 5: Use the SDM IPS Rule Wizard 346
Step 6: Verify and Modify IPS Behavior 353
Challenge: Add a Signature 358
Lab 6-4: Configuring IPS with CLI (6.6.4) 364 iscw (LAB Portfolio)
Scenario 364
Step 1: Configure Addressing 364
Step 2: Configure Static Default Routes 365
Step 3: Create and Apply an IPS Rule 365
Step 4: Modify Default IPS Behavior 366
Case Study 1: CLI IPsec and Frame-Mode MPLS 371 iscw (LAB Portfolio)
Case Study 2: Device Hardening and VPNs 373 iscw (LAB Portfolio)
IE LABs Volume I
SECURITY ……………………………………………………………………………………………..1
Traffic Filtering with Access Lists………………………………………………………….2
Traffic Filtering with Reflexive Access-Lists ……………………………………………6
Reflexive Access-Lists and Router-Generated Traffic ……………………………..8
Configuring CBAC for Traffic Inspection ………………………………………………11
Access Control with Dynamic ACLs (Lock & Key) …………………………………13
Using NBAR to Filter Traffic……………………………………………………………….16
Using Policy-Based Routing to Filter Traffic………………………………………….18
DoS Attacks Prevention with TCP Intercept………………………………………….20
Configuring TCP Intercept in Watch Mode …………………………………………..22
DoS Attacks Prevention with CBAC…………………………………………………….24
Configuring Application Port-Mapping with CBAC …………………………………27
Using CAR for Smurf Attack Mitigation ………………………………………………..29
IP Address Spoofing Prevention with ACLs………………………………………….31
Using uRPF to Prevent IP Address Spoofing ……………………………………….34
DHCP CBT
- Routing: SDM and DHCP Server Configuration ccna
- Routing: SDM and DHCP Server Configuration, Part 2 ccna
- Advanced Routing: Implementing Router-Based DHCP Services bsci
Lab 5-5: Configuring the Cisco IOS DHCP Server (5.6.5) 374 bsci (LAB Portfolio)
Scenario 374
Step 1: Assign IP Addresses 374
Step 2: Configure EIGRP 375
Step 3: Configure a DHCP Pool 376
Step 4: Verify DHCP Lease on Client 379
Step 5: Verify DHCP Configuration on Server 380
Step 6: DHCPRELEASE and DHCPRENEW 381
Step 7: Configure the IP Helper Address 385
IE LABs Volume I
IP SERVICES ………………………………………………………………………………………….1
Common Configuration……………………………………………………………………….2
Proxy ARP ………………………………………………………………………………………..4
Local Proxy ARP………………………………………………………………………………..7
Securing Virtual Terminal Line Access ………………………………………………….9
Controlling Virtual Terminal Line Access ……………………………………………..11
Using DHCP for Autoconfiguration ……………………………………………………..13
DHCP Relay ……………………………………………………………………………………15
Configuring DHCP Host Pools ……………………………………………………………17
AutoInstall over Frame-Relay …………………………………………………………….20
Using NTP for Time Synchronization…………………………………………………..23
Authenticating NTP Updates………………………………………………………………26
Router Menus ………………………………………………………………………………….29
Gateway Redundancy with VRRP ………………………………………………………32
Gateway Redundancy with HSRP ………………………………………………………36
Common Configuration……………………………………………………………………..40
Standard NAT Configuration………………………………………………………………44
Standard NAT with Overloading (PAT) ………………………………………………..47
NAT Redundancy with Route-Maps…………………………………………………….49
Policy NAT with Route-Maps ……………………………………………………………..52
Configuring Static NAT ……………………………………………………………………..55
Configuring Static PAT ……………………………………………………………………..57
Configuring Static Policy NAT…………………………………………………………….59
Overlapping Networks and Outside NAT……………………………………………..63
Using Destination NAT for Load-Balancing ………………………………………….66
Stateful NAT with HSRP ……………………………………………………………………68
Routing Foundations CBT
- Routing: Initial Router Configuration ccna
- Routing: Implementing Static Routing ccna
- Routing Protocols: Distance Vector vs. Link State ccna
- Routing: Implementing Dynamic Routing with RIP ccna
- Internal Routing Protocols (Part 1): Distance Vector Challenges and RIPv2 ccie
EIGRP CBT
- Routing Protocols: EIGRP Concepts and Configuration ccna
- EIGRP: The Concepts bsci
- EIGRP: Implementation and Verification bsci
- EIGRP: Summarization, Authentication, and Other Advanced Options bsci
- EIGRP: Best Practices and Design Options bsci
- Internal Routing Protocols (Part 2): Advanced EIGRP Configuration ccie
Lab 2-1: EIGRP Configuration, Bandwidth, and Adjacencies (2.7.1) 15 bsci (LAB Portfolio)
Scenario 15
Step 1: Addressing 16
Step 2: Configuring EIGRP Across VLAN1 17
Step 3: Verifying the EIGRP Configuration 19
Step 4: Configuring EIGRP on the Serial Interfaces 20
Step 5: Configuring Network Statement Wildcard Masks 22
Challenge: Topology Change 23
Lab 2-2: EIGRP Load Balancing (2.7.2) 26 bsci (LAB Portfolio)
Scenario 26
Step 1: Addressing and Serial Configuration 26
Step 2: EIGRP Configuration 29
Step 3: EIGRP Topology Table 32
Step 4: Equal-Cost Load Balancing 34
Step 5: Alternate EIGRP Paths Not in the Topology Table 35
Step 6: Unequal-Cost Load Balancing 38
Initial Configurations 45
TCL Script Output 47
Lab 2-3: Summarization and Default Network Advertisement (2.7.3) 53 bsci (LAB Portfolio)
Scenario 53
Step 1: Initial Configuration 54
Step 2: Summarization Analysis 57
Step 3: EIGRP Auto-Summarization 61
Step 4: EIGRP Manual Summarization 70
Step 5: Default Network Advertisement 72
Conclusion 77
TCL Script Output 79
Analyzing Major Networks 86
Lab 2-4: EIGRP Frame Relay Hub and Spoke: Router Used as Frame Switch (2.7.4) 89 bsci (LAB Portfolio)
Scenario 90
Step 1: Addressing 90
Step 2: Configuring the Frame Relay Switch 91
Step 3: Configuring the Frame Relay Endpoints 92
Step 4: Setting Interface-Level Bandwidth 94
Step 5: Configuring EIGRP 95
Step 6: Using Nonbroadcast EIGRP Mode 99
Step 7: Implementing EIGRP Manual Summarization 100
TCL Script Output 102
Lab 2-5: EIGRP Frame Relay Hub and Spoke: Adtran Used as Frame Switch (2.7.4) 110 bsci (LAB Portfolio)
Scenario 111
Step 1: Addressing 111
Step 2: Frame Relay Network 112
Step 3: Configuring the Frame Relay Endpoints 113
Step 4: Setting Interface-Level Bandwidth 114
Step 5: Configuring EIGRP 115
Step 6: Using Nonbroadcast EIGRP Mode 119
Step 7: Implementing EIGRP Manual Summarization 120
TCL Script Output 122
Lab 2-6: EIGRP Authentication and Timers (2.7.5) 131 bsci (LAB Portfolio)
Scenario 131
Step 1: Addressing 131
Step 2: Configuring Basic EIGRP 133
Step 3: Configuring Authentication Keys 134
Step 4: Configuring EIGRP Link Authentication 135
Step 5: Manipulating EIGRP Timers 139
TCL Script Output 142
Lab 2-7: EIGRP Challenge Lab (2.7.6) 147 bsci (LAB Portfolio)
Lab 2-8: EIGRP Troubleshooting Lab (2.7.7) 148 bsci (LAB Portfolio)
Initial Configurations 148
IE LABs Volume I
EIGRP…………………………………………………………………………………………………1
Understanding the EIGRP Network Statement……………………………………….2
EIGRP Auto-Summary………………………………………………………………………..5
EIGRP Split Horizon …………………………………………………………………………..8
Unicast EIGRP Updates ……………………………………………………………………12
Tuning EIGRP Convergence Timers …………………………………………………..16
Common Configuration……………………………………………………………………..19
Unequal-Cost Load-Balancing……………………………………………………………22
Adjacency Authentication ………………………………………………………………….25
Stub Router Feature …………………………………………………………………………28
Default Route Origination with Summarization ……………………………………..30
Default Routing with Default-Network ………………………………………………….32
