When you choose to pursue your Cisco Certified Network Professional certification, you've got some decisions to make right at the beginning. Cisco offers a three-exam path and a four-exam path, and you select the order in which you'll take and pass the exams.
While every CCNP candidate has to make their own decision, I'd like to share some thoughts based on my personal experience and the experiences of CCNPs worldwide.
The solid foundation of networking knowledge you built as a CCNA will help you a great deal on your BSCI (Building Scalable Cisco Internetworks, 642-801) exam. This is the most common exam to take first, and I'd recommend you do so as well. While there are some topics that will be new to you, such as BGP, many of the BSCI topics will be familiar to you from your CCNA studies.
The "middle" exams are the BCMSN (Building Cisco Multilayer Switched Networks, 642-811) and BCRAN (Building Cisco Remote Access Networks, 642-821). There is no real advantage in taking one of these before the other, although most candidates take the switching exam, then the remote access exam.
I do recommend you take the CIT (Cisco Internetwork Troubleshooting) exam last. This exam will demand you put into action the skills you have learned while earning your CCNA and passing the first three exams. Again, it's not written in stone and there are always exceptions, but CCNP candidates do seem to have more success on this exam when they take it last.
Should you choose the three-exam path, you'll be taking a Composite exam (642-891). This exam combines the BSCI and BCMSN exams, and it's best to take this one first. It builds nicely with your CCNA skills.
Again, I would take the BCRAN exam after the Composite, and t
he Troubleshooting exam last.
Whichever path you choose, you've chosen wisely in which certification to pursue. The CCNP is a true test of your networking skills, and when you make the decision to go after the CCIE, you'll be glad to have the solid foundation of networking skills your CCNA and CCNP studies gave you.
Thursday, December 25, 2008
Cisco Certification: Don't Overreact To Exam Version Changes
Whenever a Cisco exam version changes, there's always a lot of chatter about it on the web. The CCNA exams are no exception.
One comment I see often goes like this: " I hear Cisco is going to change Intro / ICND / CCNA exam versions soon, so I'm not going to start studying yet. I'll wait until the new exam comes out."
Do not let this happen to you.
While some large publishers would have you think these exams change tremendously from one version to another ("updated for the latest exams!"), the simple fact is that the Intro, ICND, and CCNA Composite exams simply don't change much from version to version.
Sure, the questions change. The only people who should be nervous about that are those who are trying to braindump their way to a technical certification.
The topics covered on the CCNA exams don't change much at all. You know you're going to have to demonstrate knowledge of LAN switching, ISDN, Frame Relay, routing protocol behavior, RIP, IGRP, EIGRP, and OSPF. Perhaps some of the more advanced topics will change, but these will be minor changes at best. Cisco announces these changes on their website well in advance , so you won't be left with no time to study.
The only Cisco exams that might change quite a bit are the CCIE Written Qualification exams. Even there, you know what the core topics will be. Cisco's hardly going to take BGP off the written Routing & Switching exam.
Whatever you do, don't fall into the "version change" trap. Don't spend $100 - $300 to hurry up and take an exam before you're ready because of an upcoming version change.
When you're ready, you're ready.
Time spent learning is never wasted. Get started NOW.
One comment I see often goes like this: " I hear Cisco is going to change Intro / ICND / CCNA exam versions soon, so I'm not going to start studying yet. I'll wait until the new exam comes out."
Do not let this happen to you.
While some large publishers would have you think these exams change tremendously from one version to another ("updated for the latest exams!"), the simple fact is that the Intro, ICND, and CCNA Composite exams simply don't change much from version to version.
Sure, the questions change. The only people who should be nervous about that are those who are trying to braindump their way to a technical certification.
The topics covered on the CCNA exams don't change much at all. You know you're going to have to demonstrate knowledge of LAN switching, ISDN, Frame Relay, routing protocol behavior, RIP, IGRP, EIGRP, and OSPF. Perhaps some of the more advanced topics will change, but these will be minor changes at best. Cisco announces these changes on their website well in advance , so you won't be left with no time to study.
The only Cisco exams that might change quite a bit are the CCIE Written Qualification exams. Even there, you know what the core topics will be. Cisco's hardly going to take BGP off the written Routing & Switching exam.
Whatever you do, don't fall into the "version change" trap. Don't spend $100 - $300 to hurry up and take an exam before you're ready because of an upcoming version change.
When you're ready, you're ready.
Time spent learning is never wasted. Get started NOW.
Cisco Certification: Don't Depend On Practice Exams
Ask a CCNA candidate how they’re preparing for exam day, and you’ll get different answers. Different books, different websites, different practice exams.
One trend I’ve noticed is that some candidates answer the question by reeling off the number and names of the practice exams they’ve purchased. Basically, the candidate is studying by taking a lot of practice exams. And in some cases, I mean a lot of them.
The intent of this article isn’t to slam practice exams. I do want to address this trend among Cisco certification candidates of purchasing as many practice exams as they can find, attempting to pass the CCNA exam by “brute forcing” it, as one Cisco employee recently said.
I have nothing against practice exams. I sell flash cards that serve as a practice exam, if that’s the way the candidate wants to use them. However, you can’t be dependent on them to pass your exams. As I tell students every day, “When you’re in front of a rack of routers, there is no A, B, C, and D choice. You’ve got to know what you’re doing.”
If practice exams are a candidate’s primary tool for exam preparation, though, they’ll most likely be disappointed on exam day. The current Cisco CCNA exams are designed to weed out those who have memorized a chart or two there is a premium not only on knowledge, but the ability to apply that knowledge. Just taking one practice exam after the other will not develop this skill.
Simulators are fine to a certain extent as well, but don’t become dependent on them. The simulators I’ve seen don’t really let you make mistakes in your configuration, and it’s when you have to fix your own mistakes that you truly learn what’s going on.
Keep the long-range view when preparing for your CCNA exams. You’re not just studying for exam day you’re laying the groundwork for a successful career. The study you do for your CCNA exam will be some of the most important study you ever do, since all the work you do for future certifications like the CCNP (and yes, the CCIE!) are based on the foundation you’re building today.
Make it a solid foundation. Stick to a well-rounded study plan, using books, practice exams, and routing equipment, and you’re on your way to success in the Cisco field.
Chris Bryant
CCIE #12933
chris@thebryantadvantage
One trend I’ve noticed is that some candidates answer the question by reeling off the number and names of the practice exams they’ve purchased. Basically, the candidate is studying by taking a lot of practice exams. And in some cases, I mean a lot of them.
The intent of this article isn’t to slam practice exams. I do want to address this trend among Cisco certification candidates of purchasing as many practice exams as they can find, attempting to pass the CCNA exam by “brute forcing” it, as one Cisco employee recently said.
I have nothing against practice exams. I sell flash cards that serve as a practice exam, if that’s the way the candidate wants to use them. However, you can’t be dependent on them to pass your exams. As I tell students every day, “When you’re in front of a rack of routers, there is no A, B, C, and D choice. You’ve got to know what you’re doing.”
If practice exams are a candidate’s primary tool for exam preparation, though, they’ll most likely be disappointed on exam day. The current Cisco CCNA exams are designed to weed out those who have memorized a chart or two there is a premium not only on knowledge, but the ability to apply that knowledge. Just taking one practice exam after the other will not develop this skill.
Simulators are fine to a certain extent as well, but don’t become dependent on them. The simulators I’ve seen don’t really let you make mistakes in your configuration, and it’s when you have to fix your own mistakes that you truly learn what’s going on.
Keep the long-range view when preparing for your CCNA exams. You’re not just studying for exam day you’re laying the groundwork for a successful career. The study you do for your CCNA exam will be some of the most important study you ever do, since all the work you do for future certifications like the CCNP (and yes, the CCIE!) are based on the foundation you’re building today.
Make it a solid foundation. Stick to a well-rounded study plan, using books, practice exams, and routing equipment, and you’re on your way to success in the Cisco field.
Chris Bryant
CCIE #12933
chris@thebryantadvantage
Cisco Certification: CCNA Certifcation FAQ
When you start your CCNA studies, a lot of questions come to mind! Here are the five most common questions CCNA candidates have, answered by Chris Bryant, CCIE #12933.
Q. What exams do I have to take to get my CCNA?
A. The CCNA (Cisco Certified Network Associate) certification offers two paths. You can take the one-exam path by taking the 640-801 CCNA Composite exam. If you want to break it up into two parts, you can take the Introduction To Cisco Networking Technologies (INTRO 640-821) and the Interconnecting Cisco Networking Devcies (ICND 640-811) exams.
Q. Chris, which path do you recommend?
A. I generally recommend the two-exam path, particularly for those CCNA candidates that haven't taken a Cisco exam before. The Intro exam offers you a little more time and allows you to become comfortable with the Cisco exam engine, particularly the simulator questions. Let's face it, the CCNA single exam covers a lot of material, from basic networking to OSPF to router on a stick. Most candidates are better off breaking this huge amount of material into two distinct parts.
Don't get me wrong, I've had plenty of students and customers pass the CCNA composite. It can be done!
Q. Do I have to recertify my CCNA, or is it mine forever after I pass?
A. One way Cisco protects the value of its certifications is to enforce strict recertification policies. When you earn your CCNA, you must recertify within three years.
Q. How do I recertify my CCNA?
A. There is a lot of confusion out there on this question. The latest information from Cisco is that you recertify your CCNA by doing any of the following three things:
1. Pass the current CCNA Composite or ICND exam.
2. Pass any 642-level professional level exam or any Cisco Qualified Specialist exam, not including Sales Specialist exams.
3. Pass any CCIE written exam.
Q. How do I register for the CCNA exam?
A. You can take the CCNA exam at any Prometric or VUE testing center. To find a Prometric testing center near you and register online, visit www.2test.com . For a VUE site, register at www.vue.com .
Q. Can you give me a braindump for the exam?
A. Boy, do you have the wrong guy! :)
To your success,
Chris Bryant
CCIE #12933
Q. What exams do I have to take to get my CCNA?
A. The CCNA (Cisco Certified Network Associate) certification offers two paths. You can take the one-exam path by taking the 640-801 CCNA Composite exam. If you want to break it up into two parts, you can take the Introduction To Cisco Networking Technologies (INTRO 640-821) and the Interconnecting Cisco Networking Devcies (ICND 640-811) exams.
Q. Chris, which path do you recommend?
A. I generally recommend the two-exam path, particularly for those CCNA candidates that haven't taken a Cisco exam before. The Intro exam offers you a little more time and allows you to become comfortable with the Cisco exam engine, particularly the simulator questions. Let's face it, the CCNA single exam covers a lot of material, from basic networking to OSPF to router on a stick. Most candidates are better off breaking this huge amount of material into two distinct parts.
Don't get me wrong, I've had plenty of students and customers pass the CCNA composite. It can be done!
Q. Do I have to recertify my CCNA, or is it mine forever after I pass?
A. One way Cisco protects the value of its certifications is to enforce strict recertification policies. When you earn your CCNA, you must recertify within three years.
Q. How do I recertify my CCNA?
A. There is a lot of confusion out there on this question. The latest information from Cisco is that you recertify your CCNA by doing any of the following three things:
1. Pass the current CCNA Composite or ICND exam.
2. Pass any 642-level professional level exam or any Cisco Qualified Specialist exam, not including Sales Specialist exams.
3. Pass any CCIE written exam.
Q. How do I register for the CCNA exam?
A. You can take the CCNA exam at any Prometric or VUE testing center. To find a Prometric testing center near you and register online, visit www.2test.com . For a VUE site, register at www.vue.com .
Q. Can you give me a braindump for the exam?
A. Boy, do you have the wrong guy! :)
To your success,
Chris Bryant
CCIE #12933
Cisco Certification: Becoming A Truly Valuable CCNA
I've been active in the Cisco Certification track for four years, working my way from the CCNA to the coveted Cisco Certified Internetwork Expert title, and during that time I've conducted job interviews and casual conversations with hundreds of CCNAs and CCNA candidates.
The CCNA is an exciting beginning to your Cisco career, but just having the certification simply isn't enough. A recruiter or interviewer isn't going to be impressed just with the cert you've got to have some real-world knowledge to back it up.
I've been down that road myself, and sat on both sides of the CCNA job interview table. With that in mind, I'd like to offer to you some tips on becoming a truly valuable and employable CCNA.
Get some hands-on experience. I know the trap well. You can't get experience until you get a CCNA, and you can't get a CCNA without real experience. Well, actually, you can, but do you want to? Working on simulators is fine to a certain extent, but don't make the classic mistake of depending on them. I've seen plenty of CCNAs who were put in front of a set of routers and really didn't know what to do or how to put together a simple configuration, and had NO idea how to begin troubleshooting.
There are CCNA classes that offer you the chance to work with industry experts on real Cisco equipment. Beyond that, you can put together your own CCNA rack for less than $1000 by buying used routers. Some people think that's a lot of money, but this is the foundation of your career. Treat it that way. The work you do now is the most important work you'll ever do. Do it on real Cisco equipment. The skills I learned as a CCNA helped me all the way up to the CCIE.
Besides, after you get your CCNA (and after that, hopefully you'll choose to pursue the CCNP), you can always get some of your money back by selling the equipment. The hands-on experience you gain this way is invaluable.
Know binary math. Do NOT go the easy route of memorizing a subnet mask chart for the CCNA exam. I know some people brag about being able to pass the CCNA exam without really understanding binary math. I've seen those people on the other side of the interview table, and they're not laughing when I ask them to do a subnetting question. They're not laughing when they can't explain or create a VLSM scheme. That chart does nothing to help you understand what's going on.
If you can add and know the difference between a one and a zero, you can do binary math. Don't let the name intimidate you. Become a REAL CCNA -- learn binary math !
Run "show" and "debug" commands. No commands help you truly understand how things work in a Cisco network than show and debug commands. As you progress through the Cisco certification ranks, you'll be glad you started using these at the CCNA level.
Do you need to know these commands for the exam? Probably not. Do you need them to be successul in the real world? Absolutely.
The Cisco certification track has been great to me, and it can boost your career as well, whether you stop at the CCNA, CCNP, or go all the way to the CCIE. It's the skills you develop today that will truly make you a networking engineer. Don't take shortcuts or get the attitude of "just passing the exam".
It's what you achieve after the exam that counts, and it's the work you put in before passing the exam that makes those achievements possible.
Good luck !
Chris Bryant, CCIE #12933
The CCNA is an exciting beginning to your Cisco career, but just having the certification simply isn't enough. A recruiter or interviewer isn't going to be impressed just with the cert you've got to have some real-world knowledge to back it up.
I've been down that road myself, and sat on both sides of the CCNA job interview table. With that in mind, I'd like to offer to you some tips on becoming a truly valuable and employable CCNA.
Get some hands-on experience. I know the trap well. You can't get experience until you get a CCNA, and you can't get a CCNA without real experience. Well, actually, you can, but do you want to? Working on simulators is fine to a certain extent, but don't make the classic mistake of depending on them. I've seen plenty of CCNAs who were put in front of a set of routers and really didn't know what to do or how to put together a simple configuration, and had NO idea how to begin troubleshooting.
There are CCNA classes that offer you the chance to work with industry experts on real Cisco equipment. Beyond that, you can put together your own CCNA rack for less than $1000 by buying used routers. Some people think that's a lot of money, but this is the foundation of your career. Treat it that way. The work you do now is the most important work you'll ever do. Do it on real Cisco equipment. The skills I learned as a CCNA helped me all the way up to the CCIE.
Besides, after you get your CCNA (and after that, hopefully you'll choose to pursue the CCNP), you can always get some of your money back by selling the equipment. The hands-on experience you gain this way is invaluable.
Know binary math. Do NOT go the easy route of memorizing a subnet mask chart for the CCNA exam. I know some people brag about being able to pass the CCNA exam without really understanding binary math. I've seen those people on the other side of the interview table, and they're not laughing when I ask them to do a subnetting question. They're not laughing when they can't explain or create a VLSM scheme. That chart does nothing to help you understand what's going on.
If you can add and know the difference between a one and a zero, you can do binary math. Don't let the name intimidate you. Become a REAL CCNA -- learn binary math !
Run "show" and "debug" commands. No commands help you truly understand how things work in a Cisco network than show and debug commands. As you progress through the Cisco certification ranks, you'll be glad you started using these at the CCNA level.
Do you need to know these commands for the exam? Probably not. Do you need them to be successul in the real world? Absolutely.
The Cisco certification track has been great to me, and it can boost your career as well, whether you stop at the CCNA, CCNP, or go all the way to the CCIE. It's the skills you develop today that will truly make you a networking engineer. Don't take shortcuts or get the attitude of "just passing the exam".
It's what you achieve after the exam that counts, and it's the work you put in before passing the exam that makes those achievements possible.
Good luck !
Chris Bryant, CCIE #12933
Cisco Certification: A Survival Guide To The Cisco Cable Jungle
One of the most confusing parts of beginning your Cisco studies is keeping all the cable types separate in your mind, and then remembering what they’re used for. This often occurs when a CCNA or CCNP candidate starts putting together their own home practice lab, and they suddenly realize that they have the equipment to run labs, but not the cables.
With this in mind, here are some common Cisco cable types and their primary use.
First, there’s the regular old “straight-through cable”, so named because the eight wires inside the cable go straight through the wire. While the wires may be twisted inside to reduce electromagnetic interference (EMI), the wire that’s connected to Pin 1 on one end is connected to Pin 1 on the other end, and so on. In a home lab, a straight-through cable is often used to connect a switch port to an Ethernet port on a router, with a transceiver attached to the Ethernet port. Straight-through cables are also good for connecting a BRI interface to an ISDN simulator.
The “crossover cable” is so named because the wires do cross over between pins. This allows the devices to both send and receive at the same time, and crossover cables are a must for directly connecting ports on Cisco switches to create a trunk.
The “rollover cable” allows you to connect directly to a Cisco console port with your laptop or PC. This is the blue cable that comes with new Cisco devices, and it’s the one that engineers tend to hold on to with their lives. Without a rollover cable (also commonly called a “console cable”), you can’t connect your laptop directly to a Cisco device.
Finally, there’s the DTE/DCE cable. To create a frame relay cloud in your home lab (using one of your Cisco routers as a DCE), or to directly connect two Cisco routers via their serial interfaces, you will need a DTE/DCE cable. Remember that the DCE interface will need to supply clockrate to the DTE interface.
The different cable types can be confusing when you first read about them, but after tearing down or building your home lab a few times, you’ll definitely have them straight come test day!
Best of luck in your lab and your exams,
Chris Bryant
CCIE #12933
With this in mind, here are some common Cisco cable types and their primary use.
First, there’s the regular old “straight-through cable”, so named because the eight wires inside the cable go straight through the wire. While the wires may be twisted inside to reduce electromagnetic interference (EMI), the wire that’s connected to Pin 1 on one end is connected to Pin 1 on the other end, and so on. In a home lab, a straight-through cable is often used to connect a switch port to an Ethernet port on a router, with a transceiver attached to the Ethernet port. Straight-through cables are also good for connecting a BRI interface to an ISDN simulator.
