Warning: count(): Parameter must be an array or an object that implements Countable in /homepages/29/d134578137/htdocs/wp-includes/post-template.php on line 284

Warning: count(): Parameter must be an array or an object that implements Countable in /homepages/29/d134578137/htdocs/wp-includes/post-template.php on line 284

Warning: count(): Parameter must be an array or an object that implements Countable in /homepages/29/d134578137/htdocs/wp-includes/post-template.php on line 284

Warning: count(): Parameter must be an array or an object that implements Countable in /homepages/29/d134578137/htdocs/wp-includes/post-template.php on line 284

Overall I was very happy with my performance on this lab. I was determined not to do any peeking at the proctor guide at all even if the question was unclear. Below you’ll find some random notes and stuff that I got dinged on.

Frame Relay Setup — The tasks stated that R5 and R6 could not use subinterfaces, but didn’t say anything about R4. Since R2,R4 were a seperarate subnet, I went ahead and did a p2p subinterface on both sides. The proctor guide used P2P on R2 and physical on R4, but no restriction no foul as far as I’m concerned

Task 6.2 — This task asked you to create a “logical interface” between R9 and R5 and allow them to talk in EIGRP AS 69. Despite the fact that R5 is in your OSPF domain and R9 is in EIGRP AS 69. No biggie, I did a GRE tunnel correctly. I just wanted to note that I went ahead and changed the AD of any routes learned over the tunnel to 111 just in case, so that routes learned via OSPF would be preferred. Otherwise, you can get into some nasty recursive routing issues with your tunnel. Another fun part about this task is that it is impossible to do without either adding a static route, or by doing your redistribution first. I chose to finish my redistribution and come back to this task.

Also, I’ve decided to ALWAYS use route-map filtering when redistributing multiple routing protocols. Even if you think there is no possibility for a loop…It only takes about 10 minutes after you get the hang of doing it and you will feel MUCH better. I always tag everything going out of a routing protocol and deny that tag coming back in at every point of redistribution.

Task 8.1 — BGP — Simply put, my setup was different than the proctor guide, but I don’t believe that their solution is a required way to do it. In the BGP setup, they say that R2 should be in AS 64513 and that it should peer to R1. R1 should see the peering as a peering with AS 200. Then, there is R9 over in AS 64512 which they tell you to ;peer to BB3 and that BB3 should see it as AS 96. In the proctor guide they configure a confederation using AS 200 as the main AS and 64512, 64513 as sub-AS as well as a local-as 96 on R9 to BB3. I simply just did local-AS 96 on the R9/BB3 peering and local-as 200 on the R1/R2 peering. Nowhere in the lab does it say anything about the R9/BB3 peering having anything to do with AS 200 so ….whatever I think this should be fine.

Task 8.2 — (- 2 points) — Absolutely retarded mistake. They tell you that R2, R4, R5 are in AS 64513 and that R2 and R4 should only have 1 internal peer each. Thus, R5 should be a route-reflector. I went ahead and configured R2 as a route-reflector, probably because I was so used to it from other labs, and because it is the frame-relay hub and sort of a natural place to put it. doh!

Task 8.4/8.5 — Here we are asked to inject any routes learned as OSPF Type 5 LSAs into BGP without using the network command on R7. After that we are told to advertise them to R8 but NOT to R5.  For the first part the proctor guide uses “redistribute ospf 1 match external” in the BGP process. I guess it is a faster way to do it then my solution, which is below. I used a route-map to match external routes, and also tag them with a community so I can use the community for the advertise to R8 but NOT R5 bit later on down. For the filtering bit the proctor guide used a prefix list ……eh same result.

ip bgp new-format

router bgp 700

redistribute ospf 1 route-map OSPF2BGP

neighbor 210.5.5.5 route-map BGP-R5 out

R7(config)#do sh route-map OSPF2BGP
route-map OSPF2BGP, permit, sequence 10
Match clauses:
route-type external
Set clauses:
community 77:55