Administrative Distance Manipulation ………………………………………………….34
Filtering with Distribute-List………………………………………………………………..37
Prefix Filtering using Distribute-List with Route-Map ……………………………..39
OSPF CBT
- Routing Protocols: OSPF Concepts ccna
- Routing Protocols: OSPF Configuration and Troubleshooting ccna
- OSPF: The Concepts (Part 1) bsci
- OSPF: The Concepts (Part 2) bsci
- OSPF: Implementation and Verification bsci
- OSPF: Understanding Network Types bsci
- OSPF: Router LSAs and Summarization Options bsci
- OSPF: Special Area Types and Options bsci
- OSPF: Authentication and Other Miscellaneous Options bsci
- Internal Routing Protocols (Part 3): OSPF, Key Concepts ccie
- Internal Routing Protocols (Part 4): Foundation OSPF Configuration ccie
- Internal Routing Protocols (Part 5): Advanced OSPF Configuration: NBMA Networks ccie
- Internal Routing Protocols (Part 6): Advanced OSPF Configuration: Practical Example ccie
Lab 3-1: Single-Area OSPF Link Costs and Interface Priorities (3.11.1) 151 bsci (LAB Portfolio)
Scenario 151
Step 1: Addressing 152
Step 2: Adding Physical Interfaces to OSPF 153
Step 3: OSPF show Commands 154
Step 4: Adding Loopback Interfaces to OSPF 157
Step 5: Modifying Link Costs in OSPF 159
Step 6: Modifying Interface Priorities 161
Challenge: Topology Change 162
TCL Script Verification 163
Lab 3-2: Multiple-Area OSPF with Stub Areas and Authentication (3.11.2) 167 bsci (LAB Portfolio)
Scenario 167
Step 1: Addressing 167
Step 2: Adding Interfaces into OSPF 168
Step 3: Stub Areas 171
Step 4: Totally Stubby Areas 173
Step 5: Not So Stubby Areas 176
Step 6: OSPF Interface Authentication 181
TCL Script Output 182
Lab 3-3: OSPF Virtual Links and Area Summarization (3.11.3) 187 bsci (LAB Portfolio)
Scenario 187
Step 1: Addressing 188
Step 2: Adding Interfaces into OSPF 189
Step 3: Creating a Virtual Link 190
Step 4: Summarizing an Area 193
Step 5: Generating a Default Route into OSPF 195
Challenge: Configure OSPF Authentication 197
TCL Connectivity Verification 197
Lab 3-4: OSPF over Frame Relay Using a Router as the Frame Relay Switch (3.11.4a) 202 bsci (LAB Portfolio)
Scenario 203
Step 1: Addressing 203
Step 2: Setting Up NBMA OSPF 204
Step 3: Changing the Network Type to Point-to-Multipoint 205
Step 4: Changing OSPF Timers 207
Challenge: Minimal Hello Intervals 208
TCL Connectivity Verification 209
Lab 3-5: OSPF Over Frame Relay Using an Adtran as the Frame Relay Switch (3.11.4b) 213 bsci (LAB Portfolio)
Scenario 213
Step 1: Addressing 214
Step 2: Setting Up NBMA OSPF 215
Step 3: Changing the Network Type to Point-to-Multipoint 216
Step 4: Changing OSPF Timers 218
Challenge: Minimal Hello Intervals 219
TCL Connectivity Verification 220
Lab 3-6: OSPF Challenge Lab (3.11.5) 224 bsci (LAB Portfolio)
Lab 3-7: OSPF Troubleshooting Lab (3.11.6) 225 bsci (LAB Portfolio)
Initial Configurations 226
IE LABs Volume I
OSPF ………………………………………………………………………………………………….1
Understanding the OSPF Network Statement ………………………………………..2
OSPF DR/BDR Election ……………………………………………………………………..6
OSPF over Frame Relay – Non-Broadcast……………………………………………10
OSPF over Frame Relay – Broadcast ………………………………………………….15
OSPF over Frame Relay – Point-to-Multipoint……………………………………….20
OSPF over Frame Relay – Point-to-Multipoint Non-Broadcast…………………26
OSPF over Frame Relay – Point-to-Point……………………………………………..31
OSPF Network Type Loopback ………………………………………………………….34
OSPF Virtual Links – Repairing Area 0 ………………………………………………..38
OSPF Virtual Links – Repairing Discontiguous Areas …………………………….44
Common Multi-Area Configuration with 2 ABRs ……………………………………49
Using Type-3 LSA Inter-Area Filtering …………………………………………………52
Type-3 LSA Filtering with Network Ranges ………………………………………….54
Ingress Filtering with Distribute-List …………………………………………………….56
Ingress Filtering with Distribute-List and Route-Map ……………………………..58
Ingress Filtering with Administrative Distance……………………………………….61
NSSA Area Type 7to5 LSA Translator Election …………………………………….65
NSSA Area ABR External Prefix Filtering …………………………………………….69
NSSA Suppress FA Feature………………………………………………………………71
NSSA Area and Default-Route Origiantion at ABR Part 1 ………………………73
NSSA Area and Default-Route Origiantion at ABR Part 2 ………………………75
NSSA Area and Default-Route Origiantion at ASBR ……………………………..77
Advanced Routing CBT
Advanced Routing: Route Redistribution bsci
Advanced Routing: Manipulating Route Updates bsci
Summarization
Lab 5-1: Redistribution Between RIP and OSPF (5.6.1) 281 bsci (LAB Portfolio)
Scenario 282
Step 1: Assign Addresses 282
Step 2: Configure RIPv2 284
Step 3: Configure Passive Interfaces in RIP 286
Step 4: Summarize a Supernet with RIP 288
Step 5: Suppress Routes Using Prefix Lists 290
Step 6: Configure OSPF 292
Step 7: Configure Passive Interfaces in OSPF 293
Step 8: Allow One-Way Redistribution 295
Step 9: Redistribute Between Two Routing Protocols 297
Step 10: Set a Default Seed Metric 297
Step 11: Change the OSPF External Network Type 298
Challenge: Use Extended Access Lists for Filtering 299
TCL Script Output: Steps 8 and 9 300
Lab 5-2 Redistribution Between EIGRP and OSPF (5.6.2) 307 bsci (LAB Portfolio)
Scenario 307
Step 1: Additional Addressing 308
Step 2: Configuring EIGRP 308
Step 3: Create Passive Interfaces in EIGRP 309
Step 4: Manually Summarize with EIGRP 311
Step 5: Additional OSPF Configuration 312
Step 6: Summarize OSPF Areas at the ABR 314
Step 7: Mutually Redistribute Between OSPF and EIGRP 315
Step 8: Filter Redistribution with Route Maps 319
Step 9: Summarize External Routes into OSPF at the ASBR 320
Step 10: Modifying EIGRP Distances 321
Step 11: Modifying OSPF Distances 322
Challenge: Change Administrative Distance on R2 324
TCL Script Output 325
Exploring Black Hole Operation 333
Lab 5-3: Redistribution Between EIGRP and IS-IS (5.6.3) 337 bsci (LAB Portfolio)
Scenario 337
Step 1: Assign Addresses 338
Step 2: Configure EIGRP 339
Step 3: Configure IS-IS 340
Step 4: Mutually Redistribute Between IS-IS and EIGRP 342
Step 5: Filter Network Addresses with Route Maps 344
Step 6: Filter Prefixes with Route Maps 347
Step 7: Summarize Addresses in IS-IS 349
TCL Script Output 350
Lab 5-4: Manipulating Administrative Distances (5.6.4) 357 bsci (LAB Portfolio)
Scenario 357
Pre-Lab: Review of Administrative Distances 358
Step 1: Configure Addressing 358
Step 2: Configure RIP 359
Step 3: Configure OSPF 362
Step 4: Modify a Routing Protocol’s Distance 366
Step 5: Modify Distance Based on Route Source 368
Step 6: Modify Distance Based on an Access List 370
Challenge 373
Advanced Router Technology CBT
- Advanced Router Technology (Part 1): Routing the Unroutable: Router Bridging Technology ccie
- Advanced Router Technology (Part 2): Data Link Switching Plus (DLSW+) ccie
- Advanced Router Technology (Part 5): HSRP and NTP ccie
IS-IS CBT
- IS-IS: The Concepts (Part 1) bsci
- IS-IS: The Concepts (Part 2) bsci
- IS-IS: Basic Implementation and Verification bsci
- Internal Routing Protocols (Part 7): Understanding and Configuring the IS-IS Protocol
Lab 4-1: Configuring Basic Integrated IS-IS (4.7.1) 229 bsci (LAB Portfolio)
