CCIE(R&S) Study Track Lab Exam Blueprint I.
II.
III.
IV.
V.
VI.
Bridging and Switching A. Frame relay B. Catalyst configuration: VLANs, VTP, STP, MSTP, RSTP, Trunk, Etherchannel, management, features, advanced configuration, Layer 3 C. Tunneling IP IGP Routing A. OSPF B. EIGRP C. RIPv2 D. IPv6: Addressing, RIPng, OSPFv3 E. GRE F. ODR G. Filtering, redistribution, summarization and other advanced features BGP A. IBGP B. EBGP C. Filtering, redistribution, summarization, synchronization, attributes and other advanced features IP and IOS Features A. IP addressing B. DHCP C. HSRP D. IP services E. IOS user interfaces F. System management G. NAT H. NTP I. SNMP J. RMON K. Accounting L. SLA IP Multicast A. PIM-SM, bi-directional PIM B. MSDP C. Multicast tools, source specific multicast D. DVMRP E. Anycast QoS A. Quality of service solutions B. Classification C. Congestion management, congestion avoidance D. Policing and shaping
E. Signaling F. Link efficiency mechanisms G. Modular QoS command line Security A. AAA B. Security server protocols C. Traffic filtering and firewalls D. Access lists E. Routing protocols security, catalyst security F. CBAC G. Other security features
VII.
Lab Equipment and IOS Version The lab exam tests any feature that can be configured on the equipment and the IOS versions indicated below. You may see more recent IOS versions installed in the lab, but you will not be tested on the new features of a release unless indicated below.
3725 series routers - IOS 12.4 mainline – Advanced Enterprise Services 3825 series routers - IOS 12.4 mainline – Advanced Enterprise Services Catalyst 3550 series switches running IOS version 12.2 – IP Services Catalyst 3560 Series switches running IOS version 12.2 - Advanced IP Services
GNS3 Tutorial Graphical Network Simulator (learning and testing in a lab environment)
Creating the Simplest Topology GNS3 Main Interface Building More Complex Topologies Adding PCs to Your Topology(VPCs/Loopback Adapters/Using Routers as PCs) Using Terminal Programs Like PuTTY or TeraTerm or Telconi Terminal WinTabber (Multiple tabs for Windows) Memory and CPU Usage I’m tired of those ###### across my screen! Frame Relay and ATM Devices Ethernet Switch Devices EtherSwitch Cards Packet Capture Saving and Loading Topologies Client/Server and Multi-Server Mode Console Window - DynaGen Commands Using a Newer Version of Dynamips with GNS3 PIX Firewall Emulation Symbol Library Resources
Dynamips (Emulator) (Tutorial) (learning and testing in a lab environment)
Introduction Installing IOS Images Resource Utilization Configuring your Telnet Client Network Files Running Simple Lab #1 Working with the Management Console Calculating Idle-PC values Simple Lab #2 Frame Relay Lab Communicating with Real Networks Ethernet Switch Lab 1700/2600/3600/3700 Routers WIC Modules PIX Emulation Dynamic Configuration Mode Client / Server and Multi-server Operation Memory Usage Optimizations Packet Capture Actual WAN Interface LAB (Blindhog.net) Two Systems Approach (with an actual switch) Hardware Currently Emulated
KnowledgeNet BCMSN CBT Course Introduction Chap 1: Implementing Switching in the Network Chap 2: Configuring VLANs and VTP Chap 3: Implementing Spanning Tree Protocol Chap 4: Enhancing Spanning Tree Protocol Chap 5: Implementing Multilayer Switching in the Network Chap 6: Improving Availability on Multilayer Switched Networks Chap 7: Examining Cisco AVVID Services and Applications Chap 8: Implementing QoS in Multilayer Switched Networks Chap 9: Optimizing and Securing Multilayer Switched Networks Chap 10: Understanding Metro Ethernet
KnowledgeNet BSCI CBT Course Introduction Chap 1: Advanced IP Addressing Chap 2: Routing Principles Chap 3: Configuring Enhanced Interior Gateway Routing Protocol (EIGRP) Chap 4: Configuring the Open Shortest Path First Protocol Chap 5: Configuring the IS-IS Protocol Chap 6: Manipulating Routing Updates Chap 7: Configuring Basic Border Gateway Protocol
Basic TCP/IP CBT - Basic TCP/IP: Living in the OSI World ccna - Basic TCP/IP: TCP and UDP Communication ccna - Basic TCP/IP: Understanding Port Numbers ccna - Basic TCP/IP: Journey of Packets ccna - Basic TCP/IP: IP Addressing and VLSMs Sybex / - Subnetting: Understanding VLSM ccna
Stand-Alone Labs boson Lab 1: Connecting to a Router Lab 2: Introduction to the Basic User Interface Lab 3: Introduction to the Basic Show Commands Lab 4: CDP Lab 5: Extended Basics Lab 6: Banner MOTD Lab 7: Copy Command Lab 8: Introduction to Interface Configuration Lab 9: Introduction to IP Lab 10: ARP Lab 11: Creating a Host Table Lab 12: Static Routes Lab 13: RIP Lab 14: Troubleshooting RIP Lab 15: IGRP Lab 16: PPP With CHAP Authentication Lab 17: Connectivity Tests With Traceroute Lab 18: Saving Router Configurations Lab 19: Loading Router Configurations Lab 20: Copying and Pasting Configurations
Lab 21: ISDN Lab 22: Introduction to the Switch Lab 23: Introduction to Basic Switch Commands Lab 24: Frame Relay Lab 25: Frame Relay Hub-and-Spoke Topology Lab 26: Frame Relay Full Mesh Topology Lab 27: Standard Access Lists Lab 28: Verify Standard Access Lists Lab 29: Extended Access Lists Lab 30: Verify Extended Access Lists Lab 31: Named Access Lists Lab 32: Advanced Extended Access Lists Lab 33: Telnet Lab 34: VLANs Lab 35: VTP Lab 36: OSPF Single Area Configuration and Testing Lab 37: Implementing Network Address Translation Part I Lab 38: Implementing Network Address Translation Part II Lab 39: Basic Switch Configuration Lab 40: Basic Router Configuration Lab 41: Access Lists Lab 42: Troubleshooting EIGRP Lab 43: Variable Length Subnet Masks Lab 44: Configuring OSPF Lab 45: EIGRP Authentication Lab 46: OSPF Authentication Lab 47: EIGRP and Wildcard Masks Lab 48: Configuring IPv6 Sequential Labs boson LAB1 Basic Router Configuration LAB2 Advanced Router Configurations LAB3 CDP LAB4 Telnet LAB5 TFTP LAB6 RIP LAB7 IGRP LAB8 EIGRP LAB9 OSPF LAB10 Catalyst 1900 Switch Configuration LAB11 VLANs and Trunking (Catalysts 1900 Switches) LAB12 Catalyst 2950 Switch Configuration LAB13 VLANs and Trunking (Catalysts 2950 Switches)
LAB14 IP Access Lists LAB15 NAT and PAT LAB16 PPP and CHAP LAB17 ISDN using BRI-BRI using legacy DDR LAB18 ISDN BRI-BRI using Dialer Profiles LAB19 Frame Relay Scenario Labs boson Lab1: Setting up a Serial Interface Lab2: CDP Lab3: IP Addressing Lab4: Static Routes Lab5: Default Routes Lab6: RIP Routes Lab7: IGRP Routes Lab8: Using Loopback Interfaces Lab9: RIP2 Routes Lab10: CHAP and RIP Lab11: Standard Access Lists with RIP Lab12: Extended Access Lists with RIP Lab13: EIGRP Routes Lab14: OSPF Routes Lab15: Static NAT Lab16: Many-to-one NAT Lab17: NAT Pool Lab18: Telnet 2950 IP Addresses Lab19: 2950 Trunk Lab20: 2950 Trunk (Dynamic) Lab21: 2950 VLANs Lab22: 2950 Deleting VLANs Lab23: 2950 VTP Lab24: 2950 VTP with Client Lab25: 2950 Telnet BSCI Labs boson Lab 1: Initial Configuration Lab 2: Address Optimization Lab 3: Network Address Translation Lab 4: Configuring EIGRP Lab 5: Configuring Single-Area OSPF Lab 6: Configuring Multi-Area OSPF Lab 7: Configuring Integrated IS-IS Lab 8: Policy Routing Lab 9: Route Redistribution Lab 10: Configuring Basic Border Gateway Protocol Lab 11: Multicast Routing
LAB 12: Configuring IPv6 Routing Lab 13: Configuring Static and OSPFv3 Routing Lab 14: Troubleshooting Routing Protocols Part 1 Lab 15: Troubleshooting Routing Protocols Part 1 Lab 16: Troubleshooting Routing Protocols Part 1 BCMSN boson Lab1: IOS Switching Initial Configuration Lab2: VLAN and VTP Configuration Lab3: Trunking Lab4: VTP Configuration Lab5: Spanning Tree Protocol Lab6: PortFast and UplinkFast Lab7: Layer 3 Switching Lab8: Configuring QoS Lab9: Configuring IOS Security Part1 – VLAN ACL’s Lab10: Configuring IOS Security Part2 – TACACS+ ISCW boson Lab1: PPP/PAP/CHAP Lab2: NAT Lab3: IPSEC Lab4: Frame Relay Lab5: AAA Lab6: Troubleshooting PPP/PAP/CHAP Lab7: Troubleshooting Basic Frame Relay ONT boson Lab1: Backup Interface Lab2: Low Latency Queuing Advanced Labs boson Lab1: Single Site Network Lab2: Multi-Site Network Lab3: Frame Relay with Dial Backup Lab4: Hierarchical IP Addressing Lab5: Implementing EIGRP Lab6: Route Summarization Lab7: Multi-Area OSPF and Routing Table Optimization Lab8: Multi-Site Frame Relay and Policy Routing Lab9: QoS Lab10: Layer 3 Switching and Layer 2 Security Supplemental Labs boson Lab1: ISDN BRI Lab2: ISDN Dialer Profile Lab3: Troubleshooting ISDN BRI
LANs CBT - LANs: Welcome to Ethernet ccna - LANs: Understanding the Physical Connections ccna - LANs: Understanding LAN Switches ccna - LANs: Working with the Cisco Switch IOS ccna - LANs: Initial Setup of a Cisco Switch ccna - LANs: Configuring Switch Security ccna - LANs: Configuring Switch Security, Part 2 ccna - LANs: Optimizing and Troubleshooting Switches ccna
Lab 3-1: Configuring SDM on a Router (3.10.1) iscw (LAB Portfolio) Scenario 7 Step 1: Lab Preparation 7 Step 2: Prepare the Router for SDM 7 Step 3: Configure Addressing 8 Step 4: Extract SDM on the Host 10 Step 5: Install SDM on the PC 13 Step 6: Run SDM from the PC 16 Step 7: Install SDM to the Router 19 Step 8: Run SDM from the Router 23 Step 9: Monitor an Interface in SDM 24 Lab 2-0a: Clearing an Isolated Switch (2.6.1) 5 bcmsn (LAB Portfolio) Step 1 Getting Connected 5 Step 2 Deleting vlan.dat 5 Step 3 Erasing the startup-config File 6 Step 4 Reloading 6 Step 5 Ready for Configuration 9 Lab 2-0b: Clearing a Switch Connected to a Larger Network (2.6.1) 10 bcmsn (LAB Portfolio) Step 1 Clearing an Isolated Switch 10 Step 2 Deleting vlan.dat 10 Step 3 Erasing the startup-config File 10 Step 4 Relearning VLANs from a Server 11 Step 5 Eliminating Relearned VLANs 12 Step 6 VTP Mode Transparent 13 VLANs CBT - Switch VLANs: Understanding Trunks and VTP ccna - Switch VLANs: Configuring VLANs and VTP, Part 1 ccna - Switch VLANs: Configuring VLANs and VTP, Part 2 ccna - VLANs: Configuration and Verification bcmsn - VLANs: In-Depth Trunking bcmsn - VLANs: VLAN Trunking Protocol bcmsn
Lab 2-1: Catalyst 2960 and 3560 Series Static VLANs, VLAN Trunking, and VTP Domain and Modes (2.6.2) 14 bcmsn (LAB Portfolio) Scenario: VLAN Trunking and Domains 14 Step 1 Preparing the Switch 14 Step 2 VLAN 1 15 Step 3 show vlan 15 Step 4 VTP Modes 17 Step 5 VTP Domains 18 Step 6 Dynamic Auto Trunking 19 Step 7 show interface Commands 21 Step 8 Switchport Mode Commands 23 Step 9 show vtp status 25 Step 10 VLAN Database 26 Step 11 Switchport Access VLAN 28 Step 12 Naming VLANs 29 Step 13 Preparation for the Next Lab 30 STP CBT - Switch STP: Understanding the Spanning-Tree Protocol ccna - Switch STP: Configuring Basic STP ccna - Switch STP: Enhancements to STP ccna - STP: Foundation Per-VLAN Spanning Tree Concepts, Part 1 bcmsn - STP: Foundation Per-VLAN Spanning Tree Concepts, Part 2 bcmsn - STP: Rapid Spanning Tree Concepts and Configuration bcmsn
Lab 3-1: Spanning Tree Protocol (STP) Default Behavior (3.5.1) 31 bcmsn (LAB Portfolio) Scenario: How Spanning Tree Prevents Loops 31 Step 1 Basic Configurations 31 Step 2 BPDUs 32 Step 3 show spanning tree 32 Step 4 Diagraming Spanning Tree 36 Challenge: A New Root for Spanning Tree 36 Lab 3-2: Modifying Default Spanning Tree Behavior (3.5.2) 37 bcmsn (LAB Portfolio) Scenario: Logically Removing Bridging Loops 37 Step 1 Deleting vlan.dat 37 Step 2 Verifying the Root Bridge 37 Step 3 Changing the Primary and Secondary Root 40 Step 4 Changing Forwarding and Blocking Ports 42 Step 5 PortFast 44 Step 6 Modifying Port Costs 46 Lab 3-3: Per-VLAN Spanning Tree Behavior (3.5.3) 49 bcmsn (LAB Portfolio) Scenario: Configuring Spanning Tree Differently for Different VLANs 49 Step 1 Basic Preparation 49 Step 2 Setting up VTP Domains 49 Step 3 Modifying Spanning Tree on a per-VLAN Basis 52
Step 4 RSTP 58 Challenge: Spanning Tree Root Primary 60 Lab 3-4: Multiple Spanning Tree (3.5.4) 62 bcmsn (LAB Portfolio) Scenario: Configuring Multiple Spanning Tree 62 Step 1 Basic Preparation 62 Step 2 VTP Domain Setup 62 Step 3 Verifying 11 Instances of Spanning Tree 63 Step 4 spanning-tree mode mst 66 Step 5 Grouping VLANs Using MST 67 Challenge: Modifying per-instance MST Attributes 70 EtherChannel CBT - EtherChannel: Aggregating Redundant Links bcmsn
Lab 3-5: Configuring EtherChannel (3.5.5) 72 bcmsn (LAB Portfolio) Scenario: Bundling Redundant Links into One Logical Link 72 Step 1 Basic Preparation 72 Step 2 channel group mode desirable 72 Step 3 channel group mode active 75 Step 4 Configuring EtherChannel on Layer 3 Connections 75 Step 5 Traffic Load Balancing 76 Challenge: Logically Aggregating Additional Redundant Links 77 Advanced LAN Technology CBT - Advanced LAN Configuration (Part 1): Cat 3550, VLANs, VTP, and EtherChannel ccie - Advanced LAN Configuration (Part 2): Cat 3550, Spanning Tree Protocol ccie - Advanced LAN Configuration (Part 3): Cat 3550, Advanced Features ccie
