Professional Documents
Culture Documents
Abstract:
This is a compilation of notes, gotcha's, pointers, etc from my research in preparation for my
upcoming CCIE SP Lab exam which I have acquired over many years. Please feel free to
notify me of more improved ways to those listed below and or errata through my CCIE blog at
cciesplab.wordpress.com or by email at cciesp@rocketmail.com.
To this end my timing plan is as follows -> Total Time = 8 hours = 480 Minutes. Lab Points
Total = 100 Points, allowing 30 minutes for opening moves [see below] and 50 minutes for
checking, validation and verification at the end, gives me 400 minutes for configuration
=> 4 Minutes/Point.
Pre-Lab Actions:
1 Month:
Adjust your body to performing 8 hour labs - Stamina will be key - you will be no use to
anyone if you get tired after 5 hours of labbing. With 1 month to go ensure you are not doing 4
hour mini-labs rather the longer ones.
1 Week:
Adjust your body clock to the lab time. In my case I work 11am-7pm GMT whereas the Lab
Exam in Brussels starts at 0745. This is 0645 GMT so with a week to go I will be up,
showered, and had breakfast and sitting at my desk at 0730 to start an 8 hour lab with lunch
at 12 for 30 minutes. I need to be fully alert at 0745 on Lab Day.
15 Minute Immediate Action: Anyone who has served in the military knows what an
Immediate Action is – when something goes wrong a backup plan – in this case I’m going to
move on if I cannot get any 3 pointer completed within 15 minutes ensuring I finish the lab!
Page 1 of 7
Lab Action Plan: [Note: All times below are estimates and dependent on points values as per
timing plan noted above]
I am not an Alias guy but now would be the time to do this, type these into notepad and cut &
paste onto the routers ‘show run | b Se’ – Remember for large or repetitive configurations
such as BGP, use notepad and then copy and paste but be aware of changing values such as
IP’s, subnets, etc as you copy and paste.
Page 2 of 7
Switching: [15 minutes: 0900->0915]
• Check VLAN’s as per instruction
• Check VTP Modes
• Check Trunking & Access Ports
• A lot of pre-configuration completed so use the verification commands below.
• Ping vlan by vlan. Select only one device and ping all other on a specific vlan.
• If naming something, type it exactly as specified – Ref: Narbik
• Specify both Duplex and Speed as Auto-Sense can be troublesome – Ref: IEMentor
& Gorito
• DocCD Location => Main URL, Cisco IOS SW Release 12.4 Family, 12.4 Mainline,
Configuration Guides, Cisco IOS LAN Switching Configuration Guide, Release 12.4
• Verification Tools => show interfaces, show interfaces trunk, show vlan brief, show
vtp status, clear interface
=> Golden Moment – Bridging & Switching Complete – Total Time 1 Hour 45Mins <=
♦ IGP: [Note that probably only one of these will be the core IGP]
OSPF: [30 Minutes: 0945->1015]
• While reading the task, use your master diagram to configure OSPF router by router
not area by area. Look for the following OSPF characteristics.
• Authentication, stub or nssa, virtual link
• Refer again to your master diagram, colour in the OSPF areas.
• Make a note on redistribution, summary, area-range, DR/BDR, OPSF network type.
• Get Area 0 working 100% first.
• Ensure Area 0 Contiguous, test, create GRE/Virtual-links, and test again.
• Configure other areas.
• Leave OSPF Security until last.
• From a time perspective, router by router saves you revisiting router and typing in
additional commands after the fact.
• First Interface and then router ospf
Page 3 of 7
Preferred sequence for configuring interface
1) OPSF network type based,
2) priority,
3) Authentication,
IS-IS: [30 Minutes: 1015->1030] – Same as OSPF – Allowing additional 15 minutes in case
both are present.
• This has been noted by previous candidates and having quite a bit to do on the SP
Exam! Refer again to your master diagram, colour in the ISIS areas.
• Configure ISIS on relevant routers
• Note what ISIS Levels are required – 1 or 2,
• Assign appropriate NET addresses
• Remember unlike other IGP’s, ISIS configured at Interface level and is essentially a
L2 protocol.
• Verify adjacencies
• Due to ISIS only knowing two forms of media – LAN or point-to-point -> use the
frame-relay map clns command to create maps for protocol to run.
• Configure any ISIS filtering/redistribution
• Configure Authentication if required.
• Configure any additional ISIS nuances/parameters such as metrics/timers, etc we
encounter.
• DocCD Location => Main URL, Cisco IOS SW Release 12.4 Family, 12.4 Mainline,
Configuration Guides, Cisco IOS IP Routing Protocols Configuration Guide, Release
12.4
• Verification Tools => show isis database, show isis topology, show clns protocol,
show clns interface, show clns neighbors.
=> Golden Moment - IGP Complete – IGP Time 1 hour – Total Time 3 Hours <=
Page 4 of 7
♦ BGP: [60 Minutes: 1030-1130 – dependent on points]
• While reading task, draw BGP topology on master diagram, this is important.
• Determine Route Reflector or confederation or both to do full-mesh iBGP.
• See if neighbor peer-group is required,
• Configure router by router not BGP session-by-session
• Configure one AS then another – be AS focussed.
• Ascertain required address families & configure – ipv4, vpnv4, ipv4 vrf, etc
• Ensure reachability, one AS at a time.