Scenario 229
Step 1: Addressing and Basic Connectivity 230
Step 2: Configuring Basic IS-IS 230
Step 3: Verifying IS-IS Adjacencies and Operation 231
Step 4: Converting to the IS-IS Backbone 237
Step 5: Manipulating the IS-IS Interface Timers 239
Step 6: Implementing IS-IS L2 Core Authentication 240
Step 7: Implementing IS-IS Domain Authentication 241
TCL Script Output 243
Lab 4-2 Multi-Area Integrated IS-IS (4.7.2) 246 bsci (LAB Portfolio)
Scenario 246
Step 1: Addressing and Initial Configuration 246
Step 2: Verify IS-IS Initial Operation 247
Step 3: Configure IS-IS Area 2 248
Step 4: Verify IS-IS Multi-Area Operation 248
Step 5: Configure IS-IS Domain Authentication 250
Step 6: Reconfigure IS-IS Area 1 251
Step 7: Reconfigure R3 IS-IS Operation 254
Step 8: Verify IS-IS Intra-Area Operation 255
Reflection 257
TCL Script Output 257
Lab 4-3: Configuring IS-IS over Frame Relay: Router Used as Frame Switch (4.7.3a) 260 bsci (LAB Portfolio)
Scenario 261
Step 1: Addressing and Basic Configuration 261
Step 2: Frame Relay Configuration 261
Step 3: Configure and Verify IS-IS over Frame Relay 263
Step 4: Verify IS-IS Connectivity 265
Step 5: Demonstrate IS-IS Interface-Type Mismatch 265
Router as Frame Relay Switch Configuration 267
TCL Script Output 268
Lab 4-4: Configuring IS-IS over Frame Relay: Adtran Used as Frame Switch
(4.7.3b) 271 bsci (LAB Portfolio)
Scenario 271
Step 1: Addressing and Basic Configuration 271
Step 2: Frame Relay Configuration 272
Step 3: Configure and Verify IS-IS over Frame Relay 274
Step 4: Verify IS-IS Connectivity 276
Step 5: Demonstrate IS-IS Interface-Type Mismatch 276
TCL Script Output 278
BGP CBT
- BGP: Foundation Concepts bsci
- BGP: Implementation and Tuning (Part 1) bsci
- BGP: Implementation and Tuning (Part 2) bsci
- BGP: Implementation and Tuning (Part 3) bsci
- BGP: Tuning Attributes (Part 1) bsci
- BGP: Tuning Attributes (Part 2) bsci
- BGP (Part 1): BGP Theory ccie
- BGP (Part 2): Understanding BGP Attributes ccie
- BGP (Part 3): Foundation BGP Configuration ccie
- BGP (Part 4): BGP Route Reflectors, Confederations, and Peer-Groups ccie
- BGP (Part 5): BGP Route Aggregation and Filtering ccie
- BGP (Part 6): Configuring BGP Attributes to Influence Routing, Part 1 ccie
- BGP (Part 7): Configuring BGP Attributes to Influence Routing, Part 2 ccie
- BGP (Part 8): BGP Multihoming, Route Dampening, and Optimization ccie
Lab 6-1: Configuring BGP with Default Routing (6.7.1) 387 bsci (LAB Portfolio)
Scenario 387
Step 1: Assign IP Addresses 387
Step 2: Configure the ISPs 388
Step 3: Configure SanJose BGP 388
Step 4: Verify BGP on the SanJose Router 389
Step 5: Filter Routes 390
Step 6: Configure the Primary and Backup Routes Using Floating Static
Routes 390
Step 7: Configure Primary and Backup Routes Using Static Routes 392
TCL Verification 395
Lab 6-2: Using the AS_PATH Attribute (6.7.2) 399 bsci (LAB Portfolio)
Scenario 399
Step 1: IP Addressing 399
Step 2: Configure BGP 400
Step 3: Remove the Private AS 400
Step 4: Use the AS_PATH Attribute to Filter Routes 401
TCL Output 402
Lab 6-3: Configuring IBGP and EBGP Sessions, Local Preference, and
MED (6.7.3) 406 bsci (LAB Portfolio)
Scenario 406
Step 1: IP Addressing 406
Step 2: Configure EIGRP 407
Step 3: Configure IBGP 407
Step 4: Verify BGP Neighbors 407
Step 5: Configure EBGP 407
Step 6: Verify BGP Neighbors 408
Step 7: View BGP Summary Output 408
Step 8: Verify Which Path Traffic Takes 408
Step 9: BGP Next-Hop_Self 412
Step 10: Set BGP Local Preference 414
Step 11: Set BGP MED 415
Step 12: Establish a Default Network 419
TCL Verification 420
Lab 6-4: BGP Route Reflectors and Route Filters (6.7.4) 425 bsci (LAB Portfolio)
Scenario 425
Step 1: Configure RIPv2 425
Step 2: IBGP Peers and Route Reflectors 426
Step 3: Inject an External Route into BGP 427
Step 4: Inject a Summary Address into BGP 428
TCL Verification 429
IE LABs Volume I
BGP ……………………………………………………………………………………………………1
Establishment of BGP Peering Relationships…………………………………………2
BGP Update Source Mismatch…………………………………………………………….5
BGP Update Source Modification …………………………………………………………8
iBGP Synchronization……………………………………………………………………….12
Transiting Non-BGP Speaking Devices – Redistribution …………………………21
Transiting Non-BGP Speaking Devices – Tunneling ………………………………26
BGP Bestpath Selection – Weight ……………………………………………………….30
BGP Bestpath Selection – Local Preference ………………………………………..34
BGP Bestpath Selection – Local Preference ………………………………………..38
BGP Bestpath Selection – MED …………………………………………………………42
BGP Bestpath Selection – Origin………………………………………………………..46
BGP Next-Hop Processing – Next-Hop-Self…………………………………………50
BGP Next-Hop Processing – Manual Modification…………………………………53
BGP Next-Hop Processing – IGP Redistribution …………………………………..56
BGP Communites – No-Export …………………………………………………………..60
BGP Communites – No-Advertise ………………………………………………………65
BGP Route Reflection……………………………………………………………………….71
BGP Confederation…………………………………………………………………………..76
BGP Communities – Local AS……………………………………………………………81
BGP Regular Expressions …………………………………………………………………86
BGP Outbound Route Filtering (ORF) …………………………………………………91
BGP Aggregation……………………………………………………………………………..96
BGP Aggregation – Summary Only …………………………………………………..101
BGP Aggregation – Suppress Map……………………………………………………105
BGP Aggregation – Unsuppress Map………………………………………………..110
BGP Aggregation – AS-Set ……………………………………………………………..114
BGP Aggregation – Advertise Map……………………………………………………117
BGP Allow AS In…………………………………………………………………………….120
Multicast CBT
- Multicast: Concepts and Configuration bsci
- Advanced Router Technology (Part 7): Multicast Routing Concepts ccie
- Advanced Router Technology (Part 8): Configuring Multicast Routing ccie
Lab 7-1: Implementing IGMP and IGMP Snooping (7.5.1) 433 bsci (LAB Portfolio)
Overview 433
Step 1: Configure Hosts on a LAN 434
Step 2: Subscribe Interfaces to Multicast Groups with IGMP 434
Step 3: Verify IGMP Snooping on the Switch 439
Step 4: Configure a Multicast-Enabled Router on the VLAN 440
Step 5: Verify Multicast Operation at Layer 2 443
Step 6: Verify IGMP Snooping 444
Step 7: Verify Multicast Operation at Layer 3 446
Lab 7-2: Routing IP Multicast with PIM Dense Mode (7.5.2) 447 bsci (LAB Portfolio)
Scenario 447
Step 1: Configure Addressing and Implement IGMP 448
Step 2: Configure EIGRP 451
Step 3: Implement PIM-DM 451
Step 4: Verify PIM Adjacencies 455
Step 5: Verify Multicast Routing Operation 458
Step 6: Verify PIM-DM Flood-and-Prune Behavior 463
Step 7: Explore the Multicast Routing Table 466
Challenge 468
TCL Script Output: Unicast 468
Lab 7-3: Routing IP Multicast with PIM Sparse Mode (7.5.3) 474 bsci (LAB Portfolio)
Scenario 474
Step 1: Load Initial Configurations 474
Step 3: Implement PIM-SM 478
Step 4: Verify PIM Adjacencies 483
Step 5: Verify Multicast Routing Operation 485
Step 6: Verify PIM-SM Registration and SPT Cutover 490
Conclusion 493
Lab 7-4: Routing IP Multicast with PIM Sparse-Dense Mode (7.5.4) 496 bsci (LAB Portfolio)
Scenario 496
