Internetwork Expert: Recommended Labs To Repeat

A while ago I posted about Internetwork Expert recommending that some candidates repeat a set of Volume II labs multiple times as an alternative to completing all of the Volume II labs.  Here are the specific labs as mentioned in posts from GroupStudy:

In the 12 day bootcamp, they recommended lab 1,7,8,9,10 & 11 from the version 4, volume 2 workbook.

Steve

Which order to do them in: 

I would do them sequentially, i.e. 1,7,8,9,10,11, then back to 1,7,8,9,10,11.  This way you’re not just memorizing the information, but retaining it instead.

Brian McGahan, CCIE #8593 (R&S/SP/Security)

A clarification on who should use this method:

I think that people are reading this as if I’m saying this is the only preparation needed.  What I’m saying is that after you have a solid understanding of the blueprint topics and are ready to move onto the full scale labs  that doing 30 full scale labs by repeating the same 6 labs 5 times each is better for some people than doing 30 totally different full scale labs.

Brian Dennis, CCIE4 #2210 (R&S/ISP-Dial/Security/SP)

Internetwork Expert Volume III: Lab 4 – Section 5

Exterior Gateway Routing – 6 Points

5.1 BGP Peerings

This was a pretty easy BGP peering task.  You need to set up a confederation, so you’ll need to be familiar with:

bgp confederation identifier

bgp confederation peers

I did mess up a little bit. I configured “neighbor 150.1.5.5 ebgp-multihop” on r4.

r4 (AS 100) <— r6 (no BGP) —> bb1 (AS 54)

It turns out that I don’t need this command because r6 is bridging, not routing.

neighbor ebgp-multihop

I also missed “neighbor 152.1.37.3 next-hop-self” on sw1, but I did eventually catch that error when I found that I was not installing the bb2 routes on r3:

Without “neighbor 152.1.37.3 next-hop-self” on sw1:

r3#sh ip route bgp
B    119.0.0.0/8 [200/0] via 152.1.125.5, 00:28:44
B    118.0.0.0/8 [200/0] via 152.1.125.5, 00:28:44
B    117.0.0.0/8 [200/0] via 152.1.125.5, 00:28:44
B    116.0.0.0/8 [200/0] via 152.1.125.5, 00:28:44
B    115.0.0.0/8 [200/0] via 152.1.125.5, 00:28:44
B    114.0.0.0/8 [200/0] via 152.1.125.5, 00:28:44
B    113.0.0.0/8 [200/0] via 152.1.125.5, 00:28:44
B    112.0.0.0/8 [200/0] via 152.1.125.5, 00:28:44

r3#sh ip bgp | i Network|192.10.1.254
   Network          Next Hop            Metric LocPrf Weight Path
*  205.90.31.0      192.10.1.254             0    100      0 (7000) 254 ?
*  220.20.3.0       192.10.1.254             0    100      0 (7000) 254 ?
*  222.22.2.0       192.10.1.254             0    100      0 (7000) 254 ?

r3#sh ip route 192.10.1.254
% Network not in table

With “neighbor 152.1.37.3 next-hop-self” on sw1:

r3#sh ip route bgp
B    119.0.0.0/8 [200/0] via 152.1.125.5, 00:30:15
B    118.0.0.0/8 [200/0] via 152.1.125.5, 00:30:15
B    222.22.2.0/24 [200/0] via 152.1.37.7, 00:00:15
B    117.0.0.0/8 [200/0] via 152.1.125.5, 00:30:15
B    220.20.3.0/24 [200/0] via 152.1.37.7, 00:00:15
B    116.0.0.0/8 [200/0] via 152.1.125.5, 00:30:15
B    115.0.0.0/8 [200/0] via 152.1.125.5, 00:30:15
B    114.0.0.0/8 [200/0] via 152.1.125.5, 00:30:15
B    113.0.0.0/8 [200/0] via 152.1.125.5, 00:30:15
B    112.0.0.0/8 [200/0] via 152.1.125.5, 00:30:15
B    205.90.31.0/24 [200/0] via 152.1.37.7, 00:00:15

r3#sh ip bgp | i Network|152.1.37.7
   Network          Next Hop            Metric LocPrf Weight Path
*> 205.90.31.0      152.1.37.7               0    100      0 (7000) 254 ?
*> 220.20.3.0       152.1.37.7               0    100      0 (7000) 254 ?
*> 222.22.2.0       152.1.37.7               0    100      0 (7000) 254 ?

r3#sh ip route 152.1.37.7
Routing entry for 152.1.37.0/24
  Known via “connected”, distance 0, metric 0 (connected, via interface)
  Routing Descriptor Blocks:
  * directly connected, via FastEthernet0/0
      Route metric is 0, traffic share count is 1

5.2 BGP Bestpath Selection

“Configure the network so that AS 100 routes through r1 to reach prefixes originated in AS 254.”
“Use MED to accomplish this.”

set metric (BGP, OSPF, RIP)

I had the right idea for this task, but I boned it up.  IE used an aggregate-address on sw1 to ensure reachability to all networks advertised by the backbone routers.  They have a short writeup to explain their method.

aggregate-address

I REALLY need to study BGP some more.