The “crossover cable” is so named because the wires do cross over between pins. This allows the devices to both send and receive at the same time, and crossover cables are a must for directly connecting ports on Cisco switches to create a trunk.
The “rollover cable” allows you to connect directly to a Cisco console port with your laptop or PC. This is the blue cable that comes with new Cisco devices, and it’s the one that engineers tend to hold on to with their lives. Without a rollover cable (also commonly called a “console cable”), you can’t connect your laptop directly to a Cisco device.
Finally, there’s the DTE/DCE cable. To create a frame relay cloud in your home lab (using one of your Cisco routers as a DCE), or to directly connect two Cisco routers via their serial interfaces, you will need a DTE/DCE cable. Remember that the DCE interface will need to supply clockrate to the DTE interface.
The different cable types can be confusing when you first read about them, but after tearing down or building your home lab a few times, you’ll definitely have them straight come test day!
Best of luck in your lab and your exams,
Chris Bryant
CCIE #12933
Cisco CCNP Exam Tutorial: Defining Collision Domains
CCNA exam success depends on mastering the fundamentals, and two important fundamentals are knowing exactly what the terms "collision domain" and "broadcast domain" mean. In this free Cisco tutorial, we'll take a look at the term "collision domain" and how a collision domain is defined.
A collision domain is an area in which a collision can occur. Fair enough, but what "collision" are we talking about here? We're talking about collisions that occur on CSMA/CD segments, or Carrier Sense Multiple Access with Collision Detection. If two hosts on an Ethernet segment transmit data at exactly the same time, the data from the two hosts will collide on the shared segment. CSMA/CD exists to lessen the chances of this happening, but collisions can still occur. To lessen the chances of collisions occurring, we may decide to create multiple, smaller collision domains.
Let's say we have four hosts on a single Ethernet segment. The entire segment is a collision domain; any data sent by one of the hosts can collide with data sent by any of the other hosts. We have one collision domain containing four devices.
To create smaller collision domains, we'll need to introduce some type of networking device into this example. Hubs and repeaters have their place as far as extending the reach of a network segment and cutting down on attenuation, but these OSI Layer One devices do nothing to define collision domains. We could connect each host into a separate port on a hub (a hub is basically a multiport repeater) and we'd still have one single collision domain with four hosts in it.
The most common and most effective way to create multiple collision domains is to use a switch. If we connect each of these four hosts to their own separate switch port, we would now have four separate collision domains, each with one host; each switch port actually acts as a single collision domain, making collisions between these four hosts impossible.
Passing the CCNA is all about knowing the details of how things work, and knowing CSMA/CD theory and how to define collision domains is one of the many details you've got to master. In the next part of this CCNA tutorial, we'll take a look at broadcast domains, and how defining broadcast domains in the right places can dramatically cut down on unnecessary traffic on your network.
A collision domain is an area in which a collision can occur. Fair enough, but what "collision" are we talking about here? We're talking about collisions that occur on CSMA/CD segments, or Carrier Sense Multiple Access with Collision Detection. If two hosts on an Ethernet segment transmit data at exactly the same time, the data from the two hosts will collide on the shared segment. CSMA/CD exists to lessen the chances of this happening, but collisions can still occur. To lessen the chances of collisions occurring, we may decide to create multiple, smaller collision domains.
Let's say we have four hosts on a single Ethernet segment. The entire segment is a collision domain; any data sent by one of the hosts can collide with data sent by any of the other hosts. We have one collision domain containing four devices.
To create smaller collision domains, we'll need to introduce some type of networking device into this example. Hubs and repeaters have their place as far as extending the reach of a network segment and cutting down on attenuation, but these OSI Layer One devices do nothing to define collision domains. We could connect each host into a separate port on a hub (a hub is basically a multiport repeater) and we'd still have one single collision domain with four hosts in it.
The most common and most effective way to create multiple collision domains is to use a switch. If we connect each of these four hosts to their own separate switch port, we would now have four separate collision domains, each with one host; each switch port actually acts as a single collision domain, making collisions between these four hosts impossible.
Passing the CCNA is all about knowing the details of how things work, and knowing CSMA/CD theory and how to define collision domains is one of the many details you've got to master. In the next part of this CCNA tutorial, we'll take a look at broadcast domains, and how defining broadcast domains in the right places can dramatically cut down on unnecessary traffic on your network.
Cisco CCNP Certification FAQ
To earn your CCNP, you've got to pass some very rigorous Cisco exams, and you also need to know the rules regarding this important certification. In this article, I'll answer some of the most commonly asked questions regarding the CCNP.
Q: What exams do I need to pass to get my CCNP?
A: You have two options, a three-exam path and a four-exam path. Currently, the four-exam path consists of rigorous exams on advanced routing techniques (BSCI), advanced switching (BCMSN), remote access methods (BCRAN), and advanced troubleshooting techniques (CIT). The three-exam path combines the BCMSN and BSCI exams into a single exam, the Composite exam.
Q: Do I have to take them in any order?
A: No, the order is up to the candidate. Most CCNP candidates take the BSCI exam first and the CIT exam last, but again this is up to the candidate.
Q: What else do I have to do to get the CCNP?
A: You must earn your CCNA before you can be CCNP certified (as well as passing the exams, of course).
Q: Is there a recertification requirement?
A: Cisco CCNP certifications are valid for three years. During that time, you must either pass the Composite exam, the BSCI and BCMSN exams, or pass any CCIE written exam.
Q: What if I don't recertify within the three-year period?
A: You must then meet whatever CCNP requirements there are at that time, from the beginning. It's easier to make sure you recertify!
Becoming CCNP certified is a great boost to your career and your confidence, and as with any Cisco certification, it's up to you to stay current with the CCNA and CCNP requirements. Visit the Career Certification section of Cisco's website regularly to learn about the program's requirements and changes.
Q: What exams do I need to pass to get my CCNP?
A: You have two options, a three-exam path and a four-exam path. Currently, the four-exam path consists of rigorous exams on advanced routing techniques (BSCI), advanced switching (BCMSN), remote access methods (BCRAN), and advanced troubleshooting techniques (CIT). The three-exam path combines the BCMSN and BSCI exams into a single exam, the Composite exam.
Q: Do I have to take them in any order?
A: No, the order is up to the candidate. Most CCNP candidates take the BSCI exam first and the CIT exam last, but again this is up to the candidate.
Q: What else do I have to do to get the CCNP?
A: You must earn your CCNA before you can be CCNP certified (as well as passing the exams, of course).
Q: Is there a recertification requirement?
A: Cisco CCNP certifications are valid for three years. During that time, you must either pass the Composite exam, the BSCI and BCMSN exams, or pass any CCIE written exam.
Q: What if I don't recertify within the three-year period?
A: You must then meet whatever CCNP requirements there are at that time, from the beginning. It's easier to make sure you recertify!
Becoming CCNP certified is a great boost to your career and your confidence, and as with any Cisco certification, it's up to you to stay current with the CCNA and CCNP requirements. Visit the Career Certification section of Cisco's website regularly to learn about the program's requirements and changes.
Cisco CCNP Certification: Using The BGP Command “Update-Source”
When you start preparing for your CCNP exam, particularly the BSCI exam, you're introduced to Border Gateway Protocol (BGP) configurations. BGP is unlike any protocol you learned during your CCNA studies, and even the similarities are a little bit different!
BGP forms neighbor relationships, much like EIGRP and OSPF do. The interesting thing with BGP is that potential neighbors, or "peers", do not need to be directly connected and can use their loopback interfaces to form the peer relationships.
It may well be to your advantage to use loopbacks to form peer relationships rather than the actual interface facing the potential neighbor. This can be done because BGP uses static neighbor statements rather than any kind of dynamic neighbor discovery process.
Consider a router that has two paths to a BGP speaker. The interfaces are numbered like this:
Router1: Serial0, 172.1.1.1 /24, Serial2, 179.1.1.1 /24, loopback0, 1.1.1.1 /32.
Router2: Serial0, 172.1.1.2/24, Serial2 179.1.1.2/24, loopback0, 2.2.2.2 /32.
We could configure Router1 like this:
router bgp 200
neighbor 172.1.1.2 remote-as 200
In this case, BGP would automatically use 172.1.1.1 as the source for the TCP connection that has to be set up with the neighbor before updates can be exchanged; this address is known as the best local address. However, if the remote peer's serial0 interface is shut down or goes down for another reason, the peer relationship would be lost even though Router2 is still available.
Instead of using one of the physical interfaces, we can use the loopbacks on each router to establish the TCP-based peer connection. The configurations would look like this:
Router1:
router bgp 200
neighbor 2.2.2.2 remote-as 200
neighbor 2.2.2.2 update-source loopback0
Router2:
router bgp 200
neighbor 1.1.1.1 remote-as 200
neighbor 1.1.1.1 update-source loopback0
In this case, losing one of the physical connections does not necessarily mean the BGP peering is lost; as long as the routers have a valid path to each other's loopback addresses, the BGP peer relationship will stay in place. And better yet, we avoid the dreaded “single point of failure
BGP forms neighbor relationships, much like EIGRP and OSPF do. The interesting thing with BGP is that potential neighbors, or "peers", do not need to be directly connected and can use their loopback interfaces to form the peer relationships.
It may well be to your advantage to use loopbacks to form peer relationships rather than the actual interface facing the potential neighbor. This can be done because BGP uses static neighbor statements rather than any kind of dynamic neighbor discovery process.
Consider a router that has two paths to a BGP speaker. The interfaces are numbered like this:
Router1: Serial0, 172.1.1.1 /24, Serial2, 179.1.1.1 /24, loopback0, 1.1.1.1 /32.
Router2: Serial0, 172.1.1.2/24, Serial2 179.1.1.2/24, loopback0, 2.2.2.2 /32.
We could configure Router1 like this:
router bgp 200
neighbor 172.1.1.2 remote-as 200
In this case, BGP would automatically use 172.1.1.1 as the source for the TCP connection that has to be set up with the neighbor before updates can be exchanged; this address is known as the best local address. However, if the remote peer's serial0 interface is shut down or goes down for another reason, the peer relationship would be lost even though Router2 is still available.
Instead of using one of the physical interfaces, we can use the loopbacks on each router to establish the TCP-based peer connection. The configurations would look like this:
Router1:
router bgp 200
neighbor 2.2.2.2 remote-as 200
neighbor 2.2.2.2 update-source loopback0
Router2:
router bgp 200
neighbor 1.1.1.1 remote-as 200
neighbor 1.1.1.1 update-source loopback0
In this case, losing one of the physical connections does not necessarily mean the BGP peering is lost; as long as the routers have a valid path to each other's loopback addresses, the BGP peer relationship will stay in place. And better yet, we avoid the dreaded “single point of failure
Cisco CCNP Certification: The BGP Weight Attribute
When you're studying for the CCNP certification, especially the BSCI exam, you must gain a solid understanding of BGP. BGP isn't just one of the biggest topics on the BSCI exam, it's one of the largest. BGP has a great many details that must be mastered for BSCI success, and those of you with one eye on the CCIE must learn the fundamentals of BGP now in order to build on those fundamentals at a later time.
Path attributes are a unique feature of BGP. With interior gateway protocols such as OSPF and EIGRP, administrative distance is used as a tiebreaker when two routes to the same destination had different next-hop IP addresses but the same prefix length. BGP uses path attributes to make this choice.
The first attribute considered by BGP is weight. Weight is a Cisco-proprietary BGP attribute, so if you're working in a multivendor environment you should work with another attribute to influence path selection.
The weight attribute is significant only to the router on which it is changed. If you set a higher weight for a particular route in order to give it preference (a higher weight is preferred over a lower one), that weight is not advertised to other routers.
BGP uses categories such as "transitive", "non-transitive", "mandatory", and "optional" to classify attributes. Since weight is a locally significant Cisco-proprietary attribute, it does not all into any of these categories.
The weight can be changed on a single route via a route-map, or it can be set for a different weight for all routes received from a given neighbor. To change the weight for all incoming routes, use the "weight" option with the neighbor command after forming the BGP peer relationships.
R2(config)#router bgp 100
R2(config-router)#neighbor 100.1.1.1 remote-as 10
R2(config-router)#neighbor 100.1.1.1 weight 200
Learning all of the BGP attributes, as well as when to use them, can seem an overwhelming task when you first start studying for your BSCI and CCNP exams. Break this task down into small parts, learn one attribute at a time, and soon you'll have the BGP attributes mastered.
Path attributes are a unique feature of BGP. With interior gateway protocols such as OSPF and EIGRP, administrative distance is used as a tiebreaker when two routes to the same destination had different next-hop IP addresses but the same prefix length. BGP uses path attributes to make this choice.
The first attribute considered by BGP is weight. Weight is a Cisco-proprietary BGP attribute, so if you're working in a multivendor environment you should work with another attribute to influence path selection.
The weight attribute is significant only to the router on which it is changed. If you set a higher weight for a particular route in order to give it preference (a higher weight is preferred over a lower one), that weight is not advertised to other routers.
BGP uses categories such as "transitive", "non-transitive", "mandatory", and "optional" to classify attributes. Since weight is a locally significant Cisco-proprietary attribute, it does not all into any of these categories.
The weight can be changed on a single route via a route-map, or it can be set for a different weight for all routes received from a given neighbor. To change the weight for all incoming routes, use the "weight" option with the neighbor command after forming the BGP peer relationships.
R2(config)#router bgp 100
R2(config-router)#neighbor 100.1.1.1 remote-as 10
R2(config-router)#neighbor 100.1.1.1 weight 200
Learning all of the BGP attributes, as well as when to use them, can seem an overwhelming task when you first start studying for your BSCI and CCNP exams. Break this task down into small parts, learn one attribute at a time, and soon you'll have the BGP attributes mastered.
Cisco CCNP Certification / BSCI Exam Tutorial: ISIS Hellos And Adjacencies
In my last ISIS tutorial, I mentioned that while ISIS and OSPF are both link state protocols, their actual operation differs greatly. To pass the BSCI exam and earn your CCNP, you'll need to know these differences! Today, we'll take a look at ISIS Hello types and the adjacency types that form through the use of these Hellos.
Hello packets have been mentioned several times with ISIS, and with good reason. Hello packets are the heartbeat of OSPF and ISIS when heartbeats are no longer heard from a neighbor, that adjacency will be dropped. A major difference between OSPF and ISIS is that OSPF has one type of Hello packet, where ISIS actually has three!
An ES Hello (ESH) is send by all End Systems, and all IS devices listen for this Hello. This is how a router (IS) discovers a host (ES).
An IS Hello (ISH) announces the presence of an IS. An IS Hello is sent by all IS devices, and End Systems listen for these hellos.
An IS-to-IS Hello (IIH) is used by an IS to discover other ISes and to form adjacencies with them.
An interesting side note: A router will send an IIH to another router on the link to form or maintain an adjacency, but it will still send an ISH as well in case there are end systems located on that segment.
ISIS and OSPF both create and maintain adjacencies with the Hello packet. Let's take a look at the rules regarding ISIS adjacencies as well as the adjacency types.
L1 and L2 Hellos are different messages, so an L1 router must exchange Hellos with another L1 router to form an adjacency, just as L2 routers form adjacencies with L2 routers. L1 routers can only form an adjacency with an L2 router if one of the two routers involved is actually an L1/L2 router.
L1 routers must be in the same area in order to form an adjacency. The Hello timers, as well as the MTU, must match between the interfaces used to form the adjacency.
That's a lot of L1, L2, and L1/L2, isn't it? Let's review the adjacencies each router type can form:
L1: Can form adjacency with any L1 in the same area and any L1/L2 in the same area.
L2: Can form adjacency with any L2 in any area, and with an L1/L2 in any area.
L1/L2: Can form adjacency with any L1 in the same area, L1/L2 in any area, and L2 in any area.
Knowing the similarities and differences regarding ISIS and OSPF is vital for CCNP exam success. Take your time, master the fundamentals, and before long the magic letters “CCNP” are behind your name and on your resume!
Hello packets have been mentioned several times with ISIS, and with good reason. Hello packets are the heartbeat of OSPF and ISIS when heartbeats are no longer heard from a neighbor, that adjacency will be dropped. A major difference between OSPF and ISIS is that OSPF has one type of Hello packet, where ISIS actually has three!
An ES Hello (ESH) is send by all End Systems, and all IS devices listen for this Hello. This is how a router (IS) discovers a host (ES).
An IS Hello (ISH) announces the presence of an IS. An IS Hello is sent by all IS devices, and End Systems listen for these hellos.
An IS-to-IS Hello (IIH) is used by an IS to discover other ISes and to form adjacencies with them.
An interesting side note: A router will send an IIH to another router on the link to form or maintain an adjacency, but it will still send an ISH as well in case there are end systems located on that segment.
ISIS and OSPF both create and maintain adjacencies with the Hello packet. Let's take a look at the rules regarding ISIS adjacencies as well as the adjacency types.
L1 and L2 Hellos are different messages, so an L1 router must exchange Hellos with another L1 router to form an adjacency, just as L2 routers form adjacencies with L2 routers. L1 routers can only form an adjacency with an L2 router if one of the two routers involved is actually an L1/L2 router.
L1 routers must be in the same area in order to form an adjacency. The Hello timers, as well as the MTU, must match between the interfaces used to form the adjacency.
That's a lot of L1, L2, and L1/L2, isn't it? Let's review the adjacencies each router type can form:
L1: Can form adjacency with any L1 in the same area and any L1/L2 in the same area.
L2: Can form adjacency with any L2 in any area, and with an L1/L2 in any area.
L1/L2: Can form adjacency with any L1 in the same area, L1/L2 in any area, and L2 in any area.
Knowing the similarities and differences regarding ISIS and OSPF is vital for CCNP exam success. Take your time, master the fundamentals, and before long the magic letters “CCNP” are behind your name and on your resume!
Cisco CCNP Certification / BSCI Exam Tutorial: Floating Static Routes
Passing the BSCI exam and earning your CCNP certification demands that you add greatly to the networking skills foundation you created when you studied for your CCNA certification. You learned quite a bit about static routing and default static routing when you passed the CCNA test, and it does seem like that should be all you need to know about static routing, right?
One thing you'll learn as you continue to earn Cisco certifications is that there's always something else to learn! You may have heard the term "floating static route", which does suggest some interesting mental pictures. "Floating"? Floating on what?
In a way, a floating static route is "floating" in your routing table. A floating static route is a route that will be used only if routes for the same destination but with a lower administrative distance are removed from the table. For example, you could be using an OSPF-discovered route as your primary route to a given destination, and the floating static route would serve as a backup route that would be used only if the OSPF route leaves the routing table.
Now, how can that happen? After all, OSPF has an administrative distance of 110 and static routes have ADs of one or zero, depending on whether it's configured with a next-hop IP address or a local exit interface. One way or the other, 1 and 0 are still less than 110!
When you want to configure a floating static route, you must assign the route an AD higher than that of the primary route. In this case, we've got to create a static route with an AD higher than 110. We do this by using the "distance" option at the end of the "ip route" command.
R1(config)#ip route 110.1.1.0 255.255.255.0 172.12.123.1 ?
