Just starting on BGP now… Thinking about the peer-session templates….
Not sure what I think… For lab purposes I prefer good old copy & paste. Less crap to go wrong. I mean I don’t mind peer-groups to have multiple neighbours… Im a fan of KISS for this kind of stuff.
Onward and upward!
Stuff to work on:
conditional advertisements
aggregation with leaking routes
remembering what community does what!
regexp 
Gone through Narbik’s OSPF labs. Went all good with most of them. Not much caught me out.. Just a few obscure commands… Like these:
max-metric router-lsa ! This guy advertises the largest metric so this router is the least preferred path through the network. Never used it before!
area x range xxxxx not-advertise ! to filter route updates as opposed to distribute lists
area x nssa translate type7 suppress-fa ! when converting to type5 LSAs makes the forwarding address 0.0.0.0 as opposed to the one in the type7 LSA
That’s about it really… Like I have mentioned previously, I am finding this stuff too easy for my liking. I dont know if it is because of the methodical nature of Narbik’s books or what. I am not that comfortable with this. I think I will go further through the books and when I’m done, so the Cisco Assessor lab to get my arse into a reality check. Hopefully I balls them up totally so I can see if my fears are realised… But if I do ok with them then I know I am doing something right! 
Robert Williams, CEO of Certguard, the self-proclaimed “I hate braindumps” vigilante organisation has publicly defamed Ethan Banks on this website
http://www.networkworld.com/community/node/28444
Mr Williams has claimed that Ethan has used Testkings to study for his Written Exam and as such Ethan should have his CCIE Status revoked. Now, anyone who has pursued CCIE, is in the process of CCIE, or has otherwise supported someone in their pursuit, knows how long and arduous the process is. Ethan has only said the content in these dumps is what the exam material is based on, not that he used it as his only study guide.
I reviewed some of the older TestKing material during my final review, although it wasn’t a major focus. The good news is that the TK stuff has a lot of the concepts you need to know. But if you’re looking for actual questions that will show up on the exam, I didn’t see that in any of the TK material I looked at.
Now… Can anyone see in this quote where Ethan advocates using this material? All he says are the concepts are there. Nothing more. If he only relied on Testking to study, as opposed to knowing the material, then he would not have been able to pass his written. I think that is pretty simple.
The beauty of CCIE is you cant pass it by dumping. I am sure we have seen vendors promoting their “real” labs… But can you memorise eight hours of typing? If one question about L3 changes, then that will ruin your whole topology! You must know the material… Simple as that.
I can understand the crusade that Certguard are undertaking, and what the deal with dumping for exams does. They even have a section where sites are combed to see if they promote dumps or not. Have a look and see what he thinks of my site! :) www.certguard.com However, I think the attack on Ethan is unjustified and is nothing more of an exercise to scapegoat a hard working individual and generate traffic/income/hits/interest in a site that people may not have known about before.
Now… on to EIGRP!
Back in the saddle again. The past week or so I have been working on switching and frame-relay mainly. I feel I am pretty much across these topics. Trouble is, and what scares me is they (especially frame-relay) just seems a little too easy. Last thing I need is to settle into some complacent state thinking I know everything when really I am leaving something out.
I have been looking a lot at these topics because if your L2 is broken nothing else will work. I will put a similar amount of effort into OSPF/EIGRP/BGP too. If I lose (say) 5 points because I completely screw multicast then that’s too bad. If I screw IGP then I have the potential to lose a hell of a lot more. This does not mean I will ignore QoS/Multicast/IPServices, but I think these topics are a hell of a lot more granular and also don’t have the dependency that L2/L3 does.
Now… onto EIGRP for the next few days then I will drill OSPF more than a couple on their honeymoon night.
To configure DHCP Snooping:
Static IP:
ip dhcp snooping
ip dhcp snooping vlan xxx
ip source binding MAC vlan xxx IP interface zzz
interface zzz
ip verify source
MAC + IP:
ip dhcp snooping
ip dhcp snooping vlan xxx
ip source binding MAC vlan xxx IP interface zzz
interface zzz
switchport port-security (etc)
ip verify source port-security
Whats the difference? Well… In the first example, the switch will not filter based on MAC address. If the wrong IP comes in on interface zzz (as specified by ip source binding) then the switch will drop the traffic. In the second example, configuring port security will drop traffic if the MAC address learned via port-security is incorrect. The second example will ALSO filter rogue IPs. The two are not mutually exclusive.
DAI:
ip arp inspection vlan xx
ip arp inspection filter ACL vlan xxx static
arp access-list ACL
permit ip host IP mac host MAC
Cheers
I still have pages of notes from the bootcamp to type out! Been busy!