L3 Switching CBT - L3 Switching: InterVLAN Routing Extraordinaire bcmsn - L3 Switching: Understanding CEF Optimization bcmsn
Lab 4-1: Inter-VLAN Routing with an External Router (4.4.1) 79 bcmsn (LAB Portfolio) Scenario: A Cost Effective Solution to Segment a Network into Multiple Broadcast Domains 79 Step 1 Basic Preparation 79 Step 2 Configuring up the Gateway and ISP Router 79 Step 3 ip default-gateway 80 Step 4 Verify Existing VLANs 81 Step 5 Configuring Trunking and EtherChannel 82 Step 6 Configuring the VTP Domain 83 Step 7 Configuring Switch Access Ports for Hosts 83 Step 8 Trunking with the External Router 83 Step 9 Trunking for VLANs 1, 100, and 200 84 Step 10 Verify inter-VLAN Routing 86
Lab 4-2: Inter-VLAN Routing with an Internal Route Processor and Monitoring CEF Functions (4.4.2) 87 bcmsn (LAB Portfolio) Scenario: Configuring Switched Virtual Interfaces to Route Between VLANs 87 Step 1 Basic Preparation 87 Step 2 Basic Configuration 87 Step 3 Configuring Trunks and EtherChannel 89 Step 4 Changing the VTP Mode 91 Step 5 Creating the VTP Domain 92 Step 6 Configuring the Host Ports 92 Step 7 Creating Layer 3 VLAN interfaces 93 Step 8 Verifying inter-VLAN Routing 94 Step 9 CEF 94 Redundancy in the Campus CBT - Redundancy in the Campus: HSRP, VRRP, and GLBP, Part 1 bcmsn - Redundancy in the Campus: HSRP, VRRP, and GLBP, Part 2 bcmsn
Lab 5-1: Hot Standby Router Protocol (5.4.1) 99 bcmsn (LAB Portfolio) Scenario: Redundant, Fault-tolerant Routing to the Internal Network 99 Step 1 Basic Preparation 99 Step 2 Basic Configuration 99 Step 3 Configuring Trunks and EtherChannel 101 Step 4 Changing the VTP Mode 104 Step 5 Creating the VTP Domain 105 Step 6 Configuring the Host Ports 105 Step 7 HSRP Configuration 106 Step 8 show standby 108 Step 9 Verify Connectivity Between VLANs 112 Step 10 Verify HSRP 112 Lab 5-2: HSRP Troubleshooting (5.4.2) 113 bcmsn (LAB Portfolio) Initial Configurations 113 Lab 5-3: Gateway Load Balancing Protocol 114 bcmsn (LAB Portfolio) Step 1 Basic Preparation 114 Step 2 Basic Configuration 114 Step 3 GLBP Configuration and Verification 114 Step 4 Adjusting the Weight to Prefer Certain Routers 120 Campus Security CBT - General Switching: Troubleshooting and Security Best Practices ccna - Campus Security: Basic Port Security and 802.1x bcmsn - Campus Security: VLAN and Spoofing Attacks bcmsn - Campus Security: STP Attacks and Other Security Considerations bcmsn
Lab 3-3: Configuring Wireshark and SPAN (3.10.3) 33 iscw (LAB Portfolio) Scenario 33 Step 1: Configure the Router 33 Step 2: Install Wireshark and WinPcap 33 Step 3: Configure SPAN on a Switch 39 Step 4: Sniff Packets Using Wireshark 40 Lab 8-1: Securing the Layer 2 Switching Devices (8.7.1) 181 bcmsn (LAB Portfolio) Scenario: Layer 2 Threats 181 Step 1 Basic Preparation 182 Step 2 Basic Configuration 182 Step 3 Configuring VLANs and VTP 184 Step 4 Layer 2 Attacks and Mitigation 186 Step 5 Protecting Against MAC Flooding 187 Step 6 DHCP Spoofing 188 Step 7 AAA 191 Lab 8-2: Securing Spanning Tree Protocol (8.7.2) 193 bcmsn Scenario: Protecting the Root Bridge and Preventing Rogue Access Points 193 Step 1 Verify Configurations from Lab 8-1 193 Step 2 Locking Down the Spanning Tree Root 197 Step 3 spanning-tree guard root 199 Step 4 Verify Root Guard 199 Step 5 BPDU Guard 201 Step 6 UDLD 202 Lab 8-3: Securing VLANs with Private VLANs, RACLs, and VACLs (8.7.3) 204 bcmsn (LAB Portfolio) Scenario: Configuring the Network to Secure VLANs 204 Step 1 Verifying Loaded Configurations 204 Step 2 Private VLANs 207 Step 3 RACLs 210 Step 4 VACLs 211 Case Study 1: VLANs, VTP, and Inter-VLAN Routing 213 bcmsn (LAB Portfolio) Case Study 2: Voice and Security in a Switched Network 215 bcmsn (LAB Portfolio) IE LABs Volume I BRIDGING & SWITCHING.......................................................................................1 Understanding Layer 2 Access Switchports ..................................................2 Understanding ISL Trunk Ports......................................................................4 Understanding 802.1q Trunk Ports ................................................................6 Understanding 802.1q Trunk Ports and the Native VLAN..............................8 Configuring Trunk Ports without DTP ..........................................................10 Router-on-a-Stick.........................................................................................12 Router-on-a-Stick and the Native VLAN ......................................................15 EtherChannel...............................................................................................18
EtherChannel - PAgP ..................................................................................20 EtherChannel - PagP Auto...........................................................................22 EtherChannel - LACP ..................................................................................24 EtherChannel - LACP Passive.....................................................................27 EtherChannel - Layer 3................................................................................30 SPAN...........................................................................................................32 RSPAN ........................................................................................................34 Common Configuration for Ring Topology...................................................37 Using VTP to Propagate VLAN Information.................................................42 Mixing VTP Modes in Single Topology ........................................................46 VTP Domain Name and DTP Operations ....................................................50 VLAN Load-Balancing using the allowed VLAN list .....................................52 Basic STP Features: Tuning Timers ............................................................54 Basic STP Features: PortFast .....................................................................56 Basic STP Features: UplinkFast ..................................................................58 Basic STP Features: BackboneFast ............................................................61 Basic STP Features: BPDU Guard ..............................................................64 Basic STP Features: Root Guard ................................................................66 Basic STP Features: BPDU Filter ................................................................68 Basic STP Features: Loopguard..................................................................70 Configuring MSTP .......................................................................................73 Load-Balancing with STP Root Bridge Placement.......................................78 VLAN Load-Balancing using STP Port-Priority ............................................84 VLAN Load-Balancing using STP Port-Cost................................................90 VLAN Load-Balancing using MSTP.............................................................95 Configuring Private VLANs ..........................................................................99 Using QinQ for Transparent Tunneling ......................................................106 QinQ and Layer 2 Protocol Forwarding .....................................................110 Controlling Traffic-Rate with Storm-Control ...............................................113 Configuring Redundancy with Flex Links...................................................114 Using Smartport Macros ............................................................................117 Per-Port Per-VLAN Classification on the 3550 ..........................................119 Using Hierarchical Policy-Maps for QoS Classification on the 3560 ..........122 Using Hierarchical Policy-Maps for Traffic Policing on 3560......................125 Using Hierarchical Policy-Maps for Policing Markdown on 3560 ...............130 Using VLAN Access-Map for Non-IP Traffic Filtering.................................135 Using VLAN Access-Map for IP Traffic Filtering ........................................140 Configuring Port-Security...........................................................................142 Port-Security Violation Action ....................................................................144 Port-Security Violation Recovery ...............................................................146 Port-Security and HSRP with Virtual MAC Address...................................148 Port-Security and HSRP with BIA MAC Address.......................................151
IPSec VPNs CBT - IPSec VPNs: VPN Concepts, Part 1 iscw - IPSec VPNs: VPN Concepts, Part 2 iscw - IPSec VPNs: VPN Site-to-Site CLI Configuration iscw
- IPSec VPNs: VPN Site-to-Site SDM Configuration iscw - IPSec VPNs: IPSec Encrypted GRE Tunnels iscw - IPSec VPNs: Remote Access Connections with Cisco Easy VPN iscw
Lab 3-2: Configuring a Basic GRE Tunnel (3.10.2) 26 iscw (LAB Portfolio) Scenario 26 Step 1: Configure Loopbacks and Physical Interfaces 26 Step 2: Configure EIGRP AS 1 27 Step 3: Configure a GRE Tunnel 28 Step 4: Routing EIGRP AS 2 over the Tunnel 30 Lab 3-4: Configuring Site-to-Site IPsec VPNs with SDM (3.10.4) 43 iscw (LAB Portfolio) Scenario 43 Step 1: Configure Addressing 43 Step 2: Configure EIGRP 44 Step 3: Connect to the Routers via SDM 45 Step 4: Configure Site-to-Site IPsec VPN via SDM 45 Step 5: Generate a Mirror Configuration for R3 53 Step 6: Verify the VPN Configuration Using SDM 56 Step 7: Verify the VPN Configuration Using the IOS CLI 59 Challenge: Use Wireshark to Monitor Encryption of Traffic 65 TCL Script Output 70 Lab 3-5: Configuring Site-to-Site IPsec VPNs with the IOS CLI (3.10.5) 74 iscw (LAB Portfolio) Scenario 74 Step 1: Configure Addressing 74 Step 2: Configure EIGRP 75 Step 3: Create IKE Policies 76 Step 4: Configure Preshared Keys 78 Step 5: Configure the IPsec Transform Set and Lifetimes 78 Step 6: Define Interesting Traffic 80 Step 7: Create and Apply Crypto Maps 81 Step 8: Verify IPsec Configuration 82 Step 9: Verify IPsec Operation 83 Step 10: Interpret IPsec Event Debugging 85 Challenge: Use Wireshark to Monitor Encryption of Traffic 97 TCL Script Output 103 Lab 3-6: Configuring a Secure GRE Tunnel with SDM (3.10.6) 106 iscw (LAB Portfolio) Scenario 106 Step 1: Configure Addressing 106 Step 2: Configure EIGRP AS 1 107 Step 3: Connect to the Router Using SDM 108 Step 4: Configure an IPsec VTI Using SDM 108 Step 5: Generate a Mirror Configuration for R3 117 Step 6: Verify Tunnel Configuration Through SDM 120 Challenge: Use Wireshark to Monitor Encryption of Traffic 124 TCL Script Output 128
Lab 3-7: Configuring a Secure GRE Tunnel with the IOS CLI (3.10.7) 133 iscw (LAB Portfolio) Scenario 133 Step 1: Configure Addressing 133 Step 2: Configure EIGRP AS 1 134 Step 3: Configure the GRE Tunnel 134 Step 4: Configure EIGRP AS 2 over the Tunnel 135 Step 5: Create IKE Policies and Peers 136 Step 6: Create IPsec Transform Sets 136 Step 7: Define the Traffic to Be Encrypted 137 Step 8: Create and Apply Crypto Maps 137 Step 9: Verify Crypto Operation 138 Challenge: Use Wireshark to Monitor Encryption of Traffic 139 Lab 3-8: Configuring IPsec VTIs (3.10.8) 144 iscw (LAB Portfolio) Scenario 144 Step 1: Configure Addressing 144 Step 2: Configure EIGRP AS 1 145 Step 3: Configure Static Routing 145 Step 4: Create IKE Policies and Peers 147 Step 5: Create IPsec Transform Sets 148 Step 6: Create an IPsec Profile 148 Step 7: Create the IPsec VTI 149 Step 8: Verify Proper EIGRP Behavior 151 Lab 3-9: Configuring Easy VPN with SDM (3.10.9) 154 iscw (LAB Portfolio) Scenario 154 Step 1: Configure Addressing 154 Step 2: Configure EIGRP AS 1 155 Step 3: Configure a Static Default Route 156 Step 4: Connect to HQ Through SDM 156 Step 5: Configure Easy VPN Server Through SDM 156 Step 6: Install the Cisco VPN Client 166 Step 7: Test Access from Client Without VPN Connection 169 Step 8: Connect to the VPN 169 Step 9: Test Network Access with VPN Connectivity 175 Step 10: Verify Easy VPN Functionality with SDM 176 Step 11: Disconnect the VPN Client 178 Lab 3-10: Configuring Easy VPN with the IOS CLI 180 iscw (LAB Portfolio) Scenario 180 Step 1: Configure Addressing 180 Step 2: Configure EIGRP AS 1 181 Step 3: Configure a Static Default Route 181 Step 4: Enable AAA on HQ 182 Step 5: Create the IP Pool 182 Step 6: Configure the Group Authorization 182 Step 7: Create an IKE Policy and Group 182
