CCIE Routing and Switching Lab checklist
This checklist is an adapted version of JongSoo Kim’s popular checklist for the CCIE Routing and Switching Lab exam revised for 2006.
Exam Topics:
• Frame Relay
• Catalyst 3550
• OSPF
• RIP
• EIGRP
• Golden Moment
• BGP
• IPv6
• Multicast
• IOS/IP service
• QoS
• Security
________________________________________
1. Spend a few minutes to understand the point of distribution between core requirement (L2, IGP, and BGP) and non-core (IOS, Service, Security, and Multicast)
2. Spend a few minutes to understand the topology. Figure out the core network, stub network, BB, et cetera.
3. Create Alias commands in notepad and copy/paste them to all routers. One of my favourite Alias is „show run | b Se“
4. Frame Relay (10~15 min.)
Configure router by router rather than interface by interface. Always configure interfaces in the following order
1) enc frame-relay
2) no frame inverse
3) no shut
Check to see if spoke-to-spoke connectivity is required by checking the core IGP section. Ping from spoke-to-spoke if possible. Not from hub-to-spoke.
If PPP over FR is required, then always create VT first, user/password
5. Catalyst 3550 (15~20 min.)
5.1. Read task and create VLAN table as listed below
VL Router CAT1 CAT2 Router VL
10 R1 f0/0——f0/1 f0/2——f0/0 R2 10
20 R3 f0/1——f0/3 f0/4——f0/0 R4 30
40 R5 f0/0——f0/5
40 R6 f0/1——f0/6
f0/23—f0/23
f0/24—f0/24
vl 10 vl 40
client vtp server vtp
5.2. Configure CAT1 and CAT2 and validate configuration
5.3. Read task once again and make sure nothing is missed.
5.4. Ping vlan by vlan. Select only one device and ping all others on a specific vlan. There is no need to ping from multiple interfaces on the same vlan. Don’t wait for ARP resolution.
L2 is over between 30~50 min. (Worst case = 60 min.)
6. OSPF (25~45 min.)
6.1. Draw a diagram to configure OSPF router by router rather than area by area. (10 min.)
Check if authentication is required, stub or NSSA areas’s need to be configured and if the nescessity of a virtual link is present. Make notes for route redistribution, summarization and aggregation. Pay attention to DR/BDR election and OSPF network type.
6.2. Configure OSPF router by router based on drawing in Black w/ green high-lighter (10~30 min.)
6.2.1. Always configure interface in this order
1) OSPF network type based on DR/BDR, hello interval, et cetera
2) authentication
3) priority
4) Loop interface ospf network type.
6.2.2. Configure OSPF process in this order
1) router-id
2) network (copy past from interface address)
3) neighbor
6.2.3. Validate everything is working (5 min.)
6.3. Do redistribute, summary, area range (5 min.)
6.4. Avoid any engagement with giant beasts. Instead make a note.
OSPF takes about 25~45 min. (total 55 ~1:45)
7. RIP (20~30 min.)
Warning: It is very tricky!
7.1. Draw RIP topology next to the OSPF drawing in blue (2 min.)
7.2. Check if interfaces are active or passive. Pay attention to RIP update method (multicast, broadcast or unicast), version and authentication. Never assume the default version is 2, no auto-summary, multicast, et cetera. This selection can be applied to each direction of the interface.
7.3. Configure router by router (5 min.) per drawing
7.4. validate everything is working (3 min.)
7.5. Spend enough time to be absolutely correct on route-filter, summary, et cetera (5 min.)
7.6. If mutual-redistribution is required, make sure multi-exit point to single-exit point. Don’t forget metric. If it is multi-exit point, write down „rip subnets“ on notepad and do the following (5 min.)
7.6.1. „redistribute ospf“ under „router rip“
Pitfal: Protect RIP routes re-entering from OSPF: „Deny rip routes and permit all“ route-map for „redistribute ospf“ to rip Don’t wait after „clear ip route * “ is issued.
7.6.2. „redistribute rip subnets“ under „router ospf“
Pitfal: Protect OSPF external routes re-entering from RIP: „Permit only rip routes“ route-map for „redistribute rip subnets“ to OSPF Don’t wait after „clear ip route * “ is issued.
7.6.3. distance 121 0.0.0.0 255.255.255.255 11 under „router OSPF“
Pitfal: Fix redistributing router’s AD for RIP routes: distance 121 0.0.0.0 255.255.255.255 11 „access-list 11 permit rip routes“ I saw sometimes this takes quite a few second. Don’t do „clear ip OPSF“ or I will end up spending more time just for watching.
RIP is over 20 ~30 min (total 1:15 ~ 2:15)
8. EIGRP (20~30 min.)
8.1. Draw EIGRP topology into OPSF drawing in black w/o high lighter (2 min.)
8.2. Determine non/passive/active-eigrp interface. Be open minded that BB can be multicast/unicast. Load-balance, authentication, stub, summary address (5 min.)