<1-255> Distance metric for this route
name Specify name of the next hop
permanent permanent route
tag Set tag for this route
R1(config)#ip route 110.1.1.0 255.255.255.0 172.12.123.1 111
The number entered at the very end of the "ip route" command is the AD of that route. If there is an OSPF route for 110.1.1.0 /24, that will be the primary route, and the floating static route will not be used unless the OSPF route is taken out of the routing table.
Floating static routes aren't just a good thing to know for the BSCI exam and your CCNP certification pursuit - they're very practical in the real world as well.
One thing you'll learn as you continue to earn Cisco certifications is that there's always something else to learn! You may have heard the term "floating static route", which does suggest some interesting mental pictures. "Floating"? Floating on what?
In a way, a floating static route is "floating" in your routing table. A floating static route is a route that will be used only if routes for the same destination but with a lower administrative distance are removed from the table. For example, you could be using an OSPF-discovered route as your primary route to a given destination, and the floating static route would serve as a backup route that would be used only if the OSPF route leaves the routing table.
Now, how can that happen? After all, OSPF has an administrative distance of 110 and static routes have ADs of one or zero, depending on whether it's configured with a next-hop IP address or a local exit interface. One way or the other, 1 and 0 are still less than 110!
When you want to configure a floating static route, you must assign the route an AD higher than that of the primary route. In this case, we've got to create a static route with an AD higher than 110. We do this by using the "distance" option at the end of the "ip route" command.
R1(config)#ip route 110.1.1.0 255.255.255.0 172.12.123.1 ?
<1-255> Distance metric for this route
name Specify name of the next hop
permanent permanent route
tag Set tag for this route
R1(config)#ip route 110.1.1.0 255.255.255.0 172.12.123.1 111
The number entered at the very end of the "ip route" command is the AD of that route. If there is an OSPF route for 110.1.1.0 /24, that will be the primary route, and the floating static route will not be used unless the OSPF route is taken out of the routing table.
Floating static routes aren't just a good thing to know for the BSCI exam and your CCNP certification pursuit - they're very practical in the real world as well.
Cisco CCNP Certification / BSCI Exam Tutorial: An Introduction To BGP
When you're studying for the BSCI exam on the way to earning your CCNP certification, it's safe to say that BGP is like nothing you’ve studied to this point. BGP is an external routing protocol used primarily by Internet Service Providers (ISPs). Unless you work for an ISP today or in the future, you may have little or no prior exposure to BGP. Understanding BGP is a great addition to your skill set – and you have to know the basics well to pass the BSCI exam.
Note that I said “the basics”. BGP is a very complex protocol, and when you pursue your CCIE, you’ll see what I’m talking about. As with all things Cisco, though, when broken down into smaller pieces, BGP becomes quite understandable. You will need to know the basics of BGP as presented in this chapter to pass your BSCI exam – so let’s get started.
BGP Defined:
“An Internet protocol that enables groups of routers (called autonomous systems) to share routing information so that efficient, loop-free routes can be established. BGP is commonly used within and between Internet Service Providers (ISPs).”
There are a couple of terms in there that apply to the protocols you’ve mastered so far in your studies. The term “autonomous system” applies to IGRP and EIGRP as well as BGP; you’ll be indicating a BGP AS in your configurations just as you did with IGRP and EIGRP. And we’re always looking for efficient, loop-free routes, right? As it did with IGRP and EIGRP, "autonomous system" simply refers to a group of routers that is managed by a single administrative body. An autonomous system will use an Interior Gateway Protocol (IGP) such as OSPF or EIGRP to route packets inside the AS; outside the AS, an Exterior Gateway Protocol (EGP) such as BGP will be used.
BGP shares some characteristics with some routing protocols you’ve already studied. BGP supports VLSM, summarization, and CIDR. Like EIGRP, BGP will send full updates when two routers initially become neighbors and will send only partial updates after that. BGP does create and maintain neighbor relationships before exchanging routes, and keepalives are sent to keep this relationship alive.
BGP has some major differences from the IGPs we’ve studied to this point. You’ll hear BGP referred to as a path-vector protocol. As opposed to distance-vector protocols that exchange relatively simple information about available routes, BGP routers will exchange extensive information about networks to allow the routers to make more intelligent routing decisions. This additional BGP path information comes in the form of attributes, and these path attributes are contained in the updates sent by BGP routers. Attributes themselves are broken up into two classes, well-known and optional.
BGP also keeps a routing table separate from the IP routing table.
We'll take a look at BGP attributes in future BSCI tutorials. In the meantime, keep studying!
Note that I said “the basics”. BGP is a very complex protocol, and when you pursue your CCIE, you’ll see what I’m talking about. As with all things Cisco, though, when broken down into smaller pieces, BGP becomes quite understandable. You will need to know the basics of BGP as presented in this chapter to pass your BSCI exam – so let’s get started.
BGP Defined:
“An Internet protocol that enables groups of routers (called autonomous systems) to share routing information so that efficient, loop-free routes can be established. BGP is commonly used within and between Internet Service Providers (ISPs).”
There are a couple of terms in there that apply to the protocols you’ve mastered so far in your studies. The term “autonomous system” applies to IGRP and EIGRP as well as BGP; you’ll be indicating a BGP AS in your configurations just as you did with IGRP and EIGRP. And we’re always looking for efficient, loop-free routes, right? As it did with IGRP and EIGRP, "autonomous system" simply refers to a group of routers that is managed by a single administrative body. An autonomous system will use an Interior Gateway Protocol (IGP) such as OSPF or EIGRP to route packets inside the AS; outside the AS, an Exterior Gateway Protocol (EGP) such as BGP will be used.
BGP shares some characteristics with some routing protocols you’ve already studied. BGP supports VLSM, summarization, and CIDR. Like EIGRP, BGP will send full updates when two routers initially become neighbors and will send only partial updates after that. BGP does create and maintain neighbor relationships before exchanging routes, and keepalives are sent to keep this relationship alive.
BGP has some major differences from the IGPs we’ve studied to this point. You’ll hear BGP referred to as a path-vector protocol. As opposed to distance-vector protocols that exchange relatively simple information about available routes, BGP routers will exchange extensive information about networks to allow the routers to make more intelligent routing decisions. This additional BGP path information comes in the form of attributes, and these path attributes are contained in the updates sent by BGP routers. Attributes themselves are broken up into two classes, well-known and optional.
BGP also keeps a routing table separate from the IP routing table.
We'll take a look at BGP attributes in future BSCI tutorials. In the meantime, keep studying!
Cisco CCNP Certification / BSCI Exam Tutorial: Route Summarization Basics
As you earn your CCNA and CCNP certification, you're going to have to get comfortable with manually summarizing routes. This isn't just another reason to learn binary math (although it's a good one!), but summarizing routes is a true real-world skill that can help your network operate more efficiently. So the question isn't just how to summarize routes, it's why.
When you summarize routes in RIP, IGRP, EIGRP, or OSPF, you're replacing a series of routes with a summary route and mask. With RIP, IGRP, and EIGRP, this actually lessens the size of the routing update packet itself - multiple routes are replaced with the summary route. For instance, the routes 8.0.0.0/8, 9.0.0.0/8, 10.0.0.0/8, and 11.0.0.0/8 can be summarized as 8.0.0.0 252.0.0.0. Only the summary address will be found in the update packet, making it concise yet complete.
Summarizing routes can also make the routing table smaller, yet still allow for complete IP connectivity when done correctly. Using the above example, the four more-specific routes will be replaced by a single summary route. Since the entire routing table is parsed before the routing process is complete, keeping the routing table as small as possible does help speed the routing process as a whole.
To prepare for success on your CCNA and CCNP exam, you've got to know how to summarize routes as well as the specific commands for doing so with OSPF, EIGRP, RIP, and IGRP - but knowing why to summarize routes is just as important as knowing how! Here are some additional tips on route summarization.
With RIP version 2 and EIGRP, manual route summarization is configured on the interface that will be advertising the summary. This is done with the route summarization command "ip summary-address."
RIP version 2 and EIGRP also both perform autosummarization on routes that are advertised across classful network boundaries. This is disabled with the protocol-level command "no auto-summary".
OSPF offers two different route summarization commands. To summarize routes from one OSPF area to another, use the "area range" command; to summarize routes learned via redistribution, use the "summary-address" command on the ASBR.
With proper planning and an understanding of binary math, you'll master route summarization quickly with some practice - and you'll be ready for success on real-world networks as well as the CCNA and CCNP exams!
When you summarize routes in RIP, IGRP, EIGRP, or OSPF, you're replacing a series of routes with a summary route and mask. With RIP, IGRP, and EIGRP, this actually lessens the size of the routing update packet itself - multiple routes are replaced with the summary route. For instance, the routes 8.0.0.0/8, 9.0.0.0/8, 10.0.0.0/8, and 11.0.0.0/8 can be summarized as 8.0.0.0 252.0.0.0. Only the summary address will be found in the update packet, making it concise yet complete.
Summarizing routes can also make the routing table smaller, yet still allow for complete IP connectivity when done correctly. Using the above example, the four more-specific routes will be replaced by a single summary route. Since the entire routing table is parsed before the routing process is complete, keeping the routing table as small as possible does help speed the routing process as a whole.
To prepare for success on your CCNA and CCNP exam, you've got to know how to summarize routes as well as the specific commands for doing so with OSPF, EIGRP, RIP, and IGRP - but knowing why to summarize routes is just as important as knowing how! Here are some additional tips on route summarization.
With RIP version 2 and EIGRP, manual route summarization is configured on the interface that will be advertising the summary. This is done with the route summarization command "ip summary-address."
RIP version 2 and EIGRP also both perform autosummarization on routes that are advertised across classful network boundaries. This is disabled with the protocol-level command "no auto-summary".
OSPF offers two different route summarization commands. To summarize routes from one OSPF area to another, use the "area range" command; to summarize routes learned via redistribution, use the "summary-address" command on the ASBR.
With proper planning and an understanding of binary math, you'll master route summarization quickly with some practice - and you'll be ready for success on real-world networks as well as the CCNA and CCNP exams!
Cisco CCNP Certification / BSCI Exam Tutorial: Comparing IRDP And HSRP
To pass the BSCI exam, you need to know the difference between IRDP and HSRP. While they have the same basic function, the operation and configuration of each are totally different.
The aim of both is to allow hosts to quickly discover a standby router when the primary router fails. IRDP is commonly used by Windows DHCP clients and several Unix variations, but you do see it in Cisco routers as well. IRDP is defined in RFC 1256.
IRDP routers will multicast Hello messages that host devices hear. If a host hears from more than one IRDP router, it will choose one as its primary and will start using the other router if the primary it's chosen goes down.
HSRP is a Cisco-proprietary protocol that is designed for quick cutover to a secondary router if the primary fails, but the host devices don't "see" either the primary or secondary router. The hosts use a virtual router as their default gateway. This virtual router has its own IP and MAC address! All the while, the router chosen as the primary is actually the one doing the routing. If the primary router goes down, the secondary router quickly takes over with no major interruption to network services.
The HSRP routers communicate by multicasting updates to 224.0.0.2, and its through these hellos that the HSRP routers decide which router is primary and which is secondary. HSRP is defined in RFC 2281.
The configuration of each of these will be covered in a future tutorial. In the meantime, I urge you to read the RFCs mentioned in this article, and visit www.cisco.com/univercd to read about the configurations and options available for both of these vital protocols.
The aim of both is to allow hosts to quickly discover a standby router when the primary router fails. IRDP is commonly used by Windows DHCP clients and several Unix variations, but you do see it in Cisco routers as well. IRDP is defined in RFC 1256.
IRDP routers will multicast Hello messages that host devices hear. If a host hears from more than one IRDP router, it will choose one as its primary and will start using the other router if the primary it's chosen goes down.
HSRP is a Cisco-proprietary protocol that is designed for quick cutover to a secondary router if the primary fails, but the host devices don't "see" either the primary or secondary router. The hosts use a virtual router as their default gateway. This virtual router has its own IP and MAC address! All the while, the router chosen as the primary is actually the one doing the routing. If the primary router goes down, the secondary router quickly takes over with no major interruption to network services.
The HSRP routers communicate by multicasting updates to 224.0.0.2, and its through these hellos that the HSRP routers decide which router is primary and which is secondary. HSRP is defined in RFC 2281.
The configuration of each of these will be covered in a future tutorial. In the meantime, I urge you to read the RFCs mentioned in this article, and visit www.cisco.com/univercd to read about the configurations and options available for both of these vital protocols.
Cisco CCNP Certification / BCMSN Exam Tutorial: The HSRP MAC Address
To pass the BCMSN exam and earn your CCNP, you've got to know HSRP inside and out! Part of that is knowing how the MAC address of the virtual router is derived, and another part is knowing how to change this address. We'll look at both features in this tutorial.
We've got two routers on a segment running HSRP, so first we need to find out what the MAC address of the HSRP virtual router is. The show command for HSRP is show standby, and it's the first command you should run while configuring and troubleshooting HSRP. Let's run it on both routers and compare results.
R2#show standby
Ethernet0 - Group 5
Local state is Standby, priority 100
Hellotime 3 sec, holdtime 10 sec
Next hello sent in 0.776
Virtual IP address is 172.12.23.10 configured
Active router is 172.12.23.3, priority 100 expires in 9.568
Standby router is local
1 state changes, last state change 00:00:22
R3#show standby
Ethernet0 - Group 5
Local state is Active, priority 100
Hellotime 3 sec, holdtime 10 sec
Next hello sent in 2.592
Virtual IP address is 172.12.23.10 configured
Active router is local
Standby router is 172.12.23.2 expires in 8.020
Virtual mac address is 0000.0c07.ac05
2 state changes, last state change 00:02:08
R3 is in Active state, while R2 is in Standby. The hosts are using the 172.12.123.10 address as their gateway, but R3 is actually handling the workload. R2 will take over if R3 becomes unavailable.
An IP address was statically assigned to the virtual router, but not a MAC address. However, there is a MAC address under the show standby output on R3, the active router. How did the HSRP process arrive at a MAC of 00-00-0c-07-ac-05?
Well, most of the work is already done before the configuration is even begun. The MAC address 00-00-0c-07-ac-xx is reserved for HSRP, and xx is the group number in hexadecimal. That's a good skill to have for the exam, so make sure you're comfortable with hex conversions. The group number is 5, which is expressed as 05 with a two-bit hex character. If the group number had been 17, we'd see 11 at the end of the MAC address - one unit of 16, one unit of 1.
On rare occasions, you may have to change the MAC address assigned to the virtual router. This is done with the standby mac-address command. Just make sure you're not duplicating a MAC address that's already on your network!
R2(config-if)#standby 5 mac-address 0000.1111.2222
1d12h: %STANDBY-6-STATECHANGE: Ethernet0 Group 5 state Active -> Learn
R2#show standby
Ethernet0 - Group 5
Local state is Active, priority 150, may preempt
Hellotime 4 sec, holdtime 12 sec
Next hello sent in 3.476
Virtual IP address is 172.12.23.10 configured
Active router is local
Standby router is 172.12.23.3 expires in 10.204
Virtual mac address is 0000.1111.2222 configured
4 state changes, last state change 00:00:00
1d12h: %STANDBY-6-STATECHANGE: Ethernet0 Group 5 state Listen -> Active
The MAC address will take a few seconds to change, and the HSRP routers will go into Learn state for that time period.
A real-world HSRP troubleshooting note: If you see constant state changes with your HSRP configuration, do what you should always do when troubleshooting - check the physical layer first. Best of luck on your BCMSN exam!
We've got two routers on a segment running HSRP, so first we need to find out what the MAC address of the HSRP virtual router is. The show command for HSRP is show standby, and it's the first command you should run while configuring and troubleshooting HSRP. Let's run it on both routers and compare results.
R2#show standby
Ethernet0 - Group 5
Local state is Standby, priority 100
Hellotime 3 sec, holdtime 10 sec
Next hello sent in 0.776
Virtual IP address is 172.12.23.10 configured
Active router is 172.12.23.3, priority 100 expires in 9.568
Standby router is local
1 state changes, last state change 00:00:22
R3#show standby
Ethernet0 - Group 5
Local state is Active, priority 100
Hellotime 3 sec, holdtime 10 sec
Next hello sent in 2.592
Virtual IP address is 172.12.23.10 configured
Active router is local
Standby router is 172.12.23.2 expires in 8.020
Virtual mac address is 0000.0c07.ac05
2 state changes, last state change 00:02:08
R3 is in Active state, while R2 is in Standby. The hosts are using the 172.12.123.10 address as their gateway, but R3 is actually handling the workload. R2 will take over if R3 becomes unavailable.
An IP address was statically assigned to the virtual router, but not a MAC address. However, there is a MAC address under the show standby output on R3, the active router. How did the HSRP process arrive at a MAC of 00-00-0c-07-ac-05?
Well, most of the work is already done before the configuration is even begun. The MAC address 00-00-0c-07-ac-xx is reserved for HSRP, and xx is the group number in hexadecimal. That's a good skill to have for the exam, so make sure you're comfortable with hex conversions. The group number is 5, which is expressed as 05 with a two-bit hex character. If the group number had been 17, we'd see 11 at the end of the MAC address - one unit of 16, one unit of 1.
On rare occasions, you may have to change the MAC address assigned to the virtual router. This is done with the standby mac-address command. Just make sure you're not duplicating a MAC address that's already on your network!
R2(config-if)#standby 5 mac-address 0000.1111.2222
1d12h: %STANDBY-6-STATECHANGE: Ethernet0 Group 5 state Active -> Learn
R2#show standby
Ethernet0 - Group 5
Local state is Active, priority 150, may preempt
Hellotime 4 sec, holdtime 12 sec
Next hello sent in 3.476
Virtual IP address is 172.12.23.10 configured
Active router is local
Standby router is 172.12.23.3 expires in 10.204
Virtual mac address is 0000.1111.2222 configured
4 state changes, last state change 00:00:00
1d12h: %STANDBY-6-STATECHANGE: Ethernet0 Group 5 state Listen -> Active
The MAC address will take a few seconds to change, and the HSRP routers will go into Learn state for that time period.
A real-world HSRP troubleshooting note: If you see constant state changes with your HSRP configuration, do what you should always do when troubleshooting - check the physical layer first. Best of luck on your BCMSN exam!
Cisco CCNP Certification / BCMSN Exam Tutorial: Writing QoS Policy
QoS - Quality of Service - is a huge topic on both the BCMSN exam and real-world networks. QoS is so big today that Cisco's created separate specialist certifications that cover nothing but QoS! It can be an overwhelming topic at first, but master the fundamentals and you're on your way to exam and job success.
If you work with QoS at any level - and sooner or later, you will - you've got to know how to write and apply QoS policies.
Creating and applying such a policy is a three-step process.
1. Create a QoS class to identify the traffic that will be affected by the policy.
2. Create a QoS policy containing the actions to be taken by traffic identified by the class.
3. Apply the policy to the appropriate interfaces.
If the phrase "identify the traffic" sounds like it's time to write an access-list, you're right! Writing an ACL is one of two ways to classify traffic, and is the more common of the two. Before we get to the less-common method, let's take a look at how to use an ACL to classify traffic.
You can use either a standard or extended ACL with QoS policies. The ACL will be written separately, and then called from the class map.