Step 8: Configure the IPsec Transform Set 184 Step 9: Create a Dynamic Crypto Map 184 Step 10: Enable IKE DPD and User Authentication 184 Step 11: Install the Cisco VPN Client 185 Step 12: Test Access from Client Without VPN Connection 187 Step 13: Connect to the VPN 188 Step 14: Test Inside VPN Connectivity 193 Step 15: Verify VPN Operation Using the CLI 194 Step 16: Disconnect the VPN Client 195 Lab 3-11: IPsec Challenge Lab 196 iscw (LAB Portfolio) Lab 3-12: IPsec Troubleshooting Lab 198 iscw (LAB Portfolio) Network Lockdown/Securing Technology CBT - Routing: Internet Access with NAT and PAT ccna - NAT: Understanding the Three Styles of NAT ccna - NAT: Command-line NAT Configuration ccna - Advanced Router Technology (Part 4): Network Address Translation (NAT) ccie - Network Lockdown: Attacks and Defense iscw - Network Lockdown: Cisco Auto-Secure and SDM Security Audit iscw - Network Lockdown: Securing Management Access iscw - Network Lockdown: Securing Management Access, Part 2 iscw - Access-Lists: The Rules of the ACL ccna - Access-Lists: Configuring ACLs ccna - Access-Lists: Configuring ACLs, Part 2 ccna - Network Lockdown: Using Access Lists iscw - Advanced Router Technology (Part 6): Understanding IP Access-Lists ccie - Management and Security: Telnet, SSH, and CDP ccna - Management and Security: File Management ccna - Network Lockdown: Securing Network Management iscw - Network Lockdown: Implementing Cisco AAA iscw
Lab 5-1: Using SDM One-Step Lockdown (5.12.1) 241 iscw (LAB Portfolio) Scenario 241 Step 1: Configure Addressing 241 Step 2: Install Nmap on the Host 242 Step 3: Run a Port Scan with Nmap 245 Step 4: Prepare a Router for SDM 245 Step 5: Use SDM One-Step Lockdown 246 Step 6: Use Nmap to See Changes 249 Conclusion 250 Lab 5-2: Securing a Router with Cisco AutoSecure (5.12.2) 251 iscw (LAB Portfolio) Scenario 251 Step 1: Configure the Physical Interface 251
Step 2: Configure AutoSecure 251 Lab 5-3: Disabling Unneeded Services (5.12.3) 259 iscw (LAB Portfolio) Scenario 259 Step 1: Configure the Physical Interface 259 Step 2: Ensure Services Are Disabled 259 Step 3: Manage Router Access 260 Step 4: Disable CDP 261 Step 5: Disable Other Unused Services 261 Step 6: Disabling Unneeded Interface Services 262 Lab 5-4: Enhancing Router Security (5.12.4) 263 iscw (LAB Portfolio) Scenario 263 Step 1: Configure the Physical Interfaces 263 Step 2: Telnet to R1 264 Step 3: Configure Cisco IOS Login Enhancements 265 Step 4: Enforce a Minimum Password Length 269 Step 5: Modify Command Privilege Levels 270 Step 6: Create a Banner 273 Step 7: Enable SSH 273 Step 8: Encrypt Passwords 275 Lab 5-5: Configuring Logging (5.12.5) 276 iscw (LAB Portfolio) Scenario 276 Step 1: Configure the Interface 276 Step 2: Install the Kiwi Syslog Daemon 276 Step 3: Run the Kiwi Syslog Service Manager 277 Step 4: Configure the Router for Logging 277 Step 5: Verify Logging 279 Step 6: Configure Buffered Logging 280 Lab 5-6a: Configuring AAA and TACACS+ (5.12.6a) 283 iscw (LAB Portfolio) Scenario 283 Step 1: Configure the Interface 283 Step 2: Install CiscoSecure ACS 283 Step 3: Configure Users in CiscoSecure ACS 288 Step 4: Configure AAA Services on R1 292 Lab 5-6b: Configuring AAA and RADIUS (5.12.6b) 294 iscw (LAB Portfolio) Scenario 294 Step 1: Configure the Interface 294 Step 2: Install CiscoSecure ACS 294 Step 3: Configure Users in CiscoSecure ACS 299 Step 4: Configure AAA Services on R1 303 Lab 5-6c: Configuring AAA Using Local Authentication (5.12.6c) 305 iscw (LAB Portfolio) Step 1: Configure the Interface 305 Step 2: Configure the Local User Database 305 Step 3: Implement AAA Services 305
Lab 5-7: Configuring Role-Based CLI Views (5.12.7) 307 iscw (LAB Portfolio) Scenario 307 Step 1: Configure an Enable Secret Password 307 Step 2: Enable AAA 307 Step 3: Change to the Root View 308 Step 4: Create Views 309 Step 5: Create a Superview 312 Lab 5-8: Configuring NTP (5.12.8) 313 iscw (LAB Portfolio) Scenario 313 Step 1: Configure the Physical Interfaces 313 Step 2: Set Up the NTP Master 314 Step 3: Configure an NTP Client 314 Step 4: Configure NTP Peers with MD5 Authentication 315 Defending the Network CBT - Defending the Network: Cisco IOS Firewall iscw - Defending the Network: Cisco IOS IPS iscw
Lab 6-1: Configuring a Cisco IOS Firewall Using SDM (6.6.1) 319 iscw (LAB Portfolio) Scenario 319 Step 1: Configure Loopbacks and Physical Interfaces 320 Step 2: Configure Routing Protocols 320 Step 3: Configure Static Routes to Reach the Internet 321 Step 4: Connect to FW Using SDM 322 Step 5: Use the SDM Advanced Firewall Wizard 323 Step 6: Modify the Firewall Configuration 331 Step 7: Monitor Firewall Activity 334 Conclusion 337 Lab 6-2: Configuring CBAC (6.6.2) 338 iscw (LAB Portfolio) Scenario 338 Step 1: Configure the Physical Interfaces 338 Step 2: Configure Static Default Routes 339 Step 3: Enable Telnet Access 339 Step 4: Create IP Inspect Rules 339 Step 5: Block Unwanted Outside Traffic 341 Step 6: Verify CBAC Operation 341 Lab 6-3: Configuring IPS with SDM (6.6.3) 344 iscw (LAB Portfolio) Scenario 344 Step 1: Configure the Physical Interfaces 344 Step 2: Configure Static Default Routes 345 Step 3: Enable Telnet Access 345 Step 4: Connect to FW Using SDM 345 Step 5: Use the SDM IPS Rule Wizard 346 Step 6: Verify and Modify IPS Behavior 353 Challenge: Add a Signature 358
Lab 6-4: Configuring IPS with CLI (6.6.4) 364 iscw (LAB Portfolio) Scenario 364 Step 1: Configure Addressing 364 Step 2: Configure Static Default Routes 365 Step 3: Create and Apply an IPS Rule 365 Step 4: Modify Default IPS Behavior 366 Case Study 1: CLI IPsec and Frame-Mode MPLS 371 iscw (LAB Portfolio) Case Study 2: Device Hardening and VPNs 373 iscw (LAB Portfolio) IE LABs Volume I SECURITY ...........................................................................................................1 Traffic Filtering with Access Lists...................................................................2 Traffic Filtering with Reflexive Access-Lists ...................................................6 Reflexive Access-Lists and Router-Generated Traffic ...................................8 Configuring CBAC for Traffic Inspection ......................................................11 Access Control with Dynamic ACLs (Lock & Key) .......................................13 Using NBAR to Filter Traffic.........................................................................16 Using Policy-Based Routing to Filter Traffic.................................................18 DoS Attacks Prevention with TCP Intercept.................................................20 Configuring TCP Intercept in Watch Mode ..................................................22 DoS Attacks Prevention with CBAC.............................................................24 Configuring Application Port-Mapping with CBAC .......................................27 Using CAR for Smurf Attack Mitigation ........................................................29 IP Address Spoofing Prevention with ACLs.................................................31 Using uRPF to Prevent IP Address Spoofing ..............................................34
DHCP CBT - Routing: SDM and DHCP Server Configuration ccna - Routing: SDM and DHCP Server Configuration, Part 2 ccna - Advanced Routing: Implementing Router-Based DHCP Services bsci
Lab 5-5: Configuring the Cisco IOS DHCP Server (5.6.5) 374 bsci (LAB Portfolio) Scenario 374 Step 1: Assign IP Addresses 374 Step 2: Configure EIGRP 375 Step 3: Configure a DHCP Pool 376 Step 4: Verify DHCP Lease on Client 379 Step 5: Verify DHCP Configuration on Server 380 Step 6: DHCPRELEASE and DHCPRENEW 381 Step 7: Configure the IP Helper Address 385 IE LABs Volume I
IP SERVICES .......................................................................................................1 Common Configuration..................................................................................2 Proxy ARP .....................................................................................................4 Local Proxy ARP............................................................................................7 Securing Virtual Terminal Line Access ..........................................................9 Controlling Virtual Terminal Line Access .....................................................11 Using DHCP for Autoconfiguration ..............................................................13 DHCP Relay ................................................................................................15 Configuring DHCP Host Pools .....................................................................17 AutoInstall over Frame-Relay ......................................................................20 Using NTP for Time Synchronization...........................................................23 Authenticating NTP Updates........................................................................26 Router Menus ..............................................................................................29 Gateway Redundancy with VRRP ...............................................................32 Gateway Redundancy with HSRP ...............................................................36 Common Configuration................................................................................40 Standard NAT Configuration........................................................................44 Standard NAT with Overloading (PAT) ........................................................47 NAT Redundancy with Route-Maps.............................................................49 Policy NAT with Route-Maps .......................................................................52 Configuring Static NAT ................................................................................55 Configuring Static PAT ................................................................................57 Configuring Static Policy NAT......................................................................59 Overlapping Networks and Outside NAT.....................................................63 Using Destination NAT for Load-Balancing .................................................66 Stateful NAT with HSRP ..............................................................................68 Routing Foundations CBT - Routing: Initial Router Configuration ccna - Routing: Implementing Static Routing ccna - Routing Protocols: Distance Vector vs. Link State ccna - Routing: Implementing Dynamic Routing with RIP ccna - Internal Routing Protocols (Part 1): Distance Vector Challenges and RIPv2 ccie
EIGRP CBT - Routing Protocols: EIGRP Concepts and Configuration ccna - EIGRP: The Concepts bsci - EIGRP: Implementation and Verification bsci - EIGRP: Summarization, Authentication, and Other Advanced Options bsci - EIGRP: Best Practices and Design Options bsci - Internal Routing Protocols (Part 2): Advanced EIGRP Configuration ccie
Lab 2-1: EIGRP Configuration, Bandwidth, and Adjacencies (2.7.1) 15 bsci (LAB Portfolio)
Scenario 15 Step 1: Addressing 16 Step 2: Configuring EIGRP Across VLAN1 17 Step 3: Verifying the EIGRP Configuration 19 Step 4: Configuring EIGRP on the Serial Interfaces 20 Step 5: Configuring Network Statement Wildcard Masks 22 Challenge: Topology Change 23 Lab 2-2: EIGRP Load Balancing (2.7.2) 26 bsci (LAB Portfolio) Scenario 26 Step 1: Addressing and Serial Configuration 26 Step 2: EIGRP Configuration 29 Step 3: EIGRP Topology Table 32 Step 4: Equal-Cost Load Balancing 34 Step 5: Alternate EIGRP Paths Not in the Topology Table 35 Step 6: Unequal-Cost Load Balancing 38 Initial Configurations 45 TCL Script Output 47 Lab 2-3: Summarization and Default Network Advertisement (2.7.3) 53 bsci (LAB Portfolio) Scenario 53 Step 1: Initial Configuration 54 Step 2: Summarization Analysis 57 Step 3: EIGRP Auto-Summarization 61 Step 4: EIGRP Manual Summarization 70 Step 5: Default Network Advertisement 72 Conclusion 77 TCL Script Output 79 Analyzing Major Networks 86 Lab 2-4: EIGRP Frame Relay Hub and Spoke: Router Used as Frame Switch (2.7.4) 89 bsci (LAB Portfolio) Scenario 90 Step 1: Addressing 90 Step 2: Configuring the Frame Relay Switch 91 Step 3: Configuring the Frame Relay Endpoints 92 Step 4: Setting Interface-Level Bandwidth 94 Step 5: Configuring EIGRP 95 Step 6: Using Nonbroadcast EIGRP Mode 99 Step 7: Implementing EIGRP Manual Summarization 100 TCL Script Output 102 Lab 2-5: EIGRP Frame Relay Hub and Spoke: Adtran Used as Frame Switch (2.7.4) 110 bsci (LAB Portfolio) Scenario 111 Step 1: Addressing 111 Step 2: Frame Relay Network 112 Step 3: Configuring the Frame Relay Endpoints 113 Step 4: Setting Interface-Level Bandwidth 114
