I know we can use the Doc-cd in the lab.
When I search a technology, am I able to download the book?
I know we can use the Doc-cd in the lab.
When I search a technology, am I able to download the book?
Could I get some clarification on the new initial configs for the new workbook? For instance I am going through the OSPF section and noticed when I open the initial configs for this section there are several sub folders listed with different titles. The only reference I am given within the workbook is to use the OSPF initial configs.
When I start on task 1 it mentions that I need to configure OSPF for Loopback 192. The initial configs don't contain Lo192. Is there something that I am missing? How would I know to load the "Loopback initial config" without having to search around for it, and how do I know I'm actually supposed to do that to begin with?
Folks,
While studying today my study partner noticed that within the last 10 minutes, INE has released the new CCIE Security v4 Practice Labs workbook.
We also now have new IEOC forum sections for the ATC v4 and the Practice Labs v4 added for questions and answers. Remember to update your forum memberships to subscribe to these new forums to stay up-to-date.
Cheers,
Hi,
Since there is no v5 workbook subforum I will post here.
I started doing the new DMVPN labs and noticed that everywhere on the DMVPN spokes the tunnel is configured as mGRE.
I thought the mGRE on the spokes is needed only when implementing phase 2.
Is there any particular reason why the spokes aren't configured as p2p GRE tunnels?
Thanks
Hello everyone. I'm in need of help in a sample lab to run MLDP for MVPN. The topology is a simple CE (R1) <--> PE (R2) <--> P (R3) <--> PE (R4) <--> CE (R5). MPLS forwarding is working across the core. R1 is sending ICMP to 224.2.2.2 sourced from its loopback. I'm using 15.2 in GNS3. Below is the config and show output info. Please tell me what i'm missing in this lab.
Your comments are greatly appreciated. Thanks in advance.
Mike G.
R1#
!
ip multicast-routing
!
!
interface Loopback0
ip address 100.0.0.1 255.255.255.255
!
interface FastEthernet0/0
ip address 10.1.0.1 255.255.255.0
ip pim sparse-mode
!
router rip
version 2
network 10.0.0.0
network 100.0.0.0
no auto-summary
!
ip pim bidir-enable
!
R2#
!
ip vrf yellow
rd 2:200
vpn id 50:10
mdt preference mldp
mdt default mpls mldp 100.0.0.1
mdt data mpls mldp 255
mdt data threshold 40
route-target export 2:200
route-target import 2:200
!
ip multicast-routing
ip multicast-routing vrf yellow
!
mpls mldp logging notifications
!
interface Loopback0
ip address 50.0.0.2 255.255.255.255
ip pim sparse-mode
!
interface Loopback100
ip vrf forwarding yellow
ip address 100.0.0.2 255.255.255.255
ip pim sparse-mode
!
interface FastEthernet0/0
ip vrf forwarding yellow
ip address 10.1.0.2 255.255.255.0
ip pim sparse-mode
!
interface FastEthernet1/0
ip address 10.2.0.2 255.255.255.0
mpls ip
!
router ospf 1
router-id 50.0.0.2
network 10.0.0.0 0.255.255.255 area 0
network 50.0.0.0 0.0.0.255 area 0
!
router rip
version 2
no auto-summary
!
address-family ipv4 vrf yellow
redistribute bgp 1
network 10.0.0.0
network 100.0.0.0
default-metric 5
no auto-summary
version 2
exit-address-family
!
router bgp 1
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 50.0.0.4 remote-as 1
neighbor 50.0.0.4 update-source Loopback0
neighbor 50.0.0.6 remote-as 1
neighbor 50.0.0.6 update-source Loopback0
!
address-family ipv4
redistribute rip
exit-address-family
!
address-family vpnv4
neighbor 50.0.0.4 activate
neighbor 50.0.0.4 send-community extended
neighbor 50.0.0.6 activate
neighbor 50.0.0.6 send-community extended
exit-address-family
!
address-family ipv4 vrf yellow
redistribute connected
redistribute rip
exit-address-family
!
mpls ldp router-id Loopback0
!
R3#
!
ip multicast-routing
!
interface Loopback0
ip address 50.0.0.3 255.255.255.255
ip pim sparse-mode
!
interface FastEthernet0/0
ip address 10.2.0.3 255.255.255.0
mpls ip
!
interface FastEthernet1/0
ip address 10.3.0.3 255.255.255.0
mpls ip
!
router ospf 1
router-id 50.0.0.3
network 10.0.0.0 0.255.255.255 area 0
network 50.0.0.0 0.0.0.255 area 0
!
