GNS3vault https://gns3vault.com/ Cisco Labs for CCNA, CCNP and CCIE Students. Sun, 24 Aug 2014 10:43:41 +0000 en-US hourly 1 Expert Redistribution 2 https://gns3vault.com/redistribution/expert-redistribution-2 https://gns3vault.com/redistribution/expert-redistribution-2#comments Sat, 19 Jan 2013 22:30:03 +0000 Scenario: You’ve been practicing your redistribution scenarios but you are not able to procure enough routers to make a big network. Instead, you only have (4) routers but want to make a scenario that is as complex as...

The post Expert Redistribution 2 appeared first on GNS3vault.

]]>

Scenario:

You’ve been practicing your redistribution scenarios but you are not able to procure enough routers to make a big network. Instead, you only have (4) routers but want to make a scenario that is as complex as possible …

Goal:

  • Nothing has been preconfigured for you!
  • In order to keep the diagram clean, IP addresses and interfaces have been excluded.
  • Select whichever interfaces you like, but be sure they are all of the same speed and default bandwidth for EIGRP/OSPF metric calculation.
  • Use 192.168.xy.0/24 for each network where x and y are router numbers.
  • Example: 192.168.12.1 and 192.168.12.2 for the link between R1 and R2.
  • If an IP address is in a colored circle, that means it belongs to that protocol and should be advertised by that protocol.
  • No static, policy, or default routing allowed.
  • You may modify any metric, administrative distance, or route tags anywhere to solve this lab.

TASKS

  • Mutually redistribute between OSPF and RIP on R1.
  • Mutually redistribute between EIGRP and RIP on R2.
  • Mutually redistribute between EIGRP and OSPF on R3.
  • Mutually redistribute between OSPF and RIP on R4.
  • Mutually redistribute between EIGRP and RIP on R4.
  • Mutually redistribute between EIGRP and OSPF on R4.
  • Create a new loopback interface on R4: 4.4.4.4/32.
  • Redistribute this new loopback into EIGRP (don’t use the network command).
  • Redistribute this new loopback into OSPF (don’t use the network command).
  • Redistribute this new loopback into RIP (don’t use the network command).
  • To complete this lab, the route from any two loopback addresses must be one hop. Perform this test on every router with a traceroute sourced from the local loopback destined for the other (3) loopbacks.
  • Example: R1#traceroute 1.1.1.1 source loopback0 should only have one hop
  • Hints:
    • Routers will automatically rate-limit ICMP unreachables which makes traceroute slower. “no ip icmp rate-limit unreachable”.
    • You will need to use the word “redistribute” (15) times to solve this lab.
    • “debug ip routing” is your friend.

IOS:

c3640-jk9o3s-mz.124-16.bin

Topology:

redis

The post Expert Redistribution 2 appeared first on GNS3vault.

]]>
https://gns3vault.com/redistribution/expert-redistribution-2/feed 24
CCIE Practice Lab 2 https://gns3vault.com/ccie-rs/ccie-practice-lab-2 https://gns3vault.com/ccie-rs/ccie-practice-lab-2#comments Tue, 25 Dec 2012 01:37:24 +0000 Scenario After slugging through CCIE Practice lab 1, you’ve returned to the site to find yet another challenge! Goal: Nothing has been preconfigured for you! Coordinating instructions are below. All IP addresses begin with 192.168 unless otherwise shown...

The post CCIE Practice Lab 2 appeared first on GNS3vault.

]]>

Scenario

After slugging through CCIE Practice lab 1, you’ve returned to the site to find yet another challenge!

Goal:

Nothing has been preconfigured for you! Coordinating instructions are below. All IP addresses begin with 192.168 unless otherwise shown or described.

No static routing, policy-based routing, or default routing is allowed unless explicity stated.

At any point in the lab, you can tune any timers you want (STP, protocols, etc).

Each router should be configured with two loopbacks. “x” is the router number.

Loopback0 = x.x.x.x /32

Loopback1 = xx.xx.xx.xx /32

For example, R1 would have 1.1.1.1/32 and 11.11.11.11/32, R2 would have 2.2.2.2/32 and 22.22.22.22/32, etc.

R2, R3, and R5 all have 16-port switch modules installed. Switch cabling:

R2 F1/12 : R5 F1/12

R2 F1/13 : R5 F1/13

R2 F1/14 : R5 F1/14

R2 F1/15 : R5 F1/15

R3 F1/10 : R5 F1/10

R3 F1/11 : R5 F1/11

Frame Relay DLCI mapping

R1:R2 :: 102:201

R2:R3 :: 203:302

Phase 1: Basic configuration

1. Build the topology as shown in the diagram by making physical connections.

2. Configure all IP addresses and the FR switch as described above and shown in the diagram. Don’t forget the VLAN SVIs!

3. Correct any speed and duplex errors by using the fastest possible line speed and best duplex setting available.

4. R4 should receive it’s IP address via DHCP from R2. The DNS server is 10.0.0.2 and the lease is good for 10 minutes. R2’s F0/0 address is excluded from the pool.

5. The link between R2 and R4 is PPPoE with R2 as the PPPoE server.

Phase 2: Frame Relay and serial connectivity

1. On R1 and R2, configure frame relay. Use a non-proprietary encapsulation form, do not rely on IARP, and use a non-Cisco type of LMI and encapsulation. Pay attention to the IP subnets; they will tell you whether to use P2P or MP links. Ensure you can communicate from R1 to R3. You may use the “broadcast” keyword.

2. R2 and R3 are connected by a direct serial connection and a FR link. Find a way to bundle these two links together; you cannot use FR encapsulation on the directly connected link. Once the links are bundled and verified, secure this connection using a layer 2 feature (IPsec is layer 3).

3. The link between R4 and R5 should be PPP and should use CHAP for authentication. R5, however, should have an alternate of NOT_R5 to confuse attackers.

4. The link between R5 and R6 should be PPP and should use PAP for authentication.

5. The link between R3 and R6 should be PPP and should use PAP for authentication.

Phase 3: LAN Switching

1. R5 is the VTP server using the name VTP123. It should advertise VLANs 235 and 356, both of which should be added to the VLAN database. R3 should accept these VLANs but R3 is not allowed to modify the VLAN database. R2 should ignore this VTP update and should be manually programmed with only VLAN 235 in it’s VLAN database. Do not use a VTP password to accomplish this.

2. Configure R2 as the root for VLAN 235 and R5 as the root for VLAN 1 and VLAN 356. Do not use the “spanning-tree vlan x root primary” command.

3. Bundle F1/12-13 into PortChannel1 and F1/14-15 into PortChannel2 on R2 and R5. Enable static Etherchannel. Both Etherchannels are 802.1Q trunks.