Step 5: Configuring EIGRP 115 Step 6: Using Nonbroadcast EIGRP Mode 119 Step 7: Implementing EIGRP Manual Summarization 120 TCL Script Output 122 Lab 2-6: EIGRP Authentication and Timers (2.7.5) 131 bsci (LAB Portfolio) Scenario 131 Step 1: Addressing 131 Step 2: Configuring Basic EIGRP 133 Step 3: Configuring Authentication Keys 134 Step 4: Configuring EIGRP Link Authentication 135 Step 5: Manipulating EIGRP Timers 139 TCL Script Output 142 Lab 2-7: EIGRP Challenge Lab (2.7.6) 147 bsci (LAB Portfolio) Lab 2-8: EIGRP Troubleshooting Lab (2.7.7) 148 bsci (LAB Portfolio) Initial Configurations 148 IE LABs Volume I EIGRP...............................................................................................................1 Understanding the EIGRP Network Statement..............................................2 EIGRP Auto-Summary...................................................................................5 EIGRP Split Horizon ......................................................................................8 Unicast EIGRP Updates ..............................................................................12 Tuning EIGRP Convergence Timers ...........................................................16 Common Configuration................................................................................19 Unequal-Cost Load-Balancing.....................................................................22 Adjacency Authentication ............................................................................25 Stub Router Feature ....................................................................................28 Default Route Origination with Summarization ............................................30 Default Routing with Default-Network ..........................................................32 Administrative Distance Manipulation ..........................................................34 Filtering with Distribute-List..........................................................................37 Prefix Filtering using Distribute-List with Route-Map ...................................39
OSPF CBT - Routing Protocols: OSPF Concepts ccna - Routing Protocols: OSPF Configuration and Troubleshooting ccna - OSPF: The Concepts (Part 1) bsci - OSPF: The Concepts (Part 2) bsci - OSPF: Implementation and Verification bsci - OSPF: Understanding Network Types bsci - OSPF: Router LSAs and Summarization Options bsci - OSPF: Special Area Types and Options bsci - OSPF: Authentication and Other Miscellaneous Options bsci
- Internal Routing Protocols (Part 3): OSPF, Key Concepts ccie - Internal Routing Protocols (Part 4): Foundation OSPF Configuration ccie - Internal Routing Protocols (Part 5): Advanced OSPF Configuration: NBMA Networks ccie - Internal Routing Protocols (Part 6): Advanced OSPF Configuration: Practical Example ccie
Lab 3-1: Single-Area OSPF Link Costs and Interface Priorities (3.11.1) 151 bsci (LAB Portfolio) Scenario 151 Step 1: Addressing 152 Step 2: Adding Physical Interfaces to OSPF 153 Step 3: OSPF show Commands 154 Step 4: Adding Loopback Interfaces to OSPF 157 Step 5: Modifying Link Costs in OSPF 159 Step 6: Modifying Interface Priorities 161 Challenge: Topology Change 162 TCL Script Verification 163 Lab 3-2: Multiple-Area OSPF with Stub Areas and Authentication (3.11.2) 167 bsci (LAB Portfolio) Scenario 167 Step 1: Addressing 167 Step 2: Adding Interfaces into OSPF 168 Step 3: Stub Areas 171 Step 4: Totally Stubby Areas 173 Step 5: Not So Stubby Areas 176 Step 6: OSPF Interface Authentication 181 TCL Script Output 182 Lab 3-3: OSPF Virtual Links and Area Summarization (3.11.3) 187 bsci (LAB Portfolio) Scenario 187 Step 1: Addressing 188 Step 2: Adding Interfaces into OSPF 189 Step 3: Creating a Virtual Link 190 Step 4: Summarizing an Area 193 Step 5: Generating a Default Route into OSPF 195 Challenge: Configure OSPF Authentication 197 TCL Connectivity Verification 197 Lab 3-4: OSPF over Frame Relay Using a Router as the Frame Relay Switch (3.11.4a) 202 bsci (LAB Portfolio) Scenario 203 Step 1: Addressing 203 Step 2: Setting Up NBMA OSPF 204 Step 3: Changing the Network Type to Point-to-Multipoint 205 Step 4: Changing OSPF Timers 207 Challenge: Minimal Hello Intervals 208 TCL Connectivity Verification 209
Lab 3-5: OSPF Over Frame Relay Using an Adtran as the Frame Relay Switch (3.11.4b) 213 bsci (LAB Portfolio) Scenario 213 Step 1: Addressing 214 Step 2: Setting Up NBMA OSPF 215 Step 3: Changing the Network Type to Point-to-Multipoint 216 Step 4: Changing OSPF Timers 218 Challenge: Minimal Hello Intervals 219 TCL Connectivity Verification 220 Lab 3-6: OSPF Challenge Lab (3.11.5) 224 bsci (LAB Portfolio) Lab 3-7: OSPF Troubleshooting Lab (3.11.6) 225 bsci (LAB Portfolio) Initial Configurations 226 IE LABs Volume I OSPF ................................................................................................................1 Understanding the OSPF Network Statement ...............................................2 OSPF DR/BDR Election ................................................................................6 OSPF over Frame Relay - Non-Broadcast...................................................10 OSPF over Frame Relay - Broadcast ..........................................................15 OSPF over Frame Relay - Point-to-Multipoint..............................................20 OSPF over Frame Relay - Point-to-Multipoint Non-Broadcast.....................26 OSPF over Frame Relay - Point-to-Point.....................................................31 OSPF Network Type Loopback ...................................................................34 OSPF Virtual Links - Repairing Area 0 ........................................................38 OSPF Virtual Links - Repairing Discontiguous Areas ..................................44 Common Multi-Area Configuration with 2 ABRs ..........................................49 Using Type-3 LSA Inter-Area Filtering .........................................................52 Type-3 LSA Filtering with Network Ranges .................................................54 Ingress Filtering with Distribute-List .............................................................56 Ingress Filtering with Distribute-List and Route-Map ...................................58 Ingress Filtering with Administrative Distance..............................................61 NSSA Area Type 7to5 LSA Translator Election ...........................................65 NSSA Area ABR External Prefix Filtering ....................................................69 NSSA Suppress FA Feature........................................................................71 NSSA Area and Default-Route Origiantion at ABR Part 1 ...........................73 NSSA Area and Default-Route Origiantion at ABR Part 2 ...........................75 NSSA Area and Default-Route Origiantion at ASBR ...................................77 Advanced Routing CBT Advanced Routing: Route Redistribution bsci Advanced Routing: Manipulating Route Updates bsci Summarization
Lab 5-1: Redistribution Between RIP and OSPF (5.6.1) 281 bsci (LAB Portfolio) Scenario 282 Step 1: Assign Addresses 282
Step 2: Configure RIPv2 284 Step 3: Configure Passive Interfaces in RIP 286 Step 4: Summarize a Supernet with RIP 288 Step 5: Suppress Routes Using Prefix Lists 290 Step 6: Configure OSPF 292 Step 7: Configure Passive Interfaces in OSPF 293 Step 8: Allow One-Way Redistribution 295 Step 9: Redistribute Between Two Routing Protocols 297 Step 10: Set a Default Seed Metric 297 Step 11: Change the OSPF External Network Type 298 Challenge: Use Extended Access Lists for Filtering 299 TCL Script Output: Steps 8 and 9 300 Lab 5-2 Redistribution Between EIGRP and OSPF (5.6.2) 307 bsci (LAB Portfolio) Scenario 307 Step 1: Additional Addressing 308 Step 2: Configuring EIGRP 308 Step 3: Create Passive Interfaces in EIGRP 309 Step 4: Manually Summarize with EIGRP 311 Step 5: Additional OSPF Configuration 312 Step 6: Summarize OSPF Areas at the ABR 314 Step 7: Mutually Redistribute Between OSPF and EIGRP 315 Step 8: Filter Redistribution with Route Maps 319 Step 9: Summarize External Routes into OSPF at the ASBR 320 Step 10: Modifying EIGRP Distances 321 Step 11: Modifying OSPF Distances 322 Challenge: Change Administrative Distance on R2 324 TCL Script Output 325 Exploring Black Hole Operation 333 Lab 5-3: Redistribution Between EIGRP and IS-IS (5.6.3) 337 bsci (LAB Portfolio) Scenario 337 Step 1: Assign Addresses 338 Step 2: Configure EIGRP 339 Step 3: Configure IS-IS 340 Step 4: Mutually Redistribute Between IS-IS and EIGRP 342 Step 5: Filter Network Addresses with Route Maps 344 Step 6: Filter Prefixes with Route Maps 347 Step 7: Summarize Addresses in IS-IS 349 TCL Script Output 350 Lab 5-4: Manipulating Administrative Distances (5.6.4) 357 bsci (LAB Portfolio) Scenario 357 Pre-Lab: Review of Administrative Distances 358 Step 1: Configure Addressing 358 Step 2: Configure RIP 359 Step 3: Configure OSPF 362 Step 4: Modify a Routing Protocol’s Distance 366 Step 5: Modify Distance Based on Route Source 368 Step 6: Modify Distance Based on an Access List 370
Challenge 373 Advanced Router Technology CBT - Advanced Router Technology (Part 1): Routing the Unroutable: Router Bridging Technology ccie - Advanced Router Technology (Part 2): Data Link Switching Plus (DLSW+) ccie - Advanced Router Technology (Part 5): HSRP and NTP ccie
IS-IS CBT - IS-IS: The Concepts (Part 1) bsci - IS-IS: The Concepts (Part 2) bsci - IS-IS: Basic Implementation and Verification bsci - Internal Routing Protocols (Part 7): Understanding and Configuring the IS-IS Protocol
Lab 4-1: Configuring Basic Integrated IS-IS (4.7.1) 229 bsci (LAB Portfolio) Scenario 229 Step 1: Addressing and Basic Connectivity 230 Step 2: Configuring Basic IS-IS 230 Step 3: Verifying IS-IS Adjacencies and Operation 231 Step 4: Converting to the IS-IS Backbone 237 Step 5: Manipulating the IS-IS Interface Timers 239 Step 6: Implementing IS-IS L2 Core Authentication 240 Step 7: Implementing IS-IS Domain Authentication 241 TCL Script Output 243 Lab 4-2 Multi-Area Integrated IS-IS (4.7.2) 246 bsci (LAB Portfolio) Scenario 246 Step 1: Addressing and Initial Configuration 246 Step 2: Verify IS-IS Initial Operation 247 Step 3: Configure IS-IS Area 2 248 Step 4: Verify IS-IS Multi-Area Operation 248 Step 5: Configure IS-IS Domain Authentication 250 Step 6: Reconfigure IS-IS Area 1 251 Step 7: Reconfigure R3 IS-IS Operation 254 Step 8: Verify IS-IS Intra-Area Operation 255 Reflection 257 TCL Script Output 257 Lab 4-3: Configuring IS-IS over Frame Relay: Router Used as Frame Switch (4.7.3a) 260 bsci (LAB Portfolio) Scenario 261 Step 1: Addressing and Basic Configuration 261 Step 2: Frame Relay Configuration 261 Step 3: Configure and Verify IS-IS over Frame Relay 263 Step 4: Verify IS-IS Connectivity 265 Step 5: Demonstrate IS-IS Interface-Type Mismatch 265 Router as Frame Relay Switch Configuration 267 TCL Script Output 268
Lab 4-4: Configuring IS-IS over Frame Relay: Adtran Used as Frame Switch (4.7.3b) 271 bsci (LAB Portfolio) Scenario 271 Step 1: Addressing and Basic Configuration 271 Step 2: Frame Relay Configuration 272 Step 3: Configure and Verify IS-IS over Frame Relay 274 Step 4: Verify IS-IS Connectivity 276 Step 5: Demonstrate IS-IS Interface-Type Mismatch 276 TCL Script Output 278 BGP CBT - BGP: Foundation Concepts bsci - BGP: Implementation and Tuning (Part 1) bsci - BGP: Implementation and Tuning (Part 2) bsci - BGP: Implementation and Tuning (Part 3) bsci - BGP: Tuning Attributes (Part 1) bsci - BGP: Tuning Attributes (Part 2) bsci - BGP (Part 1): BGP Theory ccie - BGP (Part 2): Understanding BGP Attributes ccie - BGP (Part 3): Foundation BGP Configuration ccie - BGP (Part 4): BGP Route Reflectors, Confederations, and Peer-Groups ccie - BGP (Part 5): BGP Route Aggregation and Filtering ccie - BGP (Part 6): Configuring BGP Attributes to Influence Routing, Part 1 ccie - BGP (Part 7): Configuring BGP Attributes to Influence Routing, Part 2 ccie - BGP (Part 8): BGP Multihoming, Route Dampening, and Optimization ccie
