A. TEN TIPS FOR TAKING THE LAB EXAM
1. Read the entire exam first and check for addressing issues. Do not skip any details or sections.
2. Manage your time. Make a plan to cover all the sections in the time provided. Work out how much time you will spend on each section, keeping in mind the point value of the questions. Don’t forget to allow time at the end to verify your solutions.
3. Clarify the requirements of each question. Don’t assume requirements that aren’t mentioned in the question. During the lab, if you are in any doubt, verify your understanding of the question with the proctor.
4. Do each question as a unit. Configure and verify before moving to the next question. You may want to redraw the topology with all the details available. This will help you visualize and map the network.
5. Troubleshoot. You must know how to troubleshoot using the tools available. Although troubleshooting is important, don’t lose too much time working on a 2- or 3-point question. If you’re caught off-guard by an unfamiliar topic, don’t let it absorb too much time. Work on the things you are more comfortable with and go back to difficult items later.
6. Keep a list. During the exam, make notes on configurations and settings as you move through the exam. Make a separate list for items you have not been able to address or where you have not achieved the desired result which you’ll need to revisit.
7. Test your work. Never rely on a configuration done in the early hours of the exam. There is a possibility that an item you configured a few sections earlier can become broken and non-functional. Keep in mind that points are awarded for working configuration only.
8. Save your configurations often.
9. Don’t make any drastic changes in the last half hour of the exam.
10. Speed is vital on the exam. Review and practice core material the week before the exam to ensure you can move quickly through the less challenging questions.
B.R&S Lab Diagram
There are a lot of rumors floating around in regards to diagrams in the R&S CCIE lab. Cisco officially has said little in regards to this other than the following “the lab document has L1/L2 diagrams for the physical connectivity as well as an IP or topology diagram and an IP Routing diagram”. This is similar to what we provide in our labs but I would venture to say that they don’t take the time we do to ensure that they look as nice as ours What Cisco and we do not provide is a true layer 2 “logical” diagram but Cisco and we do provide is a physical diagram of the connections in the lab. A physical diagram is not the same as a logical layer 2 diagram. A logical layer 2 diagram will include the VLAN assignments, trunks, EtherChannels, dot1q tunnels, VTP and possibly spanning tree information like root bridges, root ports, designated ports, etc. The choice to draw out the spanning tree information will really come down to the lab itself. If there are a lot of tasks that relate to spanning tree or layer 2 traffic engineering (i.e. traffic for VLAN 100 should transit SW3, etc) then adding the spanning tree information will help answer these types of tasks.
The logical layer 3 diagram will be provided BUT the diagram they provide may not have the level of detail you want or need plus you can not write on the diagram they give you. Technically you can write on it but they will suspend you from the lab for one year . We ALWAYS recommend making your own layer 3 logical diagram. You should also draw out the diagram for every practice lab you do. Do not wait until the real lab to draw out your first diagram. As I have said before you never want to do anything in the CCIE lab for the first time other than get your number
There are two main benefits to making your own logical layer 3 diagram. First off you will find it is easier to remember what the network looks like when reading the tasks and secondly you will be able to draw and/or take notes on your own diagram. Smart people fail the lab all the time because they make stupid mistakes in the lab and by drawing out the network you will hopefully lower the chances of making these stupid mistake (i.e. configuring RIPv2 on the wrong interface, applying an ACL inbound on one interface when it should have been outbound on another, configuring a feature on the wrong router, etc). All it takes is two or three of these little mistakes and you have lost 8 or 9 points in the lab. We all know that it is hard enough to pass the lab without adding in stupid mistakes into the mix . You will also find tasks related to BGP to be easier to answer when you have a diagram that you can take notes on (i.e. who is peering with who, which exit point to use to reach another AS, etc). It is possible that when you get into the lab that basic BGP is done for you. It is normally easier to work on a network that you built from the ground up so working on a network that is 50% complete without first taking the time to discover and document what is already done will be harder.
I am sure someone will comment on this and say, “but I won’t have time to draw out the network in the real lab”. If this is the case you should not be in the lab in the first place. If it is taking you the full 8 hours to just configure the network you more than likely will not pass the lab to begin with so taking the 10 minutes to draw out the network is not going to really matter in this case. The percentage of people who pass the lab while configuring the network for the full 8 hours is slim. Most people who pass the lab complete the lab within 5.5 or 6.5 hours and have the extra time to do the diagram in the beginning.