SW1(config)#access-list 105 permit tcp any any eq 80
SW1(config)#class-map WEBTRAFFIC
SW1(config-cmap)#match access-group 105
Now that we've identified the traffic to be affected by the policy, we better get around to writing the policy! QoS policies are configured with the policy-map command, and each clause of the policy will contain an action to be taken to traffic matching that clause.
SW1(config)#policy-map LIMIT_WEBTRAFFIC_BANDWIDTH
SW1(config-pmap)#class WEBTRAFFIC
SW1(config-pmap-c)#police 5000000 exceed-action drop
SW1(config-pmap-c)#exit
This is a simple policy, but it illustrates the logic of QoS policies. The policy map LIMIT_WEBTRAFFIC_BANDWIDTH calls the map-class WEBTRAFFIC. We already know that all WWW traffic will match that map class, so any WWW traffic that exceeds the stated bandwidth limitation will be dropped.
Finally, apply the policy to the appropriate interface.
SW1(config-if)#service-policy LIMIT_WEBTRAFFIC_BANDWIDTH in
Getting your CCNP is a great way to boost your career, and learning QoS is a tremendous addition to your skill set. Like I said, learn the fundamentals, don't get overwhelmed by looking at QoS as a whole, and you're on your way to success!
If you work with QoS at any level - and sooner or later, you will - you've got to know how to write and apply QoS policies.
Creating and applying such a policy is a three-step process.
1. Create a QoS class to identify the traffic that will be affected by the policy.
2. Create a QoS policy containing the actions to be taken by traffic identified by the class.
3. Apply the policy to the appropriate interfaces.
If the phrase "identify the traffic" sounds like it's time to write an access-list, you're right! Writing an ACL is one of two ways to classify traffic, and is the more common of the two. Before we get to the less-common method, let's take a look at how to use an ACL to classify traffic.
You can use either a standard or extended ACL with QoS policies. The ACL will be written separately, and then called from the class map.
SW1(config)#access-list 105 permit tcp any any eq 80
SW1(config)#class-map WEBTRAFFIC
SW1(config-cmap)#match access-group 105
Now that we've identified the traffic to be affected by the policy, we better get around to writing the policy! QoS policies are configured with the policy-map command, and each clause of the policy will contain an action to be taken to traffic matching that clause.
SW1(config)#policy-map LIMIT_WEBTRAFFIC_BANDWIDTH
SW1(config-pmap)#class WEBTRAFFIC
SW1(config-pmap-c)#police 5000000 exceed-action drop
SW1(config-pmap-c)#exit
This is a simple policy, but it illustrates the logic of QoS policies. The policy map LIMIT_WEBTRAFFIC_BANDWIDTH calls the map-class WEBTRAFFIC. We already know that all WWW traffic will match that map class, so any WWW traffic that exceeds the stated bandwidth limitation will be dropped.
Finally, apply the policy to the appropriate interface.
SW1(config-if)#service-policy LIMIT_WEBTRAFFIC_BANDWIDTH in
Getting your CCNP is a great way to boost your career, and learning QoS is a tremendous addition to your skill set. Like I said, learn the fundamentals, don't get overwhelmed by looking at QoS as a whole, and you're on your way to success!
Cisco CCNP Certification / BCMSN Exam Tutorial: Uplinkfast
You remember from your CCNA studies that when a port goes through the transition from blocking to forwarding, you're looking at a 50-second delay before that port can actually begin forwarding frames. Configuring a port with PortFast is one way to get around that, but again, you can only use it when a single host device is found off the port. What if the device connected to a port is another switch?
A switch can be connected to two other switches, giving that local switch a redundant path to the root bridge, and that's great - we always want a backup plan! However, STP will only allow one path to be available, but if the available path to the root switch goes down, there will be a 50-second delay due to the STP timers MaxAge and ForwardDelay before the currently blocked path will be available.
The delay is there to prevent switching loops, and we can't use PortFast to shorten the delay since these are switches, not host devices. What we can use is Uplinkfast.
The ports that SW3 could potentially use to reach the root switch are collectively referred to as an uplink group. The uplink group includes the ports in forwarding and blocking mode. If the forwarding port in the uplink group sees that the link has gone down, another port in the uplink group will be transitioned from blocking to forwarding immediately. Uplinkfast is pretty much PortFast for wiring closets. (Cisco recommends that Uplinkfast not be used on switches in the distribution and core layers.)
Some additional details regarding Uplinkfast:
The actual transition from blocking to forwarding mode takes about three seconds.
Uplinkfast cannot be configured on a root switch.
Uplinkfast is configured globally. You can't run Uplinkfast on some ports or on a per-VLAN basis - it's all or nothing.
The original root port will become the root port again when it detects that its link to the root switch has come back up. This does not take place immediately. The switch uses the following formula to determine how long to wait before transitioning back to the forwarding state:
( 2 x FwdDelay) + 5 seconds
Uplinkfast will take immediate action to ensure that the switch upon which it is configured cannot become the root switch. First, the switch priority will be set to 49,152, which means that if all other switches are still at their default priority, they'd all have to go down before this switch can possibly become the root switch. Additionally, the STP Port Cost will be increased by 3000, making it highly unlikely that this switch will be used to reach the root switch by any downstream switches.
And you just know there's got to be at least one option with this command, right? Let's run IOS Help and see.
SW2(config)#spanning-tree uplinkfast ?
max-update-rate Rate at which station address updates are sent
When there is a direct link failure, dummy multicast frames are sent to the MAC destination 0100.0ccd.cdcd. The max-update-rate value determines how many of these frames will be sent in a 100-millisecond time period.
Mastering the details of UplinkFast, BackboneFast, BPDU Guard, and Loop Guard are vital to your success on the CCNP exams, and one or more of these features are in use on almost every network in the world. Learn these features for success in both the exam room and the real world!
A switch can be connected to two other switches, giving that local switch a redundant path to the root bridge, and that's great - we always want a backup plan! However, STP will only allow one path to be available, but if the available path to the root switch goes down, there will be a 50-second delay due to the STP timers MaxAge and ForwardDelay before the currently blocked path will be available.
The delay is there to prevent switching loops, and we can't use PortFast to shorten the delay since these are switches, not host devices. What we can use is Uplinkfast.
The ports that SW3 could potentially use to reach the root switch are collectively referred to as an uplink group. The uplink group includes the ports in forwarding and blocking mode. If the forwarding port in the uplink group sees that the link has gone down, another port in the uplink group will be transitioned from blocking to forwarding immediately. Uplinkfast is pretty much PortFast for wiring closets. (Cisco recommends that Uplinkfast not be used on switches in the distribution and core layers.)
Some additional details regarding Uplinkfast:
The actual transition from blocking to forwarding mode takes about three seconds.
Uplinkfast cannot be configured on a root switch.
Uplinkfast is configured globally. You can't run Uplinkfast on some ports or on a per-VLAN basis - it's all or nothing.
The original root port will become the root port again when it detects that its link to the root switch has come back up. This does not take place immediately. The switch uses the following formula to determine how long to wait before transitioning back to the forwarding state:
( 2 x FwdDelay) + 5 seconds
Uplinkfast will take immediate action to ensure that the switch upon which it is configured cannot become the root switch. First, the switch priority will be set to 49,152, which means that if all other switches are still at their default priority, they'd all have to go down before this switch can possibly become the root switch. Additionally, the STP Port Cost will be increased by 3000, making it highly unlikely that this switch will be used to reach the root switch by any downstream switches.
And you just know there's got to be at least one option with this command, right? Let's run IOS Help and see.
SW2(config)#spanning-tree uplinkfast ?
max-update-rate Rate at which station address updates are sent
When there is a direct link failure, dummy multicast frames are sent to the MAC destination 0100.0ccd.cdcd. The max-update-rate value determines how many of these frames will be sent in a 100-millisecond time period.
Mastering the details of UplinkFast, BackboneFast, BPDU Guard, and Loop Guard are vital to your success on the CCNP exams, and one or more of these features are in use on almost every network in the world. Learn these features for success in both the exam room and the real world!
Cisco CCNP / BSCI Tutorial: The Role Of The OSPF ASBR
To pass the BSCI exam and earn your CCNP certification, you've got to master the (many) details of OSPF. You might have thought there were quite a few OSPF details in your CCNA studies, but you'll now build on that foundation on the way to earning your CCNP.
One such detail is the role of the Autonomous System Border Router (ASBR) in OSPF. The name itself raises some eyebrows, since you learned in your CCNA studies that OSPF doesn't use autonomous systems! Just as an OSPF Area Border Router borders multiple OSPF areas, the ASBR borders the entire OSPF domain and another source of routes. This can be another dynamic routing protocol, or directly connected networks that are not being advertised into OSPF by the network command.
Let's say we have a router running both OSPF and RIP version 2. By default, the RIP process will not contain any OSPF-discovered routes, and vice versa. The two separate routing processes are just that - separate. If we want the other OSPF routers to know about the RIP routes, route redistribution must be configured. When the RIP routes are redistributed into OSPF, that router is then an ASBR.
In the below example, RIP subnets have been redistributed into OSPF. A seed metric is not necessary when redistributing routes into OSPF. The command "show ip ospf" confirms that this router is now an ASBR.
R1(config)#router ospf 1
R1(config-router)#redistribute rip subnets
R1#show ip ospf
Routing Process "ospf 1" with ID 1.1.1.1
Supports only single TOS(TOS0) routes
Supports opaque LSA
It is an autonomous system boundary router
The ASBR can also perform route summarization on the routes being injected into OSPF with the summary-address command. (To configure OSPF inter-area summarization, use the area range command.) By mastering route summarization and route redistribution, you're well on your way to passing the BSCI exam and earning your CCNP certification!
One such detail is the role of the Autonomous System Border Router (ASBR) in OSPF. The name itself raises some eyebrows, since you learned in your CCNA studies that OSPF doesn't use autonomous systems! Just as an OSPF Area Border Router borders multiple OSPF areas, the ASBR borders the entire OSPF domain and another source of routes. This can be another dynamic routing protocol, or directly connected networks that are not being advertised into OSPF by the network command.
Let's say we have a router running both OSPF and RIP version 2. By default, the RIP process will not contain any OSPF-discovered routes, and vice versa. The two separate routing processes are just that - separate. If we want the other OSPF routers to know about the RIP routes, route redistribution must be configured. When the RIP routes are redistributed into OSPF, that router is then an ASBR.
In the below example, RIP subnets have been redistributed into OSPF. A seed metric is not necessary when redistributing routes into OSPF. The command "show ip ospf" confirms that this router is now an ASBR.
R1(config)#router ospf 1
R1(config-router)#redistribute rip subnets
R1#show ip ospf
Routing Process "ospf 1" with ID 1.1.1.1
Supports only single TOS(TOS0) routes
Supports opaque LSA
It is an autonomous system boundary router
The ASBR can also perform route summarization on the routes being injected into OSPF with the summary-address command. (To configure OSPF inter-area summarization, use the area range command.) By mastering route summarization and route redistribution, you're well on your way to passing the BSCI exam and earning your CCNP certification!
Cisco CCNP / BSCI Tutorial: The BGP Attribute NEXT_HOP
When you're studying for the BSCI exam on the way to earning your CCNP certification, you've got to master the use of BGP attributes. These attributes allow you to manipulate the path or paths that BGP will use to reach a given destination when multiple paths to that destination exist.
In this free BGP tutorial, we're going to take a look at the NEXT_HOP attribute. You may be thinking "hey, how complicated can this attribute be?" It's not very complicated at all, but this being Cisco, there's got to be at least one unusual detail about it, right?
The NEXT_HOP attribute is simple enough - this attribute indicates the next-hop IP address that should be taken to reach a destination. In the following example, R1 is a hub router and R2 and R3 are spokes. All three routers are in BGP AS 100, with R1 having a peer relationship with both R2 and R3. There is no BGP peering between R2 and R3.
R3 is advertising the network 33.3.0.0 /24 via BGP, and the value of the next-hop attribute on R1 is the IP address on R3 that is used in the peer relationship, 172.12.123.3.
The issue with the next-hop attribute comes in when the route is advertised to BGP peers. If R3 were in a separate AS from R1 and R2, R1 would then advertise the route to R2 with the next-hop attribute set to 172.12.123.3. When a BGP speaker advertises a route to iBGP peers that was originally learned from an eBGP peer, the next-hop value is retained.
Here, all three routers are in AS 100. What will the next-hop attribute be set to when R1 advertises the route to its iBGP neighbor R2?
R2#show ip bgp
< no output >
There will be no next-hop attribute for the route on R2, because the route will not appear on R2. By default, a BGP speaker will not advertise a route to iBGP neighbors if the route was first learned from another iBGP neighbor.
Luckily for us, there are several ways around this rule. The most common is the use of route reflectors, and we'll look at RRs in a future free BGP tutorial.
In this free BGP tutorial, we're going to take a look at the NEXT_HOP attribute. You may be thinking "hey, how complicated can this attribute be?" It's not very complicated at all, but this being Cisco, there's got to be at least one unusual detail about it, right?
The NEXT_HOP attribute is simple enough - this attribute indicates the next-hop IP address that should be taken to reach a destination. In the following example, R1 is a hub router and R2 and R3 are spokes. All three routers are in BGP AS 100, with R1 having a peer relationship with both R2 and R3. There is no BGP peering between R2 and R3.
R3 is advertising the network 33.3.0.0 /24 via BGP, and the value of the next-hop attribute on R1 is the IP address on R3 that is used in the peer relationship, 172.12.123.3.
The issue with the next-hop attribute comes in when the route is advertised to BGP peers. If R3 were in a separate AS from R1 and R2, R1 would then advertise the route to R2 with the next-hop attribute set to 172.12.123.3. When a BGP speaker advertises a route to iBGP peers that was originally learned from an eBGP peer, the next-hop value is retained.
Here, all three routers are in AS 100. What will the next-hop attribute be set to when R1 advertises the route to its iBGP neighbor R2?
R2#show ip bgp
< no output >
There will be no next-hop attribute for the route on R2, because the route will not appear on R2. By default, a BGP speaker will not advertise a route to iBGP neighbors if the route was first learned from another iBGP neighbor.
Luckily for us, there are several ways around this rule. The most common is the use of route reflectors, and we'll look at RRs in a future free BGP tutorial.
Cisco CCNP / BSCI Tutorial: Route Summarization With RIP And EIGRP
To pass your BSCI exam and earn your CCNP certification, you've got to master route summarization. When you get to the BSCI level, actually breaking the routes down into binary strings and performing summarization is second nature to you. (If it isn't, get some more practice!) What makes CCNP / BSCI route summarization more difficult is just keeping the different protocol summarization commands straight!
RIP and EIGRP both perform route summarization at the interface level with the ip summary-address command. In the following example, R2 is running RIP and was sending four routes to R3, R3's table looked like this before summarization:
R3#show ip route rip
172.16.0.0/24 is subnetted, 4 subnets
R 172.16.8.0 [120/1] via 172.23.23.2, 00:00:02, Ethernet0
R 172.16.9.0 [120/1] via 172.23.23.2, 00:00:02, Ethernet0
R 172.16.10.0 [120/1] via 172.23.23.2, 00:00:02, Ethernet0
R 172.16.11.0 [120/1] via 172.23.23.2, 00:00:02, Ethernet0
By summarizing the routes and using the ip summary-address command, RIP advertises only the summary route to the downstream neighbor.
R2(config)#int ethernet0
R2(config-if)#ip summary-address rip 172.16.8.0 255.255.252.0
R3#clear ip route *
R3#show ip route rip
172.16.0.0/22 is subnetted, 1 subnets
R 172.16.8.0 [120/1] via 172.23.23.2, 00:01:24, Ethernet0
EIGRP works much the same way, except that the EIGRP AS number must be named in the ip summary-address command.
In the following example, R2 was advertising four separate routes to R3 via EIGRP 100: 100.0.0.0, 101.0.0.0, 102.0.0.0, and 103.0.0.0, all with an eight-bit mask. What summary route can be used here?
The summary is 100.0.0.0 252.0.0.0. To send that route to downstream routers, configure the following on R2:
R2(config)#interface ethernet0
R2(config-if)#ip summary-address eigrp 100 100.0.0.0 252.0.0.0
R3 will then have only one route in its EIGRP table - the summary route.
R3#show ip route eigrp
D 100.0.0.0/6 [90/2297856] via 172.23.23.2, 00:02:33, Ethernet0
By mastering basic binary skills and keeping in mind that RIP and EIGRP perform route summarization at the interface level, you're one step closer to passing your BSCI exam and earning your CCNP certification!
In the next part of this tutorial, we'll take a detailed look at the different methods OSPF uses for route summarization.
RIP and EIGRP both perform route summarization at the interface level with the ip summary-address command. In the following example, R2 is running RIP and was sending four routes to R3, R3's table looked like this before summarization:
R3#show ip route rip
172.16.0.0/24 is subnetted, 4 subnets
R 172.16.8.0 [120/1] via 172.23.23.2, 00:00:02, Ethernet0
R 172.16.9.0 [120/1] via 172.23.23.2, 00:00:02, Ethernet0
R 172.16.10.0 [120/1] via 172.23.23.2, 00:00:02, Ethernet0
R 172.16.11.0 [120/1] via 172.23.23.2, 00:00:02, Ethernet0
By summarizing the routes and using the ip summary-address command, RIP advertises only the summary route to the downstream neighbor.
R2(config)#int ethernet0
R2(config-if)#ip summary-address rip 172.16.8.0 255.255.252.0
R3#clear ip route *
R3#show ip route rip
172.16.0.0/22 is subnetted, 1 subnets
R 172.16.8.0 [120/1] via 172.23.23.2, 00:01:24, Ethernet0
EIGRP works much the same way, except that the EIGRP AS number must be named in the ip summary-address command.
In the following example, R2 was advertising four separate routes to R3 via EIGRP 100: 100.0.0.0, 101.0.0.0, 102.0.0.0, and 103.0.0.0, all with an eight-bit mask. What summary route can be used here?
The summary is 100.0.0.0 252.0.0.0. To send that route to downstream routers, configure the following on R2:
R2(config)#interface ethernet0
R2(config-if)#ip summary-address eigrp 100 100.0.0.0 252.0.0.0
R3 will then have only one route in its EIGRP table - the summary route.
R3#show ip route eigrp
D 100.0.0.0/6 [90/2297856] via 172.23.23.2, 00:02:33, Ethernet0
By mastering basic binary skills and keeping in mind that RIP and EIGRP perform route summarization at the interface level, you're one step closer to passing your BSCI exam and earning your CCNP certification!
In the next part of this tutorial, we'll take a detailed look at the different methods OSPF uses for route summarization.
Cisco CCNP / BSCI Tutorial: Comparing OSPF and ISIS Hellos
While studying to pass the BSCI exam and preparing to earn your CCNP certification, you'll quickly notice that while OSPF and ISIS are both link-state protocols, there are a lot of differences between the two. One major difference is the way the two protocols handle hello packets.
Hello packets are imperative to keeping OSPF and ISIS adjacencies alive. Since they are both link-state protocols, neither of them will send updates at any specified time. Hello packets are the only method by which routers running OSPF and ISIS can see that a neighboring router is still available.