Yesterday I went to go and book my lab. “Sorry you sat your written more than 18 months ago” So what to do?
Call VUE and book an exam, that’s what! So I booked it and passed it. One less thing to worry about.
One thing I do wonder though… Do Cisco get the score report and give me a Lab that has high scores in areas I didn’t do so well in? For example, if I scored 0 for IPv6 would I get 15 IPv6 points in the lab? If I scored 100% for BGP in the written would I only get 4 points for BGP in the lab? etc etc
Narbik’s bootcamp is over and I rate it VERY highly. I’ll post up the rest of my notes later when I get around to it.
Here are some links I found which help, some more obscure than others, some not proving anything too difficult and really are quite random but they helped me on things and clarified the odd command I wasnt too sure on or was otherwise new.
BGP ORF:
http://www.cisco.com/en/US/docs/ios/12_2t/12_2t11/feature/guide/ft11borf.html
Class based policing:
http://www.cisco.com/en/US/docs/ios/qos/configuration/guide/cls_bsd_policing_ps6922_TSD_Products_Configuration_Guide_Chapter.html
Frame-relay traffic-shaping from IE. Good article!
http://blog.internetworkexpert.com/category/ccie-routing-switching/frame-relay/
BGP ttl-check, easily done… Just alternatives to ebgp-multihop too.
http://www.cisco.com/en/US/docs/ios/12_3t/12_3t7/feature/guide/gt_btsh.html
IP Routing Protocol reference:
http://www.cisco.com/en/US/docs/ios/12_3/iproute/command/reference/ip2_a1g.html
Voice traffic adaptive-shaping:
http://www.cisco.com/en/US/docs/ios/12_2t/12_2t15/feature/guide/ft_vats.html
I slept in this morning… I was exhausted last night. I know I havent updated my notes for two days. I’ll need to sort those out later.
Today we are doing QOS, Security and tips & tricks. Plus anything else left over.
My beloved Chelsea lost the European Cup final this morning on Penalties to Manchester United. I woke up at 4am to see this… After staying up all night doing BGP labs.
Today we are doing Multicast, RIPv2 and IP Services.
If we won I would see if I could make the drive down to the Cisco office and do the lab today I would have been so high… But alas Chelsea falter again. I have been supporting them way too long and should have expected this. Hopefully I last the day. Hopefully I don’t see anyone wearing a United shirt too. For the record, my Chelsea shirt is staying in the drawer today.
Some rough notes- Ive been up a long time 
Summarising:
ip summary-address eigrp xxx a.b.c.d mask leak-map yyy
leak-map will advertise specific routes that match the route-map yyy. If route-map yyy does not exist, then no specifics are advertised. If route-map yyy exists, but the ACL in yyy is not there then is matches any, therefore will advertise ALL specifics as well as the summary. No leak-map advertises the summary only. Multiple summaries are allowed, unlike RIPv2.
Authentication:
md5 only. key-chain
ip authentication key-chain eigrp ASNUM xxx
ip authentication mode eigrp ASNUM xxx
Default route injection:
interface#ip summary-address eigrp xxx etc -> best way!
router#ip route 0.0.0.0 0.0.0.0.0 null0
router#network 0.0.0.0
redistribute static/connected etc is bad in EIGRP because the external AD is 170
ip default-network w.x.y.z -> classful network, network must be advertised into EIGRP
router#no default-information allowed in -> stops the propagation of default route if received elsewhere via ip default-network command
Metric:
Betty Doesnt Really Like Much - Bandwidth (kbit), Delay (sum of all delays), Reliability (x/255), Load (x/255), MTU (bytes)
((sum of all delays/10) + (10,000,000/lowest BW in path)) x 256 = metric
to change:
router# metric weight 0 a b c d e -> 0 = TOS (always 0) a = K1 (BW multiplier) b = K2 (load multiplier) c = K3 (delay multiplier) d = K4 (reliability multiplier) e = K5 (reliability multiplier).
[K1*BW + (K2*BW)/(256-Load) + K3*Delay] * [K5/(Reliability + K4)]
Default is: EIGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0
Stub networks:
Suppresses transit eigrp updates. Will receive updates, but will not pass down to downstream neighbours.
R1(config-router)#eigrp stub ?
connected Do advertise connected routes
leak-map Allow dynamic prefixes based on the leak-map
receive-only Set IP-EIGRP as receive only neighbor
redistributed Do advertise redistributed routes
static Do advertise static routes
summary Do advertise summary routes