Lab 6-1: Configuring BGP with Default Routing (6.7.1) 387 bsci (LAB Portfolio) Scenario 387 Step 1: Assign IP Addresses 387 Step 2: Configure the ISPs 388 Step 3: Configure SanJose BGP 388 Step 4: Verify BGP on the SanJose Router 389 Step 5: Filter Routes 390 Step 6: Configure the Primary and Backup Routes Using Floating Static Routes 390 Step 7: Configure Primary and Backup Routes Using Static Routes 392 TCL Verification 395 Lab 6-2: Using the AS_PATH Attribute (6.7.2) 399 bsci (LAB Portfolio) Scenario 399 Step 1: IP Addressing 399 Step 2: Configure BGP 400 Step 3: Remove the Private AS 400 Step 4: Use the AS_PATH Attribute to Filter Routes 401 TCL Output 402
Lab 6-3: Configuring IBGP and EBGP Sessions, Local Preference, and MED (6.7.3) 406 bsci (LAB Portfolio) Scenario 406 Step 1: IP Addressing 406 Step 2: Configure EIGRP 407 Step 3: Configure IBGP 407 Step 4: Verify BGP Neighbors 407 Step 5: Configure EBGP 407 Step 6: Verify BGP Neighbors 408 Step 7: View BGP Summary Output 408 Step 8: Verify Which Path Traffic Takes 408 Step 9: BGP Next-Hop_Self 412 Step 10: Set BGP Local Preference 414 Step 11: Set BGP MED 415 Step 12: Establish a Default Network 419 TCL Verification 420 Lab 6-4: BGP Route Reflectors and Route Filters (6.7.4) 425 bsci (LAB Portfolio) Scenario 425 Step 1: Configure RIPv2 425 Step 2: IBGP Peers and Route Reflectors 426 Step 3: Inject an External Route into BGP 427 Step 4: Inject a Summary Address into BGP 428 TCL Verification 429 IE LABs Volume I BGP ..................................................................................................................1 Establishment of BGP Peering Relationships................................................2 BGP Update Source Mismatch......................................................................5 BGP Update Source Modification ..................................................................8 iBGP Synchronization..................................................................................12 Transiting Non-BGP Speaking Devices - Redistribution ..............................21 Transiting Non-BGP Speaking Devices - Tunneling ....................................26 BGP Bestpath Selection - Weight ................................................................30 BGP Bestpath Selection – Local Preference ...............................................34 BGP Bestpath Selection – Local Preference ...............................................38 BGP Bestpath Selection – MED ..................................................................42 BGP Bestpath Selection – Origin.................................................................46 BGP Next-Hop Processing – Next-Hop-Self................................................50 BGP Next-Hop Processing – Manual Modification.......................................53 BGP Next-Hop Processing – IGP Redistribution .........................................56 BGP Communites – No-Export ....................................................................60 BGP Communites – No-Advertise ...............................................................65 BGP Route Reflection..................................................................................71 BGP Confederation......................................................................................76 BGP Communities – Local AS.....................................................................81 BGP Regular Expressions ...........................................................................86 BGP Outbound Route Filtering (ORF) .........................................................91
BGP Aggregation.........................................................................................96 BGP Aggregation – Summary Only ...........................................................101 BGP Aggregation – Suppress Map............................................................105 BGP Aggregation – Unsuppress Map........................................................110 BGP Aggregation – AS-Set .......................................................................114 BGP Aggregation – Advertise Map............................................................117 BGP Allow AS In........................................................................................120 Multicast CBT - Multicast: Concepts and Configuration bsci - Advanced Router Technology (Part 7): Multicast Routing Concepts ccie - Advanced Router Technology (Part 8): Configuring Multicast Routing ccie
Lab 7-1: Implementing IGMP and IGMP Snooping (7.5.1) 433 bsci (LAB Portfolio) Overview 433 Step 1: Configure Hosts on a LAN 434 Step 2: Subscribe Interfaces to Multicast Groups with IGMP 434 Step 3: Verify IGMP Snooping on the Switch 439 Step 4: Configure a Multicast-Enabled Router on the VLAN 440 Step 5: Verify Multicast Operation at Layer 2 443 Step 6: Verify IGMP Snooping 444 Step 7: Verify Multicast Operation at Layer 3 446 Lab 7-2: Routing IP Multicast with PIM Dense Mode (7.5.2) 447 bsci (LAB Portfolio) Scenario 447 Step 1: Configure Addressing and Implement IGMP 448 Step 2: Configure EIGRP 451 Step 3: Implement PIM-DM 451 Step 4: Verify PIM Adjacencies 455 Step 5: Verify Multicast Routing Operation 458 Step 6: Verify PIM-DM Flood-and-Prune Behavior 463 Step 7: Explore the Multicast Routing Table 466 Challenge 468 TCL Script Output: Unicast 468 Lab 7-3: Routing IP Multicast with PIM Sparse Mode (7.5.3) 474 bsci (LAB Portfolio) Scenario 474 Step 1: Load Initial Configurations 474 Step 3: Implement PIM-SM 478 Step 4: Verify PIM Adjacencies 483 Step 5: Verify Multicast Routing Operation 485 Step 6: Verify PIM-SM Registration and SPT Cutover 490 Conclusion 493 Lab 7-4: Routing IP Multicast with PIM Sparse-Dense Mode (7.5.4) 496 bsci (LAB Portfolio) Scenario 496 Step 1: Configure Addressing and Implement IGMP 497 Step 2: Configure Single-Area OSPF 500
Step 3: Implement PIM Sparse-Dense Mode 500 Step 4: Configure PIM Auto-RP 505 Step 5: Verify the RP Mappings 509 Step 6: Verify Multicast Operation 511 Step 7: Explore Auto-RP Operation with Sparse-Dense Mode 513 Step 8: Verify the Operation of Dense-Mode Fallback 515 TCL Script Output 520 IPv6 CBT - IPv6: Understanding Basic Concepts and Addressing ccna - IPv6: Configuring, Routing, and Interoperating ccna - IPv6: Understanding Basic Concepts and Addressing bsci - IPv6:Configuring, Routing, and Interoperating bsci - IPv6 ccie
Lab 8-1: Configuring OSPF for IPv6 (8.7.1) 527 bsci (LAB Portfolio) Scenario 527 Step 1: Configuring the Loopback Interfaces 527 Step 2: Configuring Static IPv6 Addresses 528 Step 3: Changing the Link-Local Address on an Interface 529 Step 4: Configuring EUI-64 Addresses 531 Step 5: Enabling IPv6 Routing and CEF 533 Step 6: Setting Up OSPFv3 533 Challenge: Summarizing OSPFv3 Areas 539 TCL Script Output 539 Lab 8-2: Using Manual IPv6 Tunnels (8.7.2) 544 bsci (LAB Portfolio) Scenario 544 Step 1: Configure Loopbacks and Physical Interfaces 544 Step 2: Configure EIGRP 545 Step 3: Configure a Manual IPv6 Tunnel 545 Step 4: Configure OSPFv3 Over a Tunnel 546 TCL Script Output 547 Lab 8-3: Configuring 6to4 Tunnels (8.7.3) 552 bsci (LAB Portfolio) Scenario 552 Step 1: Configure Loopbacks and Physical Interfaces 552 Step 2: Configure EIGRP 553 Step 3: Configure a Manual IPv6 Tunnel 553 Step 4: Configure Static IPv6 Routes 554 TCL Script Output 556 Lab 8-4: IPv6 Challenge Lab 561 bsci (LAB Portfolio) Lab 8-5: IPv6 Troubleshooting Lab 562 bsci (LAB Portfolio) Initial Configurations 562 IE LABs Volume I
IP Multicast ....................................................................................... 1 PIM Dense Mode...............................................................................................2 PIM Sparse Mode............................................................................................12 Multicast RPF Failure ......................................................................................20 Auto-RP...........................................................................................................27 Auto-RP – Multiple Candidate RPs .................................................................34 Auto-RP – Filtering Candidate RPs.................................................................42 Auto-RP Listener .............................................................................................48 PIM NBMA Mode.............................................................................................55 Auto-RP and Default RP Placement................................................................62 Bootstrap Router .............................................................................................69 Multicast Source Distribution Protocol (MSDP) ...............................................74 Anycast RP......................................................................................................81 Multicast BGP..................................................................................................88 WAN CBT - Routing: WAN Connectivity ccna - WAN Connections: Concepts of VPN Technology ccna - WAN Connections: Implementing PPP Authentication ccna - WAN Connections: Understanding Frame Relay ccna - WAN Connections: Configuring Frame Relay ccna - Understanding New WAN Technologies: Cable Technology iscw - Understanding New WAN Technologies: DSL Technology iscw - Understanding New WAN Technologies: Configuring PPPoE DSL Connections iscw - Multiprotocol Label Switching: The Concepts iscw - Multiprotocol Label Switching: Frame Mode Configuration iscw - Multiprotocol Label Switching: Understanding MPLS VPNs iscw - Advanced WAN Configuration (Part 1): HDLC & PPP ccie - Advanced WAN Configuration (Part 2): Frame Relay ccie - Advanced WAN Configuration (Part 3): Frame Relay Traffic Shaping and ATM ccie - Advanced WAN Configuration (Part 4): ISDN ccie
Lab 4-1: Configuring Frame Mode MPLS (4.5.1) 205 iscw (LAB Portfolio) Scenario 205 Step 1: Configure Addressing 206 Step 2: Configure EIGRP AS 1 206 Step 3: Observe CEF Operation 207 Step 4: Enable MPLS on All Physical Interfaces 209 Step 5: Verify MPLS Configuration 210 Step 6: Change MPLS MTU 215 Lab 4-2: Challenge Lab: Implementing MPLS VPNs (4.5.2) 217 iscw (LAB Portfolio) Scenario 218 Step 1: Configure Addressing 219 Step 2: Configure Routing in the Service-Provider Domain 219 Step 3: Configure MPLS in the SP Domain 220
Step 4: Configure a VRF 221 Step 5: Configure EIGRP AS 1 225 Step 6: Configure BGP 227 Step 7: Investigate Control Plane Operation 229 Step 8: Investigate Forwarding Plane Operation 235 Conclusion 238 IE LABs Volume I FRAME RELAY.....................................................................................................1 Frame-Relay Inverse-ARP.............................................................................2 Frame-Relay Static Mapping 1 ......................................................................5 Frame-Relay Inverse-ARP & Static Mappings ...............................................8 Frame-Relay Multipoint Interfaces: Inverse-ARP.........................................11 Frame-Relay Multipoint Interfaces: Static Mappings....................................14 Frame-Relay Multipoint Interfaces: Inverse-ARP & Static Mappings ...........17 Frame-Relay Point-to-Point Subinterfaces ..................................................20 Frame-Relay Point-to-Point Subinterfaces and Main Interfaces: Inverse-ARP .....................................................................................................................23 Frame-Relay Point-to-Point Subinterfaces and Main Interfaces: Static Mappings .....................................................................................................26 Frame-Relay Point-to-Point Subinterfaces and Multipoint Subinterfaces: Inverse-ARP ................................................................................................29 Frame-Relay Point-to-Point Subinterfaces and Multipoint Subinterfaces: Static Mapping .............................................................................................32 Frame-Relay Main Interface: Inverse-ARP, Multipoint Interface: Inverse-ARP .....................................................................................................................35 Frame-Relay Main Interface: Inverse-ARP, Multipoint Interface: Static Mapping.......................................................................................................38 Frame-Relay Main Interface: Static Mapping, Multipoint Interface: InverseARP .............................................................................................................41 Frame-Relay Main Interface: Static Mapping, Multipoint Interface: Static Mapping.......................................................................................................44 Frame-Relay Hub-and-Spoke, Main Interfaces w/ Inverse-ARP..................47 Frame-Relay Hub-and-Spoke, Main Interfaces w/ Inverse-ARP & Static Mappings .....................................................................................................51 Frame-Relay Hub-and-Spoke, Main Interfaces w/ Static Mappings.............55 Frame-Relay Hub-and-Spoke, Main Interfaces w/ Inverse-ARP & Point-toPoint Subinterfaces......................................................................................59 Frame-Relay Hub-and-Spoke, Main Interfaces w/ Static Mappings & PointtoPoint Subinterfaces .................................................................................63 Case Study 1: EIGRP 565 bsci (LAB Portfolio) Case Study 2: OSPF: Four Routers 566 bsci (LAB Portfolio) Case Study 3: OSPF: Five Routers 568 bsci (LAB Portfolio) Case Study 4: BGP 570 bsci (LAB Portfolio)