R4#
!
ip vrf yellow
rd 2:200
vpn id 50:10
mdt preference mldp
mdt default mpls mldp 100.0.0.1
mdt data mpls mldp 255
mdt default 239.1.1.1
mdt data 238.2.2.0 0.0.0.255 threshold 40
mdt data threshold 40
route-target export 2:200
route-target import 2:200
!
ip multicast-routing
ip multicast-routing vrf yellow
!
mpls mldp logging notifications
!
interface Loopback0
ip address 50.0.0.4 255.255.255.255
ip pim sparse-mode
!
interface Loopback100
ip vrf forwarding yellow
ip address 100.0.0.4 255.255.255.255
ip pim sparse-mode
!
interface FastEthernet0/0
ip vrf forwarding yellow
ip address 10.4.0.4 255.255.255.0
ip pim sparse-mode
!
interface FastEthernet1/0
ip address 10.3.0.4 255.255.255.0
mpls ip
!
router ospf 1
router-id 50.0.0.4
network 10.0.0.0 0.255.255.255 area 0
network 50.0.0.0 0.0.0.255 area 0
!
router rip
version 2
no auto-summary
!
address-family ipv4 vrf yellow
redistribute bgp 1
network 10.0.0.0
network 100.0.0.0
default-metric 5
no auto-summary
version 2
exit-address-family
!
router bgp 1
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 50.0.0.2 remote-as 1
neighbor 50.0.0.2 update-source Loopback0
!
address-family ipv4
redistribute rip
exit-address-family
!
address-family vpnv4
neighbor 50.0.0.2 activate
neighbor 50.0.0.2 send-community extended
exit-address-family
!
address-family ipv4 mdt
neighbor 50.0.0.2 activate
neighbor 50.0.0.2 send-community extended
exit-address-family
!
address-family ipv4 vrf yellow
redistribute connected
redistribute rip
exit-address-family
!
mpls ldp router-id Loopback0
!
R5#
!
ip multicast-routing
!
interface Loopback0
ip address 100.0.0.5 255.255.255.255
!
interface FastEthernet0/0
ip address 10.4.0.5 255.255.255.0
ip pim sparse-mode
ip igmp join-group 224.2.2.2
!
router rip
version 2
network 10.0.0.0
network 100.0.0.0
no auto-summary
!
ip pim bidir-enable
!
>>> Trace to R5's loopback works.
R1#trace 100.0.0.5
Type escape sequence to abort.
Tracing the route to 100.0.0.5
1 10.1.0.2 16 msec 60 msec 28 msec
2 10.2.0.3 [MPLS: Labels 16/21 Exp 0] 128 msec 84 msec 96 msec
3 10.4.0.4 [MPLS: Label 21 Exp 0] 108 msec 96 msec 44 msec
4 10.4.0.5 152 msec 124 msec 104 msec
R1#
>>> PING to multicast address fails.
R1#ping 224.2.2.2 so lo0 repeat 50
Type escape sequence to abort.
Sending 50, 100-byte ICMP Echos to 224.2.2.2, timeout is 2 seconds:
Packet sent with a source address of 100.0.0.1
.......
R1#sh ip mroute
IP Multicast Routing Table
Flags: D - Dense, S - Sparse, B - Bidir Group, s - SSM Group, C - Connected,
L - Local, P - Pruned, R - RP-bit set, F - Register flag,
T - SPT-bit set, J - Join SPT, M - MSDP created entry,
X - Proxy Join Timer Running, A - Candidate for MSDP Advertisement,
U - URD, I - Received Source Specific Host Report,
Z - Multicast Tunnel, z - MDT-data group sender,
Y - Joined MDT-data group, y - Sending to MDT-data group
Outgoing interface flags: H - Hardware switched, A - Assert winner
Timers: Uptime/Expires
Interface state: Interface, Next-Hop or VCD, State/Mode
(*, 224.0.1.40), 00:30:58/00:02:49, RP 0.0.0.0, flags: DPL
Incoming interface: Null, RPF nbr 0.0.0.0
Outgoing interface list: Null
R1#
R2#sh ip pim vrf yellow neigh
PIM Neighbor Table
Mode: B - Bidir Capable, DR - Designated Router, N - Default DR Priority,
P - Proxy Capable, S - State Refresh Capable, G - GenID Capable
Neighbor Interface Uptime/Expires Ver DR
Address Prio/Mode
10.1.0.1 FastEthernet0/0 00:22:38/00:01:16 v2 1 / S G
R2#
>>> No PIM peering over the LSPVIF0 interface.