8.3. Configure router by router (5 min) per drawing
8.4. validate (5 min.)
8.5. Spend enough time to be absolutely correct on route-filter, summary, etc (5 min.)
8.6. If mutual-redistribution is required, make sure multi-exit point to single-exit point. If it is multi-exit point, write down „eigrp subnets“ on notepad ( 5 min) 8-6-1″redistribute ospf“ under „router eigrp“
Protect EIGRP external route re-entering from OSPF
„Deny eigrp routes and permit all“ route-map for „redistribute ospf“ to eigrp Make sure metric is configured.
8.6.2. „redistribute eigrp subnet“ under „router ospf“
Protect OSPF external routes re-entering from EIGRP
„Only permit eigrp routes“ route-map for „redistribute ospf“ to eigrp Make sure metric is configured.
8.6.3 distance 121 0.0.0.0 255.255.255.255 11 under „router OSPF“
Fix redistributing router’s AD for eigrp external routes
distance 121 0.0.0.0 255.255.255.255 11 „access-list 11 permit eigrp routes“
I saw sometimes this takes quite a few second. Don’t do „clear ip OPSF“ or I will end up spending more time just for watching. Technically, only eigrp external route needs to be applied but eigrp route won’t hurt and make it simple.
EIGRP is over in 20~30 min. (1:35 ~2:45 min.)
9. Golden Moment (5~30 min.)
Check the Golden moment per NMC meaning the exciting moment when you get ping response from every router to every router.
9.1. Run tclsh script
„foreach addr {
1.1.1.1
…
} { ping $ addr}“
Just copy/paste after tclsh (it is really cool when you see pings go through from everywhere to everywhere). To quit,type “tclq“.
9.2. when ping has no response, write down ip address and troubleshoot. Drawing will be the excellent tool for troubleshooting.
Full reachability is done in 5~30 min. (2:05~4:00)
10. BGP (20~40 min.)
10.1 Drawing a BGP topology on a separate paper. (3 min.)
10.2 Determine RR or CON or both to do full-mesh iBGP. See if neighbor peer-group is required, decide ip address to use bgp session.
10.3. Configure router by router not BGP session-by-session always put no sync and no auto-summary if allowed.
10.4. Spend enough time to be absolutely correct on route-filtering (ACL, prefix-list, as-path filter), route-aggregate (w/ as-set, summary-only, suppress-map, attribute-map, advertise-map), route-manipulation (w/as-pretending, med, local-pref, weight, next-hop, advertise-map/non/existing-map, origin, community, etc) route-dampening, et cetera.
10.5. validate config. Don’t wait for route updates after „clear ip bgp *“. It takes longer than a minute to complete.
BGP is over in 20~40 min. (2:25 ~ 4:40) My target is before lunch!
11. IPv6 (10 min.)
11.1. Draw a simple diagram (1 min.)
11.2. Watch out link local address over FR multilink.
SLA ID is 4th 16bit
16bit:16bit:16bit:SLA ID(16 bit) : interface ID( 64 bits)
site-local = FEC0::
link-local = fe80::
11.3. Check full reachability using tcl script or just manual ping depending on the number of routers.
IPv6 is over 10 min. (total 2:35 ~ 4:50)
Core routing is done. You should have at least three hours to go. Strategy will depend on much time you have left at this moment.
12. Multicast (15 min.)
12.1. Mark a Mcast topology with red high lighter on OSPF drawing.
12.2. Determine mcast topology (dense-mode, static RP pim sparse, Auto-rp/MA, pim V2 bsr, Auto-rp/MA/MSDP).
12.3. Configure router-by-router
12.4. validate config
12.5. If second part is difficult, skip by making a note.
13. IOS/IP service
Warning: Be careful not to block or drop any IGP updates
13.1 just check quickly and do easy one first.
13.2. skip difficult task by making a note.
14. QoS
Warning: Be careful not to block or drop any IGP updates
14.1. Draw a flow on paper instead of in brain.
14.2. Always determine classification method (ACL, NBAR) and direction.
14.3. Determine shaping vs. policing
14.4. Consider all options for queuing (legacy custom/priority, bandwidth/priority, shape average/peak, FRTS/GTS)
14.5. consider all options for policing (police, rate-limit, ip multicast rate-limit, aggregate police (3550))
14.6. If frame-relay, don’t forget adaptive-shaping.( becn, fecn, foresight)
14.7. Consider all dropping mode (random detect, ecn, tail drop, marking, etc)
15. Security
Warning: Be careful not to block or drop any IGP updates
15.1. Draw a flow on paper instead of in brain.
15.2. Consider all options for classification std/ext/reflexive/dynamic ACL, IP inspect, tcp intercept, unicast RFP, ip accounting output packet /access-violation/precedence
18.3. When configuring Switchport port-security mac-address, be careful to include virtual and physical mac if HSRP is running.