Step 1: Configure Addressing and Implement IGMP 497
Step 2: Configure Single-Area OSPF 500
Step 3: Implement PIM Sparse-Dense Mode 500
Step 4: Configure PIM Auto-RP 505
Step 5: Verify the RP Mappings 509
Step 6: Verify Multicast Operation 511
Step 7: Explore Auto-RP Operation with Sparse-Dense Mode 513
Step 8: Verify the Operation of Dense-Mode Fallback 515
TCL Script Output 520
IPv6 CBT
- IPv6: Understanding Basic Concepts and Addressing ccna
- IPv6: Configuring, Routing, and Interoperating ccna
- IPv6: Understanding Basic Concepts and Addressing bsci
- IPv6:Configuring, Routing, and Interoperating bsci
- IPv6 ccie
Lab 8-1: Configuring OSPF for IPv6 (8.7.1) 527 bsci (LAB Portfolio)
Scenario 527
Step 1: Configuring the Loopback Interfaces 527
Step 2: Configuring Static IPv6 Addresses 528
Step 3: Changing the Link-Local Address on an Interface 529
Step 4: Configuring EUI-64 Addresses 531
Step 5: Enabling IPv6 Routing and CEF 533
Step 6: Setting Up OSPFv3 533
Challenge: Summarizing OSPFv3 Areas 539
TCL Script Output 539
Lab 8-2: Using Manual IPv6 Tunnels (8.7.2) 544 bsci (LAB Portfolio)
Scenario 544
Step 1: Configure Loopbacks and Physical Interfaces 544
Step 2: Configure EIGRP 545
Step 3: Configure a Manual IPv6 Tunnel 545
Step 4: Configure OSPFv3 Over a Tunnel 546
TCL Script Output 547
Lab 8-3: Configuring 6to4 Tunnels (8.7.3) 552 bsci (LAB Portfolio)
Scenario 552
Step 1: Configure Loopbacks and Physical Interfaces 552
Step 2: Configure EIGRP 553
Step 3: Configure a Manual IPv6 Tunnel 553
Step 4: Configure Static IPv6 Routes 554
TCL Script Output 556
Lab 8-4: IPv6 Challenge Lab 561 bsci (LAB Portfolio)
Lab 8-5: IPv6 Troubleshooting Lab 562 bsci (LAB Portfolio)
Initial Configurations 562
IE LABs Volume I
IP Multicast …………………………………………………………………………… 1
PIM Dense Mode…………………………………………………………………………………..2
PIM Sparse Mode………………………………………………………………………………..12
Multicast RPF Failure …………………………………………………………………………..20
Auto-RP……………………………………………………………………………………………..27
Auto-RP – Multiple Candidate RPs ………………………………………………………..34
Auto-RP – Filtering Candidate RPs………………………………………………………..42
Auto-RP Listener …………………………………………………………………………………48
PIM NBMA Mode…………………………………………………………………………………55
Auto-RP and Default RP Placement……………………………………………………….62
Bootstrap Router …………………………………………………………………………………69
Multicast Source Distribution Protocol (MSDP) ………………………………………..74
Anycast RP…………………………………………………………………………………………81
Multicast BGP……………………………………………………………………………………..88
WAN CBT
- Routing: WAN Connectivity ccna
- WAN Connections: Concepts of VPN Technology ccna
- WAN Connections: Implementing PPP Authentication ccna
- WAN Connections: Understanding Frame Relay ccna
- WAN Connections: Configuring Frame Relay ccna
- Understanding New WAN Technologies: Cable Technology iscw
- Understanding New WAN Technologies: DSL Technology iscw
- Understanding New WAN Technologies: Configuring PPPoE DSL Connections iscw
- Multiprotocol Label Switching: The Concepts iscw
- Multiprotocol Label Switching: Frame Mode Configuration iscw
- Multiprotocol Label Switching: Understanding MPLS VPNs iscw
- Advanced WAN Configuration (Part 1): HDLC & PPP ccie
- Advanced WAN Configuration (Part 2): Frame Relay ccie
- Advanced WAN Configuration (Part 3): Frame Relay Traffic Shaping and ATM ccie
- Advanced WAN Configuration (Part 4): ISDN ccie
Lab 4-1: Configuring Frame Mode MPLS (4.5.1) 205 iscw (LAB Portfolio)
Scenario 205
Step 1: Configure Addressing 206
Step 2: Configure EIGRP AS 1 206
Step 3: Observe CEF Operation 207
Step 4: Enable MPLS on All Physical Interfaces 209
Step 5: Verify MPLS Configuration 210
Step 6: Change MPLS MTU 215
Lab 4-2: Challenge Lab: Implementing MPLS VPNs (4.5.2) 217 iscw (LAB Portfolio)
Scenario 218
Step 1: Configure Addressing 219
Step 2: Configure Routing in the Service-Provider Domain 219
Step 3: Configure MPLS in the SP Domain 220
Step 4: Configure a VRF 221
Step 5: Configure EIGRP AS 1 225
Step 6: Configure BGP 227
Step 7: Investigate Control Plane Operation 229
Step 8: Investigate Forwarding Plane Operation 235
Conclusion 238
IE LABs Volume I
FRAME RELAY………………………………………………………………………………………..1
Frame-Relay Inverse-ARP…………………………………………………………………..2
Frame-Relay Static Mapping 1 …………………………………………………………….5
Frame-Relay Inverse-ARP & Static Mappings ………………………………………..8
Frame-Relay Multipoint Interfaces: Inverse-ARP…………………………………..11
Frame-Relay Multipoint Interfaces: Static Mappings………………………………14
Frame-Relay Multipoint Interfaces: Inverse-ARP & Static Mappings ………..17
Frame-Relay Point-to-Point Subinterfaces …………………………………………..20
Frame-Relay Point-to-Point Subinterfaces and Main Interfaces: Inverse-ARP
………………………………………………………………………………………………………23
Frame-Relay Point-to-Point Subinterfaces and Main Interfaces: Static
Mappings ………………………………………………………………………………………..26
Frame-Relay Point-to-Point Subinterfaces and Multipoint Subinterfaces:
Inverse-ARP ……………………………………………………………………………………29
Frame-Relay Point-to-Point Subinterfaces and Multipoint Subinterfaces:
Static Mapping …………………………………………………………………………………32
Frame-Relay Main Interface: Inverse-ARP, Multipoint Interface: Inverse-ARP
………………………………………………………………………………………………………35
Frame-Relay Main Interface: Inverse-ARP, Multipoint Interface: Static
Mapping………………………………………………………………………………………….38
Frame-Relay Main Interface: Static Mapping, Multipoint Interface: Inverse-
ARP ……………………………………………………………………………………………….41
Frame-Relay Main Interface: Static Mapping, Multipoint Interface: Static
Mapping………………………………………………………………………………………….44
Frame-Relay Hub-and-Spoke, Main Interfaces w/ Inverse-ARP………………47
Frame-Relay Hub-and-Spoke, Main Interfaces w/ Inverse-ARP & Static
Mappings ………………………………………………………………………………………..51
Frame-Relay Hub-and-Spoke, Main Interfaces w/ Static Mappings………….55
Frame-Relay Hub-and-Spoke, Main Interfaces w/ Inverse-ARP & Point-to-
Point Subinterfaces…………………………………………………………………………..59
Frame-Relay Hub-and-Spoke, Main Interfaces w/ Static Mappings & Pointto-
Point Subinterfaces ………………………………………………………………………63
Case Study 1: EIGRP 565 bsci (LAB Portfolio)
Case Study 2: OSPF: Four Routers 566 bsci (LAB Portfolio)
Case Study 3: OSPF: Five Routers 568 bsci (LAB Portfolio)
Case Study 4: BGP 570 bsci (LAB Portfolio)
VoIP CBT
- VoIP Networks: Understanding the Foundations ccna
- VoIP Networks: How Your Voice Becomes a Packet bcmsn
- VoIP Networks: Allocating Enough Bandwidth bcmsn
- VoIP Networks: Implementation Considerations, Part 1 bcmsn
- VoIP Networks: Implementation Considerations, Part 2 bcmsn
- Campus VoIP: Overview, Considerations, and AutoQoS bcmsn
- Advanced Router Technology (Part 3): Voice over IP (VoIP) ccie
Lab 7-1: Configuring Switches for IP Telephony Support (7.3.1) 169 bcmsn (LAB Portfolio)
Scenario: Preparing the Switching Network to Support Voice 169
Step 1 Basic Preparation 170
Step 2 Basic Configuration 170
Step 3 Configure the Trunks and EtherChannel 171
Step 4 Changing the VTP Mode 173
Step 5 Creating the VTP Domain 174
Step 6 HSRP 174
Step 7 Auto QoS Configuration 176
Step 8 Verify Auto QoS 177
Step 9 Configure the Distribution Layer to Trust CoS 177