VoIP CBT - VoIP Networks: Understanding the Foundations ccna - VoIP Networks: How Your Voice Becomes a Packet bcmsn - VoIP Networks: Allocating Enough Bandwidth bcmsn - VoIP Networks: Implementation Considerations, Part 1 bcmsn - VoIP Networks: Implementation Considerations, Part 2 bcmsn - Campus VoIP: Overview, Considerations, and AutoQoS bcmsn - Advanced Router Technology (Part 3): Voice over IP (VoIP) ccie
Lab 7-1: Configuring Switches for IP Telephony Support (7.3.1) 169 bcmsn (LAB Portfolio) Scenario: Preparing the Switching Network to Support Voice 169 Step 1 Basic Preparation 170 Step 2 Basic Configuration 170 Step 3 Configure the Trunks and EtherChannel 171 Step 4 Changing the VTP Mode 173 Step 5 Creating the VTP Domain 174 Step 6 HSRP 174 Step 7 Auto QoS Configuration 176 Step 8 Verify Auto QoS 177 Step 9 Configure the Distribution Layer to Trust CoS 177 Step 10 Verify Auto QoS at the Distribution Layer 178 Step 11 mls qos cos 179 Lab 2-1: Configure CME Using the CLI and Cisco IP Communicator (2.6.1) 7 ont (LAB Portfolio) Scenario 7 Step 1: Configure Addressing 7 Step 2: Configure Router Telephony Service 9 Step 3: Create Directory Numbers 10 Step 4: Create Phones 11 Step 5: Install Cisco IP Communicator 12 Step 6: Run Cisco IP Communicator 16 Step 7: Establish a Call from Host A to Host B 19 Step 8: Change the Codec Being Used 21 QoS CBT - Quality of Service: Bandwidth Monsters ont - Quality of Service: Implementation Models and Methods, Part 1 ont - Quality of Service: Implementation Models and Methods, Part 2 ont - Quality of Service: Classification and Marking: Layer 2 ont - Quality of Service: Classification and Marking: Layer 3 ont - Quality of Service: Using NBAR ont - Quality of Service: Queuing Fundamentals ont - Quality of Service: Queuing Configuration ont
- Quality of Service: Congestion Avoidance ont - Quality of Service: Policing and Shaping ont - Quality of Service: Link Efficiency Mechanisms ont - Quality of Service: Through VPNs and Service Providers ont - Quality of Service: The Magic Wand of AutoQoS ont - Quality of Service (Part 1): QoS Fundamentals and the MQC ccie - Quality of Service (Part 2): Congestion Management and Avoidance ccie - Quality of Service (Part 3): Policing, Shaping, and Link Efficiency ccie
Lab 3-1: Preparing for QoS (3.6.1) 25 ont (LAB Portfolio) Overview 26 Step 1: Preliminaries 27 Step 2: Create Basic Pagent IOS and TGN Configurations 27 Step 3: Store Basic Pagent Configurations 33 Step 4: Create Advanced Pagent IOS, TGN, and NQR Configurations 34 Step 5: Store Advanced Pagent Configurations 38 Step 6: Display Traffic Statistics 38 Basic Pagent Configurations 40 IOS Configuration on R4: Stored in flash:basic-ios.cfg 40 TGN Configuration on R4: Stored in flash:basic-tgn.cfg 41 IOS Configuration on ALS1: Stored in flash:basic.cfg 41 Pagent Configurations 42 IOS Configuration on R4 (TrafGen): Stored in flash:advanced-ios.cfg 42 TGN Configuration on R4 (TrafGen): Stored in flash:advanced-tgn.cfg 43 IOS Configuration on ALS1: Stored in flash:advanced.cfg 43 NETLAB-Compatible Advanced Pagent Configurations 44 IOS Configuration on R4: Stored in flash:advanced-ios.cfg 44 TGN Configuration on R4: Stored in flash:advanced-tgn.cfg 45 IOS Configuration on ALS1: Stored in flash:advanced.cfg 45 NQR Configuration 46 Sample Advanced Pagent Configuration 46 R1 47 R2 47 R3 47 R4 48 R4 NQR 48 Lab 3-3: Configuring QoS with SDM (3.6.3) 69 ont (LAB Portfolio) Scenario 69 Preparation 69 Step 1: Configure Physical Interfaces 70 Step 2: Configure Routing with EIGRP 71 Step 3: Connect to R1 Using SDM 71 Step 4: Use the SDM QoS Wizard 72 Step 5: Verify QoS Operation with SDM 77 Lab 4-1: Default Queuing Tools (4.11.1) 79 ont (LAB Portfolio)
Scenario 79 Preparation 79 Step 1: Configure Addressing 80 Step 2: Configure EIGRP AS 1 83 Step 3: Contrast Interface Queuing Strategies 85 Step 4: Verify and Change Queuing Modes 87 Step 5: Modify Default Queuing Settings 93 Lab 4-2: Intermediate Queuing Tools (4.11.2) 95 ont (LAB Portfolio) Scenario 95 Preparation 95 Step 1: Configure the Physical Interfaces 96 Step 2: Configure EIGRP AS 1 97 Step 3: Configure Custom Queuing 98 Step 4: Configure Priority Queuing 104 Challenge 107 Lab 4-3: TCP Header Compression (4.11.3) 108 ont (LAB Portfolio) Scenario 108 Step 1: Configure Addressing 108 Step 2: Enable Telnet Access on R2 108 Step 3: Enable TCP Header Compression 108 Step 4: Verify TCP Header Compression 109 Lab 4-4: Comparing Queuing Strategies (4.11.4) 111 ont (LAB Portfolio) Scenario 111 Preparation 111 Step 1: Configure Addressing and Routing 112 Step 2: Create NQR Configuration for Testing Purposes 113 Step 3: Test FIFO Queuing 115 Step 4: Test Weighted Fair Queuing 115 Step 5: Test Custom Queuing 116 Step 6: Test Priority Queuing 116 Lab 4-5: Class-Based Queuing and NBAR (4.11.5) 117 ont (LAB Portfolio) Scenario 117 Preparation 117 Step 1: Configure the Physical Interfaces 118 Step 2: Configure EIGRP AS 1 119 Step 3: Configure NBAR Protocol Discovery 120 Step 4: Classify and Mark Packets 122 Step 5: Shape Traffic and Queue with CBWFQ and LLQ 127 Challenge: Verifying IP Precedence 131 Lab 4-6: Class-Based Marking, Shaping, and Policing (4.11.6) 133 ont (LAB Portfolio) Scenario 133 Preparation 133 Step 1: Configure the Physical Interfaces 134 Step 2: Configure Routing 135 Step 3: Mark Packets with DSCP 135
Step 4: Configuring Class-Based Shaping 138 Step 5: Configure Nested Service Policies 140 Step 6: Configure Traffic Policing 142 Step 7: Configure Class-Based TCP Header Compression 143 Lab 4-7: WAN QoS Tools (4.11.7) 145 ont (LAB Portfolio) Scenario 145 Preparation 145 Step 1: Configure the Physical Interfaces 146 Step 2: Configure Multilink PPP 147 Step 3: Configure Multilink PPP LFI 151 Step 4: Configure Routing 152 Step 5: Configure Generic Traffic Shaping 153 Step 6: Configure Committed Access Rate Policing 153 Lab 4-8: Shaping and Policing (4.11.8) 155 ont (LAB Portfolio) Scenario 155 Preparation 155 Step 1: Configure Physical Interfaces and Routing 156 Step 2: Configure NQR on R4 156 Step 3: Configure Traffic Policing 158 Step 4: Configure Traffic Shaping 158 NETLAB-Compatible NQR Configuration 159 Lab 4-9: QoS Pre-classify (4.11.9) 160 ont (LAB Portfolio) Scenario 160 Preparation 161 Step 1: Configure the Physical Interfaces 161 Step 2: Configure Static Routing 162 Step 3: Configure the GRE Tunnel 163 Step 4: Configure Routing 164 Step 5: Enable the QoS Pre-classify Feature 164 Lab 4-10: Quality of Service Challenge Lab 167 ont (LAB Portfolio) Lab 4-11: Quality of Service Troubleshooting 168 ont (LAB Portfolio) Initial Configurations 169 Lab 5-1: AutoQoS (5.3.1) 173 ont (LAB Portfolio) Scenario 173 Preparation 174 Step 1: Configure the Physical Interfaces 174 Step 2: Configure EIGRP AS 1 176 Step 3: Configure AutoQoS 177 Step 4: Configure AutoQoS with DSCP 184 IE LABs Volume I QOS...................................................................................................................1 Legacy Custom Queueing .............................................................................2
MQC Bandwidth.............................................................................................6 Legacy Priority Queueing ............................................................................11 MQC Low Latency Queue ...........................................................................14 Legacy Generic Traffic Shaping...................................................................17 Legacy Frame Relay Traffic Shaping...........................................................19 MQC Frame Relay Traffic Shaping..............................................................22 Legacy Committed Access Rate..................................................................25 MQC Policing...............................................................................................27 Common Configuration................................................................................29 Legacy FRTS...............................................................................................33 Legacy FRTS with Per-VC Priority Queueing ..............................................36 Frame-Relay Adaptive Shaping...................................................................38 Frame-Relay Fragmentation (FRF.12).........................................................40 Frame-Relay IP RTP Priority .......................................................................42 Frame-Relay Per-VC CBWFQ.....................................................................44 MQC-Only FRTS Configuration ...................................................................47 MQC FRTS..................................................................................................50 Voice-Adaptive FRTS ..................................................................................53 Frame-Relay Voice-Adaptive Fragmentation ...............................................56 FRF.11 Annex C Fragmentation for VoFR...................................................58 Frame-Relay PIPQ ......................................................................................60 Wireless CBT - Wireless: Understanding Wireless Networking ccna - Wireless: Wireless Security and Implementation ccna - Wireless LAN: Foundation Concepts and Design, Part 1 bcmsn - Wireless LAN: Foundation Concepts and Design, Part 2 bcmsn - Wireless LAN: Frequencies and 802.11 Standards bcmsn - Wireless LAN: Understanding the Hardware bcmsn - Wireless LAN: Configuration and Verification bcmsn - Wireless Networks: Wireless in the Cisco World ont - Wireless Networks: Security and 802.1x ont - Wireless Networks: Cisco Wireless Configuration ont - Wireless Networks: Wireless QoS ont
Lab 6-1a: Configuring an External WLAN Controller (6.7.1a) 129 bcmsn (LAB Portfolio) Step 1 Basic Preparation 130 Step 2 Basic Configuration 130 Step 3 Configuring the Switched Virtual Interfaces 132 Step 4 DHCP 132 Step 5 PortFast 133 Step 6 Configuring the Host and Host Port 134 Step 7 Enable and Verify Routing 136 Step 8 WLAN Controller Wizard 136 Step 9 Additional WLAN Controller Configuration 138
Lab 6-1b: Configuring a WLAN Controller Installed in a Router (6.7.1b) 139 bcmsn (LAB Portfolio) Step 1 Basic Preparation 139 Step 2 VLAN and VTP Domain Configuration 139 Step 3 Subinterfaces 140 Step 4 DHCP 141 Step 5 PortFast 142 Step 6 Configuring the Host and Host Port 142 Step 7 Verify Routing 144 Step 8 WLAN Controller Wizard 145 Step 9 Additional WLAN Controller Configuration 147 Lab 6-2: Configuring a WLAN Controller via the Web Interface (6.7.2) 149 bcmsn (LAB Portfolio) Step 1 Load Existing Configurations from Previous Lab 150 Step 2 Using the Web Interface for Configuration 150 Step 3 Creating Logical Interfaces 152 Step 4 Configuring WLANs That Correspond to the VLANs 155 Lab 6-3: Configuring a Wireless Client (6.7.3) 158 bcmsn (LAB Portfolio) Step 1 Install Cisco Aironet Wireless Card Software 159 Step 2 Inserting the Cisco 802.11 a/b/g Wireless Adapter 163 Step 3 Verify Status of Installation 166 Lab 6-1a: Configuring an External WLAN Controller (6.6.1a) 192 ont (LAB Portfolio) Scenario 192 Step 1: Device Preparation 192 Step 2: Basic Switch Configuration 192 Step 3: Switched Virtual Interface Configuration 194 Step 4: DHCP Configuration 194 Step 5: Spanning Tree PortFast Configuration 196 Step 6: Host Configuration and Verification 196 Step 7: IP Routing Configuration and Verification 198 Step 8: WLAN Controller Wizard 199 Step 9: Telnet and HTTP Access to the WLAN Controller 200 Lab 6-1b: Configuring a WLAN Controller Installed in a Router (6.6.1b) 202 ont (LAB Portfolio) Scenario 202 Step 1: Device Preparation 202 Step 2: Basic Switch Configuration 203 Step 3: Subinterface Configuration for R1 and the WLAN Controller 203 Step 4: DHCP Configuration 204 Step 5: Spanning Tree PortFast Configuration 205 Step 6: Host Configuration and Verification 206 Step 7: IP Routing Verification 208 Step 8: WLAN Controller Configuration 208 Step 9: Telnet and HTTP Access to the WLAN Controller 211 Lab 6-2: Configuring a WLAN Controller Through the Web