OSPF gives us some great options when it comes to keeping routing table size down via the use of stub and total stub areas, but to OSPF, a hello packet is a hello packet. ISIS routers are capable of sending two different types of hellos - Level 1 and Level 2.
ISIS routers are classified as Level 1 (L1), Level 2 (L2), and Level 1-2 (L1-L2). By default, Cisco routers are L1-L2 routers; this means that every ISIS-enabled interface will send out both L1 and L2 hellos.
If one of the interfaces is forming only an L1 or L2 adjacency, there's no reason to send out hellos for the other adjacency type. For example, if R1 is forming an L1 adjacency with R2 via its ethernet0 interface, there is no reason to allow the router to transmit L2 hellos. To hardcode a router interface to send only L1 or L2 hellos, use the isis circuit-type command.
R1(config)#interface ethernet0
R1(config-if)#isis circuit-type level-1
Note: To configure this interface to send only L2 hellos, the full command is "isis circuit-type level-2-only", not just "level-2".
This configuration would prevent L2 hellos from being transmitted out ethernet0. While this does save router resources and prevents unnecessary bandwidth usage, there is also no way an L2 adjacency can be formed - so double-check your network topology before using this command!
Hello packets are imperative to keeping OSPF and ISIS adjacencies alive. Since they are both link-state protocols, neither of them will send updates at any specified time. Hello packets are the only method by which routers running OSPF and ISIS can see that a neighboring router is still available.
OSPF gives us some great options when it comes to keeping routing table size down via the use of stub and total stub areas, but to OSPF, a hello packet is a hello packet. ISIS routers are capable of sending two different types of hellos - Level 1 and Level 2.
ISIS routers are classified as Level 1 (L1), Level 2 (L2), and Level 1-2 (L1-L2). By default, Cisco routers are L1-L2 routers; this means that every ISIS-enabled interface will send out both L1 and L2 hellos.
If one of the interfaces is forming only an L1 or L2 adjacency, there's no reason to send out hellos for the other adjacency type. For example, if R1 is forming an L1 adjacency with R2 via its ethernet0 interface, there is no reason to allow the router to transmit L2 hellos. To hardcode a router interface to send only L1 or L2 hellos, use the isis circuit-type command.
R1(config)#interface ethernet0
R1(config-if)#isis circuit-type level-1
Note: To configure this interface to send only L2 hellos, the full command is "isis circuit-type level-2-only", not just "level-2".
This configuration would prevent L2 hellos from being transmitted out ethernet0. While this does save router resources and prevents unnecessary bandwidth usage, there is also no way an L2 adjacency can be formed - so double-check your network topology before using this command!
Cisco CCNP / BSCI Exam Tutorial: Route Summarization
Preparing to pass the BSCI exam and earn your Cisco CCNP? Route summarization is just one of the many skills you'll have to master in order to earn your CCNP. Whether it's RIP version 2, OSPF, or EIGRP, the BSCI exam will demand that you can flawlessly configure route summarization.
Route summarization isn't just important for the BSCI exam. It's a valuable skill to have in the real world as well. Correctly summarizing routes can lead to smaller routing tables that are still able to route packets accurately - what I like to call "concise and complete" routing tables.
The first skill you've got to have in order to work with route summarization is binary math more specifically, you must be able to take multiple routes and come up with both a summary route and mask to advertise to downstream routers. Given the networks 100.16.0.0 /16, 100.17.0.0 /16, 100.18.0.0 /16, and 100.19.0.0 /16, could you quickly come up with both the summary address and mask? All you need to do is break the four network numbers down into binary strings. We know the last two octets will all convert to the binary string 00000000, so in this article we'll only illustrate how to convert the first and second octet from decimal to binary.
100 16 = 01100100 00010000
100 17 = 01100100 00010001
100 18 = 01100100 00010010
100 19 = 01100100 00010011
To come up with the summary route, just work from left to right and draw a line where the four networks no longer have a bit in common. For these four networks, that point comes between the 14th and 15th bits. This leaves us with this string: 01100100 000100xx. All you need to do is convert that string back to decimal, which gives us 100 for the first octet and 16 for the second. (The two x values are bits on the right side of the line, which aren't used in calculating the summary route.) Since we know that zero is the value for the last two octets, the resulting summary network number is 100.16.0.0.
But we're not done! We now have to come up with the summary mask to advertise along with the summary route. To arrive at the summary route, write out a mask in binary with a "1" for every bit to the left of the line we drew previously, and a "0" for every bit to the right. That gives us the following string:
11111111 11111100 00000000 00000000
Converting that to dotted decimal, we arrive at the summary mask 255.252.0.0. The correct summary network and mask to advertise are 100.16.0.0 252.0.0.0.
For the BSCI exam, emphasis is put on knowing how to advertise these summary routes in RIPv2, EIGRP, and OSPF. For RIP v2 and EIGRP, route summarization happens at the interface level - it's not configured under the protocol. On the interface that should advertise the summary route, use the command "ip summary-address". Here are examples of how the above summary route would be configured on ethernet0 in both RIPv2 and EIGRP.
R1(config-if)#ip summary-address rip 100.16.0.0 255.252.0.0
R1(config-if)#ip summary-address eigrp 100 100.16.0.0 255.252.0.0
The main difference between the two is that the EIGRP command must specify the AS number - that's what the "100" is in the middle of the EIGRP command. Since RIPv2 does not use AS numbers, there's no additional value needed in the configuration.
For OSPF, the commands differ. If you're configuring inter-area route summarization, use the "area range" command. The number following "area" is the area containing the routes being summarized, not the area receiving the summary.
R1(config)#router ospf 1
R1(config-router)#area 1 range 100.16.0.0 255.252.0.0
If you are summarizing routes that are being redistributed into OSPF, use the summary-address command under the OSPF routing process on the ASBR.
R1(config)#router ospf 1
R1(config-router)#summary-address 100.16.0.0 255.252.0.0
I speak from experience when I tell you that practice makes perfect on the BSCI exam, especially with binary and summarization questions. The great thing about these questions is that there are no grey areas with these questions - you either know how to do it or you don't. And with practice and an eye for detail, you can master these skills, pass the exam, and become a CCNP. Here's to your success on these tough Cisco certification exams!
Route summarization isn't just important for the BSCI exam. It's a valuable skill to have in the real world as well. Correctly summarizing routes can lead to smaller routing tables that are still able to route packets accurately - what I like to call "concise and complete" routing tables.
The first skill you've got to have in order to work with route summarization is binary math more specifically, you must be able to take multiple routes and come up with both a summary route and mask to advertise to downstream routers. Given the networks 100.16.0.0 /16, 100.17.0.0 /16, 100.18.0.0 /16, and 100.19.0.0 /16, could you quickly come up with both the summary address and mask? All you need to do is break the four network numbers down into binary strings. We know the last two octets will all convert to the binary string 00000000, so in this article we'll only illustrate how to convert the first and second octet from decimal to binary.
100 16 = 01100100 00010000
100 17 = 01100100 00010001
100 18 = 01100100 00010010
100 19 = 01100100 00010011
To come up with the summary route, just work from left to right and draw a line where the four networks no longer have a bit in common. For these four networks, that point comes between the 14th and 15th bits. This leaves us with this string: 01100100 000100xx. All you need to do is convert that string back to decimal, which gives us 100 for the first octet and 16 for the second. (The two x values are bits on the right side of the line, which aren't used in calculating the summary route.) Since we know that zero is the value for the last two octets, the resulting summary network number is 100.16.0.0.
But we're not done! We now have to come up with the summary mask to advertise along with the summary route. To arrive at the summary route, write out a mask in binary with a "1" for every bit to the left of the line we drew previously, and a "0" for every bit to the right. That gives us the following string:
11111111 11111100 00000000 00000000
Converting that to dotted decimal, we arrive at the summary mask 255.252.0.0. The correct summary network and mask to advertise are 100.16.0.0 252.0.0.0.
For the BSCI exam, emphasis is put on knowing how to advertise these summary routes in RIPv2, EIGRP, and OSPF. For RIP v2 and EIGRP, route summarization happens at the interface level - it's not configured under the protocol. On the interface that should advertise the summary route, use the command "ip summary-address". Here are examples of how the above summary route would be configured on ethernet0 in both RIPv2 and EIGRP.
R1(config-if)#ip summary-address rip 100.16.0.0 255.252.0.0
R1(config-if)#ip summary-address eigrp 100 100.16.0.0 255.252.0.0
The main difference between the two is that the EIGRP command must specify the AS number - that's what the "100" is in the middle of the EIGRP command. Since RIPv2 does not use AS numbers, there's no additional value needed in the configuration.
For OSPF, the commands differ. If you're configuring inter-area route summarization, use the "area range" command. The number following "area" is the area containing the routes being summarized, not the area receiving the summary.
R1(config)#router ospf 1
R1(config-router)#area 1 range 100.16.0.0 255.252.0.0
If you are summarizing routes that are being redistributed into OSPF, use the summary-address command under the OSPF routing process on the ASBR.
R1(config)#router ospf 1
R1(config-router)#summary-address 100.16.0.0 255.252.0.0
I speak from experience when I tell you that practice makes perfect on the BSCI exam, especially with binary and summarization questions. The great thing about these questions is that there are no grey areas with these questions - you either know how to do it or you don't. And with practice and an eye for detail, you can master these skills, pass the exam, and become a CCNP. Here's to your success on these tough Cisco certification exams!
Cisco CCNP / BSCI Exam Tutorial: OSPF Router Types
When you're preparing to pass the BSCI exam on the way to the coveted Cisco CCNP certification, you can be quickly overwhelmed by the sheer amount of BGP and OSPF knowledge you must demonstrate a mastery of. One set of details that some BSCI and CCNP candidates underestimate are the differences between the OSPF router types.
An OSPF Internal router has one rule - it must have all its interfaces in a single area. It does not mean that area has to be Area 0.
An OSPF Backbone router is a router with at least a single area in the OSPF backbone area, Area 0. A router can be both an Internal and Backbone router if all its interfaces are in Area 0.
An Area Border Router has at least one interface in Area 0 and another interface in a non-backbone area. ABRs are also one of two router types that can perform OSPF route summarization. (To advertise a summary route from one OSPF area to another, use the area range command on the ABR.)
Finally, an ASBR is an OSPF router that is performing route redistribution by injecting routes from another source into the OSPF domain. This is the other OSPF router type that can perform route summarization; to summarize routes being redistributed into OSPF, use the summary-address command on the ASBR.
There are several commands you can use to determine the router types in a given OSPF area. The command "show ip ospf" will display quite a bit of information regarding the local router, and this includes whether that router is acting as an ABR or ASBR. To see the routes to the ABRs and ASBRs from the local router, run "show ip ospf border-routers".
An OSPF Internal router has one rule - it must have all its interfaces in a single area. It does not mean that area has to be Area 0.
An OSPF Backbone router is a router with at least a single area in the OSPF backbone area, Area 0. A router can be both an Internal and Backbone router if all its interfaces are in Area 0.
An Area Border Router has at least one interface in Area 0 and another interface in a non-backbone area. ABRs are also one of two router types that can perform OSPF route summarization. (To advertise a summary route from one OSPF area to another, use the area range command on the ABR.)
Finally, an ASBR is an OSPF router that is performing route redistribution by injecting routes from another source into the OSPF domain. This is the other OSPF router type that can perform route summarization; to summarize routes being redistributed into OSPF, use the summary-address command on the ASBR.
There are several commands you can use to determine the router types in a given OSPF area. The command "show ip ospf" will display quite a bit of information regarding the local router, and this includes whether that router is acting as an ABR or ASBR. To see the routes to the ABRs and ASBRs from the local router, run "show ip ospf border-routers".
Cisco CCNP / BSCI Exam Tutorial: Configuring And Troubleshooting OSPF Virtual Links
Knowing when and how to create an OSPF virtual link is an essential skill for BSCI and CCNP exam success, not to mention how important it can be on your job! As a CCNA and CCNP candidate, you know the theory of virtual links, so let's take a look at how to configure a virtual link, as well as some real-world tips that many CCNA and CCNP study guides leave out!
In this configuration, no router with an interface in Area 4 has a physical interface in Area 0. This means a logical connection to Area 0, a virtual link, must be built.
In the following example, R1 and R3 are adjacent and both have interfaces in Area 0. R4 has an adjacency with R3 via Area 34, but R4 has no physical interface in Area 0 and is advertising its loopback 4.4.4.4 into OSPF. R1 doesn't have the route to that loopback.
R1#show ip route ospf
6.0.0.0/32 is subnetted, 1 subnets
O 6.6.6.6 [110/11] via 10.1.1.5, 01:05:45, Ethernet0
172.23.0.0/27 is subnetted, 1 subnets
O IA 172.23.23.0 [110/74] via 172.12.123.3, 00:04:14, Serial0
7.0.0.0/32 is subnetted, 1 subnets
O 7.7.7.7 [110/11] via 10.1.1.5, 01:05:45, Ethernet0
To resolve this, a virtual link will be built between R3 and R4 through Area 34. The area through which the virtual link is built, the transit area, cannot be a stub area of any kind.
R4(config)#router ospf 1
R4(config-router)#area 34 virtual-link 3.3.3.3
R3(config)#router ospf 1
2d07h: %OSPF-4-ERRRCV: Received invalid packet: mismatch area ID, from backbone area must be virtual-link but not found from 172.23.23.4, Ethernet0
R3(config)#router ospf 1
R3(config-router)#area 34 virtual-link 4.4.4.4
R3(config-router)#^Z
2d07h: %OSPF-5-ADJCHG: Process 1, Nbr 4.4.4.4 on OSPF_VL0 from LOADING to FULL, Loading Done
A few details worth noting... the virtual link command uses the remote device's RID, not necessarily the IP address on the interface that's in the transit area. Also, don't worry about that error message you see in the output from R3 that is normal and you'll see it until you finish building the virtual link.
Always confirm the virtual link with show ip ospf virtual-link. If you've configured it correctly, the VL should come up in a matter of seconds.
R3#show ip ospf virtual-link
Virtual Link OSPF_VL0 to router 4.4.4.4 is up
Run as demand circuit
DoNotAge LSA allowed.
Transit area 34, via interface Ethernet0, Cost of using 10
Transmit Delay is 1 sec, State POINT_TO_POINT,
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:00
Adjacency State FULL (Hello suppressed)
Index 2/4, retransmission queue length 1, number of retransmission 1
First 0x2C8F8E(15)/0x0(0) Next 0x2C8F8E(15)/0x0(0)
Last retransmission scan length is 1, maximum is 1
Last retransmission scan time is 0 msec, maximum is 0 msec
Link State retransmission due in 3044 msec
Virtual links are actually simple to configure, but for some reason they seem to intimidate people. It's my experience that the error message highlighted in R3's output above causes a lot of panic, but the only thing that message means is that you're not finished configuring the virtual link yet.
There are three main misconfigurations that cause 99% of virtual link configuration issues:
Using the wrong OSPF RID value
Trying to use a stub area as the transit area
Failure to configure link authentication on the virtual link when Area 0 is running authentication
That last one is the one that gets forgotten! A virtual link is really an extension of Area 0, and if Area 0 is running link authentication, the virtual link must be configured for it as well. Pay attention to the details. don't panic when you see the error message on the second router you configure with the virtual link, and you'll be ready for any virtual link situation on the job or in the CCNA / CCNP exam room!
In this configuration, no router with an interface in Area 4 has a physical interface in Area 0. This means a logical connection to Area 0, a virtual link, must be built.
In the following example, R1 and R3 are adjacent and both have interfaces in Area 0. R4 has an adjacency with R3 via Area 34, but R4 has no physical interface in Area 0 and is advertising its loopback 4.4.4.4 into OSPF. R1 doesn't have the route to that loopback.
R1#show ip route ospf
6.0.0.0/32 is subnetted, 1 subnets
O 6.6.6.6 [110/11] via 10.1.1.5, 01:05:45, Ethernet0
172.23.0.0/27 is subnetted, 1 subnets
O IA 172.23.23.0 [110/74] via 172.12.123.3, 00:04:14, Serial0
7.0.0.0/32 is subnetted, 1 subnets
O 7.7.7.7 [110/11] via 10.1.1.5, 01:05:45, Ethernet0
To resolve this, a virtual link will be built between R3 and R4 through Area 34. The area through which the virtual link is built, the transit area, cannot be a stub area of any kind.
R4(config)#router ospf 1
R4(config-router)#area 34 virtual-link 3.3.3.3
R3(config)#router ospf 1
2d07h: %OSPF-4-ERRRCV: Received invalid packet: mismatch area ID, from backbone area must be virtual-link but not found from 172.23.23.4, Ethernet0
R3(config)#router ospf 1
R3(config-router)#area 34 virtual-link 4.4.4.4
R3(config-router)#^Z
2d07h: %OSPF-5-ADJCHG: Process 1, Nbr 4.4.4.4 on OSPF_VL0 from LOADING to FULL, Loading Done
A few details worth noting... the virtual link command uses the remote device's RID, not necessarily the IP address on the interface that's in the transit area. Also, don't worry about that error message you see in the output from R3 that is normal and you'll see it until you finish building the virtual link.
Always confirm the virtual link with show ip ospf virtual-link. If you've configured it correctly, the VL should come up in a matter of seconds.
R3#show ip ospf virtual-link
Virtual Link OSPF_VL0 to router 4.4.4.4 is up
Run as demand circuit
DoNotAge LSA allowed.
Transit area 34, via interface Ethernet0, Cost of using 10
Transmit Delay is 1 sec, State POINT_TO_POINT,
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:00
Adjacency State FULL (Hello suppressed)
Index 2/4, retransmission queue length 1, number of retransmission 1
First 0x2C8F8E(15)/0x0(0) Next 0x2C8F8E(15)/0x0(0)
Last retransmission scan length is 1, maximum is 1
Last retransmission scan time is 0 msec, maximum is 0 msec
Link State retransmission due in 3044 msec
Virtual links are actually simple to configure, but for some reason they seem to intimidate people. It's my experience that the error message highlighted in R3's output above causes a lot of panic, but the only thing that message means is that you're not finished configuring the virtual link yet.
There are three main misconfigurations that cause 99% of virtual link configuration issues:
Using the wrong OSPF RID value
Trying to use a stub area as the transit area
Failure to configure link authentication on the virtual link when Area 0 is running authentication
That last one is the one that gets forgotten! A virtual link is really an extension of Area 0, and if Area 0 is running link authentication, the virtual link must be configured for it as well. Pay attention to the details. don't panic when you see the error message on the second router you configure with the virtual link, and you'll be ready for any virtual link situation on the job or in the CCNA / CCNP exam room!
Cisco CCNP / BSCI Exam Tutorial: Using The OSPF Command “Area Range”
Your BSCI and CCNP exam success depends on knowing the details, and one such detail is knowing the proper way to summarize routes in OSPF. Route summarization is not just a test of your binary conversion abilities, but knowing where and when to summarize routes. It will not surprise any CCNA or CCNP certification candidate that OSPF gives us the most options for route summarization, and therefore more details to know!