R2#show mpls mldp database
* Indicates MLDP recursive forwarding is enabled
LSM ID : 1 (RNR LSM ID: 2) Type: MP2MP Uptime : 00:06:55
FEC Root : 100.0.0.1
Opaque decoded : [mdt 50:10 0]
Opaque length : 11 bytes
Opaque value : 02 000B 0000500000001000000000
RNR active LSP : (this entry)
Upstream client(s) :
None
Expires : N/A Path Set ID : 1
Replication client(s):
MDT (VRF yellow)
Uptime : 00:06:55 Path Set ID : 2
Interface : Lspvif0
R2#
R2#sh ip pim vrf yellow mdt
* implies mdt is the default MDT
MDT Group/Num Interface Source VRF
* 0 Lspvif0 Loopback0 yellow
R2#
R2#sh ip mroute vrf yellow
IP Multicast Routing Table
Flags: D - Dense, S - Sparse, B - Bidir Group, s - SSM Group, C - Connected,
L - Local, P - Pruned, R - RP-bit set, F - Register flag,
T - SPT-bit set, J - Join SPT, M - MSDP created entry, E - Extranet,
X - Proxy Join Timer Running, A - Candidate for MSDP Advertisement,
U - URD, I - Received Source Specific Host Report,
Z - Multicast Tunnel, z - MDT-data group sender,
Y - Joined MDT-data group, y - Sending to MDT-data group,
G - Received BGP C-Mroute, g - Sent BGP C-Mroute,
Q - Received BGP S-A Route, q - Sent BGP S-A Route,
V - RD & Vector, v - Vector
Outgoing interface flags: H - Hardware switched, A - Assert winner
Timers: Uptime/Expires
Interface state: Interface, Next-Hop or VCD, State/Mode
(*, 224.0.1.40), 00:17:04/00:02:58, RP 0.0.0.0, flags: DCL
Incoming interface: Null, RPF nbr 0.0.0.0
Outgoing interface list:
FastEthernet0/0, Forward/Sparse, 00:17:02/00:02:46
Loopback100, Forward/Sparse, 00:17:03/00:02:58
R2#
R5#sh ip mroute
IP Multicast Routing Table
Flags: D - Dense, S - Sparse, B - Bidir Group, s - SSM Group, C - Connected,
L - Local, P - Pruned, R - RP-bit set, F - Register flag,
T - SPT-bit set, J - Join SPT, M - MSDP created entry,
X - Proxy Join Timer Running, A - Candidate for MSDP Advertisement,
U - URD, I - Received Source Specific Host Report,
Z - Multicast Tunnel, z - MDT-data group sender,
Y - Joined MDT-data group, y - Sending to MDT-data group
Outgoing interface flags: H - Hardware switched, A - Assert winner
Timers: Uptime/Expires
Interface state: Interface, Next-Hop or VCD, State/Mode
(*, 224.2.2.2), 00:23:23/00:02:31, RP 0.0.0.0, flags: SJCL
Incoming interface: Null, RPF nbr 0.0.0.0
Outgoing interface list:
FastEthernet0/0, Forward/Sparse, 00:23:23/00:02:31
(*, 224.0.1.40), 00:23:23/00:02:39, RP 0.0.0.0, flags: DCL
Incoming interface: Null, RPF nbr 0.0.0.0
Outgoing interface list:
FastEthernet0/0, Forward/Sparse, 00:23:23/00:02:39
R5#
The authenticating server is ACS 5.5. Wireless controller is configured to forward authentication to ACS server. The ACS server's certificate is obtained through Entrust, a third-party vendor. When clients such as Ipad, Iphone, Android phones connect to a wireless network and authenticate, it prompt them to Trust the certificate one time. But if the same devices go to a SSL website using the same third-party vendor, there is no prompt. Why is that?
Brian McGahan, 4 x CCIE #8593 (R&S/SP/SC/DC), CCDE #2013::13
Internetwork Expert, Inc.
Brian McGahan, 4 x CCIE #8593 (R&S/SP/SC/DC), CCDE #2013::13
Internetwork Expert, Inc.
Brian McGahan, 4 x CCIE #8593 (R&S/SP/SC/DC), CCDE #2013::13
Internetwork Expert, Inc.
Brian McGahan, 4 x CCIE #8593 (R&S/SP/SC/DC), CCDE #2013::13
Internetwork Expert, Inc.