Interface (6.6.2) 213 ont (LAB Portfolio) Step 1: Basic Device Configuration 213 Step 2: WLAN Controller Monitor Page 213 Step 3: Configure Logical Interfaces on the WLAN Controller 215 Step 4: Configure WLANs 220 Lab 6-3: Configuring a Wireless Client (6.6.3) 225 ont (LAB Portfolio) Step 1: Aironet Installation Program 226 Step 2: Configuring Profile and SSID 230 Step 3: Diagnostics 233 Lab 6-4: Configuring WPA Security with Preshared Keys (6.6.4) 235 ont (LAB Portfolio) Scenario 236 Preparation 236 Step 1: Connect to the WLC from the Host 237 Step 2: Assign a VLAN to a WLAN 238 Step 3: Connect to WLAN Using Cisco Aironet Desktop Utility 244 Lab 6-5: Configuring LEAP (6.6.5) 248 ont (LAB Portfolio) Scenario 248 Preparation 249 Step 1: Install CiscoSecure ACS 250 Step 2: Set Up ACS for LEAP 254 Step 3: Connect to the WLC from the Management Host 260 Step 4: Set Up a RADIUS Server 261 Step 5: Assign a WLAN to a VLAN 263 Step 6: Configure the Wireless Client 267 Case Study: QoS and MLPPP 271 CCIE Video Practice Lab CBT - CCIE Practice Labs Introduction - CCIE Lab Setup - Bridging and Switching: Frame Relay - Bridging and Switching: 3550 - IGP Protocols: OSPF Part 1 - IGP Protocols: OSPF Part 2 - IGP Protocols: RIPv2 - IGP Protocols: EIGRP - EGP Protocols: BGP Part 1 - EGP Protocols: BGP Part 2 - EGP Protocols: BGP Part 3 - ISDN: Connectivity and Dial Restrictions - Cisco IOS Features: DHCP - Cisco IOS Features: Redundant Routing - Cisco IOS Features: SNMP - Cisco IOS Features: NTP
- Cisco IOS Features: Miscellaneous Tasks - Quality of Service - Multicast - Security
NetMaster FrameRelay VOD Frame Relay Fundamentals::: Frame Relay Overview Frame Relay DTE to DTE Frame Relay LMI Frame Relay Mapping Managing Frame Relay Topologies Frame Switching on Cisco IOS Bridging over Frame Relay Advanced Frame Relay Techniques::: PPP over Frame Relay Frame Relay End-to End Keepalive AutoInstall Over Frame Relay Routing over Frame Relay:::: RIP, EIGRP and BGP on Hub-and-Spoke Frame-Relay OSPF over Frame-Relay Frame Relay QoS::: Frame-Relay Traffic-Shaping Class-Based Frame-Relay Traffic-Shaping VOIP ovre Frame-Relay Priority Queueing Options over Frame-Relay Enhanced Frame-Relay Switching
InternetworkExpert COD4.0 ::::Day1:::: Introduction EthernetSwitching VTP Etherchannel Frame Relay1 Frame Relay2 :::::Day2:::: IP Routing1 IP Routing2 IP Routing3 IP Routing4 RIP Policy Routing PPP1 PPP2
::::Day3::::: EIGRP OSPF1 OSPF2 OSPF3 OSPF4 Route Redistribution ::::Day4:::: BGP1 BGP2 BGP3 BGP4 Multicasting1 Multicasting2 ::::Day5:::: IPv6 1 IPv6 2 IPv6 3 IPv6 4 IPv6 5 Security :::::Day 6:::: Catalyst security and additional features1 Catalyst security and additional features2 Spanning Tree1 Spanning Tree2 :::Day7:::: Part1 Bridging Part2 OSPF1 Part3 OSPF2 Part4 IGP1 Part5 IGP2 :::::Day8:::; Part1 Summarization1 Part2 Summarization2 Part3 Summarization 3 and Advanced BGP Part4 Advanced Route Redistribution1 Part5 Advanced Route Redistribution2 ::::Day9:::: Part1 QoS Part2 QoS Part3 QoS Part4 QoS Part5 QoS Part6 QoS
:::Day10::: Part1 IP Services Part2 IP Services Part3 IP Services Part4 IP Services Part5 IP Services LAB Strategy Systems Management1 Systems Management2
Cisco LAB Accessor *** IPExperts CCIE Labs Workbook IE CCIE Dynamips Lab Workbook IE CCIE Lab Workbook Vol2 IE CCIE Lab Workbook Vol3 DOiT labs volume 2 (Revised) Narbik - Advanced CCIE Routing & Switching - Technology Focused CCBOOTCAMP - CCIE R&S Technology Lab Workbook IE CCIE ClassOnDemands 4.5 IPExpert COD4 Khawar butt labs http://www.netmasterclass.net/ internetworkexpert.com http://www.ccbootcamp.com/ccierslwadvlabwb.html http://www.ipexpert.com/index.cfm/products/ http://www.netmetric-solutions.com
Websites http://www.cisco.com/web/learning/le21/le39/featured.html http://www.certmag.com/ http://newsroom.cisco.com/ http://www.networkworld.com www.techrepublic.com http://network-ebooks.com/ www.Sadikhov.com * http://networkninja.co.za/ ** http://www.routerlabs.de/ *
www.Dynagen.org * www.gns3.net * Networksims.com (Labs)
http://www.brainbump.net * http://www.groupstudy.com/ http://www.bradreese.com/cisco-technical-newsgroups.htm http://7200emu.hacki.at/* (go to sample labs) www.packetlife.net www.configureterminal.com (nice tools for ease) http://www.gns3-labs.com/ http://www.ciscohuawei.com/ http://www.56cto.com/
http://www.certificationtalk.com:81/ http://www.onlinestudylist.com/ http://seekingalpha.com/symbol/csco http://6200networks.com/ http://www.ciptug.org/ http://www.blindhog.net/ http://www.sunpenguin.net/ http://blog.internetworkexpert.com/ http://ioshints.blogspot.com/ http://www.mytechwisetv.com/ http://www.colinmcnamara.com/ http://connection.netcordia.com/blogs/terrys_blog/default.aspx http://ardenpackeer.com/ http://thebryantadvantage.blogspot.com/ http://www.ciscoblog.com/ http://ciscomars.blogspot.com/ http://cosi-nms.sourceforge.net/ http://cciepursuit.wordpress.com/ http://www.networking-forum.com/index.php?c=9 http://www.dfw.cisco-users.org/ http://www.cisconet.com/ http://www.ciscosubnet.com/ www.networksims.com http://cciepursuit.wordpress.com/ http://www.ethanbanks.net/ http://www.routerie.com/ http://forum.internetworkexpert.com/ubbthreads.php www.itguruindia.com www.petri.co.il/ http://www.ciscosim.net/ [forum and ios image downloads] http://happyrouter.com/ http://www.tek-tips.com/threadminder.cfm?pid=557 http://itknowledgeexchange.techtarget.com/cisco/
http://certcities.com/forums/ http://www.it-cer.com/forum/ http://www.experts-exchange.com http://www.witfor.org.bw/ http://www.myitforum.com/ http://forums.techguy.org/ http://www.latestdumps.com/
BCMSN Command Reference Book Chapter 1 Network Design Requirements 1 Cisco Service-Oriented Network Architecture 1 Cisco Enterprise Composite Network Model 2 Chapter 2 VLANs 3 Creating Static VLANs 3 Using VLAN-Configuration Mode 3 Using VLAN Database Mode 4 Assigning Ports to VLANs 5 Using the range Command 5 Dynamic Trunking Protocol 5 Setting the Encapsulation Type 6 Verifying VLAN Information 7 Saving VLAN Configurations 7 Erasing VLAN Configurations 8 Verifying VLAN Trunking 9 VLAN Trunking Protocol 9 Using Global Configuration Mode 9 Using VLAN Database Mode 10 Verifying VTP 12 Configuration Example: VLANs 13 3560 Switch 13 2960 Switch 15 Chapter 3 STP and EtherChannel 17 Spanning Tree Protocol 18 Enabling Spanning Tree Protocol 18 Configuring the Root Switch 18 Configuring a Secondary Root Switch 19 Configuring Port Priority 19 Configuring the Path Cost 20 Configuring the Switch Priority of a VLAN 20 Configuring STP Timers 21 Verifying STP 21 Optional STP Configurations 22 PortFast 22 BPDU Guard 22 BPDU Filtering 23 UplinkFast 24 BackboneFast 24 Root Guard 24 Loop Guard 25 Unidirectional Link Detection 25 Changing the Spanning-Tree Mode 26 Extended System ID 27
Enabling Rapid Spanning Tree 27 Enabling Multiple Spanning Tree 28 Verifying MST 29 Troubleshooting Spanning Tree 29 Configuration Example: STP 30 Core Switch (3560) 30 Distribution 1 Switch (3560) 31 Distribution 2 Switch (3560) 32 Access 1 Switch (2960) 33 Access 2 Switch (2960) 34 EtherChannel 34 Interface Modes in EtherChannel 35 Guidelines for Configuring EtherChannel 35 Configuring L2 EtherChannel 36 Configuring L3 EtherChannel 36 Verifying EtherChannel 37 Configuration Example: EtherChannel 38 DLSwitch (3560) 39 ALSwitch1 (2960) 40 ALSwitch2 (2960) 41 Chapter 4 Inter-VLAN Routing 43 Configuring Cisco Express Forwarding 43 Verifying CEF 44 Troubleshooting CEF 44 Inter-VLAN Communication Using an External Router: Router-on-a-Stick 45 Inter-VLAN Communication Tips 46 Inter-VLAN Communication on a Multilayer Switch Through a Switch Virtual Interface 46 Removing L2 Switchport Capability of a Switch Port 46 Configuring Inter-VLAN Communication 47 Configuration Example: Inter-VLAN Communication 48 ISP Router 49 CORP Router 50 L2Switch2 (Catalyst 2960) 52 L3Switch1 (Catalyst 3560) 54 L2Switch1 (Catalyst 2960) 56 Chapter 5 High Availability 59 Hot Standby Routing Protocol 59 Configuring HSRP 59 Verifying HSRP 60 HSRP Optimization Options 60 Preempt 60 HSRP Message Timers 61 Interface Tracking 62 Debugging HSRP 62 Virtual Router Redundancy Protocol 62 Configuring VRRP 63 Verifying VRRP 64 Debugging VRRP 64 Gateway Load Balancing Protocol 65 Configuring GLBP 65 Verifying GLBP 68 Debugging GLBP 68 Configuration Example: HSRP 69 Router 1 69 Router 2 70 Configuration Example: GLBP 71
Router 1 72 Router 2 73 Chapter 6 Wireless Client Access 75 Configuration Example: 4402 WLAN Controller Using the Configuration Wizard 75 Configuration Example: 4402 WLAN Controller Using the Web Interface 84 Configuration Example: Configuring a 3560 Switch to Support WLANs and APs 94 Configuration Example: Configuring a Wireless Client 96 Chapter 7 Minimizing Service Loss and Data Theft 101 Configuring Static MAC Addresses 101 Switch Port Security 102 Verifying Switch Port Security 103 Sticky MAC Addresses 104 Mitigating VLAN Hopping: Best Practices 105 Configuring Private VLANs 105 Verifying PVLANs 106 Configuring Protected Ports 107 VLAN Access Maps 107 Verifying VLAN Access Maps 109 Configuration Example: VLAN Access Maps 109 DHCP Snooping 111 Verifying DHCP Snooping 113 Dynamic ARP Inspection 113 Verifying DAI 114 802.1x Port-Based Authentication 114 Cisco Discovery Protocol Security Issues 116 Configuring the Secure Shell Protocol 117 vty ACLs 117 Restricting Web Interface Sessions with ACLs 118 Disabling Unneeded Services 118 Securing End-Device Access Ports 119 Chapter 8 Voice Support in Campus Switches 121 Attaching a Cisco IP Phone 121 Verifying Configuration After Attaching a Cisco IP Phone 123 Configuring AutoQoS: 2960/3560 123 Verifying AutoQoS Information: 2960/3560 124 Configuring AutoQoS: 6500 124 Verifying AutoQoS Information: 6500 124
BSCI Command Reference Book Chapter 1 Network Design Requirements 1 Cisco Service-Oriented Network Architecture 1 Cisco Enterprise Composite Network Model 2 Chapter 2 EIGRP 3 Configuring EIGRP 3 EIGRP Auto-Summarization 4 Injecting a Default Route into EIGRP: Redistribution of a Static Route 5 Injecting a Default Route into EIGRP: IP Default Network 6 Injecting a Default Route into EIGRP: Summarize to 0.0.0.0/0 7
Load Balancing: Variance 7 Bandwidth Use 8 Authentication 8 Stub Networks 10 Verifying EIGRP 11 Troubleshooting EIGRP 12 Configuration Example: EIGRP 12 Austin Router 12 Houston Router 14 Chapter 3 OSPF 17 Configuring OSPF: Mandatory Commands 17 Using Wildcard Masks with OSPF Areas 18 Configuring OSPF: Optional Commands 19 Loopback Interfaces 19 Router ID 20 DR/BDR Elections 20 Modifying Cost Metrics 20 OSPF auto-cost reference-bandwidth 21 Authentication: Simple 21 Authentication: Using MD5 Encryption 22 Timers 22 Configuring Multi-Area OSPF 23 Propagating a Default Route 23 OSPF and NBMA Networks 23 Full-Mesh Frame Relay: NBMA on Physical Interfaces 24 Full-Mesh Frame Relay: Broadcast on Physical Interfaces 25 Full Mesh Frame Relay: Point-to-Multipoint Networks 26 Full-Mesh Frame Relay: Point-to-Point Networks with Subinterfaces 26 OSPF Special Area Types 27 Stub Areas 27 Totally Stubby Areas 28 Not So Stubby Areas (NSSA) Stub Area 29 NSSA Totally Stubby Areas 29 Virtual Links: Configuration Example 30 Route Summarization 31 Inter-Area Route Summarization 31 External Route Summarization 31 Verifying OSPF Configuration 32 Troubleshooting OSPF 32 Configuration Example: Single-Area OSPF 33 Austin Router 33 Houston Router 34 Galveston Router 35 Configuration Example: Multi-Area OSPF 36 ASBR Router 37 ABR-1 Router 38 ABR-2 Router 39 Internal Router 40 Configuration Example: OSPF and NBMA Networks 41 Houston Router 42 Austin Router 43 Galveston Router 44 Laredo Router 45 Configuration Example: OSPF and Broadcast Networks 46 Houston Router 47