OSPF offers us two options for route summarization configurations. In a previous tutorial, we looked at the "summary-address" command, and today we'll look at the proper use of the "area range" command.
The "area range" command should be used on an Area Border Router (ABR) to summarize routes being advertised from one OSPF area to another. In this tutorial, R1 is acting as an ABR, with interfaces in both Area 0 and Area 1. Four loopbacks have been placed into R1's Area 1.
R1(config)#router ospf 1
R1(config-router)#network 12.0.0.0 0.255.255.255 a 1
R1(config-router)#network 13.0.0.0 0.255.255.255 a 1
R1(config-router)#network 14.0.0.0 0.255.255.255 a 1
R1(config-router)#network 15.0.0.0 0.255.255.255 a 1
The routing table of an OSPF neighbor, R2, shows all four routes.
R2#show ip route ospf
12.0.0.0/32 is subnetted, 1 subnets
O IA 12.12.12.12 [110/65] via 172.12.123.1, 00:18:52, Serial0
13.0.0.0/32 is subnetted, 1 subnets
O IA 13.13.13.13 [110/65] via 172.12.123.1, 00:18:42, Serial0
14.0.0.0/32 is subnetted, 1 subnets
O IA 14.14.14.14 [110/65] via 172.12.123.1, 00:18:32, Serial0
15.0.0.0/32 is subnetted, 1 subnets
O IA 15.15.15.15 [110/65] via 172.12.123.1, 00:18:32, Serial0
To keep the routing tables of downstream routers smaller but still have the desired IP connectivity, we can use the area range command on R1 to summarize these four routes. The key to keep in mind with the area range command is that the area number given in the command is the area containing the destinations, NOT the area that will receive the summary route.
R1(config)#router ospf 1
R1(config-router)#area 1 range 12.0.0.0 252.0.0.0
R2 now shows a single summary route that can be used to reach all four remote networks.
R2#show ip route ospf
O IA 12.0.0.0/6 [110/65] via 172.12.123.1, 00:00:21, Serial0
Interestingly enough, there's now an additional route in R1's routing table.
R1#show ip route ospf
O 12.0.0.0/6 is a summary, 00:07:53, Null0
When you configure summary routes in OSPF, a route to null0 will be installed into the OSPF routing table of the router performing the summarization. This helps to prevent routing loops. Any packets destined for the routes that have been summarized will have a longer match in the routing table, and packets that do not match one of the summarized routes but do match the summary route will be dropped.
OSPF offers us two options for route summarization configurations. In a previous tutorial, we looked at the "summary-address" command, and today we'll look at the proper use of the "area range" command.
The "area range" command should be used on an Area Border Router (ABR) to summarize routes being advertised from one OSPF area to another. In this tutorial, R1 is acting as an ABR, with interfaces in both Area 0 and Area 1. Four loopbacks have been placed into R1's Area 1.
R1(config)#router ospf 1
R1(config-router)#network 12.0.0.0 0.255.255.255 a 1
R1(config-router)#network 13.0.0.0 0.255.255.255 a 1
R1(config-router)#network 14.0.0.0 0.255.255.255 a 1
R1(config-router)#network 15.0.0.0 0.255.255.255 a 1
The routing table of an OSPF neighbor, R2, shows all four routes.
R2#show ip route ospf
12.0.0.0/32 is subnetted, 1 subnets
O IA 12.12.12.12 [110/65] via 172.12.123.1, 00:18:52, Serial0
13.0.0.0/32 is subnetted, 1 subnets
O IA 13.13.13.13 [110/65] via 172.12.123.1, 00:18:42, Serial0
14.0.0.0/32 is subnetted, 1 subnets
O IA 14.14.14.14 [110/65] via 172.12.123.1, 00:18:32, Serial0
15.0.0.0/32 is subnetted, 1 subnets
O IA 15.15.15.15 [110/65] via 172.12.123.1, 00:18:32, Serial0
To keep the routing tables of downstream routers smaller but still have the desired IP connectivity, we can use the area range command on R1 to summarize these four routes. The key to keep in mind with the area range command is that the area number given in the command is the area containing the destinations, NOT the area that will receive the summary route.
R1(config)#router ospf 1
R1(config-router)#area 1 range 12.0.0.0 252.0.0.0
R2 now shows a single summary route that can be used to reach all four remote networks.
R2#show ip route ospf
O IA 12.0.0.0/6 [110/65] via 172.12.123.1, 00:00:21, Serial0
Interestingly enough, there's now an additional route in R1's routing table.
R1#show ip route ospf
O 12.0.0.0/6 is a summary, 00:07:53, Null0
When you configure summary routes in OSPF, a route to null0 will be installed into the OSPF routing table of the router performing the summarization. This helps to prevent routing loops. Any packets destined for the routes that have been summarized will have a longer match in the routing table, and packets that do not match one of the summarized routes but do match the summary route will be dropped.
Cisco CCNP / BSCI Exam Tutorial: Using OSPF's "Summary-Address" Command
BSCI exam success, not to mention earning your CCNP, can come down to your OSPF route summarization skills. There are a few different commands and situations you need to be ready for, and one of these situations is the proper use of the "summary-address" command.
The summary-address command should be used on an ASBR in order to summarize routes that are being injected into the OSPF domain via redistribution. In the following example, four routes are being redisitributed into OSPF on R1, making R1 an ASBR.
interface Loopback16
ip address 16.16.16.16 255.0.0.0
!
interface Loopback17
ip address 17.17.17.17 255.0.0.0
!
interface Loopback18
ip address 18.18.18.18 255.0.0.0
!
interface Loopback19
ip address 19.19.19.19 255.0.0.0
R1(config)#router ospf 1
R1(config-router)#redistribute connected subnets
These four routes are seen on downstream router R2 as External Type-2, the default for routes redistributed into OSPF.
R2#show ip route ospf
O E2 17.0.0.0/8 [110/20] via 172.12.123.1, 00:00:07, Serial0
O E2 16.0.0.0/8 [110/20] via 172.12.123.1, 00:00:07, Serial0
O E2 19.0.0.0/8 [110/20] via 172.12.123.1, 00:00:07, Serial0
O E2 18.0.0.0/8 [110/20] via 172.12.123.1, 00:00:07, Serial0
To summarize networks learned by redistribution, use the OSPF command summary-address. You can probably do this summarization in your head, but do so before continuing with the lab.
R1(config)#router ospf 1
R1(config-router)#summary-address 16.0.0.0 252.0.0.0
Look at the change in R2's OSPF table.
R2#show ip route ospf
O E2 16.0.0.0/6 [110/20] via 172.12.123.1, 00:00:05, Serial0
The external routes have been successfully summarized. Note that the summary route is still marked as an E2 route.
There's an interesting route installed into R1's OSPF table as well.
R1#show ip route ospf
O 16.0.0.0/6 is a summary, 00:01:51, Null0
When you configure summary routes in OSPF, a route to null0 will be installed into the OSPF routing table. This helps to prevent routing loops. Any packets destined for the routes that have been summarized will have a longer match in the routing table....
C 17.0.0.0/8 is directly connected, Loopback17
C 16.0.0.0/8 is directly connected, Loopback16
C 19.0.0.0/8 is directly connected, Loopback19
C 18.0.0.0/8 is directly connected, Loopback18
O 16.0.0.0/6 is a summary, 00:03:10, Null0
O 12.0.0.0/6 is a summary, 00:07:53, Null0
.. and packets that do not match one of the summarized routes but do match the summary route will be dropped.
The summary-address command should be used on an ASBR in order to summarize routes that are being injected into the OSPF domain via redistribution. In the following example, four routes are being redisitributed into OSPF on R1, making R1 an ASBR.
interface Loopback16
ip address 16.16.16.16 255.0.0.0
!
interface Loopback17
ip address 17.17.17.17 255.0.0.0
!
interface Loopback18
ip address 18.18.18.18 255.0.0.0
!
interface Loopback19
ip address 19.19.19.19 255.0.0.0
R1(config)#router ospf 1
R1(config-router)#redistribute connected subnets
These four routes are seen on downstream router R2 as External Type-2, the default for routes redistributed into OSPF.
R2#show ip route ospf
O E2 17.0.0.0/8 [110/20] via 172.12.123.1, 00:00:07, Serial0
O E2 16.0.0.0/8 [110/20] via 172.12.123.1, 00:00:07, Serial0
O E2 19.0.0.0/8 [110/20] via 172.12.123.1, 00:00:07, Serial0
O E2 18.0.0.0/8 [110/20] via 172.12.123.1, 00:00:07, Serial0
To summarize networks learned by redistribution, use the OSPF command summary-address. You can probably do this summarization in your head, but do so before continuing with the lab.
R1(config)#router ospf 1
R1(config-router)#summary-address 16.0.0.0 252.0.0.0
Look at the change in R2's OSPF table.
R2#show ip route ospf
O E2 16.0.0.0/6 [110/20] via 172.12.123.1, 00:00:05, Serial0
The external routes have been successfully summarized. Note that the summary route is still marked as an E2 route.
There's an interesting route installed into R1's OSPF table as well.
R1#show ip route ospf
O 16.0.0.0/6 is a summary, 00:01:51, Null0
When you configure summary routes in OSPF, a route to null0 will be installed into the OSPF routing table. This helps to prevent routing loops. Any packets destined for the routes that have been summarized will have a longer match in the routing table....
C 17.0.0.0/8 is directly connected, Loopback17
C 16.0.0.0/8 is directly connected, Loopback16
C 19.0.0.0/8 is directly connected, Loopback19
C 18.0.0.0/8 is directly connected, Loopback18
O 16.0.0.0/6 is a summary, 00:03:10, Null0
O 12.0.0.0/6 is a summary, 00:07:53, Null0
.. and packets that do not match one of the summarized routes but do match the summary route will be dropped.
Cisco CCNP / BSCI Exam Tutorial: Using Distribute Lists
To be successful on the BSCI exam and in earning your CCNP, you've got to master route redistribution. This isn't as easy as it sounds, because configuring route redistribution is only half the battle. Whether it's on an exam or in a real-world production network, you've got to identify possible points of trouble before you configure route redistribution - and you need to be able to control redistribution as well. You may have an OSPF domain with 100 routes, but only need to redistribute 10 of them into a neighboring RIPv2 domain. You've got to know how to do that, and one method is the use of a distribute-list.
A distribute-list is an access-list that is used to determine what routes can and cannot be redistributed. Distribute-lists let you specify what routes will be filtered from the process. You can use standard or extended ACLs, and you can filter routes that are coming into a routing process or being injected into another process.
In the following example, R1 is redistributing RIP routes into OSPF, but only wants to advertise network 150.1.1.0 /24 to other OSPF routers. An ACL will be written to match that particular network, and then the distribute-list will be written under the routing process. I'm going to show you the IOS Help output for the distribute-list command, and please note that routing updates can be controlled at the interface level or protocol level.
R1(config)#access-list 24 permit 150.1.1.0 0.0.0.255
R1(config)#router ospf 1
R1(config-router)#redistribute rip subnets
R1(config-router)#distribute-list 24 ?
in Filter incoming routing updates
out Filter outgoing routing updates
R1(config-router)#distribute-list 11 out ?
Async Async interface
BRI ISDN Basic Rate Interface
BVI Bridge-Group Virtual Interface
CTunnel CTunnel interface
Dialer Dialer interface
Ethernet IEEE 802.3
Lex Lex interface
Loopback Loopback interface
Multilink Multilink-group interface
Null Null interface
Serial Serial
Tunnel Tunnel interface
Vif PGM Multicast Host interface
Virtual-Template Virtual Template interface
Virtual-TokenRing Virtual TokenRing
bgp Border Gateway Protocol (BGP)
connected Connected
egp Exterior Gateway Protocol (EGP)
eigrp Enhanced Interior Gateway Routing Protocol (EIGRP)
igrp Interior Gateway Routing Protocol (IGRP)
ospf Open Shortest Path First (OSPF)
rip Routing Information Protocol (RIP)
static Static routes
R1(config-router)#distribute-list 11 out rip
Using distribute-lists does guard against routing loops, but they have other purposes. You may have a network segment that should be kept secret from the rest of your company; a distribute-list can filter that segment's network number from the redistribution process. In this way, distribute-lists serve as a basic form of network security. (Very basic. I wouldn't sell that firewall on ebay if I were you.)
Keeping such networks out of routing updates and routing tables throughout the network has the side effect of reducing routing update overhead as well.
A distribute-list is an access-list that is used to determine what routes can and cannot be redistributed. Distribute-lists let you specify what routes will be filtered from the process. You can use standard or extended ACLs, and you can filter routes that are coming into a routing process or being injected into another process.
In the following example, R1 is redistributing RIP routes into OSPF, but only wants to advertise network 150.1.1.0 /24 to other OSPF routers. An ACL will be written to match that particular network, and then the distribute-list will be written under the routing process. I'm going to show you the IOS Help output for the distribute-list command, and please note that routing updates can be controlled at the interface level or protocol level.
R1(config)#access-list 24 permit 150.1.1.0 0.0.0.255
R1(config)#router ospf 1
R1(config-router)#redistribute rip subnets
R1(config-router)#distribute-list 24 ?
in Filter incoming routing updates
out Filter outgoing routing updates
R1(config-router)#distribute-list 11 out ?
Async Async interface
BRI ISDN Basic Rate Interface
BVI Bridge-Group Virtual Interface
CTunnel CTunnel interface
Dialer Dialer interface
Ethernet IEEE 802.3
Lex Lex interface
Loopback Loopback interface
Multilink Multilink-group interface
Null Null interface
Serial Serial
Tunnel Tunnel interface
Vif PGM Multicast Host interface
Virtual-Template Virtual Template interface
Virtual-TokenRing Virtual TokenRing
bgp Border Gateway Protocol (BGP)
connected Connected
egp Exterior Gateway Protocol (EGP)
eigrp Enhanced Interior Gateway Routing Protocol (EIGRP)
igrp Interior Gateway Routing Protocol (IGRP)
ospf Open Shortest Path First (OSPF)
rip Routing Information Protocol (RIP)
static Static routes
R1(config-router)#distribute-list 11 out rip
Using distribute-lists does guard against routing loops, but they have other purposes. You may have a network segment that should be kept secret from the rest of your company; a distribute-list can filter that segment's network number from the redistribution process. In this way, distribute-lists serve as a basic form of network security. (Very basic. I wouldn't sell that firewall on ebay if I were you.)
Keeping such networks out of routing updates and routing tables throughout the network has the side effect of reducing routing update overhead as well.
Cisco CCNP / BSCI Exam Tutorial: The Passive Interface Command And OSPF
To pass the BSCI exam and become a CCNP, you have to be aware of the proper use of passive interfaces. You learned about passive interfaces in your CCNA studies, but here we’ll review the basic concept and clear up one misconception regarding passive interfaces and OSPF.
Configuring an interface as passive will still allow the interface to receive routing updates, but the interface will no longer transmit them. While the command itself would make you think this command will be applied at the interface level, that is not the case. Below, we’ll configure ethernet0 as a RIP passive interface.
R1(config)#router rip
R1(config-router)#passive-interface ethernet0
Ethernet0 will no longer send RIP routing updates, but will accept them.
The passive interface concept is clear enough with RIP, IGRP, and EIGRP – all protocols that send routing update packets. But OSPF doesn’t send routing update packets – OSPF sends link state advertisements. It’s the inability of the passive interface command to stop LSAs that lead many to think that passive interfaces cannot be used with OSPF.
Even though OSPF does not sent "routing updates" in the form that RIP, IGRP, and EIGRP do, you can still configure an OSPF-enabled interface as passive in order to prevent OSPF traffic from exiting or entering that interface. No OSPF adjacency can be formed if one of the interfaces involved is a passive interface, and if you configure an OSPF-enabled interface as passive where an adjacency already exists, the adjacency will drop almost immediately.
Let's see that in action. R1 and R2 have an existing OSPF adjacency over their Ethernet interfaces. In an effort to reduce routing traffic, R1's e0 interface is configured as passive. The adjacency drops right away.
R1(config)#router ospf 1
R1(config-router)#passive-interface ethernet0
18:31:11: %OSPF-5-ADJCHG: Process 1, Nbr 2.2.2.2 on Ethernet0 from FULL to DOWN, Neighbor Down: Interface down or detached
Knowing how to use the passive interface command is a vital part of being a CCNP, and of being a master networker. Good luck to you in both of these pursuits!
Configuring an interface as passive will still allow the interface to receive routing updates, but the interface will no longer transmit them. While the command itself would make you think this command will be applied at the interface level, that is not the case. Below, we’ll configure ethernet0 as a RIP passive interface.
R1(config)#router rip
R1(config-router)#passive-interface ethernet0
Ethernet0 will no longer send RIP routing updates, but will accept them.
The passive interface concept is clear enough with RIP, IGRP, and EIGRP – all protocols that send routing update packets. But OSPF doesn’t send routing update packets – OSPF sends link state advertisements. It’s the inability of the passive interface command to stop LSAs that lead many to think that passive interfaces cannot be used with OSPF.
Even though OSPF does not sent "routing updates" in the form that RIP, IGRP, and EIGRP do, you can still configure an OSPF-enabled interface as passive in order to prevent OSPF traffic from exiting or entering that interface. No OSPF adjacency can be formed if one of the interfaces involved is a passive interface, and if you configure an OSPF-enabled interface as passive where an adjacency already exists, the adjacency will drop almost immediately.
Let's see that in action. R1 and R2 have an existing OSPF adjacency over their Ethernet interfaces. In an effort to reduce routing traffic, R1's e0 interface is configured as passive. The adjacency drops right away.
R1(config)#router ospf 1
R1(config-router)#passive-interface ethernet0
18:31:11: %OSPF-5-ADJCHG: Process 1, Nbr 2.2.2.2 on Ethernet0 from FULL to DOWN, Neighbor Down: Interface down or detached
Knowing how to use the passive interface command is a vital part of being a CCNP, and of being a master networker. Good luck to you in both of these pursuits!
Cisco CCNP / BSCI Exam Tutorial: The BGP Attribute MED
Your BSCI exam and CCNP certification success depend on mastering BGP, and a big part of that is knowing how and when to use the many BGP attributes. And for those of you with an eye on the CCIE, believe me - you've got to know BGP attributes like the back of your hand. One such BGP attribute is the Multi-Exit Discriminator, or MED.
The MED attribute is sent from a router or routers in one AS to another AS to indicate what path the remote AS should use to send data to the local AS.
That sounds a little confusing on paper, so let's walk through an example. R1 is in AS 1, and R2, R3, and R4 are in AS 234. R4 is advertising a loopback into BGP, and R1 has two possible next-hops to get to that loopback - R2 (172.12.123.2) and R3 (172.12.123.3). Let's see which of the two paths R1 is using.
R1#show ip bgp 4.4.4.4
BGP routing table entry for 4.4.4.4/32, version 8
Paths: (2 available, best #2, table Default-IP-Routing-Table)
Flag: 0x208
Advertised to non peer-group peers:
172.12.123.3
234
172.12.123.3 from 172.12.123.3 (3.3.3.3)
Origin IGP, localpref 100, valid, external
234
172.12.123.2 from 172.12.123.2 (2.2.2.2)
Origin IGP, localpref 100, valid, external, best
R1 is using 172.12.123.2 as the next-hop to enter AS 234. If all values are left at their default, we could have 100 routes being advertised from AS 234 to AS 1 and the next-hop would remain the same.