4. VLAN 356 is not allowed towards R2 on any trunk link.

5. To make best use of available links, you decide to load balance VLAN traffic across your trunks. Configure R5 so that VLAN 235 prefers Po2 towards R2. Configure R5 F1/10 interface so that traffic for all VLANs is preferred over F1/11. F1/10 should be the backup link. Do not use backup interfaces or “switchport allowed vlan”.

6. Enable a feature on R3 that will allow it to immediately switch to F1/10 if F1/11 fails. Warning: Sometimes this feature causes weird GNS3 bugs. If you know the feature, you get credit! If it breaks GNS3, then just remove it. The solution is in the description on R3 F1/10 interface.

Phase 4: OSPF

1. Configure OSPF area 0 on R1 loopback2 interface. Make sure LSAs are not sent to this loopback.

2. Configure OSPF area 123 on all FR interfaces on R1 and R2, as well as the special interface you built on R3. Bring R2 Loopback0 into OSPF this way as well. Do not use the “ip ospf network” command on R1 or R2 FR interfaces. On the special interface between R2 and R3, ensure there is a DR election but the hello packets should not be multicast.

3. Issue the command “area 0 authentication message-digest” on R1.

4. Ensure R1 and R3 can never be DR’s within the two segments you just configured.

5. Configure OSPF area 2345 on the following interfaces:

R2 Vlan235

R2 S0/1

R4 S0/0

R4 S0/1

R5 Vlan235

R5 S0/0

R3 Vlan235

R3 Loopback0 (no LSAs sent here)

R4 Loopback0 (no LSAs sent here)

R5 Loopback0 (no LSAs sent here)

6. R5 should be the DR on the VLAN 235 segment.

7. You are not allowed to use the “ip ospf cost” command anywhere in this lab. Also, you can not modify any interface MTUs at any point, for any reason. Ensure you have full OSPF connectivity.

Phase 6: RIP

1. Configure RIP on R3 Vlan356 and R5 Vlan356.

2. Configure RIP on R3 S0/2, R5 S0/1, and both of R6’s serial interfaces.

3. Advertise R6’s loopback into RIP, and do not send RIP updates to this loopback.

Phase 7: Redistribution

1. Mutually redistribute between OSPF and RIP on R2 and R5. Do not use route tagging. Ensure there are no routing loops and that you have full connectivity.

Phase 8: BGP

1. Configure BGP 346 on R3, R4, R5, and R6. iBGP peerings are R6-R3, R6-R5, and R6-R4.

2. Advertise the loopback1 addresses on each of these (4) routers into BGP and ensure you have full connectivity between these loopbacks.

Phase 9: MPLS

1. Configure R3 in such a way that it forms a neighborship with R8 on both F0/0 and F0/1 (using both EIGRP ASNs). These neighborships should be in different routing tables and should have no knowledge of one another.

2. Configure R4 in such a way that it forms a neighborship with R7 on both F0/0 and F0/1 (using both EIGRP ASNs). These neighborships should be in different routing tables and should have no knowledge of one another.

3. Do not use the “route-target both” command in your configuration, and you cannot manually configure the same import/export RTs within the same VRF, either. For reference, the F0/0 connections on R7 and R8 represent one customer, and the F0/1 connections represent another.

4. You are not allowed to configure any virtual routing tables on R6 or R5; they are not virtual routing aware.

5. Enable end-to-end connectivity from R8 loopback38 to R7 loopback47 (once you configure EIGRP below).

6. Enable end-to-end connectivity from R8 loopback380 to R7 loopback470 (once you configure EIGRP below).

(This is the hardest part of the lab by far!)

Phase 10: EIGRP

1. Configure EIGRP 38 on R8 loopback38 and R8 F0/0. Ensure no EIGRP updates are sent to the loopback.

2. Configure EIGRP 380 on R8 loopback380 and R8 F0/1. Ensure no EIGRP updates are sent to the loopback.

3. Configure EIGRP 47 on R7 loopback47 and R7 F0/0. Ensure no EIGRP updates are sent to the loopback.

4. Configure EIGRP 470 on R7 loopback470 and R7 F0/1. Ensure no EIGRP updates are sent to the loopback.

5. On the R3-R8 F0/0 link, enable an EIGRP feature on R3 that will help save memory by reducing unnecessary EIGRP messages sent by R8 towards R3. This feature should not apply to the R3-R8 F0/1 link.

6. On th R4-R7 F0/1 link, enable EIGRP authentication using a rotating key. The first key is valid from the time you started this lab until one hour from now. The second key is good 30 seconds before the first key expires and is good forever.

7. Enable NTP on R7 and R4 to keep the clocks in sync. R4 is the master. Authenticate all NTP traffic and log all NTP events to the console.

Phase 11: QoS

1. Add a static route on R2 that changes the destination for 3.3.3.3/32 towards the special interface connecting R2 and R3. This route should be installed in the routing table only if the line-protocol on loopback0 is up.

2. Define a QoS policy on R2 that does the following actions for all traffic sent out of the special interface connecting R2 and R3:

* All ICMP traffic should be policed to a CIR of 16 kbps with a sustained burst rate of the CIR, and an excess burst rate of half the CIR. Conforming traffic ic transmitting, traffic that exceeds “bc” should have it’s DSCP set to 0, and traffic that exceeds “be” should be dropped.

* All TELNET traffic should be given 15 percent of the link’s bandwidth. TELNET traffic marked with DSCP EF, if the queue begins to fill, should be randomly dropped to avoid tail drop. After 20 packets are in the queue, 1 in 15 should be dropped, and after 40 packets are in the queue, all should be dropped.

* All HTTP traffic should be given a strict priority 25 percent of the link’s bandwidth. It should be unconditionally set to DSCP 41 and should have TCP header compression enabled.

Phase 12: Multicast

1. Enable PIM-SM on the following interfaces. You cannot enable PIM on any other non-loopback interfaces from this point forward.

R1 S0/0

R2 S0/0.201

R2 “PPPoE interface”

R2 Vlan235

R4 “PPPoE interface”

R4 S0/0

R5 S0/0

R5 S0/1

2. Enable a PIM feature on R2 and R5 so that R3 can never become a PIM neighbor with R2 or R5 on VLAN 235. Any other router, if added to the segment and runs PIM, should be able to form a neighborship.

3. Configure R1 Loopback 2 to join groups 225.1.1.1 (group 1) and 225.2.2.2 (group 2). Group 1 should use a special security feature that only allows it to accept multicast packets from 192.168.56.6. Group 2 will accept packets from any source.