Internetwork Expert Volume III: Lab 4 – Section 4

Interior Gateway Routing – 27 Points

4.1 Bridging

“Disable ip routing on r6″

r6(config)#no ip routing

“Bridge IP between the Frame Relay and Ethernet segments on r6″

That explains why fa0/0 does not have an IP address configured.

After this task, I can finally ping bb1:

r6#p 54.1.10.254

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 54.1.10.254, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 100/286/1032 ms

4.2 Bridging

This task confused the crap out of me.  My bridging skills are pretty poor.

“Configure the IP address of 54.1.10.6/24 on r6.”

Ummmm….that’s already configured as the IP address of the Frame connection to bb1.  I guess that we’re going to use the same IP address for fa0/0 as well.

“r6 should have reachability to any address of the 54.1.10.0/24 subnet.”
“Don’t use IRB for this task.”

No IRB.  CRB?  Actually, the IE solution doesn’t use IRB or CRB.  The last two subtasks are basically red herrings.  I will need to review bridging.

r6#sh bridge 1 group

Bridge Group 1 is running the IEEE compatible Spanning Tree protocol

   Port 4 (FastEthernet0/0) of bridge group 1 is forwarding
   Port 11 (Serial0/0.1 Frame Relay) of bridge group 1 is forwarding

r6#sh ip int br | i 54.1.10.6
FastEthernet0/0            54.1.10.6       YES manual up                    up
Serial0/0.1                54.1.10.6       YES manual up                    up

r6#p 54.1.10.254

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 54.1.10.254, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 48/89/100 ms

r6#p 54.1.10.100

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 54.1.10.100, timeout is 2 seconds:
…..
Success rate is 0 percent (0/5)

I can’t ping r4 but I can ping bb1.  This poster has the opposite problem:

Task 4.2 can not ping 54.1.10.254

r6#sh cdp neigh
Capability Codes: R – Router, T – Trans Bridge, B – Source Route Bridge
                  S – Switch, H – Host, I – IGMP, r – Repeater

Device ID        Local Intrfce     Holdtme    Capability  Platform  Port ID
BB1              Ser 0/0.1          147       R T S I     2821      Ser 0/0/0:0.401
sw2              Fas 0/0            174         S I       WS-C3560- Fas 0/6
r6#

sw2#sh run int fa0/6
interface FastEthernet0/6 <-that’s a minimal configuration
end

How did I miss this?????  Because the port on r6 was initially shut down so I didn’t see it with “show cdp neighbor” on sw2.  Arrgh!!!  I need vlan 46 assigned to this port.

sw2(config)#int fa0/6
sw2(config-if)#swit acc vl 46

r6#p 54.1.10.100

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 54.1.10.100, timeout is 2 seconds:
!!!!!

I guess that I can take solace in the fact that I was able to find my mistake.  I just barely missed going down a deep rabbit hole chasing bridging options.

4.3 RIPv2

I initially thought that there was an error in the IE lab because although r6 was shown as running RIP on the protocol diagram, there was no mention of r6 in the task.  That’s because r6 is bridging the 54.1.10.0/24 network.  I turned off ip routing in task 4.1 so I wouldn’t be able to configure RIP on r6:

r6(config)#router rip
IP routing not enabled

This means that we should be able to see the routes from bb1(54.1.10.254) on r4:

r4#sh ip route rip | i 54.1.10.254
R    212.18.1.0/24 [120/1] via 54.1.10.254, 00:00:12, FastEthernet0/0
R    212.18.0.0/24 [120/1] via 54.1.10.254, 00:00:12, FastEthernet0/0
R    212.18.3.0/24 [120/1] via 54.1.10.254, 00:00:12, FastEthernet0/0
R    212.18.2.0/24 [120/1] via 54.1.10.254, 00:00:12, FastEthernet0/0

4.4 Network Redundancy

backup interface

Hmmmm….this is the reason for the point-to-point subinterface on r4 back in task 3.2

r4#sh ip int br | i Serial
Serial0/0                  unassigned      YES NVRAM  up                    up
Serial0/0.1                unassigned      YES unset  up                    up
Serial0/1                  152.1.54.4      YES NVRAM  standby mode          down

r4#sh backup
Primary Interface   Secondary Interface   Status
—————–   ——————-   ——
Serial0/0.1         Serial0/1             normal operation

4.5 EIGRP

Basic.