Brian McGahan, 4 x CCIE #8593 (R&S/SP/SC/DC), CCDE #2013::13
Internetwork Expert, Inc.
Forums for discussion of the CCIE RSv5 Workbook are now available here. Sub-forums each have email ailases as well.
Lets get the nasty bits over with.
No I'm not a CCIE...I failed....TWICE! Shame on me but those who followed my posts previously had an idea that I was well on my way to passing this thing...or at least had a better than average shot at it.. Then EXACTLY 90 days before...EXACTLY on the same day...actually 2 hours after I got the conformation e-mail from cisco something horrible happened. (In hind sight it was a good thing but at the time...it was impossible)
Its been tough but enough moping.
I'm back. Will Tox study for this thing again? I dont know...I dont wanna teach anymore....so I'm in limbo. I DO know that I'm done being locked up in my room 12 hours a day by myself...and there are only so many CCNA and CCNP classes that I can bear to teach now.
Ver 5 took PfR away and Layer 2 qos...GOOD....they took Frame away...BAD...C'est la vie
The proctor now happens to know me as "the guy that ate too much hot sauce during lunch and was dobled over for most of the exam!"
I've lost a lot of technical knowhow...if you were to ask me about OSPF transit capability or BGP outbound route filtering...I'm stare at ya blankly...ok not exactly blankly but I wouldn't nail it...which is a shame....but i'm back...
I believe this is a step in the right direction.
To old friends on here...
Hello once more.
Tox!
Guys, i have a few comments on the above task:
- In the solution, the domains cyberscam.org and nullroute.com are added as follows in regex: "(cyberspam.org|nullroute.com)". I think it must be "(cyberspam\.org|nullroute\.com)", please correct me if i am wrong.
- In the questio, it is asking to reject emails from senders. In this case, the solution is using reset as action. In this specific task, i could use drop connection because it did not specify to send a TCP reset message to client/server, am i right?
- We are using policy-map type inspect esmtp and do a match because there is no class-map type inspect esmtp to do the match, can we use the match commnd inside policy-map type inspect http without using class-map type inspect http even if exists and we get the same result?
Please correct me if i am wrong.
Hi community,
Just to let you know that I fail on my first attempt on May,12 at Brussels.
My main weak points were on TS, comprehension and speed.
But the main point in wich I was desapointed was that the keyboard was Belgium instead of French!
I'm now preparing for v5 and never give up until I get my number.
Hi,
I read the task (3.50) and I can't see where is the information that we should send traffic to destination as untagged:
"- Configure the management IP address to be 136.1.43.100/24, and set the default gateway to 136.1.43.9; ensure that HTTP management access is allowed only from VLAN 37.
- Configure SW3 to send VLAN 37 traffic to the IPS. Traffic should not be received by SW1. Avoid traffic duplication and associate TCP resets with VLAN 37.
- Configure SW4 to send Gi1/0/7 traffic to the IPS and allow tagged inbound TCP resets.
- Enable signature 2000 for VLAN 37 traffic and signature 2004 for Gi1/0/7 traffic."
and provided solution:
monitor session 1 destination interface Gi1/0/9 ingress untagged vlan 37
Is the below solution correct as well?
monitor session 1 destination interface Gi1/0/9 encapsulation dot1q ingress dot1q vlan 37
regards
Hubert
Working through some scenarios and Cisco docs - I see where Cisco says that you must allow the native vlan across the ethernet trunk for FCOE to function properly. However, they fail to do this in their own examples. I have configured FCOE between 5k's and 7k's without the native vlan being allowed on the trunk. I am confused as to how I should confgure this to be sure I dont miss the question on the real exam
I am currently out of the office returning 16 June. For technical issues and updates on open tickets please contact the Managed Services Centre on 1800 255 255 or email servicedesk@eircom.ie
Task asks us to have R3 originate a default route into OSPF as long as it has an active connection to either BB2 or BB3. The solutions guide used a route-map which checked for the presence of the networks that BB2's or BB3's directly connected interface to R3 reside in as a means of determining whether the BBs would be accessible. What doesn't make sense is if I shutdown the BGP session between R3 (not the interface) and it's neighbors, the default route still gets originated. Correct me if I'm wrong, but the solution doesn't meet the task requirements.
The way I got this to work was to configure my prefix list to permit the BGP routes received from BB2 and BB3. Then, when I shutdown my BGP neighbors, all my BGP routes went away as did the default route. As soon as I added one of my BGP neighbors back, the default route came back as well. Also, I was able to get this to work whether I was using "default-information originate always" or just "default-information originate".