Step 10 Verify Auto QoS at the Distribution Layer 178
Step 11 mls qos cos 179
Lab 2-1: Configure CME Using the CLI and Cisco IP Communicator (2.6.1) 7 ont (LAB Portfolio)
Scenario 7
Step 1: Configure Addressing 7
Step 2: Configure Router Telephony Service 9
Step 3: Create Directory Numbers 10
Step 4: Create Phones 11
Step 5: Install Cisco IP Communicator 12
Step 6: Run Cisco IP Communicator 16
Step 7: Establish a Call from Host A to Host B 19
Step 8: Change the Codec Being Used 21
QoS CBT
- Quality of Service: Bandwidth Monsters ont
- Quality of Service: Implementation Models and Methods, Part 1 ont
- Quality of Service: Implementation Models and Methods, Part 2 ont
- Quality of Service: Classification and Marking: Layer 2 ont
- Quality of Service: Classification and Marking: Layer 3 ont
- Quality of Service: Using NBAR ont
- Quality of Service: Queuing Fundamentals ont
- Quality of Service: Queuing Configuration ont
- Quality of Service: Congestion Avoidance ont
- Quality of Service: Policing and Shaping ont
- Quality of Service: Link Efficiency Mechanisms ont
- Quality of Service: Through VPNs and Service Providers ont
- Quality of Service: The Magic Wand of AutoQoS ont
- Quality of Service (Part 1): QoS Fundamentals and the MQC ccie
- Quality of Service (Part 2): Congestion Management and Avoidance ccie
- Quality of Service (Part 3): Policing, Shaping, and Link Efficiency ccie
Lab 3-1: Preparing for QoS (3.6.1) 25 ont (LAB Portfolio)
Overview 26
Step 1: Preliminaries 27
Step 2: Create Basic Pagent IOS and TGN Configurations 27
Step 3: Store Basic Pagent Configurations 33
Step 4: Create Advanced Pagent IOS, TGN, and NQR Configurations 34
Step 5: Store Advanced Pagent Configurations 38
Step 6: Display Traffic Statistics 38
Basic Pagent Configurations 40
IOS Configuration on R4: Stored in flash:basic-ios.cfg 40
TGN Configuration on R4: Stored in flash:basic-tgn.cfg 41
IOS Configuration on ALS1: Stored in flash:basic.cfg 41
Pagent Configurations 42
IOS Configuration on R4 (TrafGen): Stored in flash:advanced-ios.cfg 42
TGN Configuration on R4 (TrafGen): Stored in flash:advanced-tgn.cfg 43
IOS Configuration on ALS1: Stored in flash:advanced.cfg 43
NETLAB-Compatible Advanced Pagent Configurations 44
IOS Configuration on R4: Stored in flash:advanced-ios.cfg 44
TGN Configuration on R4: Stored in flash:advanced-tgn.cfg 45
IOS Configuration on ALS1: Stored in flash:advanced.cfg 45
NQR Configuration 46
Sample Advanced Pagent Configuration 46
R1 47
R2 47
R3 47
R4 48
R4 NQR 48
Lab 3-3: Configuring QoS with SDM (3.6.3) 69 ont (LAB Portfolio)
Scenario 69
Preparation 69
Step 1: Configure Physical Interfaces 70
Step 2: Configure Routing with EIGRP 71
Step 3: Connect to R1 Using SDM 71
Step 4: Use the SDM QoS Wizard 72
Step 5: Verify QoS Operation with SDM 77
Lab 4-1: Default Queuing Tools (4.11.1) 79 ont (LAB Portfolio)
Scenario 79
Preparation 79
Step 1: Configure Addressing 80
Step 2: Configure EIGRP AS 1 83
Step 3: Contrast Interface Queuing Strategies 85
Step 4: Verify and Change Queuing Modes 87
Step 5: Modify Default Queuing Settings 93
Lab 4-2: Intermediate Queuing Tools (4.11.2) 95 ont (LAB Portfolio)
Scenario 95
Preparation 95
Step 1: Configure the Physical Interfaces 96
Step 2: Configure EIGRP AS 1 97
Step 3: Configure Custom Queuing 98
Step 4: Configure Priority Queuing 104
Challenge 107
Lab 4-3: TCP Header Compression (4.11.3) 108 ont (LAB Portfolio)
Scenario 108
Step 1: Configure Addressing 108
Step 2: Enable Telnet Access on R2 108
Step 3: Enable TCP Header Compression 108
Step 4: Verify TCP Header Compression 109
Lab 4-4: Comparing Queuing Strategies (4.11.4) 111 ont (LAB Portfolio)
Scenario 111
Preparation 111
Step 1: Configure Addressing and Routing 112
Step 2: Create NQR Configuration for Testing Purposes 113
Step 3: Test FIFO Queuing 115
Step 4: Test Weighted Fair Queuing 115
Step 5: Test Custom Queuing 116
Step 6: Test Priority Queuing 116
Lab 4-5: Class-Based Queuing and NBAR (4.11.5) 117 ont (LAB Portfolio)
Scenario 117
Preparation 117
Step 1: Configure the Physical Interfaces 118
Step 2: Configure EIGRP AS 1 119
Step 3: Configure NBAR Protocol Discovery 120
Step 4: Classify and Mark Packets 122
Step 5: Shape Traffic and Queue with CBWFQ and LLQ 127
Challenge: Verifying IP Precedence 131
Lab 4-6: Class-Based Marking, Shaping, and Policing (4.11.6) 133 ont (LAB Portfolio)
Scenario 133
Preparation 133
Step 1: Configure the Physical Interfaces 134
Step 2: Configure Routing 135
Step 3: Mark Packets with DSCP 135
Step 4: Configuring Class-Based Shaping 138
Step 5: Configure Nested Service Policies 140
Step 6: Configure Traffic Policing 142
Step 7: Configure Class-Based TCP Header Compression 143
Lab 4-7: WAN QoS Tools (4.11.7) 145 ont (LAB Portfolio)
Scenario 145
Preparation 145
Step 1: Configure the Physical Interfaces 146
Step 2: Configure Multilink PPP 147
Step 3: Configure Multilink PPP LFI 151
Step 4: Configure Routing 152
Step 5: Configure Generic Traffic Shaping 153
Step 6: Configure Committed Access Rate Policing 153
Lab 4-8: Shaping and Policing (4.11.8) 155 ont (LAB Portfolio)
Scenario 155
Preparation 155
Step 1: Configure Physical Interfaces and Routing 156
Step 2: Configure NQR on R4 156
Step 3: Configure Traffic Policing 158
Step 4: Configure Traffic Shaping 158
NETLAB-Compatible NQR Configuration 159
Lab 4-9: QoS Pre-classify (4.11.9) 160 ont (LAB Portfolio)
Scenario 160
Preparation 161
Step 1: Configure the Physical Interfaces 161
Step 2: Configure Static Routing 162
Step 3: Configure the GRE Tunnel 163
Step 4: Configure Routing 164
Step 5: Enable the QoS Pre-classify Feature 164
Lab 4-10: Quality of Service Challenge Lab 167 ont (LAB Portfolio)
Lab 4-11: Quality of Service Troubleshooting 168 ont (LAB Portfolio)
Initial Configurations 169
Lab 5-1: AutoQoS (5.3.1) 173 ont (LAB Portfolio)
Scenario 173
Preparation 174
Step 1: Configure the Physical Interfaces 174
Step 2: Configure EIGRP AS 1 176
Step 3: Configure AutoQoS 177
Step 4: Configure AutoQoS with DSCP 184
IE LABs Volume I
QOS…………………………………………………………………………………………………….1
Legacy Custom Queueing …………………………………………………………………..2
MQC Bandwidth…………………………………………………………………………………6
Legacy Priority Queueing ………………………………………………………………….11
MQC Low Latency Queue …………………………………………………………………14
Legacy Generic Traffic Shaping………………………………………………………….17
Legacy Frame Relay Traffic Shaping…………………………………………………..19
MQC Frame Relay Traffic Shaping……………………………………………………..22
Legacy Committed Access Rate…………………………………………………………25
MQC Policing…………………………………………………………………………………..27
Common Configuration……………………………………………………………………..29
Legacy FRTS…………………………………………………………………………………..33
Legacy FRTS with Per-VC Priority Queueing ……………………………………….36
Frame-Relay Adaptive Shaping………………………………………………………….38
Frame-Relay Fragmentation (FRF.12)…………………………………………………40
Frame-Relay IP RTP Priority ……………………………………………………………..42
Frame-Relay Per-VC CBWFQ……………………………………………………………44
MQC-Only FRTS Configuration ………………………………………………………….47
MQC FRTS……………………………………………………………………………………..50