We can configure R2 and R3 to send different MED values to R1, and the router sending the lowest MED would be the preferred next-hop. (The MED is a metric, and the lowest metric is always preferred.) We'll configure the MED attribute on both R2 and R3, sending a MED of 200 from R2 and 100 from R3.
R2(config)#route-map SET_MED_200 permit 10
R2(config-route-map)#set metric 200
R2(config-route-map)#router bgp 234
R2(config-router)#neighbor 172.12.123.1 route-map SET_MED_200 out
R3(config)#route-map SET_MED_100 permit 10
R3(config-route-map)#set metric 100
R3(config-route-map)#router bgp 234
R3(config-router)#neighbor 172.12.123.1 route-map SET_MED_100 out
After clearing the BGP table on R1, R1 will still see both next-hop addresses and will still consider both to be valid, but the path through R3 will be selected due to its lower metric.
Just keep in mind that the MED is actually a metric, and lower metrics are more desirable in path selection. That will put you one step closer to passing the BSCI and earning your CCNP Certification!
The MED attribute is sent from a router or routers in one AS to another AS to indicate what path the remote AS should use to send data to the local AS.
That sounds a little confusing on paper, so let's walk through an example. R1 is in AS 1, and R2, R3, and R4 are in AS 234. R4 is advertising a loopback into BGP, and R1 has two possible next-hops to get to that loopback - R2 (172.12.123.2) and R3 (172.12.123.3). Let's see which of the two paths R1 is using.
R1#show ip bgp 4.4.4.4
BGP routing table entry for 4.4.4.4/32, version 8
Paths: (2 available, best #2, table Default-IP-Routing-Table)
Flag: 0x208
Advertised to non peer-group peers:
172.12.123.3
234
172.12.123.3 from 172.12.123.3 (3.3.3.3)
Origin IGP, localpref 100, valid, external
234
172.12.123.2 from 172.12.123.2 (2.2.2.2)
Origin IGP, localpref 100, valid, external, best
R1 is using 172.12.123.2 as the next-hop to enter AS 234. If all values are left at their default, we could have 100 routes being advertised from AS 234 to AS 1 and the next-hop would remain the same.
We can configure R2 and R3 to send different MED values to R1, and the router sending the lowest MED would be the preferred next-hop. (The MED is a metric, and the lowest metric is always preferred.) We'll configure the MED attribute on both R2 and R3, sending a MED of 200 from R2 and 100 from R3.
R2(config)#route-map SET_MED_200 permit 10
R2(config-route-map)#set metric 200
R2(config-route-map)#router bgp 234
R2(config-router)#neighbor 172.12.123.1 route-map SET_MED_200 out
R3(config)#route-map SET_MED_100 permit 10
R3(config-route-map)#set metric 100
R3(config-route-map)#router bgp 234
R3(config-router)#neighbor 172.12.123.1 route-map SET_MED_100 out
After clearing the BGP table on R1, R1 will still see both next-hop addresses and will still consider both to be valid, but the path through R3 will be selected due to its lower metric.
Just keep in mind that the MED is actually a metric, and lower metrics are more desirable in path selection. That will put you one step closer to passing the BSCI and earning your CCNP Certification!
Cisco CCNP / BSCI Exam Tutorial: Ten IP Routing Details You Must Know!
To pass the BSCI exam and earn your CCNP, you've got to keep a lot of details in mind. It's easy to overlook the "simpler" protocols and services such as static routing and distance vector protocols. With this in mind, here's a quick review of some details you should know for success in the exam room and real-world networks!
When packets need to be routed, the routing table is parsed for the longest prefix match if multiple paths exist with the same prefix length, the route with the lowest AD is preferred. If there are still multiple valid paths, equal-cost load-sharing goes into effect.
The ip route command is used to create static routes the command ip route 0.0.0.0 0.0.0.0 < next-hop-IP or local exit interface> creates a default static route.
A static route with a next-hop IP address has an AD of one, while a static route with a local exit interface has an AD of zero.
A floating static route is a static route with an AD higher than that of the dynamic routing protocols running on the router, ensuring that the static route can only be used if the routing protocol goes down.
On-Demand Routing (ODR) is only appropriate in a hub-and-spoke network. The spokes effectively become stub routers. ODR uses Cisco Discovery Protocol (CDP) to send route information.
To propagate a default route with IP routing, use the ip default-network command. To do so with IP routing disabled, use ip default-gateway. You can also redistribute a static route into most protocols, but not IGRP. IGRP does not understand a static route to 0.0.0.0.
The ip helper-address command takes certain broadcasts and translates then into unicasts in order to allow the router to forward them. These default ports are:
TIME, port 37
TACACS, port 49
DNS, port 53
BOOTP/DHCP Server, port 67
BOOTP/DHCP Client, port 68
TFTP, port 69
NetBIOS name service, port 137
NetBIOS datagram services, port 138
To name other ports, use the ip forward-protocol command. To remove any of these ports from the default list, use the no ip forward-protocol command.
ICMP Router Discovery Protocol (IRDP) hosts hear multicast Hellos from routers, allowing host-router discovery. HSRP routers create a virtual router that hosts think is a real router. Both protocols help networks cut over to a functional router quickly when their primary router goes down.
When packets need to be routed, the routing table is parsed for the longest prefix match if multiple paths exist with the same prefix length, the route with the lowest AD is preferred. If there are still multiple valid paths, equal-cost load-sharing goes into effect.
The ip route command is used to create static routes the command ip route 0.0.0.0 0.0.0.0 < next-hop-IP or local exit interface> creates a default static route.
A static route with a next-hop IP address has an AD of one, while a static route with a local exit interface has an AD of zero.
A floating static route is a static route with an AD higher than that of the dynamic routing protocols running on the router, ensuring that the static route can only be used if the routing protocol goes down.
On-Demand Routing (ODR) is only appropriate in a hub-and-spoke network. The spokes effectively become stub routers. ODR uses Cisco Discovery Protocol (CDP) to send route information.
To propagate a default route with IP routing, use the ip default-network command. To do so with IP routing disabled, use ip default-gateway. You can also redistribute a static route into most protocols, but not IGRP. IGRP does not understand a static route to 0.0.0.0.
The ip helper-address command takes certain broadcasts and translates then into unicasts in order to allow the router to forward them. These default ports are:
TIME, port 37
TACACS, port 49
DNS, port 53
BOOTP/DHCP Server, port 67
BOOTP/DHCP Client, port 68
TFTP, port 69
NetBIOS name service, port 137
NetBIOS datagram services, port 138
To name other ports, use the ip forward-protocol command. To remove any of these ports from the default list, use the no ip forward-protocol command.
ICMP Router Discovery Protocol (IRDP) hosts hear multicast Hellos from routers, allowing host-router discovery. HSRP routers create a virtual router that hosts think is a real router. Both protocols help networks cut over to a functional router quickly when their primary router goes down.
Cisco CCNP / BSCI Exam Tutorial: RIP Update Packet Authentication
When you earned your CCNA, you thought you learned everything there is to know about RIP. Close, but not quite! There are some additional details you need to know to pass the BSCI exam and get one step closer to the CCNP exam, and one of those involves RIP update packet authentication.
You're familiar with some advantages of using RIPv2 over RIPv1, support for VLSM chief among them. But one advantage that you're not introduced to in your CCNA studies is the ability to configure routing update packet authentication.
You have two options, clear text and MD5. Clear text is just that - a clear text password that is visible by anyone who can pick a packet off the wire. If you're going to go to the trouble of configuring update authentication, you should use MD5. The MD stands for "Message Digest", and this is the algorithm that produces the hash value for the password that will be contained in the update packets.
Not only must the routers agree on the password, they must agree on the authentication method. If one router sends an MD5-hashed password to another router that is configured for clear-text authentication, the update will not be accepted. debug ip rip is a great command for troubleshooting authenticated updates.
R1, R2, and R3 are running RIP over a frame relay cloud. Here is how RIP authentication would be configured on these three routers.
R1#conf t
R1(config)#key chain RIP
< The key chain can have any name. >
R1(config-keychain)#key 1
< Key chains can have multiple keys. Number them carefully when using multiples. >
R1(config-keychain-key)#key-string CISCO
< This is the text string the key will use for authentication. >
R1(config)#int s0
R1(config-if)#ip rip authentication mode text
< The interface will use clear-text mode. >
R1(config-if)#ip rip authentication key-chain RIP
< The interface is using key chain RIP, configured earlier. >
R2#conf t
R2(config)#key chain RIP
R2(config-keychain)#key 1
R2(config-keychain-key)#key-string CISCO
R2(config)#int s0.123
R2(config-subif)#ip rip authentication mode text
R2(config-subif)#ip rip authentication key-chain RIP
R3#conf t
R3(config)#key chain RIP
R3(config-keychain)#key 1
R3(config-keychain-key)#key-string CISCO
R3(config)#int s0.31
R3(config-subif)#ip rip authentication mode text
R3(config-subif)#ip rip authentication key-chain RIP
To use MD5 authentication rather than clear-text, simply replace the word "text" in the ip rip authentication mode command with md5.
Here's what a successfully authentication RIPv2 packet looks like, courtesy of debug ip rip. Clear-text authentication is in effect and the password is "cisco".
3d04h: RIP: received packet with text authentication cisco
3d04h: RIP: received v2 update from 150.1.1.3 on Ethernet0
3d04h: 100.0.0.0/8 via 0.0.0.0 in 1 hops
3d04h: 150.1.2.0/24 via 0.0.0.0 in 1 hops
Here's what it looks like when the remote device is set for MD5 authentication and the local router is set for clear-text. You'll also see this message if the password itself is incorrect.
3d04h: RIP: ignored v2 packet from 150.1.1.3 (invalid authentication)
"Debug ip rip" may be a simple command as compared to the debugs for other protocols. but it's also a very powerful debug. Start using debugs as early as possible in your Cisco studies to learn how router commands really work!
You're familiar with some advantages of using RIPv2 over RIPv1, support for VLSM chief among them. But one advantage that you're not introduced to in your CCNA studies is the ability to configure routing update packet authentication.
You have two options, clear text and MD5. Clear text is just that - a clear text password that is visible by anyone who can pick a packet off the wire. If you're going to go to the trouble of configuring update authentication, you should use MD5. The MD stands for "Message Digest", and this is the algorithm that produces the hash value for the password that will be contained in the update packets.
Not only must the routers agree on the password, they must agree on the authentication method. If one router sends an MD5-hashed password to another router that is configured for clear-text authentication, the update will not be accepted. debug ip rip is a great command for troubleshooting authenticated updates.
R1, R2, and R3 are running RIP over a frame relay cloud. Here is how RIP authentication would be configured on these three routers.
R1#conf t
R1(config)#key chain RIP
< The key chain can have any name. >
R1(config-keychain)#key 1
< Key chains can have multiple keys. Number them carefully when using multiples. >
R1(config-keychain-key)#key-string CISCO
< This is the text string the key will use for authentication. >
R1(config)#int s0
R1(config-if)#ip rip authentication mode text
< The interface will use clear-text mode. >
R1(config-if)#ip rip authentication key-chain RIP
< The interface is using key chain RIP, configured earlier. >
R2#conf t
R2(config)#key chain RIP
R2(config-keychain)#key 1
R2(config-keychain-key)#key-string CISCO
R2(config)#int s0.123
R2(config-subif)#ip rip authentication mode text
R2(config-subif)#ip rip authentication key-chain RIP
R3#conf t
R3(config)#key chain RIP
R3(config-keychain)#key 1
R3(config-keychain-key)#key-string CISCO
R3(config)#int s0.31
R3(config-subif)#ip rip authentication mode text
R3(config-subif)#ip rip authentication key-chain RIP
To use MD5 authentication rather than clear-text, simply replace the word "text" in the ip rip authentication mode command with md5.
Here's what a successfully authentication RIPv2 packet looks like, courtesy of debug ip rip. Clear-text authentication is in effect and the password is "cisco".
3d04h: RIP: received packet with text authentication cisco
3d04h: RIP: received v2 update from 150.1.1.3 on Ethernet0
3d04h: 100.0.0.0/8 via 0.0.0.0 in 1 hops
3d04h: 150.1.2.0/24 via 0.0.0.0 in 1 hops
Here's what it looks like when the remote device is set for MD5 authentication and the local router is set for clear-text. You'll also see this message if the password itself is incorrect.
3d04h: RIP: ignored v2 packet from 150.1.1.3 (invalid authentication)
"Debug ip rip" may be a simple command as compared to the debugs for other protocols. but it's also a very powerful debug. Start using debugs as early as possible in your Cisco studies to learn how router commands really work!
Cisco CCNP / BSCI Exam Tutorial: OSPF Route Redistribution Review
OSPF route redistribution is an important topic on the BSCI exam, and it's a topic full of details and defaults that you need to know for the exam room and the job. To help you pass the BSCI exam, here's a quick review of some of the OSPF route redistribution basics.
To see if a router is an ABR or ASBR, run show ip ospf. This also displays any routes being redistributed into OSPF on this router.
R1#show ip ospf
Routing Process "ospf 1" with ID 1.1.1.1
Supports only single TOS(TOS0) routes
Supports opaque LSA
It is an area border and autonomous system boundary router
Redistributing External Routes from,
connected, includes subnets in redistribution
rip, includes subnets in redistribution
When redistributing RIP into OSPF, the “subnets" option is needed to include subnets in redistribution. When redistributing OSPF into RIP, a seed metric must be specified. (OSPF gives redistributed routes a default metric of 20 – this can be changed, but a seed metric does not have to be set.)
R1(config)#router ospf 1
R1(config-router)#redistribute connected
% Only classful networks will be redistributed
R1(config-router)#redistribute connected subnets
R1(config-router)#redistribute rip subnets
R1(config-router)#router rip
R1(config-router)#redistribute connected metric 1
R1(config-router)#redistribute ospf 1 metric 1
By default, routes redistributed into OSPF are marked as E2 routes. The metric for these routes reflects only the cost of the path from the ASBR to the destination network and does not include the cost of the path from the local router to the ASBR. By contrast, E1 routes include the cost of the entire path from the local router to the destination network.
O E2 5.1.1.1 [110/20] via 172.34.34.3, 00:33:21, Ethernet0
6.0.0.0/32 is subnetted, 1 subnets
O E2 6.1.1.1 [110/20] via 172.34.34.3, 00:33:21, Ethernet0
172.12.0.0/16 is variably subnetted, 2 subnets, 2 masks
O E2 172.12.21.0/30 [110/20] via 172.34.34.3, 00:33:32, Ethernet0
O E2 7.1.1.1 [110/20] via 172.34.34.3, 00:33:21, Ethernet0
15.0.0.0/24 is subnetted, 1 subnets
O E2 15.1.1.0 [110/20] via 172.34.34.3, 00:33:32, Ethernet0
To redistribute routes into OSPF and mark them as E1 upon redistribution, use the metric-type option with the redistribution command.
R1(config)#router ospf 1
R1(config-router)#redistribute rip subnets metric-type ?
1 Set OSPF External Type 1 metrics
2 Set OSPF External Type 2 metrics
R1(config-router)#redistribute rip subnets metric-type 1
Look at the same two routes in R4's routing table, which are now displayed as E1 routes:
O E1 5.1.1.1 [110/94] via 172.34.34.3, 00:04:13, Ethernet0
6.0.0.0/32 is subnetted, 1 subnets
O E1 6.1.1.1 [110/94] via 172.34.34.3, 00:04:14, Ethernet0
BSCI exam success and earning your CCNP certification depends on knowing the details, and there are plenty of details involved in OSPF route redistribution! Keep studying, practice different scenarios in your CCNA / CCNP home lab or rack rental, and you'll master these details and pass the exam!
To see if a router is an ABR or ASBR, run show ip ospf. This also displays any routes being redistributed into OSPF on this router.
R1#show ip ospf
Routing Process "ospf 1" with ID 1.1.1.1
Supports only single TOS(TOS0) routes
Supports opaque LSA
It is an area border and autonomous system boundary router
Redistributing External Routes from,
connected, includes subnets in redistribution
rip, includes subnets in redistribution
When redistributing RIP into OSPF, the “subnets" option is needed to include subnets in redistribution. When redistributing OSPF into RIP, a seed metric must be specified. (OSPF gives redistributed routes a default metric of 20 – this can be changed, but a seed metric does not have to be set.)
R1(config)#router ospf 1
R1(config-router)#redistribute connected
% Only classful networks will be redistributed
R1(config-router)#redistribute connected subnets
R1(config-router)#redistribute rip subnets
R1(config-router)#router rip
R1(config-router)#redistribute connected metric 1
R1(config-router)#redistribute ospf 1 metric 1
By default, routes redistributed into OSPF are marked as E2 routes. The metric for these routes reflects only the cost of the path from the ASBR to the destination network and does not include the cost of the path from the local router to the ASBR. By contrast, E1 routes include the cost of the entire path from the local router to the destination network.
O E2 5.1.1.1 [110/20] via 172.34.34.3, 00:33:21, Ethernet0
6.0.0.0/32 is subnetted, 1 subnets
O E2 6.1.1.1 [110/20] via 172.34.34.3, 00:33:21, Ethernet0
172.12.0.0/16 is variably subnetted, 2 subnets, 2 masks
O E2 172.12.21.0/30 [110/20] via 172.34.34.3, 00:33:32, Ethernet0
O E2 7.1.1.1 [110/20] via 172.34.34.3, 00:33:21, Ethernet0
15.0.0.0/24 is subnetted, 1 subnets
O E2 15.1.1.0 [110/20] via 172.34.34.3, 00:33:32, Ethernet0
To redistribute routes into OSPF and mark them as E1 upon redistribution, use the metric-type option with the redistribution command.
R1(config)#router ospf 1
R1(config-router)#redistribute rip subnets metric-type ?
1 Set OSPF External Type 1 metrics
2 Set OSPF External Type 2 metrics
R1(config-router)#redistribute rip subnets metric-type 1
Look at the same two routes in R4's routing table, which are now displayed as E1 routes:
O E1 5.1.1.1 [110/94] via 172.34.34.3, 00:04:13, Ethernet0
6.0.0.0/32 is subnetted, 1 subnets
O E1 6.1.1.1 [110/94] via 172.34.34.3, 00:04:14, Ethernet0
BSCI exam success and earning your CCNP certification depends on knowing the details, and there are plenty of details involved in OSPF route redistribution! Keep studying, practice different scenarios in your CCNA / CCNP home lab or rack rental, and you'll master these details and pass the exam!
Cisco CCNP / BSCI Exam Tutorial: Not All Static Routes Are Created Equal
As a CCNP candidate, as a CCNA, and in getting ready to pass the BSCI exam, you may be tempted to breeze through your static route studies, or even skip them! That's because static routes are easy enough to configure, and as long as you remember the syntax of the ip route command, you're in good shape.