Austin Router 48 Galveston Router 49 Laredo Router 50 Configuration Example: OSPF and Point-to-Multipoint Networks 51 Houston Router 51 Austin Router 52 Galveston Router 53 Laredo Router 54 Configuration Example: OSPF and Point-to-Point Networks Using Subinterfaces 55 Houston Router 55 Austin Router 57 Galveston Router 58 Laredo Router 59 Chapter 4 Integrated IS-IS 61 ISO Network Entity Title (NET) 61 Rules for Creating a NET 62 Examples of NETs: Cisco Implementation 63 Basic IS-IS Configuration 63 Neighbors and Timers 64 Election of the Designated IS (DIS) 65 Rules for IS-IS Adjacencies 65 Routing Metrics 65 Wide Metrics 66 Manual Summarization 66 Injecting Default Routes 66 Defining Router Types 67 Verifying Integrated IS-IS Routing 67 Configuration Example: Multi-Area IS-IS 68 Mazatlan Router 68 Acapulco Router 69 Cancun Router 70 Chapter 5 Manipulating Routing Updates 73 Route Redistribution 74 Assigning Metrics 74 Redistributing Subnets 75 Assigning E1 or E2 Routes in OSPF 75 Defining Seed Metrics 76 Redistributing Static Routes 76 Assigning Metric and Router Types in IS-IS 76 Redistributing OSPF Internal and External Routes 77 Verifying Route Redistribution 77 Passive Interfaces 78 Route Filtering Using the distribute-list Command 79 Verifying Route Filters 79 Configuration Example: Outbound Route Filters 80 Houston Router 81 Configuration Example: Inbound Route Filters 82 Galveston Router 83 “Passive� EIGRP Interfaces 84 Policy Routing Using Route Maps 85 Configuration Example: Route Maps 86 Portland Router 86 Administrative Distance (AD) 89 Static Routes: permanent Keyword 91 Floating Static Routes 91 Static Routes and Recursive Lookups 92
DHCP Configuration 92 Verifying and Troubleshooting DHCP Configuration 93 Configuring a DHCP Helper Address 94 DHCP Client on a Cisco IOS Ethernet Interface 94 Configuration Example: DHCP 95 Edmonton Router 95 Gibbons Router 97 Chapter 6 BGP 99 Configuring BGP 100 BGP and Loopback Addresses 101 eBGP Multihop 101 Verifying BGP Connections 102 Troubleshooting BGP Connections 102 Autonomous System Synchronization 103 Default Routes 104 Load Balancing 104 Authentication 105 Attributes 105 Origin 105 Next Hop 106 Autonomous System Path: Remove Private Autonomous System 108 Autonomous System Path: Prepend 108 Weight: The weight Command 110 Weight: Access Lists 111 Weight: Route Maps 112 Local Preference: bgp default local-preference Command 114 Local Preference: Route Maps 115 Multi-Exit Discriminator (MED) 116 Atomic Aggregate 119 Regular Expressions 121 121 Regular Expressions: Example One 122 Regular Expressions: Example Two 122 BGP Route Filtering Using Access Lists 123 BGP Route Filtering Using Prefix Lists 124 BGP: Configuration Example 127 Houston Router 127 Laredo Router 129 Galveston Router 129 Austin Router 130 Chapter 7 Multicast 133 IP Multicast Address Examples 133 Class D Addresses 134 Reserved Link-Local Addresses 134 Globally Scoped Addresses 134 Source Specific Multicast (SSM) Addresses 135 GLOP Addresses 135 Limited-Scope Addresses 135 Layer 2 Multicast Addresses 136 Ethernet MAC Address Mapping 136 Internet Group Management Protocol (IGMP) Snooping 138 Verifying Multicast Addressing 139 Cisco Group Management Protocol (CGMP) 139 Configuring IP Multicast 139 Verifying PIM Configuration 140 Auto-RP 140
Defining Scope of Delivery of Multicast Packets 141 Joining a Multicast Group 142 Changing Internet Group Management Protocol (IGMP) Versions 142 Verifying IGMP Version 143 Configuration Example: Multicast Routing Using PIM SparseDense Mode 143 R1 Router 144 R2 Router 145 R3 Router 146 Chapter 8 IPv6 147 Assigning IPv6 Addresses to Interfaces 147 Cisco Express Forwarding (CEF) and Distributed CEF Switching for IPv6 148 IPv6 and OSPFv3 149 Enabling OSPF for IPv6 on an Interface 150 OSPFv3 and Stub/NSSA Areas 150 Enabling an OSPF for IPv6 Area Range 151 Enabling an IPv4 Router ID for OSPFv3 151 Forcing an SPF Calculation 152 Configuration Example: OSPFv3 152 R3 Router 153 R2 Router 153 R1 Router 154 R4 Router 155 IPv6 Tunnels: Manual Overlay 156 Juneau Router 156 Fairbanks Router 157 Static Routes in IPv6 159 Floating Static Routes in IPv6 159 Verifying and Troubleshooting IPv6 160 IPv6 Ping 162
ISCW Command Reference Book Chapter 1 Network Design Requirements 1 Cisco Service-Oriented Network Architecture 1 Cisco Enterprise Composite Network Model 2 Chapter 2 Connecting Teleworkers 3 Configuration Example: DSL Using PPPoE 3 Step 1: Configure PPPoE (External Modem) 5 Virtual Private Dial-Up Network (VPDN) Programming 5 Step 2: Configure the Dialer Interface 6 For Password Authentication Protocol (PAP) 7 For Challenge Handshake Authentication Protocol (CHAP) 7 Step 3: Define Interesting Traffic and Specify Default Routing 7 Step 4a: Configure NAT Using an ACL 8 Step 4b: Configure NAT Using a Route Map 9 Step 5: Configure DHCP Service 10 Step 6: Apply NAT Programming 10 Step 7: Verify a PPPoE Connection 11 Configuring PPPoA 11 Step 1: Configure PPPoA on the WAN Interface (Using Subinterfaces) 12 Step 2: Configure the Dialer Interface 13
For Password Authentication Protocol (PAP) 13 For Challenge Handshake Authentication Protocol (CHAP) 13 Step 3: Verify a PPPoA Connection 14 Configuring a Cable Modem Connection 15 Step 1: Configure WAN Connectivity 16 Step 2: Configure Local DHCP Service 17 Step 3: Configure NAT Using a Route Map 18 Step 4: Configure Default Routing 18 Step 5: Apply NAT Programming 19 Configuring L2 Bridging Using a Cisco Cable Modem HWIC 19 Step 1: Configure Global Bridging Parameters 19 Step 2: Configure WAN to LAN Bridging 20 Configuring L3 Routing Using a Cisco Cable Modem HWIC 20 Step 1: Remove Bridge Group Programming from All Interfaces 21 Step 2: Configure LAN Connectivity 21 Step 3: Configure WAN Connectivity 21 Chapter 3 Implementing Frame Mode MPLS 23 Configuring Cisco Express Forwarding 23 Verifying CEF 24 Troubleshooting CEF 24 Configuring MPLS on a Frame Mode Interface 25 Configuring MTU Size in Label Switching 26 Configuration Example: Configuring Frame Mode MPLS 27 R1 Router 27 R2 Router 28 R3 Router 30 Chapter 4 IPsec VPNs 33 Configuring a Teleworker to Branch Office VPN Using CLI 34 Step 1: Configure the ISAKMP Policy (IKE Phase 1) 35 Step 2: Configure Policies for the Client Group(s) 35 Step 3: Configure the IPsec Transform Sets (IKE Phase 2, Tunnel Termination) 36 Step 4: Configure Router AAA and Add VPN Client Users 36 Step 5: Create VPN Client Policy for Security Association Negotiation 37 Step 6: Configure the Crypto Map (IKE Phase 2) 37 Step 7: Apply the Crypto Map to the Interface 38 Step 8: Verify the VPN Service 38 Configuring IPsec Site-to-Site VPNs Using CLI 39 Step 1: Configure the ISAKMP Policy (IKE Phase 1) 39 Step 2: Configure the IPsec Transform Sets (IKE Phase 2, Tunnel Termination) 40 Step 3: Configure the Crypto ACL (Interesting Traffic, Secure Data Transfer) 40 Step 4: Configure the Crypto Map (IKE Phase 2) 41 Step 5: Apply the Crypto Map to the Interface (IKE Phase 2) 42 Step 6: Configure the Firewall Interface ACL 42 Step 7: Verify the VPN Service 42 Configuring IPsec Site-to-Site VPNs Using SDM 43 Configuring GRE Tunnels over IPsec 46 Step 1: Create the GRE Tunnel 46 Step 2: Specify the IPsec VPN Authentication Method 47 Step 3: Specify the IPsec VPN IKE Proposals 47
Step 4: Specify the IPsec VPN Transform Sets 48 Step 5a: Specify Static Routing for the GRE over IPsec Tunnel 49 Step 5b: Specify Routing with OSPF for the GRE over IPsec Tunnel 49 Step 6: Enable the Crypto Programming at the Interfaces 50 Configuring a Static IPsec Virtual Tunnel Interface 50 Step 1: Configure EIGRP AS 1 51 Step 2: Configure Static Routing 51 Step 3: Create IKE Policies and Peers 52 Step 4: Create IPsec Transform Sets 54 Step 5: Create an IPsec Profile 54 Step 6: Create the IPsec Virtual Tunnel Interface 55 Configuring High Availability VPNs 56 Step 1: Configure Hot Standby Routing Protocol Configuration on HSRP1 58 Step 2: Configure Site-to-Site VPN on HSRP1 59 HSRP1 Configuration 59 Tunnel Traffic Filter 59 Key Exchange Policy 60 Addressing, Authentication Credentials, and Transform Set 60 IPsec Tunnel 60 HSRP2 Configuration 61 Tunnel Traffic Filter 61 Key Exchange Policy 61 Addressing, Authentication Credentials, and Transform Set 61 IPsec Tunnel 61 Step 3: Add Programming for Crypto Redundancy Configuration 62 Step 4: Define the Interdevice Communication Protocol (HSRP1 and HSRP) 63 Step 5: Apply the Programming at the Interface 65 Configuring Easy VPN Server Using Cisco SDM 65 Implementing the Cisco VPN Client 69 Chapter 5 Cisco Device Hardening 71 Disabling Unneeded Services and Interfaces 72 Disabling Commonly Configured Management Services 74 Disabling Path Integrity Mechanisms 74 Disabling Features Related to Probes and Scans 75 Terminal Access Security 75 Gratuitous and Proxy Address Resolution Protocol 76 Disabling IP Directed Broadcasts 76 Locking Down Routers with AutoSecure 76 Optional AutoSecure Parameters 82 Locking Down Routers with Cisco SDM 83 SDM Security Audit Wizard 83 One-Step Lockdown 88 Setting Cisco Passwords and Password Security 90 Securing ROMMON 94 Setting a Login Failure Rate 95 Setting Timeouts 97 Setting Multiple Privilege Levels 97 Configuring Banner Messages 98 Role-Based CLI 100 Secure Configuration Files 102 Tips for Using Access Control Lists 103 Using ACLs to Filter Network Traffic to Mitigate Threats 104
IP Address Spoofing: Inbound 104 IP Address Spoofing: Outbound 106 DoS TCP SYN Attacks: Blocking External Attacks 107 DoS TCP SYN Attacks: Using TCP Intercept 108 DoS Smurf Attacks 109 Filtering ICMP Messages: Inbound 110 Filtering ICMP Messages: Outbound 111 Filtering UDP Traceroute Messages 112 Mitigating Dedicated DoS Attacks with ACLs 113 Mitigating TRIN00 114 Mitigating Stacheldraht 115 Mitigating Trinity v3 117 Mitigating SubSeven 118 Configuring an SSH Server for Secure Management and Reporting 121 Configuring Syslog Logging 122 Configuring an SNMP Managed Node 123 Configuring NTP Clients and Servers 125 Configuration Example: NTP 127 Winnipeg Router (NTP Source) 127 Brandon Router (Intermediate Router) 128 Dauphin Router (Client Router) 128 Configuring AAA on Cisco Routers Using CLI 129 TACACS+ 129 RADIUS 130 Authentication 130 Authorization 131 Accounting 131 Configuring AAA on Cisco Routers Using SDM 132 Chapter 6 Cisco IOS Threat Defense Features 139 Configuring an IOS Firewall from the CLI 139 Step 1: Choose the Interface and Packet Direction to Inspect 140 Step 2: Configure an IP ACL for the Interface 140 Step 3: Set Audit Trails and Alerts 141 Step 4: Define the Inspection Rules 142 Step 5: Apply the Inspection Rules and the ACL to the Outside Interface 143 Step 6: Verify the Configuration 144 Troubleshooting the Configuration 145 Configuring a Basic Firewall Using SDM 145 Configuring an Advanced Firewall Using SDM 149 Verifying Firewall Activity Using CLI 158 Verifying Firewall Activity Using SDM 158 Configuring Cisco IOS Intrusion Prevention System from the CLI 160 Step 1: Specify the Location of the SDF 161 Step 2: Configure the Failure Parameter 161 Step 3: Create an IPS Rule, and Optionally Apply an ACL 162 Step 4: Apply the IPS Rule to an Interface 162 Step 5: Verify the IPS Configuration 163 IPS Enhancements 163 Configuring Cisco IOS IPS from the SDM 165 Viewing Security Device Event Exchange Messages Through SDM 170 Tuning Signatures Through SDM 171
ONT Command Reference Book Chapter 1. Network Design Requirements Cisco Service-Oriented Network Architecture Cisco Enterprise Composite Network Model Chapter 2. Cisco VoIP Implementations Cisco Unified Communications Manager Express (CME) Files Basic Manual CME Setup Using the CLI CME Auto Configuration Using the CLI Installing IP Communicator Changing Codecs Using the CLI Router Configuration Chapter 3. Introduction to IP QoS Configuring QoS Through the Command-Line Interface (CLI) Using Modular QoS CLI (MQC) for Implementing QoS Implementing QoS Using AutoQoS Implementing QoS with Cisco Security Device Manager (SDM) QoS Wizard Chapter 4. Implementing DiffServ Networked-Based Application Recognition (NBAR) for Classification Classification and Marking Configuring Priority Queuing (PQ) Configuring Custom Queuing (CQ) Configuring PQ & CQ for Frame Relay Configuring Weighted Fair Queuing (WFQ) Configuring Class-Based Weighted Fair Queuing (CBWFQ) Configuring Low-Latency Queuing (LLQ) Configuring Low-Latency Queuing (LLQ) with Class-Based Weighted Random Early Detection (CBWRED) Traffic Policing Traffic Shaping Implementing QoS Preclassify Chapter 5. AutoQoS Forms of AutoQoS Locations Where AutoQoS Can Be Implemented Serial Interface Restrictions Frame Relay DLCI and ATM Restrictions Router Design Considerations Router Prerequisites Deploying AutoQoS on Routers Deploying AutoQoS on IOS-Based Catalyst Switches
Verifying Cisco AutoQoS on the Router Verifying Cisco AutoQoS on the Switch Flowchart for Verifying and Modifying AutoQoS-Generated Configurations Chapter 6. Wireless Scalability Wireless LAN QoS Configuration Using the GUI Configuring Encryption and Authentication on Lightweight Access Points Cisco Wireless Control System (WCS)