Voice-Adaptive FRTS ……………………………………………………………………….53
Frame-Relay Voice-Adaptive Fragmentation ………………………………………..56
FRF.11 Annex C Fragmentation for VoFR……………………………………………58
Frame-Relay PIPQ …………………………………………………………………………..60
Wireless CBT
- Wireless: Understanding Wireless Networking ccna
- Wireless: Wireless Security and Implementation ccna
- Wireless LAN: Foundation Concepts and Design, Part 1 bcmsn
- Wireless LAN: Foundation Concepts and Design, Part 2 bcmsn
- Wireless LAN: Frequencies and 802.11 Standards bcmsn
- Wireless LAN: Understanding the Hardware bcmsn
- Wireless LAN: Configuration and Verification bcmsn
- Wireless Networks: Wireless in the Cisco World ont
- Wireless Networks: Security and 802.1x ont
- Wireless Networks: Cisco Wireless Configuration ont
- Wireless Networks: Wireless QoS ont
Lab 6-1a: Configuring an External WLAN Controller (6.7.1a) 129 bcmsn (LAB Portfolio)
Step 1 Basic Preparation 130
Step 2 Basic Configuration 130
Step 3 Configuring the Switched Virtual Interfaces 132
Step 4 DHCP 132
Step 5 PortFast 133
Step 6 Configuring the Host and Host Port 134
Step 7 Enable and Verify Routing 136
Step 8 WLAN Controller Wizard 136
Step 9 Additional WLAN Controller Configuration 138
Lab 6-1b: Configuring a WLAN Controller Installed in a Router (6.7.1b) 139 bcmsn (LAB Portfolio)
Step 1 Basic Preparation 139
Step 2 VLAN and VTP Domain Configuration 139
Step 3 Subinterfaces 140
Step 4 DHCP 141
Step 5 PortFast 142
Step 6 Configuring the Host and Host Port 142
Step 7 Verify Routing 144
Step 8 WLAN Controller Wizard 145
Step 9 Additional WLAN Controller Configuration 147
Lab 6-2: Configuring a WLAN Controller via the Web Interface (6.7.2) 149 bcmsn (LAB Portfolio)
Step 1 Load Existing Configurations from Previous Lab 150
Step 2 Using the Web Interface for Configuration 150
Step 3 Creating Logical Interfaces 152
Step 4 Configuring WLANs That Correspond to the VLANs 155
Lab 6-3: Configuring a Wireless Client (6.7.3) 158 bcmsn (LAB Portfolio)
Step 1 Install Cisco Aironet Wireless Card Software 159
Step 2 Inserting the Cisco 802.11 a/b/g Wireless Adapter 163
Step 3 Verify Status of Installation 166
Lab 6-1a: Configuring an External WLAN Controller (6.6.1a) 192 ont (LAB Portfolio)
Scenario 192
Step 1: Device Preparation 192
Step 2: Basic Switch Configuration 192
Step 3: Switched Virtual Interface Configuration 194
Step 4: DHCP Configuration 194
Step 5: Spanning Tree PortFast Configuration 196
Step 6: Host Configuration and Verification 196
Step 7: IP Routing Configuration and Verification 198
Step 8: WLAN Controller Wizard 199
Step 9: Telnet and HTTP Access to the WLAN Controller 200
Lab 6-1b: Configuring a WLAN Controller Installed in a Router (6.6.1b) 202 ont (LAB Portfolio)
Scenario 202
Step 1: Device Preparation 202
Step 2: Basic Switch Configuration 203
Step 3: Subinterface Configuration for R1 and the WLAN Controller 203
Step 4: DHCP Configuration 204
Step 5: Spanning Tree PortFast Configuration 205
Step 6: Host Configuration and Verification 206
Step 7: IP Routing Verification 208
Step 8: WLAN Controller Configuration 208
Step 9: Telnet and HTTP Access to the WLAN Controller 211
Lab 6-2: Configuring a WLAN Controller Through the Web
Interface (6.6.2) 213 ont (LAB Portfolio)
Step 1: Basic Device Configuration 213
Step 2: WLAN Controller Monitor Page 213
Step 3: Configure Logical Interfaces on the WLAN Controller 215
Step 4: Configure WLANs 220
Lab 6-3: Configuring a Wireless Client (6.6.3) 225 ont (LAB Portfolio)
Step 1: Aironet Installation Program 226
Step 2: Configuring Profile and SSID 230
Step 3: Diagnostics 233
Lab 6-4: Configuring WPA Security with Preshared Keys (6.6.4) 235 ont (LAB Portfolio)
Scenario 236
Preparation 236
Step 1: Connect to the WLC from the Host 237
Step 2: Assign a VLAN to a WLAN 238
Step 3: Connect to WLAN Using Cisco Aironet Desktop Utility 244
Lab 6-5: Configuring LEAP (6.6.5) 248 ont (LAB Portfolio)
Scenario 248
Preparation 249
Step 1: Install CiscoSecure ACS 250
Step 2: Set Up ACS for LEAP 254
Step 3: Connect to the WLC from the Management Host 260
Step 4: Set Up a RADIUS Server 261
Step 5: Assign a WLAN to a VLAN 263
Step 6: Configure the Wireless Client 267
Case Study: QoS and MLPPP 271
CCIE Video Practice Lab CBT
- CCIE Practice Labs Introduction
- CCIE Lab Setup
- Bridging and Switching: Frame Relay
- Bridging and Switching: 3550
- IGP Protocols: OSPF Part 1
- IGP Protocols: OSPF Part 2
- IGP Protocols: RIPv2
- IGP Protocols: EIGRP
- EGP Protocols: BGP Part 1
- EGP Protocols: BGP Part 2
- EGP Protocols: BGP Part 3
- ISDN: Connectivity and Dial Restrictions
- Cisco IOS Features: DHCP
- Cisco IOS Features: Redundant Routing
- Cisco IOS Features: SNMP
- Cisco IOS Features: NTP
- Cisco IOS Features: Miscellaneous Tasks
- Quality of Service
- Multicast
- Security
NetMaster FrameRelay VOD
Frame Relay Fundamentals:::
Frame Relay Overview
Frame Relay DTE to DTE
Frame Relay LMI
Frame Relay Mapping
Managing Frame Relay Topologies
Frame Switching on Cisco IOS
Bridging over Frame Relay
Advanced Frame Relay Techniques:::
PPP over Frame Relay
Frame Relay End-to End Keepalive
AutoInstall Over Frame Relay
Routing over Frame Relay::::
RIP, EIGRP and BGP on Hub-and-Spoke Frame-Relay
OSPF over Frame-Relay
Frame Relay QoS:::
Frame-Relay Traffic-Shaping
Class-Based Frame-Relay Traffic-Shaping
VOIP ovre Frame-Relay
Priority Queueing Options over Frame-Relay
Enhanced Frame-Relay Switching
InternetworkExpert COD4.0
::::Day1::::
Introduction
EthernetSwitching
VTP
Etherchannel
Frame Relay1
Frame Relay2
:::::Day2::::
IP Routing1
IP Routing2
IP Routing3
IP Routing4
RIP
Policy Routing
PPP1
PPP2
::::Day3:::::
EIGRP
OSPF1
OSPF2
OSPF3
OSPF4
Route Redistribution
::::Day4::::
BGP1
BGP2
BGP3
BGP4
Multicasting1
Multicasting2
::::Day5::::
IPv6 1
IPv6 2
IPv6 3
IPv6 4
IPv6 5
Security
:::::Day 6::::
Catalyst security and additional features1
Catalyst security and additional features2
Spanning Tree1
Spanning Tree2
:::Day7::::
Part1 Bridging
Part2 OSPF1
Part3 OSPF2
Part4 IGP1
Part5 IGP2
:::::Day8:::;
Part1 Summarization1
Part2 Summarization2
Part3 Summarization 3 and Advanced BGP
Part4 Advanced Route Redistribution1
Part5 Advanced Route Redistribution2
::::Day9::::
Part1 QoS
Part2 QoS
Part3 QoS
Part4 QoS
Part5 QoS
Part6 QoS
:::Day10:::
Part1 IP Services
Part2 IP Services
Part3 IP Services
Part4 IP Services
Part5 IP Services
LAB Strategy
Systems Management1
Systems Management2
Cisco LAB Accessor ***
IPExperts CCIE Labs Workbook
IE CCIE Dynamips Lab Workbook
IE CCIE Lab Workbook Vol2
IE CCIE Lab Workbook Vol3
DOiT labs volume 2 (Revised)
Narbik – Advanced CCIE Routing & Switching – Technology Focused
CCBOOTCAMP – CCIE R&S Technology Lab Workbook
IE CCIE ClassOnDemands 4.5
IPExpert COD4
Khawar butt labs
http://www.netmasterclass.net/
internetworkexpert.com
http://www.ccbootcamp.com/ccierslwadvlabwb.html
http://www.ipexpert.com/index.cfm/products/
http://www.netmetric-solutions.com
Websites
http://www.cisco.com/web/learning/le21/le39/featured.html
http://networkninja.co.za/ **
Networksims.com (Labs)
