Well, I had MLK off today, so I did lab 14 and some other reading. It was a pretty good effort I think, although to be honest I struggled with some of the IP services section….some just very not well known options that I failed to find on the DocCD.  I’ll cover the things I missed here, as well as any other notes I feel relevant.

Task 2.1 had me confused for quite some time. It was very basic — assigning switch ports to the proper vlans. However, the mapping they gave you in the workbook referenced Gi0/0 on R2 for some reason, which didn’t exist on the diagram….hmmmm……After a good 10 minutes staring at it, I broke down and checked the final configurations…nothing there either. I take this as a typo.

The overall layout of the lab was confusing at first, becuase it was quite different than any of the other lab topologies. Particuarly, you had to use subinterfaces on R1 as well but it was definitely not clear in the diagram, and no task really mentioned it. You just had to figure it out from looking at the diagram. It just said R1 whatever interface was for VLAN A/C. So, wasn’t sure if I was to use a secondary or what. I did end up getting it.

Task 2.5 — Port Security — This has me puzzled for a while. It was a basic task whereby you are only to allow the mac address of R4 on it’s switch port. I configured switchport port-security prior to configuring switchport port-security mac-address and kept getting an error in IOS saying I had a duplicate MAC address. Turns out I had to configure the mac address on the port in port-security first, then do “switchport port-security”. I accomplished this by defaulting the interface and starting the task over.

Task 3.2 — No Peer Neighbor Route, and no documentation either! — Most of you reading this probably know about the “peer neighbor-route” command for PPP. It is the command that enables a /32 host route to be installed in your routing table when doing PPP. The “no” form of this command removes it of course. I got this part of the task, but I think it is worth noting that so far as I can tell this is an undocumented feature. It is not on the master command list for 12.4.

Task 4.3 — RIP Filtering — This task states very specifically “Various routes are being advertised from BB3 to R7. Using an access-list with a single line of config, accept only the following routes:”

Now, I did get the answer to this as listed in the PG: access-list 1 permit  Then, link that to a distribute-list. The thing is that when I was writing this I noticed that it doesn’t allow ONLY those routes. technically, since we have 2 bits in the “don’t care” position in our ACL it actually allows 2^2 or 4 routes …. the other one it allows is I guess it would be an “ask the proctor” because I don’t think there is a way to do this in one line as instructed.

Task 5.4 — This asks you to have R1 prefer all EIGRP routes from R2. You are not allowed to change the referenced bandwidth on any router. The solution is to simply change the delay. However, the PG opts to increase the dealy on R1’s interface connected to R2 ….which to me would do the OPPOSITE. I configured an increased delay on R1’s interface connecting to R5 so that routes coming from R5 would have a WORSE metric …seemed to work

My redistribution section was far more involved than the proctor guide called for …but whatever. They are using no filtering whatsoever, and I have decided to always to route-map filtering at every point of redistribution. To me, not using filtering is asking for trouble especially in a CCIE lab where you are doing mutual redistribution between everything. Well worth the 10 minutes to whip up a handful of route-maps.

Oh yeah, I also had to do some minor tweaking here. I had to change the distance of any RIP routes learned from R7 on R8 so that the RIP routes were preferred over OSPF. Otherwise, I ran into issues (a routing loop) trying to ping the R7 loopback from R1’s loopback.

Task 7.1 — Basic BGP setup — Technically I probably would have lost 3 points here. I forgot to do a “next-hop-self” when neighboring between R1 and R2. The reason it was needed is because the routes that are learned on R1 from BB2 have a next hop of 172.16.something and there was a previous lab requirement that 172.16 routes should not be in any routing tables other than “connected”.

Task 7.3 — BGP prefix-list — Frankly, this task pisses me off. I think the wording chosen is pretty poor — “R6 should not accept any prefix with a mask length of 24 bits or more from AS400 or AS125. As the admin of both As400 and AS125 make the necessary changes to provide redundant connectivity through AS67 to AS21. Do not suppress any other routes and ensure all AS-Path attributes remain unchanged”

OK, so right off the bat I know I need a prefix list on R6 inbound on both of it’s neighbors. R6 has a single BGP peering to both AS400 and AS125. But that wording about redundancy???? WTF? Do I need to make some sort of redundant peering? The answer turned out to be just adding an aggregate route on the AS400/As125 neighbors with as-set ….and make sure not to add the summary-only keyword. I don’t really get it ….I mean OK I guess it is “redundant” because now you have 2 routes …a summary /22 and the more specific /24 routes, but it is not TRULY redundant is it? I mean if the physical link goes down you are fucked anways.

Task 8.1 — Definitely missed this one.  “Reduce the amount of time to a minimum that R6 will wait before timing out a telnet session that it has originated” hmmmmmm I searched the doc-cd for a bit but was unable to come up with “ip tcp synwait-time 5”

Task 8.3 — Smoked again by “On R8 ensure that configuration files are reduced in size before being saved to NVRAM” — After looking at some options like archive, and tar for a while, and searching some command references I gave up on this one which turned out to be “service compress-config” Had I been searching in the correct place I would have found this.

Task 10.1 — Custom Queuing — This task OWNED me hard! I knew how to do custom queueing, but the task asked you to also distribute a % of bandwidth for each queue. For instance “15% of bandwidth to DNS traffic with a packet size of 350 bytes” Turns out there is some insane formula for this conversion on the doc CD. If you look under QoS config guide, you will find it under the congestion management section overview. Even after having done all the math, my numbers did not come out to exactly what they asked for.

Task 10.2 — Rate Limit question — I got this task, but I am just wondering about the BC and BE values used. According to the documentation you are supposed to use (configured rate in bits / 8) * 1.5 for BC and (configured rate in bits / 8) * 3 for BE, but the PG seems to just pick random values for these

Task 10.3 — Marking — I got the idea here, but made a dumb mistake which ended up marking ALL traffic with IPP 1 instead of marking some traffic with IPP 1 and other traffic with IPP 2. It was a simple logic mistake in my policy map.

Task 12.4 — “Reduce by half the amount of time R8 will wait before issuing the following message “% Password: timeout expired!” when logging in. — Totally couldn’t find this. Turned out to be “timeout login response 15” on the vty lines. Again, had I looked in the proper section I would have found this easily. I was hunting around the terminal services, management, and configuration fundamentals sections — naturally it was under security where I failed to look 🙂

All in all not too bad of an effort. It was actually pretty refreshing after Lab 13 completely and utterly owned me. Looking forward to lab 15 and finishing out volume 2!