4. R2 is the RP for group 1 and R4 is the RP for group 2. Use AutoRP to make this dynamically learned. R4 is also the mapping agent.

5. Do not use the command “ip pim autorp listener” anywhere in your solution. You are not allowed to use any dense-mode style behavior anywhere in the lab. This means that you must select a router to be the RP for some multicast groups …

6. You are allowed to use exactly (2) static routes in your solution. If you can do it without static routes then you are smarter than I am!

7. Ensure R6 can ping group 1 and group 2 and receive responses. Ensure R5 can ping group 2 only.

Phase 13: IPv6

1. Make up your own IPv6 addresses on all interfaces requiring IPv6 treatment. This includes R1, R3, R4, and R5 loopback0 interfaces.

2. Configure OSPFv3 area 0 between R1 and R2. Use existing DLCI numbers; you are not allowed to add new DLCIs on the FR switch. Ensure their is a DR election on the link but hello packets should be unicast; R1 should never be the DR. You cannot use the “broadcast” keyword. Advertise loopback 0 as well.

3. Configure OSPFv3 area 23 on the special link between R2 and R3. Ensure there is no DR election on the link.

4. Configure OSPFv3 area 38 on both links between R3 and R8. R3 should not allow Type-5 or Type-7 LSAs in area 38, but it should allow Type-3 LSAs.

5. Ensure the F0/0 link between R3-R8 has OSPFv3 authentication enabled.

6. Enable unequal path load balancing on the links between R3 and R8. R8 should send all traffic over F0/0 and R3 should send all traffic for R8 over F0/1. There should be no equal cost load balancing.

7. Configure RIPng using the name RIP6 in accordance with the diagram. Advertise R4 and R5 loopbacks.

8. Mutually redistribute between RIPng and OSPFv3 at R2 and R3. Do not modify administrative distance. Ensure full reachability between networks.

9. R1 should originate a “half-default” route. This route should cover the upper half of all IPv6 addresses (8000:: to FFFF:FFFF….).

10. Ensure you have full connectivity between IPv6 loopbacks.

IOS:

c3725-adventerprisek9-mz.124-7.image

Topology:

Main topology

main

IGP topology

igp

EGP toplogy

egp

MPLS topology

mpls

Multicast topology

mcast 

IPv6 IGP topology

ipv6 igp

You need to register to download the GNS3 topology file. (Registration is free!)

Once you are logged in you will find the configuration files right here.

The post CCIE Practice Lab 2 appeared first on GNS3vault.

]]>
https://gns3vault.com/ccie-rs/ccie-practice-lab-2/feed 9
Multicast Advanced https://gns3vault.com/multicast/multicast-advanced https://gns3vault.com/multicast/multicast-advanced#comments Sun, 16 Dec 2012 20:45:29 +0000 Scenario: In an effort to load balance various multicast responsibilities across your routers, you decide to implement Cisco’s AutoRP feature along with MSDP and SSM so you can use the same IP addresses as RPs for the same...

The post Multicast Advanced appeared first on GNS3vault.

]]>

Scenario:

In an effort to load balance various multicast responsibilities across your routers, you decide to implement Cisco’s AutoRP feature along with MSDP and SSM so you can use the same IP addresses as RPs for the same multicast groups while increasing security. Only problem is, your boss tells you that you cannot use sparse-dense mode as he never wants multicast traffic to be flooded unnecessarily. Additionally, responsibilities are being distributed to all (5) backbone routers in your network.

Goal:

  • Nothing has been preconfigured for you! Configure IP addresses and interface assignments in accordance with the diagram.
  • Enable EIGRP on all routers and all interfaces for basic connectivity. Do NOT enable EIGRP on R1 and R7 as those devices simulate hosts. Instead, configure a default route on each one.
  • Enable multicast-routing and PIM-SM on all interfaces, including loopbacks.
  • Configure AutoRP on all (5) routers. R4 should be both the mapping agent and the RP using Lo0 for AutoRP’s discovery group using Lo1. R5 should be the RP for AutoRP’s announcement group using Lo0.
  • Ensure all routers know these two RP addresses so they can receive AutoRP information.
  • Configure R2 Lo0 to be the RP for 225.1.1.1 only.
  • Configure R5 Lo1 to be the RP for 225.1.1.1 only.
  • Configure R3 Lo0 to be the RP for 225.2.2.2 only.
  • Configure R6 Lo1 to be the RP for 225.2.2.2 only.
  • Configure MSDP so RPs can share appropriate RP-related information. You are only allowed to create (2) peerings.
  • R7 needs to tell R6 that it wants to receive multicast traffic on groups 225.1.1.1 and 225.2.2.2. Use SSM to ensure that only multicast traffic on these groups is forwarded by R6. Do not use the “ip access-group” command or any explicit filtering mechanisms.
  • R1 should be able to ping 225.1.1.1 and 225.2.2.2 and receive responses from R7.

IOS:

c3725-adventerprisek9-mz.124-7.image

Topology:

mcast advanced

The post Multicast Advanced appeared first on GNS3vault.

]]>
https://gns3vault.com/multicast/multicast-advanced/feed 17
Committed Access Rate Limiting https://gns3vault.com/quality-of-service/committed-access-rate-limiting https://gns3vault.com/quality-of-service/committed-access-rate-limiting#comments Sun, 25 Nov 2012 22:47:44 +0000 Scenario: A host on your network has been surfing the web and transfers files far too much. Your boss is old school and does not like class-based QoS nor MQC. You have to find a way to police...

The post Committed Access Rate Limiting appeared first on GNS3vault.

]]>

Scenario:

A host on your network has been surfing the web and transfers files far too much. Your boss is old school and does not like class-based QoS nor MQC. You have to find a way to police traffic from that host before it cripples your network!

Goal:

  • Nothing has been preconfigured for you!
  • Make the proper physical connections as outlined in the diagram.
  • The bandwidth between R1 and R2 is 496 kbps. Configure this.
  • Add a static default route onto both R1 and R3 as they represent hosts.
  • Ensure you have IP connectivity from R1 to R3 before continuing.
  • Without using MQC or CB Policing, police traffic from R1, configured on R2 as follows. Bc should be equal to the CIRs:
  • Police all traffic to 496 kbps, dropping all exceeding traffic. Before this traffic is forwarded, apply the additional policing …
  • Police web traffic at 400 kbps, dropping all exceeding traffic.
  • Police FTP traffic at 160 kbps, dropping all exceeding traffic.
  • Police ICMP traffic at 200 kbps, dropping all exceeding traffic.

IOS:

c3725-adventerprisek9-mz.124-7.image

Topology:

car rate limit

The post Committed Access Rate Limiting appeared first on GNS3vault.

