Warning: count(): Parameter must be an array or an object that implements Countable in /homepages/29/d134578137/htdocs/wp-includes/post-template.php on line 284

Warning: count(): Parameter must be an array or an object that implements Countable in /homepages/29/d134578137/htdocs/wp-includes/post-template.php on line 284

Warning: count(): Parameter must be an array or an object that implements Countable in /homepages/29/d134578137/htdocs/wp-includes/post-template.php on line 284

Warning: count(): Parameter must be an array or an object that implements Countable in /homepages/29/d134578137/htdocs/wp-includes/post-template.php on line 284

Another pretty decent lab effort! I was overall pretty pleased with performance on this lab. Here are the gory details I know you are all dying to hear!

Task 1.2 — Bridging — So to start the lab, they give you all the VLAN numbers and addresses you should be using and basically tell you to set them up as normal. They give you 2 VLANs, 8 and 81 with the same address….hmmmmm. I honestly thought this could possibly be an error in the lab workbook (things like this are not uncommon) so I peeked at the PG for a second to validate. Having noticed that it was a bridging configuration I had no problem configuring it. I had 2 subinterfaces on the router doing the bridging (R8), each trunking with their own tag (encap dot1q 8 and encap dot1q 81) down to the switch which was also set to trunk. Then I used IRB for my layer 3 address. The REALLY interesting part of this configuration came later when you were required to run 2 different EIGRP processes on the same router on that subnet. So EIGRP 65530 peers with the switch I think it was, and EIGRP 65531 peers with a BB router. I honestly didn’t know if it would work, but it did!

Task 1.3 — I lost 2 points here because I didn’t come up with the right answer plain and simple. “Configure Cat2 port Fa0/15-20 so that the ports are set for increased security and reliability when connecting to desktops in VLAN 6” hmmmmm port security crossed my mind for security, but what about reliability? Wouldn’t that make it LESS reliable due to possible port shutdowns, etc? Turns out they were looking for a built in macro “cisco-desktop” applied via “macro apply cisco-desktop $access_vlan 6”. If you get in a jam you can always use “show parser macro” to see the built in macros. To be fair, it actually says on the doc-cd that this macro increases security and reliability hehe

I have to say this was probably one of the more complex OSPF scenarios I have labbed, mainly due to the fact that there was a different kind of authentication used in every different area. It took me a while to setup, because I had MD5 here, plain text there, and even “use md5 with the default key” meaning NULL. I definitely made a stupid mistake in my OSPF setup here. I’m not entirely sure if it would be counted WRONG since I did find a way around it.

You are to configure Area 40 which is directly attached to area 0, but they tell you to “configure area 40 so that it only has a default route with a cost of 4444 to reach all networks not attached to BB1″ So to me that meant totally-stubby area for sure. dude. So I configured area 40 as totally stubby and went about my business. BUT later in the lab you redistribute RIP into OSPF area 40 which caused me some grief. Since you can’t redistribute into a stub area, I simple created a tunnel between R4 and R6 and slapped it into area 0. It worked fine, but now I see the OBVIOUS better choice would have been to simply make area 40 a toally NSSA (dude). As far as the cost, I just did “ip ospf cost 4443” on R4’s interface and that seemed to work nicely, although what they were looking for was a nssa configuration whereby you push out a default route using “area 40 nsssa default-information-originate no-summary” followed up with “area 40 default-cost 44444”.

Task 3.5 had another one of those annoying caveats whereby you shake your head and go “what the hell does that even mean?” “Configure OSPF area 69 between R6/R9. Authenticate this link with type 1 authentication. This area should be as fault resilient as possible” OK what the hell does “as fault resilient as possible” mean here? R6 connects to R9 with a multilink PPP interface so I guess that is what they mean — make sure both links are in the bundle? The already were from a previous task but whatever. No problem. Also this required a virtual-link over area 69 as off the other end of R9 we had a discontiguous area 0.

Section 6 — Redistribution — I should have been a better student and read the entire lab ahead of time! The first thing they ask you to do here is “redistribute all loopbacks into their IGP”. Of course I had already added all the loopbacks via the network command so I had to go back, remove all the network commands and write route-maps for all my routers. bah.

My redistribution seriously took me like 30 minutes. The lab called to “redistribute at every point on the network where thereis more than one protocol running on a router.” I always have a difficult time trying to figure out what needs to go where to end up with full reachability, no loops, and the least amount of typing, so my default solution is to do mutual redistribution everywhere with route tags and filtering just to be safe. I swear to God on R8 I had 5 route-maps totalling a couple pages long. I should seriously figure out how to do this more efficiently, but I always fear the dreaded routing loop. Everything worked fine, but I probably did way more redistribution than was required for reachability.

Task 7.3 — “ensure that only directly connected clients of AS 102 can transit AS 50” hmmmm I definitely misunderstood this task entirely. I probably would have asked the proctor. When I thought of directly connected clients, I thought they meant like actual PCs, computers on the local subnet. Turns out they mean directly connected AS peerings because the solution here calls for an as-path access-list that only allows routes from neighbors with only 1 other AS in the path.

Task 8.2 — “provide a means for routers within the network to retrieve an IOS file called BACKUP.bin from R1” — OK I got the idea here, tftp-server command pointing to flash but I didn’t know they wanted you to do it for REAL as in I typed in “tftp-server flash:BACKUP.bin” and the PG has “tftp-server flash:c2800nm-adventeeprisek9-mz.124-3a.bin alias BACKUP.bin” eh.

Task 8.3 — I was proud of myself for finding this one since I was dead in the water without the doc CD to figure out “monitor the total packet and byte count for each precedence value inbound on the multilink interface of R9”. I did a find for “precedence” in the command reference somewhere and found the answer “ip accounting precedence input”

Task 8.4 — The question nor the answer make any sense. “users behind BB1 on 200.101.0.0/16 must be able to transit the network transparently to connect to users behind BB3 on 200.103.0.0/16.” OK at first I thought transparently hmmmm maybe some NATing. The problem I kept running into was that those 200.x routes where nowhere to be found … uhhhhh even on the backbone routers. The solution guide calls for a GRE tunnel between the 2 routers that attach to the 2 backbone routers, and some PBR. That still doesn’t solve the problem though. Say your PBR matches a source packet from 200.101.0.0/16 OK it throws it out the tunnel. It gets to the other side and dies because the other side STILL has no route to 200.101.0.0/16. Bad task.

Task 9.3 — I made a dumb mistake here and configured my time range for 8:00 AM to 6:00 PM instead of 8:00 PM to 6:00 AM. Damn!

Task 9.4 — “There is an IP phone connected to port fa0/15 of Cat2 using 802.1p. Ensure that data frames are set to CoS 1″ I came damn close but missed the “switchport priority extend cos 1” command. I had “mls qos cos 1” instead.

There was a requirement in the lab to only use open standard protocols and I configured AutoRP instead of BSR in multicast section out of habit. bah.

Comments

One Response to “IPexpert Volume 2 Lab 15 — Review”

  1. craig s on January 22nd, 2009 9:48 am

    Joe,

    your going to rule the CCIE, i am sure you will pass, your one of the smartest guys i ever worked with. and if anybody can pass the CCIE , I know you will. Good luck and I enjoy reading your posts.

Leave a Reply