But there's one vital detail regarding static routes that many exam candidates miss. That's because many CCNA and CCNP books say "the administrative distance of a static route is 1", but that is not quite accurate.
You know from your CCNA studies that the ip route command is used to create a static route, and that you have the option of configuring a local exit interface or a next-hop IP address at the end of the command. However, the administrative distances are not the same. The AD of a static route that uses a local exit interface is zero! (That's because the router considers a static route with a local exit interface to actually be a directly connected network.) The AD of a static route with a next-hop IP address is 1.
Therefore, if the router has the following two ip route statements to consider...
Router(config)#ip route 172.1.1.1 255.255.255.255 fast0
Router(config)#ip route 172.1.1.1 255.255.255.255 210.1.1.1
... the prefix lengths are the same, so the static route using the local exit interface fastethernet0 will be preferred due to its lower AD, and will be installed into the routing table.
Keep the details in mind on the job and in the exam room, and you’re on your way to CCNP exam success!
But there's one vital detail regarding static routes that many exam candidates miss. That's because many CCNA and CCNP books say "the administrative distance of a static route is 1", but that is not quite accurate.
You know from your CCNA studies that the ip route command is used to create a static route, and that you have the option of configuring a local exit interface or a next-hop IP address at the end of the command. However, the administrative distances are not the same. The AD of a static route that uses a local exit interface is zero! (That's because the router considers a static route with a local exit interface to actually be a directly connected network.) The AD of a static route with a next-hop IP address is 1.
Therefore, if the router has the following two ip route statements to consider...
Router(config)#ip route 172.1.1.1 255.255.255.255 fast0
Router(config)#ip route 172.1.1.1 255.255.255.255 210.1.1.1
... the prefix lengths are the same, so the static route using the local exit interface fastethernet0 will be preferred due to its lower AD, and will be installed into the routing table.
Keep the details in mind on the job and in the exam room, and you’re on your way to CCNP exam success!
Cisco CCNP / BSCI Exam Tutorial: Leading Zero Compression
The BSCI exam and CCNP certification requires that you be well versed in the basics of IP Version 6, or IPv6. If you're new to IPv6, you'll quickly learn that it's not exactly just two more octets slapped onto an IPv4 address! IPv6 addresses are quite long, but there are two ways to acceptably shorten IPv6 address expression. To pass the BSCI exam, become a CCNP, and get that all-important understanding of IPv6, you've got to understand these different methods of expressing an IPv6 address. My last IPv6 tutorial discussed zero compression; today we'll take a look at leading zero compression.
Leading zero compression allows us to drop the leading zeroes from every field in the address. Where we could only use zero compression once in an IPv6 address expression, leading zero compression can be used as often as is appropriate. The key with leading zero compression is that there must be at least one number left in each field, even if that remaining number is a zero.
You sometimes see books or websites refer to leading zero compression as "dropping zeroes and replacing them with a colon", but that explanation can be a little confusing, since the blocks are separated with a colon to begin with. You're not really replacing the leading zeroes, you're dropping them.
Let's look at an example of leading zero compression. Taking the address 1234:0000:1234:0000:1234:0000:1234:0123, we have four different fields that have leading zeroes. The address could be written out as it is, or drop the leading zeroes.
Original format: 1234:0000:1234:0000:1234:0000:0123:1234
With leading zero compression: 1234:0:1234:0:1234:0:123:1234
There's no problem with using zero compression and leading zero compression in the same address, as shown here:
Original format: 1111:0000:0000:1234:0011:0022:0033:0044
With zero and leading zero compression: 1111::1234:11:22:33:44
Zero compression uses the double-colon to replace the second and third block of numbers, which were all zeroes; leading zero compression replaced the "00" at the beginning of each of the last four blocks. Just be careful and take your time with both zero compression and leading zero compression and you'll do well on the exam and in the real world. The keys to success here are remembering that you can only use zero compression once in a single address, and that while leading zero compression can be used as often as needed, at least one number must remain in each field, even if that number is a zero.
Leading zero compression allows us to drop the leading zeroes from every field in the address. Where we could only use zero compression once in an IPv6 address expression, leading zero compression can be used as often as is appropriate. The key with leading zero compression is that there must be at least one number left in each field, even if that remaining number is a zero.
You sometimes see books or websites refer to leading zero compression as "dropping zeroes and replacing them with a colon", but that explanation can be a little confusing, since the blocks are separated with a colon to begin with. You're not really replacing the leading zeroes, you're dropping them.
Let's look at an example of leading zero compression. Taking the address 1234:0000:1234:0000:1234:0000:1234:0123, we have four different fields that have leading zeroes. The address could be written out as it is, or drop the leading zeroes.
Original format: 1234:0000:1234:0000:1234:0000:0123:1234
With leading zero compression: 1234:0:1234:0:1234:0:123:1234
There's no problem with using zero compression and leading zero compression in the same address, as shown here:
Original format: 1111:0000:0000:1234:0011:0022:0033:0044
With zero and leading zero compression: 1111::1234:11:22:33:44
Zero compression uses the double-colon to replace the second and third block of numbers, which were all zeroes; leading zero compression replaced the "00" at the beginning of each of the last four blocks. Just be careful and take your time with both zero compression and leading zero compression and you'll do well on the exam and in the real world. The keys to success here are remembering that you can only use zero compression once in a single address, and that while leading zero compression can be used as often as needed, at least one number must remain in each field, even if that number is a zero.
Cisco CCNP / BSCI Exam Tutorial: ISIS Router Types
To pass the BSCI exam and earn your CCNP, you've got to know ISIS inside and out. There are many similarities between ISIS and OSPF, but one major difference is that ISIS has three different types of routers - Level 1 (L1), Level 2 (L2), and L1/L2.
L1 routers are contained in a single area, and are connected to other areas by an L1/L2 router. The L1 uses the L1/L2 router as a default gateway to reach destinations contained in other areas, much like an OSPF stub router uses the ABR as a default gateway.
L1 routers have no specific routing table entries regarding any destination outside their own area; they will use an L1/L2 router as a default gateway to reach any external networks. ISIS L1 routers in the same area must synchronize their databases with each other.
Just as we have L1 routers, we also have L2 routers. Anytime we're routing between areas (inter-area routing), an L2 or L1/L2 router must be involved. All L2 routers will have synchronized databases as well.
Both L1 and L2 routers send out their own hellos. As with OSPF, hello packets allow ISIS routers to form adjacencies. The key difference here is that L1 routers send out L1 hellos, and L2 routers send out L2 hellos. If you have an L1 router and an L2 router on the same link, they will not form an adjacency.
An ISIS router can act as an L1 and an L2 router at the same time; these routers are L1/L2 routers. An L1/L2 router can have neighbors in separate ISIS areas. The L1/L2 router will have two separate databases, though - one for L1 routes and another for L2 routes. L1/L2 is the default setting for Cisco routers running ISIS. The L1/L2 router is the router that makes it possible for an L1 router to send data to another area.
In the next part of my ISIS tutorial, we'll take a more detailed look at those ISIS hellos!
L1 routers are contained in a single area, and are connected to other areas by an L1/L2 router. The L1 uses the L1/L2 router as a default gateway to reach destinations contained in other areas, much like an OSPF stub router uses the ABR as a default gateway.
L1 routers have no specific routing table entries regarding any destination outside their own area; they will use an L1/L2 router as a default gateway to reach any external networks. ISIS L1 routers in the same area must synchronize their databases with each other.
Just as we have L1 routers, we also have L2 routers. Anytime we're routing between areas (inter-area routing), an L2 or L1/L2 router must be involved. All L2 routers will have synchronized databases as well.
Both L1 and L2 routers send out their own hellos. As with OSPF, hello packets allow ISIS routers to form adjacencies. The key difference here is that L1 routers send out L1 hellos, and L2 routers send out L2 hellos. If you have an L1 router and an L2 router on the same link, they will not form an adjacency.
An ISIS router can act as an L1 and an L2 router at the same time; these routers are L1/L2 routers. An L1/L2 router can have neighbors in separate ISIS areas. The L1/L2 router will have two separate databases, though - one for L1 routes and another for L2 routes. L1/L2 is the default setting for Cisco routers running ISIS. The L1/L2 router is the router that makes it possible for an L1 router to send data to another area.
In the next part of my ISIS tutorial, we'll take a more detailed look at those ISIS hellos!
Cisco CCNP / BSCI Exam Tutorial: IP Version 6 Zero Compression
BSCI exam success is all part of becoming a CCNP, and part of that success is now learning the basics of IP Version 6, or IPv6. One of the most difficult parts of learning IPv6 concepts is the radically different addressing scheme that IPv6 uses as compared to IPv4. Just look at these sample addresses:
Typical IPv4 address: 129.14.12.200
Typical IPv6 address: 1029:9183:81AE:0000:0000:0AC1:2143:019B
As you can see, IPv6 isn't exactly just tacking two more octets onto an IPv4 address!
I haven't met too many networkers who really like typing, particularly numbers. You'll be happy to know there are some rules that will shorten those addresses a bit, and it's a very good idea to be fluent with these rules for your exam.
You remember from your CCNA studies that there's no difference between an upper-case letter and lower-case letter in hexadecimal. That's one of three basic rules you need to know when working with IPv6 addressing. The other factors deal with all the zeroes you'll run into in IPv6 addresses! One of these rules is the rule of zero compression.
The rule of zero compression states that if an address contains consecutive fields of zeroes, they can be expressed with two colons. It doesn't matter if you have two fields or eight, you can simply type two colons and that will represent all of them. The key here is that you can only do this once in an IPv6 address. This is referred to as zero compression. Here's an example:
Original format: 1234:1234:0000:0000:0000:0000:3456:3434
Using zero compression: 1234:1234::3456:3434
Again, you must remember that you can only do this once in an IPv6 address expression.
What if there are zeroes in the address that don't quite fit this rule? The next part of our IPv6 tutorial will deal with leading zero compression, another tool you can use to shorten these long, long addresses!
Typical IPv4 address: 129.14.12.200
Typical IPv6 address: 1029:9183:81AE:0000:0000:0AC1:2143:019B
As you can see, IPv6 isn't exactly just tacking two more octets onto an IPv4 address!
I haven't met too many networkers who really like typing, particularly numbers. You'll be happy to know there are some rules that will shorten those addresses a bit, and it's a very good idea to be fluent with these rules for your exam.
You remember from your CCNA studies that there's no difference between an upper-case letter and lower-case letter in hexadecimal. That's one of three basic rules you need to know when working with IPv6 addressing. The other factors deal with all the zeroes you'll run into in IPv6 addresses! One of these rules is the rule of zero compression.
The rule of zero compression states that if an address contains consecutive fields of zeroes, they can be expressed with two colons. It doesn't matter if you have two fields or eight, you can simply type two colons and that will represent all of them. The key here is that you can only do this once in an IPv6 address. This is referred to as zero compression. Here's an example:
Original format: 1234:1234:0000:0000:0000:0000:3456:3434
Using zero compression: 1234:1234::3456:3434
Again, you must remember that you can only do this once in an IPv6 address expression.
What if there are zeroes in the address that don't quite fit this rule? The next part of our IPv6 tutorial will deal with leading zero compression, another tool you can use to shorten these long, long addresses!
Cisco CCNP / BSCI Exam Tutorial: Introduction To Policy Routing
Policy routing is a major topic on your BSCI exam, and you'll find quite a bit of policy routing going on in today's production networks. But what exactly is policy routing?
Policy-based routing, generally referred to as "policy routing", is the use of route maps to determine the path a packet will take to get to its final destination. As you progress through your CCNP studies and go on to the CCIE (or to a Cisco Quality Of Service certification), you'll find that traffic can be "marked" by policy routing in order to give different levels of service to various classes of traffic. (This is done by marking the traffic and placing the different classes of traffic in different queues in the router, allowing the administrator to give some traffic higher priority for transmission.)
There are some basic policy routing rules you should know:
Policy routing doesn't affect the destination of the packet, but does affect the path that is taken to get there.
Policy routing can forward traffic based on the source IP address or the destination IP address (with the use of an extended ACL).
Policy routing can be configured at the interface level, or globally.
Applying policy routing on an interface affects only packets arriving on that interface:
R2(config)#int s0
R2(config-if)#ip policy route-map CHANGE_NEXT_HOP
Applying the policy globally applies the route map to packets generated on the router, not on all packets received on all interfaces.
Whether you're running policy routing at the interface level, on packets created locally, or both, always run the command show ip policy to make sure you've got the right route maps on the proper interfaces.
R2#show ip policy
Interface Route map
local CHANGE_NEXT_HOP
Serial0 CHANGE_NEXT_HOP
And here's the big rule to remember....
If a packet doesn't match any of the specific criteria in a route map, or does match a line that has an explicit deny statement, the data is sent to the routing process and will be processed normally. If you don't want to route packets that do not meet any route map criteria, the set command must be used to send those packets to the null0 interface. This set command should be the final set command in the route map.
There are four possibilities for an incoming packet when route maps are in use. The following example illustrates all of them.
R2(config)#access-list 29 permit host 20.1.1.1
R2(config)#access-list 30 permit host 20.2.2.2
R2(config)#access-list 31 permit host 20.3.3.3
R2(config)#access-list 32 permit host 20.4.4.4
R2(config)#route-map EXAMPLE permit 10
R2(config-route-map)#match ip address 29
R2(config-route-map)#set ip next-hop 40.1.1.1
R2(config-route-map)#route-map EXAMPLE permit 20
R2(config-route-map)#match ip address 30
Assuming the route map has been applied to the router's ethernet0 interface, a packet sourced from 20.1.1.1 would meet the first line of the route map and have its next-hop IP address set to 40.1.1.1.
A packet sourced from 20.2.2.2 would match the next permit statement (sequence number 20). Since there is no action listed, this packet would return to the routing engine to undergo the normal routing procedure. All traffic that did not match these two addresses would also be routed normally - there would be no action taken by the route map.
Perhaps we want to specifically block traffic sourced from 20.3.3.3 or 20.4.4.4. We can use multiple match statements in one single route map, and have packets matching those two addresses sent to the bit bucket - the interface null0.
R2(config)#route-map EXAMPLE permit 30
R2(config-route-map)#match ip address 31
R2(config-route-map)#match ip address 32
R2(config-route-map)#set ?
as-path Prepend string for a BGP AS-path attribute
automatic-tag Automatically compute TAG value
comm-list set BGP community list (for deletion)
community BGP community attribute
dampening Set BGP route flap dampening parameters
default Set default information
extcommunity BGP extended community attribute
interface Output interface
ip IP specific information
level Where to import route
local-preference BGP local preference path attribute
metric Metric value for destination routing protocol
metric-type Type of metric for destination routing protocol
origin BGP origin code
tag Tag value for destination routing protocol
weight BGP weight for routing table
R2(config-route-map)#set interface null0
Any traffic matching ACLs 31 or 32 will be sent to null0, resulting in its being discarded by the router. Any traffic that didn't match any of the route map statements will be returned to the routing engine for normal processing.
Knowing policy routing and how to apply it are essential skills for passing the BSCI exam, earning your CCNP, and becoming more valuable in today's job market. Get some hands-on practice in a CCNA / CCNP home lab or rack rental to go along with learning the theory, and you'll be writing and applying policy routing in no time at all.
Policy-based routing, generally referred to as "policy routing", is the use of route maps to determine the path a packet will take to get to its final destination. As you progress through your CCNP studies and go on to the CCIE (or to a Cisco Quality Of Service certification), you'll find that traffic can be "marked" by policy routing in order to give different levels of service to various classes of traffic. (This is done by marking the traffic and placing the different classes of traffic in different queues in the router, allowing the administrator to give some traffic higher priority for transmission.)
There are some basic policy routing rules you should know:
Policy routing doesn't affect the destination of the packet, but does affect the path that is taken to get there.
Policy routing can forward traffic based on the source IP address or the destination IP address (with the use of an extended ACL).
Policy routing can be configured at the interface level, or globally.
Applying policy routing on an interface affects only packets arriving on that interface:
R2(config)#int s0
R2(config-if)#ip policy route-map CHANGE_NEXT_HOP
Applying the policy globally applies the route map to packets generated on the router, not on all packets received on all interfaces.
Whether you're running policy routing at the interface level, on packets created locally, or both, always run the command show ip policy to make sure you've got the right route maps on the proper interfaces.
R2#show ip policy
Interface Route map
local CHANGE_NEXT_HOP
Serial0 CHANGE_NEXT_HOP
And here's the big rule to remember....
If a packet doesn't match any of the specific criteria in a route map, or does match a line that has an explicit deny statement, the data is sent to the routing process and will be processed normally. If you don't want to route packets that do not meet any route map criteria, the set command must be used to send those packets to the null0 interface. This set command should be the final set command in the route map.
There are four possibilities for an incoming packet when route maps are in use. The following example illustrates all of them.
R2(config)#access-list 29 permit host 20.1.1.1
R2(config)#access-list 30 permit host 20.2.2.2
R2(config)#access-list 31 permit host 20.3.3.3
R2(config)#access-list 32 permit host 20.4.4.4
R2(config)#route-map EXAMPLE permit 10
R2(config-route-map)#match ip address 29
R2(config-route-map)#set ip next-hop 40.1.1.1
R2(config-route-map)#route-map EXAMPLE permit 20
R2(config-route-map)#match ip address 30
Assuming the route map has been applied to the router's ethernet0 interface, a packet sourced from 20.1.1.1 would meet the first line of the route map and have its next-hop IP address set to 40.1.1.1.
A packet sourced from 20.2.2.2 would match the next permit statement (sequence number 20). Since there is no action listed, this packet would return to the routing engine to undergo the normal routing procedure. All traffic that did not match these two addresses would also be routed normally - there would be no action taken by the route map.
Perhaps we want to specifically block traffic sourced from 20.3.3.3 or 20.4.4.4. We can use multiple match statements in one single route map, and have packets matching those two addresses sent to the bit bucket - the interface null0.
R2(config)#route-map EXAMPLE permit 30
R2(config-route-map)#match ip address 31
R2(config-route-map)#match ip address 32
R2(config-route-map)#set ?
as-path Prepend string for a BGP AS-path attribute
automatic-tag Automatically compute TAG value
comm-list set BGP community list (for deletion)
community BGP community attribute
dampening Set BGP route flap dampening parameters
default Set default information
extcommunity BGP extended community attribute
interface Output interface
ip IP specific information
level Where to import route
local-preference BGP local preference path attribute
metric Metric value for destination routing protocol
metric-type Type of metric for destination routing protocol
origin BGP origin code
tag Tag value for destination routing protocol
weight BGP weight for routing table
R2(config-route-map)#set interface null0
Any traffic matching ACLs 31 or 32 will be sent to null0, resulting in its being discarded by the router. Any traffic that didn't match any of the route map statements will be returned to the routing engine for normal processing.
Knowing policy routing and how to apply it are essential skills for passing the BSCI exam, earning your CCNP, and becoming more valuable in today's job market. Get some hands-on practice in a CCNA / CCNP home lab or rack rental to go along with learning the theory, and you'll be writing and applying policy routing in no time at all.
Subscribe to:
Posts (Atom)