• Spend enough time to be absolutely correct on route-filtering (ACL, prefix-list, as-path
filer), route-aggregate(w/ as-set, summary-only, supress-map, attribute-map,
advertise-map), route-manipulation( w/as-prepending, med, local-pref, weight, next-
hop, advertise-map/non/existing-map, origin, community, etc ) route-dampening, etc.
• Resolve any next-hop-self issues which are easier to troubleshoot working one AS at
a time.
• Validate config. Use "clear ip bgp * soft "not", clear ip bgp *.
• Leave BGP Authentication until last.
• Save, reload and test.
• DocCD Location => Main URL, Cisco IOS SW Release 12.4 Family, 12.4 Mainline,
Configuration Guides, Cisco IOS IP Routing Protocols Configuration Guide, Release
12.4
• Verification Tools => show ip bgp, show ip bgp summary, show ip route bgp, show
ip bgp neighbors, show ip bgp neighbors neighbor-ip-address, debug ip bgp
=> Golden Moment – EGP Complete – Ensure full Reachability Maintained, Save Configs <=
Test full reachability with TCL Script. Check you get an ICMP response from every router to
every router. If ping has no response, write down IP address and troubleshoot.
The master diagram will help here. Method involves - show ip alias, Copy to Notepad, Search
and Replace to "Massage the Data and toss in the PING Command), Wrap what's left in a
TCL or Macro, Copy and Paste into a Router.
• Tag Switching v Label Switching, when to use which ones – Watch for IOS Bugs
here!
• Watch any integration with EGP
• MPLS might be the final piece of the jigsaw for full lab reachability.
• Cell Mode v Frame Mode
• MPLS Traffic Engineering – Levels, metric-style wide, ip explicit config, RSVP? etc.
• DocCD Location => Main URL, Cisco IOS SW Release 12.4 Family, 12.4 Mainline,
Configuration Guides, Cisco IOS Multiprotocol Label Switching Configuration Guide,
Release 12.4
• Verification Tools => show mpls forwarding-table, show mpls interfaces, show mpls
ldp neighbor, show mpls ldp parameters, show mpls traffic-eng autoroute
Page 5 of 7
Afternoon Session:
• Know SNMP, setting up community strings, traps, RMON, pointing at various devices,
etc
• Netflow, destination address, port no, version, etc
• NTP, master, server, source, etc.
• Know about various IP Services available in the IOS
• DocCD Location => Main URL, Cisco IOS SW Release 12.4 Family, 12.4 Mainline,
Configuration Guides, Cisco IOS NetFlow Configuration Guide, Release 12.4 & Cisco
IOS Network Management Configuration Guide, Release 12.4 & Cisco IOS
Configuration Fundamentals Configuration Guide, Release 12.4
• Verification Tools => Multiple Commands.
• Be careful not to block or drop any IGP updates; Draw a flow on paper if required
• Consider all options for classification - std/ext/reflexive/dynamic ACL, IP Prefix List, IP
inspect, tcp intercept, Unicast RFP, ip accounting output packet /access-
violation/precedence.
• Be aware of various ways to configure MD5 for IGP, some of this may be completed
via the IGP\EGP sections, ensure you have read ahead at the start of the lab.
• When configuring Switchport port-security mac-address, be careful to include virtual
and physical mac if HSRP is running
• Know response planning to common security attacks such as DOS, Smurf, etc.
• DocCD Location => Main URL, Cisco IOS SW Release 12.4 Family, 12.4 Mainline,
Configuration Guides, Cisco IOS Security Configuration Guide, Release 12.4
• Verification Tools => Multiple Commands.
• So much here: VRF, VRF-Lite, MP-iBGP, MP-eBGP, Important to map out on your
master diagram, the flow/direction of the VPN Traffic so that the correct configuration
can be applied to the correct interface on the correct router in the correct direction!
• MP-BGP filtering, specifying route-targets, etc
• PE-CE Routing, RIP - Watch Split-Horizon is off on physical FR and ATM,
authentication, version, auto-summary, etc; Other IGP/EGP considerations configure
router-by-router, Advanced Options-CSC, Internet Access, Central Services, etc.
• Be aware of various backup routes for the VPN traffic in the event of line/router
failure, redistribution of PE-CE to Core and vice versa.
• Be aware of VPN and Frame Relay specific limitations
• GRE/mGRE tunnels, when to use, how to configure.
• Be able to provide Internet Access from one portion of the inter-network to another.
• Be able to exchange EGP traffic across AS’s, watch next-hop, watch multi-hop, etc
• QinQ/PPoE – benefits = reduce no of VLANs, scalability, encap dot1q, pppoe
enabled, etc.
• DocCD Location => Main URL, Cisco IOS SW Release 12.4 Family, 12.4 Mainline,
Configuration Guides, Cisco IOS Multiprotocol Label Switching Configuration Guide,
Release 12.4
Verification Tools => show ip vrf, show ip route, show ip route vrf vrf-name [prefix], show
ip cef vrf vrf-name [ip-prefix], ping vrf, show ip bgp vpn all summary, show ip vrf detail, ping vrf
<vrf> <ip address> source <source ip>, sh ip bgp vpn all summary, sh ip bgp vpn all, sh ip
bgp vpn vrf <vrf> summary, sh ip bgp vpn vrf <vrf>, sh ip bgp vpn vrf <vrf> labels, sh mpls
forwarding, sh mpls forwarding | inc <prefix>, sh mpls forwarding vrf <vrf> <prefix>, sh mpls
forwarding label <label>.
Page 6 of 7
♦ SP Multicast: [30 Minutes: 1445->1515]
Page 7 of 7