C. CCIE course:
1. CCIE Practical Study Volume I + II
2. CCIE Routing and Switching Exam Quick Reference Sheets (Exam 350-001 v3.0)
3. CCIE Routing and Switching Flash Cards
4. CCIE Routing and Switching Practical Labs
5. Cisco BGP-4 Command and Configuration handbook
6. Cisco Catalyst QoS: Quality of Service in Campus Network
7. Cisco Frame Relay Solutions Guide
8. Cisco LAN Switching
9. Cisco OSPF Command and Configuration Handbook
10. Developing IP Multicast Network, Volume I
11. Implementing Cisco Ipv6 Network (Ipv6)
12. Inside Cisco IOS Software Architecture
13. Internet Routing Architectures, Second Edition
14. MPLS and VPN Architectures
15. MPLS and VPN Architectures Volume II
16. Routing TCP/IP Volume I, Second Edition
17. Routing TCP/IP Volume II
18. Troubleshooting IP Routing Protocols (CCIE Professional Development Series)
19. Troubleshooting Remote Access Networks (CCIE Professional Development)
20. CCIE Routing and Switching Exam Certification Guide, 3rd Edition
21. Cisco Documentation: Web site: www.cisco.com/univercd (***)
22. Configuration Ipv6 for Cisco IOS
23. Interconnections: Bridges and Routers, Second Edition
24. Internetwork Technology Overview
25. Internetwork with TCP/IP volume: Principles, Protocols, and Architecture (4th Edition)
26. Ipv6: Theory, Protocol, and Practice, 2nd Edition
27. LAN Protocol Handbook
28. Routing in the Internet (2nd Edition)
29. TCP/IP Illustrated: volume I + II + III
E. CCIE LAB R&S via InternetworkExpert
1. Bridging and Switching
- IRB và CRB: khi cần bridge và route trên cùng 1 group interface thì dùng IRB, còn chỉ cần bridge giữa 1 group interface thì dùng CRB. Điểm khác biệt quan trọng ở đây là: IRB dùng interface BVI để route còn CRB không có khái niện interface BVI nên không thể route được.
Example:
!!cấu hình IRB để bridge và route giữa 2 physical interface frame-relay s0/0/0 và s0/0/1!!
bridge irb
bridge 1 protocol ieee
bridge 1 route ip
!
interface s0/0/0
bridge-group 1
frame-relay map bridge 201 broadcast
!
interface s0/0/1
bridge-group 1
frame-relay map bridge 202 broadcast
!
interface bvi 1
ip address 192.168.1.1 255.255.255.0
!!cấu ihnhf CRB để bridge giữa 2 physical interface frame-relay s0/0/0 và s0/0/1!!
bridge crb
bridge 1 protocol ieee
!lưu ý không gõ lệnh “bridge 1 route ip” vì CRB không có “route” nếu gõ !lệnh này CRB sẽ không bridge được
!
interface s0/0/0
bridge-group 1
!
interface s0/0/1
bridge-group 1
!
end
wr
2. WAN Technologies
+ Trên Frame Relay, nếu DLCI của 1 subInterface Inactive thì subInterface đó sẽ down, thường dùng tính năng này kết hợp với frame-relay end-to-end keepalive để làm backup interface (khi DLCI inactive thì chuyển sang interface backup)
+ Trên PPP authentication giữa R4 s0/0/1 và R5 s0/0/1, muốn R4 chứng thực trước, R5 chứng thực sau ta dùng cấu hình như sau:
!!!R4
R4(config)#interface s0/0/1
R4(config-if)# encap ppp
R4(config-if)# ppp direction callout
R4(config-if)# ppp authen chap
!!!R5
R5(config)#interface s0/0/1
R5(config-if)# encap ppp
R5(config-if)# ppp direction callin
R5(config-if)# ppp authen chap
3. Interior Gateway Routing
+ Cấu hình OSPF
+ Cấu hình EIGRP
+ Khi cần chỉnh metric để loadbalance trên nhiều đường, đối với EIGRP chỉ nên chỉnh tham số delay trong công thức: metric = 256*(10.000.000/bandwidth(Kbps) + delay) (đối với k1=k3=1, k2=k4=k5=0, hay chỉ tính bandwidth và delay không tính các tham số: load, reliability và MTU)
+ Cấu hình RIP
+ Cấu hình Redistribute
+ Chú ý: khi cấu hình redistribute tương hỗ (2 chiều) thì luôn phải tuân thủ nguyên tắc: route từ routing domain A khi redistribute không được redistribute ngược trở lại vào domain A. Để làm điều này, dùng route-map như sau: (ví dụ: redistribute qua lại giữa OSPF và RIP trên router R4 và R5):
!!!R4 và R5:
route-map RIP->OSPF deny 10
match tag 110
!