http://www.bradreese.com/cisco-technical-newsgroups.htm
http://7200emu.hacki.at/* (go to sample labs)
www.configureterminal.com (nice tools for ease)
http://www.certificationtalk.com:81/
http://www.onlinestudylist.com/
http://seekingalpha.com/symbol/csco
http://blog.internetworkexpert.com/
http://connection.netcordia.com/blogs/terrys_blog/default.aspx
http://thebryantadvantage.blogspot.com/
http://ciscomars.blogspot.com/
http://cosi-nms.sourceforge.net/
http://cciepursuit.wordpress.com/
http://www.networking-forum.com/index.php?c=9
http://www.dfw.cisco-users.org/
http://cciepursuit.wordpress.com/
http://forum.internetworkexpert.com/ubbthreads.php
http://www.ciscosim.net/ [forum and ios image downloads]
http://www.tek-tips.com/threadminder.cfm?pid=557
http://itknowledgeexchange.techtarget.com/cisco/
http://www.experts-exchange.com
BCMSN Command Reference Book
Chapter 1
Network Design Requirements 1
Cisco Service-Oriented Network Architecture 1
Cisco Enterprise Composite Network Model 2
Chapter 2
VLANs 3
Creating Static VLANs 3
Using VLAN-Configuration Mode 3
Using VLAN Database Mode 4
Assigning Ports to VLANs 5
Using the range Command 5
Dynamic Trunking Protocol 5
Setting the Encapsulation Type 6
Verifying VLAN Information 7
Saving VLAN Configurations 7
Erasing VLAN Configurations 8
Verifying VLAN Trunking 9
VLAN Trunking Protocol 9
Using Global Configuration Mode 9
Using VLAN Database Mode 10
Verifying VTP 12
Configuration Example: VLANs 13
3560 Switch 13
2960 Switch 15
Chapter 3
STP and EtherChannel 17
Spanning Tree Protocol 18
Enabling Spanning Tree Protocol 18
Configuring the Root Switch 18
Configuring a Secondary Root Switch 19
Configuring Port Priority 19
Configuring the Path Cost 20
Configuring the Switch Priority of a VLAN 20
Configuring STP Timers 21
Verifying STP 21
Optional STP Configurations 22
PortFast 22
BPDU Guard 22
BPDU Filtering 23
UplinkFast 24
BackboneFast 24
Root Guard 24
Loop Guard 25
Unidirectional Link Detection 25
Changing the Spanning-Tree Mode 26
Extended System ID 27
Enabling Rapid Spanning Tree 27
Enabling Multiple Spanning Tree 28
Verifying MST 29
Troubleshooting Spanning Tree 29
Configuration Example: STP 30
Core Switch (3560) 30
Distribution 1 Switch (3560) 31
Distribution 2 Switch (3560) 32
Access 1 Switch (2960) 33
Access 2 Switch (2960) 34
EtherChannel 34
Interface Modes in EtherChannel 35
Guidelines for Configuring EtherChannel 35
Configuring L2 EtherChannel 36
Configuring L3 EtherChannel 36
Verifying EtherChannel 37
Configuration Example: EtherChannel 38
DLSwitch (3560) 39
ALSwitch1 (2960) 40
ALSwitch2 (2960) 41
Chapter 4
Inter-VLAN Routing 43
Configuring Cisco Express Forwarding 43
Verifying CEF 44
Troubleshooting CEF 44
Inter-VLAN Communication Using an External Router:
Router-on-a-Stick 45
Inter-VLAN Communication Tips 46
Inter-VLAN Communication on a Multilayer Switch Through a
Switch Virtual Interface 46
Removing L2 Switchport Capability of a Switch Port 46
Configuring Inter-VLAN Communication 47
Configuration Example: Inter-VLAN Communication 48
ISP Router 49
CORP Router 50
L2Switch2 (Catalyst 2960) 52
L3Switch1 (Catalyst 3560) 54
L2Switch1 (Catalyst 2960) 56
Chapter 5
High Availability 59
Hot Standby Routing Protocol 59
Configuring HSRP 59
Verifying HSRP 60
HSRP Optimization Options 60
Preempt 60
HSRP Message Timers 61
Interface Tracking 62
Debugging HSRP 62
Virtual Router Redundancy Protocol 62
Configuring VRRP 63
Verifying VRRP 64
Debugging VRRP 64
Gateway Load Balancing Protocol 65
Configuring GLBP 65
Verifying GLBP 68
Debugging GLBP 68
Configuration Example: HSRP 69
Router 1 69
Router 2 70
Configuration Example: GLBP 71
Router 1 72
Router 2 73
Chapter 6
Wireless Client Access 75
Configuration Example: 4402 WLAN Controller Using the
Configuration Wizard 75
Configuration Example: 4402 WLAN Controller Using the
Web Interface 84
Configuration Example: Configuring a 3560 Switch to Support
WLANs and APs 94
Configuration Example: Configuring a Wireless Client 96
Chapter 7
Minimizing Service Loss and Data Theft 101
Configuring Static MAC Addresses 101
Switch Port Security 102
Verifying Switch Port Security 103
Sticky MAC Addresses 104
Mitigating VLAN Hopping: Best Practices 105
Configuring Private VLANs 105
Verifying PVLANs 106
Configuring Protected Ports 107
VLAN Access Maps 107
Verifying VLAN Access Maps 109
Configuration Example: VLAN Access Maps 109
DHCP Snooping 111
Verifying DHCP Snooping 113
Dynamic ARP Inspection 113
Verifying DAI 114
802.1x Port-Based Authentication 114
Cisco Discovery Protocol Security Issues 116
Configuring the Secure Shell Protocol 117
vty ACLs 117
Restricting Web Interface Sessions with ACLs 118
Disabling Unneeded Services 118
Securing End-Device Access Ports 119
Chapter 8
Voice Support in Campus Switches 121
Attaching a Cisco IP Phone 121
Verifying Configuration After Attaching a Cisco IP Phone 123
Configuring AutoQoS: 2960/3560 123
Verifying AutoQoS Information: 2960/3560 124
Configuring AutoQoS: 6500 124
Verifying AutoQoS Information: 6500 124
BSCI Command Reference Book
Chapter 1
Network Design Requirements 1
Cisco Service-Oriented Network Architecture 1
Cisco Enterprise Composite Network Model 2
Chapter 2
EIGRP 3
Configuring EIGRP 3
EIGRP Auto-Summarization 4
Injecting a Default Route into EIGRP: Redistribution of a Static
Route 5
Injecting a Default Route into EIGRP: IP Default Network 6
Injecting a Default Route into EIGRP: Summarize to 0.0.0.0/0 7
Load Balancing: Variance 7
Bandwidth Use 8
Authentication 8
Stub Networks 10
Verifying EIGRP 11
Troubleshooting EIGRP 12
Configuration Example: EIGRP 12
Austin Router 12
Houston Router 14
Chapter 3
OSPF 17
Configuring OSPF: Mandatory Commands 17
Using Wildcard Masks with OSPF Areas 18
Configuring OSPF: Optional Commands 19
Loopback Interfaces 19
Router ID 20
DR/BDR Elections 20
Modifying Cost Metrics 20
OSPF auto-cost reference-bandwidth 21
Authentication: Simple 21
Authentication: Using MD5 Encryption 22
Timers 22
Configuring Multi-Area OSPF 23
Propagating a Default Route 23
OSPF and NBMA Networks 23
Full-Mesh Frame Relay: NBMA on Physical
Interfaces 24
Full-Mesh Frame Relay: Broadcast on Physical
Interfaces 25
Full Mesh Frame Relay: Point-to-Multipoint
Networks 26
Full-Mesh Frame Relay: Point-to-Point Networks with
Subinterfaces 26
OSPF Special Area Types 27
Stub Areas 27
Totally Stubby Areas 28
Not So Stubby Areas (NSSA) Stub Area 29
NSSA Totally Stubby Areas 29
Virtual Links: Configuration Example 30
Route Summarization 31
Inter-Area Route Summarization 31
External Route Summarization 31
Verifying OSPF Configuration 32
Troubleshooting OSPF 32
Configuration Example: Single-Area OSPF 33
Austin Router 33
Houston Router 34
Galveston Router 35
Configuration Example: Multi-Area OSPF 36
ASBR Router 37
ABR-1 Router 38
ABR-2 Router 39
Internal Router 40
Configuration Example: OSPF and NBMA Networks 41
Houston Router 42
Austin Router 43
Galveston Router 44
Laredo Router 45
Configuration Example: OSPF and Broadcast Networks 46
Houston Router 47
Austin Router 48
Galveston Router 49