]]>
https://gns3vault.com/quality-of-service/committed-access-rate-limiting/feed 11
CB Policing Intermediate https://gns3vault.com/quality-of-service/cb-policing-intermediate https://gns3vault.com/quality-of-service/cb-policing-intermediate#comments Sun, 25 Nov 2012 19:21:56 +0000 Scenario Your old frame relay and 10 MBps half-duplex network have been suffering from considerable congestion. You decide to take advance of both Layer 2 and Layer 3 CB marking and matching capabilities, and introducing a myriad of...

The post CB Policing Intermediate appeared first on GNS3vault.

]]>

Scenario

Your old frame relay and 10 MBps half-duplex network have been suffering from considerable congestion. You decide to take advance of both Layer 2 and Layer 3 CB marking and matching capabilities, and introducing a myriad of policers into your network!

Goal:

  • Nothing has been preconfigured for you!
  • Make all physical connections and configure IP addresses in accordance with the diagram.
  • The CIR of all FR PVCs is 128 kbps. Make sure EIGRP and your QoS mechanisms know this.
  • Enable EIGRP AS 1 on all routers except R1. and all interfaces. Ensure 192.168.12.1 can ping 4.4.4.4 before continuing. Use passive-interface where applicable.
  • R1 is a host and has no concept of EIGRP.
  • On R1, use CB marking to mark all outbound ICMP traffic with DSCP AF11 and all telnet traffic with DSCP EF. Do not use NBAR.
  • On R2, configure a class-map to match high priority traffic (DSCP EF) and a class-map to match medium priority traffic (DSCP AF11).
  • On R2, High priority traffic should be given an LLQ with 32 kbps of bandwidth. This entire bandwidth range should be policed, with 24 kbps being the sustained burst rate and 8 kbps being the excess burst rate. This is a single-rate, multi-action, three-color policier that transmits conforming traffic, marks FR-DE on exceeding traffic, and marks both FR-DE and DSCP 0 on violating traffic.
  • On R2, Medium priority traffic should be given 24 kbps of bandwidth. This entire bandwidth range should be policed, with 16 kbps being the sustained burst rate and 8 kbps being the excess burst rate. This is a single-rate, multi-action, three-color policier that transmits conforming traffic, marks both FR-DE and DSCP 0 on exceeding traffic, and drops violating traffic.
  • On R2, all remaining traffic is allowed no dedicated bandwidth. 16 kbps, however, will be policed, with a sustained burst rate of 16 kbps. This is a single-rate, single-action, two-color policier that transmits conforming traffic and drops exceeding traffic.
  • On R3, build class maps to match high priority, medium priority, high priority + FRDE, and medium priority + FRDE. Build more class maps if you find it necessary.
  • On R3, both high priority classes will get LLQs.
    *If FRDE is set, it gets 32 kbps and is policed as follows: All of the allocated LLQ bandwidth is policed with 24 kbps being the sustained burst rate and 8 kbps being the excess burst rate. This is a single-rate, single-action, three-color policier that transmits conforming traffic, marks DSCP 0 on exceeding traffic, and drops violating traffic.
    *If not, it gets 48 kbps and is policed as follows: All of the allocated LLQ bandwidth is policed with 40 kbps being the sustained burst rate and 8 kbps being the excess burst rate. This is a single-rate, multi-action, three-color policier that transmits conforming traffic, marks FRDE on exceeding traffic, and marks both FR-DE and DSCP 0 on violating traffic.
  • On R3, both medium classes will get dedicated bandwidth, but not LLQ.
    *If FRDE is set, it gets 16 kbps and is policed as follows: All of the allocated LLQ bandwidth is policed with 16 kbps being the sustained burst rate. This is a single-rate, single-action, two-color policier that transmits conforming traffic and drops exceeding traffic.
    *If not, it gets 32 kbps and is policed as follows: All of the allocated bandwidth is policed with 24 kbps being the sustained burst rate and 8 kbps being the excess burst rate. This is a single-rate, multi-action, three-color policier that transmits conforming traffic, marks both FR-DE and DSCP 0 on exceeding traffic, and drops violating traffic.
  • On R3, all remaining traffic is policed by a single-rate, single-action, two-color policier that transmits conforming traffic and drops exceeding traffic against a CIR and sustained burst rate of 16kbps.

IOS:

c3725-adventerprisek9-mz.124-7.image

Topology:

police intermediate

The post CB Policing Intermediate appeared first on GNS3vault.

]]>
https://gns3vault.com/quality-of-service/cb-policing-intermediate/feed 4
EIGRP Link Bundle https://gns3vault.com/eigrp/eigrp-link-bundle https://gns3vault.com/eigrp/eigrp-link-bundle#comments Sun, 25 Nov 2012 03:21:51 +0000 Scenario: At your job, you’ve recently installed a new serial link to a neighboring site to perform equal-cost load balancing with EIGRP. However, your boss refuses to issue you another IP network for this link, and he forbids...

The post EIGRP Link Bundle appeared first on GNS3vault.

]]>

Scenario:

At your job, you’ve recently installed a new serial link to a neighboring site to perform equal-cost load balancing with EIGRP. However, your boss refuses to issue you another IP network for this link, and he forbids you to variably subnet the existing network. Can you make it work?

Goal:

  • Nothing has been preconfigured for you!
  • Make the proper physical connections as outlined in the diagram.
  • Configure 1.1.1.1/32 as a loopback on R1.
  • Configure 2.2.2.2/32 as a loopback on R2.
  • Using only the 192.168.12.0/24, assign an IP address to all (4) serial interfaces in use, establish an EIGRP neighborship on each link, and ensure traffic is load balanced between router loopback addresses. These tasks can be performed in any order.

IOS:

c3725-adventerprisek9-mz.124-7.image

Topology:

eigrp bundle

The post EIGRP Link Bundle appeared first on GNS3vault.

]]>
https://gns3vault.com/eigrp/eigrp-link-bundle/feed 54
BGP Multipath Load Balancing https://gns3vault.com/bgp/bgp-multipath-load-balancing https://gns3vault.com/bgp/bgp-multipath-load-balancing#comments Sat, 24 Nov 2012 19:15:23 +0000 Scenario You’ve got a single multi-homed BGP connection to two ISPs. You want to load balance traffic to a specific destination but you have no control over what the ISPs are doing with that route as it traverses...

The post BGP Multipath Load Balancing appeared first on GNS3vault.

]]>

Scenario

You’ve got a single multi-homed BGP connection to two ISPs. You want to load balance traffic to a specific destination but you have no control over what the ISPs are doing with that route as it traverses the network! You helped the ISP build their network … but then they fired you and left you scratching your head trying to enable load balancing.