route-map RIP->OSPF permit 20
set tag 120
!
route-map OSPF->RIP deny 10
match tag 120
!
route-map OSPF->RIP permit 20
set tag 110
!
router rip
redistribute ospf 1 metric 7 route-map OSPF->RIP
!
router ospf 1
redistribute rip subnets route-map RIP->OSPF
!
end
wr
+ Các phương thức để filter route (traffic engineer): distribute-list, offset-list, distance, prefix-list, route-map
+ Distribute-list, prefix-list, route-map: có thể filter hướng “in” và “out” đối với RIP và EIGRP, trong trường hợp này, router bị filter route sẽ không thể quảng bá route đó cho router láng giềng. Trong trường hợp OSPF chỉ có thể filter router hướng “in”, trong trường hợp này, distribute-list chỉ ngăn chặn không cho router install route bị filter vào routing table, tuy nhiên router này vẫn tiếp tục quảng bá LSA cho router láng giềng sau nó. Khi muốn filter phức tạp hơn, có thể kết hợp distribute-list và route-map để filter
Example:
!!filter route 192.168.0.0/24 -> 192.168.3.0/24!!
!!RIP!!
ip prefix-list PRE_FILTER deny 192.168.0.0/22 ge 24 le 24
ip prefix-list PRE_FILTER permit 0.0.0.0/0 le 32
!
router rip
distribute-list prefix PRE_FILTER in/out
!!EIGRP AS 100!!
router eigrp 100
distribute-list prefix PRE_FILTER in/out
!!OSPF!!
router ospf 1
distribute-list prefix PRE_FILTER in
!!giả sử Router A nhận được 4 subnet 192.168.0.0/24 -> 192.168.3.0/24 từ 2 Router B,C với địa chỉ IP của B,C lần lượt là: 172.16.1.1 và 172.16.2.2. Thực hiện filter trên Router A để Router A chỉ đi đến 4 subnet trên qua router B!!
!!RIP!!
ip access-list extended ACL_FILTER
deny ip host 172.16.2.2 192.168.0.0 0.0.0.255
deny ip host 172.16.2.2 192.168.1.0 0.0.0.255
deny ip host 172.16.2.2 192.168.2.0 0.0.0.255
deny ip host 172.16.2.2 192.168.3.0 0.0.0.255
permit ip any any
!
router rip
distribute-list ACL_FILTER in
!!EIGRP AS 100!!
ip prefix-list PRE_FILTER permit 192.168.0.0/22 ge 24 le 24
!
route-map RM_FILTER deny 10
match ip address prefix-list PRE_FILTER
match ip next-hop 172.16.2.2
route-map RM_FILTER permit 100
!
router eigrp 100
distribute-list route-map RM_FILTER in
!!OSPF!!
ip prefix-list PRE_FILTER permit 192.168.0.0/22 ge 24 le 24
!
route-map RM_FILTER deny 10
match ip address prefix-list PRE_FILTER
match ip next-hop 172.16.2.2
route-map RM_FILTER permit 100
!
router ospf 1
distribute-list route-map RM_FILTER in
E. IP Multicast
Example:
!! R3 candidate RP group 239.0.0.0 -> 239.255.255.255!!
ip access-list standard ACL_52
permit 239.0.0.0 0.255.255.255
ip pim send-rp-announce Loopback0 scope 16 group-list ACL_52
!! R5 candidate RP group 226.0.0.0 -> 238.255.255.255!!
ip access-list standard ACL_52
permit 226.0.0.0 1.255.255.255
permit 228.0.0.0 3.255.255.255
permit 232.0.0.0 3.255.255.255
permit 236.0.0.0 1.255.255.255
permit 238.0.0.0 0.255.255.255
!!Mapping-Agent or BootStrap Router!!
ip pim send-rp-discovery Loopback0 scope 16
ip pim rp-announce-filter rp-list ACL_R3 group-list ACL_GROUP_R3
ip pim rp-announce-filter rp-list ACL_R5 group-list ACL_GROUP_R5
!
ip access-list standard ACL_GROUP_R3
permit 239.0.0.0 0.255.255.255
!
ip access-list standard ACL_GROUP_R5
deny 224.0.0.0 1.255.255.255
deny 239.0.0.0 0.255.255.255
permit 224.0.0.0 15.255.255.255
!
ip access-list standard ACL_R3
permit 150.1.3.3
!
ip access-list standard ACL_R5
permit 150.1.5.5
Monday, August 25, 2008
Subscribe to:
Post Comments (Atom)
Posts
No comments:
Post a Comment