Laredo Router 50
Configuration Example: OSPF and Point-to-Multipoint
Networks 51
Houston Router 51
Austin Router 52
Galveston Router 53
Laredo Router 54
Configuration Example: OSPF and Point-to-Point Networks
Using Subinterfaces 55
Houston Router 55
Austin Router 57
Galveston Router 58
Laredo Router 59
Chapter 4
Integrated IS-IS 61
ISO Network Entity Title (NET) 61
Rules for Creating a NET 62
Examples of NETs: Cisco Implementation 63
Basic IS-IS Configuration 63
Neighbors and Timers 64
Election of the Designated IS (DIS) 65
Rules for IS-IS Adjacencies 65
Routing Metrics 65
Wide Metrics 66
Manual Summarization 66
Injecting Default Routes 66
Defining Router Types 67
Verifying Integrated IS-IS Routing 67
Configuration Example: Multi-Area IS-IS 68
Mazatlan Router 68
Acapulco Router 69
Cancun Router 70
Chapter 5
Manipulating Routing Updates 73
Route Redistribution 74
Assigning Metrics 74
Redistributing Subnets 75
Assigning E1 or E2 Routes in OSPF 75
Defining Seed Metrics 76
Redistributing Static Routes 76
Assigning Metric and Router Types in IS-IS 76
Redistributing OSPF Internal and External Routes 77
Verifying Route Redistribution 77
Passive Interfaces 78
Route Filtering Using the distribute-list Command 79
Verifying Route Filters 79
Configuration Example: Outbound Route Filters 80
Houston Router 81
Configuration Example: Inbound Route Filters 82
Galveston Router 83
“Passive” EIGRP Interfaces 84
Policy Routing Using Route Maps 85
Configuration Example: Route Maps 86
Portland Router 86
Administrative Distance (AD) 89
Static Routes: permanent Keyword 91
Floating Static Routes 91
Static Routes and Recursive Lookups 92
DHCP Configuration 92
Verifying and Troubleshooting DHCP Configuration 93
Configuring a DHCP Helper Address 94
DHCP Client on a Cisco IOS Ethernet Interface 94
Configuration Example: DHCP 95
Edmonton Router 95
Gibbons Router 97
Chapter 6
BGP 99
Configuring BGP 100
BGP and Loopback Addresses 101
eBGP Multihop 101
Verifying BGP Connections 102
Troubleshooting BGP Connections 102
Autonomous System Synchronization 103
Default Routes 104
Load Balancing 104
Authentication 105
Attributes 105
Origin 105
Next Hop 106
Autonomous System Path: Remove Private Autonomous
System 108
Autonomous System Path: Prepend 108
Weight: The weight Command 110
Weight: Access Lists 111
Weight: Route Maps 112
Local Preference: bgp default local-preference
Command 114
Local Preference: Route Maps 115
Multi-Exit Discriminator (MED) 116
Atomic Aggregate 119
Regular Expressions 121
121
Regular Expressions: Example One 122
Regular Expressions: Example Two 122
BGP Route Filtering Using Access Lists 123
BGP Route Filtering Using Prefix Lists 124
BGP: Configuration Example 127
Houston Router 127
Laredo Router 129
Galveston Router 129
Austin Router 130
Chapter 7
Multicast 133
IP Multicast Address Examples 133
Class D Addresses 134
Reserved Link-Local Addresses 134
Globally Scoped Addresses 134
Source Specific Multicast (SSM) Addresses 135
GLOP Addresses 135
Limited-Scope Addresses 135
Layer 2 Multicast Addresses 136
Ethernet MAC Address Mapping 136
Internet Group Management Protocol (IGMP) Snooping 138
Verifying Multicast Addressing 139
Cisco Group Management Protocol (CGMP) 139
Configuring IP Multicast 139
Verifying PIM Configuration 140
Auto-RP 140
Defining Scope of Delivery of Multicast Packets 141
Joining a Multicast Group 142
Changing Internet Group Management Protocol (IGMP)
Versions 142
Verifying IGMP Version 143
Configuration Example: Multicast Routing Using PIM Sparse-
Dense Mode 143
R1 Router 144
R2 Router 145
R3 Router 146
Chapter 8
IPv6 147
Assigning IPv6 Addresses to Interfaces 147
Cisco Express Forwarding (CEF) and Distributed CEF Switching
for IPv6 148
IPv6 and OSPFv3 149
Enabling OSPF for IPv6 on an Interface 150
OSPFv3 and Stub/NSSA Areas 150
Enabling an OSPF for IPv6 Area Range 151
Enabling an IPv4 Router ID for OSPFv3 151
Forcing an SPF Calculation 152
Configuration Example: OSPFv3 152
R3 Router 153
R2 Router 153
R1 Router 154
R4 Router 155
IPv6 Tunnels: Manual Overlay 156
Juneau Router 156
Fairbanks Router 157
Static Routes in IPv6 159
Floating Static Routes in IPv6 159
Verifying and Troubleshooting IPv6 160
IPv6 Ping 162
ISCW Command Reference Book
Chapter 1
Network Design Requirements 1
Cisco Service-Oriented Network Architecture 1
Cisco Enterprise Composite Network Model 2
Chapter 2
Connecting Teleworkers 3
Configuration Example: DSL Using PPPoE 3
Step 1: Configure PPPoE (External Modem) 5
Virtual Private Dial-Up Network (VPDN) Programming 5
Step 2: Configure the Dialer Interface 6
For Password Authentication Protocol (PAP) 7
For Challenge Handshake Authentication Protocol
(CHAP) 7
Step 3: Define Interesting Traffic and Specify Default
Routing 7
Step 4a: Configure NAT Using an ACL 8
Step 4b: Configure NAT Using a Route Map 9
Step 5: Configure DHCP Service 10
Step 6: Apply NAT Programming 10
Step 7: Verify a PPPoE Connection 11
Configuring PPPoA 11
Step 1: Configure PPPoA on the WAN Interface (Using
Subinterfaces) 12
Step 2: Configure the Dialer Interface 13
For Password Authentication Protocol (PAP) 13
For Challenge Handshake Authentication Protocol
(CHAP) 13
Step 3: Verify a PPPoA Connection 14
Configuring a Cable Modem Connection 15
Step 1: Configure WAN Connectivity 16
Step 2: Configure Local DHCP Service 17
Step 3: Configure NAT Using a Route Map 18
Step 4: Configure Default Routing 18
Step 5: Apply NAT Programming 19
Configuring L2 Bridging Using a Cisco Cable Modem
HWIC 19
Step 1: Configure Global Bridging Parameters 19
Step 2: Configure WAN to LAN Bridging 20
Configuring L3 Routing Using a Cisco Cable Modem HWIC 20
Step 1: Remove Bridge Group Programming from All
Interfaces 21
Step 2: Configure LAN Connectivity 21
Step 3: Configure WAN Connectivity 21
Chapter 3
Implementing Frame Mode MPLS 23
Configuring Cisco Express Forwarding 23
Verifying CEF 24
Troubleshooting CEF 24
Configuring MPLS on a Frame Mode Interface 25
Configuring MTU Size in Label Switching 26
Configuration Example: Configuring Frame Mode MPLS 27
R1 Router 27
R2 Router 28
R3 Router 30
Chapter 4
IPsec VPNs 33
Configuring a Teleworker to Branch Office VPN Using CLI 34
Step 1: Configure the ISAKMP Policy (IKE Phase 1) 35
Step 2: Configure Policies for the Client Group(s) 35
Step 3: Configure the IPsec Transform Sets (IKE Phase 2,
Tunnel Termination) 36
Step 4: Configure Router AAA and Add VPN Client
Users 36
Step 5: Create VPN Client Policy for Security Association
Negotiation 37
Step 6: Configure the Crypto Map (IKE Phase 2) 37
Step 7: Apply the Crypto Map to the Interface 38
Step 8: Verify the VPN Service 38
Configuring IPsec Site-to-Site VPNs Using CLI 39
Step 1: Configure the ISAKMP Policy (IKE Phase 1) 39
Step 2: Configure the IPsec Transform Sets (IKE Phase 2,
Tunnel Termination) 40
Step 3: Configure the Crypto ACL (Interesting Traffic, Secure
Data Transfer) 40
Step 4: Configure the Crypto Map (IKE Phase 2) 41
Step 5: Apply the Crypto Map to the Interface (IKE Phase
2) 42
Step 6: Configure the Firewall Interface ACL 42
<