Goal:

  • Nothing has been preconfigured for you!
  • Make the required physical connections as depicted in the diagram.
  • Configure the IP addresses as depicted in the diagram (begin with 192.168).
  • Configure eBGP as follows using the connected physical interfaces as update sources:
    * R1 to R3
    * R1 to R2
    * R3 to R4
    * R4 to R5
    * R2 to R5
  • Add a loopback on R1 and R5 with addresses 1.1.1.1/32 and 5.5.5.5/32 respectively.
  • Pull these loopbacks into BGP using the network command, and no other networks afterwards.
  • Configure an outbound route-map on R5 to set the origin to “?” for all routes it sends to R2.
  • Configure an outbound route-map on R5 to set the origin to “e” for all routes it sends to R4.
  • Configure an outbound route-map on R2 to set the MED to 2 for all routes it sends to R1.
  • Configure an outbound route-map on R3 to set the MED to 3 for all routes it sends to R1.
  • Ensure R1’s BGP table reflects these updates, and ensure you have connectivity from 1.1.1.1 to 5.5.5.5.
  • *** From this point forward, you cannot configure any other router except R1. You used to work at the ISP and configured their network for them, but they just fired you. ***
  • Enable load balancing for the 5.5.5.5 network within BGP. You will know when you are successful when R1’s routing table has two entries for 5.5.5.5/32 (one next hop is R2, the other is R3).

IOS:

c3725-adventerprisek9-mz.124-7.image

Topology:

bgp load balance

The post BGP Multipath Load Balancing appeared first on GNS3vault.

]]>
https://gns3vault.com/bgp/bgp-multipath-load-balancing/feed 40
EIGRP Advanced https://gns3vault.com/eigrp/eigrp-advanced https://gns3vault.com/eigrp/eigrp-advanced#comments Sat, 24 Nov 2012 00:23:59 +0000 Scenario You’ve been a loyal Cisco employee your whole life and never thought OSPF was worth learning. Your boss wants to test your knowledge of EIGRP before offering you a promotion, though. He tells you that you have...

The post EIGRP Advanced appeared first on GNS3vault.

]]>

Scenario

You’ve been a loyal Cisco employee your whole life and never thought OSPF was worth learning. Your boss wants to test your knowledge of EIGRP before offering you a promotion, though. He tells you that you have (2) hours to solve it!

Goal:

  • Nothing has been preconfigured for you! Refer to the diagram for IP addressing and connectivity.
  • EIGRP 200 is configured on the interfaces that are encompassed by the circle. All other interfaces are EIGRP 100.
  • Change the K-values within EIGRP 200 to only use the throughput delay on a link for the metric computation.
  • Assign a delay of 1 to R7 F0/0, R8 F0/0, and R8 Lo0. Assign a delay of 3 to R4 S0/1 and R8 S0/0. Verify proper metrics are computed (math is simple). The network administrator in EIGRP 200 wants to keep his metrics low because he can’t count very high.
  • SW1 is becoming overwhelmed by all the EIGRP hello packets. Double the EIGRP hello interval on all connected routers and appropriately tune the hold-down interval as well.
  • Perform mutual redistribution between EIGRP 100 and 200 on both R4 and R7. Use a strict tagging solution that ensures no routing loops; do not rely on AD or metrics to accomplish this.
  • In addition, metric translation should be done on both R4 and R7.
    * Going from EIGRP 100 to 200, metrics will be shrunk down to satisfy the EIGRP 200 network administrator. For every five hundred thousand, add ten microseconds of delay. For example, EIGRP 100 metrics in the range of 0-500,000 should be translated to 10 microseconds of delay for EIGRP 200 to compute. EIGRP 100 metrics in the range of 500,000-1,000,000 should be translated to 20 microseconds of delay for EIGRP 200 to compute. Continue this until you reach 2,500,000 at which all prefixes will be assigned 60 microseconds of delay.
    * Going from EIGRP 200 to 100, metrics will be enlarged to normal values. For one thousand, add 500 microseconds of delay, starting at 1000 microseconds of delay and 100MBps bandwidth. For example, EIGRP 200 metrics in the range of 0-1,000 should be translated to 1000 microseconds of delay for EIGRP 100 to compute. EIGRP 200 metrics in the range of 1,000-2,000 should be translated to 1500 microseconds of delay for EIGRP 100 to compute. Continue this until you reach 3,000 at which all prefixes will be assigned 2500 microseconds of delay.
  • R4 is low on memory and should not be queried by EIGRP about routes in the active state. Make sure that R4 does not lose it’s role as a redistributor of routes from EIGRP 200.
  • R5 has important information for R8 and it wants to load balance traffic to R8’s loopback0. Enable this feature, along with balanced traffic sharing, and achieve a 3:80 ratio of balancing between F0/0 and S0/0 on R5. Ensure that any bandwidth and delay changes you make are mirrored on the other end of the link for consistency.
  • R1 should never load balance.
  • R6 and R3 should ignore EIGRP updates from one another but maintain their neighborship. R5, however, should facilitate EIGRP communications between both routers on the LAN segment by ensure R3 and R6 still see one another’s updates, even indirectly.
  • For additional security on the LAN segment, configure EIGRP authentication. Keys should rotate as well. The first key is valid from the time you started this lab until 1 hour from now. The second key is valid forever and starts being valid 5 minutes before expiration of the first key.
  • Configure (4) new loopbacks on R1 with IP addresses 172.16.0.1/24, 172.16.1.1/24, 172.16.2.1/24, and 172.16.3.1/24. Summarize these networks on all of R1’s EIGRP neighboring interfaces. Make sure the 172.16.1.0/24 is still advertised explicitly. Also, this 172.16.1.0/24 route have it’s metric increased by 1 when it is advertised to EIGRP neighbors.
  • R2 refuses to honor this explicit 172.16.1.0/24 route and prefers to use the summary only. Ensure R2 can never learn this route from any EIGRP peer using exactly three commands.
  • R8 should originate a default route, advertised to both R4 and R7. Do not use the “redistribute” or “ip default-network” commands. Ensure that this default route does not show up in the routing table of R8, and to prevent loops, ensure R8 can never dynamically learn a default route. Lastly, R8’s loopback address must remain visible to all routers.
  • For some reason, routers don’t always reply to R2’s queries quickly. R2 should wait forever for these queries
  • Ensure you have full network connectivity, especially between loopback addresses which simulate host LANs.

IOS:

c3725-adventerprisek9-mz.124-7.image

Topology:

eigrp advanced

The post EIGRP Advanced appeared first on GNS3vault.