R7(config)#do sh ip community
Community standard list 1
permit 77:55

route-map BGP-R5, deny, sequence 10
Match clauses:
community (community-list filter): 1
Set clauses:
Policy routing matches: 0 packets, 0 bytes
route-map BGP-R5, permit, sequence 20
Match clauses:
Set clauses:
Policy routing matches: 0 packets, 0 bytes

neighbor 210.5.5.5 route-map BGP-R5 out

Task 9.1 — Some insane shit that doesn’t make much sense — This task was pretty irritating to me. At the beginning of the lab they tell you that the ethernet segment off of R8, 172.31.80.0/24 should not be in the routing table of any other routers. To start this task they tell you to make sure that any telnet traffic sourced from BB1 from an address of 10.1.1.1 and going to the ethernet segment of R8 takes the path through R6. Well how in the world would somebody on BB1 have a route to the ethernet segment of R8 if they have no route to it? Ah good question.

Now, the very next task tells us that there are users on R8’s ethernet segment that need access to every subnet in the lab. It goes on to remind us that 172.31.80.0/24 should not be in anybody elses routing table. OK, that part is fine, I can NAT to handle that requirement. But, it still doesn’t solve the first issue….if I am natting , the network 172.31.80.0/24 is still hidden from everybody else, so how would you be able to telnet to it? Obviously they wanted PBR configured. I configured PBR, but for my destination I put in the subnet of the outside NAT network instead of 172.31.80.0/24. In the proctor guide it has the PBR solution with a destination of 172.31.80.0/24 …I don’t get it. If a router had no route to the destination address, does it still do PBR? I doubt it…even if it did, it would send it to the next hop (R6) and then R6 would have no idea what to do with it. bah.

Task 9.3 (-4 points) — Mobile ARP. I simply had no idea how to do this. I had heard of it before, and I was poking around in the right places on the docCD but I did not get it right. Furthermore, after looking at the answer later I realized that my lab routers (3640’s and 2600 series’) don’t even have the command “ip mobile arp”. I still need to read up on this. I was reading in the ip mobility config guide and it seemed pretty interesting, but none of the stuff in there was actually used as the answer. They were talking about stuff like the home agent and the foreign agent, and the solution simply used ip mobility arp on the remote router and did some sort of insane redistribution of mobile routes into OSPF.

Task 11.1 — This asks you to configure a DHCP server on one of the routes, with very specific requirements to provide the information for a call manager at a certain IP address. I couldn’t remember if it was option 150 or option 66 so I did both. The answer was option 150 , but I don’t think I’d be knocked points for putting in both???

Task 11.2 (-2 points) — I got half of this right. It asked you to “make sure the router keeps track of assignments to specific hosts so that a hacker cannot take over a previously assigned IP. Do not allow older-style devices to request an IP address” I nailed the first part with “update arp” in dhcp config mode, but the 2nd part threw me. Turns out the answer was “ip dhcp bootp ignore” bah!

Task 14.1 (-2 points) — Multicast setup — I think I might have botched this a little to be totally honest, although the right idea was there. The task asked you to “using the most appropriate mode, configure R2,R5,R6,R7, and R8 to support multicast on all attached LAN interfaces. configigure all their LAN interfaces to receive multicast group 239.1.1.1 for their users. Configure R5’s loopback as the RP”

I used ip pim sparse-mode on all the LAN interfaces. The PG used sparse-dense-mode. Everything else was pretty much right, except in the PG they enable pim on the frame interface of R2 even though it only tells you to put it on the LAN interfaces….it’s because R2 has to travel over the frame to get to R5,7,8 in this lab and I overlooked that. So close, but yet so far haha.

14.3 (-1 point) — Multicast testing “Configure R1 to be able to test the multicast network” …….. uhhhhhhhhhhh ???? OK. I found some info on MRM and did my best but it was a far cry from the solution.

I just did “ip mrm test-sender-receiver” on R1’s ethernet interface.

The solution was below:

access-list 21 permit 172.31.12.2

access-list 22 permit 172.31.200.7

access-list 22 permit 172.31.80.8

ip mrm manager MyTest

manager fa0/0 group 239.1.1.1

senders 21

receivers 22 no-join

receivers 22 sender-list 21

So I guess all in all according to my grading I got -11 for a total of 89/100. Now if only I could refrain from mouthing off to the proctor during the interview I will now be required to take, I would have passed 🙂

Comments

Leave a Reply