4.6  OSPF

“Use the OSPF network type that was specifically designed to handle issues with routers on the same logical IP subnet not having direct communication with each other.”

Remember that we have a multipoint subinterface on the hub (r3) and point-to-point subinterfaces on the hubs (r1 and r2).  The task calls for the point-to-multipoint OSPF network type.

r3#sh ip os nei

Neighbor ID     Pri   State           Dead Time   Address         Interface
150.1.2.2         0   FULL/  -        00:01:49    152.1.123.2     Serial0/0:0.1
150.1.1.1         0   FULL/  -        00:01:54    152.1.123.1     Serial0/0:0.1

r3#sh ip route os
     152.1.0.0/16 is variably subnetted, 5 subnets, 2 masks
O       152.1.123.2/32 [110/65] via 152.1.123.2, 00:00:07, Serial0/0:0.1
O       152.1.123.1/32 [110/65] via 152.1.123.1, 00:00:07, Serial0/0:0.1

4.7 OSPF

Basic

4.8 OSPF

In this task you need to advertise the loopbacks on r1 and r2 into area 0.  But r1 and r2 are not in area 0.  Time for a couple of virtual circuits.

4.9 OSPF Loopback Advertisement

“Advertise the Loopback0 networks of r3 and sw1 into OSPF.”
“These networks should appear in each other routing tables as intra-area routes.”

Since I’m not told which area to advertise the loopbacks into, can’t I just make this simple by advertising both loopbacks into area 37?  Answer: YES!

sw1#sh ip route | i 150.1.3.
O       150.1.3.3/32 [110/2] via 152.1.37.3, 00:00:37, Vlan37

r3#sh ip route | i 150.1.7.
O       150.1.7.7/32 [110/2] via 152.1.37.7, 00:00:00, FastEthernet0/0

4.10 IGP Redistribution

Four points of mutual redistribution.  Ugh.  The first two points are no worry (discontiguous RIP).  The other two are dangerous though.  I’ll work on those in task 4.11

4.11 Redistribution Loop Prevention

“Ensure that EIGRP extenal routes that are redistributed into OSPF on r1 and r2 do not get redistributed back into EIGRP.”
“Use AD to accomplish this.”

Here is a (simplified) view of the the two network redistribution points on r1 and r2:
                         ————(D)r1(O)———–
r4(R<->D)—r5(D)                                     (O)r3—(O<->R)sw1
                         ————(D)r2(O)———–
If we do mutual redistribution between EIGRP and OSPF on r1 and r2 we’re going to have problems with D EX routes (AD of 170) being reflected back into the EIGRP domain.  We’re given the method for preventing this.

I missed an issue on sw1 though:

Task 4.11 Redist Loop Prevention

You need to change the RIP distance or SW1 sees the routes learnt from BB3 as OSPF external routes which it uses over the correct RIP routes. if you check the routing table on SW1, the next hop for all the BB3 subnets is R3. This is resolved by changing the AD [router rip - distance 109].

Internetwork Expert Volume III: Lab 4 – Section 3

WAN Technologies – 11 Points

3.1 Hub and Spoke

For some reason I could not get my Frame Relay hub-and-spoke network to come up.  I quick look at the configuration showed the problem.  This is the fourth initial configuration error:

r3 – Hub:
interface Serial0/0:0
 no ip address
 encapsulation frame-relay
 frame-relay lmi-type ansi <- from initial configuration
interface Serial0/0:0.1 multipoint
 ip address 152.1.123.3 255.255.255.0
 frame-relay map ip 152.1.123.1 301 broadcast
 frame-relay map ip 152.1.123.2 302 broadcast

r3#sh frame lmi | i TYPE
LMI Statistics for interface Serial0/0:0 (Frame Relay DTE) LMI TYPE = ANSI

r2 – Spoke:
r2#sh run | sec Serial0/0/0
interface Serial0/0/0
 no ip address
 encapsulation frame-relay
interface Serial0/0/0.1 point-to-point
 ip address 152.1.123.2 255.255.255.0
 frame-relay interface-dlci 203

r2#sh frame lmi | i TYPE
LMI Statistics for interface Serial0/0/0 (Frame Relay DTE) LMI TYPE = CISCO

r1 – Spoke
r1#sh run | sec Serial0/0
interface Serial0/0
 no ip address
 encapsulation frame-relay IETF
 frame-relay lmi-type cisco <- from initial configuration
interface Serial0/0.1 point-to-point
 ip address 152.1.123.1 255.255.255.0
 frame-relay interface-dlci 103

r1#sh frame lmi | i TYPE
LMI Statistics for interface Serial0/0 (Frame Relay DTE) LMI TYPE = CISCO