]]>
https://gns3vault.com/eigrp/eigrp-advanced/feed 36
CCIE Practice Lab 1 https://gns3vault.com/ccie-rs/ccie-practice-lab-1 https://gns3vault.com/ccie-rs/ccie-practice-lab-1#comments Fri, 23 Nov 2012 14:01:22 +0000 Scenario So you’ve finished CCNP by scoring 900+ on all three exams and you feel pretty confident about starting your CCIE journey. In studying for the written exam, you also like to build complex labs in your spare time....

The post CCIE Practice Lab 1 appeared first on GNS3vault.

]]>

Scenario

So you’ve finished CCNP by scoring 900+ on all three exams and you feel pretty confident about starting your CCIE journey. In studying for the written exam, you also like to build complex labs in your spare time. You haven’t quite learned all of the CCIE technologies yet, but you’ve seen enough tricks from other practice labs that you decided to build your own! See if you can solve this lab in 8 hours or less while concurrently minimizing the use of “show run” and “show start”.

Goal:

  • Nothing has been preconfigured for you! You must build this lab completely from scratch, so pay close attention to the cabling instructions.
  • No static routing, policy-based routing, or default routing is allowed unless explicity stated.
  • Each router should be configured with two loopbacks. “x” is the router number. For example, R1 would have 1.1.1.1/32 and 11.11.11.11/32, R2 would have 2.2.2.2/32 and 22.22.22.22/32, etc.
    Loopback0 = x.x.x.x /32
    Loopback1 = xx.xx.xx.xx /32
  • Switch cabling:
    R1 F0/0 -> SW1 F1/1, VLAN 123
    R1 F0/1 -> SW2 F1/1, VLAN 137
    R2 F0/0 -> SW1 F1/2, VLAN 123
    R2 F0/1 -> SW2 F1/2, VLAN 246
    R3 F0/0 -> SW2 F1/3, VLAN 123
    R4 F0/0 -> SW2 F1/4, VLAN 246
    R5 F0/0 -> SW1 F1/5, VLAN 157
    R6 F0/0 -> SW1 F1/6, VLAN 256
    R7 F0/0 -> SW2 F1/7, VLAN 157
  • Frame Relay DLCI mapping
    R1:R2 :: 102:201
    R1:R7 :: 107:701
    R7:R4 :: 704:407
    R4:R6 :: 406:604
    R6:R2 :: 602:206
  • Phase 1: Basic configuration
    1. Build the topology as shown in the diagram by making physical connections.
    2. Configure all IP addresses and the FR switch as described above and shown in the diagram.
    3. Disable automatic speed and duplex negotiation on all FastEthernet interfaces. Use the fastest line speed and duplex settings you can.
    4. Disable CEF on all routers. Disable ip route-cache and ip mroute-cache on all multicast-routing interfaces. This is to overcome a multicast bug with GNS3.
  • Phase 2: Frame Relay
    1. On R1, R2, R4, and R7, configure frame relay. Use a non-proprietary encapsulation form, do not rely on IARP, and do not use the word “broadcast” anywhere in your configuration. Pay attention to the IP subnets; they will tell you whether to use P2P or MP links. Ensure you can communicate from R2 to R4. Helper commands: show frame-relay map, show frame-relay pvc
    2. On R4 and R6, configure PPP over frame relay. Use CHAP for additional security. Helper commands: debug ppp negotiation, debug ppp authentication
    3. On R2 and R6, configure PPP over frame relay. Use PAP for additional security. Helper commands: debug ppp negotiation, debug ppp authentication
  • Phase 3: LAN Switching
    1. Add VLANs 123, 157, and 246 to the VLAN database and configure the VLAN-port mapping as described above. In GNS3, you have to do this EVERY TIME you reopen your project! Also, ensure your switches are Layer 2 only; by default in GNS3 they are multi-layer.
    2. Configure SW1 as the root bridge for VLANs 1 and 123. Configure SW2 as the root bridge for VLANs 157 and 246. Helper commands: show spanning-tree root port, show spanning-tree root cost
    3. Bundle F1/12-13 into PortChannel1 and F1/14-15 into PortChannel2 on both switches. Enable static Etherchannel. Helper commands: show etherchannel summary
    4. Configure F1/12-15 and Po1-2 as 802.1Q encapsulated trunks.
    5. To make best use of your new Etherchannels, you decide to load balance VLAN traffic across your two trunks. Po1 should carry VLANs 1 and 123 and Po2 should carry VLANs 157 and 246. If one trunk fails, the other must take over (that is, do NOT use “switchport trunk allowed vlan” command). You are only allowed to configure SW1 Po1 interface to achieve this. You can use “show” commands on SW2. Because there are only two switches, the roots will always have their ports in a forwarding state for the VLANs for which they are the root of the spanning tree; don’t worry about this. Helper commands: show spanning-tree, show interfaces trunk
    6. A data collector wants to look at the traffic coming from and going to R1 and R2 on VLAN 123. Configure SPAN on SW1. The data collector will plug into F1/0 on SW1.
    7. Test connectivity between the router FastEthernet interfaces on the same segment. Helper commands: show arp (router), show mac-address-table (switch)
  • Phase 4: OSPF
    1. Configure OSPF area 0 on R3 loopback0 interface. Make sure LSAs are not sent to this loopback.
    2. Configure OSPF area 123 on R1, R2, and R3 F0/0 interfaces (corresponding to VLAN 123). Ensure R3 is the DR and R1 is the BDR on the segment. Helper commands: show ip ospf neighbor, show ip ospf interface
    3. Configure OSPF area 17 between R1 F0/1 and R7 F0/0 interfaces. To ensure R5 does not see any OSPF hello messages, send the updates as unicast packets. Ensure R7 is the DR on the segment with R1 and the BDR.
    4. Configure OSPF area 127 on R1, R7, and R2 frame-relay interfaces (whatever you called them). There should be no DR election on this network. Remember, this segment of the FR network is NBMA!
    5. Configure OSPF area 246 between R2, R4, and R6 frame-relay interfaces but NOT their FastEthernet interfaces on the LAN segment. To be clear, R2 and R6 will neighbor, and R4 and R6 will neighbor, as there is no DLCI between R2 and R4.
    6. Ensure all OSPF routers have full connectivity to the backbone area.
    7. Go back and add MD5 authentication to every OSPF link, including the secret ones I did not explicitly tell you to configure.
  • Phase 5: EIGRP
    1. Configure EIGRP AS 2467 between R4 and R7 FR interfaces (NBMA again).
    2. Configure EIGRP on R2 F0/1, R6 F0/0, and R4 F0/0 interfaces on VLAN 246. Helper commands: show ip eigrp neighbor
    3. Advertise R2, R4, R6, and R7 loopback0 interfaces into EIGRP, and make sure they do not participate in forming neighborships. Helper commands: show ip eigrp interface
    4. From R2, ensure you can ping to 7.7.7.7 from 2.2.2.2.
    5. *This is not EIGRP related, but critical for the next task* Configure NTP on R2, R4, R6, and R7. NTP updates should be sourced from loopbacks in all cases and should be authenticated with MD5. R4 is the NTP master and the other routers are simply peers. Ensure NTP is functional with an accurate clock before continuing. Helper commands: show ntp status
    6. Go back and add MD5 authentication to every EIGRP link. Use a rotating key. The first key is good from the time you started this lab until 1 hour from now. The second key is valid beginning 55 minutes from now and is good forever. This way, in one hour, you will be able to see if you configured this task properly. Helper commands: show ip eigrp interface detail, show key chain
    7. R4 and R6 are not allowed to accept updates from one another, but still want to maintain their neighborship. Therefore, you cannot use the neighbor command. Ensure R4 and R6 ignore all updates from one another, but continue to listen to R2. Ensure there is no loss of connectivity or suboptimal routing. Hint: You will have to configure all three routers.
    8. Add (4) loopbacks to R2 with IP addresses 172.16.0.1/24, 172.16.1.1/24, 172.16.2.1/24, and 172.16.3.1/24. Summarize these on the F0/1 interface, but make sure the 172.16.2.0/24 is still advertised explicitly. Also, this 172.16.2.0/24 route should be set to tag 2 when it is advertised out of F0/1.
  • Phase 6: GLBP
    1. R5 is only a part-time router. Sometimes it wants to act like a host. Configure a static default route on R5 pointing to 192.168.157.254.
    2. Configure GLBP 157 on R1 F0/1 and R7 F0/0. The virtual gateway is 192.168.157.254. Ensure R5 can ping this virtual gateway. Helper commands: show arp
    3. R1 should be the AVG initially. Both routers should pay a penalty with respect to their priorities if their serial (FR) interfaces lose line protocol. For example, if R1 is AVG and it’s S0/0 goes down, R7 becomes AVG. If R7 S0/0 goes down next, R1 regains AVG role. R5 should be able to reach any OSPF router at this point given that it’s traffic is sourced from F0/0. Helper commands: show glbp, show track
  • Phase 7: Redistribution
    1. Configure a static route to 5.5.5.5/32 on both R1 and R7 with a next hop of R5 F0/0 interface. Selectively redistribute these routes at both R1 and R7 into OSPF (this means use a route-map). You are not allowed to use ACLs or prefix-lists anywhere in this solution. Ensure other OSPF routers can reach this network. Helper commands: show route-map, show ip protocols, show ip ospf database external
    2. Mutually redistribute between EIGRP 2467 and OSPF on R2, R6, R4, and R7. Ensure no loops or suboptimal routing occurs. You will need to use route-maps in some places to perform filtering. Helper commands: show ip protocols, debug ip routing, show ip route eigrp, show ip route ospf
  • Phase 8: BGP
    1. Configre BGP AS 135 between R1, R3, and R5. You can only peer R5-R1 and R5-R3 and cannot use confederations. R5 and R3 should source updates from loopback0, while R1 should source updates from F0/1. Helper commands: show ip bgp summary, show ip bgp neighbors, debug ip bgp
    3. Configure BGP Confederation-AS between R4 F0/0 (Sub-AS 4) and R6 F0/0 (Sub-AS 67). Also peer from R6 Loop0 to R7 Loop0 (also in Sub-AS67).
    3. Configure BGP AS 2 on R2. R2 F0/0 peers with R3 Loop0 and R2 F0/1 peers with R4 Loop0.
    4. Configure BGP between R5 Loop0 and R7 Loop0.
    5. Each router must bring it’ Loopback 1 interface into BGP.
    6. Ensure you have full IP connectivity between Loopback1 interfaces. You will need to manipulate BGP path attributes to make this work, as it will be broken in the default configuration.
    7. R4 used to be in AS 4444 before joining the confederation. R2 still wants to peer with R4 using that AS. Without changing the actual BGP AS numbers, re-configure the R2-R4 peering so that R2 is configured with “neighbor 4.4.4.4 remote 4444”.
    8. Add two new loopbacks onto R6 with IP addresses 66.66.66.1/32 and 66.66.66.2/32. The first loopback should not be allowed outside of the Sub-AS 67 (only R7 sees it), while the second should not be allowed out of the confederation AS 467 (R7 and R4 see it). Do not use the “network” command for this task, do not bring any other networks into BGP other than the two stated in this task, and make sure the origin for these routes is IGP.
    9. Go back and enable MD5 authentication between all true eBGP links (not within the confederation). iBGP links will remain unsecure.
  • Phase 9: Misc features
    1. Configure R1 so that it only accepts telnet connections from R6 Loopback1.
    2. Configure R7 so that it only accepts SSH connections from R3 Loopback1.
    3. Copy R5’s running configuration into flash memory just in case.
    4. Copy R6’s EIGRP topology table into flash memory too. Be sure to include nonsuccessor routes as well.
    5. On R6, print the contents of Task #4 onto the screen by reading from flash, not issuing the IOS command “show ip eigrp …”
    6. Using IP SLA on R5, send a ping from R5 Loop1 to R3 Loop1 every 5 seconds, beginning now, running forever. The pings should be successful.
  • Phase 10: QoS
    1. R1 and R7 both agree that traffic from R5’s Loopback0 is not important. Ensure it receives the lowest possible DSCP value before going out over FR. If the traffic doesn’t go over FR, it can retain it’s DSCP value. Additionally, ensure the FR network makes this traffic from this source more likely to be discarded if the network becomes congested.
    2. R1 and R7 also agree that traffic from R5’s Loopback1 is very important, as long as it isn’t ICMP. For all non-ICMP traffic, apply a high DSCP value with a medium drop probabiltiy that is not EF. For ICMP traffic, apply a low DSCP value with a high drop probability that is not zero. RTP audio treatment should get expedited service through the network, however, and should also be guaranteed 15% of the bandwidth over the frame relay network. Non-ICMP traffic should be granted 25% of what
    bandwidth remains.
    3. R1 and R7 also expect to see a lot of non-ICMP, non-RTP traffic from traffic from R5’s Loopback1 interface. You fear that the queues may fill to capacity and suffer tail drop. Enable a feature to mitigate this so that after 20 packets are in the queue, 1 in every 15 packets gets dropped. After 45 packets are in the queue, all packets will be dropped. Helper commands: show ip nbar …. , show policy-map interface
  • Phase 11: Multicast
    1. Establish a GRE tunnel between R1 F0/0 and R4 F0/0 interfaces. Enable OSPF over this tunnel without making any configurations under “router ospf”. Be sure to authenticate OSPF updates. Use any IP address for the tunnel interface, and any OSPF area ID.
    2. Enable PIM-SM on the tunnel. R4 Loopback0 should be the RP for group 225.3.3.3 and no other groups.
    3. R3 F0/0 wants to receive multicast on group 225.3.3.3.
    4. R6 is the source for this multicast traffic. Ensure R6 can send multicast to 225.3.3.3 successfully.
    5. For additional security, configure IPSEC over GRE on the tunnel between R1 and R4 and ensure the multicast traffic goes over this tunnel. Use AES 256 for encryption, SHA-1 for authentication, and DH Group 2. Helper commands: debug crypto ipsec, debug crypto isakmp, debug crypto engine, show crypto isakmp peer, show crypto ipsec sa