I set the LMI type on r3 to cisco (default) as that’s what my Frame Relay switch is running.

frame-relay lmi-type

r3(config-if)#frame lmi-type ?
 cisco
  ansi
  q933a

Nicely played IE. 

task 3.1 : lmi type missing in SG?

3.2 PPPoFR

Crap.  This is another of those subjects that I am weak in.  Luckilly, the IE blog had a recent post that gives a very good overview of how to configure PPPoFR:

Understanding PPP over Frame Relay (PPPoFR)

frame-relay interface-dlci

interface virtual-template

This was actually a very easy configuration as the task did not require PPP authentication.

r4(config)#int virtual-template1
r4(config-if)#ip address 152.1.45.4 255.255.255.0
r4(config-if)#int s0/0
r4(config-if)#frame interface-dlci 405 ?
  ppp       Use RFC1973 Encapsulation to support PPP over FR
  switched  Define a switched DLCI
  <cr>

r4(config-if)#frame interface-dlci 405 ppp ?
  Virtual-Template  Virtual Template interface

r4(config-if)#frame interface-dlci 405 ppp virtual-Template ?
  <1-200>  Virtual-Template interface number

r4(config-if)#frame interface-dlci 405 ppp virtual-Template 1 ?
  <cr>

r4(config-if)#frame interface-dlci 405 ppp virtual-Template 1

r4#show interface virtual-template1
Virtual-Template1 is down, line protocol is down <-expected behavior
  Hardware is Virtual Template interface
  Internet address is 152.1.45.4/24
  MTU 1500 bytes, BW 100000 Kbit, DLY 100000 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation PPP, LCP Closed, loopback not set
  Keepalive set (10 sec)
  DTR is pulsed for 5 seconds on reset
  Last input never, output never, output hang never
  Last clearing of “show interface” counters 00:14:45
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     0 packets input, 0 bytes, 0 no buffer
     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     0 packets output, 0 bytes, 0 underruns
     0 output errors, 0 collisions, 0 interface resets
     0 output buffer failures, 0 output buffers swapped out
     0 carrier transitions

r4#sh int virtual-access1
Virtual-Access1 is up, line protocol is up 
  Hardware is Virtual Access interface
  Internet address is 152.1.45.4/24
  MTU 1500 bytes, BW 100000 Kbit, DLY 100000 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation PPP, LCP Open
  Open: IPCP
  PPPoFR vaccess, cloned from Virtual-Template1
  Vaccess status 0×44
  Bound to Serial0/0 DLCI 405, Cloned from Virtual-Template1, loopback not set
  Keepalive set (10 sec)
  DTR is pulsed for 5 seconds on reset
  Last input 00:00:02, output never, output hang never
  Last clearing of “show interface” counters 00:03:54
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 2000 bits/sec, 2 packets/sec
  5 minute output rate 2000 bits/sec, 2 packets/sec
     153 packets input, 151680 bytes, 0 no buffer
     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     157 packets output, 151616 bytes, 0 underruns
     0 output errors, 0 collisions, 0 interface resets
     0 output buffer failures, 0 output buffers swapped out
     0 carrier transitions

r4#p 152.1.45.5

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 152.1.45.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/6/8 ms

r4#sh ip route 152.1.45.5
Routing entry for 152.1.45.5/32
  Known via “connected”, distance 0, metric 0 (connected, via interface)
  Routing Descriptor Blocks:
  * directly connected, via Virtual-Access2
      Route metric is 0, traffic share count is 1

Do the same on r5 (different IP address and DLCI obviously) et voila!

The IE solution show that they used a point-to-point subinterface on r4 (no idea why) but not on r5 for this task.  Again, no idea why?

3.3 Point-To-Point

Basic….except that I expected to be able to ping bb1 (54.1.10.254) after this step.  I’ll need to wait until I do some bridging in section 4.

Task 3.3

3.4 PPP

Basic.

3.5 PPP Authentication

Easy task because you are asked to authenticate each other using a hash (CHAP).