IOS:

c3725-adventerprisek9-mz.124-7.image

Topology:

Basic GNS3 physical topology

 

 

ccie 21 nov

Basic GNS3 Topology, Logical diagram with switches removed

ccie

Frame Relay topology

ccie fr

IGP Topology

ccie igp

EGP Topology

ccie bgp

 

You need to register to download the GNS3 topology file. (Registration is free!)

Once you are logged in you will find the configuration files right here.

The post CCIE Practice Lab 1 appeared first on GNS3vault.

]]>
https://gns3vault.com/ccie-rs/ccie-practice-lab-1/feed 16
Nick’s Ten CCIE Lab Tips https://gns3vault.com/blog/nick-s-ten-ccie-lab-tips https://gns3vault.com/blog/nick-s-ten-ccie-lab-tips#comments Fri, 23 Nov 2012 01:32:24 +0000 Hello friends! My name is Nick and I am Rene’s new site assistant. I wanted to share some helpful CCIE Lab tips that I learned over the past months. I have been following this rules as I continue...

The post Nick’s Ten CCIE Lab Tips appeared first on GNS3vault.

]]>
ccie-rs

Hello friends! My name is Nick and I am Rene’s new site assistant. I wanted to share some helpful CCIE Lab tips that I learned over the past months. I have been following this rules as I continue my pursuit for CCIE R&S and they have help me hone my skills significantly.

  1. Read “Your CCIE Lab Success Strategy” by Dean Bahizad and Vivek Thwari. This book contains no technical information but tells you pretty much everything else. It is a very realistic, motivation read about two adult men with full-time jobs and families who were fully committed to their own (and eachothers) CCIE journeys. Cost is about 30 USD. I highly recommend this book. I will summarize a few points from this book in the article as well.
  2. Before doing any lab, read the whole lab first. Understand the big picture and come up with a strategy. For example, if you are forced to use OSPF with a point-to-multipoint frame relay interface with no broadcast DLCIs … you should be thinking about which OSPF network types will work in this situation, even though OSPF configuration isn’t until later. If you find out that all EIGRP neighborships must have authenticated routing updates, you should configure this initially to avoid having to backtrack.
  3. Buy a small binder, graph paper, and a pack of colored pencils. This is your CCIE Study Binder and should remain on your person at all times during study sessions. Before beginning your lab (and after reading it, of course), draw a few pictures of your network so you know what’s happening. Use different colors for different protocols or technologies. Sometimes it helps to have multiple diagrams for each technology to avoid clutter. For example, one diagram can label all interfaces, IP addresses, and subnet masks. Another can detail IGPs, FHRPs, and points of redistribution. Another can detail BGP and the specific peerings that are permitted. Another for LAN switching, another for frame relay, etc.
  4. Build a common alias list and always use this for studying. This is especially helpful with common show commands that wear on your hands … and your time limit. As an example, here is my alias list. The cool thing about aliases is that you can use them in configuration mode, and you can also append to the base commands.

    For example:

    R1(config)#do sir 192.168.0.0
    R1(config)#do srs router eigrp
    alias exec srb show run | begin
    alias exec sri show run | include
    alias exec srs show run | section
    alias exec sir show ip route
    alias exec siib show ip interface brief
    alias exec sis show interfaces status
    alias exec sib show ip bgp
    alias exec sibs show ip bgp summary
    alias exec sibn show ip bgp neighbor
    alias exec sio show ip ospf
    alias exec sion show ip ospf neighbor
    alias exec sioi show ip ospf interface
    alias exec siod show ip ospf database
    alias exec siet show ip eigrp topology
    alias exec siei show ip eigrp interface
    alias exec sien show ip eigrp neighbor
    alias exec sird show ip rip database
  5. Don’t be afraid to use the basic commands. I’m guilty of it too; sometimes we forget about our best friends like “traceroute” and “show arp” when we are troubleshooting connectivity issues. The next-hop column of the BGP table isn’t always the real next hop, and sometimes only “traceroute” will reveal this.
  6. In the aforementioned book, Dean mentioned taking breaks to do pushups or other physical activity just to clear his mind and keep his body from becoming stiff. Remember that you are a human, and you were not mechanically designed to sit for hours without moving. I recommend spending 1 minute out of every 30 standing up and moving around at a minimum. Do pushups or jumping jacks if you like. After weeks of ignoring these needs your body will begin to ache and it will break your concentration on the lab.
  7. Don’t neglect your diet either. You will have to sacrifice some personal things, such as social events, family time, and even exercise. Your body still requires energy and care, even as you fine-tune your mental skills while focusing on CCIE.
  8. When you make your own labs, make them difficult on purpose. Connect devices in weird ways, configure nonsensical BGP peerings, and impose restrictions on yourself. I promise that you will build labs that seem impossible for even you to solve. One of the best ways to do this is to draw devices on a piece of paper, connect them, then draw it again in a neater fashion to see what the resulting network looks like.
  9. Minimize the use of “show running-config”. This will force you to use other show and debug commands to increase your mastery of a technology. If you must use show run, do so with a pipe and be conservative with it’s use. Anyone who has ever worked on a real-life, production router knows that space-barring through show run is a technique not appropriate for a CCIE candidate.
  10. Only a small percentage of CCIEs pass on their first attempt. Trying again and again and again after failure is what sets CCIEs apart from the “well I tried to be a CCIE but quit” crowd. I know two CCIEs in person and both required multiple lab attempts. You should not expect to fail, but you should plan for it in terms of money, vacation time from work, and everything else that goes with studying and taking the lab exam. 

 

cciestrategybook

The post Nick’s Ten CCIE Lab Tips appeared first on GNS3vault.

]]>
https://gns3vault.com/blog/nick-s-ten-ccie-lab-tips/feed 8